SMC Networks SMC8612XL3 F 1.0.1.3 , S, 3-82

C

ONFIGURING

THE

S

WITCH

3-82

Web – Click Security, ACL, ACL Mask Configuration. Click Edit for one

of the basic mask types to open the configuration page.

CLI – This example creates an IP ingress mask, and then adds two rules.

Each rule is checked in order of precedence to look for a match in the

ACL entries. The first entry matching a mask is applied to the inbound

packet.

Configuring an IP ACL Mask

This mask defines the fields to check in the IP header.

Command Usage

• Masks that include an entry for a Layer 4 protocol source port or

destination port can only be applied to packets with a header length of

exactly five bytes.

Command Attributes

•Src/Dst IP – Specifies the source or destination IP address. Use

“Any” to match any address, “Host” to specify a host address (not a

subnet), or “IP” to specify a range of addresses. (Options: Any, Host,

IP; Default: Any)

•Src/Dst IP Bitmask – Source or destination address of rule must

Console(config)#access-list ip mask-precedence in3-121

Console(config-ip-mask-acl)#mask host any3-122

Console(config-ip-mask-acl)#mask 255.255.255.0 any

Console(config-ip-mask-acl)#

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Management Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi vii ONTENTS Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 Chapter 2: Initial Configuration . . . . . . . . . . . . . . . . . . . . . 2-1 Chapter 3: Configuring the Switch . . . . . . . . . . . . . . . . . . . 3-1 viii ix x xi xii Chapter 4: Command Line Interface . . . . . . . . . . . . . . . . . . 4-1 xiii xiv xv xvi xvii xviii xix xx xxi xxii xxiii xxiv Page Page 1-1 NTRODUCTION Key Features 1-2 F S 1-3 Description of Software Features 1-4 F S 1-5 1-6 F S 1-7 1-8 Page 1-10 System Defaults D 1-11 1-12 ARP D 1-13 Page NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 S 2-3 Required Connections Page C 2-5 Remote Connections Basic Configuration Console Connection C 2-6 Setting Passwords C 2-7 Setting an IP Address Manual Configuration C 2-8 Dynamic Configuration C 2-9 C 2-10 Enabling SNMP Management Access Community Strings C 2-11 Trap Receivers C 2-12 Saving Configuration Settings S F Managing System Files Page ONFIGURING THE 3-1 WITCH Using the Web Interface Page Navigating the Web Browser Interface Page I B W 3-5 S 3-6 I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 S 3-12 I B W 3-13 Basic Configuration Displaying System Information Page S 3-16 Displaying Switch Hardware/Software Versions Page S 3-18 Displaying Bridge Extension Capabilities C 3-19 S 3-20 Setting the Switchs IP Address C 3-21 Manual Configuration Page C 3-23 S 3-24 Managing Firmware Downloading System Software from a Server Page S 3-26 Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server C 3-27 S 3-28 Configuring Event Logging System Log Configuration C 3-29 S 3-30 Remote Log Configuration Page S 3-32 Displaying Log Messages C 3-33 Resetting the System Setting the System Clock S 3-34 Configuring SNTP C 3-35 Setting the Time Zone S Simple Network Management Protocol Page Page Page Page N P M 3-41 Filtering Addresses for SNMP Client Access User Authentication A 3-43 Configuring the Logon Password S 3-44 Configuring Local/Remote Logon Authentication A 3-45 S 3-46 A SER UTHENTICATION 3-47 CLI Specify all the required parameters to enable logon authenticatio n. S 3-48 Configuring HTTPS A 3-49 Replacing the Default Secure-site Certificate S 3-50 Configuring the Secure Shell A 3-51 S 3-52 A 3-53 Generating the Host Key Pair S 3-54 A 3-55 Configuring the SSH Server S 3-56 Configuring Port Security A 3-57 Page Page S 3-60 Configuring 802.1x Port Authentication A 3-61 Displaying 802.1x Global Settings S 3-62 A SER UTHENTICATION 3-63 S 3-64 Configuring 802.1x Global Settings A 3-65 Configuring Port Authorization Mode Page A 3-67 Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Page A 3-69 Filtering Management Access S 3-70 Page S 3-72 Access Control Lists Configuring Access Control Lists C L 3-73 Setting the ACL Name and Type S 3-74 Configuring a Standard IP ACL C L 3-75 Configuring an Extended IP ACL S 3-76 Page S 3-78 Configuring a MAC ACL Page Page Page S 3-82 Configuring an IP ACL Mask Page Page C L 3-85 Configuring a MAC ACL Mask Page C L 3-87 Binding a Port to an Access Control List Page C 3-89 Port Configuration Displaying Connection Status S 3-90 C 3-91 S 3-92 mode. Flow control type Indicates the type of flow control currently in use. (IEEE 802.3x, Back-Pressure or none) C 3-93 Configuring Interface Connections S 3-94 C ORT 3-95 CLI Select the interface, and then enter the required settings. S 3-96 Creating Trunk Groups C } 3-97 Statically Configuring a Trunk Page C } 3-99 Enabling LACP on Selected Ports } Page C 3-101 Configuring LACP Parameters S 3-102 Page S Counter Information 3-104 Displaying LACP Port Counters C 3-105 CLI The following example displays LACP counters for port channel 1. Page C 3-107 S 3-108 Displaying LACP Settings and Status for the Remote Side C 3-109 S 3-110 C 3-111 Setting Broadcast Storm Thresholds S 3-112 C 3-113 Configuring Port Mirroring Page Page Page C 3-117 S 3-118 C 3-119 S 3-120 Page S 3-122 Address Table Settings Setting Static Addresses Page Page Page S 3-126 Spanning Tree Algorithm Configuration T C A 3-127 x x S 3-128 T C A 3-129 Page T C A 3-131 Configuring Global Settings S 3-132 T C A 3-133 Page Page S 3-136 Displaying Interface Settings T C A 3-137 x S x 3-138 T C A 3-139 S 3-140 Configuring Interface Settings T C A 3-141 S 3-142 Page Page T C LGORITHM A 3-145 Page T C LGORITHM A 3-147 S 3-148 Configuring Interface Settings for MSTP T C A 3-149 VLAN Configuration Overview 3-151 Assigning Ports to VLANs S 3-152 3-153 Forwarding Tagged/Untagged Frames Page 3-155 Displaying Current VLANs Page Page S 3-158 Creating VLANs 3-159 Adding Static Members to VLANs (VLAN Index) S 3-160 3-161 Adding Static Members to VLANs (Port Index) Page 3-163 Configuring VLAN Behavior for Interfaces S 3-164 3-165 Page 3-167 Configuring Private VLANs x Enabling Private VLANs S 3-168 Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs 3-169 Configuring Protocol Groups S 3-170 Mapping Protocols to VLANs 3-171 S 3-172 Class of Service Configuration Setting the Default Priority for Interfaces C ERVICE S OF S 3-174 Mapping CoS Values to Egress Queues C ERVICE S OF Page Page S 3-178 CLI The following example shows how to assign WRR weights to each of the priority queues. Page Page Page S 3-182 C S 3-183 Mapping DSCP Priority S 3-184 Page Page Page S 3-188 Changing Priorities Based on ACL Rules Page S 3-190 Multicast Filtering F 3-191 IGMP Protocol S 3-192 Layer 2 IGMP (Snooping and Query) F 3-193 Configuring IGMP Snooping and Query Parameters S 3-194 F 3-195 Displaying Interfaces Attached to a Multicast Router S 3-196 Specifying Static Interfaces for a Multicast Router F 3-197 Page F 3-199 Assigning Ports to Multicast Services S 3-200 Layer 3 IGMP (Query used with Multicast Routing) F ( 3-201 Configuring IGMP Interface Parameters S 3-202 F 3-203 S 3-204 CLI This example configures the IGMP parameters for VLAN 1. F 3-205 Displaying Multicast Group Information Configuring Domain Name Service D S N 3-207 Page D S N 3-209 Configuring Static DNS Host to Address Entries Page Page Page H P C 3-213 Dynamic Host Configuration Protocol S 3-214 Configuring DHCP Relay Service Page S 3-216 Enabling the Server, Setting Excluded Addresses Page S 3-218 H P C 3-219 Page Page Page H P C 3-223 Displaying Address Bindings Page R 3-225 Configuring Router Redundancy S 3-226 Several virtual master routers using the same set of backup routers. Virtual Router Redundancy Protocol R 3-227 Configuring VRRP Groups S 3-228 Page S 3-230 R 3-231 Page Page S 3-234 Displaying VRRP Global Statistics R 3-235 Displaying VRRP Group Statistics S 3-236 R 3-237 Hot Standby Router Protocol S 3-238 Configuring HSRP Groups R 3-239 S 3-240 R 3-241 S 3-242 Page Page R CLI OUTER EDUNDANCY 3-245 IP Routing Overview Initial Configuration 3-247 IP Switching S 3-248 3-249 Routing Path Management Routing Protocols S 3-250 Basic IP Interface Configuration 3-251 S 3-252 Configuring IP Routing Interfaces Page Page 3-255 Address Resolution Protocol S 3-256 Proxy ARP Basic ARP Configuration 3-257 Configuring Static ARP Addresses S 3-258 Displaying Dynamically Learned ARP Entries 3-259 S 3-260 Displaying Local ARP Entries 3-261 Displaying ARP Statistics S Parameter Description 3-262 Web - Click IP, ARP, Statistics. 3-263 Displaying Statistics for IP Protocols IP Statistics S 3-264 3-265 ICMP Statistics S 3-266 3-267 UDP Statistics S 3-268 TCP Statistics 3-269 Configuring Static Routes Page 3-271 Displaying the Routing Table Page 3-273 Configuring the Routing Information Protocol S 3-274 Configuring General Protocol Settings 3-275 S 3-276 Specifying Network Interfaces for RIP 3-277 Configuring Network Interfaces for RIP S 3-278 3-279 S 3-280 3-281 Displaying RIP Information and Statistics S 3-282 Page S 3-284 3-285 Configuring the Open Shortest Path First Protocol S 3-286 3-287 Configuring General Protocol Settings S 3-288 3-289 Page 3-291 Configuring OSPF Areas S 3-292 3-293 Page 3-295 Configuring Area Ranges (Route Summarization for ABRs) Page 3-297 Configuring OSPF Interfaces S 3-298 3-299 S 3-300 3-301 Page 3-303 Configuring Virtual Links Page 3-305 Configuring Network Area Addresses Page Page S 3-308 Configuring Summary Addresses (for External AS Routes) Page S 3-310 Redistributing External Routes 3-311 Configuring NSSA Settings S 3-312 3-313 Displaying Link State Database Information S 3-314 3-315 Page 3-317 Displaying Information on Neighbor Routers S 3-318 R 3-319 Multicast Routing Configuring Global Settings for Multicast Routing Page R 3-321 Displaying the Multicast Routing Table Page R 3-323 Configuring DVMRP S 3-324 Configuring Global DVMRP Settings Page Page R 3-327 S 3-328 R 3-329 Configuring DVMRP Interface Settings S 3-330 R 3-331 Displaying Neighbor Information S 3-332 R 3-333 Displaying the Routing Table S 3-334 Configuring PIM-DM R 3-335 Configuring Global PIM-DM Settings S 3-336 Configuring PIM-DM Interface Settings R 3-337 Page R 3-339 Displaying Interface Information S 3-340 Displaying Neighbor Information Page Page 4-1 4 I INE L OMMAND L I 4-2 Telnet Connection Page Entering Commands Page L I 4-6 Showing Commands If you enter a ? at the command prompt, the system will display the first level of Page L I 4-8 Understanding Command Modes Exec Commands C 4-9 Configuration Commands L I 4-10 C 4-11 L I 4-12 Command Line Processing G Command Groups The system commands can be broken down into the functional groups shown below L I 4-14 C 4-15 Line Commands L I 4-16 C 4-17 L I 4-18 C 4-19 L I 4-20 C 4-21 L I 4-22 C 4-23 L I 4-24 C 4-25 L I 4-26 C 4-27 General Commands L I 4-28 C 4-29 L I 4-30 C 4-31 L I 4-32 M C System Management Commands L I 4-34 Device Designation Commands prompt M C 4-35 User Access Commands username L I 4-36 M C 4-37 enable password L I 4-38 IP Filter Commands management M C 4-39 show management L I 4-40 M C 4-41 Web Server Commands ip http port L I 4-42 ip http server ip http secure-server M C 4-43 L I 4-44 ip http secure-port M C 4-45 Secure Shell Commands L I 4-46 M C 4-47 L I 4-48 ip ssh server M C 4-49 ip ssh timeout L I 4-50 ip ssh authentication-retries M C 4-51 ip ssh server-key size delete public-key L I 4-52 ip ssh crypto host-key generate M C 4-53 ip ssh crypto zeroize L I 4-54 ip ssh save host-key show ip ssh Page L I 4-56 show public-key M C 4-57 L I 4-58 Event Logging Commands logging on Page L I 4-60 logging host M C 4-61 logging facility L I 4-62 logging trap clear logging M C 4-63 show logging L I 4-64 M C 4-65 The following example displays settings for the trap function. Related Commands show logging sendmail (3-70) L I 4-66 logging sendmail host M C 4-67 logging sendmail level L I 4-68 logging sendmail source-email logging sendmail destination-email M C 4-69 logging sendmail L I 4-70 show logging sendmail Time Commands M C 4-71 sntp client L I 4-72 sntp server M C 4-73 sntp poll L I 4-74 sntp broadcast client M C 4-75 show sntp clock timezone L I 4-76 calendar set Page L I 4-78 System Status Commands show startup-config M C 4-79 show running-config L I 4-80 M C ANAGEMENT YSTEM 4-81 L I 4-82 show system M C 4-83 show users show version L I 4-84 Frame Size Commands jumbo frame Flash/File Commands L I 4-86 C 4-87 L I 4-88 C 4-89 L I 4-90 C 4-91 L I 4-92 Authentication Commands C 4-93 Authentication Sequence authentication login L I 4-94 RADIUS Client C 4-95 radius-server host radius-server port L I 4-96 radius-server key radius-server retransmit C 4-97 radius-server timeout show radius-server L I 4-98 TACACS+ Client tacacs-server host C 4-99 tacacs-server port tacacs-server key L I 4-100 show tacacs-server C 4-101 Port Security Commands port security L I 4-102 Page L I 4-104 802.1x Port Authentication authentication dot1x default C 4-105 dot1x default dot1x max-req L I 4-106 dot1x port-control C 4-107 dot1x operation-mode dot1x re-authenticate L I 4-108 dot1x re-authentication dot1x timeout quiet-period C 4-109 dot1x timeout re-authperiod dot1x timeout tx-period L I 4-110 show dot1x C 4-111 L I 4-112 - State Current state (including initialize, reauthenticate). C Access Control List Commands L I 4-114 C IP ACLs L 4-115 L I 4-116 access-list ip C L 4-117 permit, deny (Standard ACL) L I 4-118 permit, deny (Extended ACL) C L 4-119 L I 4-120 C L 4-121 show ip access-list access-list ip mask-precedence L I 4-122 mask (IP ACL) C L 4-123 L I 4-124 C IST L ONTROL CCESS L I 4-126 show access-list ip mask-precedence C L 4-127 ip access-group L I 4-128 show ip access-group map access-list ip C L 4-129 show map access-list ip L I 4-130 match access-list ip C L 4-131 show marking Page C L 4-133 MAC ACLs access-list mac L I 4-134 permit, deny (MAC ACL) C L 4-135 L I 4-136 show mac access-list C L 4-137 access-list mac mask-precedence L I 4-138 mask (MAC ACL) Page L I 4-140 C L 4-141 show access-list mac mask-precedence L I 4-142 mac access-group C L 4-143 show mac access-group map access-list mac L I 4-144 show map access-list mac C L 4-145 match access-list mac L I 4-146 ACL Information show access-list SNMP Commands L I 4-148 4-149 L I 4-150 4-151 L I 4-152 4-153 L I 4-154 4-155 DHCP Commands DHCP Client ip dhcp client-identifier L I 4-156 ip dhcp restart client 4-157 DHCP Relay ip dhcp restart relay L I 4-158 ip dhcp relay server 4-159 L I 4-160 DHCP Server 4-161 service dhcp ip dhcp excluded-address L I 4-162 ip dhcp pool 4-163 network L I 4-164 default-router 4-165 domain-name dns-server L I 4-166 next-server 4-167 bootfile netbios-name-server L I 4-168 netbios-node-type Page L I 4-170 lease host Page L I 4-172 client-identifier 4-173 hardware-address L I 4-174 clear ip dhcp binding 4-175 show ip dhcp binding L I 4-176 DNS Commands 4-177 ip host L I 4-178 clear host ip domain-name 4-179 ip domain-list L I 4-180 4-181 ip name-server L I 4-182 ip domain-lookup 4-183 show hosts L I 4-184 show dns show dns cache 4-185 clear dns cache Page C -1 Interface Commands -2 C -3 -4 C -5 -6 C -7 -8 C -9 -10 C -11 -12 C -13 -14 C -15 -16 Mirror Port Commands P C -17 -18 Rate Limit Commands L C -19 -20 Link Aggregation Commands A C -21 -22 A C -23 -24 A C -25 -26 A C -27 -28 A C -29 -30 A C -31 -32 T C -33 Address Table Commands -34 T C -35 -36 T C -37 -38 Spanning Tree Commands T C -39 -40 T C -41 -42 T C -43 -44 T C -45 -46 T C -47 -48 T C -49 -50 T C -51 -52 T C -53 -54 VLAN Commands Editing VLAN Groups vlan database -55 vlan -56 -57 Configuring VLAN Interfaces interface vlan -58 switchport mode -59 switchport acceptable-frame-types -60 switchport ingress-filtering -61 switchport native vlan -62 switchport allowed vlan -63 switchport forbidden vlan -64 Displaying VLAN Information show vlan -65 Configuring Protocol-based VLANs -66 protocol-vlan protocol-group (Configuring Groups) -67 protocol-vlan protocol-group (Configuring Interfaces) -68 show protocol-vlan protocol-group -69 show interfaces protocol-vlan protocol-group -70 Configuring Private VLANs pvlan GVRP C GVRP and Bridge Extension Commands -72 bridge-ext gvrp GVRP C E B -73 -74 show gvrp configuration GVRP C E B -75 -76 show garp timer Priority Commands -78 Priority Commands (Layer 2) switchport priority default C -79 -80 queue mode C -81 queue bandwidth queue cos-map -82 C -83 show queue mode -84 show queue bandwidth show queue cos-map C -85 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) -86 C -87 map ip port (Interface Configuration) -88 map ip precedence (Global Configuration) map ip precedence (Interface Configuration) C -89 map ip dscp (Global Configuration) -90 map ip dscp (Interface Configuration) C -91 show map ip port -92 show map ip precedence C -93 show map ip dscp -94 F C -95 Multicast Filtering Commands -96 IGMP Snooping Commands ip igmp snooping ip igmp snooping vlan static F C -97 ip igmp snooping version -98 show ip igmp snooping F C -99 show mac-address-table multicast -100 IGMP Query Commands (Layer 2) ip igmp snooping querier F C -101 ip igmp snooping query-count -102 ip igmp snooping query-interval ip igmp snooping query-max-response-time F C -103 -104 ip igmp snooping router-port-expire-time F C -105 Static Multicast Routing Commands ip igmp snooping vlan mrouter -106 show ip igmp snooping mrouter F C -107 IGMP Commands (Layer 3) ip igmp -108 ip igmp robustval F C -109 ip igmp query-interval -110 ip igmp max-resp-interval F C -111 ip igmp last-memb-query-interval -112 ip igmp version F C -113 show ip igmp interface clear ip igmp group -114 show ip igmp groups F C -115 -116 IP Interface Commands Basic IP Configuration ip address C -117 -118 ip default-gateway C -119 show ip interface -120 show ip redirects ping C -121 -122 Address Resolution Protocol (ARP) arp C -123 arp-timeout -124 clear arp-cache show arp C -125 ip proxy-arp -126 IP Routing Commands C -127 Global Routing Configuration ip routing -128 ip route C -129 clear ip route show ip route -130 show ip traffic C Routing Information Protocol (RIP) -131 -132 router rip C -133 timers basic -134 network C -135 neighbor version -136 C -137 ip rip receive version -138 ip rip send version C -139 ip split-horizon -140 ip rip authentication key C -141 ip rip authentication mode -142 show rip globals C -143 show ip rip -144 Open Shortest Path First (OSPF) C -145 -146 router ospf C -147 router-id -148 compatible rfc1583 C -149 default-information originate -150 timers spf C -151 area range -152 area default-cost C -153 summary-address -154 redistribute C -155 network area -156 area stub C -157 -158 area nssa C -159 -160 area virtual-link C -161 -162 C -163 ip ospf authentication -164 ip ospf authentication-key C -165 ip ospf message-digest-key -166 ip ospf cost ip ospf dead-interval C -167 ip ospf hello-interval -168 ip ospf priority C -169 ip ospf retransmit-interval ip ospf transmit-delay -170 show ip ospf C -171 show ip ospf border-routers -172 show ip ospf database C -173 -174 The following shows output when using the asbr-summary keyword. C -175 The following shows output when using the database-summary keyword. -176 The following shows output when using the external keyword. C The following shows output when using the network keyword. -177 -178 The following shows output when using the router keyword. C -179 -180 The following shows output when using the summary keyword. C -181 show ip ospf interface -182 show ip ospf neighbor C -183 show ip ospf summary-address -184 show ip ospf virtual-links Multicast Routing Commands R C -185 Static Multicast Routing Commands ip igmp snooping vlan mrouter -186 show ip igmp snooping mrouter R C -187 General Multicast Routing Commands ip multicast-routing -188 show ip mroute R C -189 This example shows detailed multicast information for a specified group/ source pair -190 This example lists all entries in the multicast table in summary form: R C -191 DVMRP Multicast Routing Commands router dvmrp -192 probe-interval R C -193 nbr-timeout -194 report-interval flash-update-interval R C -195 prune-lifetime -196 default-gateway R C -197 ip dvmrp -198 ip dvmrp metric clear ip dvmrp route R C -199 show router dvmrp -200 The default settings are shown in the following example: DMVRP routes are shown in the following example: show ip dvmrp route Use this command to display all entries in the DVMRP routing table. Command Mode R C Example -201 show ip dvmrp neighbor -202 show ip dvmrp interface PIM-DM Multicast Routing Commands R C -203 router pim -204 ip pim dense-mode R C -205 ip pim hello-interval -206 ip pim hello-holdtime ip pim trigger-hello-interval R C -207 ip pim join-prune-holdtime -208 ip pim graft-retry-interval R C -209 ip pim max-graft-retries show router pim -210 show ip pim interface show ip pim neighbor R C Router Redundancy Commands -212 Virtual Router Redundancy Protocol Commands vrrp ip R C -213 -214 vrrp authentication R C -215 vrrp priority -216 vrrp timers advertise R C -217 vrrp preempt -218 show vrrp R C -219 This example displays the full listing of status information for all groups. -220 show vrrp interface R C -221 -222 show vrrp router counters show vrrp interface counters R C -223 clear vrrp router counters clear vrrp interface counters Page R C -225 Hot Standby Router Protocol Commands standby ip -226 R C -227 standby priority -228 standby preempt R C -229 -230 standby authentication R C -231 standby timers -232 standby track R C -233 -234 show standby R C -235 -236 This example displays the brief listing of status information for all groups. R C -237 show standby interface -238 This example displays the full listing of status information for VLAN 1. PPENDIX OFTWARE -1 PECIFICATIONS -2 -3 -4 Page Page PPENDIX B-1 B T ROUBLESHOOTING Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 Page Page NDEX Index-1 Symbols Numerics A E F G H I J L M O Index-4 P Q R S Index-5 T U V Index-6 W