Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks SMC8624/48T IP ACLs, Masks for Access Control Lists, Access Control List Commands

Models: SMC8624/48T

1 556

Download 556 pages 10.96 Kb

Page 360

COMMAND LINE INTERFACE

6.Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports.

7.If no explicit rule is matched, the implicit default is permit all.

Masks for Access Control Lists

You can specify optional masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ACL. A mask must be bound exclusively to one of the basic ACL types (i.e., Ingress IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a mask can be bound to up to four ACLs of the same type.

Table 4-26. Access Control List Commands

Command Groups	Function	Page

IP ACLs	Configure ACLs based on IP addresses, TCP/	4-116
	UDP port number, protocol type, and TCP control
	code

MAC ACLs	Configure ACLs based on hardware addresses,	4-135
	packet format, and Ethernet type

ACL Information	Display ACLs and associated rules; shows ACLs	4-148
	assigned to each port

IP ACLs

Table 4-27. IP ACL Commands

Command	Function	Mode	Page

access-list ip	Creates an IP ACL and enters	GC	4-118
	configuration mode for standard or
	extended IP ACLs

permit, deny	Filters packets matching a specified	STD-ACL	4-119
	source or destination IP address

4-116

Image 360

SMC Networks SMC8624/48T manual IP ACLs, Masks for Access Control Lists, Access Control List Commands, IP ACL Commands

Contents

TigerSwitch 10/100/1000 Page TigerSwitch 10/100/1000 Management Guide Trademarks Limited Warranty Limited Warranty Contents Contents Contents Command Line Interface Vii Viii Contents Contents Contents Xii Xiii Xiv Contents Tables XviXvii Figures XviiiXix 61. Displaying Vlan Information by Port MembershipFigures Key Features Key FeaturesDescription of Software Features Description of Software Features Introduction Description of Software Features Introduction System Defaults System DefaultsSystem Defaults Dhcp Introduction Connecting to the Switch Configuration OptionsRequired Connections Connecting to the Switch Basic Configuration Remote ConnectionsConsole Connection Setting Passwords Setting an IP Address Manual ConfigurationDynamic Configuration Initial Configuration Enabling Snmp Management Access Community StringsInitial Configuration Saving Configuration Settings Trap ReceiversManaging System Files Managing System Files Initial Configuration Configuring the Switch Using the Web InterfaceConfiguring the Switch Navigating the Web Browser Interface HomeConfiguration Options Panel DisplayMain Menu Main MenuACL Lacp STA 141 Vlan ID DNS Displaying System Information Field AttributesSystem Information CLI Specify the hostname, location and contact informationDisplaying Switch Hardware/Software Versions Main BoardManagement Software Web Click System, Switch Information Switch InformationDisplaying Bridge Extension Capabilities Setting the Switch’s IP Address CLI Enter the following commandWeb Click System, Bridge Extension Command Attributes Manual IP Configuration Using DHCP/BOOTP Dhcp IP Configuration288 Managing Firmware Downloading System Software from a ServerOperation Code Image File Transfer Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server 10. Downloading Configuration Settings from a ServerResetting the System CLI Use the reload command to restart the switchSetting the System Clock Configuring Sntp13. Sntp Configuration Setting the Time Zone 14. Setting the Time ZoneSetting Community Access Strings Simple Network Management ProtocolAccess Mode Specifying Trap Managers and Trap Types16. Specifying Trap Managers and Trap Types User Authentication Configuring the Logon PasswordConfiguring Local/Remote Logon Authentication 17. Configuring the Logon PasswordCommand Usage Radius Settings Tacacs Settings 18. Setting Local, Radius and Tacacs AuthenticationConfiguring Https 19. Https Settings Https SupportReplacing the Default Secure-site Certificate Configuring the Secure Shell Configuring the Switch Generating the Host Key Pair Field Attributes 20. SSH Host-Key Settings Configuring the SSH Server SSH server includes basic settings for authentication21. SSH Server Settings Configuring Port Security Command Usage 22. Configuring Port Security Configuring 802.1x Port Authentication Displaying 802.1x Global Settings 802.1x client Radius server23 .1x Information 111 Configuring 802.1x Global Settings Configuring Port Authorization Mode 24 .1x Configuration25 .1x Port Configuration AuthorizedDisplaying 802.1x Statistics Statistical Values1x Statistics 26 .1x Statistics Access Control Lists Configuring Access Control ListsCLI This example displays the 802.1x statistics for port Setting the ACL Name and Type 27. Naming and Choosing ACLs CLI This example creates a standard IP ACL named billConfiguring a Standard IP ACL Command Attributes 28. Configuring Standard IP ACLsConfiguring an Extended IP ACL Command Attributes Access Control Lists 29. Configuring Extended IP ACLs Configuring a MAC ACL Command Attributes 120Command Usage 30. Configuring MAC ACLs Configuring ACL Masks Command UsageSpecifying the Mask Type Configuring an IP ACL Mask This mask defines the fields to check in the IP headerConfiguring the Switch 32. Configuring an IP based ACL Configuring a MAC ACL Mask This mask defines the fields to check in the packet header33. Configuring a MAC based ACL Binding a Port to an Access Control List 14834. Mapping ACLs to Port Ingress/Egress Queues Filtering Management Access 35. Filtering Management Access Port Configuration Displaying Connection StatusField Attributes Web Field Attributes CLI Web Click Port, Port Information or Trunk InformationCurrent status CLI This example shows the connection status for Port 178Configuring Interface Connections Port Configuration 37. Configuring Port Attributes Creating Trunk GroupsCommand Usage Statically Configuring a Trunk Command Usage 38. Static Trunk ConfigurationEnabling Lacp on Selected Ports Command Usage 18939. Lacp Port Configuratio 190 Command Attributes 40. Lacp Aggregation Port Configuration Displaying Lacp Port Counters Counter InformationYou can display statistics for Lacp protocol messages Lacp Port Counter Information41. Displaying Lacp Port Counters Information Displaying Lacp Settings and Status for the Local Side Internal Configuration InformationLacp Settings Link Passive 1 Active 42. Displaying Lacp Port Information Displaying Lacp Settings and Status for the Remote Side Neighbor Configuration InformationLacp Remote Side Settings 100 43. Displaying Remote Lacp Port InformationSetting Broadcast Storm Thresholds 101102 44. Enabling Port Broadcast ControlConfiguring Port Mirroring 103Configuring Rate Limits 104Command Attribute 105Showing Port Statistics 106107 Port Statistics108 109 Rmon Statistics110 47. Displaying Port Statistics111 48. Displaying Etherlike and Rmon StatisticsAddress Table Settings Setting Static Addresses112 CLI This example shows statistics for port113 49. Mapping Ports to Static AddressesDisplaying the Address Table 114Changing the Aging Time 115CLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration 116Displaying Global Settings 117118 119 120 52. Displaying the Spanning Tree AlgorithmConfiguring Global Settings Global settings apply to the entire switch121 Basic Configuration of Global Settings 122Root Device Configuration 123Configuration Settings for Rstp 12453. Configuring the Spanning Tree Algorithm 125Displaying Interface Settings 126127 Rules defining port status are128 AD B129 Configuring Interface Settings 130CLI This example shows the STA attributes for port 131 132 Configuring Multiple Spanning Trees 133CLI This example sets STA attributes for port 134 135 Vlan ID Vlan to assign to this selected MST instance. Range136 Displaying Interface Settings for Mstp 137138 Configuring Interface Settings for Mstp 13958. Mstp Port Configuration 140Vlan Configuration Overview141 CLI This example sets the Mstp attributes for port142 Assigning Ports to VLANs143 144 145 Forwarding Tagged/Untagged FramesEnabling or Disabling Gvrp Global Setting CLI This example enables Gvrp for the switchDisplaying Basic Vlan Information 146Command Attributes Web Displaying Current VLANs147 Web Click VLAN, 802.1Q VLAN, Basic InformationCommand Attributes CLI 148Creating VLANs 149150 CLI This example creates a new VlanAdding Static Members to VLANs Vlan Index 15163. Configuring Vlan Port Attributes 152Adding Static Members to VLANs Port Index 153Configuring Vlan Behavior for Interfaces 154155 156 65. Configuring Vlan Ports 157Configuring Private VLANs CLI This example enables private VLANs158 Enabling Private VLANsConfiguring Protocol-Based VLANs Configuring Uplink and Downlink Ports159 Configuring Protocol Groups 160Create a protocol group for one or more protocols 161 Mapping Protocols to VLANs162 69. Mapping Protocols to VLANsClass of Service Configuration Setting the Default Priority for Interfaces163 CLI This example assigns a default priority of 5 to port 164Mapping CoS Values to Egress Queues 165Egress Queue Priority Mapping 10. CoS Priority Levels71. Configuring Ports and Trunks for Class of Service 166Selecting the Queue Mode 167Setting the Service Weight for Traffic Classes 168Mapping Layer 3/4 Priorities to CoS Values 169Selecting IP Precedence/DSCP Priority 170Mapping IP Precedence 17111. IP Precedence Prioruty 75. Mapping IP Precedence to Class of Service Values 172Mapping Dscp Priority 17376. Mapping IP Dscp Priority to Class of Service Values 174Mapping IP Port Priority 175176 78. IP Port Priority MappingMapping CoS Values to ACLs 17713. CoS to ACL Mapping Changing Priorities Based on ACL Rules 178179 180 79. Changing Priorities Based on ACL RulesMulticast Filtering 181Configuring Igmp Snooping and Query Parameters Layer 2 Igmp Snooping and Query182 183 80. Configuring Internet Group Management Protocol 184Command Attributes 185Displaying Interfaces Attached to a Multicast Router 186 Specifying Static Interfaces for a Multicast RouterDisplaying Port Members of Multicast Services 187Assigning Ports to Multicast Services 188189 84. Specifying Multicast Port MembershipConfiguring Domain Name Service Configuring General DNS Server Parameters190 191 85. Configuring DNS 192Configuring Static DNS Host to Address Entries 193194 86. Mapping IP Addresses to a Host NameDisplaying the DNS Cache 195196 Web Select DNS, CacheUsing the Command Line Interface Accessing the CLITelnet Connection Using the Command Line Interface Entering Commands This section describes how to enter CLI commandsKeywords and Arguments Minimum AbbreviationCommand Completion Getting Help on CommandsShowing Commands Negating the Effect of Commands Using Command HistoryPartial Keyword Lookup Understanding Command Modes Exec CommandsCommand Modes Configuration Commands Configuration Commands Mode Command PromptCommand Line Processing Keystroke FunctionCommand Groups Command Group Index255 Line Commands Line Command SyntaxDefault Setting Command ModeLine Syntax Line console vtyLogin Related CommandsSyntax Login local no login Password Username 4-35 passwordSyntax Password 0 7 password no password No password is specifiedExec-timeout Login 4-16password-thresh4-19Syntax Exec-timeout seconds no exec-timeout CLI No timeout Telnet 10 minutesPassword-thresh To set the timeout to two minutes, enter this commandSyntax Password-thresh threshold no password-thresh Default value is three attemptsSilent-time Syntax Silent-time seconds no silent-timeTo specify 7 data bits, enter this command DatabitsSyntax Databits 7 8 no databits Seven data bits per character Eight data bits per characterTo specify no parity, enter this command ParitySyntax Parity none even odd no parity None No parity Even Even parity Odd Odd parityTo specify 57600 bps, enter this command SpeedSyntax Speed bps no speed AutoStopbits DisconnectSyntax Stopbits 1 Syntax Disconnect session-idShow line Syntax Show line console vtyGeneral Commands EnableGeneral Commands Syntax Enable levelDisable Disable Enable passwordNormal Exec NoneConfigure Show historyThis command restarts the system ReloadThis command resets the entire system This example shows how to reset the switchThis command returns to Privileged Exec mode EndThis command exits the configuration program ExitQuit AnySystem Management Commands This example shows how to quit a CLI sessionSystem Mangement Commands Device Designation Commands Device Designation CommandsPrompt Syntax Prompt string no promptUser Access Commands User Access CommandsHostname Syntax Hostname name no hostnameUsername Enable password Default is level Default password is superIP Filter Commands 10. IP Filter CommandsManagement All addressesShow management Web Server Commands 11. Web Server CommandDefault Setting Command Mode Syntax No ip http server Default SettingIp http port Ip http serverSyntax No ip http secure-server Default Setting Ip http secure-serverIp http port Copy tftp https-certificate Ip http secure-port4-44 Copy tftp https-certificate Ip http secure-port Portnumber The UDP port used for HTTPS/SSL. Range443 Ip http secure-server4-42Secure Shell Commands 12. Secure Shell Commands12. Secure Shell Commands System Management Commands Syntax Ip ssh server no ip ssh server Default Setting DisabledIp ssh server Ip ssh timeout Syntax Ip ssh timeout seconds no ip ssh timeoutIp ssh crypto host-key generate 4-52 show ssh SecondsIp ssh authentication-retries Exec-timeout4-18 show ip sshShow ip ssh Ip ssh server-key size Delete public-keySyntax Delete public-key username dsa rsa Ip ssh crypto host-key generate Syntax Ip ssh crypto host-key generate dsa rsaDsa DSA key type Rsa RSA key type Generates both the DSA and RSA key pairsUse this command to clear the host key from memory i.e. RAM Ip ssh crypto zeroizeIp ssh crypto zeroize 4-53 ip ssh save host-key4-54 Syntax Ip ssh crypto zeroize dsa rsaIp ssh save host-key Show ip sshSyntax Ip ssh save host-key dsa rsa Show ssh 13. SSH InformationShow public-key Syntax Show public-key user username hostUsername Name of an SSH user. Range 1-8 characters Shows all public keys RSAEvent Logging Commands 14. Event Logging CommandsSyntax No logging on Default Setting Logging onLogging history Logging history 4-59 clear loggingFlash errors level 3 RAM warnings level 7 Logging hostSyntax No logging host hostipaddress Hostipaddress The IP address of a syslog serverLogging facility Syntax No logging facility typeLogging trap Clear loggingSyntax Logging trap level no logging trap Syntax Clear logging flash ramShow logging Show loggingSyntax Show logging flash ram sendmail trap Following example displays settings for the trap function Smtp Alert Commands 15. Smtp Alert CommandsShow logging sendmail Logging sendmail host Syntax No logging sendmail host ipaddressLogging sendmail level Logging sendmail source-emailSyntax Logging sendmail level level Syntax Logging sendmail source-email email-addressLogging sendmail destination-email Syntax No logging sendmail destination-email email-addressSyntax No logging sendmail Default Setting Logging sendmailShow logging sendmail Time Commands 16. Time CommandsSntp server Syntax Sntp server ip1 ip2 ip3Sntp poll 4-72 show sntp Related Commands Sntp pollSntp client Syntax Sntp poll seconds no sntp pollDisabled Syntax No sntp broadcast client Default Setting Sntp broadcast clientShow sntp Clock timezone Show sntpThis command displays the system clock Calendar setShow calendar SyntaxSystem Status Commands Show startup-config17. System Status Commands Command Usage Show running-config4-80 Show running-config Show startup-config4-77 This command displays system information Show systemShow users Show versionFrame Size Commands 18. Frame Size CommandsSyntax No jumbo frame Default Setting Jumbo frameFlash/File Commands 19. Flash/File CommandsCopy Command Usage Following example shows how to download a configuration file This command deletes a file or image Filename Name of the configuration file or image nameDelete This command displays a list of files in flash memory Syntax Dir boot-rom config opcode filenameDir Dir Delete public-key4-51Whichboot Following example shows how to display all file informationBoot system Syntax Boot system boot-romconfig opcode filenameAuthentication Commands Authentication SequenceDir 4-90 whichboot 20. Authentication CommandsAuthentication login LocalUsername for setting the local user names and passwords 22. Radius Client CommandsRadius Client Radius-server hostRadius-server port 10.1.0.1Syntax Radius-server port portnumber no radius-server port 1812Radius-server key Radius-server retransmitSyntax Radius-server key keystring no radius-server key Radius-server timeout Show radius-server23. TACACS+ Client Commands TACACS+ ClientTacacs-server host Hostipaddress IP address of a TACACS+ serverTacacs-server port Syntax Tacacs-server port portnumber no tacacs-server portTacacs-server key Show tacacs-serverSyntax Tacacs-server key keystring no tacacs-server key Port Security Commands 24. Port Security CommandsPort security Status Disabled Action None Maximum Addresses Interface Configuration Ethernet802.1x Port Authentication 25 .1x Port Authentication CommandsAuthentication dot1x default Dot1x default Syntax Dot1x default Command ModeDefault Command Mode Dot1x max-reqDefault Interface ConfigurationDot1x port-control Force-authorizedDot1x re-authenticate Syntax Dot1x re-authenticate interfaceDot1x operation-mode Ethernet unit/portDot1x re-authentication Dot1x timeout quiet-periodSyntax No dot1x re-authentication Command Mode Seconds The number of seconds. RangeDot1x timeout re-authperiod Dot1x timeout tx-periodShow dot1x Show dot1x statistics interface interfaceAuthenticator State Machine State- Current state including initialize, reauthenticate113 Access Control List Commands Access Control ListsAccess Control List Commands Masks for Access Control Lists 26. Access Control List Commands27. IP ACL Commands IP ACLsEXT-ACL Access-list ip Syntax No access-list ip standard extended aclnamePermit, deny Ip access-group4-129 show ip access-list4-123 Standard ACLAccess-list ip No permit deny tcpExtended ACL 122 Show ip access-list Access-list ip mask-precedenceSyntax Show ip access-list standard extended aclname Syntax No access-list ip mask-precedence in outMask IP ACL 4-125 ip access-group4-129 Syntax No mask protocol IP Mask126 127 Show access-list ip mask-precedence Syntax Show access-list ip mask-precedence in outIp access-group Syntax No ip access-group aclname in outMask IP ACL Show ip access-group Map access-list ipShow ip access-list4-123 This command shows the ports assigned to IP ACLsQueue cos-map4-260 Show map access-list ip Show map access-list ip Syntax Show map access-list ip interfaceMap access-list ip Match access-list ip Match access-list ip Show markingShow marking 28. MAC ACL Commands MAC ACLsAccess-list mac Syntax No access-list mac aclnamePermit, deny MAC ACL Any host destination destination address-bitmaskMAC ACL Show mac access-list Access-list mac mask-precedenceThis command displays the rules for configured MAC ACLs Syntax Show mac access-list aclnameMask MAC ACL 4-140 mac access-group4-144 Mask MAC ACLMAC Mask 142 Show access-list mac mask-precedence Syntax Show access-list mac mask-precedence in outThis example creates an Egress MAC ACL Mac access-group Syntax Mac access-group aclname in outShow mac access-list4-139 Show mac access-group Map access-list macThis command shows the ports assigned to MAC ACLs Syntax No map access-list mac aclname cos cos-valueShow map access-list mac Queue cos-map4-260 Show map access-list macSyntax Show map access-list mac interface Match access-list mac Show access-list ACL Information29. ACL Information Snmp Commands Show access-groupThis command shows the port assignments of ACLs 30. Snmp CommandsSnmp community Syntax Snmp community string rorw no snmp community stringSnmp contact Snmp locationSyntax Snmp contact string no snmp contact Syntax Snmp-server location text no snmp-server locationSnmp host Host Address None Snmp VersionConsoleconfig#snmp-server host 10.1.19.23 batman Snmp enable traps Syntax No snmp enable traps authentication link-up-downIssue authentication and link-up-down traps This command checks the status of Snmp communications Show snmp156 DNS Commands 31. DNS CommandsIp host No static entriesThis example maps two address to a host name Clear host Ip domain-nameSyntax Clear host name Syntax Ip domain-name name no ip domain-nameIp domain-list Syntax No ip domain-list nameIp domain-name4-159 Ip name-server Server-address1- IP address of domain-name serverSyntax No ip domain-lookup Default Setting Ip domain-lookupIp domain-name4-159 ip domain-lookup4-163 Show hosts Ip domain-name4-159 ip name-server4-162This command displays the configuration of the DNS server This command displays entries in the DNS cacheShow dns Show dns cacheThis command clears all entries in the DNS cache Clear dns cache167 Interface Commands 32. Interface CommandsInterface DescriptionPort-channel channel-idRange Syntax Description string no descriptionInterface Configuration Ethernet, Port Channel Speed-duplexFollowing example adds a description to port Syntax No negotiation Default Setting NegotiationNegotiation 4 -170 capabilities 4 Following example configures port 11 to use autonegotiation Capabilities 4 -172speed-duplex 4Capabilities Syntax No flowcontrol Default Setting Flow control enabledFlowcontrol Negotiation 4 -170speed-duplex 4 -169 flowcontrol 4Following example enables flow control on port Syntax Combo-forced-mode mode no combo-forced-modeCombo-forced-mode Negotiation 4 Capabilities flowcontrol, symmetricSyntax No shutdown Default Setting All interfaces are enabledFollowing example disables port ShutdownSwitchport broadcast packet-rate This command clears statistics on an interface Port-channel channel-idRange Default SettingClear counters Following example clears statistics on portThis command displays the status for an interface Show interfaces statusSyntax Show interfaces status interface Shows the status for all interfacesThis command displays interface statistics Show interfaces countersSyntax Show interfaces counters interface Shows the counters for all interfaces180 Show interfaces switchport Syntax Show interfaces switchport interfaceThis example shows the configuration setting for port Shows all interfacesShows if acceptable Vlan frames include all types or Mirror Port Commands 33. Mirror Port CommandsInterface Configuration Ethernet, destination port Port monitorThis command displays mirror information Unit Switch unit Port Port numberShow port monitor Syntax Show port monitor interfaceRate Limit Commands Following shows mirroring configured from port 6 to port34. Rate Limit Commands Rate-limit MbpsLink Aggregation Commands 35. Link Aggregation CommandsGuidelines for Creating Trunks General GuidelinesChannel-group Syntax Channel-group channel-idno channel-groupChannel-id- Trunk index Range Current port will be added to this trunkSyntax No lacp Default Setting Lacp191 Lacp system-priority 32768Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Syntax Lacp admin-key key no lacp admin-keyInterface Configuration Port Channel Lacp port-priority This command displays Lacp information Show lacpPort Channel all 197 198 199 Address Table Commands 36. Adress Table Commands200 Mac-address-table static 201Mac-address- MAC address Vlan-id- Vlan ID RangeClear mac-address-table dynamic Show mac-address-table202 Mac-address- MAC address Mask Bits to match in the addressMac-address-table aging-time 203Show mac-address-table aging-time 204Spanning Tree Commands 37. Spanning Tree Commands205 Spanning tree is enabled Spanning-tree206 No spanning-treeSpanning-tree mode 207Rstp 208 Spanning-tree forward-time 209Spanning-tree hello-time Spanning-tree max-age210 Spanning-tree priority 211Spanning-tree pathcost method 212Long method Spanning-tree mst-configuration This command limits the maximum transmission rate for BPDUsSpanning-tree transmission-limit 213MST Configuration Mst vlan214 Mst priority 215Switch’s MAC address Name216 Syntax Name nameRevision 217Revision 4 Syntax Revision numberMax-hops 218Name 4 Spanning-tree spanning-disabled Syntax No spanning-tree spanning-disabled Default SettingSpanning-tree cost 219Spanning-tree port-priority 220Priority The priority for a port. Range 0-240, in steps 128Syntax No spanning-tree edge-port Default Setting Spanning-tree edge-port221 Spanning-tree cost 4Syntax No spanning-tree portfast Default Setting Spanning-tree portfast222 Spanning-tree portfast 4Spanning-tree link-type 223Spanning-treeedge-port 4 Spanning-tree mst cost 224225 Spanning-tree mst port-priority 4Spanning-tree mst port-priority 226Spanning-tree mst cost 4 Port-channel channel-idRange Command Mode Spanning-tree protocol-migration227 Syntax Spanning-tree protocol-migration interfaceShow spanning-tree 228Syntax Show spanning-tree interface mst instanceid 229 Show spanning-tree mst configuration This command shows the multiple spanning tree configurationSyntax Show spanning-tree mst configuration Command Mode 230Vlan Commands 38. Vlan CommandsEditing Vlan Groups 231232 Vlan databaseShow vlan 4 By default only Vlan 1 exists and is active Vlan Database Configuration233 VlanConfiguring Vlan Interfaces 40. Configuring Vlan Interfaces234 235 Interface vlanSyntax Interface vlan vlan-id Shutdown 4Switchport mode Syntax Switchport mode trunk hybrid no switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types 4Switchport acceptable-frame-types Switchport mode 4237 All frame typesSwitchport ingress-filtering Syntax No switchport ingress-filtering Default Setting238 Switchport native vlan 239Switchport allowed vlan 240Switchport forbidden vlan 241No VLANs are included in the forbidden list Displaying Vlan Information 242Show vlan 41. Displaying Vlan InformationFollowing example shows how to display information for Vlan 42. Protocol-based Vlan Commands243 Protocol-vlan protocol-group Configuring Groups No protocol groups are configured244 Protocol-vlan protocol-group Configuring Interfaces 245No protocol groups are mapped for any interface 246 Show protocol-vlan protocol-groupSyntax Show protocol-vlan protocol-group group-id Group-id- Group identifier for a protocol group. RangeThis shows protocol group 1 configured for IP over Ethernet 247Show interfaces protocol-vlan protocol-group Mapping for all interfaces is displayed43. Private Vlan Commands 248Pvlan No private VLANs are definedThis command displays the configured private Vlan 249Show pvlan Gvrp and Bridge Extension Commands 44. Gvrp and Bridge Extension CommandsSyntax No bridge-ext gvrp Default Setting 250251 Show bridge-extSwitchport gvrp Show gvrp configurationSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interfaceGarp timer 253Show garp timer Show garp timer 4Syntax Show garp timer interface Shows all Garp timersPriority Commands Garp timer 445. Priority Commands 255Priority Commands Layer Switchport priority default46. Priority Commands Layer 256257 Queue mode Syntax Queue mode strict wrr no queue modeWeighted Round Robin 258259 Queue bandwidthShow queue bandwidth 4 260 Queue cos-mapShow queue mode This command shows the current queue mode261 Show queue cos-map 4This command shows the class of service priority map 262Show queue bandwidth Show queue cos-mapPriority Commands Layer 3 47. Priority Commands Layer 3263 Syntax Map ip port no map ip port Default Setting 264Syntax No map ip precedence Default Setting 265List below shows the default priority mapping 266Syntax No map ip dscp Default Setting 267Map ip dscp Interface Configuration 268Use this command to show the IP port priority map 269Show map ip port Syntax Show map ip port interfaceThis command shows the IP precedence priority map 270Show map ip precedence Syntax Show map ip precedence interfaceThis command shows the IP Dscp priority map 271Show map ip dscp Syntax Show map ip dscp interfaceMulticast Filtering Commands Igmp Snooping Commands48. Multicast Filtering Commands 49. Igmp Snooping CommandsFollowing example enables Igmp snooping 273Ip igmp snooping No ip igmp snooping274 Ip igmp snooping vlan staticFollowing configures the switch to use Igmp Version 275Ip igmp snooping version Igmp Version276 Show ip igmp snoopingShow mac-address-table multicast Igmp Query Commands Layer 50. Igmp Query Commands Layer277 Syntax No ip igmp snooping querier Default Setting 278Ip igmp snooping querier Ip igmp snooping query-countFollowing shows how to configure the query count to 279Ip igmp snooping query-interval Ip igmp snooping query-max-response-time 4Seconds The report delay advertised in Igmp queries. Range 280Ip igmp snooping query-max-response-time Switch must use IGMPv2 for this command to take effect 281Ip igmp snooping router-port-expire-time Static Multicast Routing Commands 51. Static Multicast Routing Commands282 Ip igmp snooping vlan mrouterDisplays multicast router ports for all configured VLANs 283Show ip igmp snooping mrouter Syntax Show ip igmp snooping mrouter vlan vlan-idIP Interface Commands Basic IP Configuration52. Basic IP Configuration commands 284Interface Configuration Vlan 285Ip address IP address NetmaskThis command submits a Bootp or Dhcp client request 286Ip dhcp restart Ip dhcp restart 4Ip default-gateway Syntax Ip default-gateway gateway no ip default-gateway287 288 Show ip interfaceShow ip redirects This command has no default for the host 289Ping Syntax Ping host count countsize size290 Interface 4291 Software Features AuthenticationDhcp Client Port Configuration Flow ControlClass of Service Additional FeaturesPort Mirroring Rate LimitsManagement Features StandardsIn-Band Management Out-of-Band ManagementManagement Information Bases Appendix B Troubleshooting Table B-1. Troubleshooting ChartTroubleshooting Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 User Datagram Protocol UDPVirtual LAN Vlan XModemNumerics Index-1Index-2 IgmpIndex-3 Snmp SnmpIndex-4 Page For Technical SUPPORT, Call