SMC Networks SMC8624/48T , S, 3-40

C

ONFIGURING

THE

S

WITCH

3-40

CLI – This example enables the HTTP secure server and modifies the

port number.

Replacing the Default Secure-site Certificate

When you log onto the web interface using HTTPS (for secure access), a

Secure Sockets Layer (SSL) certificate appears for the switch. By default,

the certificate that Netscape and Internet Explorer display will be

associated with a warning that the site is not recognized as a secure site.

This is because the certificate has not been signed by an approved

certification authority. If you want this warning to be replaced by a

message confirming that the connection to the switch is secure, you must

obtain a unique certificate and a private key and password from a

recognized certification authority.

Caution: For maximum security, we recommend you obtain a unique

Secure Sockets Layer certificate at the earliest opportunity.

This is because the default certificate for the switch is not

unique to the hardware you have purchased.

When you have obtained these, place them on your TFTP server, and use

the following command at the switch's command-line interface to replace

the default (unrecognized) certificate with an authorized one:

Note: The switch must be reset for the new certificate to be activated. To

reset the switch, type: Console#reload

Console(config)#ip http secure-server 3-42

Console(config)#ip http secure-port 441 3-44

Console(config)#

Console#copy tftp https-certificate 3-86

TFTP server ip address: <server ip-address>

Source certificate file name: <certificate file name>

Source private file name: <private key file name>

Private password: <password for private key>

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Management Guide Page Page Page L W IMITED ARRANTY W IMITED ARRANTY ii iii ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1 iv v vi 4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1 vii viii ix x xi xii xiii xiv xv A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1 B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Glossary Index T xvi ABLES xvii F xviii IGURES xix xx 1-1 NTRODUCTION Key Features 1-2 Description of Software Features F S 1-3 1-4 F S 1-5 1-6 D 1-7 System Defaults 1-8 D 1-9 Page NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 Required Connections S 2-3 C 2-4 Remote Connections Basic Configuration Console Connection C 2-5 Setting Passwords C 2-6 Setting an IP Address Manual Configuration C 2-7 Dynamic Configuration C 2-8 C 2-9 Enabling SNMP Management Access Community Strings C 2-10 C 2-11 Trap Receivers Saving Configuration Settings C Managing System Files Page Page ONFIGURING THE 3-1 WITCH Using the Web Interface Page Navigating the Web Browser Interface S 3-4 Configuration Options Panel Display I B W 3-5 S 3-6 I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 Basic Configuration C 3-13 S 3-14 Displaying Switch Hardware/Software Versions C ASIC 3-15 Web Click System, Switch Information. Figure 3-4. Switch Information CLI Use the following command to display version information. S 3-16 Displaying Bridge Extension Capabilities C 3-17 Setting the Switchs IP Address S 3-18 Page Page C 3-21 S 3-22 Managing Firmware Downloading System Software from a Server Page S 3-24 Saving or Restoring Configuration Settings C 3-25 Downloading Configuration Settings from a Server S 3-26 Resetting the System C 3-27 Setting the System Clock Configuring SNTP S 3-28 C 3-29 Setting the Time Zone S Simple Network Management Protocol Setting Community Access Strings Page S 3-32 A 3-33 User Authentication Configuring the Logon Password S 3-34 Configuring Local/Remote Logon Authentication A 3-35 S 3-36 A 3-37 S 3-38 Configuring HTTPS A 3-39 S 3-40 Replacing the Default Secure-site Certificate A 3-41 Configuring the Secure Shell S 3-42 A 3-43 Generating the Host Key Pair S 3-44 Page S 3-46 Configuring the SSH Server Page S 3-48 Configuring Port Security A 3-49 Page A 3-51 Configuring 802.1x Port Authentication S 3-52 Displaying 802.1x Global Settings A 3-53 S 3-54 A 3-55 Configuring 802.1x Global Settings S 3-56 Configuring Port Authorization Mode A 3-57 S Statistical Values 3-58 Displaying 802.1x Statistics Page S 3-60 Access Control Lists Configuring Access Control Lists C L 3-61 Setting the ACL Name and Type S 3-62 C L 3-63 Configuring a Standard IP ACL S 3-64 Configuring an Extended IP ACL C L 3-65 Page C L 3-67 Configuring a MAC ACL Page Page Page C L 3-71 Configuring an IP ACL Mask Page Page S 3-74 Configuring a MAC ACL Mask Page S 3-76 Binding a Port to an Access Control List Page S 3-78 Filtering Management Access Page S 3-80 Port Configuration Displaying Connection Status Field Attributes (Web) C 3-81 Field Attributes (CLI) Basic information: Configuration: S 3-82 Current status: C ORT 3-83 CLI This example shows the connection status for Port 5. S 3-84 Configuring Interface Connections C 3-85 S 3-86 Creating Trunk Groups C 3-87 } S 3-88 Statically Configuring a Trunk C } ORT 3-89 Enabling LACP on Selected Ports } Page C 3-91 Configuring LACP Parameters Dynamically Creating a Port Channel S 3-92 Page S Counter Information 3-94 Displaying LACP Port Counters C 3-95 Figure 3-41. Displaying LACP Port Counters Information Table 3-5. LACP Port Counter Information S Internal Configuration Information 3-96 CLI The following example displays LACP counters for port channel 1. C 3-97 Table 3-6. LACP Settings S 3-98 C 3-99 Displaying LACP Settings and Status for the Remote Side Neighbor Configuration Information Table 3-7. LACP Remote Side Settings S 3-100 Page S 3-102 C 3-103 Configuring Port Mirroring Page C 3-105 S 3-106 Showing Port Statistics Statistical Values C 3-107 S 3-108 C 3-109 S 3-110 Figure 3-47. Displaying Port Statistics Page S 3-112 Address Table Settings Setting Static Addresses Page Page Page S 3-116 Spanning Tree Algorithm Configuration Page S 3-118 T C A 3-119 Page T C A 3-121 Configuring Global Settings S 3-122 T C A 3-123 S 3-124 Page S 3-126 Displaying Interface Settings T C A 3-127 x S x 3-128 T C A 3-129 S 3-130 Configuring Interface Settings T C A 3-131 S 3-132 Page S 3-134 Page S 3-136 CLI This displays STA settings for instance 1, followed by settings for each port. Page S 3-138 T C A 3-139 Configuring Interface Settings for MSTP S 3-140 3-141 VLAN Configuration Overview S 3-142 Assigning Ports to VLANs 3-143 S 3-144 3-145 Forwarding Tagged/Untagged Frames Page 3-147 Displaying Current VLANs Command Attributes (Web) Page 3-149 Creating VLANs S 3-150 3-151 Adding Static Members to VLANs (VLAN Index) S 3-152 3-153 Adding Static Members to VLANs (Port Index) Page 3-155 S 3-156 3-157 x S 3-158 Configuring Private VLANs Enabling Private VLANs 3-159 Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs S 3-160 Configuring Protocol Groups 3-161 Mapping Protocols to VLANs S 3-162 C Class of Service Configuration Setting the Default Priority for Interfaces S 3-164 C S 3-165 Mapping CoS Values to Egress Queues S 3-166 Page Page C S 3-169 Mapping Layer 3/4 Priorities to CoS Values Page Page S 3-172 C S 3-173 Mapping DSCP Priority S 3-174 Page S 3-176 Page Page C S 3-179 Page F 3-181 Multicast Filtering S 3-182 Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters F 3-183 S 3-184 F 3-185 Displaying Interfaces Attached to a Multicast Router S 3-186 Specifying Static Interfaces for a Multicast Router F 3-187 Displaying Port Members of Multicast Services S 3-188 Assigning Ports to Multicast Services F 3-189 S 3-190 Configuring Domain Name Service Configuring General DNS Server Parameters D S N 3-191 Page D S N 3-193 Configuring Static DNS Host to Address Entries Page Page S 3-196 Web Select DNS, Cache. Page L I 4-2 Telnet Connection Page Entering Commands Page L I 4-6 Showing Commands Page L I 4-8 Understanding Command Modes Exec Commands C 4-9 Configuration Commands L I 4-10 C 4-11 Command Line Processing L I Command Groups The system commands can be broken down into the functional groups shown below Table 4-4. Command Group Index Table 4-3. G 4-13 Table 4-4. Command Group Index L I Line Commands C 4-15 line L I 4-16 login C 4-17 password L I 4-18 exec-timeout C 4-19 password-thresh Page C 4-21 databits Page C 4-23 speed Page C 4-25 show line L I General Commands enable C 4-27 disable Page C 4-29 reload L I 4-30 end Page L I 4-32 This example shows how to quit a CLI session: System Management Commands Table 4-7. System Mangement Commands M C 4-33 Device Designation Commands prompt L I 4-34 hostname User Access Commands M C 4-35 username L I 4-36 enable password M C IP Filter Commands 4-37 L I 4-38 management M C 4-39 show management L I Web Server Commands 4-40 Table 4-11. Web Server Command M C 4-41 ip http port ip http server L I 4-42 ip http secure-server M C 4-43 L I 4-44 ip http secure-port M C 4-45 Secure Shell Commands L I 4-46 M C 4-47 L I 4-48 ip ssh server M C 4-49 ip ssh timeout L I 4-50 ip ssh authentication-retries M C 4-51 ip ssh server-key size delete public-key L I 4-52 ip ssh crypto host-key generate M C 4-53 ip ssh crypto zeroize L I 4-54 ip ssh save host-key show ip ssh M C 4-55 show ssh Use this command to display the current SSH server connections. Command Mode L I 4-56 show public-key Table 4-13. SSH Information M C 4-57 L I 4-58 Event Logging Commands logging on M C 4-59 logging history L I 4-60 logging host M C 4-61 logging facility L I 4-62 logging trap clear logging M C 4-63 show logging L I The following example displays settings for the trap function. 4-64 M C 4-65 show logging sendmail (4-69) SMTP Alert Commands L I 4-66 logging sendmail host M C 4-67 logging sendmail level logging sendmail source-email L I 4-68 logging sendmail destination-email M C 4-69 logging sendmail show logging sendmail L I 4-70 Time Commands Table 4-16. Time Commands M C 4-71 sntp server L I 4-72 sntp poll sntp client M C 4-73 L I 4-74 sntp broadcast client show sntp M C 4-75 clock timezone L I 4-76 calendar set show calendar M C 4-77 Example System Status Commands Page M C ANAGEMENT YSTEM 4-79 L I 4-80 show running-config M C ANAGEMENT YSTEM 4-81 L I 4-82 show system M C 4-83 show users show version L I 4-84 Frame Size Commands jumbo frame Flash/File Commands L I 4-86 copy C 4-87 L I 4-88 The following example shows how to copy the running configuration to a startup file. The following example shows how to download a configuration file: C 4-89 delete L I 4-90 dir C 4-91 whichboot L I 4-92 boot system C Authentication Commands Authentication Sequence L I 4-94 authentication login C 4-95 RADIUS Client radius-server host L I 4-96 radius-server port C 4-97 radius-server key radius-server retransmit L I 4-98 radius-server timeout show radius-server C 4-99 TACACS+ Client tacacs-server host L I 4-100 tacacs-server port C 4-101 tacacs-server key show tacacs-server L I 4-102 Port Security Commands port security C 4-103 L I 4-104 802.1x Port Authentication C 4-105 authentication dot1x default L I 4-106 dot1x default dot1x max-req C 4-107 dot1x port-control L I 4-108 dot1x operation-mode dot1x re-authenticate C 4-109 dot1x re-authentication dot1x timeout quiet-period L I 4-110 dot1x timeout re-authperiod dot1x timeout tx-period C 4-111 show dot1x L I 4-112 C UTHENTICATION 4-113 L I Access Control List Commands C L 4-115 L I IP ACLs 4-116 C L 4-117 Table 4-27. IP ACL Commands L I 4-118 access-list ip C L 4-119 permit, deny (Standard ACL) L I 4-120 permit, deny (Extended ACL) C L 4-121 L I 4-122 C L 4-123 show ip access-list access-list ip mask-precedence L I 4-124 C L 4-125 mask (IP ACL) L I 4-126 C IST L ONTROL CCESS L I 4-128 show access-list ip mask-precedence C L 4-129 ip access-group L I 4-130 show ip access-group map access-list ip Page L I 4-132 show map access-list ip C L 4-133 match access-list ip L I 4-134 show marking C L 4-135 MAC ACLs Table 4-28. MAC ACL Commands L I 4-136 access-list mac C L 4-137 permit, deny (MAC ACL) L I 4-138 C L 4-139 show mac access-list access-list mac mask-precedence L I 4-140 mask (MAC ACL) Page L I 4-142 C L 4-143 show access-list mac mask-precedence L I 4-144 mac access-group C L 4-145 show mac access-group map access-list mac L I 4-146 show map access-list mac C L 4-147 match access-list mac L I 4-148 ACL Information show access-list SNMP Commands L I 4-150 snmp community 4-151 snmp contact snmp location L I 4-152 snmp host 4-153 L I 4-154 snmp enable traps Page L I 4-156 4-157 DNS Commands L I 4-158 ip host 4-159 clear host ip domain-name L I 4-160 ip domain-list 4-161 L I 4-162 ip name-server 4-163 ip domain-lookup Page 4-165 show dns show dns cache Page Page L I 4-167 Interface Commands Table 4-32. Interface Commands C 4-168 interface description L I 4-169 speed-duplex C 4-170 negotiation Page C 4-172 capabilities L I 4-173 flowcontrol C 4-174 combo-forced-mode L I 4-175 shutdown C 4-176 switchport broadcast packet-rate L I 4-177 clear counters Page L I 4-179 show interfaces counters C 4-180 L I 4-181 show interfaces switchport C 4-182 L I 4-183 Mirror Port Commands port monitor P C 4-184 show port monitor L Rate Limit Commands Page L I 4-187 Link Aggregation Commands A C 4-188 Page Page L I 4-191 A C 4-192 lacp system-priority L I 4-193 lacp admin-key (Ethernet Interface) A C 4-194 lacp admin-key (Port Channel) L I 4-195 lacp port-priority A C 4-196 show lacp L I 4-197 A C 4-198 L I 4-199 T C Address Table Commands Table 4-36. Adress Table Commands L I 4-201 mac-address-table static Page L I 4-203 mac-address-table aging-time Page L I 4-205 Spanning Tree Commands Table 4-37. Spanning Tree Commands T C 4-206 spanning-tree Table 4-37. Spanning Tree Commands L I 4-207 spanning-tree mode T C 4-208 L I 4-209 spanning-tree forward-time T C 4-210 spanning-tree hello-time spanning-tree max-age L I 4-211 spanning-tree priority T C 4-212 spanning-tree pathcost method Page T C 4-214 mst vlan L I 4-215 mst priority T C 4-216 name L I 4-217 revision T C 4-218 max-hops Page T C 4-220 spanning-tree port-priority L I 4-221 spanning-tree edge-port T C 4-222 spanning-tree portfast L I 4-223 spanning-tree link-type T C 4-224 spanning-tree mst cost L I 4-225 T C 4-226 spanning-tree mst port-priority Page T C 4-228 show spanning-tree L I 4-229 Page L I Editing VLAN Groups 4-231 VLAN Commands Table 4-38. VLAN Commands Table 4-39. Editing VLAN Groups 4-232 vlan database L I 4-233 vlan 4-234 Configuring VLAN Interfaces Table 4-40. Configuring VLAN Interfaces L I 4-235 interface vlan 4-236 switchport mode L I 4-237 switchport acceptable-frame-types 4-238 switchport ingress-filtering L I 4-239 switchport native vlan 4-240 switchport allowed vlan L I 4-241 switchport forbidden vlan 4-242 Displaying VLAN Information show vlan L I 4-243 Configuring Protocol-based VLANs 4-244 protocol-vlan protocol-group (Configuring Groups) L I 4-245 protocol-vlan protocol-group (Configuring Interfaces) 4-246 show protocol-vlan protocol-group L I 4-247 show interfaces protocol-vlan protocol-group 4-248 Configuring Private VLANs pvlan L I 4-249 show pvlan GVRP GVRP and Bridge Extension Commands bridge-ext gvrp L I 4-251 show bridge-ext GVRP C E B 4-252 L I 4-253 garp timer GVRP C E B 4-254 Priority Commands C 4-256 Priority Commands (Layer 2) switchport priority default L I 4-257 C 4-258 queue mode L I 4-259 queue bandwidth C 4-260 queue cos-map L I 4-261 show queue mode C 4-262 show queue bandwidth show queue cos-map L I 4-263 Default Setting None Command Mode Example C 4-264 map ip port (Global Configuration) map ip port (Interface Configuration) L I 4-265 map ip precedence (Global Configuration) C 4-266 map ip precedence (Interface Configuration) L I 4-267 map ip dscp (Global Configuration) C 4-268 map ip dscp (Interface Configuration) L I 4-269 show map ip port C 4-270 show map ip precedence L I 4-271 show map ip dscp F Multicast Filtering Commands IGMP Snooping Commands L I 4-273 ip igmp snooping F C 4-274 ip igmp snooping vlan static L I 4-275 ip igmp snooping version F C 4-276 show ip igmp snooping show mac-address-table multicast L I IGMP Query Commands (Layer 2) 4-277 F C 4-278 ip igmp snooping querier ip igmp snooping query-count L I 4-279 ip igmp snooping query-interval F C 4-280 ip igmp snooping query-max-response-time L I 4-281 ip igmp snooping router-port-expire-time F C 4-282 Static Multicast Routing Commands ip igmp snooping vlan mrouter L I 4-283 show ip igmp snooping mrouter C IP Interface Commands Basic IP Configuration L I 4-285 ip address C 4-286 ip dhcp restart L I 4-287 ip default-gateway C 4-288 show ip interface show ip redirects L I 4-289 ping C 4-290 Related Commands interface (4 -168) Page PPENDIX OFTWARE A-1 PECIFICATIONS Software Features S A-2 S A-3 Management Features Standards S A-4 Management Information Bases PPENDIX B-1 B T ROUBLESHOOTING Table B-1. Troubleshooting Chart Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 NDEX Numerics A B C E F G H I P Q R S T U V W