Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks SMC8624/48T manual Generating the Host Key Pair

Models: SMC8624/48T

1 556

Download 556 pages 10.96 Kb

Page 91

USER AUTHENTICATION

6.Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access. The following exchanges take place during this process:

a.The client sends its public key to the switch.

b.The switch compares the client's public key to those stored in memory.

c.If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client.

d.The client uses its private key to decrypt the bytes, and sends the decrypted bytes back to the switch.

e.The switch compares the decrypted bytes to the original bytes it sent. If the two sets match, this means that the client's private key corresponds to an authorized public key, and the client is authenticated.

Notes: 1. To use SSH with only password authentication, the host public key must still be given to the client, either during initial connection or manually entered into the known host file. However, you do not need to configure the client’s keys.

2.The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions.

Generating the Host Key Pair

A host public/private key pair is used to provide secure communications between an SSH client and the switch. After generating this key pair, you must provide the host public key to SSH clients and import the client’s public key to the switch as described in the proceeding section (Command Usage).

3-43

Image 91

SMC Networks SMC8624/48T manual Generating the Host Key Pair

Contents

TigerSwitch 10/100/1000 Page TigerSwitch 10/100/1000 Management Guide Trademarks Limited Warranty Limited Warranty Contents Contents Contents Command Line Interface Vii Viii Contents Contents Contents Xii Xiii Xiv Contents Xvi TablesXvii Xviii Figures61. Displaying Vlan Information by Port Membership XixFigures Key Features Key FeaturesDescription of Software Features Description of Software Features Introduction Description of Software Features Introduction System Defaults System DefaultsSystem Defaults Dhcp Introduction Configuration Options Connecting to the SwitchRequired Connections Connecting to the Switch Remote Connections Basic ConfigurationConsole Connection Setting Passwords Manual Configuration Setting an IP AddressDynamic Configuration Initial Configuration Community Strings Enabling Snmp Management AccessInitial Configuration Trap Receivers Saving Configuration SettingsManaging System Files Managing System Files Initial Configuration Using the Web Interface Configuring the SwitchConfiguring the Switch Home Navigating the Web Browser InterfacePanel Display Configuration OptionsMain Menu Main MenuACL Lacp STA 141 Vlan ID DNS Field Attributes Displaying System InformationCLI Specify the hostname, location and contact information System InformationMain Board Displaying Switch Hardware/Software VersionsManagement Software Switch Information Web Click System, Switch InformationDisplaying Bridge Extension Capabilities CLI Enter the following command Setting the Switch’s IP AddressWeb Click System, Bridge Extension Command Attributes Manual IP Configuration Dhcp IP Configuration Using DHCP/BOOTP288 Downloading System Software from a Server Managing FirmwareOperation Code Image File Transfer Saving or Restoring Configuration Settings 10. Downloading Configuration Settings from a Server Downloading Configuration Settings from a ServerCLI Use the reload command to restart the switch Resetting the SystemConfiguring Sntp Setting the System Clock13. Sntp Configuration 14. Setting the Time Zone Setting the Time ZoneSimple Network Management Protocol Setting Community Access StringsSpecifying Trap Managers and Trap Types Access Mode16. Specifying Trap Managers and Trap Types Configuring the Logon Password User Authentication17. Configuring the Logon Password Configuring Local/Remote Logon AuthenticationCommand Usage Radius Settings 18. Setting Local, Radius and Tacacs Authentication Tacacs SettingsConfiguring Https Https Support 19. Https SettingsReplacing the Default Secure-site Certificate Configuring the Secure Shell Configuring the Switch Generating the Host Key Pair Field Attributes 20. SSH Host-Key Settings SSH server includes basic settings for authentication Configuring the SSH Server21. SSH Server Settings Configuring Port Security Command Usage 22. Configuring Port Security Configuring 802.1x Port Authentication 802.1x client Radius server Displaying 802.1x Global Settings23 .1x Information 111 Configuring 802.1x Global Settings 24 .1x Configuration Configuring Port Authorization ModeAuthorized 25 .1x Port ConfigurationStatistical Values Displaying 802.1x Statistics1x Statistics 26 .1x Statistics Configuring Access Control Lists Access Control ListsCLI This example displays the 802.1x statistics for port Setting the ACL Name and Type CLI This example creates a standard IP ACL named bill 27. Naming and Choosing ACLs28. Configuring Standard IP ACLs Configuring a Standard IP ACL Command AttributesConfiguring an Extended IP ACL Command Attributes Access Control Lists 29. Configuring Extended IP ACLs 120 Configuring a MAC ACL Command AttributesCommand Usage 30. Configuring MAC ACLs Command Usage Configuring ACL MasksSpecifying the Mask Type This mask defines the fields to check in the IP header Configuring an IP ACL MaskConfiguring the Switch 32. Configuring an IP based ACL This mask defines the fields to check in the packet header Configuring a MAC ACL Mask33. Configuring a MAC based ACL 148 Binding a Port to an Access Control List34. Mapping ACLs to Port Ingress/Egress Queues Filtering Management Access 35. Filtering Management Access Displaying Connection Status Port ConfigurationField Attributes Web Web Click Port, Port Information or Trunk Information Field Attributes CLICurrent status 178 CLI This example shows the connection status for PortConfiguring Interface Connections Port Configuration Creating Trunk Groups 37. Configuring Port AttributesCommand Usage 38. Static Trunk Configuration Statically Configuring a Trunk Command Usage189 Enabling Lacp on Selected Ports Command Usage39. Lacp Port Configuratio 190 Command Attributes 40. Lacp Aggregation Port Configuration Lacp Port Counter Information Displaying Lacp Port CountersCounter Information You can display statistics for Lacp protocol messages41. Displaying Lacp Port Counters Information Internal Configuration Information Displaying Lacp Settings and Status for the Local SideLacp Settings Link Passive 1 Active 42. Displaying Lacp Port Information Neighbor Configuration Information Displaying Lacp Settings and Status for the Remote SideLacp Remote Side Settings 43. Displaying Remote Lacp Port Information 100101 Setting Broadcast Storm Thresholds44. Enabling Port Broadcast Control 102103 Configuring Port Mirroring104 Configuring Rate Limits105 Command Attribute106 Showing Port StatisticsPort Statistics 107108 Rmon Statistics 10947. Displaying Port Statistics 11048. Displaying Etherlike and Rmon Statistics 111CLI This example shows statistics for port Address Table SettingsSetting Static Addresses 11249. Mapping Ports to Static Addresses 113114 Displaying the Address Table115 Changing the Aging TimeCLI This example sets the aging time to 400 seconds 116 Spanning Tree Algorithm Configuration117 Displaying Global Settings118 119 52. Displaying the Spanning Tree Algorithm 120Global settings apply to the entire switch Configuring Global Settings121 122 Basic Configuration of Global Settings123 Root Device Configuration124 Configuration Settings for Rstp125 53. Configuring the Spanning Tree Algorithm126 Displaying Interface SettingsRules defining port status are 127AD B 128129 130 Configuring Interface SettingsCLI This example shows the STA attributes for port 131 132 133 Configuring Multiple Spanning TreesCLI This example sets STA attributes for port 134 Vlan ID Vlan to assign to this selected MST instance. Range 135136 137 Displaying Interface Settings for Mstp138 139 Configuring Interface Settings for Mstp140 58. Mstp Port ConfigurationCLI This example sets the Mstp attributes for port Vlan ConfigurationOverview 141Assigning Ports to VLANs 142143 144 Forwarding Tagged/Untagged Frames 145146 Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Displaying Basic Vlan InformationWeb Click VLAN, 802.1Q VLAN, Basic Information Command Attributes WebDisplaying Current VLANs 147148 Command Attributes CLI149 Creating VLANsCLI This example creates a new Vlan 150151 Adding Static Members to VLANs Vlan Index152 63. Configuring Vlan Port Attributes153 Adding Static Members to VLANs Port Index154 Configuring Vlan Behavior for Interfaces155 156 157 65. Configuring Vlan PortsEnabling Private VLANs Configuring Private VLANsCLI This example enables private VLANs 158Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs159 160 Configuring Protocol GroupsCreate a protocol group for one or more protocols Mapping Protocols to VLANs 16169. Mapping Protocols to VLANs 162Setting the Default Priority for Interfaces Class of Service Configuration163 164 CLI This example assigns a default priority of 5 to port10. CoS Priority Levels Mapping CoS Values to Egress Queues165 Egress Queue Priority Mapping166 71. Configuring Ports and Trunks for Class of Service167 Selecting the Queue Mode168 Setting the Service Weight for Traffic Classes169 Mapping Layer 3/4 Priorities to CoS Values170 Selecting IP Precedence/DSCP Priority171 Mapping IP Precedence11. IP Precedence Prioruty 172 75. Mapping IP Precedence to Class of Service Values173 Mapping Dscp Priority174 76. Mapping IP Dscp Priority to Class of Service Values175 Mapping IP Port Priority78. IP Port Priority Mapping 176177 Mapping CoS Values to ACLs13. CoS to ACL Mapping 178 Changing Priorities Based on ACL Rules179 79. Changing Priorities Based on ACL Rules 180181 Multicast FilteringLayer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters182 183 184 80. Configuring Internet Group Management Protocol185 Command AttributesDisplaying Interfaces Attached to a Multicast Router Specifying Static Interfaces for a Multicast Router 186187 Displaying Port Members of Multicast Services188 Assigning Ports to Multicast Services84. Specifying Multicast Port Membership 189Configuring General DNS Server Parameters Configuring Domain Name Service190 191 192 85. Configuring DNS193 Configuring Static DNS Host to Address Entries86. Mapping IP Addresses to a Host Name 194195 Displaying the DNS CacheWeb Select DNS, Cache 196Accessing the CLI Using the Command Line InterfaceTelnet Connection Using the Command Line Interface Minimum Abbreviation Entering CommandsThis section describes how to enter CLI commands Keywords and ArgumentsGetting Help on Commands Command CompletionShowing Commands Using Command History Negating the Effect of CommandsPartial Keyword Lookup Exec Commands Understanding Command ModesCommand Modes Configuration Commands Mode Command Prompt Configuration CommandsKeystroke Function Command Line ProcessingCommand Group Index Command Groups255 Line Command Syntax Line CommandsSyntax Line console vty Default SettingCommand Mode LineRelated Commands LoginSyntax Login local no login No password is specified PasswordUsername 4-35 password Syntax Password 0 7 password no passwordCLI No timeout Telnet 10 minutes Exec-timeoutLogin 4-16password-thresh4-19 Syntax Exec-timeout seconds no exec-timeoutDefault value is three attempts Password-threshTo set the timeout to two minutes, enter this command Syntax Password-thresh threshold no password-threshSyntax Silent-time seconds no silent-time Silent-timeSeven data bits per character Eight data bits per character To specify 7 data bits, enter this commandDatabits Syntax Databits 7 8 no databitsNone No parity Even Even parity Odd Odd parity To specify no parity, enter this commandParity Syntax Parity none even odd no parityAuto To specify 57600 bps, enter this commandSpeed Syntax Speed bps no speedSyntax Disconnect session-id StopbitsDisconnect Syntax Stopbits 1Syntax Show line console vty Show lineSyntax Enable level General CommandsEnable General CommandsNone DisableDisable Enable password Normal ExecShow history ConfigureReload This command restarts the systemEnd This command resets the entire systemThis example shows how to reset the switch This command returns to Privileged Exec modeAny This command exits the configuration programExit QuitThis example shows how to quit a CLI session System Management CommandsSystem Mangement Commands Syntax Prompt string no prompt Device Designation CommandsDevice Designation Commands PromptSyntax Hostname name no hostname User Access CommandsUser Access Commands HostnameUsername Default is level Default password is super Enable password10. IP Filter Commands IP Filter CommandsAll addresses ManagementShow management 11. Web Server Command Web Server CommandsIp http server Default Setting Command ModeSyntax No ip http server Default Setting Ip http portIp http secure-server Syntax No ip http secure-server Default SettingIp http port Copy tftp https-certificate Ip http secure-port4-44 Copy tftp https-certificate Ip http secure-server4-42 Ip http secure-portPortnumber The UDP port used for HTTPS/SSL. Range 44312. Secure Shell Commands Secure Shell Commands12. Secure Shell Commands System Management Commands Disabled Syntax Ip ssh server no ip ssh server Default SettingIp ssh server Seconds Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Ip ssh crypto host-key generate 4-52 show sshExec-timeout4-18 show ip ssh Ip ssh authentication-retriesShow ip ssh Delete public-key Ip ssh server-key sizeSyntax Delete public-key username dsa rsa Generates both the DSA and RSA key pairs Ip ssh crypto host-key generateSyntax Ip ssh crypto host-key generate dsa rsa Dsa DSA key type Rsa RSA key typeSyntax Ip ssh crypto zeroize dsa rsa Use this command to clear the host key from memory i.e. RAMIp ssh crypto zeroize Ip ssh crypto zeroize 4-53 ip ssh save host-key4-54Show ip ssh Ip ssh save host-keySyntax Ip ssh save host-key dsa rsa 13. SSH Information Show sshSyntax Show public-key user username host Show public-keyUsername Name of an SSH user. Range 1-8 characters RSA Shows all public keysLogging on Event Logging Commands14. Event Logging Commands Syntax No logging on Default SettingLogging history 4-59 clear logging Logging historyHostipaddress The IP address of a syslog server Flash errors level 3 RAM warnings level 7Logging host Syntax No logging host hostipaddressSyntax No logging facility type Logging facilitySyntax Clear logging flash ram Logging trapClear logging Syntax Logging trap level no logging trapShow logging Show loggingSyntax Show logging flash ram sendmail trap Following example displays settings for the trap function 15. Smtp Alert Commands Smtp Alert CommandsShow logging sendmail Syntax No logging sendmail host ipaddress Logging sendmail hostSyntax Logging sendmail source-email email-address Logging sendmail levelLogging sendmail source-email Syntax Logging sendmail level levelSyntax No logging sendmail destination-email email-address Logging sendmail destination-emailLogging sendmail Syntax No logging sendmail Default SettingShow logging sendmail 16. Time Commands Time CommandsSyntax Sntp server ip1 ip2 ip3 Sntp serverSntp poll 4-72 show sntp Syntax Sntp poll seconds no sntp poll Related CommandsSntp poll Sntp clientDisabled Sntp broadcast client Syntax No sntp broadcast client Default SettingShow sntp Show sntp Clock timezoneSyntax This command displays the system clockCalendar set Show calendarShow startup-config System Status Commands17. System Status Commands Command Usage Show running-config4-80 Show running-config Show startup-config4-77 Show system This command displays system informationShow version Show usersJumbo frame Frame Size Commands18. Frame Size Commands Syntax No jumbo frame Default Setting19. Flash/File Commands Flash/File CommandsCopy Command Usage Following example shows how to download a configuration file Filename Name of the configuration file or image name This command deletes a file or imageDelete Dir Delete public-key4-51 This command displays a list of files in flash memorySyntax Dir boot-rom config opcode filename DirFollowing example shows how to display all file information WhichbootSyntax Boot system boot-romconfig opcode filename Boot system20. Authentication Commands Authentication CommandsAuthentication Sequence Dir 4-90 whichbootLocal Authentication loginRadius-server host Username for setting the local user names and passwords22. Radius Client Commands Radius Client1812 Radius-server port10.1.0.1 Syntax Radius-server port portnumber no radius-server portRadius-server retransmit Radius-server keySyntax Radius-server key keystring no radius-server key Show radius-server Radius-server timeoutHostipaddress IP address of a TACACS+ server 23. TACACS+ Client CommandsTACACS+ Client Tacacs-server hostSyntax Tacacs-server port portnumber no tacacs-server port Tacacs-server portShow tacacs-server Tacacs-server keySyntax Tacacs-server key keystring no tacacs-server key 24. Port Security Commands Port Security CommandsPort security Interface Configuration Ethernet Status Disabled Action None Maximum Addresses25 .1x Port Authentication Commands 802.1x Port AuthenticationAuthentication dot1x default Dot1x max-req Dot1x defaultSyntax Dot1x default Command Mode Default Command ModeForce-authorized DefaultInterface Configuration Dot1x port-controlEthernet unit/port Dot1x re-authenticateSyntax Dot1x re-authenticate interface Dot1x operation-modeSeconds The number of seconds. Range Dot1x re-authenticationDot1x timeout quiet-period Syntax No dot1x re-authentication Command ModeDot1x timeout tx-period Dot1x timeout re-authperiodShow dot1x statistics interface interface Show dot1xState- Current state including initialize, reauthenticate Authenticator State Machine113 Access Control Lists Access Control List CommandsAccess Control List Commands IP ACLs Masks for Access Control Lists26. Access Control List Commands 27. IP ACL CommandsEXT-ACL Syntax No access-list ip standard extended aclname Access-list ipStandard ACL Permit, deny Ip access-group4-129 show ip access-list4-123No permit deny tcp Access-list ipExtended ACL 122 Syntax No access-list ip mask-precedence in out Show ip access-listAccess-list ip mask-precedence Syntax Show ip access-list standard extended aclnameMask IP ACL 4-125 ip access-group4-129 IP Mask Syntax No mask protocol126 127 Syntax Show access-list ip mask-precedence in out Show access-list ip mask-precedenceSyntax No ip access-group aclname in out Ip access-groupMask IP ACL This command shows the ports assigned to IP ACLs Show ip access-groupMap access-list ip Show ip access-list4-123Queue cos-map4-260 Show map access-list ip Syntax Show map access-list ip interface Show map access-list ipMap access-list ip Match access-list ip Show marking Match access-list ipShow marking MAC ACLs 28. MAC ACL CommandsSyntax No access-list mac aclname Access-list macAny host destination destination address-bitmask Permit, deny MAC ACLMAC ACL Syntax Show mac access-list aclname Show mac access-listAccess-list mac mask-precedence This command displays the rules for configured MAC ACLsMask MAC ACL Mask MAC ACL 4-140 mac access-group4-144MAC Mask 142 Syntax Show access-list mac mask-precedence in out Show access-list mac mask-precedenceThis example creates an Egress MAC ACL Syntax Mac access-group aclname in out Mac access-groupShow mac access-list4-139 Syntax No map access-list mac aclname cos cos-value Show mac access-groupMap access-list mac This command shows the ports assigned to MAC ACLsQueue cos-map4-260 Show map access-list mac Show map access-list macSyntax Show map access-list mac interface Match access-list mac ACL Information Show access-list29. ACL Information 30. Snmp Commands Snmp CommandsShow access-group This command shows the port assignments of ACLsSyntax Snmp community string rorw no snmp community string Snmp communitySyntax Snmp-server location text no snmp-server location Snmp contactSnmp location Syntax Snmp contact string no snmp contactHost Address None Snmp Version Snmp hostConsoleconfig#snmp-server host 10.1.19.23 batman Syntax No snmp enable traps authentication link-up-down Snmp enable trapsIssue authentication and link-up-down traps Show snmp This command checks the status of Snmp communications156 31. DNS Commands DNS CommandsNo static entries Ip hostThis example maps two address to a host name Syntax Ip domain-name name no ip domain-name Clear hostIp domain-name Syntax Clear host nameSyntax No ip domain-list name Ip domain-listIp domain-name4-159 Server-address1- IP address of domain-name server Ip name-serverIp domain-lookup Syntax No ip domain-lookup Default SettingIp domain-name4-159 ip domain-lookup4-163 Ip domain-name4-159 ip name-server4-162 Show hostsShow dns cache This command displays the configuration of the DNS serverThis command displays entries in the DNS cache Show dnsClear dns cache This command clears all entries in the DNS cache167 32. Interface Commands Interface CommandsSyntax Description string no description InterfaceDescription Port-channel channel-idRangeSpeed-duplex Interface Configuration Ethernet, Port ChannelFollowing example adds a description to port Negotiation Syntax No negotiation Default SettingNegotiation 4 -170 capabilities 4 Capabilities 4 -172speed-duplex 4 Following example configures port 11 to use autonegotiationCapabilities Negotiation 4 -170speed-duplex 4 -169 flowcontrol 4 Syntax No flowcontrol Default SettingFlow control enabled FlowcontrolNegotiation 4 Capabilities flowcontrol, symmetric Following example enables flow control on portSyntax Combo-forced-mode mode no combo-forced-mode Combo-forced-modeShutdown Syntax No shutdown Default SettingAll interfaces are enabled Following example disables portSwitchport broadcast packet-rate Following example clears statistics on port This command clears statistics on an interfacePort-channel channel-idRange Default Setting Clear countersShows the status for all interfaces This command displays the status for an interfaceShow interfaces status Syntax Show interfaces status interfaceShows the counters for all interfaces This command displays interface statisticsShow interfaces counters Syntax Show interfaces counters interface180 Shows all interfaces Show interfaces switchportSyntax Show interfaces switchport interface This example shows the configuration setting for portShows if acceptable Vlan frames include all types or Port monitor Mirror Port Commands33. Mirror Port Commands Interface Configuration Ethernet, destination portSyntax Show port monitor interface This command displays mirror informationUnit Switch unit Port Port number Show port monitorFollowing shows mirroring configured from port 6 to port Rate Limit Commands34. Rate Limit Commands Mbps Rate-limit35. Link Aggregation Commands Link Aggregation CommandsGeneral Guidelines Guidelines for Creating TrunksCurrent port will be added to this trunk Channel-groupSyntax Channel-group channel-idno channel-group Channel-id- Trunk index RangeLacp Syntax No lacp Default Setting191 32768 Lacp system-priorityLacp admin-keyEthernet Interface Syntax Lacp admin-key key no lacp admin-key Lacp admin-key Port ChannelInterface Configuration Port Channel Lacp port-priority Show lacp This command displays Lacp informationPort Channel all 197 198 199 36. Adress Table Commands Address Table Commands200 Vlan-id- Vlan ID Range Mac-address-table static201 Mac-address- MAC addressMac-address- MAC address Mask Bits to match in the address Clear mac-address-table dynamicShow mac-address-table 202203 Mac-address-table aging-time204 Show mac-address-table aging-time37. Spanning Tree Commands Spanning Tree Commands205 No spanning-tree Spanning tree is enabledSpanning-tree 206207 Spanning-tree modeRstp 208 209 Spanning-tree forward-timeSpanning-tree max-age Spanning-tree hello-time210 211 Spanning-tree priority212 Spanning-tree pathcost methodLong method 213 Spanning-tree mst-configurationThis command limits the maximum transmission rate for BPDUs Spanning-tree transmission-limitMst vlan MST Configuration214 215 Mst prioritySyntax Name name Switch’s MAC addressName 216Syntax Revision number Revision217 Revision 4218 Max-hopsName 4 219 Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting Spanning-tree cost128 Spanning-tree port-priority220 Priority The priority for a port. Range 0-240, in stepsSpanning-tree cost 4 Syntax No spanning-tree edge-port Default SettingSpanning-tree edge-port 221Spanning-tree portfast 4 Syntax No spanning-tree portfast Default SettingSpanning-tree portfast 222223 Spanning-tree link-typeSpanning-treeedge-port 4 224 Spanning-tree mst costSpanning-tree mst port-priority 4 225226 Spanning-tree mst port-prioritySpanning-tree mst cost 4 Syntax Spanning-tree protocol-migration interface Port-channel channel-idRange Command ModeSpanning-tree protocol-migration 227228 Show spanning-treeSyntax Show spanning-tree interface mst instanceid 229 230 Show spanning-tree mst configurationThis command shows the multiple spanning tree configuration Syntax Show spanning-tree mst configuration Command Mode231 Vlan Commands38. Vlan Commands Editing Vlan GroupsVlan database 232Show vlan 4 Vlan By default only Vlan 1 exists and is activeVlan Database Configuration 23340. Configuring Vlan Interfaces Configuring Vlan Interfaces234 Shutdown 4 235Interface vlan Syntax Interface vlan vlan-idSwitchport acceptable-frame-types 4 Switchport modeSyntax Switchport mode trunk hybrid no switchport mode All ports are in hybrid mode with the Pvid set to VlanAll frame types Switchport acceptable-frame-typesSwitchport mode 4 237Syntax No switchport ingress-filtering Default Setting Switchport ingress-filtering238 239 Switchport native vlan240 Switchport allowed vlan241 Switchport forbidden vlanNo VLANs are included in the forbidden list 41. Displaying Vlan Information Displaying Vlan Information242 Show vlan42. Protocol-based Vlan Commands Following example shows how to display information for Vlan243 No protocol groups are configured Protocol-vlan protocol-group Configuring Groups244 245 Protocol-vlan protocol-group Configuring InterfacesNo protocol groups are mapped for any interface Group-id- Group identifier for a protocol group. Range 246Show protocol-vlan protocol-group Syntax Show protocol-vlan protocol-group group-idMapping for all interfaces is displayed This shows protocol group 1 configured for IP over Ethernet247 Show interfaces protocol-vlan protocol-groupNo private VLANs are defined 43. Private Vlan Commands248 Pvlan249 This command displays the configured private VlanShow pvlan 250 Gvrp and Bridge Extension Commands44. Gvrp and Bridge Extension Commands Syntax No bridge-ext gvrp Default SettingShow bridge-ext 251Syntax Show gvrp configuration interface Switchport gvrpShow gvrp configuration Syntax No switchport gvrp Default Setting253 Garp timerShows all Garp timers Show garp timerShow garp timer 4 Syntax Show garp timer interface255 Priority CommandsGarp timer 4 45. Priority Commands256 Priority Commands LayerSwitchport priority default 46. Priority Commands Layer257 258 Queue modeSyntax Queue mode strict wrr no queue mode Weighted Round RobinQueue bandwidth 259Show queue bandwidth 4 Queue cos-map 260Show queue cos-map 4 Show queue modeThis command shows the current queue mode 261Show queue cos-map This command shows the class of service priority map262 Show queue bandwidth47. Priority Commands Layer 3 Priority Commands Layer 3263 264 Syntax Map ip port no map ip port Default Setting265 Syntax No map ip precedence Default Setting266 List below shows the default priority mapping267 Syntax No map ip dscp Default Setting268 Map ip dscp Interface ConfigurationSyntax Show map ip port interface Use this command to show the IP port priority map269 Show map ip portSyntax Show map ip precedence interface This command shows the IP precedence priority map270 Show map ip precedenceSyntax Show map ip dscp interface This command shows the IP Dscp priority map271 Show map ip dscp49. Igmp Snooping Commands Multicast Filtering CommandsIgmp Snooping Commands 48. Multicast Filtering CommandsNo ip igmp snooping Following example enables Igmp snooping273 Ip igmp snoopingIp igmp snooping vlan static 274Igmp Version Following configures the switch to use Igmp Version275 Ip igmp snooping versionShow ip igmp snooping 276Show mac-address-table multicast 50. Igmp Query Commands Layer Igmp Query Commands Layer277 Ip igmp snooping query-count Syntax No ip igmp snooping querier Default Setting278 Ip igmp snooping querierIp igmp snooping query-max-response-time 4 Following shows how to configure the query count to279 Ip igmp snooping query-interval280 Seconds The report delay advertised in Igmp queries. RangeIp igmp snooping query-max-response-time 281 Switch must use IGMPv2 for this command to take effectIp igmp snooping router-port-expire-time Ip igmp snooping vlan mrouter Static Multicast Routing Commands51. Static Multicast Routing Commands 282Syntax Show ip igmp snooping mrouter vlan vlan-id Displays multicast router ports for all configured VLANs283 Show ip igmp snooping mrouter284 IP Interface CommandsBasic IP Configuration 52. Basic IP Configuration commandsIP address Netmask Interface Configuration Vlan285 Ip addressIp dhcp restart 4 This command submits a Bootp or Dhcp client request286 Ip dhcp restartSyntax Ip default-gateway gateway no ip default-gateway Ip default-gateway287 Show ip interface 288Show ip redirects Syntax Ping host count countsize size This command has no default for the host289 PingInterface 4 290291 Flow Control Software FeaturesAuthentication Dhcp Client Port ConfigurationRate Limits Class of ServiceAdditional Features Port MirroringOut-of-Band Management Management FeaturesStandards In-Band ManagementManagement Information Bases Table B-1. Troubleshooting Chart Appendix B TroubleshootingTroubleshooting Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 XModem Glossary-8User Datagram Protocol UDP Virtual LAN VlanIndex-1 NumericsIgmp Index-2Snmp Snmp Index-3Index-4 Page For Technical SUPPORT, Call