Main
TigerStack 10G
Gigabit Ethernet Switch
Management Guide
Page
Page
Page
Page
L
W
IMITED
ii
ARRANTY
W
IMITED
ARRANTY
Page
iii
ONTENTS
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1
iv
v
vi
vii
4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . 4-1
viii
ix
x
xi
xii
xiii
xiv
xv
Page
T
xvii
ABLES
xviii
xix
F
xx
IGURES
xxi
xxii
1-1
NTRODUCTION
Key Features
1-2
Description of Software Features
F
S
1-3
1-4
F
S
1-5
1-6
D
1-7
System Defaults
1-8
D
1-9
1-10
NITIAL
2-1
ONFIGURATION
Connecting to the Switch
Configuration Options
C
2-2
Required Connections
S
2-3
C
2-4
Remote Connections
O
2-5
Stack Operations
Selecting the Stack Master
C
2-6
Master Backup Unit
Recovering from Stack Failure or Topology Change
Broken Link for Line and Wrap-around Topologies
O
2-7
IP Interface for Stack Management
C
2-8
Basic Configuration
Console Connection
C
2-9
Setting Passwords
C
2-10
Setting an IP Address
Manual Configuration
C
2-11
Dynamic Configuration
C
2-12
Enabling SNMP Management Access
C
2-13
Community Strings (for SNMP version 1 and 2c clients)
C
2-14
Trap Receivers
Configuring Access for SNMP Version 3 Clients
C
2-15
Saving Configuration Settings
C
2-16
Managing System Files
Page
Page
ONFIGURING
THE
3-1
WITCH
Using the Web Interface
Page
Navigating the Web Browser Interface
Page
I
B
W
3-5
S
3-6
I
B
W
3-7
S
3-8
I
B
W
3-9
S
3-10
I
B
W
3-11
Basic Configuration
Displaying System Information
Page
S
3-14
CLI Specify the hostname, location and contact information.
Displaying Switch Hardware/Software Versions
C
3-15
S
3-16
Displaying Bridge Extension Capabilities
C
3-17
S
3-18
Setting the Switchs IP Address
C
3-19
Manual Configuration
Page
C
3-21
S
3-22
Managing Firmware
Page
Page
C
3-25
Saving or Restoring Configuration Settings
S
3-26
C
3-27
Downloading Configuration Settings from a Server
S
3-28
Console Port Settings
C
3-29
S
3-30
C
3-31
Telnet Settings
S
3-32
C
3-33
Configuring Event Logging
System Log Configuration
S
3-34
C
3-35
Remote Log Configuration
S
3-36
C
3-37
Displaying Log Messages
Sending Simple Mail Transfer Protocol Alerts
S
3-38
Page
S
3-40
Renumbering the Stack
C
3-41
Resetting the System
S
3-42
Setting the System Clock
Configuring SNTP
C
3-43
Setting the Time Zone
Page
N
P
M
3-45
Simple Network Management Protocol
S
3-46
Table 3-4 SNMPv3 Security Models and Levels
Page
S
3-48
Specifying Trap Managers and Trap Types
N
P
M
3-49
Page
N
P
M
3-51
Setting an Engine ID
S
3-52
Configuring SNMPv3 Users
Page
S
3-54
Configuring SNMPv3 Groups
Page
S
3-56
Setting SNMPv3 Views
Page
S
3-58
User Authentication
Page
Page
A
3-61
S
3-62
A
3-63
S
3-64
A
3-65
Configuring HTTPS
S
3-66
Replacing the Default Secure-site Certificate
A
3-67
Configuring the Secure Shell
S
3-68
A
3-69
S
3-70
Generating the Host Key Pair
Page
S
3-72
Configuring the SSH Server
Page
S
3-74
Configuring Port Security
A
3-75
Page
A
3-77
S
3-78
Displaying 802.1X Global Settings
Command Attributes
A
3-79
Configuring 802.1X Global Settings
S
3-80
Configuring Port Settings for 802.1X
A
3-81
S
3-82
A
3-83
Displaying 802.1X Statistics
This switch can display statistics for dot1x protocol exchanges for any port.
Table 3-6 802.1X Statistics
Page
A
3-85
Filtering IP Addresses for Management Access
S
3-86
C
L
Access Control Lists
Configuring Access Control Lists
S
3-88
Setting the ACL Name and Type
C
L
3-89
Configuring a Standard IP ACL
S
3-90
Configuring an Extended IP ACL
C
L
3-91
Page
C
L
3-93
Configuring a MAC ACL
Page
C
L
3-95
Configuring ACL Masks
Specifying the Mask Type
S
3-96
Configuring an IP ACL Mask
C
L
3-97
S
3-98
Configuring a MAC ACL Mask
Page
S
3-100
Binding a Port to an Access Control List
Page
S
3-102
Port Configuration
Displaying Connection Status
Field Attributes (Web)
C
3-103
Field Attributes (CLI) Basic information:
Configuration:
S
3-104
Current status:
C
3-105
Configuring Interface Connections
S
3-106
C
3-107
Creating Trunk Groups
S
3-108
C
}
3-109
Statically Configuring a Trunk
Page
C
}
ORT
3-111
Enabling LACP on Selected Ports
}
S
3-112
C
3-113
Configuring LACP Parameters Dynamically Creating a Port Channel
S
3-114
Page
S
Counter Information
3-116
Displaying LACP Port Counters
C
3-117
Figure 3-54 LACP - Port Counters Information
Table 3-7 LACP Port Counters (Continued)
S
3-118
CLI The following example displays LACP counters for port channel 1.
Displaying LACP Settings and Status for the Local Side
C
3-119
Table 3-8 LACP Internal Configuration Information (Continued)
S
3-120
C
3-121
Displaying LACP Settings and Status for the Remote Side
Table 3-9 LACP Neighbor Configuration Information
S
3-122
C
3-123
Setting Broadcast Storm Thresholds
S
3-124
C
3-125
Configuring Port Mirroring
Page
C
3-127
Showing Port Statistics
S
3-128
Table 3-10 Port Statistics
C
3-129
S
3-130
C
3-131
Page
Page
S
3-134
Address Table Settings
Setting Static Addresses
T
S
3-135
Page
Page
S
3-138
Spanning Tree Algorithm Configuration
T
C
A
3-139
S
3-140
Displaying Global Settings
T
C
A
3-141
S
3-142
T
C
A
3-143
S
3-144
Configuring Global Settings
T
C
A
3-145
S
3-146
Page
S
3-148
T
C
A
3-149
Displaying Interface Settings
x
T
x
C
A
3-151
S
3-152
T
C
A
3-153
Configuring Interface Settings
S
3-154
T
C
A
3-155
S
3-156
Configuring Multiple Spanning Trees
T
C
A
3-157
Page
T
C
LGORITHM
A
REE
Page
T
C
LGORITHM
A
REE
S
3-162
Configuring Interface Settings for MSTP
T
C
A
3-163
VLAN Configuration
IEEE 802.1Q VLANs
3-165
Assigning Ports to VLANs
S
3-166
3-167
Forwarding Tagged/Untagged Frames
S
3-168
Enabling or Disabling GVRP (Global Setting)
Displaying Basic VLAN Information
3-169
Displaying Current VLANs
S
3-170
Command Attributes (Web)
Command Attributes (CLI)
3-171
Creating VLANs
S
3-172
3-173
Adding Static Members to VLANs (VLAN Index)
S
3-174
3-175
Adding Static Members to VLANs (Port Index)
Page
3-177
Configuring VLAN Behavior for Interfaces
S
3-178
3-179
x
S
3-180
Configuring Private VLANs
3-181
Enabling Private VLANs
Configuring Uplink and Downlink Ports
S
3-182
Configuring Protocol-Based VLANs
3-183
Configuring Protocol Groups
S
3-184
Mapping Protocols to VLANs
3-185
S
3-186
Class of Service Configuration
Layer 2 Queue Settings
Setting the Default Priority for Interfaces
C
S
3-187
S
3-188
Mapping CoS Values to Egress Queues
C
S
3-189
S
3-190
Selecting the Queue Mode
Page
S
3-192
Layer 3/4 Priority Settings
Mapping Layer 3/4 Priorities to CoS Values
Page
S
3-194
C
S
3-195
Mapping DSCP Priority
S
3-196
C
S
3-197
Mapping IP Port Priority
S
3-198
C
S
3-199
Mapping CoS Values to ACLs
Page
F
3-201
Multicast Filtering
S
3-202
Layer 2 IGMP (Snooping and Query)
Configuring IGMP Snooping and Query Parameters
F
3-203
S
3-204
F
3-205
Displaying Interfaces Attached to a Multicast Router
S
3-206
Specifying Static Interfaces for a Multicast Router
F
3-207
Displaying Port Members of Multicast Services
S
3-208
Assigning Ports to Multicast Services
F
3-209
S
3-210
Configuring Domain Name Service
Configuring General DNS Server Parameters
D
S
N
3-211
Page
D
S
N
3-213
Configuring Static DNS Host to Address Entries
Page
D
S
N
3-215
Displaying the DNS Cache
S
3-216
Web Select DNS, Cache.
4-1
4
I
INE
L
OMMAND
L
I
4-2
Telnet Connection
C
Entering Commands
Keywords and Arguments
Page
C
NTERING
4-5
Showing Commands
Page
C
4-7
Understanding Command Modes
Exec Commands
L
I
4-8
Configuration Commands
C
4-9
L
I
4-10
Command Line Processing
G
Command Groups
The system commands can be broken down into the functional groups shown below
Table 4-4 Command Group Index
L
I
4-12
C
4-13
Line Commands
Table 4-5 Line Command Syntax
L
I
4-14
line
C
4-15
login
L
I
4-16
password
C
4-17
timeout login response
L
I
4-18
exec-timeout
C
4-19
password-thresh
L
I
4-20
silent-time
databits
C
4-21
parity
L
I
4-22
speed
C
4-23
stopbits
disconnect
Page
C
General Commands
4-25
Example To show all lines, enter this command:
Table 4-6 General Commands
L
I
4-26
enable
C
4-27
disable
configure
L
I
4-28
show history
C
4-29
reload
end
L
I
4-30
exit
quit
System Management Commands
L
I
4-32
Device Designation Commands
prompt
M
C
4-33
hostname
switch renumber
L
I
4-34
User Access Commands
username
M
C
4-35
L
I
4-36
enable password
M
C
4-37
IP Filter Commands
management
L
I
4-38
show management
M
C
Web Server Commands
4-39
Command Mode Privileged Exec
L
I
4-40
ip http port
ip http server
M
C
4-41
ip http secure-server
L
I
4-42
ip http secure-port
M
C
4-43
Telnet Server Commands
ip telnet server
L
I
4-44
ip telnet server port
Secure Shell Commands
M
C
4-45
L
I
4-46
M
C
4-47
L
I
4-48
ip ssh server
M
C
4-49
ip ssh timeout
L
I
4-50
ip ssh authentication-retries
ip ssh server-key size
M
C
4-51
delete public-key
ip ssh crypto host-key generate
L
I
4-52
ip ssh crypto zeroize
M
C
4-53
ip ssh save host-key
L
I
4-54
show ip ssh
show ssh
M
C
4-55
show public-key
Table 4-16 show ssh - display description (Continued)
L
I
Event Logging Commands
4-56
M
C
4-57
logging on
L
I
4-58
logging history
M
C
4-59
logging host
L
I
4-60
logging facility
M
C
4-61
logging trap
L
I
4-62
clear log
show logging
M
C
4-63
L
I
4-64
show log
M
C
4-65
The following example shows the event message stored in RAM.
SMTP Alert Commands
L
I
4-66
logging sendmail host
M
C
4-67
logging sendmail level
logging sendmail source-email
L
I
4-68
logging sendmail destination-email
M
C
4-69
logging sendmail
show logging sendmail
L
I
4-70
Time Commands
sntp client
M
C
4-71
sntp server
L
I
4-72
sntp poll
M
C
4-73
show sntp
clock timezone
L
I
4-74
calendar set
M
C
4-75
show calendar
L
I
4-76
System Status Commands
show startup-config
M
C
4-77
show running-config
L
I
4-78
M
C
ANAGEMENT
YSTEM
4-79
L
I
4-80
show system
M
C
4-81
show users
show version
L
I
4-82
Frame Size Commands
jumbo frame
M
C
4-83
L
I
Flash/File Commands
copy
C
4-85
L
I
4-86
The following example shows how to copy the running configuration to a startup file.
The following example shows how to download a configuration file:
C
4-87
delete
L
I
4-88
dir
C
4-89
whichboot
L
I
4-90
boot system
C
Authentication Commands
Authentication Sequence
L
I
4-92
authentication login
C
4-93
authentication enable
L
I
4-94
RADIUS Client
C
4-95
radius-server host
L
I
4-96
radius-server port
radius-server key
C
4-97
radius-server retransmit
radius-server timeout
L
I
4-98
show radius-server
TACACS+ Client
C
4-99
tacacs-server host
L
I
4-100
tacacs-server port
tacacs-server key
C
4-101
show tacacs-server
Port Security Commands
L
I
4-102
port security
C
4-103
L
I
4-104
802.1X Port Authentication
Table 4-32 802.1X Port Authentication Commands
C
4-105
dot1x system-auth-control
dot1x default
L
I
4-106
dot1x max-req
dot1x port-control
C
4-107
dot1x operation-mode
L
I
4-108
dot1x re-authenticate
dot1x re-authentication
C
4-109
dot1x timeout quiet-period
dot1x timeout re-authperiod
L
I
4-110
dot1x timeout tx-period
show dot1x
C
4-111
L
I
4-112
C
UTHENTICATION
4-113
L
I
Access Control List Commands
C
L
4-115
L
I
IP ACLs
4-116
Table 4-33 Access Control List Commands
C
L
4-117
access-list ip
Table 4-34 IP ACL Commands (Continued)
L
I
4-118
permit, deny (Standard ACL)
C
L
4-119
L
I
4-120
permit, deny (Extended ACL)
C
L
4-121
L
I
4-122
show ip access-list
C
L
4-123
access-list ip mask-precedence
L
I
4-124
mask (IP ACL)
C
L
4-125
L
I
4-126
C
L
4-127
show access-list ip mask-precedence
L
I
4-128
ip access-group
C
L
4-129
show ip access-group
map access-list ip
L
I
4-130
show map access-list ip
C
L
4-131
match access-list ip
L
I
4-132
show marking
C
L
4-133
MAC ACLs
Table 4-36 MAC ACL Commands
L
I
4-134
access-list mac
C
L
4-135
permit, deny (MAC ACL)
L
I
4-136
C
L
4-137
show mac access-list
access-list mac mask-precedence
L
I
4-138
mask (MAC ACL)
C
L
4-139
L
I
4-140
show access-list mac mask-precedence
C
L
4-141
mac access-group
show mac access-group
L
I
4-142
map access-list mac
C
L
4-143
show map access-list mac
L
I
ACL Information
4-144
match access-list mac
C
L
4-145
show access-list
show access-group
SNMP Commands
4-147
L
I
4-148
4-149
L
I
4-150
4-151
L
I
4-152
4-153
L
I
4-154
4-155
L
I
4-156
4-157
L
I
4-158
Page
L
I
4-160
Table 4-42 show snmp group - display description
groupname Name of an SNMP group. security model The SNMP version. readview The associated read view.
4-161
L
I
4-162
4-163
DNS Commands
Table 4-44 DNS Commands
Table 4-43 show snmp user - display description
L
I
4-164
ip host
4-165
clear host
L
I
4-166
ip domain-name
4-167
ip domain-list
L
I
4-168
ip name-server
4-169
ip domain-lookup
L
I
4-170
show hosts
4-171
show dns
show dns cache
Page
C
4-173
Interface Commands
Table 4-45 Interface Commands
L
I
4-174
interface
description
C
4-175
speed-duplex
L
I
4-176
negotiation
C
4-177
capabilities
L
I
4-178
flowcontrol
C
4-179
media-type
L
I
4-180
shutdown
C
4-181
switchport broadcast packet-rate
L
I
4-182
clear counters
Page
L
I
4-184
show interfaces counters
C
4-185
L
I
4-186
show interfaces switchport
C
4-187
Table 4-46 show interfaces switchport - display description
L
I
Mirror Port Commands
port monitor
P
C
4-189
show port monitor
L
Rate Limit Commands
Page
L
I
4-192
Link Aggregation Commands
A
C
4-193
L
I
4-194
channel-group
lacp
Page
L
I
4-196
A
C
4-197
lacp system-priority
L
I
4-198
lacp admin-key (Ethernet Interface)
A
C
4-199
lacp admin-key (Port Channel)
L
I
4-200
lacp port-priority
A
C
4-201
show lacp
L
I
4-202
Table 4-50 show lacp counters - display description
Table 4-51 show lacp internal - display description
A
C
4-203
Table 4-51 show lacp internal - display description (Continued)
L
I
4-204
Table 4-52 show lacp neighbors - display description
A
C
GGREGATION
INK
4-205
Address Table Commands
mac-address-table static
T
C
4-207
clear mac-address-table dynamic
L
I
4-208
show mac-address-table
T
C
4-209
mac-address-table aging-time
L
Spanning Tree Commands
T
C
4-211
Table 4-55 Spanning Tree Commands (Continued)
L
I
4-212
spanning-tree
T
C
4-213
spanning-tree mode
L
I
4-214
spanning-tree forward-time
T
C
4-215
spanning-tree hello-time
L
I
4-216
spanning-tree max-age
T
C
4-217
spanning-tree priority
spanning-tree pathcost method
L
I
4-218
spanning-tree transmission-limit
T
C
4-219
spanning-tree mst configuration
mst vlan
L
I
4-220
T
C
4-221
mst priority
L
I
4-222
name
revision
T
C
4-223
max-hops
L
I
4-224
spanning-tree spanning-disabled
T
C
4-225
spanning-tree cost
L
I
4-226
spanning-tree port-priority
spanning-tree edge-port
T
C
4-227
spanning-tree portfast
L
I
4-228
spanning-tree link-type
T
C
4-229
spanning-tree mst cost
L
I
4-230
T
C
4-231
spanning-tree mst port-priority
Page
T
C
4-233
show spanning-tree
L
I
4-234
4-235
show spanning-tree mst configuration
VLAN Commands
L
I
4-236
Editing VLAN Groups
vlan database
4-237
vlan
L
I
Configuring VLAN Interfaces
4-238
Table 4-58 Configuring VLAN Interfaces
4-239
interface vlan
L
I
4-240
switchport mode
4-241
switchport acceptable-frame-types
L
I
4-242
switchport ingress-filtering
4-243
switchport native vlan
L
I
4-244
switchport allowed vlan
4-245
switchport forbidden vlan
L
I
4-246
Displaying VLAN Information
show vlan
4-247
Configuring Private VLANs
pvlan
L
I
4-248
show pvlan
4-249
Configuring Protocol-based VLANs
L
I
4-250
protocol-vlan protocol-group (Configuring Groups)
4-251
protocol-vlan protocol-group (Configuring Interfaces)
L
I
4-252
show protocol-vlan protocol-group
4-253
show interfaces protocol-vlan protocol-group
L
I
4-254
GVRP and Bridge Extension Commands
bridge-ext gvrp
GVRP
C
E
B
4-255
L
I
4-256
switchport gvrp
show gvrp configuration
GVRP
C
E
B
4-257
L
I
4-258
show garp timer
C
Priority Commands
L
I
4-260
Priority Commands (Layer 2)
queue mode
C
4-261
switchport priority default
L
I
4-262
queue bandwidth
C
4-263
queue cos-map
L
I
4-264
C
4-265
show queue mode
show queue bandwidth
L
I
4-266
show queue cos-map
C
4-267
Priority Commands (Layer 3 and 4)
Table 4-66 Priority Commands (Layer 3 and 4)
L
I
4-268
map ip port (Global Configuration)
map ip port (Interface Configuration)
C
4-269
map ip precedence (Global Configuration)
L
I
4-270
map ip precedence (Interface Configuration)
C
4-271
map ip dscp (Global Configuration)
L
I
4-272
map ip dscp (Interface Configuration)
C
4-273
show map ip port
L
I
4-274
show map ip precedence
C
4-275
show map ip dscp
L
I
Multicast Filtering Commands
Table 4-69 Multicast Filtering Commands
Table 4-70 IGMP Snooping Commands
F
C
4-277
ip igmp snooping
ip igmp snooping vlan static
L
I
4-278
ip igmp snooping version
F
C
4-279
show ip igmp snooping
show mac-address-table multicast
L
I
IGMP Query Commands (Layer 2)
4-280
F
C
4-281
ip igmp snooping querier
ip igmp snooping query-count
L
I
4-282
ip igmp snooping query-interval
F
C
4-283
ip igmp snooping query-max-response-time
L
I
4-284
ip igmp snooping router-port-expire-time
F
C
4-285
Static Multicast Routing Commands
ip igmp snooping vlan mrouter
L
I
4-286
show ip igmp snooping mrouter
C
IP Interface Commands
Basic IP Configuration
L
I
4-288
ip address
C
4-289
ip dhcp restart
L
I
4-290
ip default-gateway
C
4-291
show ip interface
show ip redirects
L
I
4-292
ping
C
4-293
Related Commands interface (4 -174)
Page
PPENDIX
OFTWARE
A-1
PECIFICATIONS
Software Features
Management Features
S
A-3
Standards
S
A-4
Management Information Bases
Page
Page
PPENDIX
B-1
B T
Problems Accessing the Management Interface
ROUBLESHOOTING
B-2
S
L
B-3
Using System Logs
Page
G
Glossary-1
LOSSARY
Glossary-2
Glossary-3
Glossary-4
Glossary-5
Glossary-6
Glossary-7
Glossary-8
NDEX
Numerics
A
B
C
E
F
G
H
I
P
Q
R
S
T
U
V
W