SMC Networks SMC8724M, SMC8748M , S, 3-52

C

ONFIGURING

THE

S

WITCH

3-52

Configuring SNMPv3 Users

Each SNMPv3 user is defined by a unique name. Users must be configured

with a specific security level and assigned to a group. The SNMPv3 group

restricts users to a specific read and a write view.

Command Attributes

•User Name – The name of user connecting to the SNMP agent.

(Range: 1-32 characters)

•Group Name – The name of the SNMP group to which the user is

assigned. (Range: 1-32 characters)

•Model – The user security model; SNMP v1, v2c or v3.

•Level – The security level used for the user:

- noAuthNoPriv – There is no authentication or encryption used in

SNMP communications.

- AuthNoPriv – SNMP communications use authentication, but

the data is not encrypted (only available for the SNMPv3 security

model).

- AuthPriv – SNMP communications use both authentication and

encryption (only available for the SNMPv3 security model).

•Authentication – The method used for user authentication; MD5 or

SHA

•Privacy – The encryption algorithm use for data privacy; only 56-bit

DES is currently available

•Actions – Enables the user to be assigned to another SNMPv3 group.

Contents

Main TigerStack 10G Gigabit Ethernet Switch Management Guide Page Page Page Page L W IMITED ii ARRANTY W IMITED ARRANTY Page iii ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1 iv v vi vii 4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . 4-1 viii ix x xi xii xiii xiv xv Page T xvii ABLES xviii xix F xx IGURES xxi xxii 1-1 NTRODUCTION Key Features 1-2 Description of Software Features F S 1-3 1-4 F S 1-5 1-6 D 1-7 System Defaults 1-8 D 1-9 1-10 NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 Required Connections S 2-3 C 2-4 Remote Connections O 2-5 Stack Operations Selecting the Stack Master C 2-6 Master Backup Unit Recovering from Stack Failure or Topology Change Broken Link for Line and Wrap-around Topologies O 2-7 IP Interface for Stack Management C 2-8 Basic Configuration Console Connection C 2-9 Setting Passwords C 2-10 Setting an IP Address Manual Configuration C 2-11 Dynamic Configuration C 2-12 Enabling SNMP Management Access C 2-13 Community Strings (for SNMP version 1 and 2c clients) C 2-14 Trap Receivers Configuring Access for SNMP Version 3 Clients C 2-15 Saving Configuration Settings C 2-16 Managing System Files Page Page ONFIGURING THE 3-1 WITCH Using the Web Interface Page Navigating the Web Browser Interface Page I B W 3-5 S 3-6 I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 Basic Configuration Displaying System Information Page S 3-14 CLI Specify the hostname, location and contact information. Displaying Switch Hardware/Software Versions C 3-15 S 3-16 Displaying Bridge Extension Capabilities C 3-17 S 3-18 Setting the Switchs IP Address C 3-19 Manual Configuration Page C 3-21 S 3-22 Managing Firmware Page Page C 3-25 Saving or Restoring Configuration Settings S 3-26 C 3-27 Downloading Configuration Settings from a Server S 3-28 Console Port Settings C 3-29 S 3-30 C 3-31 Telnet Settings S 3-32 C 3-33 Configuring Event Logging System Log Configuration S 3-34 C 3-35 Remote Log Configuration S 3-36 C 3-37 Displaying Log Messages Sending Simple Mail Transfer Protocol Alerts S 3-38 Page S 3-40 Renumbering the Stack C 3-41 Resetting the System S 3-42 Setting the System Clock Configuring SNTP C 3-43 Setting the Time Zone Page N P M 3-45 Simple Network Management Protocol S 3-46 Table 3-4 SNMPv3 Security Models and Levels Page S 3-48 Specifying Trap Managers and Trap Types N P M 3-49 Page N P M 3-51 Setting an Engine ID S 3-52 Configuring SNMPv3 Users Page S 3-54 Configuring SNMPv3 Groups Page S 3-56 Setting SNMPv3 Views Page S 3-58 User Authentication Page Page A 3-61 S 3-62 A 3-63 S 3-64 A 3-65 Configuring HTTPS S 3-66 Replacing the Default Secure-site Certificate A 3-67 Configuring the Secure Shell S 3-68 A 3-69 S 3-70 Generating the Host Key Pair Page S 3-72 Configuring the SSH Server Page S 3-74 Configuring Port Security A 3-75 Page A 3-77 S 3-78 Displaying 802.1X Global Settings Command Attributes A 3-79 Configuring 802.1X Global Settings S 3-80 Configuring Port Settings for 802.1X A 3-81 S 3-82 A 3-83 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 3-6 802.1X Statistics Page A 3-85 Filtering IP Addresses for Management Access S 3-86 C L Access Control Lists Configuring Access Control Lists S 3-88 Setting the ACL Name and Type C L 3-89 Configuring a Standard IP ACL S 3-90 Configuring an Extended IP ACL C L 3-91 Page C L 3-93 Configuring a MAC ACL Page C L 3-95 Configuring ACL Masks Specifying the Mask Type S 3-96 Configuring an IP ACL Mask C L 3-97 S 3-98 Configuring a MAC ACL Mask Page S 3-100 Binding a Port to an Access Control List Page S 3-102 Port Configuration Displaying Connection Status Field Attributes (Web) C 3-103 Field Attributes (CLI) Basic information: Configuration: S 3-104 Current status: C 3-105 Configuring Interface Connections S 3-106 C 3-107 Creating Trunk Groups S 3-108 C } 3-109 Statically Configuring a Trunk Page C } ORT 3-111 Enabling LACP on Selected Ports } S 3-112 C 3-113 Configuring LACP Parameters Dynamically Creating a Port Channel S 3-114 Page S Counter Information 3-116 Displaying LACP Port Counters C 3-117 Figure 3-54 LACP - Port Counters Information Table 3-7 LACP Port Counters (Continued) S 3-118 CLI The following example displays LACP counters for port channel 1. Displaying LACP Settings and Status for the Local Side C 3-119 Table 3-8 LACP Internal Configuration Information (Continued) S 3-120 C 3-121 Displaying LACP Settings and Status for the Remote Side Table 3-9 LACP Neighbor Configuration Information S 3-122 C 3-123 Setting Broadcast Storm Thresholds S 3-124 C 3-125 Configuring Port Mirroring Page C 3-127 Showing Port Statistics S 3-128 Table 3-10 Port Statistics C 3-129 S 3-130 C 3-131 Page Page S 3-134 Address Table Settings Setting Static Addresses T S 3-135 Page Page S 3-138 Spanning Tree Algorithm Configuration T C A 3-139 S 3-140 Displaying Global Settings T C A 3-141 S 3-142 T C A 3-143 S 3-144 Configuring Global Settings T C A 3-145 S 3-146 Page S 3-148 T C A 3-149 Displaying Interface Settings x T x C A 3-151 S 3-152 T C A 3-153 Configuring Interface Settings S 3-154 T C A 3-155 S 3-156 Configuring Multiple Spanning Trees T C A 3-157 Page T C LGORITHM A REE Page T C LGORITHM A REE S 3-162 Configuring Interface Settings for MSTP T C A 3-163 VLAN Configuration IEEE 802.1Q VLANs 3-165 Assigning Ports to VLANs S 3-166 3-167 Forwarding Tagged/Untagged Frames S 3-168 Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Information 3-169 Displaying Current VLANs S 3-170 Command Attributes (Web) Command Attributes (CLI) 3-171 Creating VLANs S 3-172 3-173 Adding Static Members to VLANs (VLAN Index) S 3-174 3-175 Adding Static Members to VLANs (Port Index) Page 3-177 Configuring VLAN Behavior for Interfaces S 3-178 3-179 x S 3-180 Configuring Private VLANs 3-181 Enabling Private VLANs Configuring Uplink and Downlink Ports S 3-182 Configuring Protocol-Based VLANs 3-183 Configuring Protocol Groups S 3-184 Mapping Protocols to VLANs 3-185 S 3-186 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces C S 3-187 S 3-188 Mapping CoS Values to Egress Queues C S 3-189 S 3-190 Selecting the Queue Mode Page S 3-192 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Page S 3-194 C S 3-195 Mapping DSCP Priority S 3-196 C S 3-197 Mapping IP Port Priority S 3-198 C S 3-199 Mapping CoS Values to ACLs Page F 3-201 Multicast Filtering S 3-202 Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters F 3-203 S 3-204 F 3-205 Displaying Interfaces Attached to a Multicast Router S 3-206 Specifying Static Interfaces for a Multicast Router F 3-207 Displaying Port Members of Multicast Services S 3-208 Assigning Ports to Multicast Services F 3-209 S 3-210 Configuring Domain Name Service Configuring General DNS Server Parameters D S N 3-211 Page D S N 3-213 Configuring Static DNS Host to Address Entries Page D S N 3-215 Displaying the DNS Cache S 3-216 Web Select DNS, Cache. 4-1 4 I INE L OMMAND L I 4-2 Telnet Connection C Entering Commands Keywords and Arguments Page C NTERING 4-5 Showing Commands Page C 4-7 Understanding Command Modes Exec Commands L I 4-8 Configuration Commands C 4-9 L I 4-10 Command Line Processing G Command Groups The system commands can be broken down into the functional groups shown below Table 4-4 Command Group Index L I 4-12 C 4-13 Line Commands Table 4-5 Line Command Syntax L I 4-14 line C 4-15 login L I 4-16 password C 4-17 timeout login response L I 4-18 exec-timeout C 4-19 password-thresh L I 4-20 silent-time databits C 4-21 parity L I 4-22 speed C 4-23 stopbits disconnect Page C General Commands 4-25 Example To show all lines, enter this command: Table 4-6 General Commands L I 4-26 enable C 4-27 disable configure L I 4-28 show history C 4-29 reload end L I 4-30 exit quit System Management Commands L I 4-32 Device Designation Commands prompt M C 4-33 hostname switch renumber L I 4-34 User Access Commands username M C 4-35 L I 4-36 enable password M C 4-37 IP Filter Commands management L I 4-38 show management M C Web Server Commands 4-39 Command Mode Privileged Exec L I 4-40 ip http port ip http server M C 4-41 ip http secure-server L I 4-42 ip http secure-port M C 4-43 Telnet Server Commands ip telnet server L I 4-44 ip telnet server port Secure Shell Commands M C 4-45 L I 4-46 M C 4-47 L I 4-48 ip ssh server M C 4-49 ip ssh timeout L I 4-50 ip ssh authentication-retries ip ssh server-key size M C 4-51 delete public-key ip ssh crypto host-key generate L I 4-52 ip ssh crypto zeroize M C 4-53 ip ssh save host-key L I 4-54 show ip ssh show ssh M C 4-55 show public-key Table 4-16 show ssh - display description (Continued) L I Event Logging Commands 4-56 M C 4-57 logging on L I 4-58 logging history M C 4-59 logging host L I 4-60 logging facility M C 4-61 logging trap L I 4-62 clear log show logging M C 4-63 L I 4-64 show log M C 4-65 The following example shows the event message stored in RAM. SMTP Alert Commands L I 4-66 logging sendmail host M C 4-67 logging sendmail level logging sendmail source-email L I 4-68 logging sendmail destination-email M C 4-69 logging sendmail show logging sendmail L I 4-70 Time Commands sntp client M C 4-71 sntp server L I 4-72 sntp poll M C 4-73 show sntp clock timezone L I 4-74 calendar set M C 4-75 show calendar L I 4-76 System Status Commands show startup-config M C 4-77 show running-config L I 4-78 M C ANAGEMENT YSTEM 4-79 L I 4-80 show system M C 4-81 show users show version L I 4-82 Frame Size Commands jumbo frame M C 4-83 L I Flash/File Commands copy C 4-85 L I 4-86 The following example shows how to copy the running configuration to a startup file. The following example shows how to download a configuration file: C 4-87 delete L I 4-88 dir C 4-89 whichboot L I 4-90 boot system C Authentication Commands Authentication Sequence L I 4-92 authentication login C 4-93 authentication enable L I 4-94 RADIUS Client C 4-95 radius-server host L I 4-96 radius-server port radius-server key C 4-97 radius-server retransmit radius-server timeout L I 4-98 show radius-server TACACS+ Client C 4-99 tacacs-server host L I 4-100 tacacs-server port tacacs-server key C 4-101 show tacacs-server Port Security Commands L I 4-102 port security C 4-103 L I 4-104 802.1X Port Authentication Table 4-32 802.1X Port Authentication Commands C 4-105 dot1x system-auth-control dot1x default L I 4-106 dot1x max-req dot1x port-control C 4-107 dot1x operation-mode L I 4-108 dot1x re-authenticate dot1x re-authentication C 4-109 dot1x timeout quiet-period dot1x timeout re-authperiod L I 4-110 dot1x timeout tx-period show dot1x C 4-111 L I 4-112 C UTHENTICATION 4-113 L I Access Control List Commands C L 4-115 L I IP ACLs 4-116 Table 4-33 Access Control List Commands C L 4-117 access-list ip Table 4-34 IP ACL Commands (Continued) L I 4-118 permit, deny (Standard ACL) C L 4-119 L I 4-120 permit, deny (Extended ACL) C L 4-121 L I 4-122 show ip access-list C L 4-123 access-list ip mask-precedence L I 4-124 mask (IP ACL) C L 4-125 L I 4-126 C L 4-127 show access-list ip mask-precedence L I 4-128 ip access-group C L 4-129 show ip access-group map access-list ip L I 4-130 show map access-list ip C L 4-131 match access-list ip L I 4-132 show marking C L 4-133 MAC ACLs Table 4-36 MAC ACL Commands L I 4-134 access-list mac C L 4-135 permit, deny (MAC ACL) L I 4-136 C L 4-137 show mac access-list access-list mac mask-precedence L I 4-138 mask (MAC ACL) C L 4-139 L I 4-140 show access-list mac mask-precedence C L 4-141 mac access-group show mac access-group L I 4-142 map access-list mac C L 4-143 show map access-list mac L I ACL Information 4-144 match access-list mac C L 4-145 show access-list show access-group SNMP Commands 4-147 L I 4-148 4-149 L I 4-150 4-151 L I 4-152 4-153 L I 4-154 4-155 L I 4-156 4-157 L I 4-158 Page L I 4-160 Table 4-42 show snmp group - display description groupname Name of an SNMP group. security model The SNMP version. readview The associated read view. 4-161 L I 4-162 4-163 DNS Commands Table 4-44 DNS Commands Table 4-43 show snmp user - display description L I 4-164 ip host 4-165 clear host L I 4-166 ip domain-name 4-167 ip domain-list L I 4-168 ip name-server 4-169 ip domain-lookup L I 4-170 show hosts 4-171 show dns show dns cache Page C 4-173 Interface Commands Table 4-45 Interface Commands L I 4-174 interface description C 4-175 speed-duplex L I 4-176 negotiation C 4-177 capabilities L I 4-178 flowcontrol C 4-179 media-type L I 4-180 shutdown C 4-181 switchport broadcast packet-rate L I 4-182 clear counters Page L I 4-184 show interfaces counters C 4-185 L I 4-186 show interfaces switchport C 4-187 Table 4-46 show interfaces switchport - display description L I Mirror Port Commands port monitor P C 4-189 show port monitor L Rate Limit Commands Page L I 4-192 Link Aggregation Commands A C 4-193 L I 4-194 channel-group lacp Page L I 4-196 A C 4-197 lacp system-priority L I 4-198 lacp admin-key (Ethernet Interface) A C 4-199 lacp admin-key (Port Channel) L I 4-200 lacp port-priority A C 4-201 show lacp L I 4-202 Table 4-50 show lacp counters - display description Table 4-51 show lacp internal - display description A C 4-203 Table 4-51 show lacp internal - display description (Continued) L I 4-204 Table 4-52 show lacp neighbors - display description A C GGREGATION INK 4-205 Address Table Commands mac-address-table static T C 4-207 clear mac-address-table dynamic L I 4-208 show mac-address-table T C 4-209 mac-address-table aging-time L Spanning Tree Commands T C 4-211 Table 4-55 Spanning Tree Commands (Continued) L I 4-212 spanning-tree T C 4-213 spanning-tree mode L I 4-214 spanning-tree forward-time T C 4-215 spanning-tree hello-time L I 4-216 spanning-tree max-age T C 4-217 spanning-tree priority spanning-tree pathcost method L I 4-218 spanning-tree transmission-limit T C 4-219 spanning-tree mst configuration mst vlan L I 4-220 T C 4-221 mst priority L I 4-222 name revision T C 4-223 max-hops L I 4-224 spanning-tree spanning-disabled T C 4-225 spanning-tree cost L I 4-226 spanning-tree port-priority spanning-tree edge-port T C 4-227 spanning-tree portfast L I 4-228 spanning-tree link-type T C 4-229 spanning-tree mst cost L I 4-230 T C 4-231 spanning-tree mst port-priority Page T C 4-233 show spanning-tree L I 4-234 4-235 show spanning-tree mst configuration VLAN Commands L I 4-236 Editing VLAN Groups vlan database 4-237 vlan L I Configuring VLAN Interfaces 4-238 Table 4-58 Configuring VLAN Interfaces 4-239 interface vlan L I 4-240 switchport mode 4-241 switchport acceptable-frame-types L I 4-242 switchport ingress-filtering 4-243 switchport native vlan L I 4-244 switchport allowed vlan 4-245 switchport forbidden vlan L I 4-246 Displaying VLAN Information show vlan 4-247 Configuring Private VLANs pvlan L I 4-248 show pvlan 4-249 Configuring Protocol-based VLANs L I 4-250 protocol-vlan protocol-group (Configuring Groups) 4-251 protocol-vlan protocol-group (Configuring Interfaces) L I 4-252 show protocol-vlan protocol-group 4-253 show interfaces protocol-vlan protocol-group L I 4-254 GVRP and Bridge Extension Commands bridge-ext gvrp GVRP C E B 4-255 L I 4-256 switchport gvrp show gvrp configuration GVRP C E B 4-257 L I 4-258 show garp timer C Priority Commands L I 4-260 Priority Commands (Layer 2) queue mode C 4-261 switchport priority default L I 4-262 queue bandwidth C 4-263 queue cos-map L I 4-264 C 4-265 show queue mode show queue bandwidth L I 4-266 show queue cos-map C 4-267 Priority Commands (Layer 3 and 4) Table 4-66 Priority Commands (Layer 3 and 4) L I 4-268 map ip port (Global Configuration) map ip port (Interface Configuration) C 4-269 map ip precedence (Global Configuration) L I 4-270 map ip precedence (Interface Configuration) C 4-271 map ip dscp (Global Configuration) L I 4-272 map ip dscp (Interface Configuration) C 4-273 show map ip port L I 4-274 show map ip precedence C 4-275 show map ip dscp L I Multicast Filtering Commands Table 4-69 Multicast Filtering Commands Table 4-70 IGMP Snooping Commands F C 4-277 ip igmp snooping ip igmp snooping vlan static L I 4-278 ip igmp snooping version F C 4-279 show ip igmp snooping show mac-address-table multicast L I IGMP Query Commands (Layer 2) 4-280 F C 4-281 ip igmp snooping querier ip igmp snooping query-count L I 4-282 ip igmp snooping query-interval F C 4-283 ip igmp snooping query-max-response-time L I 4-284 ip igmp snooping router-port-expire-time F C 4-285 Static Multicast Routing Commands ip igmp snooping vlan mrouter L I 4-286 show ip igmp snooping mrouter C IP Interface Commands Basic IP Configuration L I 4-288 ip address C 4-289 ip dhcp restart L I 4-290 ip default-gateway C 4-291 show ip interface show ip redirects L I 4-292 ping C 4-293 Related Commands interface (4 -174) Page PPENDIX OFTWARE A-1 PECIFICATIONS Software Features Management Features S A-3 Standards S A-4 Management Information Bases Page Page PPENDIX B-1 B T Problems Accessing the Management Interface ROUBLESHOOTING B-2 S L B-3 Using System Logs Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 NDEX Numerics A B C E F G H I P Q R S T U V W