Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks TigerSwitch 100 manual Https

Models: TigerSwitch 100

1 334

Download 334 pages 51.76 Kb

Page 49

SECURITY

CLI Commands

CLI – Specify all the required parameters to enable logon authentication.

Console(config)#authentication login radius	3-51
Console(config)#radius-server host 192.168.1.25	3-52
Console(config)#radius-server port 181	3-53
Console(config)#radius-server key green	3-53
Console(config)#radius-server retransmit 5	3-54
Console(config)#radius-server timeout 10	3-55
Console#show radius-server	3-55
Server IP address: 192.168.1.25
Communication key with radius server: green
Server port number: 181
Retransmit times: 5
Request timeout: 10
Console(config)#authentication login tacacs	3-51
Console(config)#tacacs-server host 10.20.30.40	3-56
Console(config)#tacacs-server port 200	3-56
Console(config)#tacacs-server key green	3-57
Console#show tacacs-server	3-57
Server IP address: 10.20.30.40
Communication key with tacacs server: green
Server port number: 200
Console(config)#

HTTPS

You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface.

Both the HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure the HTTP and HTTPS servers to use the same UDP port. If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https://device:port_number.

Note: If you enable HTTPS, you must indicate this in the URL. For example: https://device [:port_number]

2-19

Image 49

SMC Networks TigerSwitch 100 manual Https

Contents

TigerSwitch 10/100/1000 Page TigerSwitch 10/100/1000 Management Guide Trademarks Limited Warranty Limited Warranty Contents Viii Command Line Interface Contents Contents Xii Xiii Xiv Glossary IndexConfiguration Options Connecting to the SwitchSwitch Management Required Connections Remote Connections Setting Passwords Basic ConfigurationConsole Connection Setting an IP Address Manual Configuration Dynamic Configuration Enabling Snmp Management Access Community Strings Trap Receivers Saving Configuration SettingsManaging System Files Function Parameter Default System DefaultsFunction Parameter Default Pvid Switch Management Using the Web Interface Configuring the SwitchHome Navigating the Web Browser InterfaceButton Action Panel Display Menu Description Main MenuMenu Description Snmp Displaying System Information Command AttributesCLI Only CLI Specify the hostname, location and contact information Setting the IP AddressBasic Configuration Manual Configuration Security Configuring the Logon PasswordCommand Attributes Command Usage Configuring RADIUS/TACACS Logon AuthenticationCommand Attributes Radius Settings Configuring the Switch Https Https SSH Managing Firmware Downloading System Software from a Server Saving or Restoring Configuration Settings Managing Firmware Copying the Running Configuration to a File Displaying Bridge Extension Capabilities Configuring the Switch 137 Main Board Displaying Switch Hardware/Software VersionsManagement Software Displaying Switch HARDWARE/SOFTWARE Versions Displaying Connection Status Port ConfigurationPort Configuration Configuring Interface Connections Port Configuration Command Attributes Setting Broadcast Storm ThresholdsPort Configuration Configuring Port Mirroring Port Configuration Configuring Port SecurityPort Security Action Setting Static Addresses Address Table SettingsDisplaying the Address Table 102 Changing the Aging Time Spanning Tree Protocol ConfigurationSpanning Tree Protocol Configuration STP Information Spanning Tree Protocol Configuration CLI only CLI This example shows the current Spanning Tree settings Command Usage STP ConfigurationSpanning Tree Protocol Configuration Configuring the Switch 107 STP Port and Trunk Information Spanning Tree Protocol Configuration Configuring the Switch Spanning Tree Protocol Configuration STP Port and Trunk Configuration Spanning Tree Protocol Configuration Configuring the Switch Vlan Configuration Assigning Ports to VLANs Vlan Configuration Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Displaying Current VLANs Command Attributes for Web InterfaceCommand Attributes for CLI Interface 131 Creating VLANs122 Adding Interfaces Based on Membership Type Vlan Configuration 129 Adding Interfaces Based on Static MembershipConfiguring Vlan Behavior for Interfaces Command Usage Vlan Configuration Configuring the Switch Setting the Default Priority for Interfaces Class of Service ConfigurationMapping CoS Values to Egress Queues Queue 155 Setting the Service Weight for Traffic Classes Selecting IP Precedence/DSCP Priority Mapping Layer 3/4 Priorities to CoS ValuesMapping IP Precedence Flash Override Class of Service Configuration Mapping Dscp Priority 38, 40 Port Trunk Configuration Port Trunk Configuration Dynamically Configuring a Trunk with Lacp Port Trunk Configuration 168 Statically Configuring a TrunkPort Trunk Configuration 167 Configuring SnmpAccess Mode Setting Community Access StringsSpecifying Trap Managers Snmp IP Filtering Command Attributes Multicast Configuration 100 Configuring Igmp Parameters101 102 103 Interfaces Attached to a Multicast RouterSpecifying Interfaces Attached to a Multicast Router 104105 Displaying Port Members of Multicast Services106 107 Adding Multicast Addresses to VLANs108 Showing Device StatisticsStatistical Values 109Parameter Description 110Rmon Statistics 111112 113 CLI This example shows statistics for port 114Accessing the CLI Using the Command Line InterfaceTelnet Connection Keywords and Arguments Entering CommandsGetting Help on Commands Command CompletionMinimum Abbreviation Showing Commands Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword LookupExec Commands Configuration Commands Keystroke Function Command Line ProcessingCommand Description Group Command Groups150 Enable General CommandsSyntax Enable level Default SettingRelated Commands DisableExample Configure Show history End ReloadQuit ExitCopy Flash/File CommandsFLASH/FILE Commands Following example shows how to download a configuration file Syntax DeleteDir Syntax Dir boot-rom config opcode filenameFollowing example shows how to display all file information WhichbootSyntax Boot system boot-romconfig opcode filename Boot systemCommand Function Mode System Management CommandsEvent Logging Commands Username HostnameSyntax Hostname name no hostname Username Access-level Password Guest Admin Enable password Jumbo frame Syntax Jumbo frame no jumbo frame Default SettingSyntax Ip http server no ip http server Default Setting Default Setting Command ModeIp http port Ip http serverIp http secure-server Syntax Ip http secure-port portnumber no ip http secure-port Ip http secure-portIp ssh Ip ssh server Syntax Ip ssh server no ip ssh server Default SettingSyntax Disconnect ssh connection-id Disconnect sshShow ip ssh Show sshLogging on Syntax Logging on no logging on Default SettingLevel Argument Description Syslog Definition Logging historyLogging host Syntax Logging facility type no logging facility type Logging facilitySyntax Logging trap level no logging trap level Logging trapShow logging Clear loggingSyntax Clear logging flash ram Syntax Show logging flash ram trapShow startup-config Command Mode Show running-config Show system Show users Show version Authentication Commands TACACS+ Client Authentication loginRadius-server host Radius-server key Radius-server portSyntax Radius-server port portnumber no radius-server port Syntax Radius-server key keystring no radius-server keyRadius-server retransmit Show radius-server Radius-server timeoutTacacs-server port Tacacs-server hostSyntax Tacacs-server port portnumber no tacacs-server port Show tacacs-server Tacacs-server keySyntax Tacacs-server key keystring no tacacs-server key Snmp-server community Snmp CommandsSnmp Commands Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server locationSnmp-server host Host Address None Snmp Version Snmp-server enable traps Snmp ip filter Show snmp Example Ip address IP CommandsDhcp Obtains IP address from Dhcp Ip dhcp restart Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayShow ip interface Show ip redirects Syntax Ping host count countsize size PingLine Commands Syntax Line console vty LineSyntax Login local no login LoginSyntax Password 0 7 password no password PasswordSyntax Exec-timeout seconds no exec-timeout Exec-timeoutSyntax Password-thresh threshold no password-thresh Password-threshSyntax Silent-time seconds no silent-time Silent-timeSyntax Databits 7 8 no databits DatabitsSyntax Parity none even odd no parity ParitySyntax Speed bps no speed SpeedShow line StopbitsSyntax Stopbits 1 Syntax Show line console vtyTo show all lines, enter this command Interface CommandsEthernet unit/port InterfacePort-channel channel-idRange Speed-duplex DescriptionSyntax Description string no description Negotiation Capabilities Negotiation Syntax Negotiation no negotiation Default SettingCapabilities Default SettingFlowcontrol Syntax Flowcontrol no flowcontrol Default SettingSyntax Shutdown no shutdown ShutdownSwitchport broadcast Port security Clear counters Show interfaces status Port-channel channel-idRange Default SettingSyntax Clear counters interface Syntax Show interfaces status interfacePort-channel channel-idRange Syntax Show interfaces counters interface Show interfaces countersSyntax Show interfaces switchport interface Show interfaces switchportShows all interfaces Mac-address-table static Address Table CommandsAction Show mac-address-table Mac-address-table aging-time Clear mac-address-table dynamicShow mac-address-table aging-time Command Function Spanning Tree CommandsSpanning-tree Syntax Spanning-tree no spanning-tree Default SettingSyntax Spanning-tree mode stp rstp no spanning-tree mode Spanning-tree modeSpanning-tree forward-time Spanning-tree max-age Spanning-tree hello-timeSpanning-tree priority Spanning-tree pathcost method Spanning-tree transmission-limit Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree costSpanning-tree port-priority 115 Spanning-tree portfast116 Spanning-tree edge-portSpanning-tree protocol-migration Port-channel channel-idRange Command Mode117 Syntax Spanning-tree protocol-migration interface118 Spanning-tree link-type119 Show spanning-treeSyntax Show spanning-tree interface 120 121 Vlan Commands122 Vlan database123 Vlan124 Interface vlanSyntax Interface vlan vlan-id Syntax Switchport mode trunk hybrid no switchport mode Switchport mode125 126 Switchport acceptable-frame-types127 Switchport ingress-filtering128 Switchport native vlan129 Switchport allowed vlan130 Switchport forbidden vlan131 Show vlanSyntax Show vlan id vlan-idname vlan-name Switchport gvrp Gvrp and Bridge Extension CommandsSyntax Switchport gvrp no switchport gvrp 132Syntax Show gvrp configuration interface Show gvrp configuration133 134 Garp timerSyntax Show garp timer interface Show garp timer135 Bridge-ext gvrp Syntax Bridge-ext gvrp no bridge-ext gvrp Default Setting136 137 Show bridge-ext138 Igmp Snooping CommandsIp igmp snooping Syntax Ip igmp snooping no ip igmp snooping Default Setting139 140 Ip igmp snooping vlan staticShow ip igmp snooping Ip igmp snooping version141 142 Show mac-address-table multicast143 Ip igmp snooping querier144 Ip igmp snooping query-countIp igmp snooping query-max-response-time Ip igmp snooping query-interval145 146 147 Ip igmp snooping router-port-expire-time148 Ip igmp snooping vlan mrouter149 Show ip igmp snooping mrouterSyntax Show ip igmp snooping mrouter vlan vlan-id 150 Priority Commands151 Switchport priority default152 Queue bandwidth153 Queue cos-map154 Show queue cos-map Show queue bandwidth155 Syntax Show queue cos-map interface156 Map ip precedence Global Configuration157 Map ip precedence Interface ConfigurationSyntax Map ip dscp no map ip dscp Default Setting Map ip dscp Global Configuration158 159 Map ip dscp Interface Configuration160 Show map ip precedenceSyntax Show map ip precedence interface 161 Show map ip dscpSyntax Show map ip dscp interface 162 Port monitor Mirror Port Commands163 164 Show port monitorSyntax Show port monitor interface 165 Following shows mirroring configured from port 6 to port166 Port Trunking CommandsGuidelines for Creating Trunks 167 Channel-groupSyntax Channel-group channel-idno channel-group Lacp Syntax Lacp no lacp Default Setting168 169 170 Troubleshooting Chart Appendix a TroubleshootingTroubleshooting Appendix B Upgrading Firmware VIA Serial Port Upgrading Firmware VIA the Serial Port Page Upgrading Firmware VIA the Serial Port DB-9 Port Pin Assignments Console Port Pin AssignmentsConsole Port to 25-Pin DTE Port on PC Console Port to 9-Pin DTE Port on PCGlossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Virtual LAN Vlan Glossary-7XModem Glossary-8 Index-1 IndexIndex-2 Page For Technical SUPPORT, Call