SMC SMC8150L2 Dokumentacja

MANAGEMENT GUIDETigerSwitchTM 10/100/100026-Port Gigabit Managed Switch50-Port Gigabit Managed SwitchSMC8126L2SMC8150L2ta

Contentsvidisconnect 4-18show line 4-18General Commands 4-19enable 4-19disable 4-20configure 4-21show history 4-21reload 4-22end 4-22exit 4-23quit

Configuring the Switch3-563Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status –

User Authentication3-573CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the

Configuring the Switch3-583Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save th

User Authentication3-593Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC add

Configuring the Switch3-603Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbo

User Authentication3-613This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with th

Configuring the Switch3-623Web – Click Security, 802.1X, Information.Figure 3-39 802.1X Global InformationCLI – This example shows the default global

User Authentication3-633Configuring Port Settings for 802.1XWhen 802.1X is enabled, you need to configure the parameters for the authentication proces

Configuring the Switch3-643Figure 3-41 802.1X Port Configuration

User Authentication3-653CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example

Contentsviilogging facility 4-45logging trap 4-46clear logging 4-46show logging 4-47show log 4-48SMTP Alert Commands 4-49logging sendmail host

Configuring the Switch3-663Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Web – Select Secu

Access Control Lists3-673CLI – This example displays the 802.1X statistics for port 4. Access Control Lists Access Control Lists (ACL) provide packet

Configuring the Switch3-6833. Explicit default rule (permit any any) in the ingress IP ACL for ingress ports.4. If no explicit rule is matched, the im

Access Control Lists3-693Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Addres

Configuring the Switch3-703host address in the Address field, or “IP” to specify a range of addresses with the Address and SubMask fields. (Options: A

Access Control Lists3-713 Figure 3-45 Configuring Extended IP ACLsCLI – This example adds two rules:(1) Accept any incoming packets if the source add

Configuring the Switch3-723Configuring a MAC ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Source/Desti

Access Control Lists3-733 Figure 3-46 Configuring MAC ACLsBinding a Port to an Access Control ListAfter configuring the Access Control Lists (ACL), y

Configuring the Switch3-743 Figure 3-47 Configuring ACL Port BindingCLI – This example assigns an IP access list to port 1, and an IP access list to

Access Control Lists3-753• You cannot delete an individual address from a specified range. You must delete the entire range, and reenter the addresses

ContentsviiiTACACS+ Client 4-77tacacs-server host 4-77tacacs-server port 4-77tacacs-server key 4-78show tacacs-server 4-78Port Security Commands

Configuring the Switch3-763CLI – This example allows SNMP access for a specific client.Port ConfigurationDisplaying Connection StatusYou can use the P

Port Configuration3-773Web – Click Port, Port Information or Trunk Information.Figure 3-49 Displaying Port/Trunk InformationField Attributes (CLI)Bas

Configuring the Switch3-783• Port Security – Shows if port security is enabled or disabled.• Max MAC count – Shows the maximum number of MAC address t

Port Configuration3-793• Speed/Duplex – Allows you to manually set the port speed and duplex mode. (i.e., with auto-negotiation disabled)• Flow Contro

Configuring the Switch3-803CLI – Select the interface, and then enter the required settings.Creating Trunk GroupsYou can create multiple links between

Port Configuration3-813• The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, duple

Configuring the Switch3-823CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch

Port Configuration3-833Command Attributes • Member List (Current) – Shows configured trunks (Port).• New – Includes entry fields for creating new trun

Configuring the Switch3-843CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another

Port Configuration3-853- System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a s

Contentsixshow snmp engine-id 4-108snmp-server view 4-109show snmp view 4-110snmp-server group 4-110show snmp group 4-112snmp-server user 4-113s

Configuring the Switch3-863CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG.Displ

Port Configuration3-873Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-54 L

Configuring the Switch3-883Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for

Port Configuration3-893Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-55

Configuring the Switch3-903Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for

Port Configuration3-913CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel

Configuring the Switch3-923Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and cli

Port Configuration3-933Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then att

Configuring the Switch3-943Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or rece

Port Configuration3-953CLI - This example sets the rate limit level for input traffic passing through port 3.Showing Port StatisticsYou can display st

Contentsxspanning-tree priority 4-148spanning-tree pathcost method 4-149spanning-tree transmission-limit 4-150spanning-tree mst-configuration 4-15

Configuring the Switch3-963Transmit Multicast Packets The total number of packets that higher-level protocols requested be transmitted, and which were

Port Configuration3-973RMON StatisticsDrop Events The total number of events in which packets were dropped due to lack of resources.Jabbers The total

Configuring the Switch3-983Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

Address Table Settings3-993CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices. T

Configuring the Switch3-1003Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Addres

Address Table Settings3-1013Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN chec

Configuring the Switch3-1023Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Stat

Spanning Tree Algorithm Configuration3-1033disables all other ports. Network packets are therefore only forwarded between root ports and designated po

Configuring the Switch3-1043An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including th

Spanning Tree Algorithm Configuration3-1053Displaying Global SettingsYou can display a summary of the current bridge STA information that applies to t

ContentsxiRelated Commands 4-178show dot1q-tunnel 4-178Configuring Private VLANs 4-179pvlan 4-179show pvlan 4-180Configuring Protocol-based VLANs

Configuring the Switch3-1063However, if all devices have the same priority, the device with the lowest MAC address will then become the root device. •

Spanning Tree Algorithm Configuration3-1073CLI – This command displays global STA settings, followed by settings for each port. Note:The current root

Configuring the Switch3-1083- To allow multiple spanning trees to operate over the network, you must configure a related set of bridges with the same

Spanning Tree Algorithm Configuration3-1093• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discard

Configuring the Switch3-1103Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-65 Configuring Sp

Spanning Tree Algorithm Configuration3-1113Displaying Interface SettingsThe STA Port Information and STA Trunk Information pages display the current s

Configuring the Switch3-1123• Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)These additional parameters are on

Spanning Tree Algorithm Configuration3-1133the amount of frame flooding required to rebuild address tables during reconfiguration events, does not cau

Configuring the Switch3-1143Configuring Interface SettingsYou can configure RSTP and MSTP attributes for specific interfaces, including port priority,

Spanning Tree Algorithm Configuration3-1153• Admin Link Type – The link type attached to this interface.- Point-to-Point – A connection to exactly one

Contentsxiiip igmp snooping querier 4-206ip igmp snooping query-count 4-206ip igmp snooping query-interval 4-207ip igmp snooping query-max-response

Configuring the Switch3-1163Configuring Multiple Spanning TreesMSTP generates a unique spanning tree for each instance. This provides multiple pathway

Spanning Tree Algorithm Configuration3-1173Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the i

Configuring the Switch3-1183CLI – This example sets STA attributes for port 1, , followed by settings for each port.Displaying Interface Settings for

Spanning Tree Algorithm Configuration3-1193Web – Click Spanning Tree, MSTP, Port or Trunk Information. Select the required MST instance to display the

Configuring the Switch3-1203CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are globa

Spanning Tree Algorithm Configuration3-1213- Discarding – Port receives STA configuration messages, but does not forward packets.- Learning – Port has

Configuring the Switch3-1223Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path cost for an interf

VLAN Configuration3-1233This switch supports the following VLAN features:• Up to 255 VLANs based on the IEEE 802.1Q standard• Distributed VLAN learnin

Configuring the Switch3-1243VLAN form a broadcast domain that is separate from other VLANs configured on the switch. Packets are forwarded only betwee

VLAN Configuration3-1253Forwarding Tagged/Untagged FramesIf you want to create a small port-based VLAN for devices attached directly to a single switc

Contentsxiiicluster 4-238cluster commander 4-239cluster ip-pool 4-239cluster member 4-240rcommand 4-240show cluster 4-241show cluster members 4-2

Configuring the Switch3-1263Displaying Basic VLAN InformationThe VLAN Basic Information page displays basic information on the VLAN type supported by

VLAN Configuration3-1273• Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP.- Permanent: Added as a

Configuring the Switch3-1283CLI – Current VLAN information can be displayed with the following command.Creating VLANsUse the VLAN Static List to creat

VLAN Configuration3-1293Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to

Configuring the Switch3-13032. VLAN 1 is the default untagged VLAN containing all ports on the switch, and can only be modified by first reassigning t

VLAN Configuration3-1313Figure 3-75 Configuring a VLAN Static TableCLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static

Configuring the Switch3-1323Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLA

Configuring IEEE 802.1Q Tunneling3-1333Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in the required settings for eac

Configuring the Switch3-1343using a VLAN-in-VLAN hierarchy, preserving the customer’s original tagged packets, and adding SPVLAN tags to each frame (a

Configuring IEEE 802.1Q Tunneling3-1353(SPVLAN) into the packet based on the default VLAN ID and Tag Protocol Identifier (TPID, that is, the ether-typ

Contentsxiv

Configuring the Switch3-13630x8100, a new VLAN tag is added and it is also treated as double-tagged packet.5. If the destination address lookup fails,

Configuring IEEE 802.1Q Tunneling3-1373“Adding an Interface to a QinQ Tunnel” on page 3-138). 8. Configure the QinQ tunnel uplink port to join the SPV

Configuring the Switch3-1383CLI – This example sets the switch to operate in QinQ mode. Adding an Interface to a QinQ TunnelFollow the guidelines in t

Configuring IEEE 802.1Q Tunneling3-1393- 802.1Q Tunnel Uplink – Configures IEEE 802.1Q tunneling (QinQ) for an uplink port to another device within t

Configuring the Switch3-1403CLI – This example sets port 1 to tunnel access mode, indicates that the TPID used for 802.1Q tagged frames is 9100 hexade

Configuring IEEE 802.1Q Tunneling3-1413Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assi

Configuring the Switch3-1423Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports

Configuring IEEE 802.1Q Tunneling3-1433• Protocol Type – The only option for the LLC Other frame type is IPX Raw. The options for all other frames typ

Configuring the Switch3-1443Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

Class of Service Configuration3-1453Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfa

xvTablesTable 1-1 Key Features 1-1Table 1-2 System Defaults 1-6Table 3-1 Configuration Options 3-3Table 3-2 Main Menu 3-4Table 3-3 Logging Levels

Configuring the Switch3-1463The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following ta

Class of Service Configuration3-1473CLI – The following example shows how to change the CoS assignments.Enabling CoSEnable or disable Class of Service

Configuring the Switch3-1483Web – Click Priority, Queue Mode. Select Strict or WRR, then click Apply.Figure 3-87 Queue ModeCLI – The following sets t

Class of Service Configuration3-1493CLI – The following example shows how to display the WRR weights assigned to each of the priority queues.Layer 3/4

Configuring the Switch3-1503Web – Click Priority, IP Precedence/DSCP Priority Status. Select Disabled, IP Precedence or IP DSCP from the scroll-down m

Class of Service Configuration3-1513Web – Click Priority, IP Precedence Priority. Select an entry from the IP Precedence Priority Table, enter a value

Configuring the Switch3-1523Mapping DSCP PriorityThe DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP reta

Class of Service Configuration3-1533CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1

Configuring the Switch3-1543Click Priority, IP Port Priority. Enter the port number for a network application in the IP Port Number box and the new Co

Quality of Service3-1553All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets

TablesxviTable 4-27 Authentication Commands 4-70Table 4-28 Authentication Sequence 4-70Table 4-29 RADIUS Client Commands 4-73Table 4-30 TACACS Comm

Configuring the Switch3-1563based on an access list, a DSCP or IP Precedence value, or a VLAN, and click the Add button next to the field for the sele

Quality of Service3-1573Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class.

Configuring the Switch3-1583Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage • To con

Quality of Service3-1593Policy Rule Settings- Class Settings -• Class Name – Name of class map.• Action – Shows the service provided to ingress traffi

Configuring the Switch3-1603Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Polic

Quality of Service3-1613Attaching a Policy Map to Ingress QueuesThis function binds a policy map to the ingress queue of a particular interface. Comma

Configuring the Switch3-1623Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A

Multicast Filtering3-1633Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Based

Configuring the Switch3-1643Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default se

Multicast Filtering3-1653Command Attributes• VLAN ID – ID of configured VLAN (1-4094).• Immediate Leave – Enable or disable IGMP immediate leave for t

TablesxviiTable 4-69 IGMP Query Commands (Layer 2) 4-206Table 4-70 Static Multicast Routing Commands 4-209Table 4-71 IGMP Filtering and Throttling C

Configuring the Switch3-1663Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to dis

Multicast Filtering3-1673Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router,

Configuring the Switch3-1683Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service fr

Multicast Filtering3-1693Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled

Configuring the Switch3-1703switch randomly removes an existing group and replaces it with the new multicast group.Note:IGMP filtering and throttling

Multicast Filtering3-1713Configuring IGMP Filtering and Throttling for InterfacesOnce you have configured IGMP profiles, you can then assign them to i

Configuring the Switch3-1723Web – Click IGMP Snooping, IGMP Filter/Throttling Port Configuration or IGMP Filter/Throttling Trunk Configuration. Select

Multicast Filtering3-1733deny, IGMP join reports are only processed when a multicast group is not in the controlled range.Command Attributes• Profile

Configuring the Switch3-1743CLI – This example configures profile number 19 by setting the access mode to “permit” and then specifying a range of mult

Multicast Filtering3-1753General Configuration Guidelines for MVR1. Enable MVR globally on the switch, select the MVR VLAN, and add the multicast grou

Tablesxviii

Configuring the Switch3-1763Web – Click MVR, Configuration. Enable MVR globally on the switch, select the MVR VLAN, add the multicast groups that will

Multicast Filtering3-1773Web – Click MVR, Port or Trunk Information.Figure 3-107 MVR Port InformationCLI – This example shows information about inter

Configuring the Switch3-1783Displaying Port Members of Multicast GroupsYou can display the multicast groups assigned to the MVR VLAN either through IG

Multicast Filtering3-1793Configuring MVR Interface Status Each interface that participates in the MVR VLAN must be configured as an MVR source port or

Configuring the Switch3-1803Web – Click MVR, Port or Trunk Configuration.Figure 3-109 MVR Port ConfigurationCLI – This example configures an MVR sour

Configuring Domain Name Service3-1813Web – Click MVR, Group Member Configuration. Select a port or trunk from the “Interface” field, and click Query t

Configuring the Switch3-1823• When an incomplete host name is received by the DNS service on this switch and a domain name list has been specified, th

Configuring Domain Name Service3-1833CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is speci

Configuring the Switch3-1843Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.Figure 3-

Configuring Domain Name Service3-1853Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name s

xixFiguresFigure 3-1 Home Page 3-2Figure 3-2 Panel Display 3-3Figure 3-3 System Information 3-10Figure 3-4 Switch Information 3-12Figure 3-5 Bridg

Configuring the Switch3-1863CLI - This example displays all the resource records learned from the designated name servers.DHCP SnoopingDHCP snooping a

DHCP Snooping3-1873the packet will only be forwarded if the client’s hardware address stored in the DHCP packet is the same as the source MAC address

Configuring the Switch3-1883DHCP Snooping VLAN ConfigurationEnables DHCP snooping on the specified VLAN.Command Attributes• VLAN ID – ID of a configur

DHCP Snooping3-1893Command Attributes• DHCP Snooping Information Option Status – Enables or disables DHCP Option 82 information relay.• DHCP Snooping

Configuring the Switch3-1903Web – Click DHCP Snooping, Information Option Configuration. Figure 3-117 DHCP Snooping Port ConfigurationCLI – This exam

IP Source Guard3-1913Web – Click DHCP Snooping, DHCP Snooping Binding Information.Figure 3-118 DHCP Snooping Binding InformationCLI – This example sh

Configuring the Switch3-1923Command Attributes• Filter Type – Configures the switch to filter inbound traffic based source IP address, or source IP ad

IP Source Guard3-1933Command Attributes• Static Binding Table Counts – The total number of static entries in the table.• Port – Switch port number. (R

Configuring the Switch3-1943Web – Click IP Source Guard, Dynamic Information. Figure 3-121 Dynamic IP Source Guard Binding InformationCLI – This exam

Switch Clustering3-1953Once a switch has been configured to be a cluster Commander, it automatically discovers other cluster-enabled switches in the n

FiguresxxFigure 3-43 Selecting ACL Type 3-68Figure 3-44 Configuring Standard IP ACLs 3-69Figure 3-45 Configuring Extended IP ACLs 3-71Figure 3-46 C

Configuring the Switch3-1963Web – Click Cluster, Configuration. Figure 3-123 Cluster ConfigurationCLI – This example first enables clustering on the

Switch Clustering3-1973Web – Click Cluster, Member Configuration. Figure 3-124 Cluster Member ConfigurationCLI – This example creates a new cluster M

Configuring the Switch3-1983CLI – This example shows information about cluster Member switches.Cluster Candidate InformationDisplays information about

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24Telnet ConnectionTelnet operates over the IP transport protocol. In this environment, your management station and any networ

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr

Command Line Interface4-64Exec CommandsWhen you open a new console session on the switch with the user name and password “guest,” the system enters th

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

FiguresxxiFigure 3-88 Configuring Queue Scheduling 3-148Figure 3-89 IP Precedence/DSCP Priority Status 3-150Figure 3-90 Mapping IP Precedence Priori

Command Line Interface4-84Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain e

Command Groups4-94Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command GroupsCommand Group D

Command Line Interface4-104The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration)

Line Commands4-114lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax line {co

Command Line Interface4-124- login selects authentication by a single global password as specified by the password line configuration command. When us

Line Commands4-134during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure e

Command Line Interface4-144Syntax exec-timeout [seconds]no exec-timeout seconds - Integer that specifies the number of seconds. (Range: 0-65535 second

Line Commands4-154Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time befo

Command Line Interface4-164Syntax databits {7 | 8}no databits• 7 - Seven data bits per character. • 8 - Eight data bits per character. Default Setting

Line Commands4-174Example To specify no parity, enter this command:speedThis command sets the terminal line’s baud rate. This command sets both the tr

Figuresxxii

Command Line Interface4-184Example To specify 2 stop bits, enter this command:disconnectThis command terminates an SSH, Telnet, or console connection.

General Commands4-194Example To show all lines, enter this command:General CommandsenableThis command activates Privileged Exec mode. In privileged mo

Command Line Interface4-204Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the comman

General Commands4-214configureThis command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You mus

Command Line Interface4-224The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mod

General Commands4-234exitThis command returns to the previous configuration mode or exit the configuration program.Default Setting NoneCommand Mode An

Command Line Interface4-244System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration opti

System Management Commands4-254Example hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the defaul

Command Line Interface4-264• name - The name of the user. (Maximum length: 8 characters, case sensitive. Maximum users: 16)• access-level level - Spec

System Management Commands4-274• password - password for this privilege level.(Maximum length: 8 characters plain text, 32 encrypted, case sensitive)

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-284• telnet-client - Adds IP address(es) to the Telnet group.• start-address - A single IP address, or the starting address of

System Management Commands4-294ExampleWeb Server Commandsip http portThis command specifies the TCP port number used by the web browser interface. Use

Command Line Interface4-304ExampleRelated Commandsip http server (4-30)ip http serverThis command allows this device to be monitored or configured fro

System Management Commands4-314• When you start HTTPS, the connection is established in this way:- The client authenticates the server using the serve

Command Line Interface4-324• If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in th

System Management Commands4-334ip telnet serverThis command allows this device to be monitored or configured from Telnet. Use the no form to disable t

Command Line Interface4-344The SSH server on this switch supports both password and public key authentication. If password authentication is specified

System Management Commands4-354firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA Versi

Command Line Interface4-364• The SSH server uses DSA or RSA for key exchange when the client first establishes a connection with the switch, and then

System Management Commands4-374ip ssh authentication-retriesThis command configures the number of times the SSH server attempts to reauthenticate a us

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-384delete public-keyThis command deletes the specified user’s public key.Syntax delete public-key username [dsa | rsa]• userna

System Management Commands4-394Related Commandsip ssh crypto zeroize (4-39)ip ssh save host-key (4-39)ip ssh crypto zeroizeThis command clears the hos

Command Line Interface4-404Example Related Commandsip ssh crypto host-key generate (4-38)show ip sshThis command displays the connection settings used

System Management Commands4-414show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [u

Command Line Interface4-424Example Console#show public-key hostHost:RSA:1024 35 1568499540186766925933394677505461732531367489083654725415020245593199

System Management Commands4-434Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to sw

Command Line Interface4-444logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the loggin

System Management Commands4-454logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to re

Command Line Interface4-464logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to

System Management Commands4-474Related Commandsshow logging (4-47)show loggingThis command displays the configuration settings for logging messages to

Description of Software Features1-31Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate l

Command Line Interface4-484The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-52)show logThis com

System Management Commands4-494ExampleThe following example shows sample messages stored in RAM.SMTP Alert CommandsThese commands configure SMTP event

Command Line Interface4-504Command Mode Global ConfigurationCommand Usage • You can specify up to three SMTP servers for event handing. However, you m

System Management Commands4-514logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages. Use the n

Command Line Interface4-524logging sendmailThis command enables SMTP event handling. Use the no form to disable this function.Syntax[no] logging sendm

System Management Commands4-534Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintain

Command Line Interface4-544Example Related Commandssntp server (4-54)sntp poll (4-55)show sntp (4-55)sntp serverThis command sets the IP address of th

System Management Commands4-554sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use t

Command Line Interface4-564clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours minute

System Management Commands4-574Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Apr

20 MasonIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100/1000Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsSepte

Introduction1-41seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate w

Command Line Interface4-584Command Usage • Use this command in conjunction with the show running-config command to compare the information in running

System Management Commands4-594Related Commandsshow running-config (4-59)show running-configThis command displays the configuration information curren

Command Line Interface4-604Example Related Commandsshow startup-config (4-57)Console#show running-configbuilding startup-config, please wait...!phym

System Management Commands4-614show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComman

Command Line Interface4-624Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index

System Management Commands4-634Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synt

Command Line Interface4-644• Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second. (See the swi

Flash/File Commands4-654• https-certificate - Copies an HTTPS certificate from an TFTP server to the switch.• public-key - Keyword that allows you to

Command Line Interface4-664Example The following example shows how to upload the configuration settings to a file on the TFTP server:The following exa

Flash/File Commands4-674This example shows how to copy a public-key used by SSH from a TFTP server. Note that public key authentication via SSH is onl

Description of Software Features1-51Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interf

Command Line Interface4-684dirThis command displays a list of files in flash memory.Syntax dir [unit:] {{boot-rom: | config: | opcode:} [:filename]}Th

Flash/File Commands4-694whichbootThis command displays which files were booted when the system powered up.Syntax whichboot [unit]unit - Stack unit. (A

Command Line Interface4-704Command Usage • A colon (:) is required after the specified unit number and file type. • If the file contains an error, it

Authentication Commands4-714authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the de

Command Line Interface4-724authentication enableThis command defines the authentication method and precedence to use when changing from Exec command m

Authentication Commands4-734Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connectio

Command Line Interface4-744radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each

Authentication Commands4-754Command Mode Global ConfigurationExample radius-server keyThis command sets the RADIUS encryption key. Use the no form to

Command Line Interface4-764radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS server. Use

Authentication Commands4-774TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses soft

Introduction1-61System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch d

Command Line Interface4-784Command Mode Global ConfigurationExample tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to

Authentication Commands4-794Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch s

Command Line Interface4-804Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

Authentication Commands4-814802.1X Port AuthenticationThe switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized acc

Command Line Interface4-824dot1x defaultThis command sets all configurable dot1x global and port settings to their default values.Command ModeGlobal C

Authentication Commands4-834Defaultforce-authorizedCommand ModeInterface ConfigurationExampledot1x operation-modeThis command allows single or multipl

Command Line Interface4-844dot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-authenticate

Authentication Commands4-854Command ModeInterface ConfigurationExampledot1x timeout re-authperiodThis command sets the time period after which a conne

Command Line Interface4-864Exampleshow dot1xThis command shows general port authentication related settings on the switch or a specific interface.Synt

Authentication Commands4-874• 802.1X Port Details – Displays the port access control parameters for each interface, including the following items:- re

System Defaults1-71Port Configuration Admin Status EnabledAuto-negotiation EnabledFlow Control DisabledRate Limiting Input and output limits DisabledP

Command Line Interface4-884ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status O

Access Control List Commands4-894Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

Command Line Interface4-904IP ACLs access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs.

Access Control List Commands4-914Related Commandspermit, deny 4-91ip access-group (4-93)show ip access-list (4-93)permit, deny (Standard ACL) This com

Command Line Interface4-924Syntax[no] {permit | deny} [protocol-number | udp] {any | source address-bitmask | host source} {any | destination address-

Access Control List Commands4-934This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP po

Command Line Interface4-944Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a different AC

Access Control List Commands4-954MAC ACLsThe commands in this section configure ACLs based on hardware addresses, packet format, and Ethernet type. To

Command Line Interface4-964permit, deny (MAC ACL)This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or de

Access Control List Commands4-974Default SettingNoneCommand ModeMAC ACLCommand Usage• New rules are added to the end of the list.• The ethertype optio

Introduction1-81System Log Status EnabledMessages Logged Levels 0-7 (all)Messages Logged to Flash Levels 0-3SMTP Email Alerts Event Handler Enabled (b

Command Line Interface4-984mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the port.Syntaxmac access-group acl_name

Access Control List Commands4-994ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined mask

Command Line Interface4-1004SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP),

SNMP Commands4-1014snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no for

Command Line Interface4-1024Examplesnmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove th

SNMP Commands4-1034• private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Command Mode Global

Command Line Interface4-1044Command Mode Global ConfigurationExample Related Commandssnmp-server contact (4-103)snmp-server host This command specifie

SNMP Commands4-1054• SNMP Version: 1• UDP Port: 162Command Mode Global ConfigurationCommand Usage • If you do not enter an snmp-server host command, n

Command Line Interface4-1064supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notific

SNMP Commands4-1074conjunction with the corresponding entries in the Notify View assigned by the snmp-server group command (page 4-110).Example Relate

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1084fill the octet. For example, entering the value “123456789” results in an engine ID of “1234567890.”• A local engine ID i

SNMP Commands4-1094snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Syntax

Command Line Interface4-1104show snmp viewThis command shows information on the SNMP views.Command Mode Privileged ExecExample snmp-server groupThis c

SNMP Commands4-1114Default Setting • Default groups: public17 (read only), private18 (read/write)• readview - Every object belonging to the Internet O

Command Line Interface4-1124show snmp groupFour default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only acc

SNMP Commands4-1134snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify View. Use

Command Line Interface4-1144Default Setting None Command Mode Global ConfigurationCommand Usage • The SNMP engine ID is used to compute the authentica

SNMP Commands4-1154show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngineId: 8000

Command Line Interface4-1164Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link

Interface Commands4-1174Command Mode Global Configuration Example To specify port 24, enter the following command:descriptionThis command adds a descr

Initial Configuration2-22• Configure up to 32 static or LACP trunks• Enable port mirroring• Set broadcast storm control on any port• Display system in

Command Line Interface4-1184Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex se

Interface Commands4-1194• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Example Th

Command Line Interface4-1204Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Command

Interface Commands4-1214ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-118)capabilities (flowcontrol, sym

Command Line Interface4-1224switchport broadcast packet-rateThis command configures broadcast storm control. Use the no form to disable broadcast stor

Interface Commands4-1234Command Mode Privileged ExecCommand Usage Statistics are only initialized for a power reset. This command sets the base value

Command Line Interface4-1244Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]int

Interface Commands4-1254Example show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.

Command Line Interface4-1264Example This example shows the configuration setting for port 24. Console#show interfaces switchport ethernet 1/24 Broadca

Mirror Port Commands4-1274Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comma

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1284Example The following example configures the switch to mirror received packets from port 6 to 11:show port monitorThis com

Rate Limit Commands4-1294Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic received on an interface.

Command Line Interface4-1304Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of

Link Aggregation Commands4-1314Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding

Command Line Interface4-1324Example The following example creates trunk 1 and then adds port 11:lacpThis command enables 802.3ad Link Aggregation Cont

Link Aggregation Commands4-1334ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other en

Command Line Interface4-1344Command Mode Interface Configuration (Ethernet)Command Usage • Port must be configured with the same system priority to jo

Link Aggregation Commands4-1354• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Confi

Command Line Interface4-1364lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp {

Link Aggregation Commands4-1374Default Setting Port Channel: allCommand Mode Privileged ExecExampleConsole#show lacp 1 countersPort channel : 1 ------

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1384Table 4-48 show lacp internal - display descriptionField DescriptionOper Key Current operational value of the key for

Link Aggregation Commands4-1394Table 4-49 show lacp neighbors - display descriptionField DescriptionPartner Admin System ID LAG partner’s system I

Command Line Interface4-1404Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands4-1414Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com

Command Line Interface4-1424• sort - Sort by address, vlan or interface. Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Addre

Address Table Commands4-1434Example show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Settin

Command Line Interface4-1444Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Spanning Tree Commands4-1454spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Command Line Interface4-1464- This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path

Spanning Tree Commands4-1474Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disc

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1484spanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the no for

Spanning Tree Commands4-1494Default Setting 32768Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device,

Command Line Interface4-1504spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive RSTP/

Spanning Tree Commands4-1514mst vlanThis command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no f

Command Line Interface4-1524Default Setting 32768Command Mode MST ConfigurationCommand Usage • MST priority is used in selecting the root bridge and a

Spanning Tree Commands4-1534revisionThis command configures the revision number for this multiple spanning tree configuration of this switch. Use the

Command Line Interface4-1544specify the maximum number of bridges that will propagate a BPDU. Each bridge decrements the hop count by one before passi

Spanning Tree Commands4-1554• Fast Ethernet – half duplex: 200,000; full duplex: 100,000; trunk: 50,000• Gigabit Ethernet – full duplex: 10,000; trunk

Command Line Interface4-1564Related Commandsspanning-tree cost (4-154)spanning-tree edge-portThis command specifies an interface as an edge port. Use

Spanning Tree Commands4-1574Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, po

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1584• RSTP only works on point-to-point links between two bridges. If you designate a port as a shared link, RSTP is forbidden

Spanning Tree Commands4-1594Example Related Commandsspanning-tree mst port-priority (4-159)spanning-tree mst port-priorityThis command configures the

Command Line Interface4-1604spanning-tree protocol-migrationThis command re-checks the appropriate BPDU format to send on the selected interface. Synt

Spanning Tree Commands4-1614Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the s

Command Line Interface4-1624show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privil

VLAN Commands4-1634VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the s

Command Line Interface4-1644bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] bridge-ext gvr

VLAN Commands4-1654switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Setting Disab

Command Line Interface4-1664garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ def

VLAN Commands4-1674Syntax show garp timer [interface]interface • ethernet unit/port - unit - Stack unit. (Always unit 1) - port - Port number. (Range:

Basic Configuration2-72The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

Command Line Interface4-1684Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes

VLAN Commands4-1694Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.Related Commands show v

Command Line Interface4-1704Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address t

VLAN Commands4-1714switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the def

Command Line Interface4-1724Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Ingress filtering only affects tagged frames.

VLAN Commands4-1734switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Note:

Command Line Interface4-1744Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1:switchpo

VLAN Commands4-1754Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name | private-vla

Command Line Interface4-1764Configuring IEEE 802.1Q TunnelingIEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for c

VLAN Commands4-1774Default Setting DisabledCommand Mode Global ConfigurationCommand Usage QinQ tunnel mode must be enabled on the switch for QinQ inte

Initial Configuration2-82Configuring Access for SNMP Version 3 ClientsTo configure management access for SNMPv3 clients, you need to first create a vi

Command Line Interface4-1784switchport dot1q-tunnel tpidThis command sets the Tag Protocol Identifier (TPID) value of a tunnel port. Use the no form t

VLAN Commands4-1794ExampleRelated Commandsswitchport dot1q-tunnel mode (4-177)Configuring Private VLANsPrivate VLANs provide port-based security and i

Command Line Interface4-1804• up-link - Sepcifies an uplink interface.• down-link - Sepcifies a downlink interface.Default Setting No private VLANs ar

VLAN Commands4-1814Configuring Protocol-based VLANsThe network devices required to support multiple protocols cannot be easily grouped into a common V

Command Line Interface4-1824• protocol - Protocol type. The only option for the llc_other frame type is ipx_raw. The options for all other frames type

VLAN Commands4-1834- If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface.Exam

Command Line Interface4-1844Command Mode Privileged ExecExample This shows that traffic entering Port 1 that matches the specifications for protocol g

Priority Commands4-1854queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) prio

Command Line Interface4-1864Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero.Comma

Priority Commands4-1874Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights.Example This example shows how t

Managing System Files2-92Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

Command Line Interface4-1884Command Usage • CoS values assigned at the ingress port are also used at the egress port.Example The following example sho

Priority Commands4-1894Example show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface •

Command Line Interface4-1904Syntax [no] map ip dscpDefault Setting DisabledCommand Mode Global ConfigurationCommand Usage • The precedence for priorit

Priority Commands4-1914Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP DSCP, an

Command Line Interface4-1924Example Related Commands map ip dscp (Global Configuration) (4-189)map ip dscp (Interface Configuration) (4-190)Quality of

Quality of Service Commands4-1934To create a service policy for a specific category of ingress traffic, follow these steps:1. Use the class-map comman

Command Line Interface4-1944class-mapThis command creates a class map used for matching packets to the specified class, and enters Class Map configura

Quality of Service Commands4-1954• vlan - A VLAN. (Range:1-4094)Default Setting NoneCommand Mode Class Map ConfigurationCommand Usage • First enter th

Command Line Interface4-1964Command Usage • Use the policy-map command to specify the name of the policy map, and then use the class command to config

Quality of Service Commands4-1974Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “r

Initial Configuration2-102

Command Line Interface4-1984policeThis command defines an policer for classified traffic. Use the no form to remove a policer.Syntax [no] police rate-

Quality of Service Commands4-1994service-policyThis command applies a policy map defined by the policy-map command to the ingress queue of a particula

Command Line Interface4-2004Exampleshow policy-map This command displays the QoS policy maps which define classification criteria for incoming traffic

Example4-2014Command Mode Privileged ExecExample Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for a

Command Line Interface4-2024ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp snoop

Multicast Filtering Commands4-2034ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Sy

Command Line Interface4-2044• The leave-proxy feature does not function when a switch is set as the querier.Example ip igmp snooping immediate-leaveTh

Multicast Filtering Commands4-2054Example The following shows the current IGMP snooping configuration:show mac-address-table multicast This command sh

Command Line Interface4-2064IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form

Multicast Filtering Commands4-2074Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier w

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the

Command Line Interface4-2084ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the def

Multicast Filtering Commands4-2094Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this comman

Command Line Interface4-2104Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Ther

Multicast Filtering Commands4-2114IGMP Filtering and Throttling CommandsIn certain switch applications, the administrator may want to control the mult

Command Line Interface4-2124• The IGMP filtering feature operates in the same manner when MVR is used to forward multicast traffic.Example ip igmp pro

Multicast Filtering Commands4-2134• When the access mode is set to permit, IGMP join reports are processed when a multicast group falls within the con

Command Line Interface4-2144Command Mode Interface ConfigurationCommand Usage • The IGMP filtering profile must first be created with the ip igmp prof

Multicast Filtering Commands4-2154Example ip igmp max-groups actionThis command sets the IGMP throttling action for an interface on the switch. Syntax

Command Line Interface4-2164Command Mode Privileged ExecExample show ip igmp profileThis command displays IGMP filtering profiles created on the switc

Multicast Filtering Commands4-2174- -port - Port number. (Range: 1-29)• port-channel channel-id (Range: 1-32) Default Setting NoneCommand Mode Privile

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2184mvr (Global Configuration)This command enables Multicast VLAN Registration (MVR) globally on the switch, statically config

Multicast Filtering Commands4-2194mvr (Interface Configuration)This command configures an interface as an MVR receiver or source port using the type k

Command Line Interface4-2204Command Usage • A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave mu

Multicast Filtering Commands4-2214show mvr This command shows information about the global MVR configuration settings when entered without any keyword

Command Line Interface4-2224The following displays information about the interfaces attached to the MVR VLAN:The following shows information about the

IP Interface Commands4-2234IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for

Command Line Interface4-2244• If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been receive

IP Interface Commands4-2254ip dhcp restart This command submits a BOOTP or DHCP client request.Default Setting NoneCommand Mode Privileged ExecCommand

Command Line Interface4-2264show ip redirectsThis command shows the default gateway configured for this device.Default Setting NoneCommand Mode Privil

IP Source Guard Commands4-2274Example Related Commands interface (4-116)IP Source Guard CommandsIP Source Guard is a security feature that filters IP

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Command Line Interface4-2284Syntax ip source-guard {sip | sip-mac}no ip source-guard • sip - Filters traffic based on IP addresses stored in the bindi

IP Source Guard Commands4-2294is static IP source guard binding, static DHCP snooping binding or dynamic DHCP snooping binding, the packet will be for

Command Line Interface4-2304table, or static addresses configured in the source guard binding table with this command.• Static bindings are processed

DHCP Snooping Commands4-2314ExampleDHCP Snooping CommandsDHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices w

Command Line Interface4-2324firewall. When DHCP snooping is enabled globally by this command, and enabled on a VLAN interface by the ip dhcp snooping

DHCP Snooping Commands4-2334receives an ACK message from a DHCP server. Also, when the switch sends out DHCP client packets for itself, no filtering t

Command Line Interface4-2344Related Commands ip dhcp snooping (4-231)ip dhcp snooping trust (4-234)ip dhcp snooping trustThis command configures the s

DHCP Snooping Commands4-2354ip dhcp snooping verify mac-addressThis command verifies the client’s hardware address stored in the DHCP packet against t

Command Line Interface4-2364identified by the switch port to which they are connected rather than just their MAC address. DHCP client-server exchange

Switch Cluster Commands4-2374show ip dhcp snoopingThis command shows the DHCP snooping configuration settings.Command Mode Privileged ExecExampleshow

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

Command Line Interface4-2384clusterThis command enables clustering on the switch. Use the no form to disable clustering.Syntax [no] clusterDefault Set

Switch Cluster Commands4-2394cluster commanderThis command enables the switch as a cluster Commander. Use the no form to disable the switch as cluster

Command Line Interface4-2404subnet. Cluster IP addresses are assigned to switches when they become Members and are used for communication between Memb

Switch Cluster Commands4-2414Commander is not supported.• There is no need to enter the username and password for access to the Member switch CLI.Exam

Command Line Interface4-2424show cluster candidatesThis command shows the discovered Candidate switches in the network.Command Mode Privileged ExecExa

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Lis

Software SpecificationsA-2AQuality of ServiceDiffServ supports class maps, policy maps, and service policiesAdditional FeaturesBOOTP clientSNTP (Simpl

Management Information BasesA-3ARMON (RFC 1757 groups 1,2,3,9)SNMP (RFC 1157)SNMPv2 (RFC 2571)SNMPv3 (RFC DRAFT 3414, 3410, 2273, 3411, 3415)SNTP (RFC

Software SpecificationsA-4A

B-1Appendix B: Troubleshooting Problems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

Navigating the Web Browser Interface3-53Engine ID Sets the SNMP v3 engine ID on this switch 3-36Remote Engine ID Sets the SNMP v3 engine ID for a remo

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2GARP VLAN Registration Protocol (GVRP)Defines a way for switches to exchange VLAN information in order to register necessary VLAN me

Glossary-3GlossaryIGMP SnoopingListening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups t

GlossaryGlossary-4Multicast SwitchingA process whereby the switch filters incoming multicast frames for services for which no attached host has regist

Glossary-5GlossarySecure Shell (SSH)A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographi

GlossaryGlossary-6Virtual LAN (VLAN)A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical l

Index-1Numerics802.1Q tunnel 3-133, 4-176description 3-133interface configuration 3-138, 4-177–4-178mode selection 3-138TPID 3-137, 4-178802.1X, port

Index-2IndexFfirmwaredisplaying version 3-11, 4-62upgrading 3-18, 4-64GGARP VLAN Registration Protocol See GVRPgateway, default 3-14, 4-224GVRPgloba

Index-3IndexPpassword, line 4-12, 4-13passwords 2-4administrator setting 3-46, 4-25path cost 3-105, 3-112method 3-109, 4-149STA 3-105, 3-112, 4-149por

iContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-6Chapter 2: Initial Configuration 2-1

Configuring the Switch3-63Aggregation Port Configures parameters for link aggregation group members 3-84Port Counters Information Displays statistics

Index-4Indexswitchport mode dot1q-tunnel 4-177system clock, setting 3-31, 4-53system logs 3-25system mode, normal or QinQ 3-137, 4-176system software,

20 Mason • Irvine, CA 92618 • Phn: 949-679-8000 • www.smc.com149100036100A R01SMC8126L2SMC8150L2TECHNICAL SUPPORTFrom U.S.A. and Canada (24 hours a da

Navigating the Web Browser Interface3-73VLAN 3-122802.1Q VLAN3-122GVRP Status Enables GVRP VLAN registration protocol 3-125802.1Q Tunnel Configuration

Configuring the Switch3-83IP DSCP Priority Sets IP Differentiated Services Code Point priority, mapping a DSCP tag to a class-of-service value3-152IP

Navigating the Web Browser Interface3-93Port Configuration Configures MVR interface type and immediate leave status 3-179Trunk Configuration Configure

Configuring the Switch3-103Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location

Basic Configuration3-113CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Infor

Configuring the Switch3-123Web – Click System, Switch Information.Figure 3-4 Switch InformationCLI – Use the following command to display version inf

Basic Configuration3-133Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filterin

Configuring the Switch3-143CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface

Basic Configuration3-153Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, se

ContentsiiSaving or Restoring Configuration Settings 3-19Downloading Configuration Settings from a Server 3-20Console Port Settings 3-21Telnet Sett

Configuring the Switch3-163Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

Basic Configuration3-173Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the web inte

Configuring the Switch3-183• File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period

Basic Configuration3-193To delete a file select System, File, Delete. Select the file name from the given list by checking the tick box and click Appl

Configuring the Switch3-203- tftp to file – Copies a file from a TFTP server to the switch.- tftp to running-config – Copies a file from a TFTP server

Basic Configuration3-213Note: You can also select any configuration file as the start-up configuration by using the System/File/Set Start-Up page.Figu

Configuring the Switch3-223system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next

Basic Configuration3-233CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curren

Configuring the Switch3-243system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next

Basic Configuration3-253CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the

ContentsiiiBinding a Port to an Access Control List 3-73Filtering IP Addresses for Management Access 3-74Port Configuration 3-76Displaying Connecti

Configuring the Switch3-263CLI – This example shows the event message stored in RAM.System Log ConfigurationThe system allows you to enable or disable

Basic Configuration3-273Web – Click System, Log, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash

Configuring the Switch3-283• Host IP Address – Specifies a new server IP address to add to the Host IP List.Web – Click System, Log, Remote Logs. To a

Basic Configuration3-293• Severity – Specifies the degree of urgency that the message carries.• Debugging – Sends a debugging notification. (Level 7)•

Configuring the Switch3-303CLI – Enter the host ip address, followed by the mail severity level, source and destination email addresses and enter the

Basic Configuration3-313Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic upda

Configuring the Switch3-323CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current time and settin

Simple Network Management Protocol3-333Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol design

Configuring the Switch3-343Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-

Simple Network Management Protocol3-353Web – Click SNMP, Configuration. Fill in the IP address and community string for each trap manager that will re

ContentsivProtocol VLAN Group Configuration 3-142Configuring Protocol VLAN Interfaces 3-143Class of Service Configuration 3-144Layer 2 Queue Setting

Configuring the Switch3-363Configuring SNMPv3 Management AccessTo configure SNMPv3 management access to the switch, follow these steps:1. If you want

Simple Network Management Protocol3-373Specifying a Remote Engine IDTo send inform messages to an SNMPv3 user on a remote device, you must first speci

Configuring the Switch3-383• Level – The security level used for the user:- noAuthNoPriv – There is no authentication or encryption used in SNMP commu

Simple Network Management Protocol3-393Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and as

Configuring the Switch3-403Configuring Remote SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific secu

Simple Network Management Protocol3-413CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3

Configuring the Switch3-423topologyChange 1.3.6.1.2.1.17.0.2 A topologyChange trap is sent by a bridge when any of its configured ports transitions fr

Simple Network Management Protocol3-433Private TrapsswPowerStatus ChangeTrap1.3.6.1.4.1.202.20.68.2.1.0.1 This trap is sent when the power state chang

Configuring the Switch3-443Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a securi

Simple Network Management Protocol3-453Setting SNMPv3 Views SNMPv3 views are used to restrict user access to specified portions of the MIB tree. The p

ContentsvDHCP Snooping Information Option Configuration 3-188DHCP Snooping Port Configuration 3-189DHCP Snooping Binding Information 3-190IP Source

Configuring the Switch3-463CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and

User Authentication3-473• New Account – Displays configuration settings for a new account.- User Name – The name of the user. (Maximum length: 8 chara

Configuring the Switch3-483Configuring Local/Remote Logon AuthenticationUse the Authentication Settings menu to restrict management access based on sp

User Authentication3-493Command Attributes• Authentication – Select the authentication, or authentication sequence required:- Local – User authenticat

Configuring the Switch3-503Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authent

User Authentication3-513CLI – Specify all the required parameters to enable logon authentication.Console(config)#authentication login radius 4-71Conso

Configuring the Switch3-523Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Sock

User Authentication3-533CLI – This example enables the HTTP secure server and modifies the port number.Replacing the Default Secure-site CertificateWh

Configuring the Switch3-543Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some o

User Authentication3-5533. Import Client’s Public Key to the Switch – Use the copy tftp public-key command (4-64) to copy a file containing the public