Accton-technology ES4512C Instrukcja Użytkownika

www.edge-core.comManagement GuidePowered by AcctonES4512CES4524CES4548C12/24/48-Port GigabitIntelligent Switch

Contentsvilogging facility 4-45logging trap 4-46clear logging 4-46show logging 4-47SMTP Alert Commands 4-48logging sendmail host 4-49logging sen

Configuring the Switch3-623Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mas

Access Control Lists3-633CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules

Configuring the Switch3-643Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egres

Port Configuration3-653• Forced Mode1 – Shows the forced/preferred port type to use for combination ports 21-24 or 45-48. (Copper-Forced, Copper-Prefe

Configuring the Switch3-663• Broadcast storm – Shows if broadcast storm control is enabled or disabled.• Broadcast storm limit – Shows the broadcast s

Port Configuration3-673Configuring Interface ConnectionsYou can use the Port Configuration or Trunk Configuration page to enable/disable an interface,

Configuring the Switch3-683• Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups”

Port Configuration3-693Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk offer

Configuring the Switch3-703Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of differ

Port Configuration3-713CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to

Contentsviitacacs-server host 4-74tacacs-server port 4-74tacacs-server key 4-75show tacacs-server 4-75Port Security Commands 4-76port security 4

Configuring the Switch3-723Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After y

Port Configuration3-733Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following

Configuring the Switch3-743Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can

Port Configuration3-753CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports 5

Configuring the Switch3-763Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters I

Port Configuration3-773Displaying LACP Settings and Status for the Local SideYou can display configuration settings and the operational state for the

Configuring the Switch3-783Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-

Port Configuration3-793Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for the

Configuring the Switch3-803CLI – The following example displays the LACP configuration settings and operational state for the remote side of port chan

Port Configuration3-813Web – Click Port, Port/Trunk Broadcast Control. Check the Enabled box for any interface, set the threshold and click Apply.Figu

ContentsviiiACL Information 4-111show access-list 4-111show access-group 4-111SNMP Commands 4-112snmp-server community 4-112snmp-server contact

Configuring the Switch3-823Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then

Port Configuration3-833Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or received

Configuring the Switch3-843Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like M

Port Configuration3-853Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been dete

Configuring the Switch3-863Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of goo

Port Configuration3-873Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the b

Configuring the Switch3-883CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices. T

Address Table Settings3-893Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address

Configuring the Switch3-903Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN check

Spanning Tree Algorithm Configuration3-913Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attribut

Contentsixlacp admin-key (Port Channel) 4-142lacp port-priority 4-142show lacp 4-143Address Table Commands 4-147mac-address-table static 4-148cle

Configuring the Switch3-923Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transm

Spanning Tree Algorithm Configuration3-933• Hello Time – Interval (in seconds) at which the root device transmits a configuration message. • Forward D

Configuring the Switch3-943information that would make it return to a discarding state; otherwise, temporary data loops might result.• Root Hold Time

Spanning Tree Algorithm Configuration3-953CLI – This command displays global STA settings, followed by settings for each port. Note:The current root p

Configuring the Switch3-963• Multiple Spanning Tree Protocol- To allow multiple spanning trees to operate over the network, you must configure a relat

Spanning Tree Algorithm Configuration3-973• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discardi

Configuring the Switch3-983Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-55. STA Configurat

Spanning Tree Algorithm Configuration3-993CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MST

Configuring the Switch3-1003• Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is

Spanning Tree Algorithm Configuration3-1013• Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for a

Contentsxswitchport allowed vlan 4-177switchport forbidden vlan 4-178Displaying VLAN Information 4-179show vlan 4-179Configuring Private VLANs 4-

Configuring the Switch3-1023CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP and MSTP attr

Spanning Tree Algorithm Configuration3-1033Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port wi

Configuring the Switch3-1043Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Appl

Spanning Tree Algorithm Configuration3-1053To ensure that the MSTI maintains connectivity across the network, you must configure a related set of brid

Configuring the Switch3-1063CLI – This displays STA settings for instance 1, followed by settings for each port. CLI – This example sets the priority

Spanning Tree Algorithm Configuration3-1073Displaying Interface Settings for MSTPThe MSTP Port Information and MSTP Trunk Information pages display th

Configuring the Switch3-1083Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance using the MSTP Por

Spanning Tree Algorithm Configuration3-1093• MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore,

Configuring the Switch3-1103VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into s

VLAN Configuration3-1113Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should

ContentsxiIGMP Query Commands (Layer 2) 4-206ip igmp snooping querier 4-206ip igmp snooping query-count 4-206ip igmp snooping query-interval 4-20

Configuring the Switch3-1123these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine s

VLAN Configuration3-1133Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN

Configuring the Switch3-1143CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VL

VLAN Configuration3-1153Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Type – Shows how this VLAN was added to t

Configuring the Switch3-1163Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbo

VLAN Configuration3-1173Command Attributes• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Name – Name of the VLAN (1 to 32 characters).•

Configuring the Switch3-1183CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VL

VLAN Configuration3-1193Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN id

Configuring the Switch3-1203or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-3000

VLAN Configuration3-1213CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP

Contentsxii

Configuring the Switch3-1223Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports

VLAN Configuration3-1233Configuring Protocol GroupsCreate a protocol group for one or more protocols.Command Attributes• Protocol Group ID – Group ide

Configuring the Switch3-1243- If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN.- If the frame is

Class of Service Configuration3-1253Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precede

Configuring the Switch3-1263Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then

Class of Service Configuration3-1273Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using e

Configuring the Switch3-1283Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to

Class of Service Configuration3-1293Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traf

Configuring the Switch3-1303Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weig

Class of Service Configuration3-1313Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS ValuesThis switch supports several common methods o

xiiiTablesTable 1-1. Key Features 1-1Table 1-2. System Defaults 1-5Table 3-1. Web Page Configuration Buttons 3-3Table 3-2. Switch Main Menu 3-4Tab

Configuring the Switch3-1323Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight diff

Class of Service Configuration3-1333CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to Co

Configuring the Switch3-1343Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service Value f

Class of Service Configuration3-1353Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port numb

Configuring the Switch3-1363CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS va

Class of Service Configuration3-1373Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then

Configuring the Switch3-1383Command Attributes• Port – Port identifier.•Name* – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Prece

Multicast Filtering3-1393Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A mu

Configuring the Switch3-1403Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Bas

Multicast Filtering3-1413Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default setti

xivTablesTable 4-27. Authentication Sequence Commands 4-69Table 4-28. RADIUS Client Commands 4-71Table 4-29. TACACS+ Client Commands 4-74Table 4-30

Configuring the Switch3-1423Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informa

Multicast Filtering3-1433Specifying Static Interfaces for a Multicast RouterDepending on your network connections, IGMP snooping may not always be abl

Configuring the Switch3-1443Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multic

Multicast Filtering3-1453Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query me

Configuring the Switch3-1463Configuring Domain Name ServiceThe Domain Naming System (DNS) service on this switch allows host names to be mapped to IP

Configuring Domain Name Service3-1473Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more

Configuring the Switch3-1483Configuring Static DNS Host to Address EntriesYou can manually configure static entries in the DNS table that are used to

Configuring Domain Name Service3-1493Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply.

Configuring the Switch3-1503Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name servers.Fi

Configuring Domain Name Service3-1513CLI - This example displays all the resource records learned from the designated name servers.Console#show dns ca

xvFiguresFigure 3-1. Home Page 3-2Figure 3-2. Front Panel Indicators 3-3Figure 3-3. System Information 3-9Figure 3-4. Switch Information 3-11Figur

Configuring the Switch3-1523

4-1Chapter 4: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface4-24To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands4-34Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface4-44Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the curren

Entering Commands4-54Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pr

Command Line Interface4-64Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display i

Entering Commands4-74Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify

Command Line Interface4-84To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to ret

Entering Commands4-94Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

FiguresxviFigure 3-43. LACP - Aggregation Port 3-74Figure 3-44. LACP - Port Counters Information 3-76Figure 3-45. LACP - Port Internal Information

Command Line Interface4-104Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4. Command Group Index

Line Commands4-114The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) P

Command Line Interface4-124lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax

Line Commands4-134Command Usage • There are three authentication modes provided by the switch itself at login:- login selects authentication by a sing

Command Line Interface4-144number of times a user can enter an incorrect password before the system terminates the line connection and returns the ter

Line Commands4-154password-threshThis command sets the password intrusion threshold which limits the number of failed logon attempts. Use the no form

Command Line Interface4-164Example To set the silent time to 60 seconds, enter this command:Related Commands password-thresh (4-15)databitsThis comman

Line Commands4-174parityThis command defines the generation of a parity bit. Use the no form to restore the default setting.Syntax parity {none | even

Command Line Interface4-184Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on

Line Commands4-194Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an acti

FiguresxviiFigure 3-88. DNS General Configuration 3-147Figure 3-89. DNS Static Host Table 3-149Figure 3-90. DNS Cache 3-150

Command Line Interface4-204General CommandsenableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, a

General Commands4-214Example Related Commands disable (4-21)enable password (4-27)disableThis command returns to Normal Exec mode from privileged mode

Command Line Interface4-224Related Commands end (4-23)show historyThis command shows the contents of the command history buffer.Default Setting NoneCo

General Commands4-234Command Mode Privileged ExecCommand Usage This command resets the entire system.Example This example shows how to reset the switc

Command Line Interface4-244quitThis command exits the configuration program.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Usage

System Management Commands4-254Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.

Command Line Interface4-264Example User Access CommandsThe basic commands required for management access are listed in this section. This switch also

System Management Commands4-274Command Mode Global ConfigurationCommand Usage The encrypted password is required for compatibility with legacy passwor

Command Line Interface4-284Example Related Commandsenable (4-20)IP Filter CommandsmanagementThis command specifies the client IP addresses that are al

System Management Commands4-294• When entering addresses for the same group (i.e., SNMP, Web or Telnet), the switch will not accept overlapping addres

Figuresxviii

Command Line Interface4-304Web Server Commandsip http portThis command specifies the TCP port number used by the Web browser interface. Use the no for

System Management Commands4-314Example Related Commandsip http port (4-30)ip http secure-serverThis command enables the secure hypertext transfer prot

Command Line Interface4-324Example Related Commandsip http secure-port (4-32)copy tftp https-certificate (4-63)ip http secure-portThis command specifi

System Management Commands4-334Telnet Server Commandsip telnet portThis command specifies the TCP port number used by the Telnet interface. Use the no

Command Line Interface4-344Related Commandsip telnet port (4-33)Secure Shell CommandsThe Berkley-standard includes remote access tools originally desi

System Management Commands4-354The SSH server on this switch supports both password and public key authentication. If password authentication is speci

Command Line Interface4-364corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this proce

System Management Commands4-374ip ssh timeoutUse this command to configure the timeout for the SSH server. Use the no form to restore the default sett

Command Line Interface4-384Example Related Commandsshow ip ssh (4-40)ip ssh server-key sizeUse this command to set the SSH server key size. Use the no

System Management Commands4-394Example ip ssh crypto host-key generateUse this command to generate the host key pair (i.e., public and private). Synta

1-1Chapter 1: IntroductionThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to conf

Command Line Interface4-404Command Mode Privileged ExecCommand Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh

System Management Commands4-414Example show sshUse this command to display the current SSH server connections.Command Mode Privileged ExecExample Cons

Command Line Interface4-424show public-keyUse this command to show the public key for the specified user or for the host.Syntax show public-key [user

System Management Commands4-434Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to sw

Command Line Interface4-444logging historyThis command limits syslog messages saved to switch memory based on severity. The no form returns the loggin

System Management Commands4-454logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to re

Command Line Interface4-464logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to

System Management Commands4-474Related Commandsshow logging (4-47)show loggingThis command displays the logging configuration, along with any system a

Command Line Interface4-484The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-51)SMTP Alert Comma

System Management Commands4-494logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an

Introduction1-21Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates t

Command Line Interface4-504Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the conf

System Management Commands4-514Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to s

Command Line Interface4-524Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP), or by using

System Management Commands4-534Example Related Commandssntp server (4-53)sntp poll (4-54)show sntp (4-54)sntp serverThis command sets the IP address o

Command Line Interface4-544sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the n

System Management Commands4-554clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours min

Command Line Interface4-564Default Setting NoneCommand Mode Privileged ExecExample This example shows how to set the system clock to 15:12:34, Februar

System Management Commands4-574System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile memory tha

Command Line Interface4-584Example Related Commandsshow running-config (4-58)show running-configThis command displays the configuration information c

System Management Commands4-594- VLAN configuration settings for each interface- Multiple spanning tree instances (name and interfaces)- IP address co

Description of Software Features1-31Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach

Command Line Interface4-604Related Commandsshow startup-config (4-57)show systemThis command displays system information.Default Setting NoneCommand M

System Management Commands4-614show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client

Command Line Interface4-624Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Syntax [

Flash/File Commands4-634Example Flash/File CommandsThese commands are used to manage the system code or configuration files.copy This command moves

Command Line Interface4-644Command Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy command. • The destin

Flash/File Commands4-654The following example shows how to download a configuration file: This example shows how to copy a secure-site certificate fro

Command Line Interface4-664Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cf

Flash/File Commands4-674Example The following example shows how to display all file information:whichbootThis command displays which files were booted

Command Line Interface4-684Default Setting NoneCommand Mode Global ConfigurationCommand Usage • A colon (:) is required after the specified file type.

Authentication Commands4-694Authentication Sequenceauthentication loginThis command defines the login authentication method and precedence. Use the no

Introduction1-41Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spann

Command Line Interface4-704authentication enableThis command defines the authentication method and precedence to use when changing from Exec command m

Authentication Commands4-714RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software run

Command Line Interface4-724Default Setting 1812Command Mode Global ConfigurationExample radius-server keyThis command sets the RADIUS encryption key.

Authentication Commands4-734Example radius-server timeoutThis command sets the interval between transmitting authentication requests to the RADIUS ser

Command Line Interface4-744TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses softw

Authentication Commands4-754Command Mode Global ConfigurationExample tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to

Command Line Interface4-764Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch st

Authentication Commands4-774Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

Command Line Interface4-784802.1x Port AuthenticationThe switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized acce

Authentication Commands4-794dot1x defaultThis command sets all configurable dot1x global and port settings to their default values.Syntaxdot1x default

System Defaults1-51System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switc

Command Line Interface4-804dot1x port-controlThis command sets the dot1x mode on a port interface. Use the no form to restore the default.Syntaxdot1x

Authentication Commands4-814Command Usage • The “max-count” parameter specified by this command is only effective if the dot1x mode is set to “auto” b

Command Line Interface4-824dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceeded

Authentication Commands4-834dot1x timeout tx-periodThis command sets the time that the switch waits during an authentication session before re-transmi

Command Line Interface4-844(page 4-79). It also displays the following global parameters which are set to a fixed value, including the following items

Authentication Commands4-854ExampleConsole#show dot1xGlobal 802.1X Parameters reauth-enabled: yes reauth-period: 3600 quiet-period: 60 tx-period:

Command Line Interface4-864Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

Access Control List Commands4-8743. User-defined rules in the Ingress MAC ACL for ingress ports.4. User-defined rules in the Ingress IP ACL for ingres

Command Line Interface4-884access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the

Access Control List Commands4-894permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packe

Introduction1-61Port Configuration Admin Status EnabledAuto-negotiation EnabledFlow Control DisabledPort Capability 1000BASE-T –10 Mbps half duplex10

Command Line Interface4-904permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets wi

Access Control List Commands4-914Command Usage• All new rules are appended to the end of the list.• Address bitmasks are similar to a subnet mask, con

Command Line Interface4-924Related Commandsaccess-list ip (4-88)show ip access-list This command displays the rules for configured IP ACLs.Syntaxshow

Access Control List Commands4-934Command Usage• A mask can only be used by all ingress ACLs or all egress ACLs.• The precedence of the ACL rules appli

Command Line Interface4-944Command ModeIP MaskCommand Usage• Packets crossing a port are checked against all the rules in the ACL until a match is fou

Access Control List Commands4-954This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit

Command Line Interface4-964This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets.

Access Control List Commands4-974Related Commandsmask (IP ACL) (4-93)ip access-group This command binds a port to an IP ACL. Use the no form to remove

Command Line Interface4-984Related Commandsip access-group (4-97)map access-list ip This command sets the output queue for packets matching an ACL rul

Access Control List Commands4-994show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS valu

System Defaults1-71IP Settings IP Address 0.0.0.0Subnet Mask 255.0.0.0Default Gateway 0.0.0.0DHCP Client: EnabledBOOTP DisabledDNS Server Lookup Disa

Command Line Interface4-1004Command Usage• You must configure an ACL mask before you can change frame priorities based on an ACL rule.• Traffic priori

Access Control List Commands4-1014MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form

Command Line Interface4-1024Example Related Commandspermit, deny 4-102mac access-group (4-107)show mac access-list (4-103)permit, deny (MAC ACL)This c

Access Control List Commands4-1034• destination – Destination MAC address range with bitmask.• address-bitmask* – Bitmask for MAC address (in hexideci

Command Line Interface4-1044Example Related Commandspermit, deny 4-102mac access-group (4-107)access-list mac mask-precedence This command changes to

Access Control List Commands4-1054mask (MAC ACL)This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header.

Command Line Interface4-1064ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the r

Access Control List Commands4-1074show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs.Syntaxshow acc

Command Line Interface4-1084Related Commandsshow mac access-list (4-103)show mac access-groupThis command shows the ports assigned to MAC ACLs.Command

Access Control List Commands4-1094Example Related Commandsqueue cos-map (4-194)show map access-list mac (4-109) show map access-list mac This command

Installation GuideES4512C 12-Port Gigabit Intelligent SwitchLayer 2 Workgroup Switchwith 12 1000BASE-T (RJ-45) Ports,and 4 Combination (RJ-45/SFP) Por

Introduction1-81

Command Line Interface4-1104match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined ACL rule. (Thi

Access Control List Commands4-1114ACL Informationshow access-listThis command shows all ACLs and associated rules, as well as all the user-defined mas

Command Line Interface4-1124SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP),

SNMP Commands4-1134Example snmp-server contactThis command sets the system contact string. Use the no form to remove the system contact information.Sy

Command Line Interface4-1144Related Commandssnmp-server contact (4-113)snmp-server host This command specifies the recipient of a Simple Network Manag

SNMP Commands4-1154Related Commandssnmp-server enable traps (4-115)snmp-server enable trapsThis command enables this device to send Simple Network Man

Command Line Interface4-1164Command Usage This command provides information on the community access strings, counter information for SNMP input and ou

DNS Commands4-1174DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS

Command Line Interface4-1184Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than

DNS Commands4-1194Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commands ip domain-list (4-119)ip name-server (4-120)ip domain-l

2-1Chapter 2: Initial ConfigurationConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent off

Command Line Interface4-1204ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-name (

DNS Commands4-1214ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (4-118)ip do

Command Line Interface4-1224ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (4-118)ip name-server

DNS Commands4-1234show dnsThis command displays the configuration of the DNS server.Command Mode Privileged ExecExampleshow dns cacheThis command disp

Command Line Interface4-1244clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleConsole#clear dns cache

Interface Commands4-1254Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Command Line Interface4-1264Command Mode Global Configuration Example To specify port 24, enter the following command:descriptionThis command adds a d

Interface Commands4-1274Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Command Line Interface4-1284• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Exampl

Interface Commands4-1294Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Commands ne

Initial Configuration2-22• Enable port mirroring• Set broadcast storm control on any port• Display system information and statistics Required Connecti

Command Line Interface4-1304ExampleThe following example enables flow control on port 5.Related Commands negotiation (4-127)capabilities (flowcontrol,

Interface Commands4-1314Default Setting All interfaces are enabled.Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This com

Command Line Interface4-1324Example The following shows how to configure broadcast storm control at 600 packets per second: clear countersThis command

Interface Commands4-1334show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface • e

Command Line Interface4-1344show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface •

Interface Commands4-1354show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax s

Command Line Interface4-1364Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis com

Mirror Port Commands4-1374Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attac

Command Line Interface4-1384Example The following shows mirroring configured from port 6 to port 11:Rate Limit CommandsThis function allows the networ

Link Aggregation Commands4-1394ExampleLink Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the ba

Basic Configuration2-32Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a va

Command Line Interface4-1404• All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specifie

Link Aggregation Commands4-1414lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

Command Line Interface4-1424lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default set

Link Aggregation Commands4-1434lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to re

Command Line Interface4-1444lacp admin-key (Port Channel)This command configures a port channel's LACP administration key string. Use the no form

Link Aggregation Commands4-1454Command Mode Interface Configuration (Ethernet)Command Usage • Setting a lower value indicates a higher effective prior

Command Line Interface4-1464ExampleConsole#show lacp 1 countersChannel group : 1 ---------------------------------------------------------------------

Link Aggregation Commands4-1474Console#show lacp 1 internalChannel group : 1-------------------------------------------------------------------------O

Command Line Interface4-1484 Console#show lacp 1 neighborsChannel group 1 neighbors-------------------------------------------------------------------

Address Table Commands4-1494Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Initial Configuration2-42Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defau

Command Line Interface4-1504mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an a

Address Table Commands4-1514clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the transm

Command Line Interface4-152400-00-00-00-00-00 means an exact match, and a mask of FF-FF-FF-FF-FF-FF means “any.”• The maximum number of address entrie

Spanning Tree Commands4-1534Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swi

Command Line Interface4-1544spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Synta

Spanning Tree Commands4-1554Command Usage • Spanning Tree ProtocolUses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This create

Command Line Interface4-1564Default Setting 15 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) t

Spanning Tree Commands4-1574spanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the no for

Command Line Interface4-1584Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device, root port, and design

Spanning Tree Commands4-1594spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive RSTP/

Basic Configuration2-52Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

Command Line Interface4-1604mst vlanThis command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no f

Spanning Tree Commands4-1614mst priorityThis command configures the priority of a spanning tree instance. Use the no form to restore the default.Synta

Command Line Interface4-1624Command Usage The MST region name and revision number (page 4-162) are used to designate a unique MST region. A bridge (i.

Spanning Tree Commands4-1634max-hopsThis command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to re

Command Line Interface4-1644spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to rest

Spanning Tree Commands4-1654Default Setting 128Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the p

Command Line Interface4-1664Example Related Commandsspanning-tree portfast (4-166)spanning-tree portfastThis command sets an interface to fast forward

Spanning Tree Commands4-1674spanning-tree link-typeThis command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the n

Command Line Interface4-1684Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex:

Spanning Tree Commands4-1694interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. • W

Initial Configuration2-625. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Ente

Command Line Interface4-1704show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the mu

Spanning Tree Commands4-1714ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------

Command Line Interface4-1724show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Syntax show spannin

VLAN Commands4-1734Editing VLAN Groupsvlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Defa

Command Line Interface4-1744vlanThis command configures a VLAN. Use the no form to restore the default settings or delete a VLAN.Syntax vlan vlan-id [

VLAN Commands4-1754Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLA

Command Line Interface4-1764switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax

VLAN Commands4-1774Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage When set to receive all frame types, any received frames

Command Line Interface4-1784Example The following example shows how to set the interface to port 1 and then enable ingress filtering:switchport native

VLAN Commands4-1794switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

Basic Configuration2-72To configure a community string, complete the following steps:1. From the Privileged Exec level global configuration mode promp

Command Line Interface4-1804switchport forbidden vlanThis command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.Sy

VLAN Commands4-1814Displaying VLAN Informationshow vlanThis command shows VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keywor

Command Line Interface4-1824Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. T

VLAN Commands4-1834show pvlanThis command displays the configured private VLAN.Command Mode Privileged ExecExampleConfiguring Protocol-based VLANsThe

Command Line Interface4-1844protocol-vlan protocol-group (Configuring Groups)This command creates a protocol group, or to add specific protocols to a

VLAN Commands4-1854Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of

Command Line Interface4-1864show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for the selected

GVRP and Bridge Extension Commands4-1874GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN

Command Line Interface4-1884show bridge-extThis command shows the configuration for bridge extension commands.Default Setting NoneCommand Mode Privile

GVRP and Bridge Extension Commands4-1894show gvrp configurationThis command shows if GVRP is enabled.Syntax show gvrp configuration [interface]interfa

Initial Configuration2-822. Enter the name of the start-up file. Press <Enter>.Managing System FilesThe switch’s flash memory supports three typ

Command Line Interface4-1904Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes f

Priority Commands4-1914Related Commandsgarp timer (4-189)Priority CommandsThe commands described in this section allow you to specify which data packe

Command Line Interface4-1924queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS)

Priority Commands4-1934switchport priority defaultThis command sets a priority for incoming untagged frames. Use the no form to restore the default va

Command Line Interface4-1944queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queue

Priority Commands4-1954Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for eac

Command Line Interface4-1964Example show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the eight priori

Priority Commands4-1974Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration)This command enables IP port mapping (i.e., class o

Command Line Interface4-1984Example The following example shows how to enable TCP/UDP port mapping globally:map ip port (Interface Configuration)This

Priority Commands4-1994Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP

3-1Chapter 3: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the

Command Line Interface4-2004map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping).

Priority Commands4-2014Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specifie

Command Line Interface4-2024Default Setting NoneCommand ModePrivileged ExecExample The following shows that HTTP traffic has been mapped to CoS value

Priority Commands4-2034Example Related Commands map ip port (Global Configuration) (4-197)map ip precedence (Interface Configuration) (4-199) show map

Command Line Interface4-2044Example Related Commands map ip dscp (Global Configuration) (4-200)map ip dscp (Interface Configuration) (4-200)Multicast

Multicast Filtering Commands4-2054ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp

Command Line Interface4-2064ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Syntax i

Multicast Filtering Commands4-2074Example The following shows the current IGMP snooping configuration:show mac-address-table multicast This command sh

Command Line Interface4-2084IGMP Query Commands (Layer 2) ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form

Multicast Filtering Commands4-2094Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier w

ES4512CES4524CES4548CE052005-R02

Configuring the Switch3-23Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and password. The a

Command Line Interface4-2104ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore the def

Multicast Filtering Commands4-2114Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this comman

Command Line Interface4-2124Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Ther

IP Interface Commands4-2134IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for

Command Line Interface4-2144• If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been receive

IP Interface Commands4-2154Related Commands ip address (4-213)ip default-gatewayThis command establishes a static route between this switch and manag

Command Line Interface4-2164Related Commands show ip redirects (4-216)show ip redirectsThis command shows the default gateway configured for this devi

IP Interface Commands4-2174- Network or host unreachable - The gateway found no corresponding entry in the route table. • Press <Esc> to stop pi

Command Line Interface4-2184

A-1Appendix A: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control Lis

Navigating the Web Browser Interface3-33Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration chang

Software SpecificationsA-2AAdditional FeaturesBOOTP clientSNTP (Simple Network Time Protocol)SNMP (Simple Network Management Protocol)RMON (Remote Mon

Management Information BasesA-3ARMON (RFC 1757 groups 1,2,3,9)SNMP (RFC 1157)SNMPv2 (RFC 1907)SNTP (RFC 2030)SSH (Version 2.0)TFTP (RFC 1350)Managemen

Software SpecificationsA-4A

B-1Appendix B: TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet,

TroubleshootingB-2BUsing System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caus

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2GARP VLAN Registration Protocol (GVRP)Defines a way for switches to exchange VLAN information in order to register necessary VLAN me

Glossary-3GlossaryIEEE 802.3xDefines Ethernet frame start/stop requests and timers used for flow control on full-duplex links.IGMP SnoopingListening t

GlossaryGlossary-4Management Information Base (MIB)An acronym for Management Information Base. It is a set of database objects that contains informati

Glossary-5GlossaryRapid Spanning Tree Protocol (RSTP)RSTP reduces the convergence time for network topology changes to about 10% of that required by t

Configuring the Switch3-43Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, o

GlossaryGlossary-6User Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

Index-1Symbols3-31Numerics802.1x, port authentication 3-43, 4-78Aacceptable frame type 3-119, 4-174Access Control List See ACLACLExtended IP 3-53, 4-

Index-2IndexHhardware version, displaying 3-10, 4-61HTTPS 3-34, 4-31HTTPS, secure server 3-34, 4-31IIEEE 802.1D 3-91, 4-152IEEE 802.1s 4-152IEEE 802.1

Index-3IndexQqueue weights 3-129, 4-192RRADIUS, logon authentication 3-31, 4-71rate limits, setting 3-83, 4-136restarting the system 3-25, 4-22RSTP 3-

Index-4IndexWWeb interfaceaccess requirements 3-1configuration buttons 3-3home page 3-2menu list 3-3, 3-4panel display 3-3

ES4512CES4524CES4548CE052005-R02

Navigating the Web Browser Interface3-53 802.1x Port authentication 3-43Information Displays global configuration settings 3-44Configuration Configu

Configuring the Switch3-63Address Table 3-88Static Addresses Displays entries for interface, address or VLAN 3-88Dynamic Addresses Displays or edits

Navigating the Web Browser Interface3-73Protocol VLAN 3-123Configuration Creates a protocol group, specifying the supported protocols 3-123Port Confi

Configuring the Switch3-83DNS 3-146General Configuration Enables DNS; configures domain name and domain list; and specifies IP address of name servers

Basic Configuration3-93Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location and

Configuring the Switch3-103CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch In

Basic Configuration3-113• Redundant Power Status* – Displays the status of the redundant power supply.* CLI only.Management Software• Loader Version –

iContents Chapter 1: Introduction 1-1Key Features 1-1Description of Software Features 1-2System Defaults 1-5Chapter 2: Initial Configuration 2-1

Configuring the Switch3-123Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filte

Basic Configuration3-133CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface for

Configuring the Switch3-143Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached,

Basic Configuration3-153Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by th

Configuring the Switch3-163CLI – Enter the following command to restart DHCP service.Managing FirmwareYou can upload/download firmware to or from a TF

Basic Configuration3-173If you download to a new destination file, then select the file from the drop-down box for the operation code used at startup,

Configuring the Switch3-183Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set

Basic Configuration3-193If you download the startup configuration file under a new file name, you can set this file as the startup file at a later tim

Configuring the Switch3-203• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For

Basic Configuration3-213• Logging Trap – Limits log messages that are sent to the remote syslog server for all levels up to the specified level. For e

ContentsiiSystem Log Configuration 3-19Remote Log Configuration 3-20Displaying Log Messages 3-22Sending Simple Mail Transfer Protocol Alerts 3-23R

Configuring the Switch3-223CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap.Displaying Log MessagesUse

Basic Configuration3-233CLI – This example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3

Configuring the Switch3-243Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add a

Basic Configuration3-253CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify

Configuring the Switch3-263Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic u

Basic Configuration3-273CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings.Setting

Configuring the Switch3-283CLI - This example shows how to set the time zone for the system clock.Simple Network Management Protocol Simple Network Ma

Simple Network Management Protocol3-293Web – Click SNMP, Configuration. Add new community strings as required, select the access rights from the Acces

Configuring the Switch3-303Web – Click SNMP, Configuration. Fill in the IP address and community string for each trap manager that will receive these

User Authentication3-313Command Attributes• User Name* – The name of the user. (Maximum length: 8 characters)• Access Level* – Specifies the user leve

ContentsiiiDisplaying LACP Settings and Status for the Local Side 3-77Displaying LACP Settings and Status for the Remote Side 3-79Setting Broadcast

Configuring the Switch3-323RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transp

User Authentication3-333Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI. (See “usern

Configuring the Switch3-343CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to e

User Authentication3-353• The following web browsers and operating systems currently support HTTPS:• To specify a secure-site certificate, see “Replac

Configuring the Switch3-363Caution: For maximum security, we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunit

User Authentication3-373To use the SSH server, complete these steps:1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a host pub

Configuring the Switch3-383e. The switch compares the decrypted bytes to the original bytes it sent. If the two sets match, this means that the client

User Authentication3-393Web – Click Security, SSH Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the ho

Configuring the Switch3-403Configuring the SSH ServerThe SSH server includes basic settings for authentication. Field Attributes• SSH Server Status –

User Authentication3-413CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the

ContentsivMapping CoS Values to ACLs 3-136Changing Priorities Based on ACL Rules 3-137Multicast Filtering 3-139Layer 2 IGMP (Snooping and Query)

Configuring the Switch3-423• If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configur

User Authentication3-433CLI – This example selects the target port, sets the port security action to send a trap and disable the port, specifies a max

Configuring the Switch3-443The operation of 802.1x on the switch requires the following:• The switch must have an IP address assigned.• RADIUS authent

User Authentication3-453Web – Click Security, 802.1x, Information.Figure 3-26. 802.1x InformationCLI – This example shows the default protocol settin

Configuring the Switch3-463Configuring 802.1x Global SettingsThe dot1x protocol includes global parameters that control the client authentication proc

User Authentication3-473Web – Select Security, 802.1x, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, and

Configuring the Switch3-483• Authorized – - Yes – Connected client is authorized.- No – Connected client is not authorized.- Blank – Displays nothing

User Authentication3-493Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the statisti

Configuring the Switch3-503CLI – This example displays the 802.1x statistics for port 4.Filtering IP Addresses for Management AccessYou can create a l

User Authentication3-513Web – Click Security, IP Filter. Enter the addresses that are allowed management access to an interface, and click Add IP Filt

Contentsvdisconnect 4-18show line 4-19General Commands 4-20enable 4-20disable 4-21configure 4-21show history 4-22reload 4-22end 4-23exit 4-23quit 4

Configuring the Switch3-523Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4

Access Control Lists3-533Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Name

Configuring the Switch3-543The mask is bitwise ANDed with the specified source IP address, and compared with the address for each IP packet entering t

Access Control Lists3-553Configuring an Extended IP ACLCommand Attributes• Action – An ACL can contain either all permit rules or all deny rules. (Def

Configuring the Switch3-563Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-573Configuring a MAC ACLCommand Attributes• Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rul

Configuring the Switch3-583Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists3-593Configuring ACL MasksYou can specify optional masks that control the order in which ACL rules are checked. The switch include

Configuring the Switch3-603Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entr

Access Control Lists3-613Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source o