Enterasys Matrix-V V2H124-24 Specifikace

Matrix V-SeriesV2H124-24 FAST ETHERNET SWITCHConfiguration GuideP/N 9033925-02

Contentsviiiport security 3-57802.1x Port Authentication 3-59dot1x system-auth-control 3-59authentication dot1x default 3-60dot1x default 3-60dot

Configuring the Switch2-702Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., Interface, MAC Address, or VLAN), the method o

Spanning Tree Algorithm Configuration2-712Changing the Aging TimeYou can change the aging time for entries in the dynamic address table. Command Attri

Configuring the Switch2-722Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transm

Spanning Tree Algorithm Configuration2-732• Configuration Changes – The number of times the Spanning Tree has been reconfigured.• Last Topology Change

Configuring the Switch2-742CLI – This command displays global STA settings, followed by settings for each port.Note: The current root port and current

Spanning Tree Algorithm Configuration2-752Command AttributesBasic Configuration of Global Settings• Spanning Tree State – Enables/disables STA on this

Configuring the Switch2-762Configuration Settings for RSTP • Path Cost Method – The path cost is used to determine the best path between devices. The

Spanning Tree Algorithm Configuration2-772CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes. Displaying Interf

Configuring the Switch2-782• Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is d

Spanning Tree Algorithm Configuration2-792• Admin Link Type – The link type attached to this interface.- Point-to-Point – A connection to exactly one

Contentsixsnmp-server community 3-93snmp-server contact 3-93snmp-server location 3-94snmp-server host 3-94snmp-server enable traps 3-95snmp ip fi

Configuring the Switch2-802Configuring Interface Settings You can configure RSTP attributes for specific interfaces, including port priority, path cos

Spanning Tree Algorithm Configuration2-812• Path Cost – This parameter is used by the STP to determine the best path between devices. Therefore, lower

Configuring the Switch2-822Web – Click Spanning Tree, STA Port Configuration or STA Trunk Configuration. Modify the required attributes, then click Ap

VLAN Configuration2-832This switch supports the following VLAN features:• Up to 255 VLANs based on the IEEE 802.1Q standard• Distributed VLAN learning

Configuring the Switch2-842message to your network indicating the VLAN groups it wants to join. When this switch receives these messages, it will auto

VLAN Configuration2-852Web – Click System, Bridge Extension. Enable or disable GVRP, click Apply.Figure 2-49 Displaying Bridge Extension Capabilitie

Configuring the Switch2-862CLI – Enter the following command. Displaying Current VLANsThe VLAN Current Table shows the current port members of each VL

VLAN Configuration2-872Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4094, no leading zeroes).• Type – Shows how this VLAN was added to th

Configuring the Switch2-882Web – Click VLAN, VLAN Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to acti

VLAN Configuration2-892• Port – Port identifier.• Trunk – Trunk identifier.• Membership Type – Select VLAN membership for each interface by marking th

Contentsxspanning-tree portfast 3-127spanning-tree link-type 3-128spanning-tree protocol-migration 3-128show spanning-tree 3-129VLAN Commands 3-1

Configuring the Switch2-902CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VLA

VLAN Configuration2-912Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN ide

Configuring the Switch2-922• GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the

Class of Service Configuration2-932CLI – This example sets port 1 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, se

Configuring the Switch2-942Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then

Class of Service Configuration2-952The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the follo

Configuring the Switch2-962CLI – The following example shows how to map CoS values 1 and 2 to CoS priority queue 0, value 0 and 3 to CoS priority queu

Class of Service Configuration2-972CLI – The following example shows how to assign WRR weights of 1, 4, 16 and 64 to the CoS priority queues 0, 1, 2 a

Configuring the Switch2-982Web – Click Priority, IP Precedence/DSCP Priority Status. Select Disabled, IP Precedence or IP DSCP from the scroll-down me

Class of Service Configuration2-992Web – Click Priority, IP Precedence Priority. Select a port or trunk from the Interface field. Select an entry from

Contentsxiip igmp snooping vlan static 3-156ip igmp snooping version 3-157show ip igmp snooping 3-157show mac-address-table multicast 3-158IGMP Qu

Configuring the Switch2-1002Mapping DSCP PriorityThe DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP repl

Class of Service Configuration2-1012Web – Click Priority, IP DSCP Priority. Select a port or trunk from the Interface field. Select an entry from the

Configuring the Switch2-1022Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port number (i.e.

Class of Service Configuration2-1032CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 t

Configuring the Switch2-1042Web – Click Priority, ACL CoS Priority. Select a port, select an ACL rule, specify a CoS priority, then click Add.Figure 2

Class of Service Configuration2-1052Command Attributes• Port – Port identifier.•Name* – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence –

Configuring the Switch2-1062Multicast Filtering Multicasting is used to support real-time applications such as video conferencing or streaming audio.

Multicast Filtering2-1072Command Attributes• IGMP Status — When enabled, the switch will monitor network traffic to determine which hosts want to rece

Configuring the Switch2-1082CLI – This example modifies the settings for multicast filtering, and then displays the current status.Displaying Interfac

Multicast Filtering2-1092CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying Inte

ContentsxiiAppendix A: Upgrading Firmware via the Serial Port A-1Appendix B: Troubleshooting B-1Appendix C: Software Specifications C-1Software Fea

Configuring the Switch2-1102Displaying Port Members of Multicast ServicesYou can display the port members associated with a specified VLAN and multica

Multicast Filtering2-1112Command Usage• Static multicast addresses are never aged out.• When a multicast address is assigned to specific VLAN, the cor

Configuring the Switch2-1122

3-1Chapter 3: Command Line InterfaceThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the C

Command Line Interface3-23To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway

Entering Commands3-33Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and

Command Line Interface3-43“show ?” displays a list of possible show commands:The command “show interfaces ?” will display the following information:Pa

Entering Commands3-53logging, specify the no logging command. This guide describes the negation effect for all applicable commands.Using Command Histo

Command Line Interface3-63To enter Privileged Exec mode, enter the following commands and passwords:Configuration CommandsConfiguration commands are p

Entering Commands3-73To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return t

xiiiTablesTable 1-1 System Defaults 1-9Table 2-2 Configuration Options 2-2Table 2-3 Switch Main Menu 2-3Table 2-4 Web Browser 2-28Table 2-5 Operat

Command Line Interface3-83Command GroupsThe system commands can be broken down into the functional groups shown below.Esc-B Moves the cursor back one

Line Commands3-93The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) PE (

Command Line Interface3-103lineUse this command to identify a specific line for configuration, and to process subsequent line configuration commands.S

Line Commands3-113Command Usage • There are three authentication modes provided by the switch itself at login:• login selects authentication by a sing

Command Line Interface3-123number of times a user can enter an incorrect password before the system terminates the line connection and returns the ter

Line Commands3-133password-threshUse this command to set the password intrusion threshold which limits the number of failed logon attempts. Use the no

Command Line Interface3-143Default Setting The default value is no silent-time.Command Mode Line Configuration Example To set the silent time to 60 se

Line Commands3-153parityUse this command to define generation of a parity bit. Use the no form to restore the default setting.Syntax parity {none | ev

Command Line Interface3-163Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on

General Commands3-173Example To show all lines, enter this command:General CommandsenableUse this command to activate Privileged Exec mode. In privile

TablesxivTable 3-47 Rate Limit Commands 3-112Table 3-48 Link Aggregation Commands 3-113Table 3-49 Address Table Commands 3-116Table 3-50 Spanning T

Command Line Interface3-183Default SettingLevel 15Command ModeNormal ExecCommand Usage • “super” is the default password required to change the comman

General Commands3-193configureUse this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. Y

Command Line Interface3-203The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mod

General Commands3-213exitUse this command to return to the previous configuration mode or exit the configuration program.Default Setting NoneCommand M

Command Line Interface3-223System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration opti

System Management Commands3-233hostnameUse this command to specify or modify the host name for this device. Use the no form to restore the default hos

Command Line Interface3-243User Access CommandsThe basic commands required for management access are listed in this section. This switch also includes

System Management Commands3-253Command Mode Global ConfigurationCommand Usage The encrypted password is required for compatibility with legacy passwor

Command Line Interface3-263ExampleRelated Commandsenable (3-17)Web Server Commandsip http portUse this command to specify the TCP port number used by

System Management Commands3-273ip http serverUse this command to allow this device to be monitored or configured from a browser. Use the no form to di

xvFiguresFigure 2-1 Homepage 2-2Figure 2-2 Ports Panel 2-3Figure 2-3 System Information 2-7Figure 2-4 General Switch Information 2-9Figure 2-5 Brid

Command Line Interface3-283A padlock icon should appear in the status bar for Internet Explorer 5.x and Netscape Navigator 4.x or later versions.• The

System Management Commands3-293Related Commandsip http secure-server (3-27)Secure Shell Commands The Berkley-standard includes remote access tools ori

Command Line Interface3-303Command Usage • The SSH server supports up to four client sessions. The maximum number of client sessions includes both cur

System Management Commands3-313ip ssh authentication-retriesUse this command to configure the number of times the SSH server attempts to reauthenticat

Command Line Interface3-323Example Related Commandsshow ip ssh (3-31)show sshUse this command to display the current Secure Shell (SSH) server connect

System Management Commands3-333logging onThis command controls logging of error messages, sending debug or error messages to switch memory. The no for

Command Line Interface3-343• level - One of the level arguments listed in the following table. Messages sent include the selected level down to level

System Management Commands3-353Default Setting Flash and RAMCommand Mode Privileged ExecExampleRelated Commandsshow logging (3-35)show loggingUse this

Command Line Interface3-363Time Commandsl The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP), or by usin

System Management Commands3-373• This command enables client time requests to time servers specified via the sntp servers command. It issues time sync

FiguresxviFigure 2-43 Displaying the MAC Dynamic Address Table 2-70Figure 2-44 Setting the Aging Time 2-71Figure 2-45 Displaying the Spanning Tree A

Command Line Interface3-383Examplesntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Us

System Management Commands3-393Exampleshow sntpThis command displays the current time and configuration settings for the SNTP client, and indicates wh

Command Line Interface3-403calendar setUse this command to set the date and time of the system clock.Syntax calendar set hour min sec {month day year

System Management Commands3-413System Status Commandsshow startup-configUse this command to display the configuration file stored in non-volatile memo

Command Line Interface3-423ExampleRelated Commandsshow running-config (3-42)show running-configUse this command to display the configuration informati

System Management Commands3-433• This command displays settings for key command modes. Each mode group is separated by “!” symbols, and includes the

Command Line Interface3-443show systemUse this command to display system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecComm

System Management Commands3-453Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) in

Command Line Interface3-463Flash/File CommandsThese commands are used to manage the system code or configuration files.copy Use this command to move (

Flash/File Commands3-473• Due to the size limit of the flash memory, the switch supports only two operation code files.• The maximum number of user-de

1-1Chapter 1: Switch ManagementConnecting to the SwitchConfiguration OptionsThis Matrix V-Series V2H124-24 switch includes a built-in network manageme

Command Line Interface3-483deleteUse this command to delete a file or image.Syntax delete filenamefilename - Name of the configuration file or image n

Flash/File Commands3-493Default Setting NoneCommand Mode Privileged ExecCommand Usage • If you enter the command dir without any parameters, the syste

Command Line Interface3-503ExampleThis example shows the information displayed by the whichboot command. See the table under the dir command for a des

Authentication Commands3-513Authentication Commands You can configure this switch to authenticate users logging into the system for management access

Command Line Interface3-523• You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if

Authentication Commands3-533Example radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax

Command Line Interface3-543radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radius-serve

Authentication Commands3-553Example TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that

Command Line Interface3-563tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Syntax tac

Authentication Commands3-573Command Mode Privileged ExecExample Port Security CommandsThese commands can be used to disable the learning function or m

Switch Management1-21• Time-stamp packets through SNTP• Filter packets using Access Control Lists (ACLs)• Enable port mirroring• Set broadcast sto

Command Line Interface3-583Default Setting Status: DisabledAction: NoneMaximum Addresses: 0Command Mode Interface Configuration (Ethernet)Command Usag

Authentication Commands3-593802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized ac

Command Line Interface3-603authentication dot1x defaultThis command sets the default authentication server type. Use the no form to restore the defaul

Authentication Commands3-613Command ModeGlobal ConfigurationExampledot1x port-controlThis command sets the dot1x mode on a port interface. Use the no

Command Line Interface3-623dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the

Authentication Commands3-633dot1x re-authenticationThis command enables periodic re-authentication globally for all ports. Use the no form to disable

Command Line Interface3-643Command ModeGlobal ConfigurationExampledot1x timeout tx-periodThis command sets the time that the switch waits during an au

Authentication Commands3-653• Global 802.1X Parameters – Displays the global port access control parameters that can be configured for this switch as

Command Line Interface3-663ExampleAccess Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, pro

Access Control List Commands3-673Access Control ListsAn ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresse

Basic Configuration1-31For a description of how to use the CLI, see “Using the Command Line Interface” on page 3-1. For a list of all the CLI commands

Command Line Interface3-683Masks for Access Control ListsYou can specify optional masks that control the order in which ACL rules are checked. The swi

Access Control List Commands3-693access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Us

Command Line Interface3-703permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets ema

Access Control List Commands3-713permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for pack

Command Line Interface3-723“match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified source IP address, and then compar

Access Control List Commands3-733show ip access-list This command displays the rules for configured IP ACLs.Syntaxshow ip access-list {standard | exte

Command Line Interface3-743Example Related Commandsmask (IP ACL) (3-74)ip access-group (3-78)mask (IP ACL)This command defines a mask for IP ACLs. Thi

Access Control List Commands3-753• First create the required ACLs and ingress or egress masks before mapping an ACL to an interface.• If you enter dsc

Command Line Interface3-763This shows how to create an extended ACL with an egress mask to drop packets leaving network 171.69.198.0 when the Layer 4

Access Control List Commands3-773This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other pac

Switch Management1-414. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level. Sett

Command Line Interface3-783Related Commandsmask (IP ACL) (3-74)ip access-group This command binds a port to an IP ACL. Use the no form to remove the p

Access Control List Commands3-793Related Commandsip access-group (3-78)map access-list ip This command sets the output queue for packets matching an A

Command Line Interface3-803show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value dete

Access Control List Commands3-813Command Usage• You must configure an ACL mask before you can change frame priorities based on an ACL rule.• Traffic p

Command Line Interface3-823MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remo

Access Control List Commands3-833• To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule.•

Command Line Interface3-843• any – Any MAC source or destination address. • host – A specific MAC address.• source – Source MAC address.• destination

Access Control List Commands3-853Command ModePrivileged ExecExample Related Commandspermit, deny 3-83mac access-group (3-88)access-list mac mask-prece

Command Line Interface3-863mask (MAC ACL)This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use the

Access Control List Commands3-873ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of

Basic Configuration1-51Manual ConfigurationYou can manually assign an IP address to the switch. You may also need to specify a default gateway that re

Command Line Interface3-883show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs.Syntaxshow access-lis

Access Control List Commands3-893Related Commandsshow mac access-list (3-84)show mac access-groupThis command shows the ports assigned to MAC ACLs.Com

Command Line Interface3-903Example Related Commandsqueue cos-map (3-146)show map access-list mac (3-90) show map access-list mac This command shows th

Access Control List Commands3-913Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command UsageYou must configure an ACL mask before y

Command Line Interface3-923Example show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample SNMP Comma

SNMP Commands3-933snmp-server communityUse this command to define the community access string for the Simple Network Management Protocol. Use the no f

Command Line Interface3-943Command Mode Global ConfigurationExampleRelated Commandssnmp-server location (3-94)snmp-server locationUse this command to

SNMP Commands3-953string using the snmp-server community command prior to using the snmp-server host command. (Maximum length: 32 characters)• version

Command Line Interface3-963Default Setting Issue authentication and link-up-down traps.Command Mode Global ConfigurationCommand Usage • If you do not

SNMP Commands3-973snmp ip filterThis command sets the IP addresses of clients that are allowed management access to the switch via SNMP. Use the no fo

Switch Management1-612. At the interface-configuration mode prompt, use one of the following commands:• To obtain IP settings through DHCP, type “ip a

Command Line Interface3-983show snmpUse this command to check the status of SNMP communications.Default Setting NoneCommand Mode Normal Exec, Privileg

Interface Commands3-993Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

Command Line Interface3-1003Command Mode Global Configuration Example To specify the port 25, enter the following command:descriptionUse this command

Interface Commands3-1013Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex settin

Command Line Interface3-1023• If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports.Exampl

Interface Commands3-1033Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow controlRelated Commands neg

Command Line Interface3-1043ExampleThe following example enables flow control on port 5.Related Commands negotiation (3-101)capabilities (flowcontrol,

Interface Commands3-1053Default Setting Enabled for all portsPacket-rate limit: 500 packets per second Command Mode Interface Configuration (Ethernet)

Command Line Interface3-1063Example The following example clears statistics on Ethernet port 1/1show interfaces statusUse this command to display the

Interface Commands3-1073Example show interfaces countersUse this command to display interface statistics. Syntax show interfaces counters [interface]i

Basic Configuration1-71• private - Specifies read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Note:

Command Line Interface3-1083Exampleshow interfaces switchportUse this command to display the administrative and operational status of the specified in

Interface Commands3-1093Example This example shows the configuration setting for port 25.Console#show interfaces switchport ethernet 1/22Information o

Command Line Interface3-1103Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port.port monitorUse this

Mirror Port Commands3-1113Example The following example configures the switch to mirror all packets from port 6 to port 11:show port monitorUse this c

Command Line Interface3-1123Rate Limit CommandsThis function allows the network manager to control the maximum rate for traffic transmitted or receive

Link Aggregation Commands3-1133ExampleLink Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the b

Command Line Interface3-1143channel-group Use this command to add a port to a trunk. Use the no form to remove a port from a trunk.Syntax channel-grou

Link Aggregation Commands3-1153• A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.• If

Command Line Interface3-1163Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

Address Table Commands3-1173Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this com

Switch Management1-812. Enter the name of the start-up file. Press <Enter>.Managing System FilesThe switch’s flash memory supports three types o

Command Line Interface3-1183Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Address Table contains the MAC addresses associate

Spanning Tree Commands3-1193ExampleSpanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for

Command Line Interface3-1203Command Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup lin

Spanning Tree Commands3-1213Example The following example configures the switch to use Rapid Spanning Tree.spanning-tree forward-timeUse this command

Command Line Interface3-1223Command Mode Global ConfigurationCommand Usage This command sets the time interval (in seconds) at which the root device t

Spanning Tree Commands3-1233spanning-tree priorityUse this command to configure the spanning tree priority globally for this switch. Use the no form t

Command Line Interface3-1243Command Usage The path cost method is used to determine the best path between devices. Therefore, lower values should be a

Spanning Tree Commands3-1253Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex:

Command Line Interface3-1263ExampleRelated Commandsspanning-tree cost (3-124)spanning-tree edge-port Use this command to specify an interface as an ed

Spanning Tree Commands3-1273spanning-tree portfastUse this command to set an interface to fast forwarding. Use the no form to disable fast forwarding.

System Defaults1-91System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg” To reset the switch

Command Line Interface3-1283spanning-tree link-typeUse this command to configure the link type for Rapid Spanning Tree. Use the no form to restore the

Spanning Tree Commands3-1293Command Mode Privileged ExecCommand Usage If at any time the switch detects STP BPDUs, including Configuration or Topology

Command Line Interface3-1303ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------

VLAN Commands3-1313VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the s

Command Line Interface3-1323ExampleRelated Commands show vlan (3-139)vlanUse this command to configure a VLAN. Use the no form to restore the default

VLAN Commands3-1333Configuring VLAN Interfacesinterface vlanUse this command to enter interface configuration mode for VLANs, and configure a physical

Command Line Interface3-1343switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default.

VLAN Commands3-1353Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage When set to receive all frame types, any received frames

Command Line Interface3-1363Example The following example shows how to set the interface to port 1 and then enable ingress filtering:switchport native

VLAN Commands3-1373switchport allowed vlanUse this command to configure VLAN groups on the selected interface. Use the no form to restore the default.

Switch Management1-101Port Configuration Admin Status EnabledAuto-negotiation EnabledFlow Control DisabledPort Capability 100BASE-TX/FX –10 Mbps half

Command Line Interface3-1383switchport forbidden vlanUse this command to configure forbidden VLANs. Use the no form to remove the list of forbidden VL

VLAN Commands3-1393show vlanUse this command to show VLAN information.Syntax show vlan [id vlan-id | name vlan-name]• id - Keyword to be followed by t

Command Line Interface3-1403GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information

GVRP and Bridge Extension Commands3-1413show bridge-extUse this command to show the configuration for bridge extension commands.Default Setting NoneCo

Command Line Interface3-1423show gvrp configurationUse this command to show if GVRP is enabled.Syntax show gvrp configuration [interface]interface • e

GVRP and Bridge Extension Commands3-1433Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client

Command Line Interface3-1443Related Commandsgarp timer (3-142)Priority CommandsThe commands described in this section allow you to specify which data

Priority Commands3-1453Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero.Command Mo

Command Line Interface3-1463Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights.Example The following examp

Priority Commands3-1473Example The following example shows how to map CoS values 0, 1 and 2 to priority queue 0, value 3 to queue 1, values 4 and 5 to

System Defaults1-111Traffic Prioritization Ingress Port Priority 0Weighted Round Robin Class 0: 1Class 1: 4Class 2: 16Class 3: 64IP Precedence Priorit

Command Line Interface3-1483Default Setting NoneCommand Mode Privileged ExecExamplePriority Commands (Layer 3 and 4) map ip port (Global Configuration

Priority Commands3-1493Example The following example shows how to enable TCP/UDP port mapping globally:map ip port (Interface Configuration)Use this c

Command Line Interface3-1503Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.

Priority Commands3-1513map ip dscp (Global Configuration)Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping)

Command Line Interface3-1523Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not spe

Priority Commands3-1533Default SettingNoneCommand Mode Privileged ExecExample The following shows that HTTP traffic has been mapped to CoS value 0:R

Command Line Interface3-1543ExampleRelated Commands map ip precedence (Global Configuration) (3-149)map ip precedence (Interface Configuration) (3-150

Multicast Filtering Commands3-1553Example Related Commands map ip dscp (Global Configuration) (3-151)map ip dscp (Interface Configuration) (3-151)Mult

Command Line Interface3-1563IGMP Snooping Commands ip igmp snoopingUse this command to enable IGMP snooping on this switch. Use the no form to disable

Multicast Filtering Commands3-1573Default Setting NoneCommand Mode Global ConfigurationExample The following shows how to statically configure a multi

NoticeNOTICEEnterasys Networks reserves the right to make changes in specifications and other information contained in this document without prior not

Switch Management1-121

Command Line Interface3-1583Command Mode Privileged ExecCommand Usage See “Configuring IGMP Snooping Parameters” on page 2-74 for a description of the

Multicast Filtering Commands3-1593IGMP Query Commands (Layer 2) ip igmp snooping querierUse this command to enable the switch as an IGMP querier. Use

Command Line Interface3-1603Default Setting 2 timesCommand Mode Global ConfigurationCommand Usage The query count defines how long the querier waits f

Multicast Filtering Commands3-1613ip igmp snooping query-max-response-timeUse this command to configure the snooping report delay. Use the no form of

Command Line Interface3-1623Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The switch must use IGMPv2 for this command to t

Multicast Filtering Commands3-1633Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier

Command Line Interface3-1643IP Interface CommandsThere are no IP addresses assigned to this switch by default. You must manually configure a new addre

IP Interface Commands3-1653• If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been received

Command Line Interface3-1663Related Commands show ip redirects (3-167)ip dhcp restartUse this command to submit a BOOTP or DCHP client request.Default

IP Interface Commands3-1673Default Setting All interfacesCommand Mode Privileged ExecExampleRelated Commands show ip redirects (3-167)show ip redirect

2-1Chapter 2: Configuring the SwitchUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the

Command Line Interface3-1683Default Setting This command has no default for the host.Command Mode Normal Exec, Privileged ExecCommand Usage •Use the p

A-1Appendix A: Upgrading Firmware via the Serial PortThe switch contains three firmware components that can be upgraded; the diagnostics (or Boot-ROM)

Upgrading Firmware via the Serial PortA-2A7. There are two baud rate settings available, 9600 and 115200. Using the higher baud rate minimizes the tim

A-3A15. For example, the following screen text shows the download procedure for a runtime code file:16. To set the new downloaded file as the startup

Upgrading Firmware via the Serial PortA-4A

B-1Appendix B: TroubleshootingTable B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet, Web browser, or SNMP software• Be sure you hav

TroubleshootingB-2B

C-1Appendix C: Software SpecificationsSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control Lis

Software SpecificationsC-2CMulticast Filtering IGMP Snooping (Layer 2)Additional FeaturesBOOTP clientCIDR (Classless Inter-Domain Routing)SNTP (Simple

Software SpecificationsC-3CRADIUS (RFC 2618)RMON (RFC 1757 groups 1,2,3,9)SNTP (RFC 2030)SNMP (RFC 1157)HTTPSSSH (Version 1.5)Management Information B

Configuring the Switch2-22Navigating the Web Browser InterfaceTo access the Web-browser interface you must first enter a user name and password. The a

Software SpecificationsC-4C

Glossary-1GlossaryAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GlossaryGlossary-2Generic Attribute Registration Protocol (GARP)GARP is a protocol that can be used by endstations and switches to register and propag

Glossary-3GlossaryIGMP QueryOn each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on

GlossaryGlossary-4Multicast SwitchingA process whereby the switch filters incoming multicast frames for services for which no attached host has regist

Glossary-5GlossarySimple Network Management Protocol (SNMP)The application protocol in the Internet suite of protocols which offers network management

GlossaryGlossary-6XModemA protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected.

Index-1Numerics802.1xconfigure 2-36, 3-59port authentication 2-36, 3-59AAccess Control Lists See ACLACLconfiguration guidelines 2-40, 3-67Extended IP

IndexIndex-2TACACS server 2-25, 3-55TACACS+ client 2-25, 3-55TACACS+ server 2-25, 3-55logon authentication, sequence 2-25, 3-51Mmain menu 2-3Managemen

IndexIndex-3egress mode 2-92, 3-134WWeb interfaceaccess requirements 2-1configuration buttons 2-2home page 2-2menu list 2-3panel display 2-3XXModem do

Panel Display2-32Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under the menu “Tools / Inter

IndexIndex-4

ES3526V-60150200035300AE072003-R01ES3526GE072000-R04

Configuring the Switch2-42Bridge Extension Shows the configuration for bridge extension commands; enables GVRP multicast protocol2-10Switch Informatio

Main Menu2-52QoS 2-93Default Port Priority Sets the default priority for each port 2-93Default Trunk Priority Sets the default priority for each trunk

Configuring the Switch2-62Rate Limit 2-62Input Rate Limit Port Configuration Sets the input rate limit for each port 2-62Input Rate Limit Trunk Config

Basic Configuration2-72Basic ConfigurationDisplaying System InformationYou can easily identify the system by providing a descriptive name, location an

Configuring the Switch2-82CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inf

Basic Configuration2-92Expansion Slot• Expansion Slot 1/2 – Slots for extender modules.Web – Click System, Switch Information.Figure 2-4 General Swi

Notice

Configuring the Switch2-102Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filte

Basic Configuration2-112Web – Click System, Bridge Extension.Figure 2-5 Bridge Extension CapabilitiesCLI – Enter the following command.Console#show

Configuring the Switch2-122Setting the IP Address An IP address may be used for management access to the switch over your network. By default, the swi

Basic Configuration2-132Manual ConfigurationWeb – Click System, IP. Specify the management interface, IP address and default gateway, then click Apply

Configuring the Switch2-142Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires o

Basic Configuration2-152Web – Click System, Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, select

Configuring the Switch2-162Saving or Restoring Configuration SettingsYou can upload/download configuration settings to/from a TFTP server. The configu

Basic Configuration2-172Setting the Startup Configuration FileIf you download to a new file name, then select the new file from the drop-down box for

Configuring the Switch2-182Resetting the SystemWeb – Select System, Reset to reboot the switch. When prompted, confirm that you want reset the switch.

Basic Configuration2-192• SNTP Broadcast Client – Configures the switch to operate as an SNTP broadcast client. This mode requires no other configurat

iiiContents Chapter 1: Switch Management 1-1Connecting to the Switch 1-1Configuration Options 1-1Required Connections 1-2Remote Connections 1-3Ba

Configuring the Switch2-202Web – Select SNTP, Clock Time Zone. Set the offset for your time zone relative to the UTC, and click Apply.Figure 2-14 Se

Configuring SNMP2-212• Community String – A community string that acts like a password and permits access to the SNMP protocol. Default strings: “publ

Configuring the Switch2-222we recommend that you define this string in the SNMP Protocol table as well.(Range: 1-32 characters, case sensitive)• Trap

Configuring SNMP2-232• The default setting is null, which allows all IP groups SNMP access to the switch. If one or more IP addresses are configured,

Configuring the Switch2-242User AuthenticationYou can restrict management access to this switch using the following options:• Passwords – Manually con

User Authentication2-252CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password.Configuring RADIUS/TACACS Logon A

Configuring the Switch2-262- TACACS – User authentication is performed using a TACACS+ server only.- [authentication sequence] – User authentication i

User Authentication2-272Web – Click System, Authentication Settings. To configure local or remote authentication preferences, specify the authenticati

Configuring the Switch2-282Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Sock

User Authentication2-292CLI – In configuration mode enter the secure hyper-text transfer protocol port number, and enable the secure server.Replacing

ContentsivSetting the System Clock 2-18Configuring SNTP 2-18Setting the Time Zone 2-19Configuring SNMP 2-20Setting Community Access Strings 2-20

Configuring the Switch2-302Command Attributes• SSH Server Status – Allows you to enable/disable the SSH server feature on the switch. (Default: Disabl

User Authentication2-312Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC add

Configuring the Switch2-322Web – Click Security, Port Security. Set the status to enable or disable security for a port, set the maximum number of MAC

User Authentication2-332Configuring 802.1x Port AuthenticationNetwork switches can provide open and easy access to network resources by simply attachi

Configuring the Switch2-342Displaying 802.1x Global SettingsThe dot1x protocol includes global parameters that control the client authentication proce

User Authentication2-352CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the

Configuring the Switch2-362Configuring Global 802.1x Parameters The dot1x protocol includes global parameters that control the client authentication p

User Authentication2-372CLI – This example enables re-authentication and sets all of the global parameters for dot1x.Configuring Port Authorization Mo

Configuring the Switch2-382CLI - In Interface mode type dot1x port-control auto, or use the no form to disable.Displaying 802.1x StatisticsThis switch

User Authentication2-392Web – Select 802.1X, 802.1X Statistics. Select the required port and then click Query. Click Refresh to update the statistics.

ContentsvDisplaying Global Settings 2-72Configuring Global Settings 2-74Displaying Interface Settings 2-77Configuring Interface Settings 2-80VLAN

Configuring the Switch2-402Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4

Access Control Lists2-412Setting the ACL Name and TypeUse the ACL Configuration page to designate the name and type of an ACL.Command Attributes• Name

Configuring the Switch2-422Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain permit rules, deny rules, or a combination of

Access Control Lists2-432Configuring an Extended IP ACLCommand Attributes• Action – An ACL can contain permit rules, deny rules or a combination of bo

Configuring the Switch2-442Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists2-452Configuring a MAC ACLCommand Attributes• Action – An ACL can contain permit rules, deny rules, or a combination of both. (Def

Configuring the Switch2-462Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

Access Control Lists2-472Configuring ACL MasksYou can specify optional masks that control the order in which ACL rules are checked. The switch include

Configuring the Switch2-482Configuring an IP ACL MaskThis mask defines the fields to check in the IP header. Command Usage• Masks that include an entr

Access Control Lists2-492Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source o

ContentsviPartial Keyword Lookup 3-4Negating the Effect of Commands 3-4Using Command History 3-5Understanding Command Modes 3-5Exec Commands 3-5C

Configuring the Switch2-502Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mas

Access Control Lists2-512CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules

Configuring the Switch2-522Web – Click ACL, ACL Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egress traf

Port Configuration2-532• Flow Control Status – Indicates the type of flow control currently in use. (IEEE 802.3x, Back-Pressure or None)• Autonegotiat

Configuring the Switch2-542• Sym - Transmits and receives pause frames for flow control• FC - Supports flow control • Broadcast storm – Shows if broad

Port Configuration2-552problem has been resolved. You may also disable an interface for security reasons.• Speed/Duplex – Allows manual selection of p

Configuring the Switch2-562Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure

Port Configuration2-572more than four ports, all other ports will be placed in a standby mode. Should one link in the trunk fail, one of the standby p

Configuring the Switch2-582Web – Click Trunk, Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the

Port Configuration2-592Dynamically Configuring a TrunkCommand Usage• To avoid creating a loop in the network, be sure you enable LACP before connectin

Contentsviishow ip ssh 3-31disconnect ssh 3-31show ssh 3-32Event Logging Commands 3-32logging on 3-33logging history 3-33clear logging 3-34sho

Configuring the Switch2-602CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on a

Port Configuration2-612Web – Click Port, Port Broadcast Control. Set the threshold for all ports, click Apply.Figure 2-38 Configuring Broadcast Cont

Configuring the Switch2-622Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add.Fi

Port Configuration2-632Command Attributes• Port/Trunk– Displays the port number.• Rate Limit Status – Enables or disables the rate limit.• Rate Limit

Configuring the Switch2-642Statistical ValuesTable 2-7 Port StatisticsParameter DescriptionInterface StatisticsReceived Octets The total number of oct

Port Configuration2-652FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass

Configuring the Switch2-662Web – Click Statistics, Port Statistics. Select the required interface, and click Query. You can also use the Refresh butto

Port Configuration2-672Figure 2-41 Displaying Port Statistics

Configuring the Switch2-682CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices. T

Address Table Settings2-692Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address