SMC Networks SMC6824M User Manual

TigerStack III 10/10024-Port Fast Ethernet Switch◆ 24 auto-MDI/MDI-X 10BASE-T/100BASE-TX ports◆ 10BASE-T/100BASE-TX ports support PoE capabilities*◆ 2

TABLE OF CONTENTSviPower Over Ethernet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145Switch Power Status . . . . . . .

CONFIGURING THE SWITCH3-44Web – Select SNTP, Configuration. Modify any of the required parameters and click Apply.Figure 3-20 SNTP Configuration CLI

SIMPLE NETWORK MANAGEMENT PROTOCOL3-45• Hours (0-13) – The number of hours before UTC (0-12) or after UTC (0-13).• Minutes (0-59) – The number of minu

CONFIGURING THE SWITCH3-46Information Base (MIB) that provides a standard presentation of the information controlled by the agent. SNMP defines both t

SIMPLE NETWORK MANAGEMENT PROTOCOL3-47Note: The predefined default groups and view can be deleted from the system. You can then define customized grou

CONFIGURING THE SWITCH3-48Enabling the SNMP Agent Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3).Command AttributesSNMP A

SIMPLE NETWORK MANAGEMENT PROTOCOL3-49• Access Mode – Specifies the access rights for the community string:- Read-Only – Authorized management station

CONFIGURING THE SWITCH3-50Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers.

SIMPLE NETWORK MANAGEMENT PROTOCOL3-513. Create a view with the required notification messages (page 3-67).4. Create a group that includes the require

CONFIGURING THE SWITCH3-52- Retry times – The maximum number of times to resend an inform message if the recipient does not acknowledge receipt. (Rang

SIMPLE NETWORK MANAGEMENT PROTOCOL3-53Configuring SNMPv3 Management AccessTo configure SNMPv3 management access to the switch, follow these steps:1. I

TABLE OF CONTENTSviiMapping CoS Values to Egress Queues . . . . . . . . . . . . . 3-204Selecting the Queue Mode . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-54Web – Click SNMP, SNMPv3, Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.Figure 3-25 Setting

SIMPLE NETWORK MANAGEMENT PROTOCOL3-55Web – Click SNMP, SNMPv3, Remote Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.F

CONFIGURING THE SWITCH3-56- AuthPriv – SNMP communications use both authentication and encryption (only available for the SNMPv3 security model).• Aut

SIMPLE NETWORK MANAGEMENT PROTOCOL3-57Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and ass

CONFIGURING THE SWITCH3-58CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remote SNMPv3 Users

SIMPLE NETWORK MANAGEMENT PROTOCOL3-59Command Attributes• User Name – The name of user connecting to the SNMP agent. (Range: 1-32 characters)• Group N

CONFIGURING THE SWITCH3-60Web – Click SNMP, SNMPv3, Remote Users. Click New to configure a user name. In the New User page, define a name and assign i

SIMPLE NETWORK MANAGEMENT PROTOCOL3-61CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3

CONFIGURING THE SWITCH3-62• Notify View – The configured view for notifications. (Range: 1-64 characters)Table 3-5 Supported Notification MessagesObj

SIMPLE NETWORK MANAGEMENT PROTOCOL3-63warmStart 1.3.6.1.6.3.1.1.5.2 A warmStart trap signifies that the SNMPv2 entity, acting in an agent role, is rei

TABLE OF CONTENTSviiiNegating the Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-6Using Command History . . . . . . . . . . . .

CONFIGURING THE SWITCH3-64authenticationFailure*1.3.6.1.6.3.1.1.5.5 An authenticationFailure trap signifies that the SNMPv2 entity, acting in an agent

SIMPLE NETWORK MANAGEMENT PROTOCOL3-65swIpFilterRejectTrap 1.3.6.1.4.1.202.20.28.63.2.1.0.401.3.6.1.4.1.202.20.41.63.2.1.0.401.3.6.1.4.1.202.20.53.63.

CONFIGURING THE SWITCH3-66Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a securit

SIMPLE NETWORK MANAGEMENT PROTOCOL3-67CLI – Use the snmp-server group command to configure a new group, specifying the security model and level, and r

CONFIGURING THE SWITCH3-68Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subt

USER AUTHENTICATION3-69CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the

CONFIGURING THE SWITCH3-70Configuring User AccountsThe guest only has read access for most configuration parameters. However, the administrator has wr

USER AUTHENTICATION3-71Web – Click Security, User Accounts. To configure a new user account, enter the user name, access level, and password, then cli

CONFIGURING THE SWITCH3-72Configuring Local/Remote Logon AuthenticationUse the Authentication Settings menu to restrict management access based on spe

USER AUTHENTICATION3-73• You can specify up to three authentication methods for any user to indicate the authentication sequence. For example, if you

TABLE OF CONTENTSixenable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36IP Filter Commands . . . . . . . . . . . .

CONFIGURING THE SWITCH3-74• TACACS Settings- Server IP Address – Address of the TACACS+ server. (Default: 10.11.12.13)- Server Port Number – Network (

USER AUTHENTICATION3-75CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to enabl

CONFIGURING THE SWITCH3-76• If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number]• Whe

USER AUTHENTICATION3-77Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-33 HTTPS SettingsCLI

CONFIGURING THE SWITCH3-78When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-lin

USER AUTHENTICATION3-79Command UsageThe SSH server on this switch supports both password and public key authentication. If password authentication is

CONFIGURING THE SWITCH3-80only accepts public key files based on standard UNIX format as shown in the following example for an RSA Version 1 key:1024

USER AUTHENTICATION3-81Notes: 1. To use SSH with only password authentication, the host public key must still be given to the client, either during in

CONFIGURING THE SWITCH3-82• Generate – This button is used to generate the host key pair. Note that you must first generate the host key pair before y

USER AUTHENTICATION3-83CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then d

TABLE OF CONTENTSxlogging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67show logging sendmail . . . . . . . . . . .

CONFIGURING THE SWITCH3-84• SSH Server-Key Size – Specifies the SSH server key size. (Range: 512-896 bits: Default: 768)- The server key is a private

USER AUTHENTICATION3-85Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC addr

CONFIGURING THE SWITCH3-86• If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configura

USER AUTHENTICATION3-87Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in

CONFIGURING THE SWITCH3-88Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply atta

USER AUTHENTICATION3-89allows the client to access the network. Otherwise, network access is denied and the port remains blocked.The operation of 802.

CONFIGURING THE SWITCH3-90CLI – This example shows the default global setting for 802.1X.Configuring 802.1X Global SettingsThe 802.1X protocol provide

USER AUTHENTICATION3-91Configuring Port Settings for 802.1XWhen 802.1X is enabled, you need to configure the parameters for the authentication process

CONFIGURING THE SWITCH3-92• Re-authentication Period – Sets the time period after which a connected client must be re-authenticated. (Range: 1-65535 s

USER AUTHENTICATION3-93Console#show dot1x 4-116Global 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status Operat

TABLE OF CONTENTSxiradius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102radius-server retransmit . . . . . . . .

CONFIGURING THE SWITCH3-94Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port.Table 3-7 802.1X S

USER AUTHENTICATION3-95Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistic

CONFIGURING THE SWITCH3-96Filtering IP Addresses for Management AccessYou can create a list of up to 16 IP addresses or IP address groups that are all

USER AUTHENTICATION3-97Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interfac

CONFIGURING THE SWITCH3-98Access Control ListsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 p

ACCESS CONTROL LISTS3-99• When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind ope

CONFIGURING THE SWITCH3-100Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extend

ACCESS CONTROL LISTS3-101Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a sp

CONFIGURING THE SWITCH3-102• Source/Destination Subnet Mask – Subnet mask for source or destination address. (See the description for SubMask on page

ACCESS CONTROL LISTS3-103Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (An

TABLE OF CONTENTSxiimatch access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137show marking . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-104CLI – This example adds three rules:1. Accept any incoming packets if the source address is in subnet 10.7.1.x. For example

ACCESS CONTROL LISTS3-105• Ethernet Type Bitmask – Protocol bitmask. (Range: 600-fff hex.)• Packet Format – This attribute includes the following pack

CONFIGURING THE SWITCH3-106Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (

ACCESS CONTROL LISTS3-107Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. The switch includes two sy

CONFIGURING THE SWITCH3-108Web – Click Security, ACL, Mask Configuration. Click Edit for one of the basic mask types to open the configuration page.Fi

ACCESS CONTROL LISTS3-109• Source/Destination Subnet Mask – Subnet mask for source or destination address. (See the description for SubMask on page 3-

CONFIGURING THE SWITCH3-110CLI – This shows that the entries in the mask override the precedence in which the rules are entered into the ACL. In the f

ACCESS CONTROL LISTS3-111Web – Configure the mask to match the required rules in the MAC ingress or egress ACLs. Set the mask to check for any source

CONFIGURING THE SWITCH3-112CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rul

ACCESS CONTROL LISTS3-113• When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind op

TABLE OF CONTENTSxiiinegotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173capabilities . . . . . . . .

CONFIGURING THE SWITCH3-114CLI – This example assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2.Port ConfigurationDisplayin

PORT CONFIGURATION3-115Web – Click Port, Port Information or Trunk Information. Figure 3-50 Port - Port InformationField Attributes (CLI)Basic inform

CONFIGURING THE SWITCH3-116- 100full - Supports 100 Mbps full-duplex operation - 1000full - Supports 1000 Mbps full-duplex operation - Sym - Transmits

PORT CONFIGURATION3-117CLI – This example shows the connection status for Port 13.Configuring Interface ConnectionsYou can use the Port Configuration

CONFIGURING THE SWITCH3-118the capabilities to be advertised. When auto-negotiation is disabled, you can force the settings for speed, mode, and flow

PORT CONFIGURATION3-119Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure 3-5

CONFIGURING THE SWITCH3-120Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk o

PORT CONFIGURATION3-121• When configuring static trunks on switches of different types, they must be compatible with the Cisco EtherChannel standard.•

CONFIGURING THE SWITCH3-122Web – Click Port, Trunk Membership. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scr

PORT CONFIGURATION3-123Enabling LACP on Selected PortsCommand Usage• To avoid creating a loop in the network, be sure you enable LACP before connectin

TABLE OF CONTENTSxivspanning-tree transmission-limit . . . . . . . . . . . . . . . . . . . . . . . 4-213spanning-tree backup-root . . . . . . . . .

CONFIGURING THE SWITCH3-124Command Attributes• Member List (Current) – Shows configured trunks (Unit, Port).• New – Includes entry fields for creatin

PORT CONFIGURATION3-125Configuring LACP ParametersDynamically Creating a Port Channel –Ports assigned to a common port channel must meet the following

CONFIGURING THE SWITCH3-126Command Attributes Set Port Actor – This menu sets the local side of an aggregate link; i.e., the ports on this switch.• Po

PORT CONFIGURATION3-127Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

CONFIGURING THE SWITCH3-128CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; port

PORT CONFIGURATION3-129Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Infor

CONFIGURING THE SWITCH3-130CLI – The following example displays LACP counters for port channel 1.Displaying LACP Settings and Status for the Local Sid

PORT CONFIGURATION3-131Admin State,Oper StateAdministrative or operational values of the actor’s state parameters:• Expired – The actor’s receive mach

CONFIGURING THE SWITCH3-132Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-

PORT CONFIGURATION3-133Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for the

TABLE OF CONTENTSxvswitchport private-vlan host-association . . . . . . . . . . . . . 4-246switchport private-vlan mapping . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-134Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3

PORT CONFIGURATION3-135Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

CONFIGURING THE SWITCH3-136CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and t

PORT CONFIGURATION3-137Command Attributes• Mirror Sessions – Displays a list of current mirror sessions.• Source Unit – The unit whose port traffic wi

CONFIGURING THE SWITCH3-138Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or rece

PORT CONFIGURATION3-139CLI - This example sets the rate limit for input and output traffic passing through port 1 to 60 Mbps.Showing Port StatisticsYo

CONFIGURING THE SWITCH3-140Received Discarded PacketsThe number of inbound packets which were chosen to be discarded even though no errors had been de

PORT CONFIGURATION3-141Etherlike StatisticsAlignment Errors The number of alignment errors (missynchronized data packets). Late Collisions The number

CONFIGURING THE SWITCH3-142Internal MAC Receive ErrorsA count of frames for which reception on a particular interface fails due to an internal MAC sub

PORT CONFIGURATION3-14364 Bytes Frames The total number of frames (including bad packets) received and transmitted that were 64 octets in length (excl

TABLE OF CONTENTSxviIGMP Query Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-273ip igmp snooping querier . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-144Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

POWER OVER ETHERNET SETTINGS3-145CLI – This example shows statistics for port 13.Power Over Ethernet SettingsThe SMC6824MPE and SMC6826MPE can provide

CONFIGURING THE SWITCH3-146the power required by a device exceeds the power budget of the port or the whole switch, power is not supplied.Ports can be

POWER OVER ETHERNET SETTINGS3-147Web – Click PoE, Power Status.Figure 3-62 Displaying the Global PoE StatusCLI – This example displays the current po

CONFIGURING THE SWITCH3-148Web – Click PoE, Power Config. Specify the desired power budget for the switch. Click Apply.Figure 3-63 Setting the Switch

POWER OVER ETHERNET SETTINGS3-149Web – Click PoE, Power Port Status.Figure 3-64 Displaying Port PoE StatusCLI – This example displays the PoE status

CONFIGURING THE SWITCH3-150• If a device is connected to a critical or high-priority port and causes the switch to exceed its budget, port power is tu

ADDRESS TABLE SETTINGS3-151CLI – This example sets the PoE power budget for port 1 to 8 watts, the priority to high (2), and then enables the power.Ad

CONFIGURING THE SWITCH3-152Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address

ADDRESS TABLE SETTINGS3-153• VLAN – ID of configured VLAN (1-4093).• Address Table Sort Key – You can sort the information displayed based on MAC addr

TABLE OF CONTENTSxviiAPPENDICES:A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . .A-1Software Features . . . . . . . . . . .

CONFIGURING THE SWITCH3-154Changing the Aging TimeYou can change the aging time for entries in the dynamic address table. Command Attributes• Aging St

SPANNING TREE ALGORITHM CONFIGURATION3-155The spanning tree algorithms supported by this switch include these versions:• STP – Spanning Tree Protocol

CONFIGURING THE SWITCH3-156start learning, predefining an alternate route that can be used when a node or port fails, and retaining the forwarding dat

SPANNING TREE ALGORITHM CONFIGURATION3-157• Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., disc

CONFIGURING THE SWITCH3-158• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the high

SPANNING TREE ALGORITHM CONFIGURATION3-159Web – Click Spanning Tree, STA Information.Figure 3-69 Displaying the Spanning Tree AlgorithmCLI – This com

CONFIGURING THE SWITCH3-160Note: The current root port and current root cost display as zero when this device is not connected to the network.Configur

SPANNING TREE ALGORITHM CONFIGURATION3-161• Rapid Spanning Tree Protocol8RSTP supports connections to either STP or RSTP nodes by monitoring the incom

CONFIGURING THE SWITCH3-162- RSTP: Rapid Spanning Tree (IEEE 802.1w) RSTP is the default.- MSTP: Multiple Spanning Tree (IEEE 802.1s)• Default Priorit

SPANNING TREE ALGORITHM CONFIGURATION3-163• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discardi

TABLE OF CONTENTSxviii

CONFIGURING THE SWITCH3-164Web – Click Spanning Tree, STA Configuration. Modify the required attributes, and click Apply.Figure 3-70 Configuring the

SPANNING TREE ALGORITHM CONFIGURATION3-165CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MST

CONFIGURING THE SWITCH3-166- If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the

SPANNING TREE ALGORITHM CONFIGURATION3-167bridges, bridge ports, or LANs fail or are removed. The role is set to disabled (i.e., disabled port) if a p

CONFIGURING THE SWITCH3-168likely to be blocked if the Spanning Tree Algorithm is detecting network loops. Where more than one port is assigned the hi

SPANNING TREE ALGORITHM CONFIGURATION3-169CLI – This example shows general STA configuration and attributes for port 5. Configuring Interface Settings

CONFIGURING THE SWITCH3-170- Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receivi

SPANNING TREE ALGORITHM CONFIGURATION3-171• Admin Link Type – The link type attached to this interface.- Point-to-Point – A connection to exactly one

CONFIGURING THE SWITCH3-172CLI – This example sets STA attributes for port 5. Configuring Multiple Spanning Trees MSTP generates a unique spanning tre

SPANNING TREE ALGORITHM CONFIGURATION3-173Command Attributes• MST Instance – Instance identifier of this spanning tree. (Default: 0)• Priority – The p

xixTABLESTable 1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Table 1-2 System Defaults . . . . . . . . .

CONFIGURING THE SWITCH3-174CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 1 4-227

SPANNING TREE ALGORITHM CONFIGURATION3-175CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Displaying Interface Setti

CONFIGURING THE SWITCH3-176CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are global

SPANNING TREE ALGORITHM CONFIGURATION3-177Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usin

CONFIGURING THE SWITCH3-178when the Path Cost Method is set to short (page 3-63), the maximum path cost is 65,535.By default, the system automatically

VLAN CONFIGURATION3-179VLAN ConfigurationIEEE 802.1Q VLANsIn large networks, routers are used to isolate broadcast traffic for each subnet into separa

CONFIGURING THE SWITCH3-180Assigning Ports to VLANsBefore enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which

VLAN CONFIGURATION3-181Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN group

CONFIGURING THE SWITCH3-182should also determine security boundaries in the network and disable GVRP on ports to prevent advertisements being propagat

VLAN CONFIGURATION3-183by the frame tag. However, when this switch receives an untagged frame from a VLAN-unaware device, it first decides where to fo

TABLESxxTable 4-19 show logging flash/ram - display description . . . . . . . . 4-62Table 4-20 show logging trap - display description . . . . . .

CONFIGURING THE SWITCH3-184Displaying Basic VLAN InformationThe VLAN Basic Information page displays basic information on the VLAN type supported by t

VLAN CONFIGURATION3-185Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN and whether or not the port supports

CONFIGURING THE SWITCH3-186Command Attributes (CLI)• VLAN – ID of configured VLAN (1-4093, no leading zeroes).• Type – Shows how this VLAN was added t

VLAN CONFIGURATION3-187• VLAN ID – ID of configured VLAN (1-4093, no leading zeroes).• VLAN Name – Name of the VLAN (1 to 32 characters).• Status (Web

CONFIGURING THE SWITCH3-188CLI – This example creates a new VLAN.Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure por

VLAN CONFIGURATION3-189Command Attributes• VLAN – ID of configured VLAN (1-4093).• Name – Name of the VLAN (1 to 32 characters).• Status – Enables or

CONFIGURING THE SWITCH3-190Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if

VLAN CONFIGURATION3-191• Non-Member – VLANs for which the selected interface is not a tagged member.Web – Click VLAN, 802.1Q VLAN, Static Membership b

CONFIGURING THE SWITCH3-192• GARP – Group Address Registration Protocol is used by GVRP to register or deregister client attributes for client service

VLAN CONFIGURATION3-193• GARP Join Timer15 – The interval between transmitting requests/queries to participate in a VLAN group. (Range: 20-1000 centis

TABLESxxiTable 4-56 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . 4-204Table 4-57 VLAN Commands . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-194Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in the required settings for each interface,

VLAN CONFIGURATION3-195VLAN, and with their designated promiscuous ports. (Note that private VLANs and normal VLANs can exist simultaneously within th

CONFIGURING THE SWITCH3-196• Primary VLAN – The primary VLAN with which the selected VLAN is associated. (Note that this displays as VLAN 0 if the sel

VLAN CONFIGURATION3-197Configuring Private VLANs The Private VLAN Configuration page is used to create/remove primary or community VLANs.Command Attri

CONFIGURING THE SWITCH3-198Associating Community VLANsEach community VLAN must be associated with a primary VLAN.Command Attributes• Primary VLAN ID –

VLAN CONFIGURATION3-199Displaying Private VLAN Interface InformationUse the Private VLAN Port Information and Private VLAN Trunk Information menus to

CONFIGURING THE SWITCH3-200CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a pr

VLAN CONFIGURATION3-201promiscuous ports. If PVLAN Port Type is “Host,” then specify the associated secondary VLAN.Web – Click Private VLAN, Private V

CONFIGURING THE SWITCH3-202Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when

CLASS OF SERVICE CONFIGURATION3-203Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interfac

TABLESxxii

CONFIGURING THE SWITCH3-204Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using four prior

CLASS OF SERVICE CONFIGURATION3-205Web18 – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS v

CONFIGURING THE SWITCH3-206Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

CLASS OF SERVICE CONFIGURATION3-207Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determin

CONFIGURING THE SWITCH3-208CLI – The following example shows how to assign WRR weights of 1, 4, 16 and 64 to the CoS priority queues 0, 1, 2 and 3.Lay

CLASS OF SERVICE CONFIGURATION3-209• IP Precedence – Maps layer 3/4 priorities using IP Precedence.• IP DSCP – Maps layer 3/4 priorities using Differe

CONFIGURING THE SWITCH3-210Command Attributes• IP Precedence Priority Table – Shows the IP Precedence to CoS map.• Class of Service Value – Maps a CoS

CLASS OF SERVICE CONFIGURATION3-211Mapping DSCP PriorityThe DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DS

CONFIGURING THE SWITCH3-212Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS value to

CLASS OF SERVICE CONFIGURATION3-213CLI21 – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value

xxiiiFIGURESFigure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Figure 3-2 Front Panel Indicators . .

CONFIGURING THE SWITCH3-214Web – Click Priority, IP Port Status. Set IP Port Priority Status to Enabled. Figure 3-95 Globally Enabling the IP Port Pr

CLASS OF SERVICE CONFIGURATION3-215CLI22 – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 5

CONFIGURING THE SWITCH3-216Web – Click Priority, Copy Settings. Select the source priority settings to be copied, enter the source port or trunk numbe

CLASS OF SERVICE CONFIGURATION3-217Command UsageYou must configure an ACL mask before you can map CoS values to the rule.Command Attributes• Port – Po

CONFIGURING THE SWITCH3-218Changing Priorities Based on ACL RulesYou can change traffic priorities for frames matching the defined ACL rule. (This fea

CLASS OF SERVICE CONFIGURATION3-219Web – Click Priority, ACL Marker. Select a port and an ACL rule. To specify a ToS priority, mark the Precedence/DSC

CONFIGURING THE SWITCH3-220Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A

MULTICAST FILTERING3-221multicast host registration protocol that allows any host to inform its local router that it wants to receive transmissions ad

CONFIGURING THE SWITCH3-222Static IGMP Host Interface – For multicast applications that you need to control more carefully, you can manually assign a

MULTICAST FILTERING3-223• IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes ac

FIGURESxxivFigure 3-37 802.1X Global Information . . . . . . . . . . . . . . . . . . . . . . 3-89Figure 3-38 802802.1X Global Configuration . . . .

CONFIGURING THE SWITCH3-224CLI – This example modifies the settings for multicast filtering, and then displays the current status.Displaying Interface

MULTICAST FILTERING3-225Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display

CONFIGURING THE SWITCH3-226• Port or Trunk – Specifies the interface attached to a multicast router.Web – Click IGMP Snooping, Static Multicast Router

MULTICAST FILTERING3-227• Multicast Group Port List – Shows the interfaces that have already been assigned to the selected VLAN to propagate a specifi

CONFIGURING THE SWITCH3-228Assigning Ports to Multicast ServicesMulticast filtering can be dynamically configured using IGMP Snooping and IGMP Query m

CONFIGURING DOMAIN NAME SERVICE3-229CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services suppo

CONFIGURING THE SWITCH3-230through the domain list, appending each domain name in the list to the host name, and checking with the specified name serv

CONFIGURING DOMAIN NAME SERVICE3-231Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more

CONFIGURING THE SWITCH3-232CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specified, the

CONFIGURING DOMAIN NAME SERVICE3-233• Alias – Displays the host names that are mapped to the same address(es) as a previously configured entry.Web – S

FIGURESxxvFigure 3-74 MSTP Port Information . . . . . . . . . . . . . . . . . . . . . . . . 3-175Figure 3-75 MSTP Port Configuration . . . . . . . .

CONFIGURING THE SWITCH3-234CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses.Displayin

CONFIGURING DOMAIN NAME SERVICE3-235Web – Select DNS, Cache.Figure 3-107 Displaying the DNS CacheCLI - This example displays all the resource records

CONFIGURING THE SWITCH3-236

4-1CHAPTER 4COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the CLI

USING THE COMMAND LINE INTERFACE4-2After connecting to the system through the console port, the login screen displays:Telnet ConnectionTelnet operates

COMMAND LINE INTERFACE4-3After you configure the switch with an IP address, you can open a Telnet session by performing these steps.1. From the remote

ENTERING COMMANDS4-4You can enter commands as follows:• To enter a simple command, enter the command keyword. • To enter multiple commands, enter each

COMMAND LINE INTERFACE4-5Database). You can also display a list of valid keywords for a specific command. For example, the command “show ?” displays a

ENTERING COMMANDS4-6Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are pro

COMMAND LINE INTERFACE4-7mode. You can always enter a question mark “?” at the prompt to display a list of the commands available for the current mode

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerStack III 10/100Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsJune 20

FIGURESxxvi

ENTERING COMMANDS4-8Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands modify t

COMMAND LINE INTERFACE4-9To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to retu

ENTERING COMMANDS4-10Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

COMMAND LINE INTERFACE4-11Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command Group IndexC

COMMAND GROUPS4-12The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) PE

COMMAND LINE INTERFACE4-13Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial

LINE COMMANDS4-14lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax line {con

COMMAND LINE INTERFACE4-15loginThis command enables password checking at login. Use the no form to disable password checking and allow connections wit

LINE COMMANDS4-16Related Commandsusername (4-34)password (4-16)passwordThis command specifies the password for a line. Use the no form to remove the p

COMMAND LINE INTERFACE4-17Related Commandslogin (4-15)password-thresh (4-19)timeout login responseThis command sets the interval that the system waits

1-1CHAPTER 1INTRODUCTIONThese switches provide a broad range of features for Layer 2 switching. They include a management agent that allows you to con

LINE COMMANDS4-18exec-timeoutThis command sets the interval that the system waits until user input is detected. Use the no form to restore the default

COMMAND LINE INTERFACE4-19password-threshThis command sets the password intrusion threshold which limits the number of failed logon attempts. Use the

LINE COMMANDS4-20silent-timeThis command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempt

COMMAND LINE INTERFACE4-21Default Setting 8 data bits per characterCommand Mode Line Configuration Command Usage The databits command can be used to m

LINE COMMANDS4-22Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting.Ex

COMMAND LINE INTERFACE4-23stopbitsThis command sets the number of the stop bits transmitted per byte. Use the no form to restore the default setting.S

LINE COMMANDS4-24Example Related Commandsshow ssh (4-53)show users (4-80)show lineThis command displays the terminal line’s parameters.Syntax show lin

COMMAND LINE INTERFACE4-25General CommandsenableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, an

GENERAL COMMANDS4-26Command Usage • “super” is the default password required to change the command mode from Normal Exec to Privileged Exec. (To set t

COMMAND LINE INTERFACE4-27configureThis command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. Yo

INTRODUCTION1-2Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates th

GENERAL COMMANDS4-28Example In this example, the show history command lists the contents of the command history buffer:The ! command repeats commands

COMMAND LINE INTERFACE4-29Example This example shows how to reset the switch:endThis command returns to Privileged Exec mode.Default Setting NoneComma

GENERAL COMMANDS4-30Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI ses

COMMAND LINE INTERFACE4-31System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration optio

SYSTEM MANAGEMENT COMMANDS4-32Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to revert to the default prompt

COMMAND LINE INTERFACE4-33hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default host name.S

SYSTEM MANAGEMENT COMMANDS4-34User Access CommandsThe basic commands required for management access are listed in this section. This switch also inclu

COMMAND LINE INTERFACE4-35Default Setting • The default access level is Normal Exec. • The factory defaults for the user names and passwords are: Comm

SYSTEM MANAGEMENT COMMANDS4-36enable passwordAfter initially logging onto the system, you should set the Privileged Exec password. Remember to record

COMMAND LINE INTERFACE4-37Related Commandsenable (4-25)authentication enable (4-99)IP Filter CommandsmanagementThis command specifies the client IP ad

DESCRIPTION OF SOFTWARE FEATURES1-3priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicas

SYSTEM MANAGEMENT COMMANDS4-38Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the switch will

COMMAND LINE INTERFACE4-39ExampleWeb Server CommandsConsole#show management all-clientManagement Ip Filter Http-Client: Start ip address End ip

SYSTEM MANAGEMENT COMMANDS4-40ip http portThis command specifies the TCP port number used by the web browser interface. Use the no form to use the def

COMMAND LINE INTERFACE4-41ExampleRelated Commandsip http port (4-40)ip http secure-serverThis command enables the secure hypertext transfer protocol (

SYSTEM MANAGEMENT COMMANDS4-42• The following web browsers and operating systems currently support HTTPS:• To specify a secure-site certificate, see “

COMMAND LINE INTERFACE4-43Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If you change the HTTPS port number,

SYSTEM MANAGEMENT COMMANDS4-44Default Setting •Server: Enabled• Server Port: 23Command Mode Global ConfigurationExampleSecure Shell Commands The Berkl

COMMAND LINE INTERFACE4-45The SSH server on this switch supports both password and public key authentication. If password authentication is specified

SYSTEM MANAGEMENT COMMANDS4-46switch as described in the following section. Note that regardless of whether you use public key or password authenticat

COMMAND LINE INTERFACE4-475. Enable SSH Service – Use the ip ssh server command to enable the SSH server on the switch.6. Configure Challenge-Response

INTRODUCTION1-4switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of

SYSTEM MANAGEMENT COMMANDS4-48Command Usage • The SSH server supports up to four client sessions. The maximum number of client sessions includes both

COMMAND LINE INTERFACE4-49Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiat

SYSTEM MANAGEMENT COMMANDS4-50ip ssh server-key sizeThis command sets the SSH server key size. Use the no form to restore the default setting.Syntax i

COMMAND LINE INTERFACE4-51Example ip ssh crypto host-key generateUse this command to generate the host key pair (i.e., public and private). Syntax ip

SYSTEM MANAGEMENT COMMANDS4-52ip ssh crypto zeroizeThis command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa]•

COMMAND LINE INTERFACE4-53Default Setting Saves both the DSA and RSA key.Command Mode Privileged ExecExample Related Commandsip ssh crypto host-key ge

SYSTEM MANAGEMENT COMMANDS4-54Table 4-16 show ssh - display descriptionField DescriptionSession The session number. (Range: 0-3)Version The Secure S

COMMAND LINE INTERFACE4-55show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [userna

SYSTEM MANAGEMENT COMMANDS4-56Example Event Logging Commands Console#show public-key hostHost:RSA:1024 35 15684995401867669259333946775054617325313674

COMMAND LINE INTERFACE4-57logging onThis command controls logging of error messages, sending debug or error messages to switch memory. The no form dis

DESCRIPTION OF SOFTWARE FEATURES1-5IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switc

SYSTEM MANAGEMENT COMMANDS4-58• ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). • level - One of the syslog severit

COMMAND LINE INTERFACE4-59logging hostThis command adds a syslog server host IP address that will receive logging messages. Use the no form to remove

SYSTEM MANAGEMENT COMMANDS4-60Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effe

COMMAND LINE INTERFACE4-61clear logUse this command to clear messages from the log buffer.Syntax clear log [flash | ram]• flash - Event history stored

SYSTEM MANAGEMENT COMMANDS4-62Default Setting NoneCommand Mode Privileged ExecExampleThe following example shows that system logging is enabled, the m

COMMAND LINE INTERFACE4-63Related Commandsshow logging sendmail (4-68)show logThis command displays the log messages stored in local memory.Syntax sho

SYSTEM MANAGEMENT COMMANDS4-64ExampleThe following example shows the event message stored in RAM. SMTP Alert CommandsConfigures SMTP event handling, a

COMMAND LINE INTERFACE4-65Default Setting NoneCommand Mode Global ConfigurationCommand Usage • You can specify up to three SMTP servers for event hand

SYSTEM MANAGEMENT COMMANDS4-66Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to the c

COMMAND LINE INTERFACE4-67logging sendmail destination-emailThis command specifies the email recipients of alert messages. Use the no form to remove a

INTRODUCTION1-6for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each regi

SYSTEM MANAGEMENT COMMANDS4-68Exampleshow logging sendmailThis command displays the settings for the SMTP event handler.Command Mode Normal Exec, Priv

COMMAND LINE INTERFACE4-69sntp clientThis command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with t

SYSTEM MANAGEMENT COMMANDS4-70ExampleRelated Commandssntp server (4-70)sntp poll (4-71)show sntp (4-72)sntp serverThis command sets the IP address of

COMMAND LINE INTERFACE4-71Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client m

SYSTEM MANAGEMENT COMMANDS4-72Related Commandssntp client (4-69)show sntpThis command displays the current time and configuration settings for the SNT

COMMAND LINE INTERFACE4-73clock timezoneThis command sets the time zone for the switch’s internal clock.Syntaxclock timezone name hour hours minute mi

SYSTEM MANAGEMENT COMMANDS4-74calendar setThis command sets the system clock. It may be used if there is no time server on your network, or if you hav

COMMAND LINE INTERFACE4-75ExampleThis example shows how to display the current system clock setting. System Status Commandsshow startup-configThis com

SYSTEM MANAGEMENT COMMANDS4-76• This command displays settings for key command modes. Each mode group is separated by “!” symbols, and includes the co

COMMAND LINE INTERFACE4-77Related Commandsshow running-config (4-77)show running-configThis command displays the configuration information currently i

SYSTEM DEFAULTS1-7priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue. Multic

SYSTEM MANAGEMENT COMMANDS4-78ExampleRelated Commandsshow startup-config (4-75)Console#show running-config!IP address DHCP!phymap 00-04-e2-b3-16-c0 00

COMMAND LINE INTERFACE4-79show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Usa

SYSTEM MANAGEMENT COMMANDS4-80show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.

COMMAND LINE INTERFACE4-81Command Mode Normal Exec, Privileged ExecCommand Usage See “Displaying Switch Hardware/Software Versions” on page 3-15 for d

FLASH/FILE COMMANDS4-82copy Use this command to move (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP

COMMAND LINE INTERFACE4-83Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not co

FLASH/FILE COMMANDS4-84Example The following example shows how to upload the configuration settings to a file on the TFTP server.The following example

COMMAND LINE INTERFACE4-85This example shows how to copy a public-key used by SSH from an TFTP server. Note that public key authentication via SSH is

FLASH/FILE COMMANDS4-86deleteThis command deletes a file or image.Syntax delete [unit:] filenamefilename - Name of the configuration file or image nam

COMMAND LINE INTERFACE4-87dirThis command displays a list of files in flash memory.Syntax dir [unit:] {{boot-rom: | config: | opcode:} [filename]}The

INTRODUCTION1-8Authentication Privileged Exec Level Username “admin”Password “admin”Normal Exec Level Username “guest”Password “guest”Enable Privilege

FLASH/FILE COMMANDS4-88ExampleThe following example shows how to display all file information: whichbootThis command displays which files were booted

COMMAND LINE INTERFACE4-89boot systemUse this command to specify the file or image used to start up the system.Syntax boot system [unit:] {boot-rom| c

POWER OVER ETHERNET COMMANDS4-90Power over Ethernet CommandsThe commands in this group control the power that can be delivered to attached PoE devices

COMMAND LINE INTERFACE4-91power mainpower maximum allocationThis command defines a power budget for the switch (i.e., the power available to all switc

POWER OVER ETHERNET COMMANDS4-92Default Setting DisabledCommand Mode Global ConfigurationCommand Usage • The switch automatically detects attached PoE

COMMAND LINE INTERFACE4-93power inlineThis command instructs the switch to automatically detect if a PoE-compliant device is connected to the specifie

POWER OVER ETHERNET COMMANDS4-94Command Mode Interface ConfigurationCommand Usage If a device is connected to a switch port and the switch detects tha

COMMAND LINE INTERFACE4-95• Power is dropped from low-priority ports in sequence starting from port number 1.ExampleRelated Commandspower mainpower ma

POWER OVER ETHERNET COMMANDS4-96show power mainpowerUse this command to display the current power status for the switch.Command Mode Privileged ExecEx

COMMAND LINE INTERFACE4-97Authentication Commands You can configure this switch to authenticate users logging into the system for management access us

SYSTEM DEFAULTS1-9Power over Ethernet*Status Enabled (all ports)Rate Limiting Input and output limits DisabledPort Trunking Static Trunks NoneLACP Dis

AUTHENTICATION COMMANDS4-98authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the def

COMMAND LINE INTERFACE4-99Example Related Commandsusername - for setting the local user names and passwords (4-34)authentication enableThis command de

AUTHENTICATION COMMANDS4-100• You can specify three authentication methods in a single command to indicate the authentication sequence. For example, i

COMMAND LINE INTERFACE4-101radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each

AUTHENTICATION COMMANDS4-102radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax radius-s

COMMAND LINE INTERFACE4-103Example radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radi

AUTHENTICATION COMMANDS4-104Command Mode Global ConfigurationExample show radius-serverThis command displays the current settings for the RADIUS serve

COMMAND LINE INTERFACE4-105TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses soft

AUTHENTICATION COMMANDS4-106tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Syntax ta

COMMAND LINE INTERFACE4-107Example show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mod

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

INTRODUCTION1-10IP Settings Management VLAN 1IP Address 0.0.0.0Subnet Mask 255.0.0.0Default Gateway 0.0.0.0DHCP EnabledBOOTP DisabledMulticast Filteri

AUTHENTICATION COMMANDS4-108port securityThis command enables or configures port security. Use the no form without any keywords to disable port securi

COMMAND LINE INTERFACE4-109Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

AUTHENTICATION COMMANDS4-110802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized ac

COMMAND LINE INTERFACE4-111dot1x system-auth-controlThis command enables IEEE 802.1X port authentication globally on the switch. Use the no form to re

AUTHENTICATION COMMANDS4-112Default2 Command ModeInterface ConfigurationExampledot1x port-controlThis command sets the dot1x mode on a port interface.

COMMAND LINE INTERFACE4-113dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the

AUTHENTICATION COMMANDS4-114dot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-authenticat

COMMAND LINE INTERFACE4-115dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceeded

AUTHENTICATION COMMANDS4-116Exampledot1x timeout tx-periodThis command sets the time that an interface on the switch waits during an authentication se

COMMAND LINE INTERFACE4-117Command ModePrivileged ExecCommand UsageThis command displays the following information: • Global 802.1X Parameters – Shows

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

AUTHENTICATION COMMANDS4-118- Supplicant– MAC address of authorized client.- Current Identifier– The integer (0-255) used by the Authenticator to iden

COMMAND LINE INTERFACE4-119Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

ACCESS CONTROL LIST COMMANDS4-120soon as it matches a deny rule. If no rules match for a list of all permit rules, the packet is dropped; and if no ru

COMMAND LINE INTERFACE4-121• Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown pac

ACCESS CONTROL LIST COMMANDS4-122IP ACLs Table 4-36 IP ACL CommandsCommand Function Mode Pageaccess-list ip Creates an IP ACL and enters configurati

COMMAND LINE INTERFACE4-123access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the

ACCESS CONTROL LIST COMMANDS4-124access-list ip extended fragment-auto-maskThis command automatically creates extra masks to support fragmented ACL en

COMMAND LINE INTERFACE4-125Command ModeStandard ACLCommand Usage• New rules are appended to the end of the list.• Address bitmasks are similar to a su

ACCESS CONTROL LIST COMMANDS4-126[no] {permit | deny} tcp {any | source address-bitmask | host source} {any | destination address-bitmask | host desti

COMMAND LINE INTERFACE4-127with the address for each IP packet entering the port(s) to which this ACL has been assigned.• You can specify both Precede

INITIAL CONFIGURATION2-2The switch’s CLI configuration program, web interface, and SNMP agent allow you to perform the following management functions:

ACCESS CONTROL LIST COMMANDS4-128This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Related Comman

COMMAND LINE INTERFACE4-129access-list ip mask-precedence This command changes to the IP Mask mode used to configure access control masks. Use the no

ACCESS CONTROL LIST COMMANDS4-130mask (IP ACL)This command defines a mask for IP ACLs. This mask defines the fields to check in the IP header. Use the

COMMAND LINE INTERFACE4-131determined by the mask, and not the order in which the ACL rules were entered.• First create the required ACLs and ingress

ACCESS CONTROL LIST COMMANDS4-132This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit

COMMAND LINE INTERFACE4-133This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets.

ACCESS CONTROL LIST COMMANDS4-134Example Related Commandsmask (IP ACL) (4-130)ip access-group This command binds a port to an IP ACL. Use the no form

COMMAND LINE INTERFACE4-135Related Commandsshow ip access-list (4-128)show ip access-groupThis command shows the ports assigned to IP ACLs.Command Mod

ACCESS CONTROL LIST COMMANDS4-136• A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following t

COMMAND LINE INTERFACE4-137Related Commandsmap access-list ip (4-135)match access-list ip This command changes the IEEE 802.1p priority, IP Precedence

CONNECTING TO THE SWITCH2-3Required ConnectionsThe switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring

ACCESS CONTROL LIST COMMANDS4-138IP frame header can include either the IP Precedence or DSCP priority type.• The precedence for priority mapping by t

COMMAND LINE INTERFACE4-139access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the sp

ACCESS CONTROL LIST COMMANDS4-140Command Usage• An egress ACL must contain all deny rules.• When you create a new ACL or enter configuration mode for

COMMAND LINE INTERFACE4-141[no] {permit | deny} untagged-eth2{any | host source | source address-bitmask} {any | host destination | destination addres

ACCESS CONTROL LIST COMMANDS4-142• A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include the

COMMAND LINE INTERFACE4-143access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no fo

ACCESS CONTROL LIST COMMANDS4-144mask (MAC ACL)This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. U

COMMAND LINE INTERFACE4-145ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the ru

ACCESS CONTROL LIST COMMANDS4-146show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs.Syntaxshow acce

COMMAND LINE INTERFACE4-147• If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the

INITIAL CONFIGURATION2-4Notes: 1. When using HyperTerminal with Microsoft® Windows® 2000, make sure that you have Windows 2000 Service Pack 2 or later

ACCESS CONTROL LIST COMMANDS4-148Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command Usage• You must configure an ACL mask before

COMMAND LINE INTERFACE4-149Command ModePrivileged ExecExample Related Commandsmap access-list mac (4-147)match access-list mac This command changes th

ACCESS CONTROL LIST COMMANDS4-150Related Commands show marking (4-138)ACL Informationshow access-listThis command shows all ACLs and associated rules,

COMMAND LINE INTERFACE4-151show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample SNMP CommandsContr

SNMP COMMANDS4-152snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form

COMMAND LINE INTERFACE4-153show snmpThis command can be used to check the status of SNMP communications.Default Setting NoneCommand Mode Normal Exec,

SNMP COMMANDS4-154snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified commu

COMMAND LINE INTERFACE4-155Default Setting NoneCommand Mode Global ConfigurationExampleRelated Commandssnmp-server location (4-155)snmp-server locatio

SNMP COMMANDS4-156snmp-server hostThis command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form

COMMAND LINE INTERFACE4-157Default Setting • Host Address: None• Notification Type: Traps•SNMP Version: 1• UDP Port: 162Command Mode Global Configurat

STACK OPERATIONS2-5Note: The onboard program only provides access to basic configuration functions. To access the full range of SNMP management functi

SNMP COMMANDS4-1583. Specify the target host that will receive inform messages with the snmp-server host command as described in this section.4. Creat

COMMAND LINE INTERFACE4-159snmp-server enable trapsThis command enables this device to send Simple Network Management Protocol traps or informs (i.e.,

SNMP COMMANDS4-160ExampleRelated Commandssnmp-server host (4-156)snmp-server engine-idThis command configures an identification string for the SNMPv3

COMMAND LINE INTERFACE4-161the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent. You therefore need

SNMP COMMANDS4-162snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Syntax

COMMAND LINE INTERFACE4-163ExamplesThis view includes MIB-2.This view includes the MIB-2 interfaces table, ifDescr. The wild card is used to select al

SNMP COMMANDS4-164snmp-server groupThis command adds an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP group.Syntax s

COMMAND LINE INTERFACE4-165Command Usage • A group sets the access policy for the assigned users.• When authentication is selected, the MD5 or SHA alg

SNMP COMMANDS4-166Group Name: publicSecurity Model: v2cRead View: defaultviewWrite View: noneNotify View: noneStorage Type: volatileRow Status: active

COMMAND LINE INTERFACE4-167snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View. U

INITIAL CONFIGURATION2-6Resilient IP Interface for Management Access The stack functions as one integral system for management and configuration purpo

SNMP COMMANDS4-168ID with the snmp-server engine-id command before using this configuration command.• Before you configure a remote user, use the snmp

COMMAND LINE INTERFACE4-169show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngine

INTERFACE COMMANDS4-170Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

COMMAND LINE INTERFACE4-171interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a trun

INTERFACE COMMANDS4-172Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel)Example The following example adds a descripti

COMMAND LINE INTERFACE4-173•When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities

INTERFACE COMMANDS4-174Example The following example configures port 11 to use autonegotiationRelated Commands negotiation (4-173)speed-duplex (4-172)

COMMAND LINE INTERFACE4-175Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings fo

INTERFACE COMMANDS4-176• To force flow control on or off (with the flowcontrol or no flowcontrol command), use the no negotiation command to disable a

COMMAND LINE INTERFACE4-177Example The following example disables port 5.switchport broadcast packet-rateThis command configures broadcast storm contr

BASIC CONFIGURATION2-74. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level. Set

INTERFACE COMMANDS4-178clear countersThis command clears statistics on an interface.Syntaxclear counters interfaceinterface • ethernet unit/port- unit

COMMAND LINE INTERFACE4-179show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface

INTERFACE COMMANDS4-180Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interfac

COMMAND LINE INTERFACE4-181Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items disp

INTERFACE COMMANDS4-182show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax sh

COMMAND LINE INTERFACE4-183Table 4-47 show interfaces switchport - display descriptionField DescriptionBroadcast threshold Shows if broadcast storm

MIRROR PORT COMMANDS4-184Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port.port monitorThis command

COMMAND LINE INTERFACE4-185• The destination port is set by specifying an Ethernet interface. • The mirror port and monitor port speeds should match,

RATE LIMIT COMMANDS4-186Example The following shows mirroring configured from port 6 to port 11:Rate Limit CommandsThis function allows the network ma

COMMAND LINE INTERFACE4-187rate-limitThis command defines the rate limit for a specific interface. Use this command without specifying a rate to resto

INITIAL CONFIGURATION2-8Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network. Note: Only on

LINK AGGREGATION COMMANDS4-188Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth

COMMAND LINE INTERFACE4-189Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding net

LINK AGGREGATION COMMANDS4-190channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk.Syntax channel-group ch

COMMAND LINE INTERFACE4-191Command Mode Interface Configuration (Ethernet)Command Usage • The ports on both ends of an LACP trunk must be configured f

LINK AGGREGATION COMMANDS4-192lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default s

COMMAND LINE INTERFACE4-193• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configuri

LINK AGGREGATION COMMANDS4-194• Once the remote side of a link has been established, LACP operational settings are already in use on that side. Config

COMMAND LINE INTERFACE4-195Examplelacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax

LINK AGGREGATION COMMANDS4-196show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors | sys-i

COMMAND LINE INTERFACE4-197Marker Received Number of valid Marker PDUs received by this channel group.LACPDUs Unknown PktsNumber of frames received th

BASIC CONFIGURATION2-94. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,”

LINK AGGREGATION COMMANDS4-198LACP Port PriorityLACP port priority assigned to this interface within the channel group.Admin State,Oper StateAdministr

COMMAND LINE INTERFACE4-199Console#show lacp 1 neighborsChannel group 1 neighbors---------------------------------------------------------------------

ADDRESS TABLE COMMANDS4-200Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

COMMAND LINE INTERFACE4-201mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an ad

ADDRESS TABLE COMMANDS4-202Exampleclear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the

COMMAND LINE INTERFACE4-203Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Address Table contains the MAC addresses associated

SPANNING TREE COMMANDS4-204Command Mode Global ConfigurationCommand Usage The aging time is used to age out dynamically learned forwarding information

COMMAND LINE INTERFACE4-205spanning-tree hello-time Configures the spanning tree bridge hello time GC 4-209spanning-tree max-age Configures the spann

SPANNING TREE COMMANDS4-206spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax

COMMAND LINE INTERFACE4-207ensure that only one route exists between any two stations on the network, and provide backup links which automatically tak

iLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

INITIAL CONFIGURATION2-104. Type “ip dhcp restart” to begin broadcasting service requests. Press <Enter>.5. Wait a few minutes, and then check t

SPANNING TREE COMMANDS4-208• Rapid Spanning Tree ProtocolRSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol mes

COMMAND LINE INTERFACE4-209Default Setting 15 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) th

SPANNING TREE COMMANDS4-210Examplespanning-tree max-ageThis command configures the spanning tree bridge maximum age globally for this switch. Use the

COMMAND LINE INTERFACE4-211spanning-tree default priorityUse this command to configure the spanning-tree priority to use increments specified by IEEE

SPANNING TREE COMMANDS4-212Default Setting 32768Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device, r

COMMAND LINE INTERFACE4-213Command Usage The path cost method is used to determine the best path between devices. Therefore, lower values should be as

SPANNING TREE COMMANDS4-214spanning-tree backup-root This command adjusts the bridge priority in an attempt to take over as the new root bridge if it

COMMAND LINE INTERFACE4-215Related Commands mst vlan (4-215)mst priority (4-216)name (4-217)revision (4-218)max-hops (4-218)mst vlanThis command adds

SPANNING TREE COMMANDS4-216MSTI region as a single node, connecting all regions to the Common Spanning Tree.Example mst priorityThis command configure

COMMAND LINE INTERFACE4-217Example nameThis command configures the name for the multiple spanning tree region in which this switch is located. Use the

BASIC CONFIGURATION2-11entire MIB tree. However, you may assign new views to version 1 or 2c community strings that suit your specific security requir

SPANNING TREE COMMANDS4-218revisionThis command configures the revision number for this multiple spanning tree configuration of this switch. Use the n

COMMAND LINE INTERFACE4-219Default Setting 20Command Mode MST ConfigurationCommand Usage An MSTI region is treated as a single node by the STP and RST

SPANNING TREE COMMANDS4-220spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to rest

COMMAND LINE INTERFACE4-221spanning-tree port-priority Use this command to configure the priority for the specified interface. Use the no form to rest

SPANNING TREE COMMANDS4-222Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • You can enable this op

COMMAND LINE INTERFACE4-223Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command is used to enable/disable the fas

SPANNING TREE COMMANDS4-224Default SettingautoCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Specify a point-to-point li

COMMAND LINE INTERFACE4-225Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex: 2

SPANNING TREE COMMANDS4-226Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the priority for the use

COMMAND LINE INTERFACE4-227Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, i

INITIAL CONFIGURATION2-12community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.Tr

SPANNING TREE COMMANDS4-228•Use the show spanning-tree interface command to display the spanning tree configuration for an interface within the Common

COMMAND LINE INTERFACE4-229show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Command Mode Privile

VLAN COMMANDS4-230VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the sa

COMMAND LINE INTERFACE4-231Command Mode Global ConfigurationCommand Usage • Use the VLAN database command mode to add, change, and delete VLANs. After

VLAN COMMANDS4-232Command Mode VLAN Database ConfigurationCommand Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN na

COMMAND LINE INTERFACE4-233interface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLAN parameters for a

VLAN COMMANDS4-234switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax switchpor

COMMAND LINE INTERFACE4-235switchport acceptable-frame-typesThis command configures the acceptable frame types for a port. Use the no form to restore

VLAN COMMANDS4-236switchport ingress-filteringThis command enables ingress filtering for an interface. Use the no form to restore the default.Syntax [

COMMAND LINE INTERFACE4-237switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the d

BASIC CONFIGURATION2-13used for authentication, provides the password “greenpeace” for authentication, and the password “einstien” for encryption.For

VLAN COMMANDS4-238switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

COMMAND LINE INTERFACE4-239• If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed f

VLAN COMMANDS4-240Example The following example shows how to prevent port 1 from being added to VLAN 3:Displaying VLAN Informationshow vlanThis comman

COMMAND LINE INTERFACE4-241Example The following example shows how to display information for VLAN 1:Configuring Private VLANsPrivate VLANs provide po

VLAN COMMANDS4-242To configure private VLANs, follow these steps:1. Use the private-vlan command to designate one or more community VLANs and the prim

COMMAND LINE INTERFACE4-243private-vlanUse this command to create a primary or secondary (i.e., community) private VLAN. Use the no form to remove the

VLAN COMMANDS4-244private-vlan associationUse this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no form to rem

COMMAND LINE INTERFACE4-245switchport mode private-vlanUse this command to set the private VLAN mode for an interface. Use the no form to restore the

VLAN COMMANDS4-246switchport private-vlan host-associationUse this command to associate an interface with a secondary VLAN. Use the no form to remove

COMMAND LINE INTERFACE4-247Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel) Command UsagePromiscuous ports assigned t

INITIAL CONFIGURATION2-14Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

GVRP AND BRIDGE EXTENSION COMMANDS4-248ExampleGVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchang

COMMAND LINE INTERFACE4-249bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] bridge-ext gvrp

GVRP AND BRIDGE EXTENSION COMMANDS4-250Exampleswitchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchpor

COMMAND LINE INTERFACE4-251Default Setting Shows both global and interface-specific configuration.Command Mode Normal Exec, Privileged ExecExamplegarp

GVRP AND BRIDGE EXTENSION COMMANDS4-252unless you are experiencing difficulties with GMRP or GVRP registration/deregistration.• Timer values are appli

COMMAND LINE INTERFACE4-253ExampleRelated Commandsgarp timer (4-251)Priority CommandsThe commands described in this section allow you to specify which

PRIORITY COMMANDS4-254Priority Commands (Layer 2) queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the

COMMAND LINE INTERFACE4-255Command Mode Global ConfigurationCommand Usage You can set the switch to service the queues based on a strict rule that req

PRIORITY COMMANDS4-256Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights.Example The following example sho

COMMAND LINE INTERFACE4-257the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. • This switch prov

CONFIGURING POWER OVER ETHERNET2-15Configuring Power over EthernetThe 24 10/100 Mbps ports on the SMC6824MPE and SMC6826MPE support the IEEE 802.3af P

PRIORITY COMMANDS4-258Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each

COMMAND LINE INTERFACE4-259show queue modeThis command shows the current queue mode.Default Setting NoneCommand Mode Privileged ExecExample show queue

PRIORITY COMMANDS4-260show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]interface • ethernet

COMMAND LINE INTERFACE4-261map ip port (Global Configuration)This command enables IP port mapping (i.e., class of service mapping for TCP/UDP sockets)

PRIORITY COMMANDS4-262map ip port (Interface Configuration)This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form to remove

COMMAND LINE INTERFACE4-263Command Mode Global ConfigurationCommand Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP,

PRIORITY COMMANDS4-264Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.• IP P

COMMAND LINE INTERFACE4-265Example The following example shows how to enable IP DSCP mapping globally:map ip dscp (Interface Configuration)This comman

PRIORITY COMMANDS4-266• DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard, a

COMMAND LINE INTERFACE4-267Related Commands map ip port (Global Configuration) (4-261)map ip port (Interface Configuration) (4-262) show map ip preced

INITIAL CONFIGURATION2-16

PRIORITY COMMANDS4-268show map ip dscpThis command shows the IP DSCP priority map.Syntax show map ip dscp [interface]interface • ethernet unit/port -

COMMAND LINE INTERFACE4-269Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts tha

MULTICAST FILTERING COMMANDS4-270ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp

COMMAND LINE INTERFACE4-271Example The following shows how to statically configure a multicast group on a port:ip igmp snooping versionThis command co

MULTICAST FILTERING COMMANDS4-272show ip igmp snoopingThis command shows the IGMP snooping configuration.Default Setting NoneCommand Mode Privileged E

COMMAND LINE INTERFACE4-273Command Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on selected options.Exampl

MULTICAST FILTERING COMMANDS4-274Default Setting EnabledCommand Mode Global ConfigurationCommand Usage If enabled, the switch will serve as querier if

COMMAND LINE INTERFACE4-275query-max- response-time. If the countdown finishes, and the client still has not responded, then that client is considered

MULTICAST FILTERING COMMANDS4-276ip igmp snooping query-max-response-timeThis command configures the snooping report delay. Use the no form of this co

COMMAND LINE INTERFACE4-277ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.S

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the sw

MULTICAST FILTERING COMMANDS4-278Static Multicast Routing Commandsip igmp snooping vlan mrouterThis command statically configures a multicast router p

COMMAND LINE INTERFACE4-279Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snooping mrouter

IP INTERFACE COMMANDS4-280IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for t

COMMAND LINE INTERFACE4-281Default Setting DHCPCommand Mode Interface Configuration (VLAN)Command Usage • You must assign an IP address to this device

IP INTERFACE COMMANDS4-282ip default-gatewayThis command establishes a static route between this switch and devices that exist on another network segm

COMMAND LINE INTERFACE4-283Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP

IP INTERFACE COMMANDS4-284show ip redirectsThis command shows the default gateway configured for this device.Default Setting NoneCommand Mode Privileg

COMMAND LINE INTERFACE4-285• Following are some results of the ping command: - Normal response -The normal response occurs in one to ten seconds, depe

DNS COMMANDS4-286DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS d

COMMAND LINE INTERFACE4-287ip hostThis command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form to remo

CONFIGURING THE SWITCH3-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is

DNS COMMANDS4-288clear hostThis command deletes entries from the DNS table.Syntax clear host {name | *}• name - Name of the host. (Range: 1-255 charac

COMMAND LINE INTERFACE4-289ExampleRelated Commands ip domain-list (4-289)ip name-server (4-290)ip domain-lookup (4-291)ip domain-listThis command defi

DNS COMMANDS4-290• If there is no domain list, the domain name specified with the ip domain-name command is used. If there is a domain list, the defau

COMMAND LINE INTERFACE4-291Command Usage The listed name servers are queried in the specified sequence until a response is received, or the end of the

DNS COMMANDS4-292ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (4-288)ip name-server (4-290)show

COMMAND LINE INTERFACE4-293show dnsThis command displays the configuration of the DNS server.Command Mode Privileged ExecExampleshow dns cacheThis com

DNS COMMANDS4-294clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleTable 4-75 Show DNS Output Descr

A-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS (HTTP/SSL), SSH, Port SecurityAccess Co

SOFTWARE SPECIFICATIONSA-2Port TrunkingStatic trunks (Cisco EtherChannel compliant)Dynamic trunks (Link Aggregation Control Protocol)Spanning Tree Pro

SOFTWARE SPECIFICATIONSA-3SNMPv3Management access via MIB databaseTrap management to specified hostsRMONGroups 1, 2, 3, 9 (Statistics, History, Alarm,

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the Web-browser interface you must first enter a user name and pa

SOFTWARE SPECIFICATIONSA-4Management Information BasesBridge MIB (RFC 1493)Entity MIB (RFC 2737)Ether-like MIB (RFC 2665)Extended Bridge MIB (RFC 2674

B-1APPENDIX BTROUBLESHOOTINGProblems Accessing the Management InterfaceTable B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet, web

TROUBLESHOOTINGB-2Cannot connect using Secure Shell• If you cannot connect using SSH, you may have exceeded the maximum number of concurrent Telnet/SS

USING SYSTEM LOGSB-3Using System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually cau

TROUBLESHOOTINGB-4

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GLOSSARYGlossary-2Dynamic Host Control Protocol (DHCP)Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is

GLOSSARYGlossary-3IEEE 802.1QVLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to differ

GLOSSARYGlossary-4IGMP QueryOn each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on

GLOSSARYGlossary-5Link AggregationSee Port Trunk. Link Aggregation Control Protocol (LACP)Allows ports to automatically negotiate a trunked link with

LIMITED WARRANTYiiWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT O

CONFIGURING THE SWITCH3-4Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made

GLOSSARYGlossary-6Port TrunkDefines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that

GLOSSARYGlossary-7Simple Network Time Protocol (SNTP)SNTP allows a device to set its internal clock based on periodic updates from a Network Time Prot

GLOSSARYGlossary-8Virtual LAN (VLAN)A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical l

Index-1Numerics802.1Xconfigure 3-88, 4-110port authentication 3-88, 4-110AAccess Control Lists See ACLACLconfiguration guidelines 3-98, 4-119Extended

INDEXIndex-2Hhardware version, displaying 3-15, 4-80HTTPS, secure server 3-75, 4-41IIEEE 802.1D 3-155, 4-207IEEE 802.1s 3-155, 4-207IEEE 802.1w 3-155,

INDEXIndex-3power budgetsport 3-147, 4-93port priority 3-150, 4-94Power over Ethernetconfiguring 2-15priority, default port ingress 3-202, 4-256priori

INDEXIndex-4WWeb interfaceaccess requirements 3-1configuration buttons 3-4home page 3-3menu list 3-6panel display 3-5

38 TeslaIrvine, CA 92618Phone: (949) 679-8000Model Numbers: SMC6824M (F2.4.2.13)SMC6824MPE (F 2.4.2.11)SMC6826MPE (F2.4.2.11)Pub.Number: 150200037700A

NAVIGATING THE WEB BROWSER INTERFACE3-5Panel DisplayThe web agent displays an image of the switch’s ports. The Mode can be set to display different in

CONFIGURING THE SWITCH3-6Main MenuUsing the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or

NAVIGATING THE WEB BROWSER INTERFACE3-7SNTP 3-43Configuration Configures SNTP client settings, including broadcast mode or a specified list of server

CONFIGURING THE SWITCH3-8 802.1X Port authentication 3-88Information Displays the global configuration setting 3-89Configuration Configures the glob

NAVIGATING THE WEB BROWSER INTERFACE3-9Broadcast Control Sets the broadcast storm threshold for each port3-135Mirror Port Configuration Sets the sourc

CONFIGURING THE SWITCH3-10Trunk Configuration Configures individual trunk settings for STA 3-169MSTP VLAN Configuration Configures priority and VLANs

NAVIGATING THE WEB BROWSER INTERFACE3-11Private VLAN 3-194Information Shows private VLANs and associated ports 3-195Configuration Configures private

CONFIGURING THE SWITCH3-12Copy Settings Enables mapping IP Precedence and DSCP Priority settings to ports, or trunks.3-215ACL CoS Priority Sets the C

BASIC CONFIGURATION3-13Basic ConfigurationDisplaying System InformationYou can easily identify the system by providing a descriptive name, location an

iiiTABLE OF CONTENTS1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Key Features . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-14Web – Click System, System Information. Specify the system name, location, and contact information for the system administra

BASIC CONFIGURATION3-15CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inform

CONFIGURING THE SWITCH3-16• Internal Power Status – Displays the status of the internal power supply.Management Software• Loader Version – Version num

BASIC CONFIGURATION3-17Web – Click System, Switch Information.Figure 3-4 General Switch InformationCLI – Use the following command to display version

CONFIGURING THE SWITCH3-18Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filter

BASIC CONFIGURATION3-19Web – Click System, Bridge Extension.Figure 3-5 Displaying Bridge Extension ConfigurationCLI – Enter the following command.Set

CONFIGURING THE SWITCH3-20You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Val

BASIC CONFIGURATION3-21Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, set

CONFIGURING THE SWITCH3-22Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

BASIC CONFIGURATION3-23Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or th

TABLE OF CONTENTSivBasic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13Displaying System Informa

CONFIGURING THE SWITCH3-24• File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period

BASIC CONFIGURATION3-25If you download to a new destination file, go to the File, Set Start-Up menu, mark the operation code file used at startup, and

CONFIGURING THE SWITCH3-26CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file type

BASIC CONFIGURATION3-27- file to startup-config - Copies a file in the switch to the startup configuration.- file to tftp - Copies a file from the swi

CONFIGURING THE SWITCH3-28Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set i

BASIC CONFIGURATION3-29If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automatically set as the start

CONFIGURING THE SWITCH3-30This example shows how to download a PoE controller file from a TFTP server.This example shows how to copy a PoE controller

BASIC CONFIGURATION3-31• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon

CONFIGURING THE SWITCH3-32Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply.Figure 3-13

BASIC CONFIGURATION3-33Telnet SettingsYou can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Manag

TABLE OF CONTENTSvReplacing the Default Secure-site Certificate . . . . . . . . . . 3-77Configuring the Secure Shell . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-34Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.Figure 3-14 Configu

BASIC CONFIGURATION3-35Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that are

CONFIGURING THE SWITCH3-36Command Attributes• System Log Status – Enables/disables the logging of debug or error messages to the logging process.• Fla

BASIC CONFIGURATION3-37Web – Click System, Log, System Logs. Specify the System Log Status, set the level of event messages to be logged to RAM and fl

CONFIGURING THE SWITCH3-38This attribute specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind

BASIC CONFIGURATION3-39CLI – Enter the syslog server host IP address, choose the facility type and set the minimum level of messages to be logged.Disp

CONFIGURING THE SWITCH3-40CLI – This example shows the event message stored in RAM.Sending Simple Mail Transfer Protocol AlertsTo alert system adminis

BASIC CONFIGURATION3-41Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP

CONFIGURING THE SWITCH3-42CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and speci

BASIC CONFIGURATION3-43CLI – Use the reload command to reboot the system.Note:When restarting the system, it always runs the Power-On Self-Test.Settin