SMC Networks SMC8624/48T User Manual

TigerSwitch 10/100/1000Gigabit Ethernet Switch◆ 24/48 auto-MDI/MDI-X 10/100/1000BASE-T ports◆ 4 ports shared with 4 SFP transceiver slots◆ Non-blockin

CONTENTSviAdding Static Members to VLANs (Port Index) . . . . . . . . . . 3-153Configuring VLAN Behavior for Interfaces . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-52The operation of 802.1x on the switch requires the following:• The switch must have an IP address assigned.• RADIUS authenti

USER AUTHENTICATION3-53Command Attributes • 802.1x Re-authentication – Indicates if switch port requires a client to be re-authenticated after a certa

CONFIGURING THE SWITCH3-54CLI – This example shows the default protocol settings for 802.1x. For a description of the additional entries displayed in

USER AUTHENTICATION3-55Configuring 802.1x Global SettingsThe dot1x protocol includes global parameters that control the client authentication process

CONFIGURING THE SWITCH3-56Web – Select Security, 802.1x, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, a

USER AUTHENTICATION3-57• Max Count – The maximum number of hosts that can connect to a port when the Multi-Host operation mode is selected. (Range: 1-

CONFIGURING THE SWITCH3-58CLI – This example sets the authentication mode to enable 802.1x on port 2, and allows up to ten clients to connect to this

USER AUTHENTICATION3-59Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistic

CONFIGURING THE SWITCH3-60CLI – This example displays the 802.1x statistics for port 4.Access Control ListsAccess Control Lists (ACL) provide packet f

ACCESS CONTROL LISTS3-61Command UsageThe following restrictions apply to ACLs:• Each ACL can have up to 32 rules.• The maximum number of ACLs is also

CONTENTSviiEntering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4Keywords and Arguments . . . . . . .

CONFIGURING THE SWITCH3-62Command Attributes• Name – Name of the ACL. (Maximum length: 16 characters)• Type – There are three filtering modes:- Stand

ACCESS CONTROL LISTS3-63Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain all permit rules or all deny rules. (Default: Per

CONFIGURING THE SWITCH3-64CLI – This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.

ACCESS CONTROL LISTS3-65• Control Bitmask – Decimal number representing the code bits to match.The control bitmask is a decimal number (for an equival

CONFIGURING THE SWITCH3-66Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (A

ACCESS CONTROL LISTS3-673. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Configuring a MAC ACLComma

CONFIGURING THE SWITCH3-68• Packet Format – This attribute includes the following packet types:- Any – Any Ethernet packet type.- Untagged-eth2 – Unta

ACCESS CONTROL LISTS3-69Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any

CONFIGURING THE SWITCH3-70Configuring ACL MasksYou can specify optional masks that control the order in which ACL rules are checked. The switch includ

ACCESS CONTROL LISTS3-71Web – Click Security, ACL, Mask Configuration. Click Edit for one of the basic mask types to open the configuration page.Figur

CONTENTSviiiSystem Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32Device Designation Commands . . . . . . . . .

CONFIGURING THE SWITCH3-72subnet), or “IP” to specify a range of addresses. (Options: Any, Host, IP; Default: Any)• Src/Dst IP Bitmask – Source or des

ACCESS CONTROL LISTS3-73Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or

CONFIGURING THE SWITCH3-74Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header. Command UsageYou must configure a mask

ACCESS CONTROL LISTS3-75Web – Configure the mask to match the required rules in the MAC ingress or egress ACLs. Set the mask to check for any source o

CONFIGURING THE SWITCH3-76CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rule

ACCESS CONTROL LISTS3-77• When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind ope

CONFIGURING THE SWITCH3-78CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2.Filtering Management Access

FILTERING MANAGEMENT ACCESS3-79Command Attributes• Web IP Filter – Configures IP address(es) for the web group.• SNMP IP Filter – Configures IP addres

CONFIGURING THE SWITCH3-80Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the cur

PORT CONFIGURATION3-81Web – Click Port, Port Information or Trunk Information.Figure 3-36. Port Status InformationField Attributes (CLI)Basic informa

CONTENTSixSMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65logging sendmail host . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-82• Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiation. (To access this item on the

PORT CONFIGURATION3-83CLI – This example shows the connection status for Port 5.Console#show interfaces status ethernet 1/5 3-178Information of Eth 1/

CONFIGURING THE SWITCH3-84Configuring Interface ConnectionsYou can use the Port Configuration or Trunk Configuration page to enable/disable an interfa

PORT CONFIGURATION3-85- Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch wh

CONFIGURING THE SWITCH3-86Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure

PORT CONFIGURATION3-87The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP). Static trunks have to be manually

CONFIGURING THE SWITCH3-88Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of differe

PORT CONFIGURATION3-89CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to f

CONFIGURING THE SWITCH3-90• A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than f

PORT CONFIGURATION3-91CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switc

CONTENTSxradius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97radius-server timeout . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-92Note: If the port channel admin key (lacp admin key, page 4-194) is not set (through the CLI) when a channel group is formed

PORT CONFIGURATION3-93Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opti

CONFIGURING THE SWITCH3-94CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports

PORT CONFIGURATION3-95Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.Figure 3-41. D

CONFIGURING THE SWITCH3-96CLI – The following example displays LACP counters for port channel 1.Displaying LACP Settings and Status for the Local Side

PORT CONFIGURATION3-97Admin State,Oper StateAdministrative or operational values of the actor’s state parameters:• Expired – The actor’s receive machi

CONFIGURING THE SWITCH3-98Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-4

PORT CONFIGURATION3-99Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for the

CONFIGURING THE SWITCH3-100Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3

PORT CONFIGURATION3-101Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

CONTENTSxiMAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135access-list mac . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-102Web – Click Port, Port Broadcast Control. Set the threshold any port, click Apply.Figure 3-44. Enabling Port Broadcast Con

PORT CONFIGURATION3-103Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then att

CONFIGURING THE SWITCH3-104Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port

PORT CONFIGURATION3-105Command AttributeRate Limit – Sets the output rate limit for an interface. Default Status – DisabledDefault Rate – 1000 MbpsRan

CONFIGURING THE SWITCH3-106Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like M

PORT CONFIGURATION3-107Received Discarded PacketsThe number of inbound packets which were chosen to be discarded even though no errors had been detect

CONFIGURING THE SWITCH3-108Alignment Errors The number of alignment errors (missynchronized data packets). Late Collisions The number of times that a

PORT CONFIGURATION3-109Internal MAC Receive ErrorsA count of frames for which reception on a particular interface fails due to an internal MAC sublaye

CONFIGURING THE SWITCH3-110Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

PORT CONFIGURATION3-111Figure 3-48. Displaying Etherlike and RMON Statistics

CONTENTSxiiInterface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167interface . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-112CLI – This example shows statistics for port 13.Address Table SettingsSwitches store the addresses for all known devices. T

ADDRESS TABLE SETTINGS3-113Command Attributes• Static Address Counts* – The number of manually configured addresses.• Current Static Address Table – L

CONFIGURING THE SWITCH3-114Displaying the Address TableThe Dynamic Address Table contains the MAC addresses learned by monitoring the source address f

ADDRESS TABLE SETTINGS3-115CLI – This example also displays the address table entries for port 1.Changing the Aging TimeYou can set the aging time for

CONFIGURING THE SWITCH3-116Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, an

SPANNING TREE ALGORITHM CONFIGURATION3-117Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Dat

CONFIGURING THE SWITCH3-118Field Attributes• Spanning Tree State – Shows if the switch is enabled to participate in an STA-compliant network.• Bridge

SPANNING TREE ALGORITHM CONFIGURATION3-119• Configuration Changes – The number of times the Spanning Tree has been reconfigured.• Last Topology Change

CONFIGURING THE SWITCH3-120that would make it return to a discarding state; otherwise, temporary data loops might result.• Root Hold Time – The interv

SPANNING TREE ALGORITHM CONFIGURATION3-121CLI – This command displays global STA settings, followed by settings for each port. Note: The current root

CONTENTSxiiiSpanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-205spanning-tree . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-122• Rapid Spanning Tree ProtocolRSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol mes

SPANNING TREE ALGORITHM CONFIGURATION3-123• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The devic

CONFIGURING THE SWITCH3-124• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning

SPANNING TREE ALGORITHM CONFIGURATION3-125• Maximum Hop Count – The maximum number of hops allowed in the MST region before a BPDU is discarded. (Rang

CONFIGURING THE SWITCH3-126CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters. D

SPANNING TREE ALGORITHM CONFIGURATION3-127The rules defining port status are:- A port on a network segment with no other STA compliant bridging devic

CONFIGURING THE SWITCH3-128• Port Role – Roles are assigned according to whether the port is part of the active topology connecting the bridge to the

SPANNING TREE ALGORITHM CONFIGURATION3-129• Internal path cost – The path cost for the MST. See the proceeding item.• Priority – Defines the priority

CONFIGURING THE SWITCH3-130Web – Click Spanning Tree, STA, Port Information or STA Trunk Information.Figure 3-54. Displaying STA - Port Status Inform

SPANNING TREE ALGORITHM CONFIGURATION3-131Command AttributesThe following attributes are read-only and cannot be changed:• STA State – Displays curren

CONTENTSxivDisplaying VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . 4-242show vlan . . . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-132• Path Cost – This parameter is used by the STP to determine the best path between devices. Therefore, lower values should

SPANNING TREE ALGORITHM CONFIGURATION3-133• Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notifi

CONFIGURING THE SWITCH3-134By default all VLANs are assigned to the Internal Spanning Tree (MST Instance 0) that connects all bridges and LANs within

SPANNING TREE ALGORITHM CONFIGURATION3-135• VLAN ID – VLAN to assign to this selected MST instance. (Range: 1-4094)The other global attributes are des

CONFIGURING THE SWITCH3-136CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 2 3-228

SPANNING TREE ALGORITHM CONFIGURATION3-137CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI.Displaying Interface Settin

CONFIGURING THE SWITCH3-138CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are global

SPANNING TREE ALGORITHM CONFIGURATION3-139Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance usin

CONFIGURING THE SWITCH3-140• MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower values sh

VLAN CONFIGURATION3-141CLI – This example sets the MSTP attributes for port 4. VLAN ConfigurationOverviewIn large networks, routers are used to isolat

CONTENTSxvMulticast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272IGMP Snooping Commands . . . . . . . . . .

CONFIGURING THE SWITCH3-142This switch supports the following VLAN features:• Up to 255 VLANs based on the IEEE 802.1Q standard• Distributed VLAN lear

VLAN CONFIGURATION3-143VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, t

CONFIGURING THE SWITCH3-144Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically

VLAN CONFIGURATION3-145Forwarding Tagged/Untagged FramesIf you want to create a small port-based VLAN for devices attached directly to a single switch

CONFIGURING THE SWITCH3-146Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange V

VLAN CONFIGURATION3-147Web – Click VLAN, 802.1Q VLAN, Basic Information.Figure 3-60. Displaying Basic VLAN InformationCLI – Enter the following comma

CONFIGURING THE SWITCH3-148Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list.Figure 3-61. Displaying VLAN Informa

VLAN CONFIGURATION3-149CLI – Current VLAN information can be displayed with the following command.Creating VLANsUse the VLAN Static List to create or

CONFIGURING THE SWITCH3-150• Remove – Removes a VLAN group from the current list. If any port is assigned to this group as untagged, it will be reassi

VLAN CONFIGURATION3-151Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port members for the selected VLAN index. Ass

xviTABLESTable 1-1. Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Table 1-2. System Defaults . . . . . .

CONFIGURING THE SWITCH3-152• Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk:

VLAN CONFIGURATION3-153CLI – The following example adds tagged and untagged ports to VLAN 2.Adding Static Members to VLANs (Port Index)Use the VLAN St

CONFIGURING THE SWITCH3-154Figure 3-64. Assigning VLAN Port and Trunk GroupsCLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Po

VLAN CONFIGURATION3-155Command Attributes• PVID – VLAN ID assigned to untagged frames received on the interface. (Default: 1)If an interface is not a

CONFIGURING THE SWITCH3-156• GARP Join Timer* – The interval between transmitting requests/queries to participate in a VLAN group. (Range: 20-1000 cen

VLAN CONFIGURATION3-157Web – Click VLAN, 802.1Q VLAN, Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface

CONFIGURING THE SWITCH3-158Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. Da

VLAN CONFIGURATION3-159Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports desi

CONFIGURING THE SWITCH3-160To avoid these problems, you can configure this switch with protocol-based VLANs that divide the physical network into logi

VLAN CONFIGURATION3-161Web – Click VLAN, Protocol VLAN, Configuration. Enter a protocol group ID, frame type and protocol type, then click Apply. Fi

TABLESxviiTable 4-22. RADIUS Client Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-95Table 4-23. TACACS+ Client Commands . . . . . . . .

CONFIGURING THE SWITCH3-162• When a frame enters a port that has been assigned to a protocol VLAN, it is processed in the following manner:- If the f

CLASS OF SERVICE CONFIGURATION3-163CLI – The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1

CONFIGURING THE SWITCH3-164Command Attributes• Default Priority* – The priority that is assigned to untagged frames received on the specified interfac

CLASS OF SERVICE CONFIGURATION3-165Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using ei

CONFIGURING THE SWITCH3-166Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to o

CLASS OF SERVICE CONFIGURATION3-167Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traff

CONFIGURING THE SWITCH3-168Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determine the fr

CLASS OF SERVICE CONFIGURATION3-169CLI – The following example shows how to assign WRR weights to each of the priority queues.Mapping Layer 3/4 Priori

CONFIGURING THE SWITCH3-170Selecting IP Precedence/DSCP PriorityThe switch allows you to choose between using IP Precedence or DSCP priority. Select o

CLASS OF SERVICE CONFIGURATION3-171Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eig

xviiiFIGURESFigure 3-1. Homepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Figure 3-2. Panel Display . . . . . .

CONFIGURING THE SWITCH3-172Web – Click Priority, IP Precedence Priority. Select an entry from the IP Precedence Priority Table, enter a value in the C

CLASS OF SERVICE CONFIGURATION3-173Mapping DSCP PriorityThe DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DS

CONFIGURING THE SWITCH3-174Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service Value fi

CLASS OF SERVICE CONFIGURATION3-175Mapping IP Port PriorityYou can also map network applications to Class of Service values based on the IP port numbe

CONFIGURING THE SWITCH3-176Click Priority, IP Port Priority. Select a port or trunk from the Interface field. Enter the port number for a network appl

CLASS OF SERVICE CONFIGURATION3-177Mapping CoS Values to ACLsUse the ACL CoS Mapping page to set the output queue for packets matching an ACL rule as

CONFIGURING THE SWITCH3-178Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then click Ap

CLASS OF SERVICE CONFIGURATION3-179Command Usage• You must configure an ACL mask before you can change priorities based on a rule.• Traffic priorities

CONFIGURING THE SWITCH3-180Web – Click Priority, ACL Marker. Select a port and an ACL rule. To specify a ToS priority, mark the Precedence/DSCP check

MULTICAST FILTERING3-181Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A mul

FIGURESxixFigure 3-37. Configuring Port Attributes . . . . . . . . . . . . . . . . . . . . . . 3-86Figure 3-38. Static Trunk Configuration . . . . .

CONFIGURING THE SWITCH3-182Layer 2 IGMP (Snooping and Query)IGMP Snooping and Query — If multicast routing is not supported on other switches in your

MULTICAST FILTERING3-183• IGMP Querier — A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast tra

CONFIGURING THE SWITCH3-184• IGMP Version — Sets the protocol version for compatibility with other devices on the network. (Range: 1-2; Default: 2)Not

MULTICAST FILTERING3-185Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use information

CONFIGURING THE SWITCH3-186CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying St

MULTICAST FILTERING3-187CLI – This example configures port 11 as a multicast router port within VLAN 1.Displaying Port Members of Multicast Services Y

CONFIGURING THE SWITCH3-188Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service fro

MULTICAST FILTERING3-189Command Usage• Static multicast addresses are never aged out.• When a multicast address is assigned to an interface in a speci

CONFIGURING THE SWITCH3-190CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on V

CONFIGURING DOMAIN NAME SERVICE3-191• When an incomplete host name is received by the DNS server on this switch and a domain name list has been specif

FIGURESxxFigure 3-74. Setting IP Precedence/DSCP Priority Status . . . . . . . 3-170Figure 3-75. Mapping IP Precedence to Class of Service Values .

CONFIGURING THE SWITCH3-192Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name serv

CONFIGURING DOMAIN NAME SERVICE3-193CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specif

CONFIGURING THE SWITCH3-194Field Attributes• Host Name – Name of a host device that is mapped to one or more IP addresses. (Range: 1-64 characters) •

CONFIGURING DOMAIN NAME SERVICE3-195Displaying the DNS CacheYou can display entries in the DNS cache that have been learned via the designated name se

CONFIGURING THE SWITCH3-196Web – Select DNS, Cache.Figure 3-87. Displaying the DNS CacheCLI - This example displays all the resource records learned

4-1CHAPTER 4COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the CLI

COMMAND LINE INTERFACE4-23. When finished, exit the session with the “quit” or “exit” command.After connecting to the system through the console port,

USING THE COMMAND LINE INTERFACE4-3After you configure the switch with an IP address, you can open a Telnet session by performing these steps:1. From

COMMAND LINE INTERFACE4-4Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords

ENTERING COMMANDS4-5Command CompletionIf you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to th

1-1CHAPTER 1INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to config

COMMAND LINE INTERFACE4-6Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current

ENTERING COMMANDS4-7The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword wi

COMMAND LINE INTERFACE4-8Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display in

ENTERING COMMANDS4-9You can also enter Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged l

COMMAND LINE INTERFACE4-10• Interface Configuration - These commands modify the port configuration such as speed-duplex and negotiation. • Line Config

ENTERING COMMANDS4-11For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mode. C

COMMAND LINE INTERFACE4-12Command GroupsThe system commands can be broken down into the functional groups shown below.Ctrl-R Repeats current command l

COMMAND GROUPS4-13SNMP Activates authentication failure traps; configures community access strings, and trap managers; also configures IP address fil

COMMAND LINE INTERFACE4-14The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configura

LINE COMMANDS4-15lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax line {con

INTRODUCTION1-2Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates th

COMMAND LINE INTERFACE4-16Related Commandsshow line (4-25)show users (4-83)loginThis command enables password checking at login. Use the no form to di

LINE COMMANDS4-17• This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication s

COMMAND LINE INTERFACE4-18• The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when re

LINE COMMANDS4-19Example To set the timeout to two minutes, enter this command:password-threshThis command sets the password intrusion threshold which

COMMAND LINE INTERFACE4-20Related Commandssilent-time (4-20)silent-timeThis command sets the amount of time the management console is inaccessible aft

LINE COMMANDS4-21databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use the no fo

COMMAND LINE INTERFACE4-22parityThis command defines the generation of a parity bit. Use the no form to restore the default setting.Syntax parity {non

LINE COMMANDS4-23speedThis command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) s

COMMAND LINE INTERFACE4-24stopbitsThis command sets the number of the stop bits transmitted per byte. Use the no form to restore the default setting.S

LINE COMMANDS4-25Example Related Commandsshow ssh (4-55)show users (4-83)show lineThis command displays the terminal line’s parameters.Syntax show lin

DESCRIPTION OF SOFTWARE FEATURES1-3Authentication – This switch authenticates management access via the console port, Telnet or web browser. User name

COMMAND LINE INTERFACE4-26General CommandsenableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, an

GENERAL COMMANDS4-27Command ModeNormal ExecCommand Usage • “super” is the default password required to change the command mode from Normal Exec to Pri

COMMAND LINE INTERFACE4-28Example Related Commands enable (4-26)configureThis command activates Global Configuration mode. You must enter this mode to

GENERAL COMMANDS4-29Command Mode Normal Exec, Privileged ExecCommand Usage The history buffer size is fixed at 10 Execution commands and 10 Configurat

COMMAND LINE INTERFACE4-30Default Setting NoneCommand Mode Privileged ExecCommand Usage This command resets the entire system.Example This example sho

GENERAL COMMANDS4-31exitThis command returns to the previous configuration mode or exit the configuration program.Default Setting NoneCommand Mode Any

COMMAND LINE INTERFACE4-32This example shows how to quit a CLI session:System Management CommandsThese commands are used to control system logs, passw

SYSTEM MANAGEMENT COMMANDS4-33Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.S

COMMAND LINE INTERFACE4-34hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default host name.S

SYSTEM MANAGEMENT COMMANDS4-35usernameThis command adds named users, requires authentication at login, specifies or changes a user's password (or

INTRODUCTION1-4Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer o

COMMAND LINE INTERFACE4-36Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encryp

SYSTEM MANAGEMENT COMMANDS4-37Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal

COMMAND LINE INTERFACE4-38managementThis command specifies the client IP addresses that are allowed management access to the switch through various pr

SYSTEM MANAGEMENT COMMANDS4-39• You cannot delete an individual address from a specified range. You must delete the entire range, and reenter the addr

COMMAND LINE INTERFACE4-40ExampleWeb Server CommandsConsole#show management all-clientManagement Ip Filter Http-Client: Start ip address End ip

SYSTEM MANAGEMENT COMMANDS4-41ip http portThis command specifies the TCP port number used by the Web browser interface. Use the no form to use the def

COMMAND LINE INTERFACE4-42ExampleRelated Commandsip http port (4-41)copy tftp https-certificate (4-86)ip http secure-serverThis command enables the se

SYSTEM MANAGEMENT COMMANDS4-43• When you start HTTPS, the connection is established in this way:- The client authenticates the server using the server

COMMAND LINE INTERFACE4-44ip http secure-portThis command specifies the UDP port number used for HTTPS/SSL connection to the switch’s Web interface. U

SYSTEM MANAGEMENT COMMANDS4-45Secure Shell CommandsThe Berkley-standard includes remote access tools originally designed for Unix systems. Some of the

DESCRIPTION OF SOFTWARE FEATURES1-5To avoid dropping frames on congested ports, the switch provides 1 MB for frame buffering. This buffer can queue pa

COMMAND LINE INTERFACE4-46The SSH server on this switch supports both password and public key authentication. If password authentication is specified

SYSTEM MANAGEMENT COMMANDS4-472. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the ini

COMMAND LINE INTERFACE4-489. If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the c

SYSTEM MANAGEMENT COMMANDS4-49Example Related Commandsip ssh crypto host-key generate (4-52)show ssh (4-55)ip ssh timeoutUse this command to configure

COMMAND LINE INTERFACE4-50Related Commandsexec-timeout (4-18)show ip ssh (4-54)ip ssh authentication-retriesUse this command to configure the number o

SYSTEM MANAGEMENT COMMANDS4-51ip ssh server-key sizeUse this command to set the SSH server key size. Use the no form to restore the default setting.Sy

COMMAND LINE INTERFACE4-52Command Mode Privileged ExecExample ip ssh crypto host-key generateUse this command to generate the host key pair (i.e., pub

SYSTEM MANAGEMENT COMMANDS4-53Related Commandsip ssh crypto zeroize (4-53)ip ssh save host-key (4-54)ip ssh crypto zeroizeUse this command to clear th

COMMAND LINE INTERFACE4-54ip ssh save host-keyUse this command to save host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa]• dsa

SYSTEM MANAGEMENT COMMANDS4-55show sshUse this command to display the current SSH server connections.Command Mode Privileged ExecExample Console#show

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100/1000Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsApril

INTRODUCTION1-6Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain

COMMAND LINE INTERFACE4-56show public-keyUse this command to show the public key for the specified user or for the host.Syntax show public-key [user [

SYSTEM MANAGEMENT COMMANDS4-57Default Setting Shows all public keys.Command Mode Privileged ExecCommand Usage • If no parameters are entered, all keys

COMMAND LINE INTERFACE4-58Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to switch

SYSTEM MANAGEMENT COMMANDS4-59Example Related Commandslogging history (4-59)clear logging (4-62)logging historyThis command limits syslog messages sav

COMMAND LINE INTERFACE4-60Default Setting Flash: errors (level 3 - 0)RAM: warnings (level 7 - 0)Command Mode Global ConfigurationCommand Usage The mes

SYSTEM MANAGEMENT COMMANDS4-61Command Usage • By using this command more than once you can build up a list of host IP addresses.• The maximum number o

COMMAND LINE INTERFACE4-62logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to a

SYSTEM MANAGEMENT COMMANDS4-63Command Mode Privileged ExecExample Related Commandsshow logging (4-63)show loggingThis command displays the logging con

COMMAND LINE INTERFACE4-64 The following example displays settings for the trap function.Console#show logging flashSyslog logging: EnableHistory loggi

SYSTEM MANAGEMENT COMMANDS4-65Related Commandsshow logging sendmail (4-69)SMTP Alert CommandsConfigures SMTP event handling, and forwarding of alert m

SYSTEM DEFAULTS1-7System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch

COMMAND LINE INTERFACE4-66logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP

SYSTEM MANAGEMENT COMMANDS4-67logging sendmail levelThis command sets the severity threshold used to trigger alert messages.Syntaxlogging sendmail lev

COMMAND LINE INTERFACE4-68Default Setting None Command Mode Global ConfigurationCommand Usage You may use an symbolic email address that identifies th

SYSTEM MANAGEMENT COMMANDS4-69Examplelogging sendmailThis command enables SMTP event handling. Use the no form to disable this function.Syntax[no] log

COMMAND LINE INTERFACE4-70ExampleTime CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP), or by

SYSTEM MANAGEMENT COMMANDS4-71sntp serverThis command sets the IP address of the servers to which SNTP time requests are issued. Use the this command

COMMAND LINE INTERFACE4-72sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no

SYSTEM MANAGEMENT COMMANDS4-73Default Setting DisabledCommand Mode Global ConfigurationCommand Usage • The time acquired from time servers is used to

COMMAND LINE INTERFACE4-74sntp broadcast clientThis command synchronizes the switch’s clock based on time broadcast from time servers (using the multi

SYSTEM MANAGEMENT COMMANDS4-75clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours minu

INTRODUCTION1-8Port ConfigurationAdmin Status EnabledAuto-negotiation EnabledFlow Control DisabledPort Capability 1000BASE-T –(10 Mbps half duplex)(10

COMMAND LINE INTERFACE4-76calendar setThis command sets the system clock. It may be used if there is no time server on your network, or if you have no

SYSTEM MANAGEMENT COMMANDS4-77Example System Status Commandsshow startup-configThis command displays the configuration file stored in non-volatile mem

COMMAND LINE INTERFACE4-78Command Usage • Use this command in conjunction with the show running-config command to compare the information in running m

SYSTEM MANAGEMENT COMMANDS4-79Example Related Commandsshow running-config (4-80)Console#show startup-configbuilding startup-config, please wait...!

COMMAND LINE INTERFACE4-80show running-configThis command displays the configuration information currently in use.Default Setting NoneCommand Mode Pri

SYSTEM MANAGEMENT COMMANDS4-81Example Related Commandsshow startup-config (4-77)Console#show running-configbuilding running-config, please wait...!!

COMMAND LINE INTERFACE4-82show systemThis command displays system information.Default Setting NoneCommand Mode Normal Exec, Privileged ExecCommand Usa

SYSTEM MANAGEMENT COMMANDS4-83show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.

COMMAND LINE INTERFACE4-84Command Usage See “Displaying Switch Hardware/Software Versions” on page 3-14 for detailed information on the items displaye

FLASH/FILE COMMANDS4-85Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames u

SYSTEM DEFAULTS1-9Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mode (Egress Mode)Hybrid: tagged/unta

COMMAND LINE INTERFACE4-86copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP

FLASH/FILE COMMANDS4-87Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not conta

COMMAND LINE INTERFACE4-88Example The following example shows how to upload the configuration settings to a file on the TFTP server:The following exam

FLASH/FILE COMMANDS4-89This example shows how to copy a secure-site certificate from an TFTP server. It then reboots the switch to activate the certif

COMMAND LINE INTERFACE4-90Command Mode Privileged ExecCommand Usage • If the file type is used for system startup, then this file cannot be deleted. •

FLASH/FILE COMMANDS4-91Command Mode Privileged ExecCommand Usage • If you enter the command dir without any parameters, the system displays all files.

COMMAND LINE INTERFACE4-92ExampleThis example shows the information displayed by the whichboot command. See the table under the dir command for a desc

AUTHENTICATION COMMANDS4-93ExampleRelated Commandsdir (4-90)whichboot (4-91) Authentication Commands You can configure this switch to authenticate use

COMMAND LINE INTERFACE4-94authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the defa

AUTHENTICATION COMMANDS4-95Example Related Commandsusername - for setting the local user names and passwords (4-35)RADIUS ClientRemote Authentication

INTRODUCTION1-10

COMMAND LINE INTERFACE4-96Default Setting 10.1.0.1Command Mode Global ConfigurationExample radius-server portThis command sets the RADIUS server netwo

AUTHENTICATION COMMANDS4-97radius-server keyThis command sets the RADIUS encryption key. Use the no form to restore the default.Syntax radius-server k

COMMAND LINE INTERFACE4-98Command Mode Global ConfigurationExample radius-server timeoutThis command sets the interval between transmitting authentica

AUTHENTICATION COMMANDS4-99Example TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that us

COMMAND LINE INTERFACE4-100Command Mode Global ConfigurationExample tacacs-server portThis command specifies the TACACS+ server network port. Use the

AUTHENTICATION COMMANDS4-101tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to restore the default.Syntax tacacs-server

COMMAND LINE INTERFACE4-102Port Security CommandsThese commands can be used to disable the learning function or manually specify secure addresses for

AUTHENTICATION COMMANDS4-103Default Setting Status: DisabledAction: NoneMaximum Addresses: 0Command Mode Interface Configuration (Ethernet)Command Usa

COMMAND LINE INTERFACE4-104Example The following example enables port security for port 5, and sets the response to a security violation to issue a tr

AUTHENTICATION COMMANDS4-105authentication dot1x defaultThis command sets the default authentication server type. Use the no form to restore the defau

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

COMMAND LINE INTERFACE4-106dot1x defaultThis command sets all configurable dot1x global and port settings to their default values.Syntaxdot1x defaultC

AUTHENTICATION COMMANDS4-107dot1x port-controlThis command sets the dot1x mode on a port interface. Use the no form to restore the default.Syntaxdot1x

COMMAND LINE INTERFACE4-108dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the

AUTHENTICATION COMMANDS4-109Command ModePrivileged ExecExampledot1x re-authenticationThis command enables periodic re-authentication globally for all

COMMAND LINE INTERFACE4-110Command ModeGlobal ConfigurationExampledot1x timeout re-authperiodThis command sets the time period after which a connected

AUTHENTICATION COMMANDS4-111Default30 secondsCommand ModeGlobal ConfigurationExampleshow dot1xThis command shows general port authentication related s

COMMAND LINE INTERFACE4-112• 802.1X Port Summary – Displays the port access control parameters for each interface, including the following items:- Sta

AUTHENTICATION COMMANDS4-113ExampleConsole#show dot1xGlobal 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period:

COMMAND LINE INTERFACE4-114Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

ACCESS CONTROL LIST COMMANDS4-115The following restrictions apply to ACLs:• This switch supports ACLs for both ingress and egress filtering. However,

INITIAL CONFIGURATION2-2The switch’s Web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

COMMAND LINE INTERFACE4-1166. Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports.7. If no explicit rule is matched, the i

ACCESS CONTROL LIST COMMANDS4-117permit, deny Filters packets meeting the specified criteria, including source and destination IP address, TCP/UDP por

COMMAND LINE INTERFACE4-118access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the

ACCESS CONTROL LIST COMMANDS4-119Related Commandspermit, deny 4-119ip access-group (4-129)show ip access-list (4-123)permit, deny (Standard ACL) This

COMMAND LINE INTERFACE4-120Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 1

ACCESS CONTROL LIST COMMANDS4-121• address-bitmask – Decimal number representing the address bits to match.• host – Keyword followed by a specific IP

COMMAND LINE INTERFACE4-122• The control-code bitmask is a decimal number (representing an equivalent bit mask) that is applied to the control code. E

ACCESS CONTROL LIST COMMANDS4-123Related Commandsaccess-list ip (4-118)show ip access-list This command displays the rules for configured IP ACLs.Synt

COMMAND LINE INTERFACE4-124Default SettingDefault system mask: Filter inbound packets according to specified IP ACLs.Command ModeGlobal ConfigurationC

ACCESS CONTROL LIST COMMANDS4-125mask (IP ACL)This command defines a mask for IP ACLs. This mask defines the fields to check in the IP header. Use the

CONNECTING TO THE SWITCH2-3To connect a terminal to the console port, complete the following steps: 1. Connect the console cable to the serial port on

COMMAND LINE INTERFACE4-126Command Usage• Packets crossing a port are checked against all the rules in the ACL until a match is found. The order in wh

ACCESS CONTROL LIST COMMANDS4-127This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit

COMMAND LINE INTERFACE4-128This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets.

ACCESS CONTROL LIST COMMANDS4-129Command ModePrivileged ExecExample Related Commandsmask (IP ACL) (4-125)ip access-group This command binds a port to

COMMAND LINE INTERFACE4-130Example Related Commandsshow ip access-list (4-123)show ip access-groupThis command shows the ports assigned to IP ACLs.Com

ACCESS CONTROL LIST COMMANDS4-131Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command Usage• You must configure an ACL mask before

COMMAND LINE INTERFACE4-132show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value dete

ACCESS CONTROL LIST COMMANDS4-133match access-list ip This command changes the IEEE 802.1p priority, IP Precedence, or DSCP Priority of a frame matchi

COMMAND LINE INTERFACE4-134Example Related Commands show marking (4-134)show marking This command displays the current configuration for packet markin

ACCESS CONTROL LIST COMMANDS4-135MAC ACLs Table 4-28. MAC ACL CommandsCommand Function Mode Pageaccess-list mac Creates a MAC ACL and enters configur

INITIAL CONFIGURATION2-4Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a v

COMMAND LINE INTERFACE4-136access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the sp

ACCESS CONTROL LIST COMMANDS4-137permit, deny (MAC ACL)This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source

COMMAND LINE INTERFACE4-138•vid-bitmask* – VLAN bitmask. (Range: 1-4095)• protocol – A specific Ethernet protocol number. (Range: 600-fff hex.)• proto

ACCESS CONTROL LIST COMMANDS4-139show mac access-list This command displays the rules for configured MAC ACLs.Syntaxshow mac access-list [acl_name]acl

COMMAND LINE INTERFACE4-140Command Usage• You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorit

ACCESS CONTROL LIST COMMANDS4-141• vid-bitmask – VLAN ID of rule must match this bitmask.• ethertype – Check the Ethernet type field.• ethertype-bitma

COMMAND LINE INTERFACE4-142ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the ru

ACCESS CONTROL LIST COMMANDS4-143This example creates an Egress MAC ACL.show access-list mac mask-precedence This command shows the ingress or egress

COMMAND LINE INTERFACE4-144Related Commandsmask (MAC ACL) (4-140)mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the

ACCESS CONTROL LIST COMMANDS4-145show mac access-groupThis command shows the ports assigned to MAC ACLs.Command ModePrivileged ExecExample Related Com

BASIC CONFIGURATION2-5Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each l

COMMAND LINE INTERFACE4-146Command Usage• You must configure an ACL mask before you can map CoS values to the rule.• A packet matching a rule within t

ACCESS CONTROL LIST COMMANDS4-147Example Related Commandsmap access-list mac (4-145)match access-list mac This command changes the IEEE 802.1p priorit

COMMAND LINE INTERFACE4-148Related Commands show marking (4-134)ACL Informationshow access-listThis command shows all ACLs and associated rules, as we

SNMP COMMANDS4-149show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample SNMP CommandsControl access

COMMAND LINE INTERFACE4-150snmp communityThis command defines the community access string for the Simple Network Management Protocol. Use the no form

SNMP COMMANDS4-151snmp contactThis command sets the system contact string. Use the no form to remove the system contact information.Syntax snmp contac

COMMAND LINE INTERFACE4-152Command Mode Global ConfigurationExample Related Commandssnmp contact (4-151)snmp host This command specifies the recipient

SNMP COMMANDS4-153Command Usage • If you do not enter an snmp host command, no notifications are sent. In order to configure the switch to send SNMP n

COMMAND LINE INTERFACE4-154snmp enable trapsThis command enables this device to send Simple Network Management Protocol traps (SNMP notifications). Us

SNMP COMMANDS4-155Related Commandssnmp host (4-152)show snmpThis command checks the status of SNMP communications.Default Setting NoneCommand Mode Nor

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

INITIAL CONFIGURATION2-6Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter

COMMAND LINE INTERFACE4-156ExampleConsole#show snmpSystem Contact: PaulSystem Location: WC-19SNMP traps: Authentication: enable Link-up-down: enable

DNS COMMANDS4-157DNS CommandsThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS d

COMMAND LINE INTERFACE4-158ip hostThis command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form to remo

DNS COMMANDS4-159clear hostThis command deletes entries from the DNS table.Syntaxclear host {name | *}• name - Name of the host. (Range: 1-64 characte

COMMAND LINE INTERFACE4-160Command Mode Global ConfigurationExampleRelated Commands ip domain-list (4-160)ip name-server (4-162)ip domain-lookup (4-16

DNS COMMANDS4-161Command Usage • Domain names are added to the end of the list one at a time. • When an incomplete host name is received by the DNS se

COMMAND LINE INTERFACE4-162ip name-serverThis command specifies the address of one or more domain name servers to use for name-to-address resolution.

DNS COMMANDS4-163Related Commands ip domain-name (4-159)ip domain-lookup (4-163)ip domain-lookupThis command enables DNS host name-to-address translat

COMMAND LINE INTERFACE4-164Related Commands ip domain-name (4-159)ip name-server (4-162)show hostsThis command displays the static host name-to-addres

DNS COMMANDS4-165show dnsThis command displays the configuration of the DNS server.Command Mode Privileged ExecExampleshow dns cacheThis command displ

BASIC CONFIGURATION2-7Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:• I

COMMAND LINE INTERFACE4-166clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleField DescriptionNO The

DNS COMMANDS4-167

COMMAND LINE INTERFACE4-167Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link,

INTERFACE COMMANDS4-168interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a trunk.Sy

COMMAND LINE INTERFACE4-169Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel)Example The following example adds a descr

INTERFACE COMMANDS4-170Command Usage• To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation comm

COMMAND LINE INTERFACE4-171Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabi

INTERFACE COMMANDS4-172capabilitiesThis command advertises the port capabilities of a given interface during autonegotiation. Use the no form with par

COMMAND LINE INTERFACE4-173Example The following example configures Ethernet port 5 capabilities to 100half, 100full and flow control.Related Commands

INTERFACE COMMANDS4-174• When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities co

INITIAL CONFIGURATION2-8If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service

COMMAND LINE INTERFACE4-175Default Setting sfp-preferred-autoCommand Mode Interface Configuration (Ethernet)ExampleThis forces the switch to use the b

INTERFACE COMMANDS4-176switchport broadcast packet-rateThis command configures broadcast storm control. Use the no form to disable broadcast storm con

COMMAND LINE INTERFACE4-177clear countersThis command clears statistics on an interface.Syntax clear counters interfaceinterface • ethernet unit/port-

INTERFACE COMMANDS4-178show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]• interface -

COMMAND LINE INTERFACE4-179Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]• in

INTERFACE COMMANDS4-180Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, information on all interfaces is displayed

COMMAND LINE INTERFACE4-181show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Synta

INTERFACE COMMANDS4-182Field DescriptionBroadcast threshold Shows if broadcast storm suppression is enabled or disabled; if enabled it also shows the

COMMAND LINE INTERFACE4-183Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port.port monitorThis comma

MIRROR PORT COMMANDS4-184Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach

BASIC CONFIGURATION2-96. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press &l

COMMAND LINE INTERFACE4-185Command Usage This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX,

RATE LIMIT COMMANDS4-186rate-limitThis command defines the rate limit for a specific interface. Use this command without specifying a rate to restore

COMMAND LINE INTERFACE4-187Link Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of

LINK AGGREGATION COMMANDS4-188Guidelines for Creating TrunksGeneral Guidelines• Finish configuring port trunks before you connect the corresponding ne

COMMAND LINE INTERFACE4-189channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk.Syntax channel-group chann

LINK AGGREGATION COMMANDS4-190lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

COMMAND LINE INTERFACE4-191ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of

LINK AGGREGATION COMMANDS4-192lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default s

COMMAND LINE INTERFACE4-193lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to restor

LINK AGGREGATION COMMANDS4-194Examplelacp admin-key (Port Channel)This command configures a port channel's LACP administration key string. Use th

INITIAL CONFIGURATION2-10The default strings are:• public - with read-only access. Authorized management stations are only able to retrieve MIB object

COMMAND LINE INTERFACE4-195Examplelacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax

LINK AGGREGATION COMMANDS4-196Example show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors

COMMAND LINE INTERFACE4-197Field DescriptionLACPDUs Sent Number of valid LACPDUs transmitted from this channel group.LACPDUs Received Number of valid

LINK AGGREGATION COMMANDS4-198LACPDUs InternalNumber of seconds before invalidating received LACPDU information.LACP System PriorityLACP system priori

COMMAND LINE INTERFACE4-199Console#show lacp 1 neighborsChannel group 1 neighbors-------------------------------------------------------------------Et

ADDRESS TABLE COMMANDS4-200Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

COMMAND LINE INTERFACE4-201mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an ad

ADDRESS TABLE COMMANDS4-202Example clear mac-address-table dynamicThis command removes any learned entries from the forwarding database and clears the

COMMAND LINE INTERFACE4-203Default Setting NoneCommand Mode Privileged ExecCommand Usage • The MAC Address Table contains the MAC addresses associated

ADDRESS TABLE COMMANDS4-204Default Setting 300 secondsCommand Mode Global ConfigurationCommand Usage The aging time is used to age out dynamically lea

BASIC CONFIGURATION2-11Trap ReceiversYou can also specify SNMP stations that are to receive traps from the switch.To configure a trap receiver, comple

COMMAND LINE INTERFACE4-205Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swit

SPANNING TREE COMMANDS4-206spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax

COMMAND LINE INTERFACE4-207Command Mode Global ConfigurationCommand Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network

SPANNING TREE COMMANDS4-208Command Usage • Spanning Tree ProtocolUses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates o

COMMAND LINE INTERFACE4-209Example The following example configures the switch to use Rapid Spanning Tree.spanning-tree forward-timeThis command confi

SPANNING TREE COMMANDS4-210spanning-tree hello-timeThis command configures the spanning tree bridge hello time globally for this switch. Use the no fo

COMMAND LINE INTERFACE4-211Command Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) a device can wait without re

SPANNING TREE COMMANDS4-212Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the hig

COMMAND LINE INTERFACE4-213Example spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutiv

SPANNING TREE COMMANDS4-214Command Mode Global ConfigurationExample Related Commands mst vlan (4 -214)mst priority (4 -215)name (4 -216)revision (4 -2

INITIAL CONFIGURATION2-12Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, W

COMMAND LINE INTERFACE4-215Command Usage • Use this command to group VLANs into spanning tree instances. MSTP generates a unique spanning tree for eac

SPANNING TREE COMMANDS4-216Default Setting 32768Command Mode MST ConfigurationCommand Usage • MST priority is used in selecting the root bridge and al

COMMAND LINE INTERFACE4-217Command Usage The MST region name and revision number (page 4-217) are used to designate a unique MST region. A bridge (i.e

SPANNING TREE COMMANDS4-218Example Related Commandsname (4 -216)max-hopsThis command configures the maximum number of hops in the region before a BPDU

COMMAND LINE INTERFACE4-219spanning-tree spanning-disabledThis command disables the spanning tree algorithm for the specified interface. Use the no fo

SPANNING TREE COMMANDS4-220Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex: 2

COMMAND LINE INTERFACE4-221Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the priority for the use

SPANNING TREE COMMANDS4-222Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN

COMMAND LINE INTERFACE4-223Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, por

SPANNING TREE COMMANDS4-224Default Setting autoCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Specify a point-to-point l

MANAGING SYSTEM FILES2-13Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings

COMMAND LINE INTERFACE4-225Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex: 2

SPANNING TREE COMMANDS4-226spanning-tree mst port-priorityThis command configures the interface priority on a spanning instance in the Multiple Spanni

COMMAND LINE INTERFACE4-227spanning-tree protocol-migrationThis command re-checks the appropriate BPDU format to send on the selected interface. Synta

SPANNING TREE COMMANDS4-228show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the mul

COMMAND LINE INTERFACE4-229ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------Sp

SPANNING TREE COMMANDS4-230show spanning-tree mst configurationThis command shows the multiple spanning tree configuration.Syntax show spanning-tree m

COMMAND LINE INTERFACE4-231VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong

VLAN COMMANDS4-232vlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.Default Setting NoneComm

COMMAND LINE INTERFACE4-233vlanThis command configures a VLAN. Use the no form to restore the default settings or delete a VLAN.Syntax vlan vlan-id [n

VLAN COMMANDS4-234Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.Related Commands show vl

INITIAL CONFIGURATION2-14

COMMAND LINE INTERFACE4-235interface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLAN parameters for a

VLAN COMMANDS4-236switchport modeThis command configures the VLAN membership mode for a port. Use the no form to restore the default.Syntax switchport

COMMAND LINE INTERFACE4-237switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore

VLAN COMMANDS4-238switchport ingress-filtering This command enables ingress filtering for an interface. Use the no form to restore the default.Syntax

COMMAND LINE INTERFACE4-239switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the d

VLAN COMMANDS4-240switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

COMMAND LINE INTERFACE4-241• If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed f

VLAN COMMANDS4-242Example The following example shows how to prevent port 1 from being added to VLAN 3.Displaying VLAN Informationshow vlanThis comman

COMMAND LINE INTERFACE4-243Example The following example shows how to display information for VLAN 1.Configuring Protocol-based VLANsThe network devic

VLAN COMMANDS4-244To configure protocol-based VLANs, follow these steps:1. First configure VLAN groups for the protocols you want to use (page -233).

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the sw

COMMAND LINE INTERFACE4-245Example The following creates protocol group 1, and specifies Ethernet frames with IP and ARP protocol types.protocol-vlan

VLAN COMMANDS4-246• When a frame enters a port that has been assigned to a protocol VLAN, it is processed in the following manner:- If the frame is ta

COMMAND LINE INTERFACE4-247Example This shows protocol group 1 configured for IP over Ethernet.show interfaces protocol-vlan protocol-groupThis comman

VLAN COMMANDS4-248Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. This sectio

COMMAND LINE INTERFACE4-249• Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN.E

GVRP AND BRIDGE EXTENSION COMMANDS4-250GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN i

COMMAND LINE INTERFACE4-251Command Mode Global ConfigurationCommand Usage GVRP defines a way for switches to exchange VLAN information in order to reg

GVRP AND BRIDGE EXTENSION COMMANDS4-252switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpD

COMMAND LINE INTERFACE4-253Example garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the time

GVRP AND BRIDGE EXTENSION COMMANDS4-254• Timer values are applied to GVRP for all the ports on all VLANs. • Timer values must meet the following restr

iLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

CONFIGURING THE SWITCH3-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is

COMMAND LINE INTERFACE4-255Example Related Commandsgarp timer (4 -253)Priority CommandsThe commands described in this section allow you to specify whi

PRIORITY COMMANDS4-256Priority Commands (Layer 2)switchport priority defaultThis command sets a priority for incoming untagged frames. Use the no form

COMMAND LINE INTERFACE4-257Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Port

PRIORITY COMMANDS4-258queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) prior

COMMAND LINE INTERFACE4-259queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues

PRIORITY COMMANDS4-260queue cos-mapThis command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 7). Use

COMMAND LINE INTERFACE4-261Example The following example shows how to change the CoS assignments to a one-to-one mapping. Related Commands show queue

PRIORITY COMMANDS4-262show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues.Defa

COMMAND LINE INTERFACE4-263Default Setting NoneCommand Mode Privileged ExecExample Priority Commands (Layer 3 and 4) Console#show queue cos-map ethern

PRIORITY COMMANDS4-264map ip port (Global Configuration)Use this command to enable IP port mapping (i.e., class of service mapping for TCP/UDP sockets

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and pa

COMMAND LINE INTERFACE4-265Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priorit

PRIORITY COMMANDS4-266Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configuration)This

COMMAND LINE INTERFACE4-267Example The following example shows how to map IP precedence value 1 to CoS value 0:map ip dscp (Global Configuration)This

PRIORITY COMMANDS4-268map ip dscp (Interface Configuration)This command sets IP DSCP priority (i.e., Differentiated Services Code Point priority). Use

COMMAND LINE INTERFACE4-269Example The following example shows how to map IP DSCP value 1 to CoS value 0.show map ip portUse this command to show the

PRIORITY COMMANDS4-270Related Commands map ip port (Global Configuration) (4 -264)map ip port (Interface Configuration) (4 -264) show map ip precedenc

COMMAND LINE INTERFACE4-271Related Commands map ip precedence (Global Configuration) (4 -265)map ip precedence (Interface Configuration) (4 -266) show

MULTICAST FILTERING COMMANDS4-272Related Commands map ip dscp (Global Configuration) (4 -267)map ip dscp (Interface Configuration) (4 -268)Multicast F

COMMAND LINE INTERFACE4-273ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp snoopi

MULTICAST FILTERING COMMANDS4-274ip igmp snooping vlan staticThis command adds a port to a multicast group. Use the no form to remove the port.Syntax

CONFIGURING THE SWITCH3-4Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made

COMMAND LINE INTERFACE4-275ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Syntax ip

MULTICAST FILTERING COMMANDS4-276show ip igmp snoopingThis command shows the IGMP snooping configuration.Default Setting NoneCommand Mode Privileged E

COMMAND LINE INTERFACE4-277Default Setting NoneCommand Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on sel

MULTICAST FILTERING COMMANDS4-278ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form to disable it.Syntax [no]

COMMAND LINE INTERFACE4-279Command Mode Global ConfigurationCommand Usage The query count defines how long the querier waits for a response from a mul

MULTICAST FILTERING COMMANDS4-280Command Mode Global ConfigurationExample The following shows how to configure the query interval to 100 seconds.ip ig

COMMAND LINE INTERFACE4-281Example The following shows how to configure the maximum response time to 20 seconds.Related Commands ip igmp snooping vers

MULTICAST FILTERING COMMANDS4-282Related Commands ip igmp snooping version (4 -275)Static Multicast Routing Commandsip igmp snooping vlan mrouterThis

COMMAND LINE INTERFACE4-283Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. There

IP INTERFACE COMMANDS4-284Example The following shows that port 11 in VLAN 1 is attached to a multicast router.IP Interface CommandsThere are no IP ad

NAVIGATING THE WEB BROWSER INTERFACE3-5Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all

COMMAND LINE INTERFACE4-285ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the defau

IP INTERFACE COMMANDS4-286Note: Before you can change the IP address, you must first clear the current address with the no form of this command.Exampl

COMMAND LINE INTERFACE4-287Example In the following example, the device is reassigned the same address.Related Commands ip address (4 -285)ip default-

IP INTERFACE COMMANDS4-288Related Commands show ip redirects (4 -288)show ip interfaceThis command displays the settings of an IP interface.Default Se

COMMAND LINE INTERFACE4-289Related Commands If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provi

IP INTERFACE COMMANDS4-290Example Related Commands interface (4 -168)Console#ping 10.1.0.9Type ESC to abort.PING to 10.1.0.9, by 5 32-byte payload ICM

COMMAND LINE INTERFACE4-291

A-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port SecurityAccess Control Lists

SOFTWARE SPECIFICATIONSA-2Port MirroringMultiple source ports, one destination portRate LimitsInput LimitOutput limitRange (configured per port)Port T

SOFTWARE SPECIFICATIONSA-3Management FeaturesIn-Band ManagementTelnet, Web-based HTTP or HTTPS, SNMP manager, or Secure ShellOut-of-Band ManagementRS-

CONFIGURING THE SWITCH3-6SSH 3-41Settings Configures Secure Shell server settings 3-46Host-Key Settings Generates the host key pair (public and privat

SOFTWARE SPECIFICATIONSA-4HTTPSICMP (RFC 792)IGMP (RFC 1112)IGMPv2 (RFC 2236)RADIUS+ (RFC 2618)RMON (RFC 1757 groups 1,2,3,9)SNTP (RFC 2030)SNMP (RFC

B-1APPENDIX BTROUBLESHOOTINGTable B-1. Troubleshooting ChartSymptom ActionCannot connect using Telnet, Web browser, or SNMP software• Ensure that you

TROUBLESHOOTINGB-2

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GLOSSARYGlossary-2Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to verify the netw

GLOSSARYGlossary-3IEEE 802.1QVLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to differ

GLOSSARYGlossary-4IGMP QueryOn each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on

GLOSSARYGlossary-5Link AggregationSee Port Trunk. Link Aggregation Control Protocol (LACP)Allows ports to automatically negotiate a trunked link with

GLOSSARYGlossary-6Port TrunkDefines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that

GLOSSARYGlossary-7Simple Network Management Protocol (SNMP)The application protocol in the Internet suite of protocols which offers network management

NAVIGATING THE WEB BROWSER INTERFACE3-7LACP 3-89Configuration Allows ports to dynamically join trunks 3-89Aggregation Port Configures system priority,

GLOSSARYGlossary-8User Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

Index-1Numerics802.1x, port authentication 4-104Aacceptable frame type 3-155, 4-237Access Control List See ACLACLExtended IP 3-62, 4-114, 4-116, 4-12

INDEXIndex-2Eedge port, STA 3-129, 3-132, 4-221event logging 4-58Ffirmwaredisplaying version 3-14, 4-83upgrading 3-22, 4-86GGARP VLAN Registration Pro

INDEXIndex-3multicast groups 3-187, 4-276displaying 4-276static 3-187, 4-274, 4-276multicast servicesconfiguring 3-188, 4-274displaying 3-187, 4-276mu

INDEXIndex-4interface settings 3-126, 3-137, 3-139, 4-219–4-227, 4-228link type 3-129, 3-132, 4-223path cost 3-118, 3-128, 4-219path cost method 3-124

38 TeslaIrvine, CA 92618Phone: (949) 679-8000FOR TECHNICAL SUPPORT, CALL:From U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOU; Phn: (

CONFIGURING THE SWITCH3-8Address Aging Sets timeout for dynamically learned entries 3-115Spanning Tree 3-116STAInformation Displays STA values used f

NAVIGATING THE WEB BROWSER INTERFACE3-9VLAN 3-141802.1Q VLANGVRP Status Enables GVRP VLAN registration protocol3-146Basic Information Displays informa

CONFIGURING THE SWITCH3-10Traffic Classes Status Enables/disables traffic class priorities (not implemented)NAQueue Mode Sets queue mode to strict pri

NAVIGATING THE WEB BROWSER INTERFACE3-11IP Multicast Registration Table Displays all multicast groups active on this switch, including multicast IP ad

LIMITED WARRANTYiiWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT O

CONFIGURING THE SWITCH3-12Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location a

BASIC CONFIGURATION3-13Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator

CONFIGURING THE SWITCH3-14Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers fo

BASIC CONFIGURATION3-15Web – Click System, Switch Information.Figure 3-4. Switch InformationCLI – Use the following command to display version inform

CONFIGURING THE SWITCH3-16Displaying Bridge Extension CapabilitiesThe Bridge MIB includes extensions for managed devices that support Multicast Filter

BASIC CONFIGURATION3-17Web – Click System, Bridge Extension.Figure 3-5. Bridge Extension ConfigurationCLI – Enter the following command. Setting the

CONFIGURING THE SWITCH3-18You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Val

BASIC CONFIGURATION3-19Manual ConfigurationWeb – Click System, IP Configuration. Select the VLAN through which the management station is attached, set

CONFIGURING THE SWITCH3-20Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

BASIC CONFIGURATION3-21CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart clien

iiiCONTENTS1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Key Features . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-22Managing FirmwareYou can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP serve

BASIC CONFIGURATION3-23Web – Click System, File, Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, s

CONFIGURING THE SWITCH3-24CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination

BASIC CONFIGURATION3-25Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set it a

CONFIGURING THE SWITCH3-26.If you download the startup configuration file under a new file name, you can set this file as the startup file at a later

BASIC CONFIGURATION3-27Setting the System ClockSimple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updat

CONFIGURING THE SWITCH3-28Command Attributes• SNTP Client – Configures the switch to operate as an SNTP unicast client. This mode requires at least on

BASIC CONFIGURATION3-29Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at t

CONFIGURING THE SWITCH3-30Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifical

SIMPLE NETWORK MANAGEMENT PROTOCOL3-31• Access Mode - Read-Only – Specifies read-only access. Authorized management stations are only able to retrieve

CONTENTSivSetting the Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-17Manual Configuration . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-32Command Attributes• Trap Manager Capability – This switch supports up to five trap managers.• Trap Manager IP Address – Inte

USER AUTHENTICATION3-33User AuthenticationYou can restrict management access to this switch using the following options:• Passwords – Manually configu

CONFIGURING THE SWITCH3-34Web – Click Security, Passwords. To change the password for the current user, enter the old password, the new password, conf

USER AUTHENTICATION3-35Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are log

CONFIGURING THE SWITCH3-36Command Attributes• Authentication – Select the authentication, or authentication sequence required:- Local – User authentic

USER AUTHENTICATION3-37• TACACS Settings- Server IP Address – Address of the TACACS+ server. (Default: 10.11.12.13)- Server Port Number – Network (TCP

CONFIGURING THE SWITCH3-38CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to en

USER AUTHENTICATION3-39• The client and server establish a secure encrypted connection.A padlock icon should appear in the status bar for Internet Exp

CONFIGURING THE SWITCH3-40CLI – This example enables the HTTP secure server and modifies the port number.Replacing the Default Secure-site Certificate

USER AUTHENTICATION3-41Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of th

CONTENTSvFiltering Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78Port Configuration . . . . . . . . . . . .

CONFIGURING THE SWITCH3-42To use the SSH server, complete these steps:1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a host p

USER AUTHENTICATION3-436. Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair

CONFIGURING THE SWITCH3-44Field Attributes• Public-Key of Host-Key – The public key for the host.- RSA: The first field indicates the size of the hos

USER AUTHENTICATION3-45Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the ho

CONFIGURING THE SWITCH3-46CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and the

USER AUTHENTICATION3-47• SSH Authentication Retries – Specifies the number of authentication attempts that a client is allowed before authentication f

CONFIGURING THE SWITCH3-48CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that th

USER AUTHENTICATION3-49To add new VLAN members at a later time, you can manually add secure addresses with the Static Address Table (page 3-112), or t

CONFIGURING THE SWITCH3-50Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox

USER AUTHENTICATION3-51Configuring 802.1x Port AuthenticationNetwork switches can provide open and easy access to network resources by simply attachin