SMC Networks TigerSwitch User Manual

TigerSwitch 10/10024-Port 10/100Mbps Stackable Managed SwitchManagement Guide◆ 24 auto-MDI/MDI-X 10BASE-T/100BASE-TX ports◆ 2 Gigabit RJ-45 ports shar

CONTENTSviDisplaying Basic VLAN Information . . . . . . . . . . . . . . . 3-147Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-50CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password.Configuring Local/Remote Logon

USER AUTHENTICATION3-51Command Usage• By default, management access is always checked against the authentication database stored on the local switch.

CONFIGURING THE SWITCH3-52• RADIUS Settings-Global – Provides globally applicable RADIUS settings.-ServerIndex – Specifies one of five RADIUS servers

USER AUTHENTICATION3-53Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authenticat

CONFIGURING THE SWITCH3-54CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to en

USER AUTHENTICATION3-55• If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number]• When y

CONFIGURING THE SWITCH3-56Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-26 HTTPS Settings

USER AUTHENTICATION3-57When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line i

CONFIGURING THE SWITCH3-58Command UsageThe SSH server on this switch supports both password and public key authentication. If password authentication

USER AUTHENTICATION3-593. Import Client’s Public Key to the Switch – Use the copy tftp public-key command (page 4-89) to copy a file containing the pu

CONTENTSviiTelnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Entering Commands . . . . . . . . . . . .

CONFIGURING THE SWITCH3-60e. The switch compares the decrypted bytes to the original bytes it sent. If the two sets match, this means that the client&

USER AUTHENTICATION3-61the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.• Save Host-Key from Memory to Flash – Saves the

CONFIGURING THE SWITCH3-62CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and the

USER AUTHENTICATION3-63• SSH Authentication Retries – Specifies the number of authentication attempts that a client is allowed before authentication f

CONFIGURING THE SWITCH3-64CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that th

USER AUTHENTICATION3-65already in the address table will be retained and will not age out. Any other device that attempts to use the port will be prev

CONFIGURING THE SWITCH3-66Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox

USER AUTHENTICATION3-67This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the

CONFIGURING THE SWITCH3-68• The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the

USER AUTHENTICATION3-69CLI – This example shows the default global setting for 802.1X. Configuring 802.1X Global SettingsThe 802.1X protocol includes

CONTENTSviiiquit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32System Management Commands . .

CONFIGURING THE SWITCH3-70CLI – This example enables 802.1X globally for the switch.Configuring Port Settings for 802.1XWhen 802.1X is enabled, you ne

USER AUTHENTICATION3-71• Max-Req – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it time

CONFIGURING THE SWITCH3-72CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this exampl

USER AUTHENTICATION3-73Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-5 802.1X Sta

CONFIGURING THE SWITCH3-74Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statis

USER AUTHENTICATION3-75Filtering Addresses for Management AccessYou create a list of up to 16 IP addresses or IP address groups that are allowed manag

CONFIGURING THE SWITCH3-76• Start IP Address – A single IP address, or the starting address of a range.• End IP Address – The end address of a range.•

ACCESS CONTROL LISTS3-77CLI – This example allows SNMP access for a specific client.Access Control ListsAccess Control Lists (ACL) provide packet filt

CONFIGURING THE SWITCH3-78Command UsageThe following restrictions apply to ACLs:• Each ACL can have up to 32 rules.• The maximum number of ACLs is 88.

ACCESS CONTROL LISTS3-79- MAC: MAC ACL mode that filters packets based on the source or destination MAC address and the Ethernet frame type (RFC 1060)

CONTENTSixclear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64show logging . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-80Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Addre

ACCESS CONTROL LISTS3-81Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a spe

CONFIGURING THE SWITCH3-82to specify a range of addresses with the Address and SubMask fields. (Options: Any, Host, IP; Default: Any)• Source/Destinat

ACCESS CONTROL LISTS3-83For example, use the code value and mask below to catch packets with the following flags set: - SYN flag valid, use control-co

CONFIGURING THE SWITCH3-843. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Configuring a MAC ACLCom

ACCESS CONTROL LISTS3-85Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any

CONFIGURING THE SWITCH3-86Binding a Port to an Access Control ListAfter configuring Access Control Lists (ACL), you should bind them to the ports that

ACCESS CONTROL LISTS3-87Web – Click Security, ACL, Port Binding. Mark the Enabled field for the port you want to bind to an ACL, select the required A

CONFIGURING THE SWITCH3-88Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the cur

PORT CONFIGURATION3-89Web – Click Port, Port Information or Trunk Information.Figure 3-40 Displaying Port/Trunk InformationField Attributes (CLI)Basi

CONTENTSxRADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99radius-server host . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-90- 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 1

PORT CONFIGURATION3-91CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configuration or

CONFIGURING THE SWITCH3-92• Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotiation is enabled, yo

PORT CONFIGURATION3-93Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure 3-41

CONFIGURING THE SWITCH3-94automatically negotiate a trunked link with LACP-configured ports on another device. You can configure any number of ports o

PORT CONFIGURATION3-95Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of different t

CONFIGURING THE SWITCH3-96Web – Click Port, Trunk Membership. Enter a trunk ID of 1-4 in the Trunk field, select any of the switch ports from the scro

PORT CONFIGURATION3-97CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to f

CONFIGURING THE SWITCH3-98• A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than e

PORT CONFIGURATION3-99CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switc

CONTENTSxiMAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130access-list mac . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-100Note: If the port channel admin key (lacp admin key, page 4-171) is not set (through the CLI) when a channel group is forme

PORT CONFIGURATION3-101Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

CONFIGURING THE SWITCH3-102CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG.Conso

PORT CONFIGURATION3-103Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Infor

CONFIGURING THE SWITCH3-104CLI – The following example displays LACP counters.Displaying LACP Settings and Status for the Local SideYou can display co

PORT CONFIGURATION3-105LACP Port PriorityLACP port priority assigned to this interface within the channel group.Admin State,Oper StateAdministrative o

CONFIGURING THE SWITCH3-106Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-

PORT CONFIGURATION3-107Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for the

CONFIGURING THE SWITCH3-108Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3

PORT CONFIGURATION3-109Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

CONTENTSxiishow rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163Link Aggregation Commands . . . . . . . .

CONFIGURING THE SWITCH3-110Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and cli

PORT CONFIGURATION3-111CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then

CONFIGURING THE SWITCH3-112Command Attributes• Mirror Sessions – Displays a list of current mirror sessions.• Source Unit – The unit whose port traffi

PORT CONFIGURATION3-113Configuring Rate LimitsThis function allows the network manager to control the maximum rate for traffic transmitted or received

CONFIGURING THE SWITCH3-114CLI - This example sets and displays Fast Ethernet and Gigabit Ethernet granularity.Rate Limit ConfigurationUse the rate li

PORT CONFIGURATION3-115Web – Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Enable the Rate Limit Status for the required interfaces,

CONFIGURING THE SWITCH3-116Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as MC EliteView. Table 3-9 Port Stat

PORT CONFIGURATION3-117Transmit Multicast PacketsThe total number of packets that higher-level protocols requested be transmitted, and which were addr

CONFIGURING THE SWITCH3-118Multiple Collision FramesA count of successfully transmitted frames for which transmission is inhibited by more than one co

PORT CONFIGURATION3-119Multicast Frames The total number of good frames received that were directed to this multicast address.CRC/Alignment Errors The

CONTENTSxiiiswitchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202switchport acceptable-frame-types . . . . . . . .

CONFIGURING THE SWITCH3-120Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

PORT CONFIGURATION3-121CLI – This example shows statistics for port 13.Console#show interfaces counters ethernet 1/13 4-155Ethernet 1/13 Iftable stats

CONFIGURING THE SWITCH3-122Address Table SettingsSwitches store the addresses for all known devices. This information is used to pass traffic directly

ADDRESS TABLE SETTINGS3-123Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address

CONFIGURING THE SWITCH3-124• MAC Address – Physical address associated with this interface.• VLAN – ID of configured VLAN (1-4094).• Address Table Sor

SPANNING TREE ALGORITHM CONFIGURATION3-125Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attribut

CONFIGURING THE SWITCH3-126The spanning tree algorithms supported by this switch include these versions:• STP – Spanning Tree Protocol (IEEE 802.1D)•

SPANNING TREE ALGORITHM CONFIGURATION3-127that can be used when a node or port fails, and retaining the forwarding database for ports insensitive to c

CONFIGURING THE SWITCH3-128• Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the ro

SPANNING TREE ALGORITHM CONFIGURATION3-129• Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., dis

CONTENTSxivmap ip dscp (Interface Configuration) . . . . . . . . . . . . . . . 4-233show map ip port . . . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-130CLI – This command displays global STA settings, followed by settings for each port. Note: The current root port and curren

SPANNING TREE ALGORITHM CONFIGURATION3-131Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree Algorithm

CONFIGURING THE SWITCH3-132• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the high

SPANNING TREE ALGORITHM CONFIGURATION3-133• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discardi

CONFIGURING THE SWITCH3-134Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-57 STA Configurati

SPANNING TREE ALGORITHM CONFIGURATION3-135Displaying Interface SettingsThe STA Port Information and STA Trunk Information pages display the current st

CONFIGURING THE SWITCH3-136• Designated Port – The port priority and number of the port on the designated bridging device through which this switch mu

SPANNING TREE ALGORITHM CONFIGURATION3-137• Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)These additional par

CONFIGURING THE SWITCH3-138• Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged

SPANNING TREE ALGORITHM CONFIGURATION3-139CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP

CONTENTSxvGlossaryIndex

CONFIGURING THE SWITCH3-140contradictory information. Port address table is cleared, and the port begins learning addresses.-Forwarding - Port forward

SPANNING TREE ALGORITHM CONFIGURATION3-141- Default –- Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000- Fast Ethernet – H

CONFIGURING THE SWITCH3-142Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply

VLAN CONFIGURATION3-143VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical c

CONFIGURING THE SWITCH3-144Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags sho

VLAN CONFIGURATION3-145Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically lear

CONFIGURING THE SWITCH3-146Forwarding Tagged/Untagged FramesIf you want to create a small port-based VLAN for devices attached directly to a single sw

VLAN CONFIGURATION3-147Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN

CONFIGURING THE SWITCH3-148• Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch.Web – Click VLAN, 802.1

VLAN CONFIGURATION3-149• Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP.- Permanent: Added as a

CONTENTSxvi

CONFIGURING THE SWITCH3-150• Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational.- Suspend: VLAN is suspended; i.e., doe

VLAN CONFIGURATION3-151• State (CLI) – Enables or disables the specified VLAN. - Active: VLAN is operational.- Suspend: VLAN is suspended; i.e., does

CONFIGURING THE SWITCH3-152Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port members for the selected VLAN index.

VLAN CONFIGURATION3-153• Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - Ta

CONFIGURING THE SWITCH3-154Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if

VLAN CONFIGURATION3-155• Member – VLANs for which the selected interface is a tagged member.• Non-Member – VLANs for which the selected interface is n

CONFIGURING THE SWITCH3-156Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN

VLAN CONFIGURATION3-157- If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will

CONFIGURING THE SWITCH3-158• Mode – Indicates VLAN membership mode for an interface. (Default: Hybrid)- 1Q Trunk – Specifies a port as an end-point fo

VLAN CONFIGURATION3-159CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP

xviiTABLESTable 1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Table 1-2 System Defaults . . . . . . . .

CONFIGURING THE SWITCH3-160To configure private VLANs, follow these steps:1. Use the Private VLAN Configuration menu (page 3-161) to designate one or

VLAN CONFIGURATION3-161Web – Click VLAN, Private VLAN, Information. Select the desired port from the VLAN ID drop-down menu.Figure 3-67 Private VLAN

CONFIGURING THE SWITCH3-162• Type – There are three types of VLANs within a private VLAN:-Primary VLANs – Conveys traffic between promiscuous ports, a

VLAN CONFIGURATION3-163Associating VLANsEach community or isolated VLAN must be associated with a primary VLAN.Command Attributes• Primary VLAN ID – I

CONFIGURING THE SWITCH3-164Displaying Private VLAN Interface InformationUse the Private VLAN Port Information and Private VLAN Trunk Information menus

VLAN CONFIGURATION3-165Web – Click VLAN, Private VLAN, Port Information or Trunk Information.Figure 3-70 Private VLAN Port InformationCLI – This exam

CONFIGURING THE SWITCH3-166- Host – The port is a community port and can only communicate with other ports in its own community VLAN, and with the des

VLAN CONFIGURATION3-167Web – Click VLAN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Type for each port that will join

CONFIGURING THE SWITCH3-168Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedence when

CLASS OF SERVICE CONFIGURATION3-169Command Attributes• Default Priority9 – The priority that is assigned to untagged frames received on the specified

TABLESxviiiTable 4-21 SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-68Table 4-22 Time Commands . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-170Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using four prior

CLASS OF SERVICE CONFIGURATION3-171Command Attributes• Priority – CoS value. (Range: 0-7, where 7 is the highest priority)• Traffic Class10 – Output q

CONFIGURING THE SWITCH3-172Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a

CLASS OF SERVICE CONFIGURATION3-173Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determin

CONFIGURING THE SWITCH3-174CLI – The following example shows how to assign WRR weights to each of the priority queues.Layer 3/4 Priority SettingsMappi

CLASS OF SERVICE CONFIGURATION3-175Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority.

CONFIGURING THE SWITCH3-176Command Attributes• IP Precedence Priority Table – Shows the IP Precedence to CoS map.• Class of Service Value – Maps a CoS

CLASS OF SERVICE CONFIGURATION3-177CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS

CONFIGURING THE SWITCH3-178Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS value to

CLASS OF SERVICE CONFIGURATION3-179CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1

TABLESxixTable 4-58 Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-222Table 4-59 Default CoS Priority Levels . . . . . . . .

CONFIGURING THE SWITCH3-180Web – Click Priority, IP Port Priority Status. Set IP Port Priority Status to Enabled. Figure 3-79 IP Port Priority Status

CLASS OF SERVICE CONFIGURATION3-181CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to

CONFIGURING THE SWITCH3-182• ACL CoS Priority Mapping – Displays the configured information.* For information on configuring ACLs, see page 3-77.Web –

MULTICAST FILTERING3-183Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A mul

CONFIGURING THE SWITCH3-184Layer 2 IGMP (Snooping and Query)IGMP Snooping and Query – If multicast routing is not supported on other switches in your

MULTICAST FILTERING3-185multicasting, one of these devices is elected “querier” and assumes the role of querying the LAN for group members. It then pr

CONFIGURING THE SWITCH3-186Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, includin

MULTICAST FILTERING3-187Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use information

CONFIGURING THE SWITCH3-188CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying St

MULTICAST FILTERING3-189Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router,

FIGURESxxFIGURESFigure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Figure 3-2 Panel Display . . . . . .

CONFIGURING THE SWITCH3-190Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service fro

MULTICAST FILTERING3-191Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query mes

CONFIGURING THE SWITCH3-192Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabl

4-1CHAPTER 4COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line InterfaceAccessing the CLI

COMMAND LINE INTERFACE4-2After connecting to the system through the console port, the login screen displays:Telnet ConnectionTelnet operates over the

USING THE COMMAND LINE INTERFACE4-32. At the prompt, enter the user name and system password. The CLI will display the “Vty-n#” prompt for the adminis

COMMAND LINE INTERFACE4-4Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords

ENTERING COMMANDS4-5Command CompletionIf you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to th

COMMAND LINE INTERFACE4-6Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current

ENTERING COMMANDS4-7The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword wi

FIGURESxxiFigure 3-37 ACL Configuration - Extended IP . . . . . . . . . . . . . . . . . 3-83Figure 3-38 ACL Configuration - MAC . . . . . . . . . . .

COMMAND LINE INTERFACE4-8Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display in

ENTERING COMMANDS4-9Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged level password “supe

COMMAND LINE INTERFACE4-10• Line Configuration - These commands modify the console port and Telnet configuration, and include command such as parity a

ENTERING COMMANDS4-11Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

COMMAND LINE INTERFACE4-12Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command GroupsCommand

COMMAND GROUPS4-13The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) P

COMMAND LINE INTERFACE4-14Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial

LINE COMMANDS4-15lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax line {con

COMMAND LINE INTERFACE4-16loginThis command enables password checking at login. Use the no form to disable password checking and allow connections wit

LINE COMMANDS4-17Example Related Commandsusername (4-36)password (4-17)passwordThis command specifies the password for a line. Use the no form to remo

FIGURESxxiiFigure 3-74 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172Figure 3-75 Configuring Queue Scheduling .

COMMAND LINE INTERFACE4-18configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.Example Related Co

LINE COMMANDS4-19Example To set the timeout to two minutes, enter this command:Related Commandssilent-time (4-21)exec-timeout (4-14)exec-timeoutThis c

COMMAND LINE INTERFACE4-20Example To set the timeout to two minutes, enter this command:Related Commandssilent-time (4-21)timeout login response (4-13

LINE COMMANDS4-21Example To set the password threshold to five attempts, enter this command:Related Commandssilent-time (4-21)timeout login response (

COMMAND LINE INTERFACE4-22databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use

LINE COMMANDS4-23parityThis command defines the generation of a parity bit. Use the no form to restore the default setting.Syntax parity {none | even

COMMAND LINE INTERFACE4-24Default Setting 9600Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connect

LINE COMMANDS4-25disconnectThis command terminates an SSH, Telnet, or console connection.Syntax disconnect session-idsession-id – The session identifi

COMMAND LINE INTERFACE4-26Example To show all lines, enter this command:Console#show line Console configuration: Password threshold: 3 times Intera

GENERAL COMMANDS4-27General CommandsenableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and cert

1-1CHAPTER 1INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to config

COMMAND LINE INTERFACE4-28Command ModeNormal ExecCommand Usage • “super” is the default password required to change the command mode from Normal Exec

GENERAL COMMANDS4-29Example Related Commands enable (4-27)configureThis command activates Global Configuration mode. You must enter this mode to modif

COMMAND LINE INTERFACE4-30Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands.Example In this exampl

GENERAL COMMANDS4-31Command Mode Privileged ExecCommand Usage This command resets the entire system.Example This example shows how to reset the switch

COMMAND LINE INTERFACE4-32Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the C

SYSTEM MANAGEMENT COMMANDS4-33System Management CommandsThese commands are used to control system logs, passwords, user names, browser configuration o

COMMAND LINE INTERFACE4-34promptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Syntax prompt stringno promptstr

SYSTEM MANAGEMENT COMMANDS4-35Example User Access CommandsThe basic commands required for management access are listed in this section. This switch al

COMMAND LINE INTERFACE4-36usernameThis command adds named users, requires authentication at login, specifies or changes a user's password (or spe

SYSTEM MANAGEMENT COMMANDS4-37Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or en

INTRODUCTION1-2Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates th

COMMAND LINE INTERFACE4-38Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exe

SYSTEM MANAGEMENT COMMANDS4-39managementThis command specifies the client IP addresses that are allowed management access to the switch through variou

COMMAND LINE INTERFACE4-40• You can delete an address range just by specifying the start address, or by specifying both the start address and end addr

SYSTEM MANAGEMENT COMMANDS4-41ExampleWeb Server CommandsConsole#show management all-clientManagement IP Filter HTTP-Client: Start IP address En

COMMAND LINE INTERFACE4-42ip http portThis command specifies the TCP port number used by the web browser interface. Use the no form to use the default

SYSTEM MANAGEMENT COMMANDS4-43Example Related Commandsip http port (4-42)ip http secure-serverThis command enables the secure hypertext transfer proto

COMMAND LINE INTERFACE4-445.x and Netscape Navigator 6.2 or later versions.• The following web browsers and operating systems currently support HTTPS:

SYSTEM MANAGEMENT COMMANDS4-45Command Mode Global ConfigurationCommand Usage • You cannot configure the HTTP and HTTPS servers to use the same port. •

COMMAND LINE INTERFACE4-46Default Setting 23Command Mode Global ConfigurationExampleRelated Commandsip telnet server (4-46)ip telnet serverThis comman

SYSTEM MANAGEMENT COMMANDS4-47Secure Shell CommandsThe Berkley-standard includes remote access tools originally designed for Unix systems. Some of the

DESCRIPTION OF SOFTWARE FEATURES1-3Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and

COMMAND LINE INTERFACE4-48The SSH server on this switch supports both password and public key authentication. If password authentication is specified

SYSTEM MANAGEMENT COMMANDS4-492. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the ini

COMMAND LINE INTERFACE4-50a. The client sends its public key to the switch. b. The switch compares the client's public key to those stored in mem

SYSTEM MANAGEMENT COMMANDS4-51Example Related Commandsip ssh crypto host-key generate (4-53)show ssh (4-56)ip ssh timeoutThis command configures the t

COMMAND LINE INTERFACE4-52ip ssh authentication-retriesThis command configures the number of times the SSH server attempts to reauthenticate a user. U

SYSTEM MANAGEMENT COMMANDS4-53Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with t

COMMAND LINE INTERFACE4-54Command Mode Privileged ExecCommand Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save

SYSTEM MANAGEMENT COMMANDS4-55Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to

COMMAND LINE INTERFACE4-56show ip sshThis command displays the connection settings used when authenticating client access to the SSH server.Command Mo

SYSTEM MANAGEMENT COMMANDS4-57show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [us

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsNovember 2

INTRODUCTION1-4Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured

COMMAND LINE INTERFACE4-58Command Mode Privileged ExecCommand Usage • If no parameters are entered, all keys are displayed. If the user keyword is ent

SYSTEM MANAGEMENT COMMANDS4-59Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to swi

COMMAND LINE INTERFACE4-60Example Related Commandslogging history (4-60)clear logging (4-64)logging historyThis command limits syslog messages saved t

SYSTEM MANAGEMENT COMMANDS4-61Default Setting Flash: errors (level 3 - 0)RAM: warnings (level 7 - 0)Command Mode Global ConfigurationCommand Usage The

COMMAND LINE INTERFACE4-62Command Usage • By using this command more than once you can build up a list of host IP addresses.• The maximum number of ho

SYSTEM MANAGEMENT COMMANDS4-63logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved

COMMAND LINE INTERFACE4-64clear loggingThis command clears messages from the log buffer.Syntax clear logging [flash | ram]- flash - Event history stor

SYSTEM MANAGEMENT COMMANDS4-65- sendmail - Displays settings for the SMTP event handler (page 4-71).- trap - Displays settings for the trap function.

COMMAND LINE INTERFACE4-66The following example displays settings for the trap function. Related Commandsshow logging sendmail (4-71)show logThis comm

SYSTEM MANAGEMENT COMMANDS4-67- tail - Shows event history starting from the most recent entry.- login - Shows the login record only.Default Setting N

DESCRIPTION OF SOFTWARE FEATURES1-5Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port.

COMMAND LINE INTERFACE4-68SMTP Alert CommandsThese commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP serv

SYSTEM MANAGEMENT COMMANDS4-69• To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one,

COMMAND LINE INTERFACE4-70logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages. Use the no for

SYSTEM MANAGEMENT COMMANDS4-71Command Mode Global ConfigurationCommand Usage You can specify up to five recipients for alert messages. However, you mu

COMMAND LINE INTERFACE4-72ExampleTime CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Mainta

SYSTEM MANAGEMENT COMMANDS4-73sntp clientThis command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified wi

COMMAND LINE INTERFACE4-74sntp serverThis command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with

SYSTEM MANAGEMENT COMMANDS4-75sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use th

COMMAND LINE INTERFACE4-76Example clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours

SYSTEM MANAGEMENT COMMANDS4-77Example Related Commandsshow sntp (4-75)calendar setThis command sets the system clock. It may be used if there is no ti

INTRODUCTION1-6switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:• Elimi

COMMAND LINE INTERFACE4-78show calendarThis command displays the system clock.Default Setting NoneCommand Mode Normal Exec, Privileged ExecExample Sys

SYSTEM MANAGEMENT COMMANDS4-79light unitThis command displays the unit ID of a switch using its front-panel LED indicators.Syntax light unit [unit]- u

COMMAND LINE INTERFACE4-80• This command displays settings for key command modes. Each mode group is separated by “!” symbols, and includes the config

SYSTEM MANAGEMENT COMMANDS4-81Example Related Commandsshow running-config (4-82)Console#show startup-configbuilding startup-config, please wait...!

COMMAND LINE INTERFACE4-82show running-configThis command displays the configuration information currently in use.Default Setting NoneCommand Mode Pri

SYSTEM MANAGEMENT COMMANDS4-83Example Console#show running-configbuilding running-config, please wait...!phymap 5a-a5-aa-55-44-32 00-00-00-00-00-00

COMMAND LINE INTERFACE4-84Related Commandsshow startup-config (4-79)show systemThis command displays system information.Default Setting NoneCommand Mo

SYSTEM MANAGEMENT COMMANDS4-85Exampleshow usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet

COMMAND LINE INTERFACE4-86Example show versionThis command displays hardware and software version information for the system.Default Setting NoneComma

SYSTEM MANAGEMENT COMMANDS4-87Example Frame Size Commandsjumbo frameThis command enables support for jumbo frames. Use the no form to disable it.Synta

SYSTEM DEFAULTS1-7System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch

COMMAND LINE INTERFACE4-88using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.• To use

FLASH/FILE COMMANDS4-89copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP se

COMMAND LINE INTERFACE4-90• The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period

FLASH/FILE COMMANDS4-91The following example shows how to copy the running configuration to a startup file.The following example shows how to download

COMMAND LINE INTERFACE4-92deleteThis command deletes a file or image.Syntax delete [unit:] filenamefilename - Name of the configuration file or image

FLASH/FILE COMMANDS4-93- boot-rom - Boot ROM (or diagnostic) image file.- config - Switch configuration file.- opcode - Run-time operation code image

COMMAND LINE INTERFACE4-94whichbootThis command displays which files were booted when the system powered up.Syntax whichboot [unit]unit - Specifies th

AUTHENTICATION COMMANDS4-95- unit* - Specifies the unit number.* The colon (:) is required.Default Setting NoneCommand Mode Global ConfigurationComman

COMMAND LINE INTERFACE4-96Authentication Sequenceauthentication loginThis command defines the login authentication method and precedence. Use the no f

AUTHENTICATION COMMANDS4-97access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet.• RADIUS and TACA

INTRODUCTION1-8Web ManagementHTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Port Number443SNMP Community Strings “public”

COMMAND LINE INTERFACE4-98Command Mode Global ConfigurationCommand Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort deliver

AUTHENTICATION COMMANDS4-99RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software runn

COMMAND LINE INTERFACE4-100• port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535)• timeout - Number of seconds the

AUTHENTICATION COMMANDS4-101Example radius-server keyThis command sets the RADIUS encryption key. Use the no form to restore the default.Syntax radius

COMMAND LINE INTERFACE4-102Command Mode Global ConfigurationExample radius-server timeoutThis command sets the interval between transmitting authentic

AUTHENTICATION COMMANDS4-103Example TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that u

COMMAND LINE INTERFACE4-104tacacs-server hostThis command specifies the TACACS+ server. Use the no form to restore the default.Syntax tacacs-server ho

AUTHENTICATION COMMANDS4-105Example tacacs-server keyThis command sets the TACACS+ encryption key. Use the no form to restore the default.Syntax tacac

COMMAND LINE INTERFACE4-106Example Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the s

AUTHENTICATION COMMANDS4-107port securityThis command enables or configures port security. Use the no form without any keywords to disable port securi

SYSTEM DEFAULTS1-9Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mode (Egress Mode)Hybrid: tagged/unta

COMMAND LINE INTERFACE4-108• You can also manually add secure addresses with the mac-address-table static command. • A secure port has the following r

AUTHENTICATION COMMANDS4-109dot1x system-auth-controlThis command enables 802.1X port authentication globally on the switch. Use the no form to restor

COMMAND LINE INTERFACE4-110Command ModeGlobal ConfigurationExampledot1x defaultThis command sets all configurable dot1x global and port settings to th

AUTHENTICATION COMMANDS4-111Exampledot1x port-controlThis command sets the dot1x mode on a port interface. Use the no form to restore the default.Synt

COMMAND LINE INTERFACE4-112dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the

AUTHENTICATION COMMANDS4-113dot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-authenticat

COMMAND LINE INTERFACE4-114dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceeded

AUTHENTICATION COMMANDS4-115Exampledot1x timeout tx-periodThis command sets the time that an interface on the switch waits during an authentication se

COMMAND LINE INTERFACE4-116Command ModePrivileged ExecCommand UsageThis command displays the following information:• Global 802.1X Parameters – Shows

AUTHENTICATION COMMANDS4-117- Max Count – The maximum number of hosts allowed to access this port (page 4-112).- Port-control – Shows the dot1x mode o

INTRODUCTION1-10

COMMAND LINE INTERFACE4-118ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status O

ACCESS CONTROL LIST COMMANDS4-119Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, prot

COMMAND LINE INTERFACE4-120• This switch supports ACLs for ingress filtering only. However, you can only bind one IP ACL to any port and one MAC ACL g

ACCESS CONTROL LIST COMMANDS4-121access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Us

COMMAND LINE INTERFACE4-122Command Usage• When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to

ACCESS CONTROL LIST COMMANDS4-123Command Usage• New rules are appended to the end of the list.• Address bitmasks are similar to a subnet mask, contain

COMMAND LINE INTERFACE4-124[precedence precedence] [tos tos] [dscp dscp][source-port sport [end]] [destination-port dport [end]][control-flag control-

ACCESS CONTROL LIST COMMANDS4-125• The control-code bitmask is a decimal number (representing an equivalent bit mask) that is applied to the control c

COMMAND LINE INTERFACE4-126Related Commandsaccess-list ip (4-121)show ip access-list This command displays the rules for configured IP ACLs.Syntaxshow

ACCESS CONTROL LIST COMMANDS4-127Command ModeInterface Configuration (Ethernet)Command Usage• A port can only be bound to one ACL.• If a port is alrea

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

COMMAND LINE INTERFACE4-128map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only use

ACCESS CONTROL LIST COMMANDS4-129show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS valu

COMMAND LINE INTERFACE4-130MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remo

ACCESS CONTROL LIST COMMANDS4-131Command Usage• When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny comm

COMMAND LINE INTERFACE4-132• address-bitmask2 – Bitmask for MAC address (in hexidecimal format). • vid – VLAN ID. (Range: 1-4094)• vid-end – Upper bou

ACCESS CONTROL LIST COMMANDS4-133show mac access-list This command displays the rules for configured MAC ACLs.Syntaxshow mac access-list [acl_name]acl

COMMAND LINE INTERFACE4-134Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a different AC

ACCESS CONTROL LIST COMMANDS4-135Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command Usage• You must configure an ACL mask before

COMMAND LINE INTERFACE4-136Command ModePrivileged ExecExample Related Commandsmap access-list mac (4-134)ACL Informationshow access-listThis command s

ACCESS CONTROL LIST COMMANDS4-137Example show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample Cons

INITIAL CONFIGURATION2-2The switch’s Web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

COMMAND LINE INTERFACE4-138SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), a

SNMP COMMANDS4-139• rw - Specifies read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Default Setting

COMMAND LINE INTERFACE4-140Example Related Commandssnmp-server location (4-140)snmp-server locationThis command sets the system location string. Use t

SNMP COMMANDS4-141snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no for

COMMAND LINE INTERFACE4-142enable traps command and the snmp-server host command for that host must be enabled. • Some notification types cannot be co

SNMP COMMANDS4-143Command Usage • If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In or

COMMAND LINE INTERFACE4-144ExampleConsole#show snmpSystem Contact: JoeSystem Location: Room 23SNMP traps: Authentication: enabled Link-up-down: enab

INTERFACE COMMANDS4-145Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or

COMMAND LINE INTERFACE4-146interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a trun

4-147Command Mode Interface Configuration (Ethernet, Port Channel)Example The following example adds a description to port 24.speed-duplexThis command

CONNECTING TO THE SWITCH2-3Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cab

COMMAND LINE INTERFACE4-148• When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilitie

4-149Example The following example configures port 11 to use autonegotiation.Related Commands capabilities (4 -149)speed-duplex (4 -147)capabilitiesTh

COMMAND LINE INTERFACE4-150Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage When auto-negotiation is enabled with the negoti

4-151Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when i

COMMAND LINE INTERFACE4-152Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This command allows you to disable a port due to

4-153Example The following shows how to configure broadcast storm control at 600 packets per second: clear countersThis command clears statistics on a

COMMAND LINE INTERFACE4-154show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface

4-155Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interface • ethernet unit/

COMMAND LINE INTERFACE4-156Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items disp

4-157show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax show interfaces swit

Information furnished by SMC Networks, Inc. (SMC) is believed to be accu-rate and reliable. However, no responsibility is assumed by SMC for its use,

INITIAL CONFIGURATION2-4For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI command

COMMAND LINE INTERFACE4-158Table 4-41 Interfaces Switchport StatisticsField DescriptionBroadcast threshold Shows if broadcast storm suppression is en

MIRROR PORT COMMANDS4-159Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comman

COMMAND LINE INTERFACE4-160• The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port.• You can on

RATE LIMIT COMMANDS4-161Example The following shows mirroring configured from port 6 to port 11:Rate Limit CommandsThis function allows the network ma

COMMAND LINE INTERFACE4-162rate-limitUse this command to define the rate limit level for a specific interface. Use this command without specifying a r

RATE LIMIT COMMANDS4-163• fastethernet – Fast Ethernet granularity• gigabitethernet – Gigabit Ethernet granularity• granularity – Sets rate limit gran

COMMAND LINE INTERFACE4-164ExampleLink Aggregation CommandsPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwi

LINK AGGREGATION COMMANDS4-165Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding

COMMAND LINE INTERFACE4-166• However, if the port channel admin key is set, then the port admin key must be set to the same value for a port to be all

LINK AGGREGATION COMMANDS4-167lacpThis command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to

STACK OPERATIONS2-5Stack OperationsUp to eight switches can be stacked together as described in the Installation Guide. One unit in the stack acts as

COMMAND LINE INTERFACE4-168ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of

LINK AGGREGATION COMMANDS4-169• priority - This priority is used to determine link aggregation group (LAG) membership, and to identify this device to

COMMAND LINE INTERFACE4-170lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to restor

LINK AGGREGATION COMMANDS4-171lacp admin-key (Port Channel)This command configures a port channel's LACP administration key string. Use the no fo

COMMAND LINE INTERFACE4-172lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp {a

LINK AGGREGATION COMMANDS4-173show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors | sysid

COMMAND LINE INTERFACE4-174Table 4-45 show lacp counters - display descriptionField DescriptionLACPDUs Sent Number of valid LACPDUs transmitted from t

LINK AGGREGATION COMMANDS4-175Console#show lacp 1 internalChannel group : 1-------------------------------------------------------------------Oper Key

COMMAND LINE INTERFACE4-176Admin State,Oper StateAdministrative or operational values of the actor’s state parameters:• Expired – The actor’s receive

LINK AGGREGATION COMMANDS4-177Console#show lacp 1 neighborsChannel group 1 neighbors------------------------------------------------------------------

INITIAL CONFIGURATION2-6Resilient IP Interface for Management Access The stack functions as one integral system for management and configuration purpo

COMMAND LINE INTERFACE4-178Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

ADDRESS TABLE COMMANDS4-179mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an ad

COMMAND LINE INTERFACE4-180• A static address cannot be learned on another port until the address is removed with the no form of this command. Example

ADDRESS TABLE COMMANDS4-181show mac-address-tableThis command shows classes of entries in the bridge-forwarding database.Syntax show mac-address-table

COMMAND LINE INTERFACE4-182Examplemac-address-table aging-timeThis command sets the aging time for entries in the address table. Use the no form to re

SPANNING TREE COMMANDS4-183Command Mode Privileged ExecExample Spanning Tree CommandsThis section includes commands that configure the Spanning Tree A

COMMAND LINE INTERFACE4-184spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax

SPANNING TREE COMMANDS4-185Example This example shows how to enable the Spanning Tree Algorithm for the switch:spanning-tree modeThis command selects

COMMAND LINE INTERFACE4-186RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires, RSTP resta

SPANNING TREE COMMANDS4-187spanning-tree hello-timeThis command configures the spanning tree bridge hello time globally for this switch. Use the no fo

BASIC CONFIGURATION2-73. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)4. The session

COMMAND LINE INTERFACE4-188Command Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) a device can wait without re

SPANNING TREE COMMANDS4-189Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the hig

COMMAND LINE INTERFACE4-190spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive RSTP B

SPANNING TREE COMMANDS4-191Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000• Fast Ethernet – half duplex: 2

COMMAND LINE INTERFACE4-192Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command defines the priority for the use

SPANNING TREE COMMANDS4-193of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to ini

COMMAND LINE INTERFACE4-194forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end-no

SPANNING TREE COMMANDS4-195Command Usage • Specify a point-to-point link if the interface can only be connected to exactly one other bridge, or a shar

COMMAND LINE INTERFACE4-196Example show spanning-treeThis command shows the configuration for the spanning tree.Syntax show spanning-tree [interface]•

SPANNING TREE COMMANDS4-197ExampleConsole#show spanning-treeSpanning-tree information--------------------------------------------------------------- S

INITIAL CONFIGURATION2-8Setting an IP AddressYou must establish IP address information for the switch to obtain management access through the network.

COMMAND LINE INTERFACE4-198VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong

VLAN COMMANDS4-199Command Mode Global ConfigurationCommand Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishin

COMMAND LINE INTERFACE4-200• state - Keyword to be followed by the VLAN state. - active - VLAN is operational. - suspend - VLAN is suspended. Suspende

VLAN COMMANDS4-201Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to configure VLAN

COMMAND LINE INTERFACE4-202Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to

VLAN COMMANDS4-203Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid:Related Commands

COMMAND LINE INTERFACE4-204Related Commandsswitchport mode (4 -202)switchport ingress-filtering This command enables ingress filtering for an interfac

VLAN COMMANDS4-205switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default.Sy

COMMAND LINE INTERFACE4-206switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the defaul

VLAN COMMANDS4-207• If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the f

BASIC CONFIGURATION2-93. Type “exit” to return to the global configuration mode prompt. Press <Enter>. 4. To set the IP address of the default g

COMMAND LINE INTERFACE4-208Example The following example shows how to prevent port 1 from being added to VLAN 3:Displaying VLAN Informationshow vlanTh

VLAN COMMANDS4-209Example The following example shows how to display information for VLAN 1:Configuring Private VLANsPrivate VLANs provide port-based

COMMAND LINE INTERFACE4-210To configure private VLANs, follow these steps:1. Use the private-vlan command to designate one or more community VLANs and

VLAN COMMANDS4-211VLANs, and serves to channel traffic between community VLANs and other locations.• isolated – Specifies an isolated VLAN. Ports assi

COMMAND LINE INTERFACE4-212• primary-vlan-id - ID of primary VLAN.(Range: 1-4094, no leading zeroes).• secondary-vlan-id - ID of secondary (i.e, commu

VLAN COMMANDS4-213switchport mode private-vlanUse this command to set the private VLAN mode for an interface. Use the no form to restore the default s

COMMAND LINE INTERFACE4-214switchport private-vlan host-associationUse this command to associate an interface with a secondary VLAN. Use the no form t

VLAN COMMANDS4-215Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel)Command UsagePromiscuous ports assigned to a primar

COMMAND LINE INTERFACE4-216ExampleGVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN inform

GVRP AND BRIDGE EXTENSION COMMANDS4-217bridge-ext gvrpThis command enables GVRP globally for the switch. Use the no form to disable it.Syntax [no] bri

INITIAL CONFIGURATION2-10• To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.3. Type “end” to return to the Privileged

COMMAND LINE INTERFACE4-218Example switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefau

GVRP AND BRIDGE EXTENSION COMMANDS4-219show gvrp configurationThis command shows if GVRP is enabled.Syntax show gvrp configuration [interface]interfac

COMMAND LINE INTERFACE4-220Default Setting • join: 20 centiseconds• leave: 60 centiseconds• leaveall: 1000 centisecondsCommand Mode Interface Configur

GVRP AND BRIDGE EXTENSION COMMANDS4-221show garp timerThis command shows the GARP timers for the selected interface.Syntax show garp timer [interface]

COMMAND LINE INTERFACE4-222Priority CommandsThe commands described in this section allow you to specify which data packets have greater precedence whe

PRIORITY COMMANDS4-223queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) prior

COMMAND LINE INTERFACE4-224Example The following example sets the queue mode to strict priority service mode:switchport priority defaultThis command s

PRIORITY COMMANDS4-225Therefore, any inbound frames that do not have priority tags will be placed in queue 0 of the output port. (Note that if the out

COMMAND LINE INTERFACE4-226Related Commandsshow queue bandwidth (4 -227)queue cos-mapThis command assigns class of service (CoS) values to the priorit

PRIORITY COMMANDS4-227Example The following example shows how to map CoS values 0, 1 and 2 to egress queue 0, value 3 to egress queue 1, values 4 and

BASIC CONFIGURATION2-11Community StringsCommunity strings are used to control management access to SNMP stations, as well as to authorize SNMP station

COMMAND LINE INTERFACE4-228Command Mode Privileged ExecExample show queue cos-mapThis command shows the class of service priority map.Syntax show queu

PRIORITY COMMANDS4-229Priority Commands (Layer 3 and 4) map ip port (Global Configuration)This command enables IP port mapping (i.e., class of service

COMMAND LINE INTERFACE4-230Default Setting DisabledCommand Mode Global ConfigurationCommand Usage The precedence for priority mapping is IP Port, IP P

PRIORITY COMMANDS4-231Example The following example shows how to map HTTP traffic to CoS value 0:map ip precedence (Global Configuration)This command

COMMAND LINE INTERFACE4-232map ip precedence (Interface Configuration)This command sets IP precedence priority (i.e., IP Type of Service priority). Us

PRIORITY COMMANDS4-233map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use t

COMMAND LINE INTERFACE4-234Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not spec

PRIORITY COMMANDS4-235show map ip portUse this command to show the IP port priority map.Syntax show map ip port [interface]interface • ethernet unit/p

COMMAND LINE INTERFACE4-236show map ip precedenceThis command shows the IP precedence priority map.Syntax show map ip precedence [interface]interface

PRIORITY COMMANDS4-237show map ip dscpThis command shows the IP DSCP priority map.Syntax show map ip dscp [interface]interface • ethernet unit/port -

INITIAL CONFIGURATION2-12Trap ReceiversYou can also specify SNMP stations that are to receive traps from the switch.To configure a trap receiver, comp

COMMAND LINE INTERFACE4-238Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that

MULTICAST FILTERING COMMANDS4-239ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp

COMMAND LINE INTERFACE4-240Command Mode Global ConfigurationExample The following shows how to statically configure a multicast group on a port:ip igm

MULTICAST FILTERING COMMANDS4-241show ip igmp snoopingThis command shows the IGMP snooping configuration.Default Setting NoneCommand Mode Privileged E

COMMAND LINE INTERFACE4-242Command Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on selected options.Exampl

MULTICAST FILTERING COMMANDS4-243ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form to disable it.Syntax [no]

COMMAND LINE INTERFACE4-244Command Usage The query count defines how long the querier waits for a response from a multicast client before taking actio

MULTICAST FILTERING COMMANDS4-245ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore th

COMMAND LINE INTERFACE4-246ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.S

MULTICAST FILTERING COMMANDS4-247Static Multicast Routing Commandsip igmp snooping vlan mrouterThis command statically configures a multicast router p

MANAGING SYSTEM FILES2-132. Enter the name of the start-up file. Press <Enter>.Managing System FilesThe switch’s flash memory supports three typ

COMMAND LINE INTERFACE4-248Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snooping mrouter

IP INTERFACE COMMANDS4-249IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for t

COMMAND LINE INTERFACE4-250Default Setting DHCPCommand Mode Interface Configuration (VLAN)Command Usage • You must assign an IP address to this device

IP INTERFACE COMMANDS4-251ip dhcp restart This command submits a BOOTP or DHCP client request.Default Setting NoneCommand Mode Privileged ExecCommand

COMMAND LINE INTERFACE4-252ip default-gatewayThis command establishes a static route between this switch and devices that exist on another network seg

IP INTERFACE COMMANDS4-253Example Related Commands show ip redirects (4 -253)show ip redirectsThis command shows the default gateway configured for th

COMMAND LINE INTERFACE4-254Default Setting This command has no default for the host.Command Mode Normal Exec, Privileged ExecCommand Usage • Use the p

A-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Lists

SOFTWARE SPECIFICATIONSA-2Spanning Tree ProtocolSpanning Tree Protocol (STP, IEEE 802.1D) Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) VLAN Suppor

SOFTWARE SPECIFICATIONSA-3RMONGroups 1, 2, 3, 9 (Statistics, History, Alarm, Event)StandardsIEEE 802.1D Spanning Tree Protocol and traffic prioritiesI

iLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

INITIAL CONFIGURATION2-14Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many d

SOFTWARE SPECIFICATIONSA-4Management Information BasesBridge MIB (RFC 1493)Entity MIB (RFC 2737)Ether-like MIB (RFC 2665)Extended Bridge MIB (RFC 2674

B-1APPENDIX BTROUBLESHOOTINGProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet, w

TROUBLESHOOTINGB-2Cannot connect using Secure Shell• If you cannot connect using SSH, you may have exceeded the maximum number of concurrent Telnet/SS

USING SYSTEM LOGSB-3Using System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually cau

TROUBLESHOOTINGB-4

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GLOSSARYGlossary-2Dynamic Host Control Protocol (DHCP)Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is

GLOSSARYGlossary-3IEEE 802.1DSpecifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.IEEE 802.1QVLAN Tagging

GLOSSARYGlossary-4IGMP QueryOn each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on

GLOSSARYGlossary-5Link AggregationSee Port Trunk. Link Aggregation Control Protocol (LACP)Allows ports to automatically negotiate a trunked link with

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the sw

GLOSSARYGlossary-6Port MirroringA method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON

GLOSSARYGlossary-7Simple Network Management Protocol (SNMP)The application protocol in the Internet suite of protocols which offers network management

GLOSSARYGlossary-8User Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

Index-1Numerics802.1X, port authentication 3-66Aacceptable frame type 3-156, 4-203Access Control List See ACLACLExtended IP 3-78, 4-119, 4-120, 4-123

INDEXIndex-2GGARP VLAN Registration Protocol See GVRPgateway, default 3-18, 4-252GVRPglobal setting 4-217interface configuration 3-157, 4-218GVRP, g

INDEXIndex-3path cost 3-128, 3-137method 3-133, 4-189STA 3-128, 3-137, 4-189port authentication 3-66port priorityconfiguring 3-168, 4-222default ingre

INDEXIndex-4STA 3-125, 4-183edge port 3-138, 3-141, 4-192global settings, configuring 3-131, 4-184–4-190global settings, displaying 3-127, 4-196interf

38 TeslaIrvine, CA 92618Phone: (949) 679-8000FOR TECHNICAL SUPPORT, CALL:From U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOU; Phn: (

CONFIGURING THE SWITCH3-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and pa

CONFIGURING THE SWITCH3-4Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made

MAIN MENU3-5Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor netw

CONFIGURING THE SWITCH3-6SNTP 3-42Configuration Configures SNTP client settings, including broadcast mode or a specified list of servers3-42Clock Tim

MAIN MENU3-7IP Filter Sets IP addresses of clients allowed management access via the Web, SNMP, and Telnet3-75Port 3-88Port Information Displays port

CONFIGURING THE SWITCH3-8Output Port Configuration Sets the output rate limit for each port 3-114Output Trunk Configuration Sets the output rate limit

MAIN MENU3-9Static Membership by PortConfigures membership type for interfaces, including tagged, untagged or forbidden3-154Port Configuration Specifi

LIMITED WARRANTYiiWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT O

CONFIGURING THE SWITCH3-10Queue Scheduling Configures Weighted Round Robin queueing 3-173IP Precedence/DSCP Priority Status Globally selects IP Preced

BASIC CONFIGURATION3-11Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location and

CONFIGURING THE SWITCH3-12Web – Click System, System Information. Specify the system name, location, and contact information for the system administra

BASIC CONFIGURATION3-13CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inform

CONFIGURING THE SWITCH3-14• Internal Power Status – Displays the status of the internal power supply.Management Software • Loader Version – Version nu

BASIC CONFIGURATION3-15CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe Bridge MIB includes

CONFIGURING THE SWITCH3-16• Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egre

BASIC CONFIGURATION3-17CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface for

CONFIGURING THE SWITCH3-18Requests will be broadcast periodically by the switch for an IP address. (DHCP/BOOTP values can include the IP address, subn

BASIC CONFIGURATION3-19CLI – Specify the management interface, IP address and default gateway.Using DHCP/BOOTP If your network provides DHCP/BOOTP ser

iiiCONTENTS1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Key Features . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-20CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart” c

BASIC CONFIGURATION3-21Managing FirmwareYou can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack.

CONFIGURING THE SWITCH3-22Downloading System Software from a ServerWhen downloading runtime code, you can specify the destination file name to replace

BASIC CONFIGURATION3-23If you download to a new destination file, go to the System/File/Set Start-Up menu, mark the operation code file used at startu

CONFIGURING THE SWITCH3-24CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file type

BASIC CONFIGURATION3-25- running-config to startup-config – Copies the running config to the startup config.- running-config to tftp – Copies the runn

CONFIGURING THE SWITCH3-26Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set i

BASIC CONFIGURATION3-27If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automatically set as the start

CONFIGURING THE SWITCH3-28Console Port SettingsYou can access the onboard configuration program by attaching a VT100 compatible device to the switch’s

BASIC CONFIGURATION3-29• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the

CONTENTSivDisplaying Switch Hardware/Software Versions . . . . . . . . . . . 3-13Displaying Bridge Extension Capabilities . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-30CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curr

BASIC CONFIGURATION3-31• Telnet Port Number – Sets the TCP port number for Telnet on the switch. (Default: 23)• Login Timeout – Sets the interval that

CONFIGURING THE SWITCH3-32Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.Figure 3-14 Enablin

BASIC CONFIGURATION3-33Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that are

CONFIGURING THE SWITCH3-34• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For e

BASIC CONFIGURATION3-35Web – Click System, Log, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash

CONFIGURING THE SWITCH3-36The facility type is used by the syslog server to dispatch log messages to an appropriate service.The attribute specifies th

BASIC CONFIGURATION3-37Web – Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address

CONFIGURING THE SWITCH3-38Displaying Log MessagesThe Logs page allows you to scroll through the logged system and event messages. The switch can store

BASIC CONFIGURATION3-39Sending Simple Mail Transfer Protocol AlertsTo alert system administrators of problems, the switch can use SMTP (Simple Mail Tr

CONTENTSvFiltering Addresses for Management Access . . . . . . . . . . . . . . . 3-75Access Control Lists . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-40Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an

BASIC CONFIGURATION3-41CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify

CONFIGURING THE SWITCH3-42CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch.Note: When rest

BASIC CONFIGURATION3-43• SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the time from the first server,

CONFIGURING THE SWITCH3-44Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time a

SIMPLE NETWORK MANAGEMENT PROTOCOL3-45Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designe

CONFIGURING THE SWITCH3-46• Access Mode -Read-Only – Specifies read-only access. Authorized management stations are only able to retrieve MIB objects.

SIMPLE NETWORK MANAGEMENT PROTOCOL3-47Command Attributes• Trap Manager Capability – This switch supports up to five trap managers.• Current – Displays

CONFIGURING THE SWITCH3-48CLI – This example adds a trap manager and enables both authentication and link-up, link-down traps.User AuthenticationYou c

USER AUTHENTICATION3-49Command Attributes• Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin, a