TigerSwitch 10/100/1000Gigabit Ethernet Switch◆ 24 auto-MDI/MDI-X 10/100/1000BASE-T ports◆ 4 ports shared with 4 SFP transceiver slots◆ Non-blocking s
CONTENTSxdelete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21dir . . . . . . . . . . . . . . . . .
CONFIGURING THE SWITCH2-70Adding Interfaces Based on Membership TypeUse the VLAN Static Table to modify the settings for an existing VLAN. You can add
VLAN CONFIGURATION2-71therefore not carry VLAN or CoS information. Note that an interface must be assigned to at least one group as an untagged port.-
CONFIGURING THE SWITCH2-72CLI – The following example shows how to add tagged and untagged ports to VLAN 2.Adding Interfaces Based on Static Membershi
VLAN CONFIGURATION2-73Web – Open VLAN, VLAN Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to display VL
CONFIGURING THE SWITCH2-74Command Usage• GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to au
VLAN CONFIGURATION2-75port).- If ingress filtering is enabled, the interface will discard incoming frames tagged for VLANs which do not include this
CONFIGURING THE SWITCH2-76- 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port t
CLASS OF SERVICE CONFIGURATION2-77Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater precedenc
CONFIGURING THE SWITCH2-78• If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to trans
CLASS OF SERVICE CONFIGURATION2-79Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p. The default priority
CONTENTSxishow radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55tacacs-server host . . . . . . . . . . . . .
CONFIGURING THE SWITCH2-80• Traffic Class – Output queue buffer. (Range: 0 - 3, where 3 is the highest CoS priority queue)Web – Click Priority, Traffi
CLASS OF SERVICE CONFIGURATION2-81Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determine
CONFIGURING THE SWITCH2-82CLI – The following example shows how to assign WRR weights of 1, 4, 16 and 64 to the CoS priority queues 0, 1, 2 and 3.Mapp
CLASS OF SERVICE CONFIGURATION2-83Command Attributes• IP Precedence/DSCP Priority Status – Selects IP Precedence, DSCP, or disables both priority serv
CONFIGURING THE SWITCH2-84Command Attributes• IP Precedence Priority Table – Shows the IP Precedence to CoS map.• Class of Service Value – Maps a CoS
CLASS OF SERVICE CONFIGURATION2-85Web – Click Priority, IP Precedence Priority. Select an IP Precedence value from the IP Precedence Priority Table by
CONFIGURING THE SWITCH2-86CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0
CLASS OF SERVICE CONFIGURATION2-87Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS v
CONFIGURING THE SWITCH2-88CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 1 to CoS value 0 on port 5
PORT TRUNK CONFIGURATION2-89consists of more than four ports, all other ports will be placed in a standby mode. Should one link in the trunk fail, one
CONTENTSxiicapabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89flowcontrol . . . . . . . . . . . . .
CONFIGURING THE SWITCH2-90Dynamically Configuring a Trunk with LACPCommand Usage• To avoid creating a loop in the network, be sure you enable LACP bef
PORT TRUNK CONFIGURATION2-91Web – Click Trunk, LACP Configuration. Select any of the switch ports from the scroll-down port list and click Add. After
CONFIGURING THE SWITCH2-92CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on an
PORT TRUNK CONFIGURATION2-93Web – Click Trunk, Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from th
CONFIGURING THE SWITCH2-94CLI – This example creates trunk 1 with ports 11 and 12. Just connect these ports to two static trunk ports on another switc
CONFIGURING SNMP2-95Setting Community Access Strings You may configure up to five community strings authorized for management access. For security rea
CONFIGURING THE SWITCH2-96CLI – The following example adds the string “spiderman” with read/write access.Specifying Trap Managers You can specify up t
CONFIGURING SNMP2-97Web – Click SNMP, SNMP Configuration. Fill in the Trap Manager IP Address box and the Trap Manager Community String box, mark Enab
CONFIGURING THE SWITCH2-98IP address 192.168.1.1 and mask 255.255.255.255 — Specifies a valid IP address of 192.168.1.1 only.Note: IP filtering does n
MULTICAST CONFIGURATION2-99Web – Click SNMP, SNMP IP Filtering. To add an IP address, type the new IP address in the IP Address box, type the appropri
CONTENTSxiiiswitchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-127switchport native vlan . . . . . . . . . . . .
CONFIGURING THE SWITCH2-100reduces the network overhead required by a multicast server, the broadcast traffic must be carefully pruned at every multic
MULTICAST CONFIGURATION2-101• IGMP Query – A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast t
CONFIGURING THE SWITCH2-102which had been receiving query packets) to have expired. (Default: 300 seconds, Range: 300 - 500)• IGMP Version — Sets the
MULTICAST CONFIGURATION2-103CLI – This example modifies the settings for multicast filtering, and then displays the current status.Interfaces Attached
CONFIGURING THE SWITCH2-104Web – Click IGMP, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display the a
MULTICAST CONFIGURATION2-105• VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router/switch.• Port or
CONFIGURING THE SWITCH2-106• Multicast IP Address – The IP address for a specific multicast service• Multicast Group Port List – Ports propagating a m
MULTICAST CONFIGURATION2-107Adding Multicast Addresses to VLANsMulticast filtering can be dynamically configured using IGMP Snooping and IGMP Query me
CONFIGURING THE SWITCH2-108Web – Click IGMP, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled switch
SHOWING DEVICE STATISTICS2-109unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of diff
CONTENTSxivMirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-163port monitor . . . . . . . . . . . . .
CONFIGURING THE SWITCH2-110Transmit Octets The total number of octets transmitted out of the interface, including framing characters.Transmit Unicast
SHOWING DEVICE STATISTICS2-111Single Collision Frames The number of successfully transmitted frames for which transmission is inhibited by exactly one
CONFIGURING THE SWITCH2-112Received Frames The total number of frames (bad, broadcast and multicast) received.Broadcast Frames The total number of goo
SHOWING DEVICE STATISTICS2-113Web – Click Statistics, Port Statistics. Select the required interface, and then click Query. You can also use the Refre
CONFIGURING THE SWITCH2-114CLI – This example shows statistics for port 13.Console#show interfaces counters ethernet 1/13 3-97Ethernet 1/13Iftable sta
USING THE COMMAND LINE INTERFACE3-1CHAPTER 3COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command
COMMAND LINE INTERFACE3-2After connecting to the system through the console port, the login screen displays:Telnet ConnectionTelnet operates over the
ENTERING COMMANDS3-3After you configure the switch with an IP address, you can open a Telnet session by performing these steps.1. From the remote host
COMMAND LINE INTERFACE3-4interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/por
ENTERING COMMANDS3-5Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current comm
1-1CHAPTER 1SWITCH MANAGEMENTConnecting to the SwitchConfiguration OptionsThe TigerSwitch 10/100/1000 includes a built-in network management agent. Th
COMMAND LINE INTERFACE3-6Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters ar
ENTERING COMMANDS3-7command classes and associated modes are displayed in the following table:Exec CommandsWhen you open a new console session on swit
COMMAND LINE INTERFACE3-8 Configuration CommandsConfiguration commands are privileged level commands used to modify switch settings. These commands mo
ENTERING COMMANDS3-9To enter Interface, Line Configuration, or VLAN mode, you must enter the “interface ...,” “line...” or “vlan database” command whi
COMMAND LINE INTERFACE3-10Command GroupsThe system commands can be broken down into the functional groups shown below.Command GroupDescription PageGen
COMMAND GROUPS3-11Note that the access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) PE (Privileged Exec) G
COMMAND LINE INTERFACE3-12General CommandsenableUse this command to activate Privileged Exec mode. In privileged mode, additional commands are availab
GENERAL COMMANDS3-13Command Usage • “super” is the default password required to change the command mode from Normal Exec to Privileged Exec. (To set t
COMMAND LINE INTERFACE3-14Command Usage The “>” character is appended to the end of the prompt to indicate that the system is in normal access mode
GENERAL COMMANDS3-15show historyUse this command to show the contents of the command history buffer.Default Setting NoneCommand Mode Normal Exec, Priv
SWITCH MANAGEMENT1-2The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions:• Se
COMMAND LINE INTERFACE3-16reloadUse this command to restart the system.Note: When the system is restarted, it will always run the Power-On Self-Test.
GENERAL COMMANDS3-17Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode:exitUse this command to
COMMAND LINE INTERFACE3-18Command Mode Normal Exec, Privileged ExecCommand Usage The quit and exit commands can both exit the configuration program.Ex
FLASH/FILE COMMANDS3-19system operation. The success of the file transfer depends on the accessibility of the TFTP server and the quality of the netwo
COMMAND LINE INTERFACE3-20• To replace the startup configuration, you must use startup-config as the destination. • The Boot ROM image cannot be uploa
FLASH/FILE COMMANDS3-21deleteUse this command to delete a file or image.Syntax delete filenamefilename - Name of the configuration file or image name.
COMMAND LINE INTERFACE3-22dirUse this command to display a list of files in Flash memory.Syntax dir [boot-rom | config | opcode [:filename]]The type o
FLASH/FILE COMMANDS3-23Example The following example shows how to display all file information:whichbootUse this command to display which files booted
COMMAND LINE INTERFACE3-24boot systemUse this command to specify the file or image used to start up the system.Syntax boot system {boot-rom| config |
SYSTEM MANAGEMENT COMMANDS3-25System Management CommandsThese commands are used to control system logs, passwords, user name, browser configuration op
CONNECTING TO THE SWITCH1-3Required ConnectionsThe switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring
COMMAND LINE INTERFACE3-26show ip ssh Displays the status of the SSH server and the configured values for authentication timeout and retriesPE3-37show
SYSTEM MANAGEMENT COMMANDS3-27hostnameUse this command to specify or modify the host name for this device. Use the no form to restore the default host
COMMAND LINE INTERFACE3-28•{0 | 7} - 0 means plain password, 7 means encrypted password. • password password - The authentication password for the use
SYSTEM MANAGEMENT COMMANDS3-29enable passwordAfter initially logging onto the system, you should set the administrator (Privileged Exec) and guest (No
COMMAND LINE INTERFACE3-30Related Commandsenable (3-12)jumbo frameUse this command to enable jumbo frames through the switch. Use the no form to disab
SYSTEM MANAGEMENT COMMANDS3-31ip http portUse this command to specify the TCP port number used by the Web browser interface. Use the no form to use th
COMMAND LINE INTERFACE3-32Command Mode Global ConfigurationExample Related Commandsip http port (3-31)ip http secure-serverUse this command to enable
SYSTEM MANAGEMENT COMMANDS3-33for the connection.- The client and server generate session keys for encrypting and decrypting data.• The client and ser
COMMAND LINE INTERFACE3-34Default Setting 443Command Mode Global ConfigurationCommand Usage • You cannot configure the HTTP and HTTPS servers to use t
SYSTEM MANAGEMENT COMMANDS3-35Default Setting timeout: 120 secondscount: 3Command Mode Global ConfigurationCommand Usage The timeout specifies the int
SWITCH MANAGEMENT1-44. Once you have set up the terminal correctly, the console login screen will be displayed. Note: Refer to “Line Commands” on page
COMMAND LINE INTERFACE3-36Command Usage • The SSH server supports up to four client sessions. The maximum number of client sessions includes both curr
SYSTEM MANAGEMENT COMMANDS3-37show sshUse this command to display the current Secure Shell (SSH) server connections.Command Mode Privileged ExecComman
COMMAND LINE INTERFACE3-38Example Related Commandsip ssh (3-34)logging onUse this command to control logging of error messages. This command sends deb
SYSTEM MANAGEMENT COMMANDS3-39Related Commandslogging history (3-39)logging trap (3-42)clear logging (3-43)logging historyUse this command to limit sy
COMMAND LINE INTERFACE3-40* There are only Level 2, 5 and 6 error messages for the current firmware release.Default Setting Flash: errors (level 3 - 0
SYSTEM MANAGEMENT COMMANDS3-41Default Setting NoneCommand Mode Global ConfigurationCommand Usage • By using this command more than once you can build
COMMAND LINE INTERFACE3-42logging trapUse this command to limit syslog messages saved to a remote server based on severity. Use the no form to return
SYSTEM MANAGEMENT COMMANDS3-43clear loggingUse this command to clear messages from the log buffer.Syntax clear logging [flash | ram]• flash - Event hi
COMMAND LINE INTERFACE3-44Default Setting NoneCommand Mode Privileged ExecExample show startup-configUse this command to display the configuration fil
SYSTEM MANAGEMENT COMMANDS3-45Command Mode Privileged ExecExample Console#show startup-configbuilding startup-config, please wait...!!snmp-server c
BASIC CONFIGURATION1-5Basic ConfigurationConsole ConnectionThe CLI program provides two different command levels — normal access level (Normal Exec) a
COMMAND LINE INTERFACE3-46Related Commandsshow running-config (3-46)show running-configUse this command to display the configuration information curre
SYSTEM MANAGEMENT COMMANDS3-47Example Related Commandsshow startup-config (3-44)show systemUse this command to display system information.Default Sett
COMMAND LINE INTERFACE3-48Exampleshow usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet clie
SYSTEM MANAGEMENT COMMANDS3-49Example show versionUse this command to display hardware and software version information for the system.Default Setting
COMMAND LINE INTERFACE3-50Example Authentication CommandsYou can configure the switch to authenticate users logging into the system for management acc
AUTHENTICATION COMMANDS3-51authentication loginUse this command to define the login authentication method and precedence. Use the no form to restore t
COMMAND LINE INTERFACE3-52management access via the console port, a Web browser, or Telnet. These access options must be configured on the authenticat
AUTHENTICATION COMMANDS3-53Example radius-server portUse this command to set the RADIUS server network port. Use the no form to restore the default.Sy
COMMAND LINE INTERFACE3-54Default Setting NoneCommand Mode Global ConfigurationExample radius-server retransmitUse this command to set the number of r
AUTHENTICATION COMMANDS3-55radius-server timeoutUse this command to set the interval between transmitting authentication requests to the RADIUS server
SWITCH MANAGEMENT1-6Passwords can consist of up to eight alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch,
COMMAND LINE INTERFACE3-56tacacs-server hostUse this command to specify the TACACS+ server. Use the no form to restore the default.Syntax tacacs-serve
AUTHENTICATION COMMANDS3-57Example tacacs-server keyUse this command to set the TACACS+ encryption key. Use the no form to restore the default.Syntax
COMMAND LINE INTERFACE3-58Example SNMP CommandsControls access to this switch from SNMP management stations, as well as the error types sent to trap m
SNMP COMMANDS3-59Syntax snmp-server community string [ro|rw]no snmp-server community string• string - Community string that acts like a password and p
COMMAND LINE INTERFACE3-60snmp-server contactUse this command to set the system contact string. Use the no form to remove the system contact informati
SNMP COMMANDS3-61Default Setting NoneCommand Mode Global ConfigurationExample Related Commandssnmp-server contact (3-60)snmp-server hostUse this comma
COMMAND LINE INTERFACE3-62Default Setting Host Address: NoneSNMP Version: 1Command Mode Global ConfigurationCommand Usage • If you do not enter an snm
SNMP COMMANDS3-63snmp-server enable trapsUse this command to enable this device to send Simple Network Management Protocol traps (SNMP notifications).
COMMAND LINE INTERFACE3-64Example Related Commandssnmp-server host (3-61)snmp ip filterSets the IP addresses of clients that are allowed management ac
SNMP COMMANDS3-65specified by the bitmask.• The default setting is null, which allows all IP groups SNMP access to the switch. If one IP address is co
BASIC CONFIGURATION1-7Note: Only one VLAN interface can be assigned an IP address (the default is VLAN 1). This defines the management VLAN, the only
COMMAND LINE INTERFACE3-66ExampleConsole#show snmpSNMP traps:Authentication: enableLink-up-down: enableSNMP communities:0 SNMP packets input0 Bad SNMP
IP COMMANDS3-67IP CommandsAn IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign
COMMAND LINE INTERFACE3-68• dhcp - Obtains IP address from DHCP. Default Setting IP address: 0.0.0.0Netmask: 255.0.0.0Command Mode Interface Configura
IP COMMANDS3-69Related Commandsip dhcp restart (3-69)ip dhcp restartUse this command to submit a BOOTP or DCHP client request.Default Setting NoneComm
COMMAND LINE INTERFACE3-70ip default-gatewayUse this command to a establish a static route between this device and management stations that exist on a
IP COMMANDS3-71Command Mode Privileged ExecCommand Usage This switch can only be assigned one IP address. This address is used for managing the switch
COMMAND LINE INTERFACE3-72pingUse this command to send ICMP echo request packets to another node on the network.Syntax ping host [count count][size si
LINE COMMANDS3-73Example Related Commands interface (3-85)Line CommandsYou can access the onboard configuration program by attaching a VT100 compatibl
COMMAND LINE INTERFACE3-74lineUse this command to identify a specific line for configuration, and to process subsequent line configuration commands.Sy
LINE COMMANDS3-75Example To enter console line mode, enter the following command:Related Commandsshow line (3-83)show users (3-48)loginUse this comman
SWITCH MANAGEMENT1-84. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” wh
COMMAND LINE INTERFACE3-76Exec (NE) mode.- login local selects authentication via the user name and password specified by the username command (i.e.,
LINE COMMANDS3-77Command Mode Line Configuration Command Usage • When a connection is started on a line with password protection, the system prompts f
COMMAND LINE INTERFACE3-78Default Setting CLI: No timeoutTelnet: 10 minutesCommand Mode Line Configuration Command Usage • If input is detected, the s
LINE COMMANDS3-79Command Mode Line Configuration Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for
COMMAND LINE INTERFACE3-80Default Setting The default value is no silent-time.Command Mode Line Configuration Command Usage If the password threshold
LINE COMMANDS3-81Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that genera
COMMAND LINE INTERFACE3-82Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit s
LINE COMMANDS3-83stopbitsUse this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting.Synt
COMMAND LINE INTERFACE3-84Command Mode Normal Exec, Privileged ExecExample To show all lines, enter this command:Interface CommandsThese commands are
INTERFACE COMMANDS3-85interfaceUse this command to configure an interface type and enter interface configuration mode. Use the no form to remove a tru
BASIC CONFIGURATION1-93. Type “exit” to return to the global configuration mode. Press <Enter>.4. Type “ip dhcp restart” to begin broadcasting s
COMMAND LINE INTERFACE3-86descriptionUse this command to add a description to an interface. Use the no form to remove the description.Syntax descripti
INTERFACE COMMANDS3-87• 1000full - Forces 1000 Mbps full-duplex operation • 100full - Forces 100 Mbps full-duplex operation • 100half - Forces 100 Mbp
COMMAND LINE INTERFACE3-88negotiationUse this command to enable autonegotiation for a given interface. Use the no form to disable autonegotiation.Synt
INTERFACE COMMANDS3-89capabilitiesUse this command to advertise the port capabilities of a given interface during autonegotiation. Use the no form wit
COMMAND LINE INTERFACE3-90Command UsageWhen auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for
INTERFACE COMMANDS3-91optimal settings will be determined by the capabilities command. To enable flow control under auto-negotiation, “flowcontrol” mu
COMMAND LINE INTERFACE3-92Default Setting All interfaces are enabled.Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This c
INTERFACE COMMANDS3-93Command Usage • When broadcast traffic exceeds the specified threshold, packets above that threshold are dropped. • This command
COMMAND LINE INTERFACE3-94Command Usage • If you enable port security, the switch will stop dynamically learning new addresses on the specified port.
INTERFACE COMMANDS3-95Syntax clear counters interfaceinterface • ethernet unit/port- unit - This is device 1. - port - Port number. • port-channel cha
SWITCH MANAGEMENT1-10Community StringsCommunity strings are used to control management access to SNMP stations, as well as to authorize SNMP stations
COMMAND LINE INTERFACE3-96• ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id
INTERFACE COMMANDS3-97show interfaces countersUse this command to display statistics for an interface. Syntax show interfaces counters [interface]inte
COMMAND LINE INTERFACE3-98Example show interfaces switchportUse this command to display the administrative and operational status of the specified int
INTERFACE COMMANDS3-99Default Setting Shows all interfaces.Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, inform
COMMAND LINE INTERFACE3-100Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying
ADDRESS TABLE COMMANDS3-101Syntax mac-address-table static mac-address interface vlan vlan-id [action]no mac-address-table static mac-address vlan vla
COMMAND LINE INTERFACE3-102Example show mac-address-tableUse this command to view classes of entries in the bridge-forwarding database.Syntax show mac
ADDRESS TABLE COMMANDS3-103- Delete-on-reset - static entry to be deleted when system is reset• The mask should be hexadecimal numbers (representing a
COMMAND LINE INTERFACE3-104Syntax mac-address-table aging-time secondsno mac-address-table aging-timeseconds - Time is number of seconds (17-2184).Def
SPANNING TREE COMMANDS3-105Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Protocol (STP) for the overall switch
BASIC CONFIGURATION1-11Trap ReceiversYou can also specify SNMP stations that are to receive traps from the switch.To configure a trap receiver, comple
COMMAND LINE INTERFACE3-106spanning-treeUse this command to enable the Spanning Tree Protocol globally for this switch. Use the no form to disable it.
SPANNING TREE COMMANDS3-107spanning-tree modeUse this command to select the Spanning Tree mode for this switch. Use the no form to disable it.Syntax s
COMMAND LINE INTERFACE3-108Example The following example configures the switch to use Rapid Spanning Tree:spanning-tree forward-timeUse this command t
SPANNING TREE COMMANDS3-109spanning-tree hello-timeUse this command to configure the Spanning Tree bridge hello time globally for this switch. Use the
COMMAND LINE INTERFACE3-110Default Setting 20 secondsCommand Mode Global ConfigurationCommand Usage This command sets the maximum time (in seconds) a
SPANNING TREE COMMANDS3-111Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device, root port, and designa
COMMAND LINE INTERFACE3-112Example spanning-tree transmission-limitUse this command to configure the minimum interval between the transmission of cons
SPANNING TREE COMMANDS3-113spanning-tree costUse this command to configure the Spanning Tree path cost for the specified interface. Use the no form to
COMMAND LINE INTERFACE3-114Example Related Commandsspanning-tree port-priority (3-114)spanning-tree port-priorityUse this command to configure the pri
SPANNING TREE COMMANDS3-115Related Commandsspanning-tree cost (3-113)spanning-tree portfastUse this command to set an interface to fast forwarding. Us
SWITCH MANAGEMENT1-12Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, Web i
COMMAND LINE INTERFACE3-116Related Commandsspanning-tree edge-port (3-116)spanning-tree edge-portUse this command to specify an interface as an edge p
SPANNING TREE COMMANDS3-117Related Commandsspanning-tree portfast (3-115)spanning-tree protocol-migrationUse this command to re-check the appropriate
COMMAND LINE INTERFACE3-118spanning-tree link-typeUse this command to configure the link type for the Rapid Spanning Tree. Use the no form to restore
SPANNING TREE COMMANDS3-119show spanning-treeUse this command to show the configuration for the Spanning Tree.Syntax show spanning-tree [interface]• i
COMMAND LINE INTERFACE3-120ExampleConsole#show spanning-treeSpanning-tree information---------------------------------------------------------------Sp
VLAN COMMANDS3-121VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the sa
COMMAND LINE INTERFACE3-122vlan databaseUse this command to enter VLAN database mode. All commands in this mode will take effect immediately.Default S
VLAN COMMANDS3-123vlanUse this command to configure a VLAN. Use the no form to restore the default settings or delete a VLAN.Syntax vlan vlan-id [name
COMMAND LINE INTERFACE3-124Example The following example adds a VLAN, using vlan-id 105 and name RD5. The VLAN is activated by default.Related Command
VLAN COMMANDS3-125Related Commandsshow vlan (3-131)switchport modeUse this command to configure the VLAN membership mode for a port. Use the no form t
SYSTEM DEFAULTS1-13In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operat
COMMAND LINE INTERFACE3-126switchport acceptable-frame-typesUse this command to configure the acceptable frame types for a port. Use the no form to re
VLAN COMMANDS3-127switchport ingress-filteringUse this command to enable ingress filtering for an interface. Use the no form to restore the default.Sy
COMMAND LINE INTERFACE3-128switchport native vlanUse this command to configure the PVID (i.e., default VLAN ID) for a port. Use the no form to restore
VLAN COMMANDS3-129switchport allowed vlanUse this command to configure VLAN groups on the selected interface. Use the no form to restore the default.S
COMMAND LINE INTERFACE3-130Example The following example shows how to add VLANs 2, 5 and 6 to the allowed list as tagged VLANs for port 1:switchport f
VLAN COMMANDS3-131Example The following example shows how to prevent port 1 from being added to VLAN 3:show vlanUse this command to show VLAN informat
COMMAND LINE INTERFACE3-132GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information i
GVRP AND BRIDGE EXTENSION COMMANDS3-133Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Example show gvrp configur
COMMAND LINE INTERFACE3-134garp timerUse this command to set the values for the join, leave and leaveall timers. Use the no form to restore the timers
GVRP AND BRIDGE EXTENSION COMMANDS3-135Note: Set GVRP timers on all Layer 2 devices connected in the same network to the same values. Otherwise, GVRP
SWITCH MANAGEMENT1-14Security Privileged Exec Level Username “admin”Password “admin”Normal Exec Level Username “guest”Password “guest”Enable Privilege
COMMAND LINE INTERFACE3-136Example Related Commandsgarp timer (3-134)bridge-ext gvrpUse this command to enable GVRP. Use the no form to disable it.Syn
GVRP AND BRIDGE EXTENSION COMMANDS3-137show bridge-extUse this command to show the configuration for bridge extension commands.Default Setting NoneCom
COMMAND LINE INTERFACE3-138IGMP Snooping CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want
IGMP SNOOPING COMMANDS3-139ip igmp snoopingUse this command to enable IGMP snooping on this switch. Use the no form to disable it.Syntax ip igmp snoop
COMMAND LINE INTERFACE3-140ip igmp snooping vlan staticUse this command to add a port to a multicast group. Use the no form to remove the port.Syntax
IGMP SNOOPING COMMANDS3-141ip igmp snooping versionUse this command to configure the IGMP snooping version. Use the no form to restore the default.Syn
COMMAND LINE INTERFACE3-142Command Mode Privileged ExecCommand UsageSee ““Configuring IGMP Parameters” on page 2-100 for a descriptionof the displayed
IGMP SNOOPING COMMANDS3-143Command Usage Member types displayed include IGMP or USER, depending on selected options.Example The following shows the mu
COMMAND LINE INTERFACE3-144ip igmp snooping query-countUse this command to configure the query count. Use the no form to restore the default.Syntax ip
IGMP SNOOPING COMMANDS3-145ip igmp snooping query-intervalUse this command to configure the snooping query interval. Use the no form to restore the de
SYSTEM DEFAULTS1-15Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledGVRP (global) DisabledGVRP (port interface) Dis
COMMAND LINE INTERFACE3-146Command Mode Global ConfigurationCommand Usage• The switch must be using IGMPv2 for this command to take effect. • This com
IGMP SNOOPING COMMANDS3-147ip igmp snooping router-port-expire-timeUse this command to configure the snooping router-port-expire-time. Use the no form
COMMAND LINE INTERFACE3-148ip igmp snooping vlan mrouterUse this command to statically configure a multicast router port. Use the no form to remove th
IGMP SNOOPING COMMANDS3-149show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned mult
COMMAND LINE INTERFACE3-150Priority CommandsThe commands described in this section allow you to specify which data packets have greater precedence whe
PRIORITY COMMANDS3-151switchport priority defaultUse this command to set a priority for incoming untagged frames, or the priority of frames received b
COMMAND LINE INTERFACE3-152• The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both u
PRIORITY COMMANDS3-153Command Mode Global ConfigurationCommand Usage WRR allows bandwidth sharing at the egress port by defining scheduling weights.Ex
COMMAND LINE INTERFACE3-154Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin for each por
PRIORITY COMMANDS3-155 Related Commands show queue cos-map (3-155)show queue bandwidthUse this command to display the Weighted Round-Robin (WRR) bandw
38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerSwitch 10/100/1000Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsFebru
SWITCH MANAGEMENT1-16
COMMAND LINE INTERFACE3-156Default Setting NoneCommand Mode Privileged ExecExample map ip precedence (Global Configuration)Use this command to enable
PRIORITY COMMANDS3-157Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configuration)Use
COMMAND LINE INTERFACE3-158Command Usage • The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority.• IP Prece
PRIORITY COMMANDS3-159• IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other ty
COMMAND LINE INTERFACE3-160Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Port
PRIORITY COMMANDS3-161Command Mode Privileged ExecExample Related Commands map ip precedence (Global Configuration) (3-156)map ip precedence (Interfac
COMMAND LINE INTERFACE3-162Command Mode Privileged ExecExample Related Commands map ip dscp (Global Configuration) (3-158)map ip dscp (Interface Confi
MIRROR PORT COMMANDS3-163Mirror Port CommandsThis section describes how to configure port mirror sessions. port monitorUse this command to configure a
COMMAND LINE INTERFACE3-164Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then atta
MIRROR PORT COMMANDS3-165Default Setting Shows all sessions.Command Mode Privileged ExecCommand Usage This command displays the currently configured s
2-1CHAPTER 2CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP Web agent. Using a Web browser you can configure the sw
COMMAND LINE INTERFACE3-166Port Trunking CommandsPorts can be statically grouped into an aggregate link to increase the bandwidth of a network connect
PORT TRUNKING COMMANDS3-167• All ports in a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode an
COMMAND LINE INTERFACE3-168Example The following example creates trunk 1 and then adds port 11:lacpUse this command to enable 802.3ad Link Aggregation
PORT TRUNKING COMMANDS3-169ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of
COMMAND LINE INTERFACE3-170
A-1APPENDIX ATROUBLESHOOTINGTroubleshooting ChartTroubleshooting ChartSymptom ActionCannot connect using Telnet, Web browser, or SNMP software• Be sur
TROUBLESHOOTINGA-2
B-1APPENDIX BUPGRADING FIRMWARE VIATHE SERIAL PORTThe switch contains three firmware components that can be upgraded; the diagnostics (or Boot-ROM) co
UPGRADING FIRMWARE VIA THE SERIAL PORTB-24. When the switch initialization screen appears, enter firmware-download mode by pressing <Ctrl><u&
B-39. Press <X> to start to download the new code file. If using Windows HyperTerminal, click the “Transfer” button, and then click “Send File..
CONFIGURING THE SWITCH2-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is
UPGRADING FIRMWARE VIA THE SERIAL PORTB-412. To set the new downloaded file as the startup file, use the [S]et Startup File menu option.13. When you h
C-1APPENDIX CPIN ASSIGNMENTSConsole Port Pin AssignmentsThe DB-9 serial port on the switch’s front panel is used to connect to the switch for out-of-b
PIN ASSIGNMENTSC-2Console Port to 9-Pin DTE Port on PCConsole Port to 25-Pin DTE Port on PCSwitch’s 9-Pin Serial PortNull ModemPC’s 9-Pin DTE Port2 RX
Glossary-1GLOSSARY10BASE-TIEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cable.100BASE-TXIEEE 802.3u specific
GLOSSARYGlossary-2Collision DomainSingle CSMA/CD LAN segment.CSMA/CDCarrier Sense Multiple Access/Collision Detect is the communication method employe
GLOSSARYGlossary-3Generic Attribute Registration Protocol (GARP)GARP is a protocol that can be used by endstations and switches to register and propag
GLOSSARYGlossary-4IEEE 802.3abDefines CSMA/CD access method and physical layer specifications for 1000BASE-T Gigabit Ethernet.IEEE 802.3acDefines fram
GLOSSARYGlossary-5IP Multicast FilteringA process whereby this switch can pass multicast traffic along to participating hosts.Layer 2Data Link layer i
GLOSSARYGlossary-6Port MirroringA method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON
GLOSSARYGlossary-7Virtual LAN (VLAN)A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical l
NAVIGATING THE WEB BROWSER INTERFACE2-3The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.Co
GLOSSARYGlossary-8
Index-1Aaddress table 2-41BBOOTP 2-12broadcast storm, threshold 2-36CClass of Serviceconfiguring 2-77queue mapping 2-77community string 2-95configurat
INDEXIndex-2path cost, STP 3-111, 3-113pin assignments25-pin DTE port C-29-pin DTE port C-2console port C-1port priorityconfiguring 2-77default ingres
38 TeslaIrvine, CA 92618Phone: (949) 679-8000FOR TECHNICAL SUPPORT, CALL:From U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOU; (949)
CONFIGURING THE SWITCH2-4Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under the menu “Tools
MAIN MENU2-5Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor netw
CONFIGURING THE SWITCH2-6Port Security Action Configures the port intrusion action globally for the switch2-40Port Security Status Enables port securi
MAIN MENU2-7PriorityDefault Port Priority Sets the default priority for each port 2-77Default Trunk Priority Sets the default priority for each trunk
CONFIGURING THE SWITCH2-8Basic ConfigurationDisplaying System InformationYou can easily identify the system by providing a descriptive name, location
BASIC CONFIGURATION2-9• Web secure server port* – Shows the TCP port number used by the HTTPS server.• POST result* – Shows results of the power-on se
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n
CONFIGURING THE SWITCH2-10CLI – Specify the hostname, location and contact information.Setting the IP Address An IP address may be used for management
BASIC CONFIGURATION2-11• Management VLAN – This is the only VLAN through which you can gain management access to the switch. By default, all ports on
CONFIGURING THE SWITCH2-12Manual ConfigurationWeb – Click System, IP. Specify the management interface, IP address and default gateway, then click App
SECURITY2-13If you lose your management connection, use a console connection and enter “show ip interface” to determine the new switch address.CLI – S
CONFIGURING THE SWITCH2-14as soon as possible, and store it in a safe place. (If for some reason your password is lost, you can reload the factory dea
SECURITY2-15CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password.Configuring RADIUS/TACACS Logon Authenticatio
CONFIGURING THE SWITCH2-16• RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented trans
SECURITY2-17The local switch user database has to be set up by manually entering user names and passwords using the CLI.RADIUS Settings• Server IP Add
CONFIGURING THE SWITCH2-18Web – Click System, Authentication Settings. To configure local or remote authentication preferences, specify the authentica
SECURITY2-19CLI CommandsCLI – Specify all the required parameters to enable logon authentication.HTTPSYou can configure the switch to enable the Secur
vLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un
CONFIGURING THE SWITCH2-20The following Web browsers and operating systems currently support HTTPS:When you start HTTPS, the client and server establi
SECURITY2-21CLI CommandsCLI – Enter the following commands to specify the secure port number and to enable HTTPS.SSHThe Secure Shell (SSH) server feat
CONFIGURING THE SWITCH2-22 CLI CommandsCLI – Enter the following commands to configure the SSH service.Managing FirmwareYou can upload/download firmwa
MANAGING FIRMWARE2-23•Destination File Name — File names are case-sensitive. The file name should not contain slashes (\ or /), the leading letter of
CONFIGURING THE SWITCH2-24To start the new firmware, reboot the system.CLI – Enter the IP address of the TFTP server, select config or opcode file typ
MANAGING FIRMWARE2-25names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”,
CONFIGURING THE SWITCH2-26CLI – Enter the IP address of the TFTP server, specify the source file on the server, and set the startup file name on the s
DISPLAYING BRIDGE EXTENSION CAPABILITIES2-27CLI – If you copy the running configuration to a file, you can set this file as the startup file at a late
CONFIGURING THE SWITCH2-28• Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses. (Refer to “Setting
DISPLAYING BRIDGE EXTENSION CAPABILITIES2-29Web – Click System, Bridge Extension.CLI – Enter the following command. Console#show bridge-ext 3-137Max s
LIMITED WARRANTYviLIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY
CONFIGURING THE SWITCH2-30Displaying Switch Hardware/Software Versions Command AttributesMain Board• Serial Number – The serial number of the switch.•
DISPLAYING SWITCH HARDWARE/SOFTWARE VERSIONS2-31Web – Click System, Switch Information.CLI – Use the following command to display version information.
CONFIGURING THE SWITCH2-32Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the cur
PORT CONFIGURATION2-33Web – Click Port, Port Information or Trunk Information. Modify the required interface settings, and click Apply.CLI – This exam
CONFIGURING THE SWITCH2-34Configuring Interface ConnectionsYou can use the Trunk Configuration or Port Configuration page to enable/disable an interfa
PORT CONFIGURATION2-35used for half-duplex operation and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a port connected to a hub
CONFIGURING THE SWITCH2-36CLI – Select the interface, and then enter the required settings.Setting Broadcast Storm ThresholdsBroadcast storms may occu
PORT CONFIGURATION2-37500-262143packets per second; Default: 500 packets per second)• Broadcast Control Status – Shows whether or not broadcast storm
CONFIGURING THE SWITCH2-38Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can then
PORT CONFIGURATION2-39Configuring Port SecurityPort security is a feature that allows you to configure a switch port with one or more device MAC addre
viiCONTENTS1 Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Connecting to the Switch . . . . . . . . . . . . . . . . . .
CONFIGURING THE SWITCH2-40Port Security ActionThe switch allows you to set the security action to be taken when a port intrusion is detected. This set
ADDRESS TABLE SETTINGS2-41CLI ConfigurationUse the interface command to select the target port, then use the port security action command to configure
CONFIGURING THE SWITCH2-42Command UsageEntries specified via the Web interface are permanent. Entries specified via the CLI can be made permanent or c
ADDRESS TABLE SETTINGS2-43Command Usage• You can display entries in the dynamic address table by selecting an interface (either port or trunk), MAC ad
CONFIGURING THE SWITCH2-44Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command UsageThe range for the a
SPANNING TREE PROTOCOL CONFIGURATION2-45The Spanning Tree Protocols supported by the switch include the following standards:• STP – Spanning Tree Prot
CONFIGURING THE SWITCH2-46STP InformationThe Spanning Tree, STP Information page contains information on the current status of the Spanning Tree.Comma
SPANNING TREE PROTOCOL CONFIGURATION2-47• Designated Root — Identifies the priority and MAC address of the device in the Spanning Tree that the switch
CONFIGURING THE SWITCH2-48* CLI only.Web – Click Spanning Tree, STP Information to display current Spanning Tree information.
SPANNING TREE PROTOCOL CONFIGURATION2-49CLI – This example shows the current Spanning Tree settings.Console#show spanning-tree 3-119Spanning-tree info
CONTENTSviiiDisplaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32Configuring Interface Connections . . . . . . . .
CONFIGURING THE SWITCH2-50STP ConfigurationGlobal settings apply to the entire switch.Command UsageRSTP supports connections to either STP or RSTP nod
SPANNING TREE PROTOCOL CONFIGURATION2-51priority, the device with the lowest MAC address will then become the root device. - Default: 32768- Range:
CONFIGURING THE SWITCH2-52- Default: 15- Minimum: The higher of 4 or [(Max. Message Age / 2) + 1]- Maximum: 30• Path Cost Method — The path cost is
SPANNING TREE PROTOCOL CONFIGURATION2-53Web – Click Spanning Tree, STP Configuration. Modify the required attributes, then click Apply.CLI – This exam
CONFIGURING THE SWITCH2-54STP Port and Trunk InformationThe Spanning Tree, STP Port Information and Spanning Tree, STP Trunk Information display the c
SPANNING TREE PROTOCOL CONFIGURATION2-55• Designated Bridge — The priority and MAC address of the device through which this port must communicate to r
CONFIGURING THE SWITCH2-56• Path Cost – This parameter is used by the STA to determine the best path between devices. Therefore, lower values should
SPANNING TREE PROTOCOL CONFIGURATION2-57during reconfiguration events, does not cause the spanning tree to reconfigure when the interface changes stat
CONFIGURING THE SWITCH2-58CLI – This example displys the current Spanning Tree status of a port. STP Port and Trunk ConfigurationYou can configure RST
SPANNING TREE PROTOCOL CONFIGURATION2-59begins learning addresses.- Forwarding — Port forwards packets, and continues learning addresses.• Priority —
CONTENTSixSNMP IP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-97Multicast Configuration . . . . . . . . . . .
CONFIGURING THE SWITCH2-60- Auto — The switch automatically determines if the interface is attached to a point-to-point link or to shared media.• Admi
VLAN CONFIGURATION2-61Web – Click Spanning Tree, STP Port Configuration or STP Trunk Configuration. Modify the required attributes, then click Apply.C
CONFIGURING THE SWITCH2-62An IEEE 802.1Q VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong t
VLAN CONFIGURATION2-63along the path that will carry this traffic to the same VLAN(s), either manually or dynamically using GVRP. However, if you want
CONFIGURING THE SWITCH2-64configured to broadcast a message to your network indicating the VLAN groups it wants to join. When this switch receives the
VLAN CONFIGURATION2-65forwarding a frame from this switch along a path that does not contain any VLAN-aware devices (including the destination host),
CONFIGURING THE SWITCH2-66Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN and whether or not the port suppo
VLAN CONFIGURATION2-67Web – Click VLAN, VLAN Current Table. Select any ID from the scroll-down list.Command Attributes for CLI Interface• VLAN – ID of
CONFIGURING THE SWITCH2-68• Ports / Channel groups – Shows the VLAN interface members.CLI – Current VLAN information can be displayed with the followi
VLAN CONFIGURATION2-69• State – Shows if this VLAN is enabled or disabled (CLI). - Active: VLAN is operational.- Suspend: VLAN is suspended; i.e., doe
Comments to this Manuals