SMC Networks SMC6224M Bedienungsanleitung

TigerStack 10/10024/48-Port 10/100Mbps Stackable Managed SwitchManagement Guide◆ 24/48 auto-MDI/MDI-X 10BASE-T/100BASE-TX ports◆ 2 Gigabit RJ-45 ports

CONTENTSviDisplaying Basic VLAN Information . . . . . . . . . . . . . . . 3-148Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-46• Access Mode - Read-Only – Specifies read-only access. Authorized management stations are only able to retrieve MIB object

SIMPLE NETWORK MANAGEMENT PROTOCOL3-47Command Attributes• Trap Manager Capability – This switch supports up to five trap managers.• Current – Displays

CONFIGURING THE SWITCH3-48CLI – This example adds a trap manager and enables both authentication and link-up, link-down traps.User AuthenticationYou c

USER AUTHENTICATION3-49Command Attributes• Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin, a

CONFIGURING THE SWITCH3-50CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password.Configuring Local/Remote Logon

USER AUTHENTICATION3-51Command Usage• By default, management access is always checked against the authentication database stored on the local switch.

CONFIGURING THE SWITCH3-52• RADIUS Settings- Global – Provides globally applicable RADIUS settings.- ServerIndex – Specifies one of five RADIUS server

USER AUTHENTICATION3-53Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authenticat

CONFIGURING THE SWITCH3-54CLI – Specify all the required parameters to enable logon authentication.Configuring HTTPSYou can configure the switch to en

USER AUTHENTICATION3-55• When you start HTTPS, the connection is established in this way:- The client authenticates the server using the server’s digi

CONTENTSviiTelnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Entering Commands . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-56Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.Figure 3-26 HTTPS Settings

USER AUTHENTICATION3-57When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line i

CONFIGURING THE SWITCH3-58Command UsageThe SSH server on this switch supports both password and public key authentication. If password authentication

USER AUTHENTICATION3-593. Import Client’s Public Key to the Switch – Use the copy tftp public-key command (page 4-86) to copy a file containing the pu

CONFIGURING THE SWITCH3-60e. The switch compares the decrypted bytes to the original bytes it sent. If the two sets match, this means that the client&

USER AUTHENTICATION3-61the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.• Save Host-Key from Memory to Flash – Saves the

CONFIGURING THE SWITCH3-62CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and the

USER AUTHENTICATION3-63fails and the client has to restart the authentication process. (Range: 1-5 times; Default: 3)• SSH Server-Key Size – Specifies

CONFIGURING THE SWITCH3-64CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that th

USER AUTHENTICATION3-65already in the address table will be retained and will not age out. Any other device that attempts to use the port will be prev

CONTENTSviiiquit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31System Management Commands . .

CONFIGURING THE SWITCH3-66Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox

USER AUTHENTICATION3-67This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the

CONFIGURING THE SWITCH3-68• The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the

USER AUTHENTICATION3-69CLI – This example shows the default global setting for 802.1X. Configuring 802.1X Global SettingsThe 802.1X protocol includes

CONFIGURING THE SWITCH3-70CLI – This example enables 802.1X globally for the switch.Configuring Port Settings for 802.1XWhen 802.1X is enabled, you ne

USER AUTHENTICATION3-71• Max-Req – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it time

CONFIGURING THE SWITCH3-72CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this exampl

USER AUTHENTICATION3-73Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Table 3-5 802.1X Sta

CONFIGURING THE SWITCH3-74Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statis

USER AUTHENTICATION3-75Filtering Addresses for Management AccessYou create a list of up to 16 IP addresses or IP address groups that are allowed manag

CONTENTSixclear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63show logging . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-76• Start IP Address – A single IP address, or the starting address of a range.• End IP Address – The end address of a range.•

ACCESS CONTROL LISTS3-77CLI – This example allows SNMP access for a specific client.Access Control ListsAccess Control Lists (ACL) provide packet filt

CONFIGURING THE SWITCH3-78Command UsageThe following restrictions apply to ACLs:• Each ACL can have up to 32 rules.• The maximum number of ACLs is 88.

ACCESS CONTROL LISTS3-79- MAC: MAC ACL mode that filters packets based on the source or destination MAC address and the Ethernet frame type (RFC 1060)

CONFIGURING THE SWITCH3-80Configuring a Standard IP ACLCommand Attributes• Action – An ACL can contain any combination of permit or deny rules.• Addre

ACCESS CONTROL LISTS3-81Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a spe

CONFIGURING THE SWITCH3-82to specify a range of addresses with the Address and SubMask fields. (Options: Any, Host, IP; Default: Any)• Source/Destinat

ACCESS CONTROL LISTS3-83For example, use the code value and mask below to catch packets with the following flags set: - SYN flag valid, use control-co

CONFIGURING THE SWITCH3-843. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Configuring a MAC ACLCom

ACCESS CONTROL LISTS3-85Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any

CONTENTSxRADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96radius-server host . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-86Binding a Port to an Access Control ListAfter configuring Access Control Lists (ACL), you should bind them to the ports that

ACCESS CONTROL LISTS3-87Web – Click Security, ACL, Port Binding. Mark the Enabled field for the port you want to bind to an ACL, select the required A

CONFIGURING THE SWITCH3-88Port ConfigurationDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the cur

PORT CONFIGURATION3-89Web – Click Port, Port Information or Trunk Information.Figure 3-40 Displaying Port/Trunk InformationField Attributes (CLI)Basi

CONFIGURING THE SWITCH3-90- 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 1

PORT CONFIGURATION3-91CLI – This example shows the connection status for Port 5.Configuring Interface ConnectionsYou can use the Port Configuration or

CONFIGURING THE SWITCH3-92• Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotiation is enabled, yo

PORT CONFIGURATION3-93Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.Figure 3-41

CONFIGURING THE SWITCH3-94automatically negotiate a trunked link with LACP-configured ports on another device. You can configure any number of ports o

PORT CONFIGURATION3-95Statically Configuring a TrunkCommand Usage• When configuring static trunks, you may not be able to link switches of different t

CONTENTSxiMAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127access-list mac . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-96Web – Click Port, Trunk Membership. Enter a trunk ID of 1-4 in the Trunk field, select any of the switch ports from the scro

PORT CONFIGURATION3-97CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to f

CONFIGURING THE SWITCH3-98• A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than e

PORT CONFIGURATION3-99CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switc

CONFIGURING THE SWITCH3-100Note: If the port channel admin key (lacp admin key, page 4-168) is not set (through the CLI) when a channel group is forme

PORT CONFIGURATION3-101Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can opt

CONFIGURING THE SWITCH3-102CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG.Conso

PORT CONFIGURATION3-103Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Infor

CONFIGURING THE SWITCH3-104CLI – The following example displays LACP counters.Displaying LACP Settings and Status for the Local SideYou can display co

PORT CONFIGURATION3-105Admin State,Oper StateAdministrative or operational values of the actor’s state parameters:• Expired – The actor’s receive mach

CONTENTSxiishow rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161Link Aggregation Commands . . . . . . . .

CONFIGURING THE SWITCH3-106Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 3-

PORT CONFIGURATION3-107Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for the

CONFIGURING THE SWITCH3-108Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 3

PORT CONFIGURATION3-109Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or if application

CONFIGURING THE SWITCH3-110Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and cli

PORT CONFIGURATION3-111CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then

CONFIGURING THE SWITCH3-112Command Attributes• Mirror Sessions – Displays a list of current mirror sessions.• Source Unit – The unit whose port traffi

PORT CONFIGURATION3-113CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port and tr

CONFIGURING THE SWITCH3-114Web – Click Port, Rate Limit, Granularity. Select the required rate limit granularity for Fast Ethernet and Gigabit Etherne

PORT CONFIGURATION3-115Web – Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Enable the Rate Limit Status for the required interfaces,

CONTENTSxiiiConfiguring VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 4-198interface vlan . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-116Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC EliteView. Table 3-9 Port Sta

PORT CONFIGURATION3-117Transmit Multicast PacketsThe total number of packets that higher-level protocols requested be transmitted, and which were addr

CONFIGURING THE SWITCH3-118Multiple Collision FramesA count of successfully transmitted frames for which transmission is inhibited by more than one co

PORT CONFIGURATION3-119Multicast Frames The total number of good frames received that were directed to this multicast address.CRC/Alignment Errors The

CONFIGURING THE SWITCH3-120Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at t

PORT CONFIGURATION3-121CLI – This example shows statistics for port 13.Console#show interfaces counters ethernet 1/13 4-152Ethernet 1/13 Iftable stats

CONFIGURING THE SWITCH3-122Address Table SettingsSwitches store the addresses for all known devices. This information is used to pass traffic directly

ADDRESS TABLE SETTINGS3-123Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address

CONFIGURING THE SWITCH3-124Displaying the Address TableThe Dynamic Address Table contains the MAC addresses learned by monitoring the source address f

ADDRESS TABLE SETTINGS3-125Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN check

CONTENTSxivmap ip precedence (Interface Configuration) . . . . . . . . . 4-230map ip dscp (Global Configuration) . . . . . . . . . . . . . . . . 4-

CONFIGURING THE SWITCH3-126Changing the Aging TimeYou can set the aging time for entries in the dynamic address table. Command Attributes• Aging Statu

SPANNING TREE ALGORITHM CONFIGURATION3-127The spanning tree algorithms supported by this switch include these versions:• STP – Spanning Tree Protocol

CONFIGURING THE SWITCH3-128that can be used when a node or port fails, and retaining the forwarding database for ports insensitive to changes in the t

SPANNING TREE ALGORITHM CONFIGURATION3-129• Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has acc

CONFIGURING THE SWITCH3-130• Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to lear

SPANNING TREE ALGORITHM CONFIGURATION3-131CLI – This command displays global STA settings, followed by settings for each port. Note: The current root

CONFIGURING THE SWITCH3-132Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree Protocol8Uses RSTP for t

SPANNING TREE ALGORITHM CONFIGURATION3-133• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The devic

CONFIGURING THE SWITCH3-134• Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning

SPANNING TREE ALGORITHM CONFIGURATION3-135Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 3-57

CONTENTSxvAPPENDICES:A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . .A-1Software Features . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-136Displaying Interface SettingsThe STA Port Information and STA Trunk Information pages display the current status of ports a

SPANNING TREE ALGORITHM CONFIGURATION3-137• Designated Port – The port priority and number of the port on the designated bridging device through which

CONFIGURING THE SWITCH3-138• Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)These additional parameters are onl

SPANNING TREE ALGORITHM CONFIGURATION3-139• Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the e

CONFIGURING THE SWITCH3-140CLI – This example shows the STA attributes for port 5. Configuring Interface SettingsYou can configure RSTP attributes for

SPANNING TREE ALGORITHM CONFIGURATION3-141contradictory information. Port address table is cleared, and the port begins learning addresses.- Forwardin

CONFIGURING THE SWITCH3-142- Default –- Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000- Fast Ethernet – Half duplex: 200

VLAN CONFIGURATION3-143Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply.Fig

CONFIGURING THE SWITCH3-144VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physic

VLAN CONFIGURATION3-145Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should

CONTENTSxvi

CONFIGURING THE SWITCH3-146Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically

VLAN CONFIGURATION3-147Forwarding Tagged/Untagged FramesIf you want to create a small port-based VLAN for devices attached directly to a single switch

CONFIGURING THE SWITCH3-148Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange V

VLAN CONFIGURATION3-149• Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch.Web – Click VLAN, 802.1Q VL

CONFIGURING THE SWITCH3-150• Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP.- Permanent: Added a

VLAN CONFIGURATION3-151• Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational.- Suspend: VLAN is suspended; i.e., does no

CONFIGURING THE SWITCH3-152• State (CLI) – Enables or disables the specified VLAN. - Active: VLAN is operational.- Suspend: VLAN is suspended; i.e., d

VLAN CONFIGURATION3-153Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port members for the selected VLAN index. Ass

CONFIGURING THE SWITCH3-154• Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk:

VLAN CONFIGURATION3-155Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if req

xviiTABLESTable 1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Table 1-2 System Defaults . . . . . . . .

CONFIGURING THE SWITCH3-156Adding Static Members to VLANs (Port Index)Use the VLAN Static Membership by Port menu to assign VLAN groups to the selecte

VLAN CONFIGURATION3-157Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN ide

CONFIGURING THE SWITCH3-158- Ingress filtering only affects tagged frames. - If ingress filtering is disabled and a port receives frames tagged for VL

VLAN CONFIGURATION3-159• Mode – Indicates VLAN membership mode for an interface. (Default: Hybrid)- 1Q Trunk – Specifies a port as an end-point for a

CONFIGURING THE SWITCH3-160CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the G

VLAN CONFIGURATION3-1612. Use the Private VLAN Association menu (page 3-164) to map the secondary (i.e., community) VLAN(s) to the primary VLAN.3. Use

CONFIGURING THE SWITCH3-162Web – Click VLAN, Private VLAN, Information. Select the desired port from the VLAN ID drop-down menu.Figure 3-67 Private V

VLAN CONFIGURATION3-163Configuring Private VLANs The Private VLAN Configuration page is used to create/remove primary, community, or isolated VLANs.Co

CONFIGURING THE SWITCH3-164CLI – This example configures VLAN 5 as a primary VLAN, and VLAN 6 as a community VLAN and VLAN 7 as an isolated VLAN. Asso

VLAN CONFIGURATION3-165CLI – This example associates community VLANs 6 and 7 with primary VLAN 5.Displaying Private VLAN Interface InformationUse the

TABLESxviiiTable 4-21 SMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-66Table 4-22 Time Commands . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-166Web – Click VLAN, Private VLAN, Port Information or Trunk Information.Figure 3-70 Private VLAN Port InformationCLI – This

VLAN CONFIGURATION3-167- Host – The port is a community port or an isolated port. A community port can communicate with other ports in its own communi

CONFIGURING THE SWITCH3-168Web – Click VLAN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Type for each port that will

CLASS OF SERVICE CONFIGURATION3-169Class of Service ConfigurationClass of Service (CoS) allows you to specify which data packets have greater preceden

CONFIGURING THE SWITCH3-170Command Attributes• Default Priority11 – The priority that is assigned to untagged frames received on the specified interfa

CLASS OF SERVICE CONFIGURATION3-171Mapping CoS Values to Egress QueuesThis switch processes Class of Service (CoS) priority tagged traffic by using fo

CONFIGURING THE SWITCH3-172Command Attributes• Priority – CoS value. (Range: 0-7, where 7 is the highest priority)• Traffic Class12 – Output queue buf

CLASS OF SERVICE CONFIGURATION3-173Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traff

CONFIGURING THE SWITCH3-174Setting the Service Weight for Traffic ClassesThis switch uses the Weighted Round Robin (WRR) algorithm to determine the fr

CLASS OF SERVICE CONFIGURATION3-175CLI – The following example shows how to assign WRR weights to each of the priority queues.Layer 3/4 Priority Setti

TABLESxixTable 4-58 Priority Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-220Table 4-59 Default CoS Priority Levels . . . . . . . .

CONFIGURING THE SWITCH3-176Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select

CLASS OF SERVICE CONFIGURATION3-177Command Attributes• IP Precedence Priority Table – Shows the IP Precedence to CoS map.• Class of Service Value – Ma

CONFIGURING THE SWITCH3-178CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0

CLASS OF SERVICE CONFIGURATION3-179Command Attributes• DSCP Priority Table – Shows the DSCP Priority to CoS map.• Class of Service Value – Maps a CoS

CONFIGURING THE SWITCH3-180CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port

CLASS OF SERVICE CONFIGURATION3-181Web – Click Priority, IP Port Priority Status. Set IP Port Priority Status to Enabled. Figure 3-79 IP Port Priorit

CONFIGURING THE SWITCH3-182CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS val

CLASS OF SERVICE CONFIGURATION3-183• ACL CoS Priority Mapping – Displays the configured information.Web – Click Priority, ACL CoS Priority. Enable map

CONFIGURING THE SWITCH3-184Multicast Filtering Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A

MULTICAST FILTERING3-185Layer 2 IGMP (Snooping and Query)IGMP Snooping and Query – If multicast routing is not supported on other switches in your net

TABLESxx

CONFIGURING THE SWITCH3-186multicasting, one of these devices is elected “querier” and assumes the role of querying the LAN for group members. It then

MULTICAST FILTERING3-187Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including I

CONFIGURING THE SWITCH3-188Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch use informat

MULTICAST FILTERING3-189CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying Stati

CONFIGURING THE SWITCH3-190Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast route

MULTICAST FILTERING3-191Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from t

CONFIGURING THE SWITCH3-192Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query

MULTICAST FILTERING3-193Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled

CONFIGURING THE SWITCH3-194

4-1CHAPTER 4COMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Note: You can only access the console interface t

xxiFIGURESFigure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Figure 3-2 Panel Display . . . . . . . .

COMMAND LINE INTERFACE4-23. When finished, exit the session with the “quit” or “exit” command.After connecting to the system through the console port,

USING THE COMMAND LINE INTERFACE4-3After you configure the switch with an IP address, you can open a Telnet session by performing these steps:1. From

COMMAND LINE INTERFACE4-4Entering CommandsThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords

ENTERING COMMANDS4-5Command CompletionIf you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to th

COMMAND LINE INTERFACE4-6Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current

ENTERING COMMANDS4-7The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword wi

COMMAND LINE INTERFACE4-8Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display in

ENTERING COMMANDS4-9Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged level password “supe

COMMAND LINE INTERFACE4-10• Line Configuration - These commands modify the console port and Telnet configuration, and include command such as parity a

ENTERING COMMANDS4-11Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough

FIGURESxxiiFigure 3-37 ACL Configuration - Extended IP . . . . . . . . . . . . . . . . . 3-83Figure 3-38 ACL Configuration - MAC . . . . . . . . . . .

COMMAND LINE INTERFACE4-12Command GroupsThe system commands can be broken down into the functional groups shown below.Table 4-4 Command GroupsCommand

COMMAND GROUPS4-13The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) PE (Privileged Exec) GC (Globa

COMMAND LINE INTERFACE4-14Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial

LINE COMMANDS4-15lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax line {con

COMMAND LINE INTERFACE4-16loginThis command enables password checking at login. Use the no form to disable password checking and allow connections wit

LINE COMMANDS4-17Example Related Commandsusername (4-35)password (4-17)passwordThis command specifies the password for a line. Use the no form to remo

COMMAND LINE INTERFACE4-18configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.Example Related Co

LINE COMMANDS4-19Example To set the timeout to two minutes, enter this command:Related Commandssilent-time (4-21)exec-timeout (4-14)exec-timeoutThis c

COMMAND LINE INTERFACE4-20Example To set the timeout to two minutes, enter this command:Related Commandssilent-time (4-21)timeout login response (4-13

LINE COMMANDS4-21Example To set the password threshold to five attempts, enter this command:Related Commandssilent-time (4-21)timeout login response (

FIGURESxxiiiFigure 3-74 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173Figure 3-75 Configuring Queue Scheduling .

COMMAND LINE INTERFACE4-22databitsThis command sets the number of data bits per character that are interpreted and generated by the console port. Use

LINE COMMANDS4-23parityThis command defines the generation of a parity bit. Use the no form to restore the default setting.Syntax parity {none | even

COMMAND LINE INTERFACE4-24Default Setting 9600Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connect

LINE COMMANDS4-25disconnectThis command terminates an SSH, Telnet, or console connection.Syntax disconnect session-idsession-id – The session identifi

COMMAND LINE INTERFACE4-26Example To show all lines, enter this command:General CommandsConsole#show line Console configuration: Password threshold:

GENERAL COMMANDS4-27enableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands dis

COMMAND LINE INTERFACE4-28disableThis command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic info

GENERAL COMMANDS4-29Example Related Commands end (4-30)show historyThis command shows the contents of the command history buffer.Default Setting NoneC

COMMAND LINE INTERFACE4-30The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode

GENERAL COMMANDS4-31Command Mode Global Configuration, Interface Configuration, Line Configuration, and VLAN Database Configuration.Example This examp

FIGURESxxiv

COMMAND LINE INTERFACE4-32Command Mode Normal Exec, Privileged ExecCommand Usage The quit and exit commands can both exit the configuration program.Ex

SYSTEM MANAGEMENT COMMANDS4-33Device Designation CommandspromptThis command customizes the CLI prompt. Use the no form to restore the default prompt.S

COMMAND LINE INTERFACE4-34hostnameThis command specifies or modifies the host name for this device. Use the no form to restore the default host name.S

SYSTEM MANAGEMENT COMMANDS4-35usernameThis command adds named users, requires authentication at login, specifies or changes a user's password (or

COMMAND LINE INTERFACE4-36Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encryp

SYSTEM MANAGEMENT COMMANDS4-37Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal

COMMAND LINE INTERFACE4-38managementThis command specifies the client IP addresses that are allowed management access to the switch through various pr

SYSTEM MANAGEMENT COMMANDS4-39• You can delete an address range just by specifying the start address, or by specifying both the start address and end

COMMAND LINE INTERFACE4-40ExampleWeb Server CommandsConsole#show management all-clientManagement IP Filter HTTP-Client: Start IP address End IP

SYSTEM MANAGEMENT COMMANDS4-41ip http portThis command specifies the TCP port number used by the web browser interface. Use the no form to use the def

1-1CHAPTER 1INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to config

COMMAND LINE INTERFACE4-42Example Related Commandsip http port (4-41)ip http secure-serverThis command enables the secure hypertext transfer protocol

SYSTEM MANAGEMENT COMMANDS4-43• The client and server establish a secure encrypted connection.A padlock icon should appear in the status bar for Inter

COMMAND LINE INTERFACE4-44Command Mode Global ConfigurationCommand Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If

SYSTEM MANAGEMENT COMMANDS4-45Default Setting 23Command Mode Global ConfigurationExampleRelated Commandsip telnet server (4-45)ip telnet serverThis co

COMMAND LINE INTERFACE4-46Secure Shell CommandsThe Berkley-standard includes remote access tools originally designed for Unix systems. Some of these t

SYSTEM MANAGEMENT COMMANDS4-47The SSH server on this switch supports both password and public key authentication. If password authentication is specif

COMMAND LINE INTERFACE4-482. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial

SYSTEM MANAGEMENT COMMANDS4-49a. The client sends its public key to the switch. b. The switch compares the client's public key to those stored in

COMMAND LINE INTERFACE4-50Example Related Commandsip ssh crypto host-key generate (4-52)show ssh (4-55)ip ssh timeoutThis command configures the timeo

SYSTEM MANAGEMENT COMMANDS4-51ip ssh authentication-retriesThis command configures the number of times the SSH server attempts to reauthenticate a use

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TigerStack 10/100Management GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsJanuary 200

INTRODUCTION1-2Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates th

COMMAND LINE INTERFACE4-52Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with the S

SYSTEM MANAGEMENT COMMANDS4-53Command Mode Privileged ExecCommand Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh

COMMAND LINE INTERFACE4-54Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to clea

SYSTEM MANAGEMENT COMMANDS4-55show ip sshThis command displays the connection settings used when authenticating client access to the SSH server.Comman

COMMAND LINE INTERFACE4-56show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user [userna

SYSTEM MANAGEMENT COMMANDS4-57Command Mode Privileged ExecCommand Usage • If no parameters are entered, all keys are displayed. If the user keyword is

COMMAND LINE INTERFACE4-58Event Logging Commands logging onThis command controls logging of error messages, sending debug or error messages to switch

SYSTEM MANAGEMENT COMMANDS4-59Example Related Commandslogging history (4-59)clear logging (4-63)logging historyThis command limits syslog messages sav

COMMAND LINE INTERFACE4-60Default Setting Flash: errors (level 3 - 0)RAM: warnings (level 6 - 0)Command Mode Global ConfigurationCommand Usage The mes

SYSTEM MANAGEMENT COMMANDS4-61Command Usage • By using this command more than once you can build up a list of host IP addresses.• The maximum number o

DESCRIPTION OF SOFTWARE FEATURES1-3Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and

COMMAND LINE INTERFACE4-62logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to a

SYSTEM MANAGEMENT COMMANDS4-63clear loggingThis command clears messages from the log buffer.Syntax clear logging [flash | ram]- flash - Event history

COMMAND LINE INTERFACE4-64Default Setting NoneCommand Mode Privileged ExecExampleThe following example shows that system logging is enabled, the messa

SYSTEM MANAGEMENT COMMANDS4-65Related Commandsshow logging sendmail (4-70)show logThis command displays the system and event messages stored in memory

COMMAND LINE INTERFACE4-66Command Usage This command shows the system and event messages stored in memory, including the time stamp, message level (pa

SYSTEM MANAGEMENT COMMANDS4-67logging sendmail hostThis command specifies SMTP servers that will be sent alert messages. Use the no form to remove an

COMMAND LINE INTERFACE4-68Examplelogging sendmail levelThis command sets the severity threshold used to trigger alert messages.Syntaxlogging sendmail

SYSTEM MANAGEMENT COMMANDS4-69logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages. Use the no

COMMAND LINE INTERFACE4-70Command Mode Global ConfigurationCommand Usage You can specify up to five recipients for alert messages. However, you must e

SYSTEM MANAGEMENT COMMANDS4-71ExampleTime CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Ma

INTRODUCTION1-4Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured

COMMAND LINE INTERFACE4-72sntp clientThis command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with t

SYSTEM MANAGEMENT COMMANDS4-73sntp serverThis command sets the IP address of the servers to which SNTP time requests are issued. Use the this command

COMMAND LINE INTERFACE4-74sntp pollThis command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no

SYSTEM MANAGEMENT COMMANDS4-75Example clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour ho

COMMAND LINE INTERFACE4-76Example Related Commandsshow sntp (4-74)calendar setThis command sets the system clock. It may be used if there is no time s

SYSTEM MANAGEMENT COMMANDS4-77show calendarThis command displays the system clock.Default Setting NoneCommand Mode Normal Exec, Privileged ExecExample

COMMAND LINE INTERFACE4-78light unitThis command displays the unit ID of a switch using its front-panel LED indicators.Syntax light unit [unit]unit -

SYSTEM MANAGEMENT COMMANDS4-79• This command displays settings for key command modes. Each mode group is separated by “!” symbols, and includes the co

COMMAND LINE INTERFACE4-80Related Commandsshow running-config (4-80)show running-configThis command displays the configuration information currently i

SYSTEM MANAGEMENT COMMANDS4-81Example Console#show running-configbuilding startup-config, please wait...!phymap 00-30-f1-ce-2a-20 00-00-00-00-00-00

DESCRIPTION OF SOFTWARE FEATURES1-5Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port.

COMMAND LINE INTERFACE4-82Related Commandsshow startup-config (4-78)show systemThis command displays system information.Default Setting NoneCommand Mo

SYSTEM MANAGEMENT COMMANDS4-83show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.

COMMAND LINE INTERFACE4-84Command Mode Normal Exec, Privileged ExecCommand Usage See “Displaying Switch Hardware/Software Versions” on page 3-13 for d

FLASH/FILE COMMANDS4-85Command Mode Global ConfigurationCommand Usage • This switch provides more efficient throughput for large sequential data trans

COMMAND LINE INTERFACE4-86copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP

FLASH/FILE COMMANDS4-87Command Mode Privileged ExecCommand Usage • The system prompts for data required to complete the copy command. • The destinatio

COMMAND LINE INTERFACE4-88Example The following example shows how to upload the configuration settings to a file on the TFTP server:The following exam

FLASH/FILE COMMANDS4-89This example shows how to copy a public-key used by SSH from an TFTP server. Note that public key authentication via SSH is onl

COMMAND LINE INTERFACE4-90Example This example shows how to delete the test2.cfg configuration file from flash memory for unit 1.Related Commandsdir (

FLASH/FILE COMMANDS4-91• File information is shown below:Example The following example shows how to display all file information:whichbootThis command

INTRODUCTION1-6switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:• Elimi

COMMAND LINE INTERFACE4-92ExampleThis example shows the information displayed by the whichboot command. See the table under the dir command for a desc

AUTHENTICATION COMMANDS4-93ExampleRelated Commandsdir (4-90)whichboot (4-91) Authentication Commands You can configure this switch to authenticate use

COMMAND LINE INTERFACE4-94authentication loginThis command defines the login authentication method and precedence. Use the no form to restore the defa

AUTHENTICATION COMMANDS4-95Example Related Commandsusername - for setting the local user names and passwords (4-35)authentication enableThis command d

COMMAND LINE INTERFACE4-96• You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if

AUTHENTICATION COMMANDS4-97radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each

COMMAND LINE INTERFACE4-98radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax radius-ser

AUTHENTICATION COMMANDS4-99Example radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radi

COMMAND LINE INTERFACE4-100Command Mode Global ConfigurationExample show radius-server This command displays the current settings for the RADIUS serve

AUTHENTICATION COMMANDS4-101TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses soft

SYSTEM DEFAULTS1-7System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch

COMMAND LINE INTERFACE4-102tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Syntax tac

AUTHENTICATION COMMANDS4-103Example show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mo

COMMAND LINE INTERFACE4-104port securityThis command enables or configures port security. Use the no form without any keywords to disable port securit

AUTHENTICATION COMMANDS4-105Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

COMMAND LINE INTERFACE4-106802.1X Port AuthenticationThe switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized acce

AUTHENTICATION COMMANDS4-107dot1x system-auth-controlThis command enables 802.1X port authentication globally on the switch. Use the no form to restor

COMMAND LINE INTERFACE4-108Default2 Command ModeInterface ConfigurationExampledot1x port-controlThis command sets the dot1x mode on a port interface.

AUTHENTICATION COMMANDS4-109dot1x operation-modeThis command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use th

COMMAND LINE INTERFACE4-110dot1x re-authenticateThis command forces re-authentication on all ports or a specific interface.Syntaxdot1x re-authenticate

AUTHENTICATION COMMANDS4-111dot1x timeout quiet-periodThis command sets the time that a switch port waits after the Max Request Count has been exceede

INTRODUCTION1-8Web ManagementHTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Port Number443SNMP Community Strings “public”

COMMAND LINE INTERFACE4-112Exampledot1x timeout tx-periodThis command sets the time that an interface on the switch waits during an authentication ses

AUTHENTICATION COMMANDS4-113Command ModePrivileged ExecCommand UsageThis command displays the following information:• Global 802.1X Parameters – Shows

COMMAND LINE INTERFACE4-114- Max Count – The maximum number of hosts allowed to access this port (page 4-109).- Port-control – Shows the dot1x mode on

AUTHENTICATION COMMANDS4-115ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status

COMMAND LINE INTERFACE4-116Access Control List CommandsAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol,

ACCESS CONTROL LIST COMMANDS4-117• This switch supports ACLs for ingress filtering only. You can only bind one IP ACL to any port and one MAC ACL glob

COMMAND LINE INTERFACE4-118access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the

ACCESS CONTROL LIST COMMANDS4-119Command Usage• When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny comm

COMMAND LINE INTERFACE4-120Command Usage• New rules are appended to the end of the list.• Address bitmasks are similar to a subnet mask, containing fo

ACCESS CONTROL LIST COMMANDS4-121[precedence precedence] [tos tos] [dscp dscp][source-port sport [end]] [destination-port dport [end]][control-flag co

SYSTEM DEFAULTS1-9Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mode (Egress Mode)Hybrid: tagged/unta

COMMAND LINE INTERFACE4-122• The control-code bitmask is a decimal number (representing an equivalent bit mask) that is applied to the control code. E

ACCESS CONTROL LIST COMMANDS4-123Related Commandsaccess-list ip (4-118)show ip access-list This command displays the rules for configured IP ACLs.Synt

COMMAND LINE INTERFACE4-124Command ModeInterface Configuration (Ethernet)Command Usage• A port can only be bound to one ACL.• If a port is already bou

ACCESS CONTROL LIST COMMANDS4-125map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is on

COMMAND LINE INTERFACE4-126show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value dete

ACCESS CONTROL LIST COMMANDS4-127MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form t

COMMAND LINE INTERFACE4-128Command Usage• When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to

ACCESS CONTROL LIST COMMANDS4-129• address-bitmask16 – Bitmask for MAC address (in hexidecimal format). • vid – VLAN ID. (Range: 1-4094)• vid-end – Up

COMMAND LINE INTERFACE4-130show mac access-list This command displays the rules for configured MAC ACLs.Syntaxshow mac access-list [acl_name]acl_name

ACCESS CONTROL LIST COMMANDS4-131Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a differ

INTRODUCTION1-10

COMMAND LINE INTERFACE4-132Default SettingNoneCommand ModeInterface Configuration (Ethernet)Command Usage• You must configure an ACL mask before you c

ACCESS CONTROL LIST COMMANDS4-133Command ModePrivileged ExecExample Related Commandsmap access-list mac (4-131)ACL Informationshow access-listThis com

COMMAND LINE INTERFACE4-134Example show access-groupThis command shows the port assignments of ACLs.Command ModePrivileged ExecutiveExample Console#sh

SNMP COMMANDS4-135SNMP CommandsControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as

COMMAND LINE INTERFACE4-136• rw - Specifies read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Default

SNMP COMMANDS4-137Example Related Commandssnmp-server location (4-137)snmp-server locationThis command sets the system location string. Use the no for

COMMAND LINE INTERFACE4-138snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use t

SNMP COMMANDS4-139enable traps command and the snmp-server host command for that host must be enabled. • Some notification types cannot be controlled

COMMAND LINE INTERFACE4-140Command Usage • If you do not enter an snmp-server enable traps command, no notifications controlled by this command are se

SNMP COMMANDS4-141ExampleConsole#show snmpSNMP traps: Authentication: enabled Link-up-down: enabledSNMP communities: 1. private, and the privilege

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

COMMAND LINE INTERFACE4-142Interface CommandsThese commands are used to display or set communication parameters for an Ethernet port, aggregated link,

INTERFACE COMMANDS4-143interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a trunk.Sy

COMMAND LINE INTERFACE4-144Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel)Example The following example adds a descr

INTERFACE COMMANDS4-145Command Usage• To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation comm

COMMAND LINE INTERFACE4-146auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.

INTERFACE COMMANDS4-147Default Setting • 100BASE-TX: 10half, 10full, 100half, 100full• 1000BASE-T: 10half, 10full, 100half, 100full, 1000full• SFP: 10

COMMAND LINE INTERFACE4-148Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Flow control can eliminate frame loss by “bloc

INTERFACE COMMANDS4-149Default Setting All interfaces are enabled.Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage This comm

COMMAND LINE INTERFACE4-150• This command can enable or disable broadcast storm control for the selected interface. However, the specified threshold v

INTERFACE COMMANDS4-151Example The following example clears statistics on port 5.show interfaces statusThis command displays the status for an interfa

Information furnished by SMC Networks, Inc. (SMC) is believed to be accu-rate and reliable. However, no responsibility is assumed by SMC for its use,

INITIAL CONFIGURATION2-2The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

COMMAND LINE INTERFACE4-152Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]inte

INTERFACE COMMANDS4-153Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, information on all interfaces is displayed

COMMAND LINE INTERFACE4-154show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Synta

INTERFACE COMMANDS4-155Table 4-41 Interfaces Switchport StatisticsField DescriptionBroadcast threshold Shows if broadcast storm suppression is enable

COMMAND LINE INTERFACE4-156Mirror Port CommandsThis section describes how to mirror traffic from a source port to a target port. port monitorThis comm

MIRROR PORT COMMANDS4-157• The destination port is set by specifying an Ethernet interface. • The mirror port and monitor port speeds should match, ot

COMMAND LINE INTERFACE4-158Example The following shows mirroring configured from port 6 to port 11:Rate Limit CommandsThis function allows the network

RATE LIMIT COMMANDS4-159rate-limitUse this command to define the rate limit level for a specific interface. Use this command without specifying a rate

COMMAND LINE INTERFACE4-160rate-limit granularityUse this command to define the rate limit granularity for the Fast Ethernet ports, and the Gigabit Et

LINK AGGREGATION COMMANDS4-161show rate-limitUse this command to display the rate limit granularity.Default Setting Fast Ethernet interface – 3.3 Mbps

CONNECTING TO THE SWITCH2-3Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cab

COMMAND LINE INTERFACE4-162Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding net

LINK AGGREGATION COMMANDS4-163• All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specif

COMMAND LINE INTERFACE4-164Command Usage • When configuring static trunks, the switches must comply with the Cisco EtherChannel standard.•Use no chann

LINK AGGREGATION COMMANDS4-165ExampleThe following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end

COMMAND LINE INTERFACE4-166lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default sett

LINK AGGREGATION COMMANDS4-167lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no form to res

COMMAND LINE INTERFACE4-168lacp admin-key (Port Channel)This command configures a port channel's LACP administration key string. Use the no form

LINK AGGREGATION COMMANDS4-169lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp

COMMAND LINE INTERFACE4-170show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors | sysid}•

LINK AGGREGATION COMMANDS4-171Example Console#show lacp 1 countersPort channel: 1 --------------------------------------------------------------

INITIAL CONFIGURATION2-4For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI command

COMMAND LINE INTERFACE4-172Console#show lacp 1 internalPort channel : 1-------------------------------------------------------------------Oper Key : 4

LINK AGGREGATION COMMANDS4-173Admin State,Oper StateAdministrative or operational values of the actor’s state parameters:• Expired – The actor’s recei

COMMAND LINE INTERFACE4-174Console#show lacp 1 neighborsPort channel 1 neighbors-------------------------------------------------------------------Eth

ADDRESS TABLE COMMANDS4-175Address Table CommandsThese commands are used to configure the address table for filtering specified addresses, displaying

COMMAND LINE INTERFACE4-176mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an ad

ADDRESS TABLE COMMANDS4-177• A static address cannot be learned on another port until the address is removed with the no form of this command. Example

COMMAND LINE INTERFACE4-178• vlan-id - VLAN ID (Range: 1-4094) • sort - Sort by address, vlan or interface. Default Setting NoneCommand Mode Privilege

ADDRESS TABLE COMMANDS4-179mac-address-table aging-timeThis command sets the aging time for entries in the address table. Use the no form to restore t

COMMAND LINE INTERFACE4-180Spanning Tree CommandsThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the swit

SPANNING TREE COMMANDS4-181spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax

STACK OPERATIONS2-5Stack OperationsYou can stack up to eight SMC6224M units, four SMC6248M units, or four units when both switch types are stacked tog

COMMAND LINE INTERFACE4-182spanning-tree modeThis command selects the spanning tree mode for this switch. Use the no form to restore the default.Synta

SPANNING TREE COMMANDS4-183spanning-tree forward-timeThis command configures the spanning tree bridge forward time globally for this switch. Use the n

COMMAND LINE INTERFACE4-184Default Setting 2 secondsCommand Mode Global ConfigurationCommand Usage This command sets the time interval (in seconds) at

SPANNING TREE COMMANDS4-185a new root port is selected from among the device ports attached to the network.Example spanning-tree priorityThis command

COMMAND LINE INTERFACE4-186spanning-tree pathcost methodThis command configures the path cost method used for Rapid Spanning Tree. Use the no form to

SPANNING TREE COMMANDS4-187Default Setting 3Command Mode Global ConfigurationCommand Usage This command limits the maximum transmission rate for BPDUs

COMMAND LINE INTERFACE4-188spanning-tree costThis command configures the spanning tree path cost for the specified interface. Use the no form to resto

SPANNING TREE COMMANDS4-189spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no form to restore the

COMMAND LINE INTERFACE4-190Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • You can enable this op

SPANNING TREE COMMANDS4-191Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command is used to enable/disable the fas

INITIAL CONFIGURATION2-6Recovering from Stack Failure or Topology ChangeNote the following points about recovering from a stack change:• When using a

COMMAND LINE INTERFACE4-192Default Setting autoCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • Specify a point-to-point l

SPANNING TREE COMMANDS4-193Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, i

COMMAND LINE INTERFACE4-194• For a description of the items displayed under “Spanning-tree information,” see “Configuring Global Settings” on page 3-1

VLAN COMMANDS4-195VLAN CommandsA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the sa

COMMAND LINE INTERFACE4-196Command Mode Global ConfigurationCommand Usage • Use the VLAN database command mode to add, change, and delete VLANs. After

VLAN COMMANDS4-197• state - Keyword to be followed by the VLAN state. - active - VLAN is operational. - suspend - VLAN is suspended. Suspended VLANs d

COMMAND LINE INTERFACE4-198Configuring VLAN Interfacesinterface vlanThis command enters interface configuration mode for VLANs, which is used to confi

VLAN COMMANDS4-199Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN

COMMAND LINE INTERFACE4-200Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid:Related

VLAN COMMANDS4-201Related Commandsswitchport mode (4-199)switchport ingress-filtering This command enables ingress filtering for an interface. Use the

BASIC CONFIGURATION2-7Basic ConfigurationConsole ConnectionThe CLI program provides two different command levels — normal access level (Normal Exec) a

COMMAND LINE INTERFACE4-202switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the d

VLAN COMMANDS4-203switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

COMMAND LINE INTERFACE4-204• If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed f

VLAN COMMANDS4-205Example The following example shows how to prevent port 1 from being added to VLAN 3:Displaying VLAN Informationshow vlanThis comman

COMMAND LINE INTERFACE4-206Command Mode Normal Exec, Privileged ExecExample The following example shows how to display information for VLAN 1:Configur

VLAN COMMANDS4-207This section describes commands used to configure private VLANs. To configure primary/secondary associated groups, follow these step

COMMAND LINE INTERFACE4-2085. Use the switchport private-vlan mapping command to assign a port to a primary VLAN.6. Use the show vlan private-vlan com

VLAN COMMANDS4-209Default Setting NoneCommand Mode VLAN ConfigurationCommand Usage • Private VLANs are used to restrict traffic to ports within the sa

COMMAND LINE INTERFACE4-210private vlan associationUse this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no fo

VLAN COMMANDS4-211switchport mode private-vlanUse this command to set the private VLAN mode for an interface. Use the no form to restore the default s

INITIAL CONFIGURATION2-8Setting PasswordsNote: If this is your first time to log into the CLI program, you should define new passwords for both defaul

COMMAND LINE INTERFACE4-212switchport private-vlan host-associationUse this command to associate an interface with a secondary VLAN. Use the no form t

VLAN COMMANDS4-213Default Setting NoneCommand Mode Interface Configuration (Ethernet, Port Channel) Command UsageHost ports assigned to a isolated VLA

COMMAND LINE INTERFACE4-214Exampleshow vlan private-vlanUse this command to show the private VLAN configuration settings on this switch.Syntaxshow vla

GVRP AND BRIDGE EXTENSION COMMANDS4-215GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN i

COMMAND LINE INTERFACE4-216Command Mode Global ConfigurationCommand Usage GVRP defines a way for switches to exchange VLAN information in order to reg

GVRP AND BRIDGE EXTENSION COMMANDS4-217switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpD

COMMAND LINE INTERFACE4-218Example garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the time

GVRP AND BRIDGE EXTENSION COMMANDS4-219• Timer values must meet the following restrictions: - leave >= (2 x join) - leaveall > leave Note: Set G

COMMAND LINE INTERFACE4-220Example Related Commandsgarp timer (4-218)Priority CommandsThe commands described in this section allow you to specify whic

PRIORITY COMMANDS4-221queue modeThis command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) prior

BASIC CONFIGURATION2-9Setting an IP AddressYou must establish IP address information for the stack to obtain management access through the network. Th

COMMAND LINE INTERFACE4-222Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher pri

PRIORITY COMMANDS4-223frames). This priority does not apply to IEEE 802.1Q VLAN tagged frames. If the incoming frame is an IEEE 802.1Q VLAN tagged fra

COMMAND LINE INTERFACE4-224Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights.Example This example shows h

PRIORITY COMMANDS4-225Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • CoS values assigned at the ingress port are also us

COMMAND LINE INTERFACE4-226show queue bandwidthThis command displays the weighted round-robin (WRR) bandwidth allocation for the four priority queues.

PRIORITY COMMANDS4-227Example Priority Commands (Layer 3 and 4) Console#show queue cos-map ethernet 1/1Information of Eth 1/1 CoS Value : 0 1 2 3

COMMAND LINE INTERFACE4-228map ip port (Global Configuration)This command enables IP port mapping (i.e., class of service mapping for TCP/UDP sockets)

PRIORITY COMMANDS4-229Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping is IP Port, IP

COMMAND LINE INTERFACE4-230map ip precedence (Interface Configuration)This command sets IP precedence priority (i.e., IP Type of Service priority). Us

PRIORITY COMMANDS4-231map ip dscp (Global Configuration)This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use t

INITIAL CONFIGURATION2-102. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for th

COMMAND LINE INTERFACE4-232Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not spec

PRIORITY COMMANDS4-233show map ip portUse this command to show the IP port priority map.Syntax show map ip port [interface]interface • ethernet unit/p

COMMAND LINE INTERFACE4-234show map ip precedenceThis command shows the IP precedence priority map.Syntax show map ip precedence [interface]interface

PRIORITY COMMANDS4-235show map ip dscpThis command shows the IP DSCP priority map.Syntax show map ip dscp [interface]interface • ethernet unit/port -u

COMMAND LINE INTERFACE4-236Multicast Filtering CommandsThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that

MULTICAST FILTERING COMMANDS4-237ip igmp snoopingThis command enables IGMP snooping on this switch. Use the no form to disable it.Syntax [no] ip igmp

COMMAND LINE INTERFACE4-238Command Mode Global ConfigurationExample The following shows how to statically configure a multicast group on a port:ip igm

MULTICAST FILTERING COMMANDS4-239show ip igmp snoopingThis command shows the IGMP snooping configuration.Default Setting NoneCommand Mode Privileged E

COMMAND LINE INTERFACE4-240Command Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on selected options.Exampl

MULTICAST FILTERING COMMANDS4-241ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form to disable it.Syntax [no]

BASIC CONFIGURATION2-112. At the interface-configuration mode prompt, use one of the following commands:• To obtain IP settings via DHCP, type “ip add

COMMAND LINE INTERFACE4-242Command Usage The query count defines how long the querier waits for a response from a multicast client before taking actio

MULTICAST FILTERING COMMANDS4-243ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore th

COMMAND LINE INTERFACE4-244ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.S

MULTICAST FILTERING COMMANDS4-245Static Multicast Routing Commandsip igmp snooping vlan mrouterThis command statically configures a multicast router p

COMMAND LINE INTERFACE4-246Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snooping mrouter

IP INTERFACE COMMANDS4-247IP Interface CommandsAn IP addresses may be used for management access to the switch over your network. The IP address for t

COMMAND LINE INTERFACE4-248Default Setting DHCPCommand Mode Interface Configuration (VLAN)Command Usage • You must assign an IP address to this device

IP INTERFACE COMMANDS4-249ip default-gatewayThis command establishes a static route between this switch and devices that exist on another network segm

COMMAND LINE INTERFACE4-250Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP

IP INTERFACE COMMANDS4-251show ip redirectsThis command shows the default gateway configured for this device.Default Setting NoneCommand Mode Privileg

iLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

INITIAL CONFIGURATION2-12When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch pr

COMMAND LINE INTERFACE4-252Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of

A-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control Lists

SOFTWARE SPECIFICATIONSA-2Spanning Tree AlgorithmSpanning Tree Protocol (STP, IEEE 802.1D) Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) VLAN Suppo

SOFTWARE SPECIFICATIONSA-3RMONGroups 1, 2, 3, 9 (Statistics, History, Alarm, Event)StandardsIEEE 802.1D Spanning Tree Protocol and traffic prioritiesI

SOFTWARE SPECIFICATIONSA-4Management Information BasesBridge MIB (RFC 1493)Entity MIB (RFC 2737)Ether-like MIB (RFC 2665)Extended Bridge MIB (RFC 2674

B-1APPENDIX B TROUBLESHOOTINGProblems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom ActionCannot connect using Telnet,

TROUBLESHOOTINGB-2Cannot connect using Secure Shell• If you cannot connect using SSH, you may have exceeded the maximum number of concurrent Telnet/SS

USING SYSTEM LOGSB-3Using System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually cau

TROUBLESHOOTINGB-4

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

BASIC CONFIGURATION2-132. To remove an existing string, simply type “no snmp-server community string,” where “string” is the community access string t

GLOSSARYGlossary-2Dynamic Host Control Protocol (DHCP)Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is

GLOSSARYGlossary-3IEEE 802.1DSpecifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.IEEE 802.1QVLAN Tagging

GLOSSARYGlossary-4IGMP QueryOn each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on

GLOSSARYGlossary-5Link AggregationSee Port Trunk. Link Aggregation Control Protocol (LACP)Allows ports to automatically negotiate a trunked link with

GLOSSARYGlossary-6Port MirroringA method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON

GLOSSARYGlossary-7Simple Network Management Protocol (SNMP)The application protocol in the Internet suite of protocols which offers network management

GLOSSARYGlossary-8User Datagram Protocol (UDP)UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport

Index-1Numerics802.1X, port authentication 3-66Aacceptable frame type 3-157, 4-200Access Control List See ACLACLExtended IP 3-78, 4-116, 4-117, 4-120

INDEXIndex-2GVRPglobal setting 4-215interface configuration 3-158, 4-217GVRP, global setting 3-148Hhardware version, displaying 3-13, 4-83HTTPS 3-54,

INDEXIndex-3port priorityconfiguring 3-169, 4-220default ingress 3-169, 4-222STA 3-138, 4-189port security, configuring 3-64, 4-103port, statistics 3-

INITIAL CONFIGURATION2-142. Enter the name of the start-up file. Press <Enter>.Managing System FilesThe switch’s flash memory supports three typ

INDEXIndex-4setting 3-22, 4-92static addresses, setting 3-122, 4-176statisticsport 3-115, 4-152STP 3-132, 4-182STP Also see STAsystem clock, setting

38 TeslaIrvine, CA 92618Phone: (949) 679-8000FOR TECHNICAL SUPPORT, CALL:From U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOU; Phn: (

MANAGING SYSTEM FILES2-15Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many d

INITIAL CONFIGURATION2-16

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the sw

CONFIGURING THE SWITCH3-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and pa

CONFIGURING THE SWITCH3-4Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made

MAIN MENU3-5Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor netw

LIMITED WARRANTYiiWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT O

CONFIGURING THE SWITCH3-6SNTP 3-42Configuration Configures SNTP client settings, including broadcast mode or a specified list of servers3-42Clock Tim

MAIN MENU3-7IP Filter Sets IP addresses of clients allowed management access via the web, SNMP, and Telnet3-75Port 3-88Port Information Displays port

CONFIGURING THE SWITCH3-8Output Port Configuration Sets the output rate limit for each port 3-114Output Trunk Configuration Sets the output rate limit

MAIN MENU3-9Static Membership by PortConfigures membership type for interfaces, including tagged, untagged or forbidden3-156Port Configuration Specifi

CONFIGURING THE SWITCH3-10Queue Scheduling Configures Weighted Round Robin queueing 3-174IP Precedence/DSCP Priority Status Globally selects IP Preced

BASIC CONFIGURATION3-11Basic ConfigurationDisplaying System InformationYou can easily identify the system by displaying the device name, location and

CONFIGURING THE SWITCH3-12Web – Click System, System Information. Specify the system name, location, and contact information for the system administra

BASIC CONFIGURATION3-13CLI – Specify the hostname, location and contact information.Displaying Switch Hardware/Software Versions Use the Switch Inform

CONFIGURING THE SWITCH3-14• Internal Power Status – Displays the status of the internal power supply.Management Software • Loader Version – Version nu

BASIC CONFIGURATION3-15CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe Bridge MIB includes

iiiCONTENTS1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Key Features . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-16• Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egre

BASIC CONFIGURATION3-17CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP interface for

CONFIGURING THE SWITCH3-18Requests will be broadcast periodically by the switch for an IP address. (DHCP/BOOTP values can include the IP address, subn

BASIC CONFIGURATION3-19CLI – Specify the management interface, IP address and default gateway.Using DHCP/BOOTP If your network provides DHCP/BOOTP ser

CONFIGURING THE SWITCH3-20CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart” c

BASIC CONFIGURATION3-21Managing FirmwareYou can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack.

CONFIGURING THE SWITCH3-22Downloading System Software from a ServerWhen downloading runtime code, you can specify the destination file name to replace

BASIC CONFIGURATION3-23If you download to a new destination file, go to the System/File/Set Start-Up menu, mark the operation code file used at startu

CONFIGURING THE SWITCH3-24CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file type

BASIC CONFIGURATION3-25- running-config to startup-config – Copies the running config to the startup config.- running-config to tftp – Copies the ru

CONTENTSivDisplaying Switch Hardware/Software Versions . . . . . . . . . . . 3-13Displaying Bridge Extension Capabilities . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-26Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set i

BASIC CONFIGURATION3-27If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automatically set as the start

CONFIGURING THE SWITCH3-28Console Port SettingsYou can access the onboard configuration program by attaching a VT100 compatible device to the switch’s

BASIC CONFIGURATION3-29• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the

CONFIGURING THE SWITCH3-30CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curr

BASIC CONFIGURATION3-31• Telnet Port Number – Sets the TCP port number for Telnet on the switch. (Default: 23)• Login Timeout – Sets the interval that

CONFIGURING THE SWITCH3-32Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.Figure 3-14 Enablin

BASIC CONFIGURATION3-33Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events that are

CONFIGURING THE SWITCH3-34• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For e

BASIC CONFIGURATION3-35Web – Click System, Log, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash

CONTENTSvFiltering Addresses for Management Access . . . . . . . . . . . . . . . 3-75Access Control Lists . . . . . . . . . . . . . . . . . . . . . .

CONFIGURING THE SWITCH3-36The facility type is used by the syslog server to dispatch log messages to an appropriate service.The attribute specifies th

BASIC CONFIGURATION3-37Web – Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address

CONFIGURING THE SWITCH3-38Displaying Log MessagesThe Logs page allows you to scroll through the logged system and event messages. The switch can store

BASIC CONFIGURATION3-39Sending Simple Mail Transfer Protocol AlertsTo alert system administrators of problems, the switch can use SMTP (Simple Mail Tr

CONFIGURING THE SWITCH3-40Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an

BASIC CONFIGURATION3-41CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify

CONFIGURING THE SWITCH3-42CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch.Note: When rest

BASIC CONFIGURATION3-43• SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the time from the first server,

CONFIGURING THE SWITCH3-44Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time a

SIMPLE NETWORK MANAGEMENT PROTOCOL3-45Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designe