SMC Networks TigerAccess SMC7816M Uživatelský manuál

TigerAccess™ EE6-Band VDSL2 Switch◆ 16 VDSL Downlink Ports (1 RJ-21 Connector)◆ 2 Gigabit Ethernet Combination Ports (RJ-45/SFP)◆ 1 Fast Ethernet Mana

TABLE OF CONTENTSx9 Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Displaying Connection Status . . . . . . . . . .

BASIC MANAGEMENT TASKS4-18Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replac

MANAGING FIRMWARE4-19If you download to a new destination file, go to the File Management, Set Start-Up menu, mark the operation code file used at sta

BASIC MANAGEMENT TASKS4-20To start the new firmware, enter the “reload” command or reboot the system.Saving or Restoring Configuration SettingsYou can

SAVING OR RESTORING CONFIGURATION SETTINGS4-21- running-config to file – Copies the running configuration to a file.- running-config to startup-config

BASIC MANAGEMENT TASKS4-22Downloading Configuration Settings from a ServerYou can download the configuration file under a new file name and then set i

SAVING OR RESTORING CONFIGURATION SETTINGS4-23If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automat

BASIC MANAGEMENT TASKS4-24Console Port SettingsYou can access the onboard configuration program by attaching a VT100 compatible device to the switch’s

CONSOLE PORT SETTINGS4-25device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Auto; Default: Auto)• Stop Bits – Set

BASIC MANAGEMENT TASKS4-26CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the curr

TELNET SETTINGS4-27• Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within

TABLE OF CONTENTSxiConfiguring Interface Settings for MSTP . . . . . . . . . . . . . . . . . . . . . . 12-2713 VLAN Configuration . . . . . . . . .

BASIC MANAGEMENT TASKS4-28Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply.Figure 4-14 Configu

CONFIGURING EVENT LOGGING4-29Configuring Event LoggingThe switch allows you to control the logging of error messages, including the type of events tha

BASIC MANAGEMENT TASKS4-30• RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For e

CONFIGURING EVENT LOGGING4-31CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory. Use the show log

BASIC MANAGEMENT TASKS4-32• Host IP Address – Specifies a new server IP address to add to the Host IP List.Web – Click System, Logs, Remote Logs. To a

CONFIGURING EVENT LOGGING4-33CLI – Enter the syslog server host IP address, choose the facility type and set the logging trap.Displaying Log MessagesU

BASIC MANAGEMENT TASKS4-34CLI – This example shows the event message stored in RAM.Sending Simple Mail Transfer Protocol AlertsTo alert system adminis

CONFIGURING EVENT LOGGING4-35Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add

BASIC MANAGEMENT TASKS4-36CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and speci

SETTING THE SYSTEM CLOCK4-37CLI – Use the reload command to restart the switch.Note: When restarting the system, it will always run the Power-On Self-

TABLE OF CONTENTSxii15 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1Configuring Quality of Service Parameters .

BASIC MANAGEMENT TASKS4-38• SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the time from the first serv

SETTING THE SYSTEM CLOCK4-39Setting the Time ZoneSNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time

BASIC MANAGEMENT TASKS4-40

5-1CHAPTER 5SIMPLE NETWORKMANAGEMENT PROTOCOLSimple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing

SIMPLE NETWORK MANAGEMENT PROTOCOL5-2Access to the switch using from clients using SNMPv3 provides additional security features that cover message int

5-3Note: The predefined default groups and view can be deleted from the system. You can then define customized groups and views for the SNMP clients t

SIMPLE NETWORK MANAGEMENT PROTOCOL5-4Enabling the SNMP AgentEnables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attri

SETTING COMMUNITY ACCESS STRINGS5-5• Community String – A community string that acts like a password and permits access to the SNMP protocol. Default

SIMPLE NETWORK MANAGEMENT PROTOCOL5-6Specifying Trap Managers and Trap TypesTraps indicating status changes are issued by the switch to specified trap

SPECIFYING TRAP MANAGERS AND TRAP TYPES5-7To send an inform to a SNMPv3 host, complete these steps:1. Enable the SNMP agent (page 5-4).2. Enable trap

TABLE OF CONTENTSxiiiConsole Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1Telnet Connection . . . . . . . . .

SIMPLE NETWORK MANAGEMENT PROTOCOL5-8• Trap Inform – Notifications are sent as inform messages. Note that this option is only available for version 2c

SPECIFYING TRAP MANAGERS AND TRAP TYPES5-9Web – Click SNMP, Configuration. Enter the IP address and community string for each management station that

SIMPLE NETWORK MANAGEMENT PROTOCOL5-10Configuring SNMPv3 Management AccessTo configure SNMPv3 management access to the switch, follow these steps:1. I

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-11Web – Click SNMP, SNMPv3, Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.Figure

SIMPLE NETWORK MANAGEMENT PROTOCOL5-12Web – Click SNMP, SNMPv3, Remote Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.F

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-13- AuthPriv – SNMP communications use both authentication and encryption (only available for the SNMPv3 securit

SIMPLE NETWORK MANAGEMENT PROTOCOL5-14Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and ass

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-15CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring Remot

SIMPLE NETWORK MANAGEMENT PROTOCOL5-16• Security Model – The user security model; SNMP v1, v2c or v3. (Default: v1)• Security Level – The security lev

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-17Web – Click SNMP, SNMPv3, Remote Users. Click New to configure a user name. In the New User page, define a nam

TABLE OF CONTENTSxivshow bme version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-10show cpu utilization . . . . . . . .

SIMPLE NETWORK MANAGEMENT PROTOCOL5-18CLI – Use the snmp-server user command to configure a new user name and assign it to a group.Configuring SNMPv3

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-19• Notify View – The configured view for notifications. (Range: 1-64 characters)Table 5-2 Supported Notificati

SIMPLE NETWORK MANAGEMENT PROTOCOL5-20linkDown*1.3.6.1.6.3.1.1.5.3 A linkDown trap signifies that the SNMP entity, acting in an agent role, has detect

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-21RMON Events (V2)risingAlarm 1.3.6.1.2.1.16.0.1 The SNMP trap that is generated when an alarm entry crosses its

SIMPLE NETWORK MANAGEMENT PROTOCOL5-22swThermalRising Notification1.3.6.1.4.1.202.40.2.6.2.1.0.58 This trap is sent when the temperature exceeds the s

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-23Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, as

SIMPLE NETWORK MANAGEMENT PROTOCOL5-24CLI – Use the snmp-server group command to configure a new group, specifying the security model and level, and r

CONFIGURING SNMPV3 MANAGEMENT ACCESS5-25Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and sp

SIMPLE NETWORK MANAGEMENT PROTOCOL5-26CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces

6-1CHAPTER 6USER AUTHENTICATIONYou can configure this switch to authenticate users logging into the system for management access using local or remote

TABLE OF CONTENTSxvSMTP Alert Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48logging sendmail host . . . . . .

USER AUTHENTICATION6-2The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with the password “admin.

CONFIGURING LOCAL/REMOTE LOGON AUTHENTICATION6-3CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password.Configuri

USER AUTHENTICATION6-4Command Usage• By default, management access is always checked against the authentication database stored on the local switch. I

CONFIGURING LOCAL/REMOTE LOGON AUTHENTICATION6-5- ServerIndex – Specifies one of five RADIUS servers that may be configured. The switch attempts authe

USER AUTHENTICATION6-6Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authenticati

CONFIGURING HTTPS6-7Configuring HTTPSYou can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Laye

USER AUTHENTICATION6-8• The following web browsers and operating systems currently support HTTPS:• To specify a secure-site certificate, see “Replacin

CONFIGURING HTTPS6-9Replacing the Default Secure-site CertificateWhen you log onto the web interface using HTTPS (for secure access), a Secure Sockets

USER AUTHENTICATION6-10Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of th

CONFIGURING THE SECURE SHELL6-11To use the SSH server, complete these steps:1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a

TABLE OF CONTENTSxviAuthentication Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5authentication login . . .

USER AUTHENTICATION6-126. Authentication – One of the following authentication methods is employed:Password Authentication (for SSH v1.5 or V2 Clients

CONFIGURING THE SECURE SHELL6-13Authenticating SSH v2 Clientsa. The client first queries the switch to determine if DSA public key authentication usin

USER AUTHENTICATION6-14• Host-Key Type – The key type used to generate the host key pair (i.e., public and private keys). (Range: RSA, DSA, Both: Defa

CONFIGURING THE SECURE SHELL6-15Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to sa

USER AUTHENTICATION6-16CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then d

CONFIGURING THE SECURE SHELL6-17• SSH Authentication Retries – Specifies the number of authentication attempts that a client is allowed before authent

USER AUTHENTICATION6-18CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the a

CONFIGURING 802.1X PORT AUTHENTICATION6-19Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resource

USER AUTHENTICATION6-20releases. The client responds to the appropriate method with its credentials, such as a password or certificate. The RADIUS ser

CONFIGURING 802.1X PORT AUTHENTICATION6-21Displaying 802.1X Global SettingsThe 802.1X protocol provides port authentication. Command Attributes 802.1X

TABLE OF CONTENTSxviidot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36dot1x port-control . . . . . .

USER AUTHENTICATION6-22Configuring 802.1X Global SettingsThe 802.1X protocol provides port authentication. The 802.1X protocol must be enabled globall

CONFIGURING 802.1X PORT AUTHENTICATION6-23Configuring Port Settings for 802.1XWhen 802.1X is enabled, you need to configure the parameters for the aut

USER AUTHENTICATION6-24• Re-authentication Period – Sets the time period after which a connected client must be re-authenticated. (Range: 1-65535 seco

CONFIGURING 802.1X PORT AUTHENTICATION6-25CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displaye

USER AUTHENTICATION6-26Displaying 802.1X StatisticsThis switch can display statistics for dot1x protocol exchanges for any port. Reauthentication Stat

CONFIGURING 802.1X PORT AUTHENTICATION6-27Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to u

USER AUTHENTICATION6-28Filtering IP Addresses for Management AccessYou can create a list of up to 16 IP addresses or IP address groups that are allowe

FILTERING IP ADDRESSES FOR MANAGEMENT ACCESS6-29Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed managem

USER AUTHENTICATION6-30

7-1CHAPTER 7CLIENT SECURITYThis switch supports many methods of segregating traffic for clients attached to each of the data ports, and for ensuring t

TABLE OF CONTENTSxviii24 Access Control List Commands . . . . . . . . . . . . . . . . . 24-1IP ACLs . . . . . . . . . . . . . . . . . . . . . . . .

CLIENT SECURITY7-2This switch provides client security using the following options:• Private VLANs – Provide port-based security and isolation between

CONFIGURING PORT SECURITY7-3To use port security, specify a maximum number of addresses to allow on the port and then let the switch dynamically learn

CLIENT SECURITY7-4• Max MAC Count – The maximum number of MAC addresses that can be learned on a port. (Range: 0 - 1024, where 0 means disabled)• Trun

CONFIGURING IP SOURCE GUARD7-5Configuring IP Source GuardIP Source Guard is a security feature that filters IP traffic on unsecure network interfaces

CLIENT SECURITY7-6• If the IP source guard is enabled, an inbound packet’s IP address (sip option) or both its IP address and corresponding MAC addres

CONFIGURING IP SOURCE GUARD7-7IP Source Guard Filter• Port – Port for which to filter static entries.• Source IP – Filters traffic based on IP address

CLIENT SECURITY7-8CLI – This example configures a static source-guard binding on port 1.Configuring DHCP SnoopingThe addresses assigned to DHCP client

CONFIGURING DHCP SNOOPING7-9• When DHCP snooping is enabled, DHCP messages entering an untrusted interface are filtered based upon dynamic entries lea

CLIENT SECURITY7-10• Additional considerations when the switch itself is a DHCP client – The port(s) through which the switch submits a client request

CONFIGURING DHCP SNOOPING7-11• DHCP Snooping Service Provider Mode – Once an IP address is assigned to the host by a DHCP server, the switch sets this

TABLE OF CONTENTSxixshow interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14show interfaces switchport

CLIENT SECURITY7-12Web – Click DHCP Snooping, DHCP Snooping Configuration. Enable DHCP snooping status globally, enable it for the required VLANs, sel

DISPLAYING DHCP SNOOPING INFORMATION7-13Displaying DHCP Snooping InformationThe configuration settings and binding table entries can be displayed on t

CLIENT SECURITY7-14Web – Click DHCP Snooping, DHCP Snooping Information.Figure 7-4 DHCP Snooping Information

CONFIGURING PACKET FILTERING7-15CLI – These examples show the DHCP snooping configuration settings and binding table entries.Configuring Packet Filter

CLIENT SECURITY7-16• Blocking NetBIOS traffic commonly used for resource sharing in a peer-to-peer environment to ensure that no privileged client dat

CONFIGURING PACKET FILTERING7-17• NetBIOS – Blocks NetBIOS packets. (Default: Disabled)- NetBIOS is commonly used in local area networks to facilitate

CLIENT SECURITY7-18Web – Click Security, Packet Filter, Base Filter Configuration. Select the type of service packets to filter, and click Apply.Figur

CONFIGURING PACKET FILTERING7-19• This switch provides a total of 7 masks for filtering functions, including IP-MAC address packet filtering, NetBIOS

CLIENT SECURITY7-20

8-1CHAPTER 8ACCESS CONTROL LISTSAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port n

TABLE OF CONTENTSxxlre interleave-max-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-25lre datarate . . . . . . . . . . . . . .

ACCESS CONTROL LISTS8-2The following filtering modes are supported: • Standard IP ACL mode (STD-ACL) filters packets based on the source IP address. •

CONFIGURING ACCESS CONTROL LISTS8-3• Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unk

ACCESS CONTROL LISTS8-4Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended,

CONFIGURING ACCESS CONTROL LISTS8-5Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,”

ACCESS CONTROL LISTS8-6• Source/Destination Subnet Mask – Subnet mask for source or destination address. (See the description for SubMask on page 8-4.

CONFIGURING ACCESS CONTROL LISTS8-7Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the addres

ACCESS CONTROL LISTS8-83. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”Configuring a MAC ACLComman

CONFIGURING ACCESS CONTROL LISTS8-9Command UsageEgress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destinat

ACCESS CONTROL LISTS8-10Configuring ACL MasksYou must specify masks that control the order in which ACL rules are checked. ACL rules matching the firs

CONFIGURING ACCESS CONTROL LISTS8-11Web – Click Security, ACL, Mask Configuration. Click Edit for one of the basic mask types to open the configuratio

TABLE OF CONTENTSxxiDisplaying VDSL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-61show lre band-plan . . . . . . . .

ACCESS CONTROL LISTS8-12• Source/Destination Subnet Mask – Source or destination address of rule must match this bitmask. (See the description for Sub

CONFIGURING ACCESS CONTROL LISTS8-13Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for a

ACCESS CONTROL LISTS8-14CLI – This shows that the entries in the mask override the precedence in which the rules are entered into the ACL. In the foll

CONFIGURING ACCESS CONTROL LISTS8-15Web – Configure the mask to match the required rules in the MAC ingress or egress ACLs. Set the mask to check for

ACCESS CONTROL LISTS8-16CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules

BINDING A PORT TO AN ACCESS CONTROL LIST8-17• When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Oth

ACCESS CONTROL LISTS8-18CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2.Console(config)#interface eth

9-1CHAPTER 9PORT CONFIGURATIONDisplaying Connection StatusYou can use the Port Information or Trunk Information pages to display the current connectio

PORT CONFIGURATION9-2Web – Click Port, Port Information or Trunk Information.Figure 9-1 Port - Port InformationField Attributes (CLI)Basic informatio

DISPLAYING CONNECTION STATUS9-3“Configuring Interface Connections” on page 3-48.) The following capabilities are supported. - 10half - Supports 10 Mbp

TABLE OF CONTENTSxxii31 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . 31-1spanning-tree . . . . . . . . . . . . . . . . . . . .

PORT CONFIGURATION9-4CLI – This example shows the connection status for Port 5.Configuring Interface Connections You can use the Port Configuration or

CONFIGURING INTERFACE CONNECTIONS9-5required operation modes must be specified in the capabilities list for an interface.• Auto-negotiation must be di

PORT CONFIGURATION9-6and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a port connected to a hub unless it is actually required

CONFIGURING INTERFACE CONNECTIONS9-7Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click App

PORT CONFIGURATION9-8Creating Trunk GroupsYou can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers

CREATING TRUNK GROUPS9-9• The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, dupl

PORT CONFIGURATION9-10Web – Click Port, Trunk Membership. Enter a trunk ID of 1-12 in the Trunk field, select any of the switch ports from the scroll-

CREATING TRUNK GROUPS9-11CLI – This example creates trunk 1 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch

PORT CONFIGURATION9-12• A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than eight

CREATING TRUNK GROUPS9-13CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another sw

TABLE OF CONTENTSxxiiivlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-8Configuring VLAN Interf

PORT CONFIGURATION9-14Note: If the port channel admin key (lacp admin key, page 26-8) is not set (through the CLI) when a channel group is formed (i.e

CREATING TRUNK GROUPS9-15Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can o

PORT CONFIGURATION9-16CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the LAG, ports 9

CREATING TRUNK GROUPS9-17Displaying LACP Port CountersYou can display statistics for LACP protocol messages. Web – Click Port, LACP, Port Counters Inf

PORT CONFIGURATION9-18CLI – The following example displays LACP counters for port channel 1.Displaying LACP Settings and Status for the Local SideYou

CREATING TRUNK GROUPS9-19LACPDUs InternalNumber of seconds before invalidating received LACPDU information.Admin State,Oper StateAdministrative or ope

PORT CONFIGURATION9-20Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information.Figure 9-7 LA

CREATING TRUNK GROUPS9-21Displaying LACP Settings and Status for the Remote SideYou can display configuration settings and the operational state for t

PORT CONFIGURATION9-22Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.Figure 9-8 L

SETTING BROADCAST STORM THRESHOLDS9-23Setting Broadcast Storm ThresholdsBroadcast storms may occur when a device on your network is malfunctioning, or

TABLE OF CONTENTSxxivshow queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-9show queue cos-map . . . . . . . . . .

PORT CONFIGURATION9-24Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the threshold,

CONFIGURING PORT MIRRORING9-25Configuring Port MirroringYou can mirror traffic from any source port to a target port for real-time analysis. You can t

PORT CONFIGURATION9-26Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port, the

CONFIGURING RATE LIMITS9-27Note: You can also set an SNMP trap if traffic exceeds the configured rate limit using the CLI (see the “rate-limit trap-in

PORT CONFIGURATION9-28CLI - This example sets the rate limit for input and output traffic passing through port 1 to 64 Kbps.Configuring the Rate Limit

SHOWING PORT STATISTICS9-29Showing Port StatisticsYou can display standard statistics on network traffic from the Interfaces Group and Ethernet-like M

PORT CONFIGURATION9-30Received Unknown PacketsThe number of packets received via the interface which were discarded because of an unknown or unsupport

SHOWING PORT STATISTICS9-31FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not

PORT CONFIGURATION9-32RMON StatisticsDrop Events The total number of events in which packets were dropped due to lack of resources.Jabbers The total n

SHOWING PORT STATISTICS9-3364 Bytes Frames The total number of frames (including bad packets) received and transmitted that were 64 octets in length (

TABLE OF CONTENTSxxvip igmp snooping query-interval . . . . . . . . . . . . . . . . . . . . . . . . 35-9ip igmp snooping query-max-response-time .

PORT CONFIGURATION9-34Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bo

SHOWING PORT STATISTICS9-35CLI – This example shows statistics for port 12.Console#show interfaces counters ethernet 1/12 25-14Ethernet 1/12 Iftable s

PORT CONFIGURATION9-36

10-1CHAPTER 10VDSL CONFIGURATIONVDSL communication parameters can be set for individual ports, or multiple parameters can be defined in a profile and

VDSL CONFIGURATION10-2- Power Value – A power level for each of the PSD breakpoints. (Range: An integer from 0 to 255, which is used to calculate a po

CONFIGURING GLOBAL SETTINGS FOR VDSL PORTS10-3the optimal transmission rate for the current conditions, setting the rate within the bounds defined by

VDSL CONFIGURATION10-4Upstream power back-off (UPBO) is used to mitigate far-end crosstalk caused by upstream transmissions from shorter to longer loo

CONFIGURING GLOBAL SETTINGS FOR VDSL PORTS10-5Web – Click VDSL, Global Configuration. Configure the required items, and click Apply. (Note that the pa

VDSL CONFIGURATION10-6Figure 10-1 VDSL Global ConfigurationCLI – This example displays sample settings for some of the VDSL global configuration comm

CONFIGURING INTERFACE SETTINGS FOR VDSL PORTS10-7Configuring Interface Settings for VDSL PortsThis section describes how to configure communication pa

TABLE OF CONTENTSxxvi37 DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1DHCP Client . . . . . . . . . . . . . . . . . . .

VDSL CONFIGURATION10-8Configuration Tables• Channel Mode – Sets the channel mode to fast or interleaved. (Default: Interleaved)Interleaving protects d

CONFIGURING INTERFACE SETTINGS FOR VDSL PORTS10-9• Region Ham Band – Sets the ham radio band that will be blocked to VDSL signals based on defined usa

VDSL CONFIGURATION10-10• PSD Breakpoints – See “Configuring Global Settings for VDSL Ports” on page 10-1.• PSD Mask Level – See “Configuring Global Se

CONFIGURING INTERFACE SETTINGS FOR VDSL PORTS10-11This minimum margin indicates the amount of increase in impulse noise that the system can tolerate u

VDSL CONFIGURATION10-12Web – Click VDSL, VDSL Port Configuration. Select one of the VDSL ports from the scroll-down list, set the required parameters,

CONFIGURING INTERFACE SETTINGS FOR VDSL PORTS10-13

VDSL CONFIGURATION10-14

CONFIGURING INTERFACE SETTINGS FOR VDSL PORTS10-15Figure 10-2 VDSL Port Configuration

VDSL CONFIGURATION10-16CLI – This example displays sample settings for some of the VDSL port configuration commands.Configuring Line ProfilesThis sect

CONFIGURING LINE PROFILES10-17Web – Click VDSL, Line Profile Configuration. Select a line profile from the drop-down list above the Line Profile table

TABLE OF CONTENTSxxviiSection IV AppendicesA Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1Software Features . . . . .

VDSL CONFIGURATION10-18

CONFIGURING LINE PROFILES10-19

VDSL CONFIGURATION10-20Figure 10-3 Line Profile ConfigurationCLI – This example displays sample settings for a line profile.Console(config)#line-prof

DISPLAYING VDSL STATUS INFORMATION10-21Displaying VDSL Status InformationThis section describes the information displayed for VDSL configuration setti

VDSL CONFIGURATION10-22LRE Rate Information – Data Rates for the VDSL lineAvg SNR Margin Average signal-to-noise margin above the SNR.Avg SNR Average

DISPLAYING VDSL STATUS INFORMATION10-23Web – Click VDSL, VDSL Status Information. Select a VDSL port from the drop-down list, and click Query. Figure

VDSL CONFIGURATION10-24CLI – This example displays connection status and data rates for the selected VDSL port.Console#show lre 1/1 29-79port 1 status

DISPLAYING VDSL PERFORMANCE STATISTICS10-25Displaying VDSL Performance StatisticsThis section describes the performance information displayed for VDSL

VDSL CONFIGURATION10-26Ethernet Transmit Performance CountersAlignment Errors Number of alignment errors (missynchronized data packets). Oversize Numb

DISPLAYING VDSL PERFORMANCE STATISTICS10-27High-Level Data-Link Control (H.D.L.C.) Performance CountersTable 10-6 H.D.L.C. Performance CountersParame

TABLE OF CONTENTSxxviii

VDSL CONFIGURATION10-28Web – Click VDSL, VDSL Performance Statistics. Select a VDSL port from the drop-down list, and click Query. Figure 10-5 VDSL P

DISPLAYING VDSL PERFORMANCE STATISTICS10-29CLI – This example displays performance information for the selected VDSL port.Console#show lre perf 1/1 29

VDSL CONFIGURATION10-30Configuring an Alarm ProfileThis section describes how to configure a list of threshold values for error states which can be ap

CONFIGURING AN ALARM PROFILE10-31This parameter sets the threshold for the number of severely errored seconds within any 15 minute collection interval

VDSL CONFIGURATION10-32interval reaches or exceeds this value, a vdslPerfLossThreshNotification notification will be generated. (Refer to RFC 3728 for

CONFIGURING AN ALARM PROFILE10-33• init-failure – Threshold for initialization failures that can occur within any given 15 minutes. (Range: 0-900 seco

VDSL CONFIGURATION10-34Web – Click VDSL, Alarm Profile Configuration. Select a profile from the drop-down list above the Alarm Profile table of thresh

CONFIGURING AN ALARM PROFILE10-35Figure 10-6 Alarm Profile ConfigurationCLI – This example displays sample settings for an alarm profile.Console(conf

VDSL CONFIGURATION10-36Displaying CPE InformationThis section describes the information displayed for an attached CPE, including firmware module versi

DISPLAYING CPE INFORMATION10-37CPE Performance CountersTable 10-9 CPE Performance CountersParameter Descriptioncpe perfermance countersFeFEC_F Far en

xxixTABLESTable 1-1 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Table 1-2 System Defaults . . . . . . .

VDSL CONFIGURATION10-38Web – Click VDSL, CPE Information. Select a VDSL port from the drop-down list, and click Query.

DISPLAYING CPE INFORMATION10-39Figure 10-7 CPE Information

VDSL CONFIGURATION10-40CLI – This example displays information about the CPE attached to the selected VDSL port.Console#show cpe-info 1/1Protocol ID:

CONFIGURING OAM FUNCTIONS AND UPGRADING CPE FIRMWARE10-41Configuring OAM Functions and Upgrading CPE FirmwareThis section describes operation and main

VDSL CONFIGURATION10-42CPE, and verifying that the signal is returned from the CPE without any errors.Upgrading CPE Firmware• Upgrade Firmware – Trans

CONFIGURING OAM FUNCTIONS AND UPGRADING CPE FIRMWARE10-43Web – Click VDSL, VDSL OAM. Select a VDSL port from the drop-down list, and perform any of th

VDSL CONFIGURATION10-44CLI – This example shows how to perform common OAM functions, and how to download firmware to a CPE.Console(config)#interface e

11-1CHAPTER 11ADDRESS TABLE SETTINGSSwitches store the addresses for all known devices. This information is used to pass traffic directly between the

ADDRESS TABLE SETTINGS11-2Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address.

DISPLAYING THE ADDRESS TABLE11-3Command Attributes• Interface – Indicates a port or trunk.• MAC Address – Physical address associated with this interf

20 MasonIrvine, CA 92618Phone: (949) 679-8000TigerAccess™ EEManagement GuideFrom SMC’s Tiger line of feature-rich workgroup LAN solutionsJanuary 2007P

TABLESxxxTable 20-4 show bme version - display description . . . . . . . . . . . . . 20-11Table 20-5 show cpu utilization - display description . .

ADDRESS TABLE SETTINGS11-4CLI – This example also displays the address table entries for port 1.Changing the Aging TimeYou can set the aging time for

12-1CHAPTER 12SPANNING TREE ALGORITHMThe Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links be

SPANNING TREE ALGORITHM12-2Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transm

12-3maintain connectivity among each of the assigned VLAN groups. MSTP then builds a Internal Spanning Tree (IST) for the Region containing all common

SPANNING TREE ALGORITHM12-4MSTP connects all bridges and LAN segments with a single Common and Internal Spanning Tree (CIST). The CIST is formed as a

DISPLAYING GLOBAL SETTINGS12-5make it return to a discarding state; otherwise, temporary data loops might result.• Designated Root – The priority and

SPANNING TREE ALGORITHM12-6configuration messages at regular intervals. If the root port ages out STA information (provided in the last configuration

DISPLAYING GLOBAL SETTINGS12-7CLI – This command displays global STA settings, followed by settings for each port. Note: The current root port and cur

SPANNING TREE ALGORITHM12-8Configuring Global SettingsGlobal settings apply to the entire switch.Command Usage• Spanning Tree Protocol13Uses RSTP for

CONFIGURING GLOBAL SETTINGS12-9- Be careful when switching between spanning tree modes. Changing modes stops all spanning-tree instances for the previ

TABLESxxxiTable 24-1 Access Control List Commands . . . . . . . . . . . . . . . . . . . . 24-1Table 24-2 IP ACL Commands . . . . . . . . . . . . . .

SPANNING TREE ALGORITHM12-10reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. An

CONFIGURING GLOBAL SETTINGS12-11Configuration Settings for MSTP • Max Instance Numbers – The maximum number of MSTP instances to which this switch can

SPANNING TREE ALGORITHM12-12Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply.Figure 12-2 STA Global Con

DISPLAYING INTERFACE SETTINGS12-13CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parame

SPANNING TREE ALGORITHM12-14- If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, th

DISPLAYING INTERFACE SETTINGS12-15• Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)These additional parameters

SPANNING TREE ALGORITHM12-16loops. Where more than one port is assigned the highest priority, the port with the lowest numeric identifier will be enab

DISPLAYING INTERFACE SETTINGS12-17CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 31-25Eth 1/ 5 infor

SPANNING TREE ALGORITHM12-18Configuring Interface SettingsYou can configure RSTP and MSTP attributes for specific interfaces, including port priority,

CONFIGURING INTERFACE SETTINGS12-19loops. Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be e

TABLESxxxiiTable 32-5 Commands for Displaying VLAN Information . . . . . . 32-16Table 32-6 Private VLAN Commands . . . . . . . . . . . . . . . . .

SPANNING TREE ALGORITHM12-20• Admin Link Type – The link type attached to this interface.- Point-to-Point – A connection to exactly one other bridge.-

CONFIGURING INTERFACE SETTINGS12-21Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then cli

SPANNING TREE ALGORITHM12-22Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance. This provides multiple pathwa

CONFIGURING MULTIPLE SPANNING TREES12-23• VLANs in MST Instance – VLANs assigned this instance.• MST ID – Instance identifier to configure. (Range: 0-

SPANNING TREE ALGORITHM12-24CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 1 31-2

DISPLAYING INTERFACE SETTINGS FOR MSTP12-25CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Displaying Interface Sett

SPANNING TREE ALGORITHM12-26CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are globa

CONFIGURING INTERFACE SETTINGS FOR MSTP12-27Configuring Interface Settings for MSTPYou can configure the STA interface settings for an MST Instance us

SPANNING TREE ALGORITHM12-28• Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower va

CONFIGURING INTERFACE SETTINGS FOR MSTP12-29Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path co

xxxiiiFIGURESFigure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Figure 3-2 Front Panel Indicators . .

SPANNING TREE ALGORITHM12-30

13-1CHAPTER 13VLAN CONFIGURATIONSelecting the VLAN Operation ModeThe system can be configured to operate in normal mode or one of the tunneling modes

VLAN CONFIGURATION13-2Web – Click VLAN, System Mode. Select the required mode, click Apply.Figure 13-1 Selecting the System ModeCLI – This example se

IEEE 802.1Q VLANS13-3VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to u

VLAN CONFIGURATION13-4VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, th

IEEE 802.1Q VLANS13-5forward the message to all other ports. When the message arrives at another switch that supports GVRP, it will also place the rec

VLAN CONFIGURATION13-6switches, you should create a VLAN for that group and enable tagging on all ports. Ports can be assigned to multiple tagged or u

IEEE 802.1Q VLANS13-7CLI – This example enables GVRP for the switch. Displaying Basic VLAN InformationThe VLAN Basic Information page displays basic i

VLAN CONFIGURATION13-8CLI – Enter the following command.Displaying Current VLANsThe VLAN Current Table shows the current port members of each VLAN and

IEEE 802.1Q VLANS13-9Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list.Figure 13-4 VLAN Current TableCommand Attr

FIGURESxxxivFigure 6-5 SSH Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17Figure 6-6 802.1X Global Information . . . .

VLAN CONFIGURATION13-10CLI – Current VLAN information can be displayed with the following command.Creating VLANsUse the VLAN Static List to create or

IEEE 802.1Q VLANS13-11• Remove – Removes a VLAN group from the current list. If any port is assigned to this group as untagged, it will be reassigned

VLAN CONFIGURATION13-12Adding Static Members to VLANs (VLAN Index)Use the VLAN Static Table to configure port members for the selected VLAN index. Ass

IEEE 802.1Q VLANS13-13- Forbidden: Interface is forbidden from automatically joining the VLAN via GVRP. For more information, see “Automatic VLAN Regi

VLAN CONFIGURATION13-14Adding Static Members to VLANs (Port Index)Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected in

IEEE 802.1Q VLANS13-15Configuring VLAN Behavior for InterfacesYou can configure VLAN behavior for specific interfaces, including the default VLAN iden

VLAN CONFIGURATION13-16- If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will

IEEE 802.1Q VLANS13-17belonging to the port’s default VLAN (i.e., associated with the PVID) are also transmitted as tagged frames. - Hybrid – Specifie

VLAN CONFIGURATION13-18Configuring Private VLANsPrivate VLANs provide port-based security and isolation between ports within the assigned VLAN. Data t

CONFIGURING PRIVATE VLANS13-19Configuring Uplink and Downlink PortsUse the Private VLAN Link Status page to set ports as downlink or uplink ports. Por

FIGURESxxxvFigure 10-5 VDSL Performance Statistics . . . . . . . . . . . . . . . . . . . . 10-28Figure 10-6 Alarm Profile Configuration . . . . . .

VLAN CONFIGURATION13-20Configuring Protocol-Based VLANs The network devices required to support multiple protocols cannot be easily grouped into a com

CONFIGURING PROTOCOL-BASED VLANS13-21Configuring Protocol GroupsCreate a protocol group for one or more protocols.Command Attributes• Protocol Group I

VLAN CONFIGURATION13-22Mapping Protocols to VLANsMap a protocol group to a VLAN for each interface that will participate in the group.Command Usage• W

CONFIGURING PROTOCOL-BASED VLANS13-23Web – Click VLAN, Protocol VLAN, Port Configuration. Select a a port or trunk, enter a protocol group ID, the cor

VLAN CONFIGURATION13-24Configuring IEEE 802.1Q TunnelingIEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multiple c

CONFIGURING IEEE 802.1Q TUNNELING13-25be added to this SPVLAN. The uplink port can be added to multiple SPVLANs to carry inbound traffic for different

VLAN CONFIGURATION13-26The ingress process does source and destination lookups. If both lookups are successful, the ingress process writes the packet

CONFIGURING IEEE 802.1Q TUNNELING13-27The ingress process does source and destination lookups. If both lookups are successful, the ingress process wri

VLAN CONFIGURATION13-288. If the egress port is an untagged member of the SPVLAN, the outer tag will be stripped. If it is a tagged member, the outgoi

CONFIGURING IEEE 802.1Q TUNNELING13-294. Set the Tag Protocol Identifier (TPID) value of the tunnel port. This step is required is the attached client

FIGURESxxxviFigure 14-10 IP Port Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17Figure 15-1 Configuring Class Maps . .

VLAN CONFIGURATION13-30Adding an Interface to a QinQ TunnelFollow the guidelines in the preceding section to set up a QinQ tunnel on the switch. Set t

CONFIGURING IEEE 802.1Q TUNNELING13-31necessary to support real-time services across the backbone network, then you may have to enable priority bit ma

VLAN CONFIGURATION13-32CLI – This example configures the switch to copy the priority bits from the inner to outer VLAN tag, it then sets port 2 to tun

CONFIGURING VLAN SWAPPING13-33Configuring VLAN SwappingQinQ tunneling uses double tagging to preserve the customer’s VLAN tags on traffic crossing the

VLAN CONFIGURATION13-34Field Attributes • Entry Counts – The number of entries in the VLAN swapping table. • VLAN Swap Table – Contains each entry in

CONFIGURING VLAN SWAPPING13-35CLI – This example configures VLAN swapping for upstream traffic between port 1 and port 18, exchanging VLAN ID 1 for VL

VLAN CONFIGURATION13-36

14-1CHAPTER 14CLASS OF SERVICEClass of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the

CLASS OF SERVICE14-2Command Attributes• Default Priority21 – The priority that is assigned to untagged frames received on the specified interface. (Ra

LAYER 2 QUEUE SETTINGS14-3CLI – This example assigns a default priority of 5 to port 3.Mapping CoS Values to Egress QueuesThis switch processes Class

SECTION IGETTING STARTEDThis section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes

CLASS OF SERVICE14-4The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. How

LAYER 2 QUEUE SETTINGS14-5Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click Apply.Figu

CLASS OF SERVICE14-6Selecting the Queue ModeYou can set the switch to service the queues based on a strict rule that requires all traffic in a higher

LAYER 2 QUEUE SETTINGS14-7Web – Click Priority, Queue Mode. Select Strict or WRR, then click Apply.Figure 14-3 Queue ModeCLI – The following sets the

CLASS OF SERVICE14-8Command Attributes• WRR Setting Table23 – Displays a list of weights for each traffic class (i.e., queue).• Weight Value – Set a n

LAYER 3/4 PRIORITY SETTINGS14-9CLI – The following example shows how to assign WRR weights to priority queues 0-5, and strict priority to queues 6 and

CLASS OF SERVICE14-10Selecting IP Precedence/DSCP PriorityThe switch allows you to choose between using IP Precedence or DSCP priority. Select one of

LAYER 3/4 PRIORITY SETTINGS14-11Mapping IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight

CLASS OF SERVICE14-12Web – Click Priority, IP Precedence Priority. Select an entry from the IP Precedence Priority Table, enter a value in the Class o

LAYER 3/4 PRIORITY SETTINGS14-13Mapping DSCP PriorityThe DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP

GETTING STARTED

CLASS OF SERVICE14-14Web – Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service Value field, t

LAYER 3/4 PRIORITY SETTINGS14-15Mapping IPv6 Traffic ClassesThe Traffic Class field in the IPv6 header may be used by originating nodes and/or forward

CLASS OF SERVICE14-16CLI – The following example maps the Traffic Class value of 1 to CoS value 0.Mapping IP Port PriorityYou can also map network app

LAYER 3/4 PRIORITY SETTINGS14-17Click Priority, IP Port Priority. Enter the port number for a network application in the IP Port Number box and the ne

CLASS OF SERVICE14-18

15-1CHAPTER 15QUALITY OF SERVICEThe commands described in this section are used to configure Quality of Service (QoS) classification criteria and serv

QUALITY OF SERVICE15-2Notes: 1. You can configure up to 16 rules per Class Map. You can also include multiple classes in a Policy Map.2. You should cr

CONFIGURING QUALITY OF SERVICE PARAMETERS15-3Configuring a Class MapA class map is used for matching packets to a specified class.Command Usage • To c

QUALITY OF SERVICE15-4Settings” page. Enter the criteria used to classify ingress traffic on this web page.• Remove Class – Removes the selected class

CONFIGURING QUALITY OF SERVICE PARAMETERS15-5Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules

1-1CHAPTER 1INTRODUCTIONThis switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to config

QUALITY OF SERVICE15-6Creating QoS PoliciesThis function creates a policy map that can be attached to multiple interfaces.Command Usage • To configure

CONFIGURING QUALITY OF SERVICE PARAMETERS15-7Command AttributesPolicy Map• Modify Name and Description – Configures the name and a brief description o

QUALITY OF SERVICE15-8• Remove Class – Deletes a class.- Policy Options -• Class Name – Name of class map.• Action – Configures the service provided t

CONFIGURING QUALITY OF SERVICE PARAMETERS15-9Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy ma

QUALITY OF SERVICE15-10CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps,

CONFIGURING QUALITY OF SERVICE PARAMETERS15-11Web – Click QoS, DiffServ, Service Policy Settings. Check Enabled and choose a Policy Map for a port fro

QUALITY OF SERVICE15-12

16-1CHAPTER 16MULTICAST FILTERINGMulticasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast serv

MULTICAST FILTERING16-2those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will c

LAYER 2 IGMP (SNOOPING AND QUERY)16-3is forwarded to the hosts from each of these sources. IGMPv3 hosts may also request that service be forwarded fro

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, n

KEY FEATURES1-2User AuthenticationConsole, Telnet, web – User name / password, RADIUS, TACACS+Web – HTTPSTelnet – SSHSNMP v1/2c - Community stringsSNM

MULTICAST FILTERING16-4Configuring IGMP Snooping and Query ParametersYou can configure the switch to forward multicast traffic intelligently. Based on

LAYER 2 IGMP (SNOOPING AND QUERY)16-5Command Attributes• IGMP Status — When enabled, the switch will monitor network traffic to determine which hosts

MULTICAST FILTERING16-6Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default setting

LAYER 2 IGMP (SNOOPING AND QUERY)16-7Displaying Interfaces Attached to a Multicast RouterMulticast routers that are attached to ports on the switch us

MULTICAST FILTERING16-8CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.Specifying Static

LAYER 2 IGMP (SNOOPING AND QUERY)16-9CLI – This example configures port 11 as a multicast router port within VLAN 1.Displaying Port Members of Multica

MULTICAST FILTERING16-10Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from t

LAYER 2 IGMP (SNOOPING AND QUERY)16-11Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and

MULTICAST FILTERING16-12Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled

LAYER 2 IGMP (SNOOPING AND QUERY)16-13Configuring Immediate Leave from Multicast GroupsThe switch can be configured to immediately delete a member por

INTRODUCTION1-3Description of Software FeaturesThe switch provides a wide range of advanced performance enhancing features. Flow control eliminates th

MULTICAST FILTERING16-14Web – Click IGMP Snooping, IGMP Immediate Leave Table. Select the VLAN interface to configure, set the status for immediate le

IGMP FILTERING AND THROTTLING16-15IGMP throttling sets a maximum number of multicast groups that a port can join at the same time. When the maximum nu

MULTICAST FILTERING16-16CLI – This example enables IGMP filtering and creates a profile number. It then displays the current status and the existing p

IGMP FILTERING AND THROTTLING16-17• Current Multicast Address Range List – Lists multicast groups currently included in the profile. Select an entry a

MULTICAST FILTERING16-18Configuring IGMP Filtering and Throttling for InterfacesOnce you have configured IGMP profiles, you can assign them to interfa

IGMP FILTERING AND THROTTLING16-19Web – Click IGMP Snooping, IGMP Filter/Throttling Port Configuration or IGMP Filter/Throttling Trunk Configuration.

MULTICAST FILTERING16-20Multicast VLAN RegistrationMulticast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN

MULTICAST VLAN REGISTRATION16-21General Configuration Guidelines for MVR1. Enable MVR globally on the switch, select the MVR VLAN, and add the multica

MULTICAST FILTERING16-22Field Attributes•MVR Domain – An independent multicast domain. (Range: 1-3; Default: 1)• MVR Status – When MVR is enabled on b

MULTICAST VLAN REGISTRATION16-23Web – Click MVR, Configuration. Select the MVR domain, enable MVR globally on the switch, select the MVR VLAN, add the

DESCRIPTION OF SOFTWARE FEATURES1-4server to verify the client’s right to access the network via an authentication server (i.e., RADIUS server).Other

MULTICAST FILTERING16-24Displaying MVR Interface StatusYou can display information about the interfaces attached to the MVR VLAN.Field Attributes•MVR

MULTICAST VLAN REGISTRATION16-25CLI – This example shows information about interfaces attached to the MVR VLAN.Console#show mvr interface 35-29=======

MULTICAST FILTERING16-26Configuring MVR InterfacesEach interface that participates in the MVR VLAN must be configured as an MVR source port or receive

MULTICAST VLAN REGISTRATION16-27- Using immediate leave can speed up leave latency, but should only be enabled on a port attached to one multicast sub

MULTICAST FILTERING16-28Web – Click MVR, Port Configuration or Trunk Configuration.Figure 16-12 MVR Port ConfigurationCLI – This example configures a

MULTICAST VLAN REGISTRATION16-29Web – Click MVR, Group IP Information. Figure 16-13 MVR Group IP InformationCLI – This example following shows inform

MULTICAST FILTERING16-30Assigning Static Multicast Groups to InterfacesFor multicast streams that will run for a long term and be associated with a st

MULTICAST VLAN REGISTRATION16-31Web – Click MVR, Group Member Configuration. Select a port or trunk from the “Interface” field, and click Query to dis

MULTICAST FILTERING16-32

17-1CHAPTER 17DOMAIN NAME SERVICEThe Domain Naming System (DNS) service on this switch allows host names to be mapped to IP addresses using static tab

INTRODUCTION1-5Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE

DOMAIN NAME SERVICE17-2• When more than one name server is specified, the servers are queried in the specified sequence until a response is received,

CONFIGURING GENERAL DNS SERVICE PARAMETERS17-3Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify on

DOMAIN NAME SERVICE17-4CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specified, the defa

CONFIGURING STATIC DNS HOST TO ADDRESSENTRIES17-5Field Attributes• Host Name – Name of a host device that is mapped to one or more IP addresses. (Rang

DOMAIN NAME SERVICE17-6CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses.Displaying th

DISPLAYING THE DNS CACHE17-7Web – Select DNS, Cache.Figure 17-3 DNS CacheCLI - This example displays all the resource records learned from the design

DOMAIN NAME SERVICE17-8

SECTION IIICOMMAND LINE INTERFACEThis section provides a detailed description of the Command Line Interface, along with examples for all of the comman

COMMAND LINE INTERFACEIP Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38-1

18-1CHAPTER 18OVERVIEW OF THECOMMAND LINE INTERFACEThis chapter describes how to use the Command Line Interface (CLI).Using the Command Line Interface

DESCRIPTION OF SOFTWARE FEATURES1-6Spanning Tree Algorithm – The switch supports these spanning tree protocols:Spanning Tree Protocol (STP, IEEE 802.1

OVERVIEW OF THE COMMAND LINE INTERFACE18-2After connecting to the system through the console port, the login screen displays:Telnet ConnectionTelnet o

ENTERING COMMANDS18-32. At the prompt, enter the user name and system password. The CLI will display the “Vty-n#” prompt for the administrator to show

OVERVIEW OF THE COMMAND LINE INTERFACE18-4• To enter multiple commands, enter each command in the required order. For example, to enable Privileged Ex

ENTERING COMMANDS18-5Showing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current com

OVERVIEW OF THE COMMAND LINE INTERFACE18-6The command “show interfaces ?” will display the following information:Partial Keyword LookupIf you terminat

ENTERING COMMANDS18-7Using Command HistoryThe CLI maintains a history of commands that have been entered. You can scroll back through the history of c

OVERVIEW OF THE COMMAND LINE INTERFACE18-8Exec CommandsWhen you open a new console session on the switch with the user name and password “guest,” the

ENTERING COMMANDS18-9The configuration commands are organized into different modes:• Global Configuration - These commands modify the system level con

OVERVIEW OF THE COMMAND LINE INTERFACE18-10To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or e

ENTERING COMMANDS18-11For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mode C

INTRODUCTION1-7• Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manual

OVERVIEW OF THE COMMAND LINE INTERFACE18-12Command GroupsThe system commands can be broken down into the functional groups shown below.Esc-F Moves the

COMMAND GROUPS18-13Interface Configures the connection parameters for all Ethernet ports, aggregated links, and VLANs25-1Link Aggregation Statically

OVERVIEW OF THE COMMAND LINE INTERFACE18-14The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List

19-1CHAPTER 19GENERAL COMMANDSThese commands are used to control the command access mode, configuration mode, and other basic functions.Table 19-1 Ge

GENERAL COMMANDS19-2enableThis command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands dis

DISABLE19-3disableThis command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the

GENERAL COMMANDS19-4Example Related Commands end (19-6)show historyThis command shows the contents of the command history buffer.Default Setting NoneC

RELOAD19-5The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands f

GENERAL COMMANDS19-6promptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Syntax prompt stringno promptstring -

EXIT19-7exitThis command returns to the previous configuration mode or exits the configuration program.Default Setting NoneCommand Mode AnyExample Thi

DESCRIPTION OF SOFTWARE FEATURES1-8Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfe

GENERAL COMMANDS19-8Example This example shows how to quit a CLI session:Console#quitPress ENTER to start sessionUser Access VerificationUsername:

20-1CHAPTER 20SYSTEM MANAGEMENTCOMMANDSThese commands are used to control system logs, passwords, user names, management options, and display or confi

SYSTEM MANAGEMENT COMMANDS20-2Device Designation CommandsThis section describes commands used to configure information that uniquely identifies the sw

SYSTEM STATUS COMMANDS20-3System Status CommandsThis section describes commands used to display system information.show startup-configThis command dis

SYSTEM MANAGEMENT COMMANDS20-4This command displays settings for key command modes. Each mode group is separated by “!” symbols, and includes the conf

SYSTEM STATUS COMMANDS20-5Example Related Commandsshow running-config (20-6)Console#show startup-configbuilding startup-config, please wait...!<

SYSTEM MANAGEMENT COMMANDS20-6show running-configThis command displays the configuration information currently in use.Command Mode Privileged ExecComm

SYSTEM STATUS COMMANDS20-7Example Console#show running-configbuilding running-config, please wait...!<stackingDB>00</stackingDB>!<sta

SYSTEM MANAGEMENT COMMANDS20-8Related Commandsshow startup-config (20-3)show systemThis command displays system information.Default Setting NoneComman

SYSTEM STATUS COMMANDS20-9show usersShows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.Defa

INTRODUCTION1-9System DefaultsThe switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch de

SYSTEM MANAGEMENT COMMANDS20-10show versionThis command displays hardware and software version information for the system.Command Mode Normal Exec, Pr

SYSTEM STATUS COMMANDS20-11Example show cpu utilizationThis command shows the CPU utilization parameters.Command Mode Normal Exec, Privileged ExecExam

SYSTEM MANAGEMENT COMMANDS20-12show memory statusThis command shows memory utilization parameters.Command Mode Normal Exec, Privileged ExecExample Tab

SYSTEM MODE COMMANDS20-13System Mode CommandsThis section describes command used to configure the switch to operate in normal mode or QinQ mode.system

SYSTEM MANAGEMENT COMMANDS20-14Default Setting Normal operating modeCommand Mode Global ConfigurationCommand Usage Make sure that no dot1q-tunnel port

FRAME SIZE COMMANDS20-15Frame Size CommandsThis section describes commands used to configure the Ethernet frame size on the switch.jumbo frameThis com

SYSTEM MANAGEMENT COMMANDS20-16Example File Management CommandsManaging FirmwareFirmware can be uploaded and downloaded to or from a TFTP server. By s

FILE MANAGEMENT COMMANDS20-17copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a T

SYSTEM MANAGEMENT COMMANDS20-18settings will be set to default values when the system is rebooted using this file.• firmware - Keyword that allows you

FILE MANAGEMENT COMMANDS20-19•Use the partial-running-config keyword to copy basic settings for the IP configuration, SNMP community strings, and CLI

SYSTEM DEFAULTS1-10Web Management HTTP Server EnabledHTTP Port Number 80HTTP Secure Server EnabledHTTP Secure Port Number 443SNMP SNMP Agent EnabledCo

SYSTEM MANAGEMENT COMMANDS20-20The following example shows how to copy the running configuration to a startup file.The following example shows how to

FILE MANAGEMENT COMMANDS20-21This example shows how to copy a public-key used by SSH from an TFTP server. Note that public key authentication via SSH

SYSTEM MANAGEMENT COMMANDS20-22deleteThis command deletes a file or image.Syntax delete filenamefilename - Name of configuration file or code image.De

FILE MANAGEMENT COMMANDS20-23dirThis command displays a list of files in flash memory.Syntax dir {{boot-rom: | config: | opcode:} [filename]}The type

SYSTEM MANAGEMENT COMMANDS20-24Example The following example shows how to display all file information:whichbootThis command displays which files were

FILE MANAGEMENT COMMANDS20-25boot systemThis command specifies the file or image used to start up the system.Syntax boot system {boot-rom| config | op

SYSTEM MANAGEMENT COMMANDS20-26Line CommandsYou can access the onboard configuration program by attaching a VT100 compatible device to the server’s se

LINE COMMANDS20-27lineThis command identifies a specific line for configuration, and to process subsequent line configuration commands.Syntax line {co

SYSTEM MANAGEMENT COMMANDS20-28loginThis command enables password checking at login. Use the no form to disable password checking and allow connection

LINE COMMANDS20-29Example Related Commandsusername (22-2)password (20-29)passwordThis command specifies the password for a line. Use the no form to re

INTRODUCTION1-11Virtual LANs Default VLAN 1PVID 1Acceptable Frame Type AllIngress Filtering DisabledSwitchport Mode (Egress Mode)Hybrid: tagged/untagg

SYSTEM MANAGEMENT COMMANDS20-30configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.Example Relat

LINE COMMANDS20-31Example To set the timeout to two minutes, enter this command:exec-timeoutThis command sets the interval that the system waits until

SYSTEM MANAGEMENT COMMANDS20-32password-threshThis command sets the password intrusion threshold which limits the number of failed logon attempts. Use

LINE COMMANDS20-33silent-timeThis command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attemp

SYSTEM MANAGEMENT COMMANDS20-34Default Setting 8 data bits per characterCommand Mode Line Configuration Command Usage The databits command can be used

LINE COMMANDS20-35Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting.E

SYSTEM MANAGEMENT COMMANDS20-36Example To specify 57600 bps, enter this command:stopbitsThis command sets the number of the stop bits transmitted per

LINE COMMANDS20-37Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an acti

SYSTEM MANAGEMENT COMMANDS20-38Example To show all lines, enter this command:Console#show line Console configuration: Password threshold: 3 times I

EVENT LOGGING COMMANDS20-39Event Logging CommandsThis section describes commands used to configure event logging on the switch.logging onThis command

vLIMITED WARRANTYLimited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, un

SYSTEM DEFAULTS1-12Multicast Filtering IGMP Snooping Snooping: EnabledQuerier: DisabledIGMP Filtering/Throttling DisabledMulticast VLAN Registration D

SYSTEM MANAGEMENT COMMANDS20-40command to control the type of error messages that are stored in memory. You can use the logging trap command to contro

EVENT LOGGING COMMANDS20-41Default Setting Flash: errors (level 3 - 0)RAM: warnings (level 7 - 0)Command Mode Global ConfigurationCommand Usage The me

SYSTEM MANAGEMENT COMMANDS20-42Command Mode Global ConfigurationCommand Usage • Use this command more than once to build up a list of host IP addresse

EVENT LOGGING COMMANDS20-43logging trapThis command enables the logging of system messages to a remote server, or limits the syslog messages saved to

SYSTEM MANAGEMENT COMMANDS20-44clear logThis command clears messages from the log buffer.Syntax clear log [flash | ram]• flash - Event history stored

EVENT LOGGING COMMANDS20-45show loggingThis command displays the configuration settings for logging messages to local switch memory, to an SMTP event

SYSTEM MANAGEMENT COMMANDS20-46ExampleThe following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e.

EVENT LOGGING COMMANDS20-47Related Commandsshow logging sendmail (20-52)show logThis command displays the log messages stored in local memory.Syntax s

SYSTEM MANAGEMENT COMMANDS20-48SMTP Alert CommandsThese commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP

SMTP ALERT COMMANDS20-49• To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one, and f

2-1CHAPTER 2INITIAL CONFIGURATIONConnecting to the SwitchConfiguration OptionsThe switch includes a built-in network management agent. The agent offer

SYSTEM MANAGEMENT COMMANDS20-50logging sendmail source-emailThis command sets the email address used for the “From” field in alert messages. Syntaxlog

SMTP ALERT COMMANDS20-51Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify

SYSTEM MANAGEMENT COMMANDS20-52show logging sendmailThis command displays the settings for the SMTP event handler.Command Mode Normal Exec, Privileged

TIME COMMANDS20-53Time CommandsThe system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining an accura

SYSTEM MANAGEMENT COMMANDS20-54Command Usage • The time acquired from time servers is used to record accurate dates and times for log events. Without

TIME COMMANDS20-55Command Mode Global ConfigurationCommand Usage This command specifies time servers from which the switch will poll for time updates

SYSTEM MANAGEMENT COMMANDS20-56Related Commandssntp client (20-53)show sntpThis command displays the current time and configuration settings for the S

TIME COMMANDS20-57clock timezoneThis command sets the time zone for the switch’s internal clock.Syntax clock timezone name hour hours minute minutes {

SYSTEM MANAGEMENT COMMANDS20-58calendar setThis command sets the system clock. It may be used if there is no time server on your network, or if you ha

TIME COMMANDS20-59Example Console#show calendar 15:12:34 February 1 2002Console#

CONNECTING TO THE SWITCH2-2The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functio

SYSTEM MANAGEMENT COMMANDS20-60

21-1CHAPTER 21SNMP COMMANDSControls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the

SNMP COMMANDS21-2snmp-serverThis command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form

SHOW SNMP21-3show snmpThis command can be used to check the status of SNMP communications.Default Setting NoneCommand Mode Normal Exec, Privileged Exe

SNMP COMMANDS21-4snmp-server communityThis command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified commun

SNMP-SERVER CONTACT21-5snmp-server contactThis command sets the system contact string. Use the no form to remove the system contact information.Syntax

SNMP COMMANDS21-6Command Mode Global ConfigurationExample Related Commandssnmp-server contact (21-5)snmp-server host This command specifies the recipi

SNMP-SERVER HOST21-7community command prior to using the snmp-server host command. (Maximum length: 32 characters)• version - Specifies whether to sen

SNMP COMMANDS21-8• Notifications are issued by the switch as trap messages by default. The recipient of a trap message does not send a response to the

SNMP-SERVER ENABLE TRAPS21-9user command. Otherwise, the authentication password and/or privacy password will not exist, and the switch will not autho

INITIAL CONFIGURATION2-3To connect a terminal to the console port, complete the following steps: 1. Connect the console cable to the serial port on a

SNMP COMMANDS21-10notifications are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. •

SNMP-SERVER ENGINE-ID21-11Command Mode Global ConfigurationCommand Usage • An SNMP engine is an independent SNMP agent that resides either on this swi

SNMP COMMANDS21-12show snmp engine-idThis command shows the SNMP engine ID.Command Mode Privileged ExecExampleThis example shows the default engine ID

SNMP-SERVER VIEW21-13snmp-server viewThis command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view.Synt

SNMP COMMANDS21-14This view includes the MIB-2 interfaces table, and the mask selects all index entries.show snmp viewThis command shows information o

SNMP-SERVER GROUP21-15snmp-server groupThis command adds an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP group.Synt

SNMP COMMANDS21-16• For additional information on the notification messages supported by this switch, see Table 5-2, “Supported Notification Messages,

SHOW SNMP GROUP21-17Group Name: publicSecurity Model: v2cRead View: defaultviewWrite View: noneNotify View: noneStorage Type: volatileRow Status: acti

SNMP COMMANDS21-18snmp-server userThis command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify View. Use

SNMP-SERVER USER21-19Command Usage • The SNMP engine ID is used to compute the authentication/privacy digests from the password. You should therefore

BASIC CONFIGURATION2-4Remote ConnectionsPrior to accessing the switch’s onboard agent via a network connection, you must first configure it with a val

SNMP COMMANDS21-20show snmp userThis command shows information on SNMP users.Command Mode Privileged ExecExample Console#show snmp userEngineId: 80000

22-1CHAPTER 22USER AUTHENTICATIONCOMMANDSYou can configure this switch to authenticate users logging into the system for management access using local

USER AUTHENTICATION COMMANDS22-2User Account CommandsThe basic commands required for management access are listed in this section. This switch also in

USER ACCOUNT COMMANDS22-3• password password - The authentication password for the user. (Maximum length: 8 characters plain text, 32 encrypted, case

USER AUTHENTICATION COMMANDS22-4enable passwordAfter initially logging onto the system, you should set the Privileged Exec password. Remember to recor

AUTHENTICATION SEQUENCE22-5Related Commandsenable (19-2)authentication enable (22-7)Authentication SequenceThree authentication methods can be specifi

USER AUTHENTICATION COMMANDS22-6Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a conne

AUTHENTICATION SEQUENCE22-7authentication enableThis command defines the authentication method and precedence to use when changing from Exec command m

USER AUTHENTICATION COMMANDS22-8Example Related Commandsenable password - sets the password for changing command modes (22-4)RADIUS ClientRemote Authe

RADIUS CLIENT22-9radius-server hostThis command specifies primary and backup RADIUS servers and authentication parameters that apply to each server. U

INITIAL CONFIGURATION2-5Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each

USER AUTHENTICATION COMMANDS22-10radius-server portThis command sets the RADIUS server network port. Use the no form to restore the default.Syntax rad

RADIUS CLIENT22-11Example radius-server retransmitThis command sets the number of retries. Use the no form to restore the default.Syntax radius-server

USER AUTHENTICATION COMMANDS22-12Command Mode Global ConfigurationExample show radius-serverThis command displays the current settings for the RADIUS

TACACS+ CLIENT22-13TACACS+ ClientTerminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software runn

USER AUTHENTICATION COMMANDS22-14tacacs-server portThis command specifies the TACACS+ server network port. Use the no form to restore the default.Synt

WEB SERVER COMMANDS22-15Example show tacacs-serverThis command displays the current settings for the TACACS+ server.Default Setting NoneCommand Mode P

USER AUTHENTICATION COMMANDS22-16ip http portThis command specifies the TCP port number used by the web browser interface. Use the no form to use the

WEB SERVER COMMANDS22-17Example Related Commandsip http port (22-16)ip http secure-serverThis command enables the secure hypertext transfer protocol (

USER AUTHENTICATION COMMANDS22-18• The client and server establish a secure encrypted connection.A padlock icon should appear in the status bar for In

WEB SERVER COMMANDS22-19Default Setting 443Command Mode Global ConfigurationCommand Usage • You cannot configure the HTTP and HTTPS servers to use the

BASIC CONFIGURATION2-64. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Ente

USER AUTHENTICATION COMMANDS22-20Telnet Server CommandsThis section describes commands used to configure Telnet management access to the switch.ip tel

SECURE SHELL COMMANDS22-21Secure Shell CommandsThis section describes the commands used to configure the SSH server. Note that you also need to instal

USER AUTHENTICATION COMMANDS22-22Configuration GuidelinesThe SSH server on this switch supports both password and public key authentication. If passwo

SECURE SHELL COMMANDS22-231024 35 1341081685609893921040944920155425347631641921872958921143173880 055536161631051775940838686311092912322268285192543

USER AUTHENTICATION COMMANDS22-24c. If a match is found, the switch uses its secret key to generate a random 256-bit string as a challenge, encrypts t

SECURE SHELL COMMANDS22-25ip ssh serverThis command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service.Synt

USER AUTHENTICATION COMMANDS22-26ip ssh timeoutThis command configures the timeout for the SSH server. Use the no form to restore the default setting.

SECURE SHELL COMMANDS22-27ip ssh authentication-retriesThis command configures the number of times the SSH server attempts to reauthenticate a user. U

USER AUTHENTICATION COMMANDS22-28Command Usage The server key is a private key that is never shared outside the switch. The host key is shared with th

SECURE SHELL COMMANDS22-29Default Setting Generates both the DSA and RSA key pairs.Command Mode Privileged ExecCommand Usage • The switch uses only RS

INITIAL CONFIGURATION2-7Using the dedicated management port provides a back channel for troubleshooting when the switch cannot be reached through the

USER AUTHENTICATION COMMANDS22-30Command Mode Privileged ExecCommand Usage • This command clears the host key from volatile memory (RAM). Use the no i

SECURE SHELL COMMANDS22-31show ip sshThis command displays the connection settings used when authenticating client access to the SSH server.Command Mo

USER AUTHENTICATION COMMANDS22-32show public-keyThis command shows the public key for the specified user or for the host.Syntax show public-key [user

SECURE SHELL COMMANDS22-33Command Mode Privileged ExecCommand Usage • If no parameters are entered, all keys are displayed. If the user keyword is ent

USER AUTHENTICATION COMMANDS22-34802.1X Port AuthenticationThe switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorize

802.1X PORT AUTHENTICATION22-35dot1x system-auth-controlThis command enables IEEE 802.1X port authentication globally on the switch. Use the no form t

USER AUTHENTICATION COMMANDS22-36dot1x max-reqThis command sets the maximum number of times the switch port will retransmit an EAP request/identity pa

802.1X PORT AUTHENTICATION22-37Defaultforce-authorizedCommand ModeInterface ConfigurationExampledot1x operation-modeThis command allows single or mult

USER AUTHENTICATION COMMANDS22-38• In “multi-host” mode, only one host connected to a port needs to pass authentication for all other hosts to be gran

802.1X PORT AUTHENTICATION22-39dot1x re-authenticationThis command enables periodic re-authentication for a specified port. Use the no form to disable

BASIC CONFIGURATION2-89. Then follow the steps indicated in the next section to assign an IP address to this VLAN using manual configuration or automa

USER AUTHENTICATION COMMANDS22-40Default60 secondsCommand ModeInterface ConfigurationExampledot1x timeout re-authperiodThis command sets the time peri

802.1X PORT AUTHENTICATION22-41dot1x timeout tx-periodThis command sets the time that an interface on the switch waits during an authentication sessio

USER AUTHENTICATION COMMANDS22-42Command UsageThis command displays the following information:• Global 802.1X Parameters – Shows whether or not 802.1X

802.1X PORT AUTHENTICATION22-43- Port-control – Shows the dot1x mode on a port as auto, force-authorized, or force-unauthorized (page 22-36).- Supplic

USER AUTHENTICATION COMMANDS22-44ExampleConsole#show dot1xGlobal 802.1X Parameters system-auth-control: enable802.1X Port SummaryPort Name Status

MANAGEMENT IP FILTER COMMANDS22-45Management IP Filter CommandsThis section describes commands used to configure IP management access to the switch.ma

USER AUTHENTICATION COMMANDS22-46Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the switch wi

MANAGEMENT IP FILTER COMMANDS22-47Command Mode Privileged ExecExampleConsole#show management all-clientManagement Ip Filter HTTP-Client: Start IP ad

USER AUTHENTICATION COMMANDS22-48

23-1CHAPTER 23CLIENT SECURITYCOMMANDSThis switch supports many methods of segregating traffic for clients attached to each of the data ports, and for

INITIAL CONFIGURATION2-9Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:•

CLIENT SECURITY COMMANDS23-2Port Security CommandsThese commands can be used to enable port security on a port. When using port security, the switch s

PORT SECURITY COMMANDS23-3port securityThis command enables or configures port security. Use the no form without any keywords to disable port security

CLIENT SECURITY COMMANDS23-4Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has

PACKET FILTERING COMMANDS23-5Packet Filtering CommandsThis section describes commands used to configure packet filtering for inbound traffic.Note: Pac

CLIENT SECURITY COMMANDS23-6Default Setting DisabledCommand Mode Global ConfigurationCommand Usage • Both the specified source MAC address and source

PACKET FILTERING COMMANDS23-7filter netbiosThis command filters NetBIOS30 packets entering the specified input port. Syntax filter netbios {add | del}

CLIENT SECURITY COMMANDS23-8• This switch provides a total of 7 masks for filtering functions, including IP-MAC address packet filtering, NetBIOS pack

PACKET FILTERING COMMANDS23-9packet filtering if enabled on any interface. This mask will be released for use by other filtering functions if DHCP pac

CLIENT SECURITY COMMANDS23-10for use by other filtering functions if DHCP packet filtering is disabled on all interfaces.Exampleshow filterThis comman

IP SOURCE GUARD COMMANDS23-11IP Source Guard CommandsIP Source Guard is a security feature that filters IP traffic on network interfaces based on manu

viWARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN

BASIC CONFIGURATION2-10To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete t

CLIENT SECURITY COMMANDS23-12Default Setting DisabledCommand ModeInterface Configuration (Ethernet)Command Usage • Source guard is used to filter traf

IP SOURCE GUARD COMMANDS23-13found in the binding table and the entry type is static IP source guard binding, the packet will be forwarded.- If the DH

CLIENT SECURITY COMMANDS23-14ip source-guard bindingThis command adds a static address to the source-guard binding table. Use the no form to remove a

IP SOURCE GUARD COMMANDS23-15- If there is an entry with same VLAN ID and MAC address, and the type of entry is static IP source guard binding, then t

CLIENT SECURITY COMMANDS23-16show ip source-guard bindingThis command shows the source guard binding table.Command Mode Privileged ExecExampleConsole#

DHCP SNOOPING COMMANDS23-17DHCP Snooping CommandsDHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which sen

CLIENT SECURITY COMMANDS23-18ip dhcp snoopingThis command enables DHCP snooping globally. Use the no form to restore the default setting.Syntax [no] i

DHCP SNOOPING COMMANDS23-19forwarded for a trusted port. If the received packet is a DHCP ACK message, a dynamic DHCP snooping entry is also added to

CLIENT SECURITY COMMANDS23-20from a DHCP server, any packets received from untrusted ports are dropped.ExampleThis example enables DHCP snooping globa

DHCP SNOOPING COMMANDS23-21• When DHCP snooping is globally enabled, configuration changes for specific VLANs have the following effects:- If DHCP sno

INITIAL CONFIGURATION2-11Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Pro

CLIENT SECURITY COMMANDS23-22Related Commands ip dhcp snooping (23-18)ip dhcp snooping vlan (23-20)ip dhcp snooping trust (23-24)ip dhcp snooping data

DHCP SNOOPING COMMANDS23-23Command Usage • This command applies to all VDSL ports. When set, it will automatically convert an address assigned to an a

CLIENT SECURITY COMMANDS23-24acknowledgement packets sent by the DHCP server in response to host requests will be blocked by the switch. ExampleThis e

DHCP SNOOPING COMMANDS23-25• Additional considerations when the switch itself is a DHCP client – The port(s) through which it submits a client request

CLIENT SECURITY COMMANDS23-26show ip dhcp snooping bindingThis command shows the DHCP snooping binding table entries.Command Mode Privileged ExecExamp

24-1CHAPTER 24ACCESS CONTROL LISTCOMMANDSAccess Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protoc

ACCESS CONTROL LIST COMMANDS24-2IP ACLsThe commands in this section configure ACLs based on IP addresses, TCP/UDP port number, protocol type, and TCP

IP ACLS24-3access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the no form to remov

ACCESS CONTROL LIST COMMANDS24-4permit, deny (Standard IP ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for pac

IP ACLS24-5permit, deny (Extended IP ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific s

BASIC CONFIGURATION2-12To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default c

ACCESS CONTROL LIST COMMANDS24-6• control-flags – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (R

IP ACLS24-7ExampleThis example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e.

ACCESS CONTROL LIST COMMANDS24-8Example Related Commandspermit, deny 24-4ip access-group (24-14)access-list ip mask-precedence This command changes to

IP ACLS24-9Example Related Commandsmask (IP ACL) (24-9)ip access-group (24-14)mask (IP ACL)This command defines a mask for IP ACLs. This mask defines

ACCESS CONTROL LIST COMMANDS24-10Default SettingNoneCommand ModeIP MaskCommand Usage• Packets crossing a port are checked against all the rules in the

IP ACLS24-11This shows that the entries in the mask override the precedence in which the rules are entered into the ACL. In the following example, pac

ACCESS CONTROL LIST COMMANDS24-12This shows how to create an extended ACL with an egress mask to drop packets leaving network 171.69.198.0 when the La

IP ACLS24-13This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets. It then sets th

ACCESS CONTROL LIST COMMANDS24-14show access-list ip mask-precedence This command shows the ingress or egress rule masks for IP ACLs.Syntaxshow access

IP ACLS24-15Command Usage• A port can only be bound to one ACL.• If a port is already bound to an ACL and you bind it to a different ACL, the switch w

INITIAL CONFIGURATION2-13Then press <Enter>. For a more detailed description of these parameters, see “snmp-server host” on page 21-6. The follo

ACCESS CONTROL LIST COMMANDS24-16MAC ACLsThe commands in this section configure ACLs based on hardware addresses, packet format, and Ethernet type. To

MAC ACLS24-17access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the specified ACL.Sy

ACCESS CONTROL LIST COMMANDS24-18permit, deny (MAC ACL)This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source

MAC ACLS24-19• source – Source MAC address.• destination – Destination MAC address range with bitmask.• address-bitmask33 – Bitmask for MAC address (i

ACCESS CONTROL LIST COMMANDS24-20show mac access-list This command displays the rules for configured MAC ACLs.Syntaxshow mac access-list [acl_name]acl

MAC ACLS24-21Command Usage• You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated

ACCESS CONTROL LIST COMMANDS24-22• ethertype – Check the Ethernet type field.• ethertype-bitmask – Ethernet type of rule must match this bitmask.Defau

MAC ACLS24-23ExampleThis example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been

ACCESS CONTROL LIST COMMANDS24-24This example creates an Egress MAC ACL.show access-list mac mask-precedence This command shows the ingress or egress

MAC ACLS24-25mac access-groupThis command binds a port to a MAC ACL. Use the no form to remove the port.Syntaxmac access-group acl_name in• acl_name –

MANAGING SYSTEM FILES2-14Managing System FilesThe switch’s flash memory supports three types of system files that can be managed by the CLI program, w

ACCESS CONTROL LIST COMMANDS24-26show mac access-groupThis command shows the ports assigned to MAC ACLs.Command ModePrivileged ExecExample Related Com

ACL INFORMATION24-27Example show access-groupThis command shows the port assignments of IP ACLs.Command ModePrivileged ExecutiveExample Console#show a

ACCESS CONTROL LIST COMMANDS24-28

25-1CHAPTER 25INTERFACE COMMANDSThese commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Tab

INTERFACE COMMANDS25-2interfaceThis command configures an interface type and enter interface configuration mode. Use the no form to remove a trunk.Syn

DESCRIPTION25-3descriptionThis command adds a description to an interface. Use the no form to remove the description.Syntax description stringno descr

INTERFACE COMMANDS25-4Default Setting • Auto-negotiation is permanently disabled on Ports 1-16, and enabled by default on Ports 17-19. • When auto-neg

NEGOTIATION25-5negotiationThis command enables autonegotiation for a given interface. Use the no form to disable autonegotiation.Syntax [no] negotiati

INTERFACE COMMANDS25-6capabilitiesThis command advertises the port capabilities of a given interface during autonegotiation. Use the no form with para

FLOWCONTROL25-7manually specify the link attributes with the speed-duplex and flowcontrol commands.Example The following example configures Ethernet p

INITIAL CONFIGURATION2-15In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and

INTERFACE COMMANDS25-8• To force flow control on or off (with the flowcontrol or no flowcontrol command), use the no negotiation command to disable au

SWITCHPORT MDIX25-9• copper-forced - Always uses the built-in RJ-45 port.• sfp-forced - Always uses the SFP port (even if module not installed).• sfp-

INTERFACE COMMANDS25-10Command Mode Interface Configuration (Ethernet - Port 17-18)Command Usage Auto-negotiation must be enabled to use the “auto” op

SWITCHPORT PACKET-RATE25-11Example The following example disables port 5.switchport packet-rateThis command configures broadcast and multicast and unk

INTERFACE COMMANDS25-12Example The following shows how to configure broadcast storm control at 600 packets per second: clear countersThis command clea

SHOW INTERFACES STATUS25-13show interfaces statusThis command displays the status for an interface.Syntax show interfaces status [interface]interface

INTERFACE COMMANDS25-14Example show interfaces countersThis command displays interface statistics. Syntax show interfaces counters [interface]interfac

SHOW INTERFACES COUNTERS25-15Command Mode Normal Exec, Privileged ExecCommand Usage If no interface is specified, information on all interfaces is dis

INTERFACE COMMANDS25-16show interfaces switchportThis command displays the administrative and operational status of the specified interfaces.Syntax sh

SHOW INTERFACES SWITCHPORT25-17Table 25-2 show interfaces switchport - display descriptionField DescriptionBroadcast threshold Shows if broadcast sto

MANAGING SYSTEM FILES2-16To save the current configuration settings, enter the following command:1. From the Privileged Exec mode prompt, type “copy r

INTERFACE COMMANDS25-18

26-1CHAPTER 26LINK AGGREGATIONCOMMANDSPorts can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network conn

LINK AGGREGATION COMMANDS26-2Guidelines for Creating TrunksGeneral Guidelines –• Finish configuring port trunks before you connect the corresponding n

CHANNEL-GROUP26-3• If the port channel admin key (lacp admin key - Port Channel) is not set when a channel group is formed (i.e., it has the null valu

LINK AGGREGATION COMMANDS26-4Example The following example creates trunk 1 and then adds port 11:lacpThis command enables 802.3ad Link Aggregation Con

LACP26-5ExampleThe following shows LACP enabled on ports 10-12. Because LACP has also been enabled on the ports at the other end of the links, the sho

LINK AGGREGATION COMMANDS26-6lacp system-priorityThis command configures a port's LACP system priority. Use the no form to restore the default se

LACP ADMIN-KEY (ETHERNET INTERFACE)26-7lacp admin-key (Ethernet Interface)This command configures a port's LACP administration key. Use the no fo

LINK AGGREGATION COMMANDS26-8lacp admin-key (Port Channel)This command configures a port channel's LACP administration key string. Use the no for

LACP PORT-PRIORITY26-9lacp port-priorityThis command configures LACP port priority. Use the no form to restore the default setting.Syntax lacp {actor

SECTION IISWITCH MANAGEMENTThis section describes the basic switch features, along with a detailed description of how to configure each feature via a

LINK AGGREGATION COMMANDS26-10show lacpThis command displays LACP information.Syntax show lacp [port-channel] {counters | internal | neighbors | sys-i

SHOW LACP26-11Table 26-2 show lacp counters - display descriptionField DescriptionLACPDUs Sent Number of valid LACPDUs transmitted from this channel

LINK AGGREGATION COMMANDS26-12LACPDUs InternalNumber of seconds before invalidating received LACPDU information.LACP System PriorityLACP system priori

SHOW LACP26-13Console#show lacp 1 neighborsPort channel 1 neighbors-------------------------------------------------------------------Eth 1/1---------

LINK AGGREGATION COMMANDS26-14Console#show lacp sysidPort Channel System Priority System MAC Address-------------------------------------------

27-1CHAPTER 27MIRROR PORT COMMANDSThis section describes how to mirror traffic from a source port to a target port. port monitorThis command configure

MIRROR PORT COMMANDS27-2Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach

SHOW PORT MONITOR27-3Command Usage This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX, RX/TX)

MIRROR PORT COMMANDS27-4

28-1CHAPTER 28RATE LIMIT COMMANDSThis function allows the network manager to control the maximum rate for traffic transmitted or received on an interf

SWITCH MANAGEMENT

RATE LIMIT COMMANDS28-2rate-limitThis command defines the rate limit for a specific interface. Use this command without specifying a rate to restore t

RATE-LIMIT TRAP-INPUT28-3rate-limit trap-inputThis command sets an SNMP trap if traffic exceeds the configured rate limit. Use the no form to restore

RATE LIMIT COMMANDS28-4• For further information on the type of notification messages that can be sent by the system, refer to the information about t

29-1CHAPTER 29VDSL COMMANDSVDSL communication parameters can be set for individual ports, or multiple parameters can be defined in a profile and appli

VDSL COMMANDS29-2Long-Reach Ethernet CommandsThis section describes how to configure communication parameters for VDSL ports such as specifying data b

LONG-REACH ETHERNET COMMANDS29-3lre max-power Sets the maximum aggregate downstream or upstream powerGC/IC 29-22lre min-protection Configures the mini

VDSL COMMANDS29-4lre band-planThis command sets the frequency bands used for VDSL signals based on a set of predefined plans. Use the no form to resto

LONG-REACH ETHERNET COMMANDS29-5ExampleThis example sets the band plan to 998-640-30000.Related Commandsshow lre (29-79)Table 29-3 VDSL2 Band PlansIn

VDSL COMMANDS29-6lre option-bandThis command sets the frequencies to be used for the optional Upstream Band 0 (US0). Use the no form to restore the de

LONG-REACH ETHERNET COMMANDS29-7lre ham-bandThis command sets the Handheld Amateur Radio (HAM) band that will be blocked to VDSL signals based on defi

3-1CHAPTER 3CONFIGURING THE SWITCHUsing the Web InterfaceThis switch provides an embedded HTTP web agent. Using a web browser you can configure the sw

VDSL COMMANDS29-84 RFI-BAND04 3.500 - 3.575 MHz ANNEX F5 RFI-BAND05 3.500 - 3.800 MHz ETSI6 RFI-BAND06 3.500 - 4.000 MHz T1E17 RFI-BAND07 3.747 - 3.75

LONG-REACH ETHERNET COMMANDS29-9ExampleThis example sets a HAM band notch in the transmitted power spectrum in the 10.000 - 10.150 MHz transmission ba

VDSL COMMANDS29-10• Using a HAM band mask prevents interference with other systems (e.g., amateur radio) that use narrow band transmission in the VDSL

LONG-REACH ETHERNET COMMANDS29-1118 RFI-BAND18 10.005 - 10.100 MHz Aeronautical Communications19 RFI-BAND19 10.100 - 10.150 MHz Amateur Radio20 RFI-BA

VDSL COMMANDS29-12ExampleThis example sets a HAM band notch in the transmitted power spectrum to avoid interference with CB radios.Related Commandssho

LONG-REACH ETHERNET COMMANDS29-13PSD Mask required for compliance with local regulations, or set mask limits for upstream power backoff. The methods u

VDSL COMMANDS29-14Command Mode Global ConfigurationInterface Configuration (VDSL Port)Command Usage • Enter this command in global configuration mode

LONG-REACH ETHERNET COMMANDS29-15lre psd-valueThis command defines a power level for each of the PSD breakpoints. Use the no form to restore the defau

VDSL COMMANDS29-16ExampleThe following sets a PSD value for the frequency band bounded by breakpoints 1 and 2 to -20 dBm/Hz on VDSL port 1.Related Com

LONG-REACH ETHERNET COMMANDS29-17• The following table lists the predefined band plans.ExampleThe following specifies a predefined mask based on Annex

viiTABLE OF CONTENTSSection I Getting Started1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Key Features . .

CONFIGURING THE SWITCH3-2Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is

VDSL COMMANDS29-18lre pbo-configThis command sets a mask to reduce the power spectral density (PSD) of transmitted signals at specified frequency brea

LONG-REACH ETHERNET COMMANDS29-19• The transceiver will adjust its transmitted signal to conform to the power limitations set by the lre pbo-config co

VDSL COMMANDS29-20Command Usage • Enter this command in global configuration mode to enable upstream power backoff for all VDSL ports, or in interface

LONG-REACH ETHERNET COMMANDS29-21lre toneThis command disables VDSL signals at frequencies less than or equal to 640 KHz, 1.1 MHz or 2.2 MHz. Use the

VDSL COMMANDS29-22ExampleThe following disables all tone beneath 640 kHz on the upstream band plan.Related Commandsshow lre tone (29-71)lre max-powerT

LONG-REACH ETHERNET COMMANDS29-23ExampleThe following sets the maximum downstream power on port 1 to 14.5 dBm.lre min-protectionThis command configure

VDSL COMMANDS29-24• Note that this parameter only applies to interleaved channels. Refer to ITU-T G.993.2 for a full description of the methods used t

LONG-REACH ETHERNET COMMANDS29-25Related Commandslre interleave-max-delay (29-25)lre interleave-max-delayThis command sets the maximum interleave dela

VDSL COMMANDS29-26Related Commandslre channel (29-24)show lre interleave-max-delay (29-72)lre datarateThis command specifies the minimum and maximum d

LONG-REACH ETHERNET COMMANDS29-27ExampleThe following sets the minimum and maximum data rates for the downstream fast channel on port 1.Related Comman

NAVIGATING THE WEB BROWSER INTERFACE3-3Navigating the Web Browser InterfaceTo access the web-browser interface you must first enter a user name and pa

VDSL COMMANDS29-28Related Commandslre datarate (29-26)lre noise-mgn targetThis command configures the targeted signal-to-noise margin that VDSL ports

LONG-REACH ETHERNET COMMANDS29-29lre noise-mgn minThis command configures the minimum acceptable signal-to-noise margin. Use the no form to restore th

VDSL COMMANDS29-30lre shutdownThis command shuts down a VDSL port. Use the no form to re-enabled a port.Syntax[no] lre shutdownDefault Setting All VDS

LONG-REACH ETHERNET COMMANDS29-31Command Mode Interface Configuration (VDSL Port)Command Usage Use this command to troubleshoot VDSL connection or per

VDSL COMMANDS29-32Related Commandslre datarate (29-26)lre retrainingThis command manually initiates the rate adaptation method to find the optimal tra

LONG-REACH ETHERNET COMMANDS29-33lre rate-adaptionThis command enables automatic line rate adaptation, which can set the optimal transmission rate bas

VDSL COMMANDS29-34Related Commandslre datarate (29-26)show lre rate-adaption (29-75)lre applyThis command applies all global VDSL settings to each VDS

LINE PROFILE COMMANDS29-35Line Profile Commands This section describes how to configure a list of communication parameters such as data rates and acce

VDSL COMMANDS29-36line-profileThis command enters VDSL Line Profile configuration mode. Syntaxline-profile profile-nameprofile-name – Name of the prof

LINE PROFILE COMMANDS29-37ExampleThe following creates a VDSL line profile named southport.Related Commandsshow lre line-profile (29-77)lre line-profi

CONFIGURING THE SWITCH3-4Configuration OptionsConfigurable parameters have a dialog box or a drop-down list. Once a configuration change has been made

VDSL COMMANDS29-38ExampleThe following applies the line profile named southport to all VDSL ports.band-planThis command sets the frequency bands used

LINE PROFILE COMMANDS29-39option-bandThis command sets the frequencies to be used for optional Upstream Band 0 (US0). Use the no form to restore the d

VDSL COMMANDS29-40ham-bandThis command sets the Handheld Amateur Radio (HAM) band that will be blocked to VDSL signals based on defined frequencies. U

LINE PROFILE COMMANDS29-41region-ham-bandThis command sets the ham radio band that will be blocked to VDSL signals based on defined usage types. Use t

VDSL COMMANDS29-42toneThis command disables VDSL signals at frequencies less than or equal to 640 KHz, 1.1 MHz or 2.2 MHz. Use the no form to restore

LINE PROFILE COMMANDS29-43ExampleThe following disables all tone beneath 640 kHz on the upstream band plan.Related Commandslre tone (29-21)max-powerTh

VDSL COMMANDS29-44min-protectionThis command configures the minimum level of impulse noise protection for all bearer channels. Use the no form to rest

LINE PROFILE COMMANDS29-45Related Commandslre min-protection (29-23)channelThis command sets the channel mode to fast or interleaved. Use the no form

VDSL COMMANDS29-46down/up-max-inter-delayThese commands set the maximum interleave delay on a downstream/upstream channel. Use the no form to restore

LINE PROFILE COMMANDS29-47Related Commandslre interleave-max-delay (29-25)down/up-fast/slow-max/min-datarateThese commands set the maximum/minimum dat

NAVIGATING THE WEB BROWSER INTERFACE3-5Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all

VDSL COMMANDS29-48ExampleThe following sets the minimum and maximum data rates for the downstream fast channel on port 1.Related Commandslre datarate

LINE PROFILE COMMANDS29-49ExampleThe following sets an SNR of 12 dB for the downstream channels and 18 dB for the upstream channels.Related Commandslr

VDSL COMMANDS29-50• When rate adaptation is enabled (see Command Usage, page 29-32), the signal-to-noise ratio (SNR) is an indicator of link quality.

ALARM PROFILE COMMANDS29-51Alarm Profile CommandsThis section describes how to configure a list of threshold values for error states which can be appl

VDSL COMMANDS29-52alarm-profileThis command enters VDSL Alarm Profile configuration mode. Use the no form to delete an alarm profile.Syntax[no] alarm-

ALARM PROFILE COMMANDS29-53Command Usage First create a profile of VDSL alarm thresholds using the other commands described in this section, then ente

VDSL COMMANDS29-54the status of remote transceivers is obtained via the embedded operation channel (EOC), this information may be unavailable for unit

ALARM PROFILE COMMANDS29-55Command Usage • An Errored Second is a one-second interval containing one or more CRC anomalies, or one or more Loss of Sig

VDSL COMMANDS29-56Command Usage This command sets the threshold for the number of seconds during which there is loss of framing within any 15 minute c

ALARM PROFILE COMMANDS29-57notification will be generated. (Refer to RFC 3728 for information on this notification message.) No more than one notifica

CONFIGURING THE SWITCH3-6Reset Restarts the switch 4-36SNTP 4-37Configuration Configures SNTP client settings, including a specified list of servers4-

VDSL COMMANDS29-58ExampleThe following sets the LOSs threshold to 15.thresh-15min-lprsThis command sets the threshold for Loss of Power Seconds (LPRs)

ALARM PROFILE COMMANDS29-59thresh-15min-sessThis command sets the threshold for Severely Errored Seconds (SESs) that can occur within any given 15 min

VDSL COMMANDS29-60thresh-15min-uassThis command sets the threshold for Unavailable Seconds (UASs) that can occur within any given 15 minutes. Use the

DISPLAYING VDSL INFORMATION29-61Displaying VDSL InformationThis section describes the commands used to display information on VDSL configuration setti

VDSL COMMANDS29-62show lre band-planThis command displays the frequency bands used for VDSL signals.Syntaxshow lre band-plan [unit/port]• unit - Stack

DISPLAYING VDSL INFORMATION29-63Command Usage • Use this command without the interface parameter to display the band plans used for all VDSL ports on

VDSL COMMANDS29-64Command Usage • Use this command without the interface parameter to display the optional US0 band used for all VDSL ports on the swi

DISPLAYING VDSL INFORMATION29-65ExampleThis example shows that the HAM band in the 1.810 - 1.825 MHz range is blocked to VDSL signals for Port 1.Relat

VDSL COMMANDS29-66Command Usage • Use this command without the interface parameter to display the HAM band usage filter used for all VDSL ports on the

DISPLAYING VDSL INFORMATION29-67Related Commandslre region-ham-band (29-9)show lre psdThis command displays the power level set for each of the PSD br

NAVIGATING THE WEB BROWSER INTERFACE3-7 802.1X Port authentication 6-19Information Displays global configuration settings 6-21Configuration Configure

VDSL COMMANDS29-68Related Commandslre psd-breakpoints (29-12)lre psd-frequencies (29-13)lre psd-value (29-15)show lre psd-mask-levelThis command displ

DISPLAYING VDSL INFORMATION29-69Command Usage • Use this command without the interface parameter to display the predefined PSD mask used for all VDSL

VDSL COMMANDS29-70ExampleThis example shows that the UPBO mask used for all upstream traffic. Related Commandslre pbo-config (29-18)show lre upboThis

DISPLAYING VDSL INFORMATION29-71transceiver will automatically control upstream power backoff based on default values set by the DSP engine.ExampleThi

VDSL COMMANDS29-72Related Commandslre tone (29-21)show lre interleave-max-delayThis command displays the maximum interleave-delay that can be used for

DISPLAYING VDSL INFORMATION29-73show lre datarateThis command displays the minimum and maximum data rate for downstream and upstream fast or slow (int

VDSL COMMANDS29-74show lre noise-mgnThis command displays the targeted signal-to-noise margin that VDSL ports must achieve to successfully complete in

DISPLAYING VDSL INFORMATION29-75show lre rate-adaptionThis command shows if line rate adaptation which sets the optimal transmission rate based on exi

VDSL COMMANDS29-76show lre configThis command shows the VDSL configuration settings for an interface.Syntaxshow lre config [unit/port]• unit - Stack u

DISPLAYING VDSL INFORMATION29-77Related Commandslre apply (29-34)show lre line-profileThis command displays a specified line profile which may be appl

CONFIGURING THE SWITCH3-8Trunk Configuration Configures trunk connection settings 9-4Trunk Membership Specifies ports to group into static trunks 9-9

VDSL COMMANDS29-78Related Commandsline-profile (29-36)lre line-profile (29-37)show lre alarm-profileThis command displays a specified alarm profile wh

DISPLAYING VDSL INFORMATION29-79show lreThis command displays the communication status of the VDSL line.Syntaxshow lre unit/port• unit - Stack unit. (

VDSL COMMANDS29-80show lre phys-infoThis command displays physical layer information about the VDSL line.Syntaxshow lre phys-info unit/port• unit - St

DISPLAYING VDSL INFORMATION29-81Exampleshow lre rate-infoThis command displays rate information for the VDSL line.Syntaxshow lre rate-info [unit/port]

VDSL COMMANDS29-82Exampleshow lre perfThis command displays performance information including common error conditions over predefined intervals for th

DISPLAYING VDSL INFORMATION29-83Command Usage Use this command without the interface parameter to show performance information for all VDSL ports on t

VDSL COMMANDS29-84Loss of power Number of seconds during which there was loss of powerErrored seconds Number of seconds during which there was one or

DISPLAYING VDSL INFORMATION29-85Ethernet Transmit Performance Counters Frames Number of frames (unicast, broadcast and multicast) transmitted.Bytes Nu

VDSL COMMANDS29-86CPE ConfigurationThis section describes operation and maintenance (OAM) functions for remote customer premises equipment (CPE), incl

CPE CONFIGURATION29-87Exampleefm remote eeprom-writeThis command enables firmware upgrade on the CPE. Syntax efm remote eeprom-write {enable | disable

NAVIGATING THE WEB BROWSER INTERFACE3-9VDSL 10-1Global Configuration Configures global VDSL variables which can be applied to all ports10-1VDSL Port

VDSL COMMANDS29-88ExampleThis example shows how to copy BME firmware for CPEs to a reserved buffer on the switch, copy this firmware to a remote CPE,

CPE CONFIGURATION29-89Console#configureConsole(config)#interface ethernet 1/16Console(config-if)#oam remote upgrade firmwareConsole(config)#endConsole

VDSL COMMANDS29-90Related Commandsoam remote upgrade firmware (page 29-90)oam remote firmware active (page 29-90)oam remote upgrade firmwareThis comma

CPE CONFIGURATION29-91Command Usage • BME indicates the Burst Mode Engine used for digital signal processing.• This command activates the firmware ver

VDSL COMMANDS29-92ExampleConsole#show cpe-info 1/1Protocol ID: Ikanos EOC ProtocolProtocol Version - Major: 01Protocol Version - Minor:

30-1CHAPTER 30ADDRESS TABLE COMMANDSThese commands are used to configure the address table for filtering specified addresses, displaying current entri

ADDRESS TABLE COMMANDS30-2mac-address-table staticThis command maps a static address to a destination port in a VLAN. Use the no form to remove an add

CLEAR MAC-ADDRESS-TABLE DYNAMIC30-3• A static address cannot be learned on another port until the address is removed with the no form of this command.

ADDRESS TABLE COMMANDS30-4show mac-address-tableThis command shows classes of entries in the bridge-forwarding database.Syntax show mac-address-table

MAC-ADDRESS-TABLE AGING-TIME30-5• The maximum number of address entries is 8191.Examplemac-address-table aging-timeThis command sets the aging time fo

CONFIGURING THE SWITCH3-10Spanning Tree 12-1STA Information Displays STA values used for the bridge 12-4Configuration Configures global bridge settin

ADDRESS TABLE COMMANDS30-6show mac-address-table aging-timeThis command shows the aging time for entries in the address table.Default Setting NoneComm

31-1CHAPTER 31SPANNING TREE COMMANDSThis section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and comma

SPANNING TREE COMMANDS31-2revision Configures the revision number for the multiple spanning treeMST 31-14max-hops Configures the maximum number of hop

SPANNING-TREE31-3spanning-treeThis command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it.Syntax [no] span

SPANNING TREE COMMANDS31-4spanning-tree modeThis command selects the spanning tree mode for this switch. Use the no form to restore the default.Syntax

SPANNING-TREE FORWARD-TIME31-5restarts the migration delay timer and begins using RSTP BPDUs on that port.• Multiple Spanning Tree Protocol- To allow

SPANNING TREE COMMANDS31-6Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., discar

SPANNING-TREE MAX-AGE31-7Related Commandsspanning-tree forward-time (31-5)spanning-tree max-age (31-7)spanning-tree max-ageThis command configures the

SPANNING TREE COMMANDS31-8Related Commandsspanning-tree forward-time (31-5)spanning-tree hello-time (31-6)spanning-tree priorityThis command configure

SPANNING-TREE PATHCOST METHOD31-9spanning-tree pathcost methodThis command configures the path cost method used for Rapid Spanning Tree and Multiple S

NAVIGATING THE WEB BROWSER INTERFACE3-11Static Membership by PortConfigures membership type for interfaces, including tagged, untagged or forbidden13-

SPANNING TREE COMMANDS31-10spanning-tree transmission-limitThis command configures the minimum interval between the transmission of consecutive RSTP/M

MST VLAN31-11Related Commands mst vlan (31-11)mst priority (31-12)name (31-13)revision (31-14)max-hops (31-14)mst vlanThis command adds VLANs to a spa

SPANNING TREE COMMANDS31-12instance (on each bridge) with the same set of VLANs. Also, note that RSTP treats each MSTI region as a single node, connec

NAME31-13Example nameThis command configures the name for the multiple spanning tree region in which this switch is located. Use the no form to clear

SPANNING TREE COMMANDS31-14revisionThis command configures the revision number for this multiple spanning tree configuration of this switch. Use the n

SPANNING-TREE SPANNING-DISABLED31-15Default Setting 20Command Mode MST ConfigurationCommand Usage An MSTI region is treated as a single node by the ST

SPANNING TREE COMMANDS31-16Example This example disables the spanning tree algorithm for port 5.spanning-tree costThis command configures the spanning

SPANNING-TREE COST31-17Default Setting By default, the system automatically detects the speed and duplex mode used on each port, and configures the pa

SPANNING TREE COMMANDS31-18spanning-tree port-priorityThis command configures the priority for the specified interface. Use the no form to restore the

SPANNING-TREE PORTFAST31-19Default Setting DisabledCommand Mode Interface Configuration (Ethernet, Port Channel)Command Usage • You can enable this op

TABLE OF CONTENTSviiiMain Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54 Basic Management Tasks . .

CONFIGURING THE SWITCH3-12IPv6 Mapping Assigns IPv6 traffic classes to one of the Class-of-Service values14-15IP Port Priority Status Globally enable

SPANNING TREE COMMANDS31-20Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • This command is used to enable/disable the fas

SPANNING-TREE LINK-TYPE31-21spanning-tree link-typeThis command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the n

SPANNING TREE COMMANDS31-22spanning-tree mst costThis command configures the path cost on a spanning instance in the Multiple Spanning Tree. Use the n

SPANNING-TREE MST PORT-PRIORITY31-23should be assigned to interfaces attached to faster media, and higher values assigned to interfaces with slower me

SPANNING TREE COMMANDS31-24Where more than one interface is assigned the highest priority, the interface with lowest numeric identifier will be enable

SHOW SPANNING-TREE31-25Example show spanning-treeThis command shows the configuration for the common spanning tree (CST) or for an instance within the

SPANNING TREE COMMANDS31-26description of the items displayed for specific interfaces, see “Displaying Interface Settings” on page 12-13.ExampleConsol

SHOW SPANNING-TREE MST CONFIGURATION31-27show spanning-tree mst configurationThis command shows the configuration of the multiple spanning tree.Comman

SPANNING TREE COMMANDS31-28

32-1CHAPTER 32VLAN COMMANDSA VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same p

NAVIGATING THE WEB BROWSER INTERFACE3-13IGMP Filter/Throttling Trunk ConfigurationAssigns IGMP filter profiles to trunk interfaces and sets throttle m

VLAN COMMANDS32-2GVRP and Bridge Extension CommandsGARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to

GVRP AND BRIDGE EXTENSION COMMANDS32-3Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on

VLAN COMMANDS32-4switchport gvrpThis command enables GVRP for a port. Use the no form to disable it.Syntax [no] switchport gvrpDefault Setting Disable

GVRP AND BRIDGE EXTENSION COMMANDS32-5garp timerThis command sets the values for the join, leave and leaveall timers. Use the no form to restore the t

VLAN COMMANDS32-6Example Related Commandsshow garp timer (32-6)show garp timerThis command shows the GARP timers for the selected interface.Syntax sho

EDITING VLAN GROUPS32-7Editing VLAN Groupsvlan databaseThis command enters VLAN database mode. All commands in this mode will take effect immediately.

VLAN COMMANDS32-8vlanThis command configures a VLAN. Use the no form to restore the default settings or delete a VLAN.Syntax vlan vlan-id [name vlan-n

CONFIGURING VLAN INTERFACES32-9Related Commands show vlan (32-16)Configuring VLAN Interfacesinterface vlanThis command enters interface configuration

VLAN COMMANDS32-10Default Setting NoneCommand Mode Global ConfigurationExample The following example shows how to set the interface configuration mode

CONFIGURING VLAN INTERFACES32-11Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid:Re

CONFIGURING THE SWITCH3-14

VLAN COMMANDS32-12Related Commandsswitchport mode (32-10)switchport ingress-filtering This command enables ingress filtering for an interface. Use the

CONFIGURING VLAN INTERFACES32-13switchport native vlanThis command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore

VLAN COMMANDS32-14switchport allowed vlanThis command configures VLAN groups on the selected interface. Use the no form to restore the default.Syntax

CONFIGURING VLAN INTERFACES32-15• If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically remo

VLAN COMMANDS32-16Example The following example shows how to prevent port 1 from being added to VLAN 3:Displaying VLAN InformationThis section describ

CONFIGURING PRIVATE VLANS32-17Example The following example shows how to display information for VLAN 1:Configuring Private VLANsPrivate VLANs provide

VLAN COMMANDS32-18Default Setting No private VLANs are defined.No default group exists.Command Mode Global ConfigurationCommand Usage• A private VLAN

CONFIGURING PRIVATE VLANS32-19show pvlanThis command displays the configured private VLAN.Command Mode Privileged ExecExampleThis example shows the in

VLAN COMMANDS32-20Configuring Protocol-based VLANsThe network devices required to support multiple protocols cannot be easily grouped into a common VL

CONFIGURING PROTOCOL-BASED VLANS32-213. Then map the protocol for each interface to the appropriate VLAN using the protocol-vlan protocol-group comman

4-1CHAPTER 4BASIC MANAGEMENT TASKSThis chapter describes the basic functions required to set up management access to the switch, display or upgrade op

VLAN COMMANDS32-22protocol-vlan protocol-group (Configuring Interfaces)This command maps a protocol group to a VLAN for the current interface. Use the

CONFIGURING PROTOCOL-BASED VLANS32-23Example The following example maps the traffic entering Port 1 which matches the protocol type specified in proto

VLAN COMMANDS32-24show interfaces protocol-vlan protocol-groupThis command shows the mapping from protocol groups to VLANs for the selected interfaces

CONFIGURING IEEE 802.1Q TUNNELING32-25Configuring IEEE 802.1Q TunnelingQinQ tunneling uses a single Service Provider VLAN (SPVLAN) for customers who h

VLAN COMMANDS32-265. Configure the QinQ tunnel port to join the SPVLAN as an untagged member (switchport allowed vlan, page 32-14).6. Configure the SP

CONFIGURING IEEE 802.1Q TUNNELING32-27• The packet must have a standard ethertype value of 0x8100 for this command to take effect. Otherwise, the prio

VLAN COMMANDS32-28to the service provider’s outer tag. The Tag Protocol Identifier (TPID) of the tunnel port is used for the outer tag. The default is

CONFIGURING IEEE 802.1Q TUNNELING32-29switchport dot1q-ethertypeThis command sets the Tag Protocol Identifier (TPID) value of a tunnel port. Use the n

VLAN COMMANDS32-30ExampleRelated Commandsshow interfaces switchport (page 25-16)Configuring VLAN SwappingQinQ tunneling uses double tagging to preser

CONFIGURING VLAN SWAPPING32-31uplink port (using the command parameters – input VLAN ID, output VLAN ID, and uplink interface). 3. Enter Interface C

BASIC MANAGEMENT TASKS4-2• Web Secure Server Port – Shows the TCP port used by the HTTPS interface.• Telnet Server – Shows if management access via Te

VLAN COMMANDS32-32• VLAN swapping only supports one-to-one mapping of VLAN IDs between a VDSL port and an uplink port.• VLAN IDs must be mapped for bo

CONFIGURING VLAN SWAPPING32-33ExampleConsole#show vlan swapvlan-swap enableethernet 1/1 invlan outvlan outport 1 100 1/18et

VLAN COMMANDS32-34

33-1CHAPTER 33CLASS OF SERVICE COMMANDSThe commands described in this section allow you to specify which data packets have greater precedence when tra

CLASS OF SERVICE COMMANDS33-2priority bitsThis command sets the priority bits in the VLAN tag of packets sent by the CPU. Use the no form to restore t

PRIORITY COMMANDS (LAYER 2)33-3Levels,” on page 33-8 for information on how CoS values are mapped to the output queues.Example queue modeThis command

CLASS OF SERVICE COMMANDS33-4• Weighted Round-Robin (WRR) specifies a relative weight of each queue that determines the percentage of service time the

PRIORITY COMMANDS (LAYER 2)33-5Related Commandspriority bits (33-2)priority ipv6 (33-17)show queue modeThis command shows the current queue mode.Defau

CLASS OF SERVICE COMMANDS33-6Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority

PRIORITY COMMANDS (LAYER 2)33-7queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority qu

DISPLAYING SYSTEM INFORMATION4-3CLI – Specify the hostname, location and contact information.Console(config)#hostname R&D 5 20-2Console(config)#sn

CLASS OF SERVICE COMMANDS33-8Example This example assign WRR weights to priority queues 0-5, and strict priority to queues 6 and 7:Related Commandsque

PRIORITY COMMANDS (LAYER 2)33-9Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage CoS values assigned at the ingress port are

CLASS OF SERVICE COMMANDS33-10Example show queue cos-mapThis command shows the class of service priority map.Syntax show queue cos-map [interface]inte

PRIORITY COMMANDS (LAYER 3 AND 4)33-11Priority Commands (Layer 3 and 4)This section describes commands used to configure Layer 3 and Layer 4 traffic p

CLASS OF SERVICE COMMANDS33-12map ip port (Global Configuration)This command enables IP port mapping (i.e., class of service mapping for TCP/UDP socke

PRIORITY COMMANDS (LAYER 3 AND 4)33-13Command Mode Interface Configuration (Ethernet, Port Channel)Command Usage • The precedence for priority mapping

CLASS OF SERVICE COMMANDS33-14Example The following example shows how to enable IP precedence mapping globally:map ip precedence (Interface Configurat

PRIORITY COMMANDS (LAYER 3 AND 4)33-15Example The following example shows how to map IP precedence value 1 to CoS value 0:map ip dscp (Global Configur

CLASS OF SERVICE COMMANDS33-16map ip dscp (Interface Configuration)This command sets IP DSCP priority (i.e., Differentiated Services Code Point priori

PRIORITY COMMANDS (LAYER 3 AND 4)33-17Example The following example shows how to map IP DSCP value 1 to CoS value 0:priority ipv6This command assigns

BASIC MANAGEMENT TASKS4-4Displaying System Health Use the System Health Information page to display the status of the fans, internal temperature, main

CLASS OF SERVICE COMMANDS33-18Example The following example maps the Traffic Class value of 1 to CoS value 0:show map ip portThis command shows the IP

PRIORITY COMMANDS (LAYER 3 AND 4)33-19show map ip precedenceThis command shows the IP precedence priority map.Syntax show map ip precedence [interface

CLASS OF SERVICE COMMANDS33-20show map ip dscpThis command shows the IP DSCP priority map.Syntax show map ip dscp [interface]interface • ethernet unit

34-1CHAPTER 34QUALITY OF SERVICECOMMANDSThe commands described in this section are used to configure Differentiated Services (DiffServ) classification

QUALITY OF SERVICE COMMANDS34-2To create a service policy for a specific category of ingress traffic, follow these steps:1. Use the class-map command

CLASS-MAP34-3Notes: 1. You can configure up to 16 rules per Class Map. You can also include multiple classes in a Policy Map.2. You should create a Cl

QUALITY OF SERVICE COMMANDS34-4• The class map is used with a policy map (page 34-6) to create a service policy (page 34-10) for a specific interface

MATCH34-5command to specify the fields within ingress packets that must match to qualify for this class map. • Only one match command can be entered p

QUALITY OF SERVICE COMMANDS34-6policy-mapThis command creates a policy map that can be attached to multiple interfaces, and enters Policy Map configur

CLASS34-7classThis command defines a traffic classification upon which a policy can act, and enters Policy Map Class configuration mode. Use the no fo

DISPLAYING SYSTEM HEALTH4-5• Free Amount – Amount of memory currently free for use.• Freed / Total – Percentage of free memory compared to total memor

QUALITY OF SERVICE COMMANDS34-8Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd_

POLICE34-9police command to limit the average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violatin

QUALITY OF SERVICE COMMANDS34-10Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd

SHOW CLASS-MAP34-11Example This example applies a service policy to an ingress interface.show class-mapThis command displays the QoS class maps which

QUALITY OF SERVICE COMMANDS34-12show policy-map This command displays the QoS policy maps which define classification criteria for incoming traffic, a

SHOW POLICY-MAP INTERFACE34-13Command Mode Privileged ExecExampleConsole#show policy-map interface ethernet 1/5Service-policy rd_policy inputConsole#

QUALITY OF SERVICE COMMANDS34-14

35-1CHAPTER 35MULTICAST FILTERINGCOMMANDSThis switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to recei

MULTICAST FILTERING COMMANDS35-2IGMP Snooping CommandsThis section describes commands used to configure IGMP snooping on the switch. ip igmp snoopingT

IGMP SNOOPING COMMANDS35-3Example The following example enables IGMP snooping.ip igmp snooping vlan staticThis command adds a port to a multicast grou

BASIC MANAGEMENT TASKS4-6CLI – Use the following commands to display the status of the CPU and system memory. Console#show cpu utilization 20-11 CPU c

MULTICAST FILTERING COMMANDS35-4ip igmp snooping versionThis command configures the IGMP snooping version. Use the no form to restore the default.Synt

IGMP SNOOPING COMMANDS35-5ip igmp snooping immediate-leaveThis command immediately deletes a member port of a multicast service if a leave packet is r

MULTICAST FILTERING COMMANDS35-6show ip igmp snoopingThis command shows the IGMP snooping configuration.Default Setting NoneCommand Mode Privileged Ex

IGMP QUERY COMMANDS35-7Command Mode Privileged ExecCommand Usage Member types displayed include IGMP or USER, depending on selected options.Example Th

MULTICAST FILTERING COMMANDS35-8ip igmp snooping querierThis command enables the switch as an IGMP querier. Use the no form to disable it.Syntax [no]

IGMP QUERY COMMANDS35-9Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action. I

MULTICAST FILTERING COMMANDS35-10ip igmp snooping query-max-response-timeThis command configures the query report delay. Use the no form to restore th

IGMP QUERY COMMANDS35-11ip igmp snooping router-port-expire-timeThis command configures the query timeout. Use the no form to restore the default.Synt

MULTICAST FILTERING COMMANDS35-12Static Multicast Routing CommandsThis section describes commands used to configure static multicast routing on the sw

STATIC MULTICAST ROUTING COMMANDS35-13Example The following shows how to configure port 11 as a multicast router port within VLAN 1:show ip igmp snoop

DISPLAYING HARDWARE/SOFTWARE VERSIONS4-7Displaying Hardware/Software Versions Use the Switch Information page to display hardware/firmware version num

MULTICAST FILTERING COMMANDS35-14IGMP Filtering and Throttling CommandsIn certain switch applications, the administrator may want to control the multi

IGMP FILTERING AND THROTTLING COMMANDS35-15ip igmp filter (Global Configuration)This command globally enables IGMP filtering and throttling on the swi

MULTICAST FILTERING COMMANDS35-16ip igmp profileThis command creates an IGMP filter profile number and enters IGMP profile configuration mode. Use the

IGMP FILTERING AND THROTTLING COMMANDS35-17Command Usage • Each profile has only one access mode; either permit or deny.• When the access mode is set

MULTICAST FILTERING COMMANDS35-18ip igmp filter (Interface Configuration)This command assigns an IGMP filtering profile to an interface on the switch.

IGMP FILTERING AND THROTTLING COMMANDS35-19Default Setting 64Command Mode Interface ConfigurationCommand Usage • IGMP throttling sets a maximum number

MULTICAST FILTERING COMMANDS35-20Command Usage When the maximum number of groups is reached on a port, the switch can take one of two actions; either

IGMP FILTERING AND THROTTLING COMMANDS35-21Example show ip igmp profileThis command displays IGMP filtering profiles created on the switch. Syntax sho

MULTICAST FILTERING COMMANDS35-22show ip igmp throttle interfaceThis command displays the interface settings for IGMP throttling. Syntax show ip igmp

MULTICAST VLAN REGISTRATION COMMANDS35-23Multicast VLAN Registration CommandsThis section describes commands used to configure Multicast VLAN Registra

TABLE OF CONTENTSixSetting SNMPv3 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-246 User Authentication . . . . . . . . .

BASIC MANAGEMENT TASKS4-8These additional parameters are displayed for the CLI.• Unit ID – Unit number in stack.• BME firmware version – Version numbe

MULTICAST FILTERING COMMANDS35-24mvr (Global Configuration)This command enables Multicast VLAN Registration (MVR) globally on the switch, enables a sp

MULTICAST VLAN REGISTRATION COMMANDS35-25•Use the mvr group command to statically configure all multicast group addresses that will join an MVR VLAN.

MULTICAST FILTERING COMMANDS35-26mvr (Interface Configuration)This command configures an interface as a static member of an MVR domain using the group

MULTICAST VLAN REGISTRATION COMMANDS35-27groups within an MVR VLAN. Multicast groups can also be statically assigned to a receiver port using the grou

MULTICAST FILTERING COMMANDS35-28mvr immediateThis command causes the switch to immediately removes an interface from a multicast stream as soon as it

MULTICAST VLAN REGISTRATION COMMANDS35-29show mvr This command shows information about the global MVR configuration settings when entered without any

MULTICAST FILTERING COMMANDS35-30Example The following shows the global MVR settings:Console#show mvr================================MVR domain : 1MVR

MULTICAST VLAN REGISTRATION COMMANDS35-31The following displays information about the interfaces attached to the MVR VLAN:Console#show mvr interface==

MULTICAST FILTERING COMMANDS35-32The following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN:Consol

36-1CHAPTER 36DOMAIN NAME SERVICECOMMANDSThese commands are used to configure Domain Naming System (DNS) services. You can manually configure entries

DISPLAYING BRIDGE EXTENSION CAPABILITIES4-9CLI – Use the following command to display version information.Displaying Bridge Extension CapabilitiesThe

DOMAIN NAME SERVICE COMMANDS36-2ip hostThis command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form to

CLEAR HOST36-3Example This example maps two address to a host name.clear hostThis command deletes entries from the DNS table.Syntax clear host {name |

DOMAIN NAME SERVICE COMMANDS36-4ip domain-nameThis command defines the default domain name appended to incomplete host names (i.e., host names passed

IP DOMAIN-LIST36-5ip domain-listThis command defines a list of domain names that can be appended to incomplete host names (i.e., host names passed fro

DOMAIN NAME SERVICE COMMANDS36-6ExampleThis example adds two domain names to the current list and then displays the list.Related Commands ip domain-na

IP DOMAIN-LOOKUP36-7ExampleThis example adds two domain-name servers to the list and then displays the list.Related Commands ip domain-name (36-4)ip d

DOMAIN NAME SERVICE COMMANDS36-8ExampleThis example enables DNS and then displays the configuration.Related Commands ip domain-name (36-4)ip name-serv

SHOW DNS36-9show dnsThis command displays the configuration of the DNS service.Command Mode Privileged ExecExampleshow dns cacheThis command displays

DOMAIN NAME SERVICE COMMANDS36-10clear dns cacheThis command clears all entries in the DNS cache.Command Mode Privileged ExecExampleTable 36-2 show d

37-1CHAPTER 37DHCP COMMANDSThese commands are used to configure Dynamic Host Configuration Protocol (DHCP) client and relay functions. You can configu

BASIC MANAGEMENT TASKS4-10• Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egre

DHCP COMMANDS37-2Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via t

DHCP RELAY37-3ip dhcp relay serverThis command enables DHCP relay service, and specifies the address of the server to use. Use the no form to clear a

DHCP COMMANDS37-4Example ip dhcp information option This command enables DHCP Option 82 information relay, and specifies the frame format to use when

DHCP RELAY37-5• If Option 82 is enabled on the switch, client information will be included in any relayed request packet received through the manageme

DHCP COMMANDS37-6the reply packet was received. If the DHCP packet’s broadcast flag is off, the switch uses the Option 82 information to identify the

DHCP RELAY37-7address (when DHCP snooping or relay is enabled), and unicast the packet to the DHCP server.Default Setting replaceCommand ModeGlobal Co

DHCP COMMANDS37-8Example Related Commands ip dhcp relay server (37-3)Console#show ip dhcp relay server Ip Dhcp Relay Status: Enable Ip Dhcp Relay S

38-1CHAPTER 38IP INTERFACE COMMANDSAn IP address may be used for management access to the switch over your network. An IP address is obtained via DHCP

IP INTERFACE COMMANDS38-2ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the default

BASIC IP CONFIGURATION38-3Notes: 1. Only one VLAN interface can be assigned an IP address (the default is VLAN 1). This defines the management VLAN, t

SETTING THE SWITCH’S IP ADDRESS4-11CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to configure an IP in

IP INTERFACE COMMANDS38-4Example The following example defines a default gateway for this device:Related Commands show ip redirects (38-4)show ip inte

BASIC IP CONFIGURATION38-5pingThis command sends ICMP echo request packets to another node on the network.Syntax ping host [count count][size size]• h

IP INTERFACE COMMANDS38-6Example Related Commands interface (25-2)Console#ping 10.1.0.9Type ESC to abort.PING to 10.1.0.9, by 5 32-byte payload ICMP p

SECTION IVAPPENDICESThis section provides additional information on the following topics. Software Specifications . . . . . . . . . . . . . . . . .

APPENDICES

A-1APPENDIX ASOFTWARE SPECIFICATIONSSoftware FeaturesAuthenticationLocal, RADIUS, TACACS+, Port (802.1X), HTTPS, SSH, Port SecurityAccess Control List

SOFTWARE SPECIFICATIONSA-2Rate LimitsInput/output limitRange (configured per port)Port TrunkingStatic trunks (Cisco EtherChannel compliant)Dynamic tru

MANAGEMENT FEATURESA-33 OAM channels (IB, eoc, VOC) between VTU-C and VTU-RHDLC or 802.3ah EFM framingUpstream power back offCPE firmware-upgrade via

SOFTWARE SPECIFICATIONSA-4IEEE 802.1Q VLANIEEE 802.1v Protocol-based VLANsIEEE 802.1s Multiple Spanning Tree ProtocolIEEE 802.1w Rapid Spanning Tree P

MANAGEMENT INFORMATION BASESA-5Entity MIB (RFC 2737)Ether-like MIB (RFC 2665)Extended Bridge MIB (RFC 2674)Extensible SNMP Agents MIB (RFC 2742)Forwar

BASIC MANAGEMENT TASKS4-12will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for

SOFTWARE SPECIFICATIONSA-6

B-1APPENDIX BTROUBLESHOOTINGProblems Accessing the Management Interface Table B-1 Troubleshooting ChartSymptom ActionCannot connect using Telnet, we

TROUBLESHOOTINGB-2Cannot connect using Secure Shell• If you cannot connect using SSH, you may have exceeded the maximum number of concurrent Telnet/SS

USING SYSTEM LOGSB-3Using System LogsIf a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually cau

TROUBLESHOOTINGB-4

Glossary-1GLOSSARYAccess Control List (ACL)ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for

GLOSSARYGlossary-2marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queu

GLOSSARYGlossary-3Generic Multicast Registration Protocol (GMRP)GMRP allows network devices to register end stations with multicast groups. GMRP requi

GLOSSARYGlossary-4IEEE 802.3acDefines frame extensions for VLAN tagging.IEEE 802.3xDefines Ethernet frame start/stop requests and timers used for flow

GLOSSARYGlossary-5IP PrecedenceThe Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority lev

SETTING THE SWITCH’S IP ADDRESS4-13CLI – Specify the management interface, IP address and default gateway.This example first sets up a dedicated VLAN

GLOSSARYGlossary-6Multicast SwitchingA process whereby the switch filters incoming multicast frames for services for which no attached host has regist

GLOSSARYGlossary-7Private Branch Exchange (PBX)A telephone exchange local to a particular organization who use, rather than provide, telephone service

GLOSSARYGlossary-8Secure Shell (SSH)A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographi

GLOSSARYGlossary-9Terminal Access Controller Access Control System Plus (TACACS+)TACACS+ is a logon authentication protocol that uses software running

GLOSSARYGlossary-10Very high data rate Digital Subscriber Line 2 (VDSL2)VDSL2 as defined in ITU-T Recommendation G.993.2 is an enhancement to the firs

Index-1Numerics802.1Q tunnel 13-24, 32-25description 13-24interface configuration 13-30, 32-27–32-29mode selection 13-30, 32-10, 32-27TPID 13-30, 32-2

INDEXIndex-2verifying MAC addresses 7-10, 23-21VLAN configuration 7-10, 23-20Differentiated Code Point Service See DSCPDifferentiated Services See

INDEXIndex-3Layer 2 16-2, 35-2query 16-2, 35-8query, Layer 2 16-4, 35-7snooping 16-2, 35-2snooping, configuring 16-4, 35-2snooping, setting immediate

INDEXIndex-4MVRassigning static multicast groups 16-30, 35-26setting interface type 16-26, 35-26, 35-28setting multicast groups 16-21, 35-24specifying

INDEXIndex-5groups 5-18, 21-15user configuration 5-12, 5-15, 21-18views 5-24, 21-13softwaredisplaying version 4-7, 20-10downloading 4-18, 20-17Spannin

BASIC MANAGEMENT TASKS4-14Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by

INDEXIndex-6ham band notch 10-8, 29-7ham band region/usage notch 10-9, 29-9impulse noise protection 10-10, 29-23interface settings 10-7, 29-2line prof

20 MasonIrvine, CA 92618Phone: (949) 679-8000Model Numbers: SMC7800A/VCPPub. Number: 149100012100H E012007/ST-R01FOR TECHNICAL SUPPORT, CALL:From U.S.

SETTING THE SWITCH’S IP ADDRESS4-15This example first sets up a dedicated VLAN for management access. It adds Port 19 (the management port) to that VL

BASIC MANAGEMENT TASKS4-16Configuring Support for Jumbo FramesThe switch provides more efficient throughput for large sequential data transfers by sup

MANAGING FIRMWARE4-17Managing FirmwareYou can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, th