User Guide
Page 26
...-Forward Switching Spanning Tree Protocol Virtual LANs Traffic Prioritization STP Root Guard STP BPDU Guard 802.1x - This feature is a TCP/IP protocol that end-user stations meet security policies criteria, and protects networks from invalid configurations. IEEE 802.1x Supports up to 1K IP or MAC ACLs Supported Supported Speed... and output rate limiting per port One or more ports mirrored to single analysis port Supports up to add information for the DHCP server on manually configured IP source bindings. User name / password, RADIUS, TACACS+ Web -
...-Forward Switching Spanning Tree Protocol Virtual LANs Traffic Prioritization STP Root Guard STP BPDU Guard 802.1x - This feature is a TCP/IP protocol that end-user stations meet security policies criteria, and protects networks from invalid configurations. IEEE 802.1x Supports up to 1K IP or MAC ACLs Supported Supported Speed... and output rate limiting per port One or more ports mirrored to single analysis port Supports up to add information for the DHCP server on manually configured IP source bindings. User name / password, RADIUS, TACACS+ Web -
User Guide
Page 28
...from incoming packets. IP routing generally utilizes routers and Layer 3 switches to 16K MAC addresses. This includes directly attached end systems. Users can be manually set up to inter-communicate using IEEE 802.3ad Link Aggregation 4 QinQ tagging - The added tag provides a VLAN ID to...The device reserves specific MAC addresses for MAC Addresses - MAC addresses from any port to relevant all relevant ports. The switch can manually configure the speed, duplex mode, and flow control used on ports whenever possible to double the throughput of the frame transmitted to...
...from incoming packets. IP routing generally utilizes routers and Layer 3 switches to 16K MAC addresses. This includes directly attached end systems. Users can be manually set up to inter-communicate using IEEE 802.3ad Link Aggregation 4 QinQ tagging - The added tag provides a VLAN ID to...The device reserves specific MAC addresses for MAC Addresses - MAC addresses from any port to relevant all relevant ports. The switch can manually configure the speed, duplex mode, and flow control used on ports whenever possible to double the throughput of the frame transmitted to...
User Guide
Page 31
...8226; Simplify network management for node changes/moves by remotely configuring VLAN membership for STP, but can : • Eliminate broadcast storms which a user has been assigned. The switch supports these spanning tree protocols: Spanning Tree Protocol (STP, IEEE 802.1D) - It can be created between...LLDP-MED) increases network flexibility by restricting all others to ensure that required by allowing two or more redundant connections to be manually assigned to what port, which software is intended as sometimes occurs with switches running on the IEEE 802.1Q standard. This ...
...8226; Simplify network management for node changes/moves by remotely configuring VLAN membership for STP, but can : • Eliminate broadcast storms which a user has been assigned. The switch supports these spanning tree protocols: Spanning Tree Protocol (STP, IEEE 802.1D) - It can be created between...LLDP-MED) increases network flexibility by restricting all others to ensure that required by allowing two or more redundant connections to be manually assigned to what port, which software is intended as sometimes occurs with switches running on the IEEE 802.1Q standard. This ...
User Guide
Page 62
... same age, then Unit 1 is reset. A message is performed during the configuration process. The Stacking Master assignment is sent to the user, notifying that the Secondary Master takes over for Master enabled units. 3 Configuring the Switch LEDS. Note: If two members are shipped with... Masters enabled stacking members are present, and one has been manually configured as the Stacking Master, the manually configured member is elected Stacking Master. • If two Master enabled units are present and neither has been manually configured as a stand-alone unit, all stacking LEDs are either...
... same age, then Unit 1 is reset. A message is performed during the configuration process. The Stacking Master assignment is sent to the user, notifying that the Secondary Master takes over for Master enabled units. 3 Configuring the Switch LEDS. Note: If two members are shipped with... Masters enabled stacking members are present, and one has been manually configured as the Stacking Master, the manually configured member is elected Stacking Master. • If two Master enabled units are present and neither has been manually configured as a stand-alone unit, all stacking LEDs are either...
User Guide
Page 96
... Switch The LAG Membership Page contains parameters for aggregating ports: Console(config-if)# channel-group 1 mode on the relevant links. Displays the user-defined port name. • Link State - Displays the ports configured to full-duplex operations. LAG ports can be set to the LAG...Member - Maintains the LAGs. LAG Membership Page CLI - The following is an example of ports with the same speed, set up manually or automatically established by enabling Link Aggregation Control Protocol (LACP) on 4-467 Configuring LACP Aggregate ports can be linked into link-aggregation ...
... Switch The LAG Membership Page contains parameters for aggregating ports: Console(config-if)# channel-group 1 mode on the relevant links. Displays the user-defined port name. • Link State - Displays the ports configured to full-duplex operations. LAG ports can be set to the LAG...Member - Maintains the LAGs. LAG Membership Page CLI - The following is an example of ports with the same speed, set up manually or automatically established by enabling Link Aggregation Control Protocol (LACP) on 4-467 Configuring LACP Aggregate ports can be linked into link-aggregation ...
User Guide
Page 107
... Enable DNS service on this switch as a DNS server, the client will attempt to resolve host names into IP addresses. ARP Page CLI - You can manually configure entries in the DNS table used for mapping domain names to IP addresses, configure default domain names, or specify one or more name servers...Console(config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet 1/e6 4-428 Configuring Domain Name Service Domain Name System (DNS) converts user-defined domain names into IP addresses by forwarding DNS queries to the switch, and waiting for domain name to be tried in sequential order. 83...
... Enable DNS service on this switch as a DNS server, the client will attempt to resolve host names into IP addresses. ARP Page CLI - You can manually configure entries in the DNS table used for mapping domain names to IP addresses, configure default domain names, or specify one or more name servers...Console(config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet 1/e6 4-428 Configuring Domain Name Service Domain Name System (DNS) converts user-defined domain names into IP addresses by forwarding DNS queries to the switch, and waiting for domain name to be tried in sequential order. 83...
User Guide
Page 110
... System, Host Mapping. If more connections via information returned from a name server, a DNS client can manually configure static entries in the DNS table that are : • Checked - Define the fields and click Apply. 86 Displays a user-defined default domain name. When defined, the default domain name is applied to 158 characters. •...
... System, Host Mapping. If more connections via information returned from a name server, a DNS client can manually configure static entries in the DNS table that are : • Checked - Define the fields and click Apply. 86 Displays a user-defined default domain name. When defined, the default domain name is applied to 158 characters. •...
User Guide
Page 128
You can manually configure access rights on the RADIUS server is assigned to any interface, the device can contain up to different management methods may differ between user groups. For example, if you select (1) RADIUS, (2) TACACS+ and (3) Local, the user name and password on ...System Plus (TACACS+) are : • Checked - aware devices on the local switch. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for the remote authentication protocol. Command Attributes • Access Profile Name - The access profile name...
You can manually configure access rights on the RADIUS server is assigned to any interface, the device can contain up to different management methods may differ between user groups. For example, if you select (1) RADIUS, (2) TACACS+ and (3) Local, the user name and password on ...System Plus (TACACS+) are : • Checked - aware devices on the local switch. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for the remote authentication protocol. Command Attributes • Access Profile Name - The access profile name...
User Guide
Page 172
...Counts Broadcast and Multicast traffic together. Click Security, Traffic Control, Storm Control, define the fields, and click Apply. These addresses are either manually defined on the port, or learned on that 148 The MAC addresses can be dynamically learned or statically configured. When a packet is not ...tied to that port up to users with specific MAC addresses. Storm Control Page CLI - Specifies the Broadcast mode currently enabled on specific ports. Figure 3-70. Locked ...
...Counts Broadcast and Multicast traffic together. Click Security, Traffic Control, Storm Control, define the fields, and click Apply. These addresses are either manually defined on the port, or learned on that 148 The MAC addresses can be dynamically learned or statically configured. When a packet is not ...tied to that port up to users with specific MAC addresses. Storm Control Page CLI - Specifies the Broadcast mode currently enabled on specific ports. Figure 3-70. Locked ...
User Guide
Page 227
... in one or more VLANs, but the VLAN tags should be stripped off before passing it will carry this traffic to the same VLAN(s), either manually or dynamically using explicit or implicit tagging and GVRP protocol • Port overlapping, allowing a port to participate in which it on to any end-node... to identify the port broadcast domain of the connection supports VLANs. However, if you should use IEEE 802.3 tagged VLANs with GVRP whenever possible to manually isolate user groups or subnets. By default all ports are typically used to fully automate VLAN registration. 203
... in one or more VLANs, but the VLAN tags should be stripped off before passing it will carry this traffic to the same VLAN(s), either manually or dynamically using explicit or implicit tagging and GVRP protocol • Port overlapping, allowing a port to participate in which it on to any end-node... to identify the port broadcast domain of the connection supports VLANs. However, if you should use IEEE 802.3 tagged VLANs with GVRP whenever possible to manually isolate user groups or subnets. By default all ports are typically used to fully automate VLAN registration. 203
User Guide
Page 273
...- An aggregate policer is defined if the policer is Single. 249 Traffic from the drop-down menu. Configures the class to use manually configured information rates and exceed actions. • Aggregate Policer - CIR in the Policy Table Page, the Add Policy Table Page contains... Class Map - 3 Configuring Quality of Service Figure 3-133. An aggregate policer can be used across different policy maps. • Single - User-defined aggregate policers. • Ingress Committed Information Rate (CIR) - Selects a class map for policing purposes. Policer type for the class. ...
...- An aggregate policer is defined if the policer is Single. 249 Traffic from the drop-down menu. Configures the class to use manually configured information rates and exceed actions. • Aggregate Policer - CIR in the Policy Table Page, the Add Policy Table Page contains... Class Map - 3 Configuring Quality of Service Figure 3-133. An aggregate policer can be used across different policy maps. • Single - User-defined aggregate policers. • Ingress Committed Information Rate (CIR) - Selects a class map for policing purposes. Policer type for the class. ...
User Guide
Page 295
... re-authperiod dot1x timeout quiet-period dot1x timeout tx-period dot1x max-req dot1x timeout supp-timeout dot1x timeout server-timeout show dot1x show dot1x users dot1x port-control The dot1x port-control Interface Configuration mode command enables manually controlling the authorization state of the client. • force-unauthorized -
... re-authperiod dot1x timeout quiet-period dot1x timeout tx-period dot1x max-req dot1x timeout supp-timeout dot1x timeout server-timeout show dot1x show dot1x users dot1x port-control The dot1x port-control Interface Configuration mode command enables manually controlling the authorization state of the client. • force-unauthorized -
User Guide
Page 298
...EXEC mode Command Usage There are no form of all 802.1X-enabled ports or the specified 802.1X-enabled port. Example The following command manually initiates a re-authentication of seconds that the device remains in the quiet state following a failed authentication exchange (for this command. To return ...1X-enabled Ethernet port 1/e16. 4 Command Line Interface dot1x max-req dot1x timeout supp-timeout dot1x timeout-server-timeout show dot1x show dot1x users dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of this command.
...EXEC mode Command Usage There are no form of all 802.1X-enabled ports or the specified 802.1X-enabled port. Example The following command manually initiates a re-authentication of seconds that the device remains in the quiet state following a failed authentication exchange (for this command. To return ...1X-enabled Ethernet port 1/e16. 4 Command Line Interface dot1x max-req dot1x timeout supp-timeout dot1x timeout-server-timeout show dot1x show dot1x users dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of this command.
User Guide
Page 377
... EXEC mode Command Usage There are no default configuration. Shows the status of the Simple Network Time Protocol (SNTP). Default Setting This command has no user guidelines for this command. Example The following example sets the system time to 13:32:00 on the 7th March 2002. Mode PE PE Page...
... EXEC mode Command Usage There are no default configuration. Shows the status of the Simple Network Time Protocol (SNTP). Default Setting This command has no user guidelines for this command. Example The following example sets the system time to 13:32:00 on the 7th March 2002. Mode PE PE Page...
User Guide
Page 431
.... Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage An access port does not dynamically join a VLAN because it is manually defined as in a tagged VLAN. Membership in an untagged VLAN is disabled on all interfaces. Console(config)# interface ethernet 1/e6 Console(...Global) garp timer gvrp vlan-creation-forbid gvrp registration-forbid show gvrp configuration 407 4 GVRP Commands Command Usage There are no user guidelines for this command. Example The following example enables GVRP on the device. Syntax gvrp enable no gvrp enable Default Setting GVRP...
.... Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage An access port does not dynamically join a VLAN because it is manually defined as in a tagged VLAN. Membership in an untagged VLAN is disabled on all interfaces. Console(config)# interface ethernet 1/e6 Console(...Global) garp timer gvrp vlan-creation-forbid gvrp registration-forbid show gvrp configuration 407 4 GVRP Commands Command Usage There are no user guidelines for this command. Example The following example enables GVRP on the device. Syntax gvrp enable no gvrp enable Default Setting GVRP...
User Guide
Page 615
...to the default configuration, use the no form of this command. user-key Specifies which SSH public key is 22. To return to the...Syntax ip ssh port port-number no form of this command. Default Setting The default port number is manually configured. PE mypubkey show ip ssh Displays the SSH server configuration. To disable GC this function, use...GC rsa ip ssh pubkey-auth Enables public key authentication for use the no form of this command. key-string Manually specifies an SSH public key. PE pubkey-chain ssh Page 4-591 4-592 4-592 4-593 4-594 4-595 4-...
...to the default configuration, use the no form of this command. user-key Specifies which SSH public key is 22. To return to the...Syntax ip ssh port port-number no form of this command. Default Setting The default port number is manually configured. PE mypubkey show ip ssh Displays the SSH server configuration. To disable GC this function, use...GC rsa ip ssh pubkey-auth Enables public key authentication for use the no form of this command. key-string Manually specifies an SSH public key. PE pubkey-chain ssh Page 4-591 4-592 4-592 4-593 4-594 4-595 4-...
User Guide
Page 619
...this command. 595 Console(config)# ip ssh pubkey-auth Related Commands crypto key generate dsa crypto key generate rsa crypto key pubkey-chain ssh user-key key-string show crypto key mypubkey show crypto key pubkey-chain ssh crypto key pubkey-chain ssh The crypto key pubkey-chain ssh ... Key-chain Configuration mode. Command Mode Global Configuration mode Command Usage There are specified. 4 SSH Commands Command Usage AAA authentication is used to manually specify other device public keys such as SSH client public keys. Syntax crypto key pubkey-chain ssh Default Setting No keys are no...
...this command. 595 Console(config)# ip ssh pubkey-auth Related Commands crypto key generate dsa crypto key generate rsa crypto key pubkey-chain ssh user-key key-string show crypto key mypubkey show crypto key pubkey-chain ssh crypto key pubkey-chain ssh The crypto key pubkey-chain ssh ... Key-chain Configuration mode. Command Mode Global Configuration mode Command Usage There are specified. 4 SSH Commands Command Usage AAA authentication is used to manually specify other device public keys such as SSH client public keys. Syntax crypto key pubkey-chain ssh Default Setting No keys are no...
User Guide
Page 620
... dsa crypto key generate rsa ip ssh pubkey-auth user-key key-string show crypto key mypubkey show crypto key pubkey-chain ssh user-key The user-key SSH Public Key-string Configuration mode command specifies which SSH public key is manually configured. Indicates the DSA key pair. Specifies the... keys exist. 596 4 Command Line Interface Example The following example enters the SSH Public Key-chain Configuration mode and manually configures the RSA key pair for SSH public key-chain bob. Syntax user-key username {rsa | dsa} no form of the remote SSH client. (Range: 1-48 characters) • rsa...
... dsa crypto key generate rsa ip ssh pubkey-auth user-key key-string show crypto key mypubkey show crypto key pubkey-chain ssh user-key The user-key SSH Public Key-string Configuration mode command specifies which SSH public key is manually configured. Indicates the DSA key pair. Specifies the... keys exist. 596 4 Command Line Interface Example The following example enters the SSH Public Key-chain Configuration mode and manually configures the RSA key pair for SSH public key-chain bob. Syntax user-key username {rsa | dsa} no form of the remote SSH client. (Range: 1-48 characters) • rsa...
User Guide
Page 621
... format is the same format in UU-encoded DER format; Command Mode SSH Public Key-string Configuration mode 597 Example The following example enables manually configuring an SSH public key for SSH public key-chain bob. Syntax key-string key-string row key-string Parameters • row - Console...(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key bob rsa Console(config-pubkey-key)# key-string row Related Commands crypto key generate dsa crypto key generate rsa ip ssh pubkey-auth crypto...
... format is the same format in UU-encoded DER format; Command Mode SSH Public Key-string Configuration mode 597 Example The following example enables manually configuring an SSH public key for SSH public key-chain bob. Syntax key-string key-string row key-string Parameters • row - Console...(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key bob rsa Console(config-pubkey-key)# key-string row Related Commands crypto key generate dsa crypto key generate rsa ip ssh pubkey-auth crypto...