ES4626/ES4650
Layer 3 Gigabit Switch
Management Guide
www.edge-core.com
Download from Www.Somanuals.com. All Manuals Search And Download.
Preface
ES4626/ES4650 is a routing switch that can be deployed as the core layer device for campus and
enterprise networks, or as an aggregation device for IP metropolitan area networks (MAN). The
ES4626 provides 24 fixed 1000MB port (4 of which are fixed 1000MB Combo fiber cable
port/copper cable ports) and 2 10GB XFP ports. The ES4650 provides 48 fixed 1000MB port (4 of
which are fixed 1000MB Combo fiber cable port/copper cable ports) and 2 10GB XFP ports.
ES4626/ES4650 can seamlessly support various network interfaces from 100Mb, 1000Mb to
10Gb Ethernets.
We are providing this manual for your better understanding, usage and maintenance of the
ES4626/ES4650. We strongly recommend you to read through this manual carefully before the
installation and configuration to avoid possible damage and malfunction to the switch. Thank you
for your choice and purchase of this networking product from Accton Technology Corp. We
sincerely hope our products and services satisfy you.
2
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
Preface
2
3
Contents
Chapter 1
Switch Management _________________________________________ 12
1.1 Management Options ____________________________________________ 12
1.1.1
1.1.2
Out-of-band Management ____________________________________________ 12
In-band Management________________________________________________ 15
1.2 Management Interface____________________________________________ 21
1.2.1
1.2.2
CLI Interface ______________________________________________________ 21
WEB Interface _____________________________________________________ 28
Chapter 2
Basic Switch Configuration____________________________________ 30
2.1 Basic Switch Configuration Commands ___________________________ 30
2.1.1
calendar set ________________________________________________________ 30
config _____________________________________________________________ 30
enable_____________________________________________________________ 31
disable ____________________________________________________________ 31
enable password ____________________________________________________ 31
exec timeout________________________________________________________ 32
exit _______________________________________________________________ 33
help_______________________________________________________________ 33
ip host ____________________________________________________________ 33
hostname __________________________________________________________ 34
uername password __________________________________________________ 34
uername nopassword ________________________________________________ 35
username access-level________________________________________________ 35
reload_____________________________________________________________ 35
set default _________________________________________________________ 36
setup______________________________________________________________ 36
language___________________________________________________________ 36
write______________________________________________________________ 36
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.2 Maintenance and Debug Commands ______________________________ 37
2.2.1
2.2.2
2.2.3
ping ______________________________________________________________ 37
Telnet _____________________________________________________________ 38
SSH ______________________________________________________________ 41
3
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.4
2.2.5
2.2.6
traceroute _________________________________________________________ 46
show ______________________________________________________________ 47
debug _____________________________________________________________ 53
2.3 Configuring Switch IP Addresses _________________________________ 53
2.3.1
2.3.2
Configuring Switch IPAddresses Task Sequence _________________________ 53
Commands for Configuring Switch IPAddresses _________________________ 54
2.4 SNMP ___________________________________________________________ 56
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
Introduction to SNMP _______________________________________________ 56
Introduction to MIB_________________________________________________ 57
Introduction to RMON ______________________________________________ 58
SNMP Configuration ________________________________________________ 59
Typical SNMP Configuration Examples_________________________________ 66
SNMP Troubleshooting Help__________________________________________ 67
2.5 Switch Upgrade__________________________________________________ 72
2.5.1
2.5.2
BootROM Upgrade _________________________________________________ 72
FTP/TFTP Upgrade _________________________________________________ 75
2.6 WEB Management _______________________________________________ 90
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
Switch Basic Configuration ___________________________________________ 90
SNMP Configuration ________________________________________________ 91
Switch Upgrade_____________________________________________________ 93
Monitor and debug command _________________________________________ 95
Switch basic information _____________________________________________ 97
Switch on-off configuration ___________________________________________ 98
Switch maintenance _________________________________________________ 98
Telnet service configuration___________________________________________ 99
username service____________________________________________________ 99
Basic host configuration_____________________________________________ 100
Chapter 3
Port Configuration__________________________________________ 101
3.1 Introduction to Port _____________________________________________ 101
3.2 Port Configuration ______________________________________________ 101
3.2.1
3.2.2
3.2.3
Network Port Configuration _________________________________________ 101
VLAN Interface Configuration _______________________________________ 109
Port Mirroring Configuration_________________________________________112
3.3 Port Configuration Example _____________________________________ 114
3.4 Port Troubleshooting Help_______________________________________ 115
4
Download from Www.Somanuals.com. All Manuals Search And Download.
3.4.1
3.4.2
Monitor and Debug Commands _______________________________________115
Port Troubleshooting Help____________________________________________116
3.5 WEB Management ______________________________________________ 116
3.5.1
3.5.2
3.5.3
3.5.4
Ethenet port configuration ___________________________________________116
Vlan interface configuration __________________________________________118
Port mirroring configuration_________________________________________ 120
Port debug and maintenance_________________________________________ 120
Chapter 4
MAC Table Configuration ____________________________________ 123
4.1 Introduction to MAC Table _______________________________________ 123
4.1.1
4.1.2
Obtaining MAC Table ______________________________________________ 123
Forward or Filter __________________________________________________ 125
4.2 MAC Table Configuration ________________________________________ 126
4.2.1
4.2.2
4.2.3
mac-address-table aging-time ________________________________________ 126
mac-address-table static_____________________________________________ 126
mac-address-table discard ___________________________________________ 127
4.3 Typical Configuration Examples _________________________________ 128
4.4 Troubleshooting Help ___________________________________________ 128
4.4.1
4.4.2
Monitor and Debug Commands ______________________________________ 128
Troubleshooting Help_______________________________________________ 129
4.5 MAC Address Function Extension________________________________ 129
4.5.1 MAC Address Binding ______________________________________________ 129
4.6 WEB Management ______________________________________________ 137
4.6.1
4.6.2
MAC address table configuration _____________________________________ 137
MAC address table configuration _____________________________________ 140
Chapter 5
VLAN Configuration ________________________________________ 145
5.1 Introduction to VLAN____________________________________________ 145
5.2 VLAN Configuration_____________________________________________ 146
5.2.1
5.2.2
5.2.3
VLAN Configuration Task Sequence __________________________________ 146
VLAN Configuration Commands _____________________________________ 148
Typical VLAN Application___________________________________________ 152
5.3 GVRP Configuration ____________________________________________ 154
5.3.1
5.3.2
5.3.3
GVRP Configuration Task Sequence __________________________________ 155
GVRP Commands _________________________________________________ 156
Typical GVRPApplication___________________________________________ 158
5
Download from Www.Somanuals.com. All Manuals Search And Download.
5.4 VLAN Troubleshooting Help _____________________________________ 160
5.4.1
5.4.2
Monitor and Debug Information______________________________________ 160
VLAN Troubleshooting Help_________________________________________ 162
5.5 WEB Management ______________________________________________ 162
5.5.1
5.5.2
5.5.3
Vlan configuration _________________________________________________ 162
GVRP configuration________________________________________________ 168
VLAN debug and maintenance _______________________________________ 169
Chapter 6
MSTP Configuration ________________________________________ 171
6.1 MSTP Introduction ______________________________________________ 171
6.1.1
6.1.2
6.1.3
MSTP Region _____________________________________________________ 171
Port Roles ________________________________________________________ 173
MSTP Load Balance________________________________________________ 173
6.2 Configuring MSTP ______________________________________________ 173
6.2.1
6.2.2
MSTP Configuration Task Sequence __________________________________ 173
MSTP Configuration Command ______________________________________ 176
6.3 MSTP Example _________________________________________________ 184
6.4 MSTP Troubleshooting __________________________________________ 189
6.4.1
6.4.2
Monitoring And Debugging Command ________________________________ 189
MSTP Troubleshooting Help _________________________________________ 193
Chapter 7
IGMP Snooping Configuration ________________________________ 194
7.1 Introduction to IGMP Snooping __________________________________ 194
7.2 IGMP Snooping Configuration ___________________________________ 194
7.2.1
7.2.2
IGMP Snooping Configuration Task __________________________________ 194
IGMP Snooping Configuration Command______________________________ 196
7.3 IGMP Snooping Example ________________________________________ 199
7.4 IGMP Snooping Troubleshooting Help____________________________ 202
7.4.1
7.4.2
Monitor and Debug Commands ______________________________________ 202
IGMP Snooping Troubleshooting Help_________________________________ 206
7.5 Web Management_______________________________________________ 206
7.5.1
7.5.2
7.5.3
Enable IGMP Snooping on the switch _________________________________ 206
IGMP Snooping Configuration _______________________________________ 206
IGMP Snooping static multicast configuration __________________________ 208
Chapter 8
802.1X CONFIGURATION ___________________________________ 210
8.1 802.1X Introduction _____________________________________________ 210
6
Download from Www.Somanuals.com. All Manuals Search And Download.
8.2 802.1X Configuration____________________________________________ 211
8.2.1
8.2.2
802.1X Configuration Task Sequence ___________________________________211
802.1X Configuration Command _____________________________________ 216
8.3 802.1X Apply Example___________________________________________ 226
8.4 802.1X Trouble Shooting ________________________________________ 227
8.4.1
8.4.2
802.1X Debug and Monitor Command_________________________________ 227
802.1X Troubleshooting _____________________________________________ 232
8.5 WEB Management ______________________________________________ 233
8.5.1
8.5.2
RADIUS client configuration ________________________________________ 233
802.1X Configuration_______________________________________________ 235
Chapter 9
ACL Configuration__________________________________________ 239
9.1 Introduction to ACL _____________________________________________ 239
9.1.1
9.1.2
9.1.3
Access list_________________________________________________________ 239
Access-group ______________________________________________________ 239
Access list Action and Global Default Action____________________________ 240
9.2 ACL configuration ______________________________________________ 240
9.2.1
9.2.2
ACL Configuration Task Sequence____________________________________ 240
ACL Configuration Commands ______________________________________ 244
9.3 ACL Example___________________________________________________ 249
9.4 ACL Troubleshooting Help_______________________________________ 250
9.4.1
9.4.2
ACL Debug and Monitor Commands__________________________________ 250
ACL Troubleshooting Help __________________________________________ 252
9.5 Web Management_______________________________________________ 252
9.5.1
9.5.2
9.5.3
9.5.4
9.5.5
9.5.6
9.5.7
Add standard numeric IPACL configuration ___________________________ 253
Delete standard numeric IPACL configuration _________________________ 253
Extended numeric ACL configuration _________________________________ 253
Standard ACL name configuration____________________________________ 255
Extended ACL name configuration____________________________________ 256
Firewall configuration ______________________________________________ 256
ACL port binding configuration ______________________________________ 257
Chapter 10 Port Channel Configuration __________________________________ 258
10.1
10.2
Introduction to Port Channel___________________________________ 258
Port Channel Configuration____________________________________ 259
Port Channel Configuration Task Sequence ____________________________ 259
Port Channel Configuration Commands _______________________________ 260
10.2.1
10.2.2
7
Download from Www.Somanuals.com. All Manuals Search And Download.
10.3
10.4
Port Channel Example_________________________________________ 262
Port Channel Troubleshooting Help ____________________________ 264
Monitor and Debug Commands ______________________________________ 264
Port Channel Troubleshooting Help ___________________________________ 269
10.4.1
10.4.2
10.5
Web Management_____________________________________________ 270
LACP port group configuration ______________________________________ 270
LACP port configuration____________________________________________ 271
10.5.1
10.5.2
Chapter 11 DHCP Configuration ________________________________________ 272
11.1 Introduction to DHCP ___________________________________________ 272
11.2 DHCP Server Configuration______________________________________ 273
11.2.1
11.2.2
DHCP Sever Configuration Task Sequence _____________________________ 273
DHCP Server Configuration Commands _______________________________ 275
11.3 DHCP Relay Configuration_______________________________________ 284
11.3.1
11.3.2
DHCP Relay Configuration Task Sequence _____________________________ 285
DHCP Relay Configuration Command ________________________________ 285
11.4 DHCP Configuration Example____________________________________ 287
11.5 DHCP Troubleshooting Help _____________________________________ 289
11.5.1
11.5.2
Monitor and Debug Commands ______________________________________ 289
DHCP Troubleshooting Help_________________________________________ 294
11.6 WEB Management ______________________________________________ 294
11.6.1
11.6.2
11.6.3
DHCP server configuration __________________________________________ 294
DHCP relay configuration ___________________________________________ 301
DHCP debugging __________________________________________________ 302
Chapter 12 SNTP Configuration ________________________________________ 304
12.1
12.1.1
SNTP Configuration Commands _______________________________ 304
sntp server________________________________________________________ 304
sntp poll __________________________________________________________ 304
clock timezone_____________________________________________________ 305
12.1.2
12.1.3
12.2
Typical SNTP Configuration Examples__________________________ 306
12.3
12.3.1
SNTP Troubleshooting Help ___________________________________ 306
Monitor and Debug Commands ______________________________________ 306
12.4
WEB Management ____________________________________________ 307
12.4.1 SNTP/NTP server configuration _________________________________________ 307
12.4.2 Request interval configuration __________________________________________ 307
8
Download from Www.Somanuals.com. All Manuals Search And Download.
12.4.3 Time difference_______________________________________________________ 308
12.4.4 Show sntp ___________________________________________________________ 308
Chapter 13 QoS Configuration _________________________________________ 309
13.1
13.1.1
QoS__________________________________________________________ 309
Introduction to QoS ________________________________________________ 309
QoS Configuration __________________________________________________311
QoS Example______________________________________________________ 325
QoS Troubleshooting Help___________________________________________ 327
Web Management__________________________________________________ 333
13.1.2
13.1.3
13.1.4
13.1.5
13.2
PBR__________________________________________________________ 345
PBR Introduction __________________________________________________ 345
PBR Configuration_________________________________________________ 345
PBR Example _____________________________________________________ 349
13.2.1
13.2.2
13.2.3
Chapter 14 L3 Forward Configuration ____________________________________ 351
14.1
14.1.1
14.1.2
Layer3 Interface ______________________________________________ 351
Introduction to Layer3 Interface _____________________________________ 351
Layer3 interface configuration _______________________________________ 352
14.2
IP Forwarding ________________________________________________ 353
Introduction to IP Forwarding _______________________________________ 353
IP Route Aggregation Configuration __________________________________ 353
IP Forwarding Troubleshooting Help__________________________________ 354
14.2.1
14.2.2
14.2.3
14.3
ARP__________________________________________________________ 356
Introduction to ARP________________________________________________ 356
ARP configuration _________________________________________________ 357
ARP Forwarding Troubleshooting Help________________________________ 358
14.3.1
14.3.2
14.3.3
Chapter 15 Routing Protocol Configuration________________________________ 361
15.1
15.2
Route Table __________________________________________________ 361
Static Route __________________________________________________ 362
Introduction to Static Route _________________________________________ 362
Introduction to Default Route ________________________________________ 363
Static Route Configuration __________________________________________ 363
Configuration Scenario _____________________________________________ 366
Troubleshooting Help_______________________________________________ 367
15.2.1
15.2.2
15.2.3
15.2.4
15.2.5
15.3
15.3.1
RIP __________________________________________________________ 367
Introduction to RIP ________________________________________________ 367
9
Download from Www.Somanuals.com. All Manuals Search And Download.
15.3.2
15.3.3
15.3.4
RIP Configuration _________________________________________________ 369
Typical RIP Scenario _______________________________________________ 385
RIP Troubleshooting Help ___________________________________________ 387
15.4
OSPF ________________________________________________________ 389
Introduction to OSPF_______________________________________________ 389
OSPF Configuration________________________________________________ 392
Typical OSPF Scenario______________________________________________ 417
OSPF Troubleshooting Help _________________________________________ 424
15.4.1
15.4.2
15.4.3
15.4.4
15.5
Web Management_____________________________________________ 433
Static route _______________________________________________________ 433
RIP______________________________________________________________ 434
OSPF ____________________________________________________________ 438
15.5.1
15.5.2
15.5.3
Chapter 16 Multicast Protocol Configuration_______________________________ 447
16.1
16.1.1
Multicast Protocol Overview ___________________________________ 447
Introduction to Multicast____________________________________________ 447
Multicast Address __________________________________________________ 448
IP Multicast Packets Forwarding _____________________________________ 449
Application of Multicast_____________________________________________ 449
16.1.2
16.1.3
16.1.4
16.2
16.2.1
Common Multicast Configurations _____________________________ 450
Common Multicast Configuration Commands __________________________ 450
16.3
PIM-DM ______________________________________________________ 451
Introduction to PIM-DM ____________________________________________ 451
PIM-DM Configuration _____________________________________________ 452
Typical PIM-DM Scenario___________________________________________ 454
PIM-DM Troubleshooting Help ______________________________________ 455
16.3.1
16.3.2
16.3.3
16.3.4
16.4
PIM-SM_______________________________________________________ 459
Introduction to PIM-SM ____________________________________________ 459
PIM-SM Configuration _____________________________________________ 460
Typical PIM-SM Scenario ___________________________________________ 465
PIM-SM Troubleshooting Help _______________________________________ 467
16.4.1
16.4.2
16.4.3
16.4.4
16.5
DVMRP_______________________________________________________ 472
Introduction to DVMRP ____________________________________________ 472
DVMRP configuration ______________________________________________ 473
Typical DVMRP Scenario ___________________________________________ 480
DVMRP Troubleshooting Help _______________________________________ 480
16.5.1
16.5.2
16.5.3
16.5.4
10
Download from Www.Somanuals.com. All Manuals Search And Download.
16.6
16.6.1
IGMP_________________________________________________________ 485
Introduction to IGMP ______________________________________________ 485
IGMP configuration ________________________________________________ 486
Typical IGMP Scenario _____________________________________________ 492
IGMP Troubleshooting Help _________________________________________ 492
16.6.2
16.6.3
16.6.4
16.7
web Management _____________________________________________ 495
Multicast common configuration _____________________________________ 495
PIM-DM configuration _____________________________________________ 496
PIM-SM configuration______________________________________________ 496
DVMRP configuration ______________________________________________ 498
IGMP configuration ________________________________________________ 500
Multicast inspect and debug _________________________________________ 501
16.7.1
16.7.2
16.7.3
16.7.4
16.7.5
16.7.6
Chapter 17 VRRP Configuration ________________________________________ 503
17.1
17.2
Introduction to VRRP__________________________________________ 503
VRRP Configuration___________________________________________ 504
VRRP Configuration Task Sequence __________________________________ 504
VRRP Configuration Commands _____________________________________ 505
Typical VRRPApplication___________________________________________ 510
VRRP Troubleshooting Help __________________________________________511
17.2.1
17.2.2
17.2.3
17.2.4
Chapter 18 Cluster Network Management ________________________________ 514
18.1
18.2
Introduction to cluster network management____________________ 514
Basic Cluster Network Management Configuration ______________ 515
Cluster Network Management Configuration Sequence __________________ 515
Cluster Configuration Commands ____________________________________ 517
18.2.1
18.2.2
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1 Switch Management
1.1 Management Options
After purchasing the switch, the user needs to configure the switch for network
management. ES4626/ES4650 provides two management options: in-band management
and out-of-band management.
1.1.1 Out-of-band Management
Out-of-band management is the management through Console interface. Generally,
the user will use out-of-band management for the initial switch configuration, or when
in-band management is not available. For instance, the user must assign an IP address to
the switch via the Console interface to be able to access the switch through Telnet.
The procedures for managing the switch via Console interface are listed below:
Step 1: setting up the environment:
Connect with serial port
Fig 1-1 Out-of-band Management Configuration Environment
As shown in Fig 1-1, the serial port (RS-232) is connected to the switch with the serial
cable provided. The table below lists all the devices used in the connection.
Device Name
Description
PC machine
Has functional keyboard and RS-232, with terminal
emulator installed, such as HyperTerminal included in
Windows 9x/NT/2000/XP.
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Serial port cable
ES4626/ES4650
One end attach to the RS-232 serial port, the other end to
the Console port.
Functional Console port required.
Step 2 Entering the HyperTerminal
Open the HyperTerminal included in Windows after the connection established. The
example below is based on the HyperTerminal included in Windows XP.
1) Click Start menu - All Programs – Accessories – Communication - HyperTerminal.
Fig 1-2 Opening HyperTerminal (1)
2) Type a name for opening HyperTerminal, such as “Switch”.
Fig 1-3 Opening HyperTerminal (2)
3) In the “Connecting with” drop-list, select the RS-232 serial port used by the PC, e.g.
COM1, and click “OK”.
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Fig 1-4 Opening HyperTerminal (3)
4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for
“Parity checksum”, “1” for stop bit and “none” for traffic control; or, you can also click
“Revert to default” and click “OK”.
Fig 1-5 Opening HyperTerminal (4)
Step 3 Entering switch CLI interface:
14
Download from Www.Somanuals.com. All Manuals Search And Download.
Power on the switch. The following appears in the HyperTerminal windows, that is the
CLI configuration mode for ES4626.
ES4626 Management Switch
Copyright (c) 2001-2004 by Accton Technology Corporation.
All rights reserved.
Reset chassis ... done.
Testing RAM...
134,217,728 RAM OK.
Initializing...
Attaching to file system ... done.
Loading nos.img ... done.
Starting at 0x10000...
Current time is WED APR 20 09: 37: 52 2005
ES4626 Series Switch Operating System, Software Version ES4626 1.1.0.0,
Copyright (C) 2001-2006 by Accton Technology Corporation
http: //www.edge-core. com.
ES4626 Switch
26 Ethernet/IEEE 802.3 interface(s)
Press ENTER to start session
The user can now enter commands to manage the switch. For a detailed description for
the commands, please refer to the following chapters.
1.1.2 In-band Management
In-band management refers to the management by login to the switch using Telnet.
In-band management enables management of the switch for some devices attached to
15
Download from Www.Somanuals.com. All Manuals Search And Download.
the switch. In the case when in-band management fails due to switch configuration
changes, out-of-band management can be used for configuring and managing the switch.
1.1.2.1 Management via Telnet
To manage the switch with Telnet, the following conditions should be met:
1) Switch has an IP address configured
2) The host IP address (Telnet client) and the switch’s VLAN interface IP address is
in the same network segment.
3) If not 2), Telnet client can connect to an IP address of the switch via other devices,
such as a router.
ES4626/ES4650 is a Layer 3 switch that can be configured with several IP addresses.
The following example assumes the shipment status of the switch where only VLAN1
exists in the system.
The following describes the steps for a Telnet client to connect to the switch’s VLAN1
interface by Telnet.
connect with serial
port cable
Fig 1-6 Manage the switch by Telnet
Step 1: Configure the IP addresses for the switch
First is the configuration of host IP address. This should be within the same network
segment as the switch VLAN1 interface IP address. Suppose the switch VLAN interface IP
address 10.1.128.251/24. Then, a possible host IP address is 10.1.128.252/24. Run “ping
10.1.128.251” from the host and verify the result, check for reasons if ping failed.
The IP address configuration commands for VLAN1 interface are listed below. Before
in-band management, the switch must be configured with an IP address by out-of-band
16
Download from Www.Somanuals.com. All Manuals Search And Download.
management (i.e. Console mode), The configuration commands are as follows (All switch
configuration prompts are assumed to be “switch” hereafter if not otherwise specified):
Switch>
Switch>en
Switch#config
Switch(Config)#interface vlan 1
Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0
Switch(Config-If-Vlan1)#no shutdown
Step 2: Run Telnet Client program.
Run Telnet client program included in Windows with the specified Telnet target.
Fig 1-7 Run telnet client program included in Windows
Step 3: Login to the switch
Login to the Telnet configuration interface. Valid login name and password are required,
otherwise the switch will reject Telnet access. This is a method to protect the switch from
unauthorized access. As a result, when Telnet is enabled for configuring and managing
the switch, username and password for authorized Telnet users must be configured with
the following command:
telnet-user <user> password {0|7} <password>.
Assume an authorized user in the switch has a username of “test”, and password of “test”,
the configuration procedure should like the following:
Switch>en
Switch#config
Switch(Config)#telnet-user test password 0 test
Enter valid login name and password in the Telnet configuration interface, Telnet user
17
Download from Www.Somanuals.com. All Manuals Search And Download.
will be able to enter the switch’s CLI configuration interface. The commands used in the
Telnet CLI interface after login is the same as in that in the Console interface.
Fig 1-8 Telnet Configuration Interface
1.1.2.2 Management via HTTP
To manage the switch via HTTP, the following conditions should be met:
1) Switch has an IP address configured
2) The host IP address (HTTP client) and the switch’s VLAN interface IP address
are in the same network segment;
3) If 2) is not met, HTTP client should connect to an IP address of the switch via
other devices, such as a router.
Similar to management via Telnet, as soon as the host succeeds to ping an IP
address of the switch and to type the right login password, it can access the switch via
HTTP. The configuration sequence is as below:
Step 1: Configure the IP addresses for the switch and start the HTTP function on the
switch.
For configuring the IP address on the switch through out-of-band management, see
the relevant chapter.
To enable the WEB configuration, users should type the CLI command ip http server
in the global mode as below:
Switch>en
Switch#config
18
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch(Config)#ip http server
Step 2: Run HTTP protocol on the host.
Open the Web browser on the host and type the IP address of the switch. Or run
directly the HTTP protocol on the Windows. For example, the IP address of the switch is
“10.1.128.251”.
Fig 1-9 Run HTTP Protocol
Step 3: Logon to the switch
To logon to the HTTP configuration interface, valid login user name and password are
required; otherwise the switch will reject HTTP access. This is a method to protect the
switch from the unauthorized access. Consequently, in order to configure the switch via
HTTP, username and password for authorized HTTP users must be configured with the
following command in the global mode:
username <username> password <show_flag> <password>. Suppose an
authorized user in the switch has a username as “test”, and password as “test”. The
configuration procedure is as below:
Switch>en
Switch#config
Switch(Config)# username test password 0 test
The Web login interface is as below:
19
Download from Www.Somanuals.com. All Manuals Search And Download.
Fig 1-10 Web Login Interface
Input the right username and password, and then the main Web configuration
interface is shown as below.
20
Download from Www.Somanuals.com. All Manuals Search And Download.
Fig 1-11 Main Web Configuration Interface
1.2 Management Interface
1.2.1 CLI Interface
CLI interface is familiar to most users. As aforementioned, out-of-band management
and Telnet login are all performed through CLI interface to manage the switch.
CLI Interface is supported by Shell program, which consists of a set of configuration
commands. Those commands are categorized according to their functions in switch
configuration and management. Each category represents a different configuration mode.
The Shell for the switch is described below:
z
z
z
z
Configuration Modes
Configuration Syntax
Shortcut keys
Help function
21
Download from Www.Somanuals.com. All Manuals Search And Download.
z
z
Input verification
Fuzzy match support
1.2.1.1 Configuration Modes
User Mode
Admin Mode
Global Mode
Fig 1-12 Shell Configuration Modes
1.2.1.1.1
User Mode
On entering the CLI interface, entering user entry system first. If as common user, it is
defaulted to User Mode. The prompt shown is “Switch>”, the symbol “>” is the prompt for
User Mode. When disable command is run under Admin Mode, it will also return to the
User Mode.
Under User Mode, no configuration to the switch is allowed, only clock time and
version information of the switch can be queries.
1.2.1.1.2
Admin Mode
To enter Under Admin Mode see the following: In user entry system, if as Admin user,
it is defaulted to Admin Mode. Admin Mode prompt “Switch#” can be entered under the
User Mode by running the enable command and entering corresponding access levels
admin user password, if a password has set. Or, when exit command is run under Global
22
Download from Www.Somanuals.com. All Manuals Search And Download.
Mode, it will also return to the Admin Mode. ES4626/ES4650 also provides a shortcut key
sequence "Ctrl+z”, this allows an easy way to exit to Admin Mode from any configuration
mode (except User Mode).
Under Admin Mode, when disable command is run, it will return to User Mode. When
exit command is run, it will exit the entry and enter user entry system direct. Next users
can reenter the system on entering corresponding user name and password.
Under Admin Mode, the user can query the switch configuration information,
connection status and traffic statistics of all ports; and the user can further enter the Global
Mode from Admin Mode to modify all configurations of the switch. For this reason, a
password must be set for entering Admin mode to prevent unauthorized access and
malicious modification to the switch.
1.2.1.1.3
Global Mode
Type the config command under Admin Mode will enter the Global Mode prompt
“Switch(Config)#”. Use the exit command under other configuration modes such as
Interface Mode, VLAN mode will return to Global Mode.
The user can perform global configuration settings under Global Mode, such as MAC
Table, Port Mirroring, VLAN creation, IGMP Snooping start, GVRP and STP, etc. And the
user can go further to Interface Mode for configuration of all the interfaces.
1.2.1.1.3.1
Interface Mode
Use the interface command under Global Mode can enter the interface mode
specified. ES4626/ES4650 provides three interface type: VLAN interface, Ethernet port
and port-channel, and accordingly the three interface configuration modes.
Interface Type Entry
Prompt
Operates
Exit
VLAN
Type
interface Switch(Config-If- Configure
Use the exit
Interface
vlan
<Vlan-id> Vlanx)#
switch IPs, etc command to
return to
command under
Global Mode.
Global Mode.
Ethernet Port Type
ethernet
interface Switch(Config-
Configure
supported
Use the exit
ethernetxx)#
command to
<interface-list>
command under
Global Mode.
duplex mode, return
to
speed,
of
etc. Global Mode.
Ethernet
Port.
port-channel
Type
interface Switch(Config-if- Configure
Use the exit
23
Download from Www.Somanuals.com. All Manuals Search And Download.
port-channel
port-channelx)#
port-channel
related
command to
return to
<port-channel-nu
mber> command
settings such Global Mode.
as duplex
under
Mode.
Global
mode, speed,
etc.
1.2.1.1.3.2
VLAN Mode
Using the vlan <vlan-id> command under Global Mode can enter the corresponding
VLAN Mode. Under VLAN Mode the user can configure all member ports of the
corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode.
1.2.1.1.3.3
DHCP Address Pool Mode
Type the ip dhcp pool <name> command under Global Mode will enter the DHCP
Address Pool Mode prompt “Switch(Config-<name>-dhcp)#”. DHCP address pool
properties can be configured under DHCP Address Pool Mode. Run the exit command to
exit the DHCP Address Pool Mode to Global Mode.
1.2.1.1.3.4
Route Mode
Routing
Protocol
RIP
Entry
Prompt
Operates
Configure
Exit
Use
Type router Switch(Config-Router-Rip)#
the
Routing
Protocol
rip
RIP protocol “exit”
parameters. command to
command
under
Global
Mode.
return
Global
Mode.
Use
to
OSPF
Type router Switch(Config-Router-Ospf)# Configure
the
Routing
Protocol
ospf
OSPF
“exit”
command
under
protocol
parameters.
command to
return
Global
Mode.
to
Global
Mode.
24
Download from Www.Somanuals.com. All Manuals Search And Download.
1.2.1.1.3.5
ACL Mode
ACL type
Entry
Prompt
Switch(Config-Std-Nacl- Configure
access-list ip a)#
Operates
Exit
Standard IP Type
ACL Mode
Use the “exit”
parameters command to
command
under Global
Mode.
for
return
to
Standard
Global Mode.
IP
Mode
ACL
Extended IP Type
ACL Mode
Switch(Config-Ext-Nacl- Configure
Use the “exit”
access-list ip b)#
parameters command to
command
under Global
Mode.
for
return
to
Extended
Global Mode.
IP
ACL
Mode
1.2.1.2 Configuration Syntax
ES4626/ES4650 provides various configuration commands. Although all the
commands are different, they all abide by the syntax for ES4626/ES4650 configuration
commands. The general command format of ES4626/ES4650 is shown below:
cmdtxt <variable> { enum1 | … | enumN } [option]
Conventions: cmdtxt in bold font indicates a command keyword; <variable> indicates a
variable parameter; {enum1 | … | enumN } indicates a mandatory parameter that should
be selected from the parameter set enum1~enumN; and the square bracket ([ ]) in
[option] indicate a optional parameter. There may be combinations of “< >”, “{ }” and “[ ]”
in the command line, such as [<variable>],{enum1 <variable>| enum2}, [option1
[option2]], etc.
Here are examples for some actual configuration commands:
y
show calendar, no parameters required. This is a command with only a
keyword and no parameter, just type in the command to run.
y
y
vlan <vlan-id>, parameter values are required after the keyword.
duplex {auto|full|half},user can enter duplex half, duplex full or duplex
auto for this command.
y
snmp-server community <string>{ro|rw}, the followings are possible:
snmp-server community <string> ro
snmp-server community <string> rw
25
Download from Www.Somanuals.com. All Manuals Search And Download.
1.2.1.3 Shortcut Key Support
ES4626/ES4650 provides several shortcut keys to facilitate user configuration, such
as up, down, left, right and Blank Space. If the terminal does not recognize Up and Down
keys, ctrl+p and ctrl+n can be used instead.
Key(s)
Function
BackSpace
Up “↑”
Delete a character before the cursor, and the cursor moves back.
Show previous command entered. Up to ten recently entered
commands can be shown.
Down “↓”
Show next command entered. When use the Up key to get
previously entered commands, you can use the Down key to return
to the next command
Left “←”
The cursor move one character to You can use the Left and
the left.
Right key to modify an
entered command.
Right “→”
The cursor moves one character to
the right.
Ctr+p
Ctr+n
Ctr+b
Ctr+f
Ctr+z
The same as Up key “↑”.
The same as Down key “↓”.
The same as Left key “←”.
The same as Right key “→”.
Return to the Admin Mode directly from the other configuration
modes ( except User Mode).
Ctr+c
Tab
Break the ongoing command process, such as ping or other
command execution.
When a string for a command or keyword is entered, the Tab can
be used to complete the command or keyword if there is no
conflict.
1.2.1.4 Help function
There are two ways in ES4626/ES4650 for the user to access help information: the
“help” command and the “?”.
Access to Help
Help
Usage and function
Under any command line prompt, type in “help” and press Enter will get
a brief description of the associated help system.
26
Download from Www.Somanuals.com. All Manuals Search And Download.
“?”
1.Under any command line prompt, enter “?” to get a command
list of the current mode and related brief description.
2.Enter a “?” after the command keyword with a embedded
space. If the position should be a parameter, a description of
that parameter type, scope, etc, will be returned; if the position
should be a keyword, then a set of keywords with brief
description will be returned; if the output is “<cr>”, then the
command is complete, press Enter to run the command.
3.A “?” immediately following a string. This will display all the
commands that begin with that string.
1.2.1.5Input verification
1.2.1.5.1 Returned Information: success
All commands entered through keyboards undergo syntax check by the Shell.
Nothing will be returned if the user entered a correct command under corresponding
modes and the execution is successful.
1.2.1.5.2
Returned Information: error
Output error message
Explanation
Unrecognized command or illegal The entered command does not exist, or there is
parameter!
error in parameter scope, type or format.
At least two interpretations is possible basing on
the current input.
Ambiguous command
Invalid command or parameter
The command is recognized, but no valid
parameter record is found.
This command is not exist in current The command is recognized, but this command
mode
can not be used under current mode.
precursor The command is recognized, but the
prerequisite command has not been configured.
Please
configure
command "*" at first !
syntax error : missing '"' before the
end of command line!
Quotation marks are not used in pairs.
1.2.1.6 Fuzzy match support
27
Download from Www.Somanuals.com. All Manuals Search And Download.
ES4626/ES4650 Shell support fuzzy match in searching command and keyword.
Shell will recognize commands or keywords correctly if the entered string causes no
conflict.
For example:
1. For Admin configuration command “show interfaces status ethernet 1/1”,
typing “sh in status e 1/1” will work
2. However, for Admin configuration command “show running-config”, the
system will report a “> Ambiguous command!” error if only “show r” is
entered, as Shell is unable to tell whether it is “show rom” or “show
running-config”. Therefore, Shell will only recognize the command if “sh ru”
is entered.
1.2.2WEB Interface
ES4626/ES4650 has HTTP Web management function. Users can configure and
examine the switch through a Web browser.
By conducting the following configurations, users can realize the Web management.
1. Configure valid IP address, network mask and default gateway for the switch.
See 5.3
2. Configure management user name and password.
3. Establish a connection to the switch through Web browser. Input username and
password. Then users can manage the switch through Web browser.
1.2.2.1Main page
After passing the authentication by inputting username and password, users can see
the management page as below. On the management page, the main menu is on the left
and the system information and parameters are shown on the right. Click the links on the
main menu, users can see the corresponding configuration statistics.
28
Download from Www.Somanuals.com. All Manuals Search And Download.
1.2.2.2 Interface Panel
On the top of the management page, the switch interface shows the current status of
the ports. Click the ports which are in the state of “Link Up”, the port statistics are shown
on the right.
29
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2 Basic Switch Configuration
2.1 Basic Switch Configuration Commands
The basic configuration for the switch including all the commands for entering and
exiting the Admin Mode and Interface Mode, setting and displaying switch clock and
displaying system version information.
2.1.1calendar set
Command: calendar set <HH> <MM> <SS> {<DD> <MON> <YYYY> | <MON> <DD>
<YYYY>}
Function: Set system date and time.
Parameter: <HH> <MM> <SS> is the current time, and the valid scope for HH is 0 to 23,
MM and SS 0 to 59; <DD> <MON> <YYYY> or <MON> <DD> <YYYY> is the current date,
month and year or the current year, month and date, and the valid scope for YYYY is
1970~2100, MON meaning month, and DD between 1 to 31.
Command mode: Admin Mode
Default: upon first time start-up, it is defaulted to 2001.1.1 0: 0: 0.
Usage guide: The switch can not continue timing with power off, hence the current date
and time must be first set at environments where exact time is required.
Example: To set the switch current date and time to 2002.8.1 23: 0: 0:
Switch# calendar set 23 0 0 august 1 2002Related command: show calendar
2.1.2 config
Command: config [terminal]
Function: Enter Global Mode from Admin Mode.
Parameter: [terminal] indicates terminal configuration.
Command mode: Admin Mode
Example:
Switch#config
30
Download from Www.Somanuals.com. All Manuals Search And Download.
2.1.3 enable
Command: enable
Function: Enter Admin Mode from User Mode.
Parameter: 0 and 15 are user access levels. 0 is normal user level. In this level, users can
enter Admin Mode and conduct major commands such as show, ping and traceroute etc.
But users can‘t enter Global Mode. 15 is privileged user level. In this level, users can
conduct all the command of this level. <password> is password for logging on to the
privileged user mode.
Command mode: User Mode
Default: If users don’t specify the level, the default level is 15.
Usage Guide: To prevent unauthorized access of non-admin user, user authentication is
required (i.e. Admin user password is required) when entering Admin Mode from User
Mode. If the correct Admin user password is entered, Admin Mode access is granted; if 3
consecutive entry of Admin user password are all wrong, it remains in the User Mode. Set
the Admin user password under Global Mode with “enable password” command.
Example:
Switch>enable
password: ***** (admin)
Switch#
Related command: enable password
2.1.4 disable
Command: disable
Function: Enter User Mode from Admin Mode.
Command mode: Admin Mode
Example:
Switch#disable
Switch>
Related command: enable
2.1.5 enable password
Command: enable password[level {0 | 15}]
31
Download from Www.Somanuals.com. All Manuals Search And Download.
Function: Modify the password to enter Admin Mode from the User Mode, press Enter
after type in this command displays <Current password> and <New password>
parameter for the users to configure.
Parameter: 0 is normal user access level, users can enter Admin Mode and conduct
major commands such as show, ping and trace route etc. But users can‘t enter Global
Mode. 15 is privileged user level. In this level, users can conduct all the command of this
level. <Current password> is the original password, up to 16 characters are allowed;
<New password> is the new password, up to 16 characters are allowed; <Confirm new
password> is to confirm the new password and should be the same as <New
password>, otherwise, the password will need to be set again.
Command mode: Global Mode
Default: If users don’t specify the level, the default level is 15,upon first time start-up, the
Admin user password is empty. If this is the first configuration, simply press Enter on
prompting for current password.
Usage Guide: Configure Admin user password to prevent unauthorized access from
non-admin user. It is recommended to set the Admin user password at the initial switch
configuration. Also, it is recommended to exit Admin Mode with “exit” command when the
administrator needs to leave the terminal for a long time.
Example: Set the Admin user password to “admin”.
Switch(Config)#enable password
Current password:
(First time configuration, no password set, just press Enter)
(Type in admin to set the new password to “admin”)
New password: *****
Confirm New password: *****
Switch(Config)#
(Type admin again to confirm the new password)
Related command: enable
2.1.6 exec timeout
Command: exec timeout <minutes >
Function: Set timeout value for exiting Admin Mode
Parameter: < minute > is the time in minutes, the valid range is 0 to 300.
Command mode: Global Mode
Default: The default value is 5 minutes.
Usage Guide: To ensure security for the switch and prevent malicious operation of
unauthorized user, timeout count will start after the last configuration by the Admin user.
And the system will automatically exit the Admin Mode upon preset timeout threshold. If
the user needs to enter Admin Mode, Admin user password needs to be entered again. A
32
Download from Www.Somanuals.com. All Manuals Search And Download.
0 exec timeout value indicate the system will never exit Admin Mode automatically.
Example: Set timeout value for the switch to exit Admin Mode to 6 minutes.
Switch(Config)#exec timeout 6
2.1.7 exit
Command: exit
Function: Exit the current mode to the previous mode. Under Global Mode, this
command will return the user to Admin Mode, and in Admin Mode to User Mode, etc.
Command mode: All configuration modes.
Example:
Switch#exit
Switch>
2.1.8 help
Command: help
Function: Output brief description of the command interpreter help system.
Command mode: All configuration modes.
Usage Guide: An instant online help provided by the switch. Help command displays
information about the whole help system, including complete help and partial help. The
user can type in ? any time to get online help.
Example:
Switch>help
enable
exit
-- Enable Privileged mode
-- Exit telnet session
-- help
help
show
-- Show running system information
2.1.9 ip host
Command: ip host <hostname> <ip_addr>
no ip host <hostname>
Function: Set the mapping relationship between the host and IP address; the “no ip host”
33
Download from Www.Somanuals.com. All Manuals Search And Download.
parameter of this command will delete the mapping.
Parameter: <hostname> is the host name, up to 15 characters are allowed; <ip_addr> is
the corresponding IP address for the host name, takes a dot decimal format.
Command mode: Global Mode
Usage Guide: Set the association between host and IP address, which can be used in
commands like “ping <host>”.
Example: Set IP address of a host with the hostname of “beijing” to 200.121.1.1.
Switch(Config)#ip host beijing 200.121.1.1
Related commands: telnet、ping、traceroute
2.1.10
hostname
Command: hostname <hostname>
Function: Set the prompt in the switch command line interface.
Parameter <hostname> is the string for the prompt, up to 30 characters are allowed.
Command mode: Global Mode
Default: The default prompt is ES4626/ES4650.
Usage Guide: With this command, the user can set the command line prompt of the
switch according to their own requirements.
Example: Set the prompt to “Test”.
Switch(Config)#hostname Test
Test(Config)#
2.1.11
username password
Command: username <user_name> password <show_flag> <pass_word>
no uername <user_name>
Function: Configure username and password for logging on the switch; the “no
username <user_name>” command deletes the user.
Parameter: <user_name> is the username. It can’t exceed 16 characters; <show_flag>
can be either 0 or 7. 0 is used to display unencrypted username and password, whereas 7
is used to display encrypted username and password; <pass_word> is password. It can’t
exceed 16 characters;
Command mode: Global Mode
Default: The username and password are null by default.
Usage Guide: This command can be used to set the username for logging on the switch
and set the password as null.
34
Download from Www.Somanuals.com. All Manuals Search And Download.
Example: Set username as “admin” and set password as “admin”
Switch(Config)#username admin password 0 admin
Switch(Config)#
Related Command: username nopassword、username access-level、show users
2.1.12
username nopassword
Command: username <user_name> nopassword
Function: Set the username for logging on the switch and set the password as null.
Parameter: <user_name> is the username. It can’t exceed 16 characters.
Command mode: Global Mode
Usage Guide: This command is used to set the username for logging on the switch and
set the password as null.
Example: Set username as “admin” and set password as null.
Switch(Config)#username admin nopassword
Switch(Config)#
Related Command: username password、username access-level、show users
2.1.13
username access-level
Command: username <user_name> access-level <level>
Function: Configure the access level for users who log on the switch.
Parameter: <user_name> is the username. It can’t exceed 16 characters; <level> can be
either 0 or 15. 0 is normal user level and 15 is privileged user level.
Command mode: Global Mode
Example: Create user “admin” and set the level of this user as privileged user level.
Switch(Config)#username admin access-level 15
Switch(Config)#
Related Command: username password、username nopassword、show users
2.1.14
reload
Command: reload
Function: Warm reset the switch.
Command mode: Admin Mode
Usage Guide: The user can use this command to restart the switch without power off .
35
Download from Www.Somanuals.com. All Manuals Search And Download.
2.1.15
set default
Command: set default
Function: Reset the switch to factory settings.
Command mode: Admin Mode
Usage Guide: Reset the switch to factory settings. That is to say, all configurations made
by the user to the switch will disappear. When the switch is restarted, the prompt will be
the same as when the switch was powered on for the first time.
Note: After the command, “write” command must be executed to save the operation. The
switch will reset to factory settings after restart.
Example:
Switch#set default
Are you sure? [Y/N] = y
Switch#write
Switch#reload
2.1.16
setup
Command: setup
Function: Enter the Setup Mode of the switch.
Command mode: Admin Mode
Usage Guide: ES4626/ES4650 provides a Setup Mode, in which the user can configure
IP addresses, etc.
2.1.17
language
Command: language {chinese|english}
Function: Set the language for displaying the help information.
Parameter: chinese for Chinese display; english for English display.
Command mode: Admin Mode
Default: The default setting is English display.
Usage Guide: ES4626/ES4650 provides help information in two languages, the user can
select the language according to their preference. After the system restart, the help
information display will revert to English.
2.1.18
write
36
Download from Www.Somanuals.com. All Manuals Search And Download.
Command: write
Function: Save the currently configured parameters to the Flash memory.
Command mode: Admin Mode
Usage Guide: After a set of configuration with desired functions, the setting should be
saved to the Flash memory, so that the system can revert to the saved configuration
automatically in the case of accidentally powered down or power failure. This is the
equivalent to the copy running-config startup-config command.
Related commands: copy running-config startup-config
2.2 Maintenance and Debug Commands
When the users configures the switch, they will need to verify whether the
configurations are correct and the switch is operating as expected, and in network failure,
the users will also need to diagnostic the problem. ES4626/ES4650 provides various
debug commands including ping, telnet, show and debug, etc. to help the users to check
system configuration, operating status and locate problem causes.
2.2.1 ping
Command: ping [<ip-addr>]
Function: The switch send ICMP packet to remote devices to verify the connectivity
between the switch and remote devices.
Parameter: <ip-addr> is the target host IP address for ping, in dot decimal format.
Default: Send 5 ICMP packets of 56 bytes each, timeout in 2 seconds.
Command mode: Admin Mode
Usage Guide: When the user types in the ping command and press Enter, the system
will provide an interactive mode for configuration, and the user can choose all the
parameters for ping.
Example:
Example 1: Default parameter for ping.
Switch#ping 10.1.128.160
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 10.1.128.160, timeout is 2 seconds.
...!!
Success rate is 40 percent (2/5), round-trip min/avg/max = 0/0/0 ms
As shown in the above example, the switch pings a device with an IP address of
10.1.128.160, three ICMP request packets sent without receiving corresponding reply
37
Download from Www.Somanuals.com. All Manuals Search And Download.
packets (i.e. ping failed), the last two packets are replied successfully, the successful rate
is 40%. The switch represent ping failure with a “.”, for unreachable target; and ping
success with “!” , for reachable target.
Switch#ping
protocol [IP]:
Target IP address: 10.1.128.160
Repeat count [5]: 100
Datagram size in byte [56]: 1000
Timeout in milli-seconds [2000]: 500
Extended commands [n]: n
Displayed information
protocol [IP]:
Explanation
Select the ping for IP protocol
Target IP address
Target IP address:
Repeat count [5]
Packet number, the default is 5
ICMP packet size the default is 56 bytes
Timeout (in milliseconds,) the default is 2
seconds.
Datagram size in byte [56]
Timeout in milli-seconds [2000]:
Extended commands [n]:
Whether to change the other options or not
2.2.2 Telnet
2.2.2.1 Introduction to Telnet
Telnet is a simple remote terminal protocol for remote login. Using Telnet, the user
can login to a remote host with its IP address of hostname from his own workstation.
Telnet can send the user’s keystrokes to the remote host and send the remote host output
to the user’s screen through TCP connection. This is a transparent service, as to the user,
the keyboard and monitor seems to be connected to the remote host directly.
Telnet employs the Client-Server mode, the local system is the Telnet client and the
remote host is the Telnet server. ES4626/ES4650 can be either the Telnet Server or the
Telnet client.
When ES4626/ES4650 is used as the Telnet server, the user can use the Telnet client
program included in Windows or the other operation systems to login to ES4626/ES4650,
as described earlier in the In-band management section. As a Telnet server,
ES4626/ES4650 allows up to 5 telnet client TCP connections.
And as Telnet client, use telnet command under Admin Mode allow the user to login
to the other remote hosts. ES4626/ES4650 can only establish TCP connection to one
38
Download from Www.Somanuals.com. All Manuals Search And Download.
remote host. If a connection to another remote host is desired, the current TCP connection
must be dropped.
2.2.2.2 Telnet Task Sequence
1. Configuring Telnet Server
2. Telnet to a remote host from the switch.
1. Configuring Telnet Server
Command
Explanation
Global Mode
Enable the Telnet server function in the
switch: the “no telnet-server enable”
command disables the Telnet function.
ip telnet server
no ip telnet server
Configure the secure IP address to
login to the switch through Telnet: the
telnet-server securityip <ip-addr>
no telnet-server securityip <ip-addr>
“no
telnet-server
securityip
<ip-addr>” command deletes the
authorized Telnet secure address.
Admin Mode
Display debug information for Telnet
client login to the switch; the “no
monitor” command disables the
debug information.
monitor
no monitor
2. Telnet to a remote host from the switch
Command
Explanation
Admin Mode
Login to a remote host with the Telnet
client included in the switch.
telnet [<ip-addr>] [<port>]
2.2.2.3 Telnet Commands
2.2.2.3.1
monitor
39
Download from Www.Somanuals.com. All Manuals Search And Download.
Command: monitor
no monitor
Function: Enable debug information for Telnet client login to the switch, the Console end
debug display will be disabled at the same time; the “no monitor” command disables the
debug information and re-enables the Console end debug display. .
Command mode: Admin Mode
Usage Guide: When Telnet client accessing the switch enables Debug information, the
information is not shown in the Telnet interface, instead, it is displayed in the terminal
connecting to the Console port. This command specifies the debug information to be
displayed in the Telnet terminal screen instead of the Console or the other Telnet terminal
screens.
Example: Enable displaying the debug information in Telnet client.
Switch#monitor
2.2.2.3.2
telnet
Command: telnet [<ip-addr>] [<port>]
Function: Login to a remote host with an IP address of <ip-addr> through Telnet.
Parameter: <ip-addr> is the remote host IP address in dot decimal format. <port> is the
port number, valid value is 0 – 65535.
Command mode: Admin Mode
Usage Guide: This command is used when the switch is used as a client, the user logs in
to remote hosts for configuration with this command. ES4626/ES4650 can only establish
TCP connection to one remote host as the Telnet client. If a connection to another remote
host is desired, the current TCP connection must be dropped. To disconnect with a remote
host, the shortcut key combination “CTRL+|” can be used.
Input Telnet keyword without any parameter enters the Telnet configuration mode.
Example: Telnet to a remote router with the IP address 20.1.1.1 from the switch.
Switch#telnet 20.1.1.1 23
Connecting Host 20.1.1.123 Port 23...
Service port is 23
Connected to 20.1.1.123login: 123
password: ***
route>
2.2.2.3.3
ip telnet server
Command: ip telnet server
40
Download from Www.Somanuals.com. All Manuals Search And Download.
no ip telnet server
Function: Enable the Telnet server function in the switch: the “no telnet-server enable”
command disables the Telnet function in the switch.
Default: Telnet server function is enabled by default.
Command mode: Global Mode
Usage Guide: This command is available in Console only. The administrator can use this
command to enable or disable the Telnet client to login to the switch.
Example: Disable the Telnet server function in the switch.
Switch(Config)#no telnet-server enable
2.2.2.3.4
telnet-server securityip
Command: telnet-server securityip <ip-addr>
no telnet-server securityip <ip-addr>
Function: Configure the secure IP address of Telnet client allowed to login to the switch;
the “no telnet-server securityip <ip-addr>” command deletes the authorized Telnet
secure address.
Parameter: <ip-addr> is the secure IP address allowed to access the switch, in dot
decimal format.
Default: no secure IP address is set by default.
Command mode: Global Mode
Usage Guide: When no secure IP is configured, the IP addresses of Telnet clients
connecting to the switch will not be limited; if a secure IP address is configured, only hosts
with the secure IP address is allowed to connect to the switch through Telnet for
configuration. The switch allows multiple secure IP addresses.
Example: Set 192.168.1.21 as a secure IP address.
Switch(Config)#telnet-server securityip 192.168.1.21
2.2.3SSH
2.2.3.1Introduction to SSH
SSH (Secure Shell) is a protocol which ensures a secure remote access connection
to network devices. It is based on the reliable TCP/IP protocol. By conducting the
mechanism such as key distribution, authentication and encryption between SSH server
and SSH client, a secure connection is established. The information transferred on this
41
Download from Www.Somanuals.com. All Manuals Search And Download.
connection is protected from being intercepted and decrypted. The switch meets the
requirements of SSH2.0. It supports SSH2.0 client software such as SSH Secure Client
and putty. Users can run the above software to manage the switch remotely.
The switch presently supports RSA authentication, 3DES cryptography protocol and
SSH user password authentication etc.
2.2.3.2SSH Server Configuration Sequence
1. SSH Server Configuration
Command
Explanation
Global Mode
Enable SSH function on the switch; the
“no ssh-server enable” command
disables SSH function.
ssh-server enable
no ssh-server enable
Configure the username and password of
SSH client software for logging on the
switch; the “no ssh-user <user-name>”
command deletes the username.
ssh-user <user-name> password {0|7}
<password>
no ssh-user <user-name>
Configure timeout value for SSH
authentication; the “no ssh-server
timeout” command restores the default
timeout value for SSH authentication.
Configure the number of times for retrying
SSH authentication; the “no ssh-server
ssh-server timeout <timeout>
no ssh-server timeout
ssh-server authentication-retires
authentication-retires>
<
authentication-retries”
command
no ssh-server authentication-retries
restores the default number of times for
retrying SSH authentication.
ssh-server
host-key
create
rsa Generate the new RSA host key on the
modulus <moduls>
SSH server.
Admin Mode
Display SSH debug information on the
SSH client side; the “no monitor”
command stops displaying SSH debug
information on the SSH client side.
monitor
no monitor
2.2.3.3 SSH Configuration Commands
42
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.3.3.1
ssh-server enable
Command: ssh-server enable
no ssh-server enable
Function: Enable SSH function on the switch; the “no ssh-server enable” command
disables SSH function.
Command mode: Global Mode
Default: SSH function is disabled by default.
Usage Guide: In order that the SSH client can log on the switch, the users need to
configure the SSH user and enable SSH function on the switch.
Example: Enable SSH function on the switch.
Switch(Config)#ssh-server enable
2.2.3.3.2
ssh-user
Command: ssh-user <username> password {0|7} <password>
no ssh-user <username>
Function: Configure the username and password of SSH client software for logging on
the switch; the “no ssh-user <user-name>” command deletes the username.
Parameter: <username> is SSH client username. It can’t exceed 16 characters;
<password> is SSH client password. It can’t exceed 8 characters; 0|7 stand for
unencrypted password and encrypted password.
Command mode: Global Mode
Default: There are no SSH username and password by default.
Usage Guide: This command is used to configure the authorized SSH client. Any
unauthorized SSH clients can’t log on and configure the switch. When the switch is a
SSH server, it can have maximum three users and it allows maximum three users to
connect to it at the same time.
Example: Set a SSH client which has “switch” as username and “switch” as password.
Switch(Config)#ssh-user switch password 0 switch
2.2.3.3.3
ssh-server timeout
Command: ssh-server timeout <timeout>
no ssh-server timeout
Function: Configure timeout value for SSH authentication; the “no ssh-server timeout”
command restores the default timeout value for SSH authentication.
43
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter: <timeout> is timeout value; valid range is 10 to 600 seconds.
Command mode: Global Mode
Default: SSH authentication timeout is 180 seconds by default.
Example: Set SSH authentication timeout to 240 seconds.
Switch(Config)#ssh-server timeout 240
2.2.3.3.4
ssh-server authentication-retries
Command: ssh-server authentication-retries < authentication-retries >
no ssh-server authentication-retries
Function: Configure the number of times for retrying SSH authentication; the “no
ssh-server authentication-retries” command restores the default number of times for
retrying SSH authentication.
Parameter: < authentication-retries > is the number of times for retrying authentication;
valid range is 1 to 10.
Command mode: Global Mode
Default: The number of times for retrying SSH authentication is 3 by default.
Example: Set the number of times for retrying SSH authentication to 5.
Switch(Config)#ssh-server authentication-retries 5
2.2.3.3.5
ssh-server host-key create rsa
Command: ssh-server host-key create rsa [modulus < modulus >]
Function: Generate new RSA host key
Parameter: modulus is the modulus which is used to compute the host key; valid range
is 768 to 2048. The default value is 1024.
Command mode: global Mode
Default: The system uses the key generated when the ssh-server is started at the first
time.
Usage Guide: This command is used to generate the new host key. When SSH client
logs on the server, the new host key is used for authentication. After the new host key is
generated and “write” command is used to save the configuration, the system uses this
key for authentication all the time. Because it takes quite a long time to compute the new
key and some clients are not compatible with the key generated by the modulus 2048, it
is recommended to use the key which is generated by the default modulus 1024.
Example: Generate new host key.
Switch(Config)#ssh-server host-key create rsa
44
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.3.3.6
monitor
Command: monitor
no monitor
Function: Display SSH debug information on the SSH client side and stop displaying
SSH debug information on the Console; the “no monitor” command stops displaying
SSH debug information on the SSH client side and enables to display SSH debug
information on the Console.
Command mode: Admin Mode
Usage Guide: When SSH client accesses the switch and users enable to display SSH
Debug information, this information is displayed on the Console terminal instead of SSH
interface. This command enables debug information to be displayed on the SSH
interface instead of on the Console terminal.
Example: Enable to display SSH debug information on the SSH client interface.
Switch#monitor
Related command: ssh-user
2.2.3.4Typical SSH Server Configuration
Example 1:
Requirement: Enable SSH server on the switch, and run SSH2.0 client software such
as Secure shell client and putty on the terminal. Log on the switch by using the username
and password from the client.
Configure the IP address, add SSH user and enable SSH service on the switch.
SSH2.0 client can log on the switch by using the username and password to configure the
switch.
Switch(Config)#interface vlan 1
Switch(Config-Vlan-1)#ip address 100.100.100.200 255.255.255.0
Switch(Config-Vlan-1)#exit
Switch(Config)#ssh-user test password 0 test
Switch(Config)#ssh-server enable
2.2.3.5SSH Monitor and Debug Commands
45
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.3.5.1
show ssh-user
Command: show ssh-user
Function: Display the configured SSH usernames.
Parameter: Admin Mode
Example:
Switch#show ssh-user
test
Related command: ssh-user
2.2.3.5.2
show ssh-server
Command: show ssh-server
Function: Display SSH state and users which log on currently.
Command mode: Admin Mode
Example:
Switch#show ssh-server
ssh-server is enabled
connection version
2.0
state
user name
test
1
session started
Related command: ssh-server enable, no ssh-server enable
2.2.3.5.3
debug ssh-server
Command: debug ssh-server
no debug ssh-server
Function: Display SSH server debugging information; the “no debug ssh-server”
command stops displaying SSH server debugging information.
Default: This function is disabled by default.
Command mode: Admin Mode
2.2.4 traceroute
Command: traceroute {<ip-addr> | host <hostname> }[hops <hops>] [timeout
<timeout> ]
Function: This command is tests the gateway passed in the route of a packet from the
source device to the target device. This can be used to test connectivity and locate a failed
46
Download from Www.Somanuals.com. All Manuals Search And Download.
sector.
Parameter: <ip-addr> is the target host IP address in dot decimal format. <hostname> is
the hostname for the remote host. <hops> is the maximum gateway number allowed by
Traceroute command. <timeout> Is the timeout value for test packets in milliseconds,
between 100 – 10000.
Default: The default maximum gateway number is 16, timeout in 2000 ms.
Command mode: Admin Mode
Usage Guide: Traceroute is usually used to locate the problem for unreachable network
nodes.
Related command: ip host
2.2.5 show
show command is used to display information about the system , port and protocol
operation. This part introduces the show command that displays system information,
other show commands will be discussed in other chapters.
2.2.5.1 show calendar
Command: show calendar
Function: Display the system clock.
Command mode: Admin Mode
Usage Guide: The user can use this command to check system date and time so that the
system clock can be adjusted in time if inaccuracy occurs.
Example:
Switch#show calendar
Current time is TUE AUG 22 11: 00: 01 2002
Related command: calendar set
2.2.5.2 show debugging
Command: show debugging
Function: Display the debug switch status.
Usage Guide: If the user need to check what debug switches have been enabled, show
debugging command can be executed.
47
Download from Www.Somanuals.com. All Manuals Search And Download.
Command mode: Admin Mode
Example: Check for currently enabled debug switch.
Switch#show debugging
STP:
Stp input packet debugging is on
Stp output packet debugging is on
Stp basic debugging is on
Switch#
Related command: debug
2.2.5.3 dir
Command: dir
Function: Display the files and their sizes in the Flash memory.
Command mode: Admin Mode
Example: Check for files and their sizes in the Flash memory.
Switch#dir
boot.rom
329,828 1900-01-01 00: 00: 00 --SH
boot.conf
nos.img
94 1900-01-01 00: 00: 00 --SH
2,449,496 1980-01-01 00: 01: 06 ----
2,064 1980-01-01 00: 30: 12 ----
startup-config
2.2.5.4 show history
Command: show history
Function: Display the recent user command history,.
Command mode: Admin Mode
Usage Guide: The system holds up to 10 commands the user entered, the user can use
the UP/DOWN key or their equivalent (ctrl+p and ctrl+n) to access the command history.
Example:
Switch#show history
enable
config
interface ethernet 1/3
enable
dir
show ftp
48
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.5.5 show memory
Command: show memory
Function: Display the contents in the memory.
Command mode: Admin Mode
Usage Guide: This command is used for switch debug purposes. The command will
interactively prompt the user to enter start address of the desired information in the
memory and output word number. The displayed information consists of three parts:
address, Hex view of the information and character view.
Example:
Switch#show memory
start address : 0x2100
number of words[64]:
002100: 0000 0000 0000 0000 0000 0000 0000 0000
002110: 0000 0000 0000 0000 0000 0000 0000 0000
002120: 0000 0000 0000 0000 0000 0000 0000 0000
002130: 0000 0000 0000 0000 0000 0000 0000 0000
002140: 0000 0000 0000 0000 0000 0000 0000 0000
002150: 0000 0000 0000 0000 0000 0000 0000 0000
002160: 0000 0000 0000 0000 0000 0000 0000 0000
002170: 0000 0000 0000 0000 0000 0000 0000 0000
*................*
*................*
*................*
*................*
*................*
*................*
*................*
*................*
2.2.5.6 show running-config
Command: show running-config
Function: Display the current active configuration parameters for the switch.
Default: If the active configuration parameters are the same as the default operating
parameters, nothing will be displayed.
Command mode: Admin Mode
Usage Guide: When the user finishes a set of configuration and needs to verify the
configuration, show running-config command can be used to display the current active
parameters.
Example:
Switch#show running-config
49
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.5.7 show startup-config
Command: show startup-config
Function: Display the switch parameter configurations written into the Flash memory at
the current operation, those are usually also the configuration files used for the next
power-up.
Default: If the configuration parameters read from the Flash are the same as the default
operating parameter, nothing will be displayed.
Command mode: Admin Mode
Usage Guide: The show running-config command differs from show startup-config in
that when the user finishes a set of configurations, show running-config displays the
added-on configurations whilst show startup-config won’t display any configurations.
However, if write command is executed to save the active configuration to the Flash
memory, the displays of show running-config and show startup-config will be the
same.
2.2.5.8 show interfaces switchport
Command: show interfaces switchport [ethernet <interface >]
Function: Display VLAN interface mode and VLAN number, and Trunk port information
for the switch.
Parameter: <interface > is the port number, which can be any port information exist in the
switch.
Command mode: Admin Mode
Example: Display the VLAN information for interface ethernet 1/1.
Switch#show interfaces swichport ethernet 1/1
Ethernet1/1
Type : Universal
Mac addr num : -1
Mode : Access
Port VID : 1
Trunk allowed Vlan : ALL
Displayed information
Ethernet1/1
Description
Corresponding Ethernet interface number;
Current Interface Type
Type
Mac addr num
MAC address number can be learn by the current
interface
Mode : Access
VLAN mode of the current Interface
50
Download from Www.Somanuals.com. All Manuals Search And Download.
Port VID : 1
VLAN number belong to the current Interface
VLAN allowed to be crossed by Trunk.
Trunk allowed Vlan : ALL
2.2.5.9 show tcp
Command: show tcp
Function: Display the current TCP connection status established to the switch.
Command mode: Admin Mode
Example:
Switch#show tcp
LocalAddress
0.0.0.0
LocalPort ForeignAddress
ForeignPort
State
LISTEN
LISTEN
23
0.0.0.0
0.0.0.0
0
0.0.0.0
80
0
Displayed information
LocalAddress
LocalPort
Description
Local address of the TCP connection.
Local pot number of the TCP connection.
Remote address of the TCP connection.
Remote port number of the TCP connection.
Current status of the TCP connection.
ForeignAddress
ForeignPort
State
2.2.5.10 show udp
Command: show udp
Function: Display the current UDP connection status established to the switch.
Command mode: Admin Mode
Example:
Switch#show udp
LocalAddress
0.0.0.0
LocalPort ForeignAddress
ForeignPort
State
161
0.0.0.0
0.0.0.0
0.0.0.0
0
0
CLOSED
CLOSED
CLOSED
0.0.0.0
123
0.0.0.0
1985
0
Displayed information
LocalAddress
LocalPort
Description
Local address of the udp connection.
Local pot number of the udp connection.
Remote address of the udp connection.
Remote port number of the udp connection.
Current status of the udp connection.
ForeignAddress
ForeignPort
State
51
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.5.11
show users
Command: show users
Function: Display all user information that can login the switch .
Usage Guide: This command can be used to check for all user information that can login
the switch .
Example:
Switch#show users
User
level
0
havePasword
1
admin
Online user info: user
Switch#
ip
login time(second) usertype
Related command: username password、username access-level
2.2.5.12 show version
Command: show version<unit>
Parameter: where the range of unit is 1
Function: Display the switch version.
Default: The default value for <unit> is 1
Command mode: Admin Mode
Usage Guide: Use this command to view the version information for the switch, including
hardware version and software version. 。
Example:
Switch#show vers
ES4626 Device, Apr 14 2005 11: 19: 29
HardWare version is 2.0, SoftWare version packet is ES4626_1.1.0.0, BootRom version
is ES4626_1.0.4
Copyright (C) 2001-2006 by Accton Technology Corporation..
All rights reserved.
Last reboot is cold reset
Uptime is 0 weeks, 0 days, 0 hours, 28 minutes
52
Download from Www.Somanuals.com. All Manuals Search And Download.
2.2.6 debug
All the protocols ES4626/ES4650 supports have their corresponding debug
commands. The users can use the information from debug command for troubleshooting.
Debug commands for their corresponding protocols will be introduced in the later
chapters.
2.3 Configuring Switch IPAddresses
All Ethernet ports of ES4626/ES4650 is default to DataLink layer ports and perform
layer 2 forwarding. VLAN interface represent a Layer 3 interface function , which can be
assigned an IP address, which is also the IP address of the switch. All VLAN interface
related configuration commands can be configured under VLAN Mode. ES4626/ES4650
provides three IP address configuration methods:
&
&
&
Manual
BootP
DHCP
Manual configuration of IP address is assign an IP address manually for the switch.
In BootP/DHCP mode, the switch operates as a BootP/DHCP client, send broadcast
packets of BootPRequest to the BootP/DHCP servers, and the BootP/DHCP servers
assign the address on receiving the request. In addition, ES4626/ES4650 can act as a
DHCP server, and dynamically assign network parameters such as IP addresses,
gateway addresses and DNS server addresses to DHCP clients DHCP Server
configuration is detailed in later chapters.
2.3.1Configuring Switch IP Addresses Task Sequence
1. Manual configuration
2. BootP configuration
3. DHCP configuration
1. Manual configuration
Command
ip address <ip_address> <mask> Configure the VLAN interface IP address;
[secondary] the “no ip address <ip_address> <mask>
Explanation
53
Download from Www.Somanuals.com. All Manuals Search And Download.
no ip address <ip_address> <mask> [secondary]” command deletes VLAN
[secondary]
interface IP address.
2. BootP configuration
Command
Explanation
ip address bootp
no ip address bootp
Enable the switch to be a BootP client and
obtain IP address and gateway address
through BootP negotiation; the “no ip
bootp-client enable” command disables
the BootP client function.
3.DHCP
Command
Explanation
ip address dhcp
no ip address dhcp
Enable the switch to be a DHCP client and
obtain IP address and gateway address
through DHCP negotiation; the “no ip
dhcp-client enable” command disables
the DHCP client function.
2.3.2 Commands for Configuring Switch IP
Addresses
2.3.2.1 ip address
Command: ip address <ip-address> <mask> [secondary]
no ip address [<ip-address> <mask>] [secondary]
Function: Set the IP address and mask for the specified VLAN interface; the “no ip
address <ip address> <mask> [secondary]” command deletes the specified IP address
setting.
Parameter: <ip-address> is the IP address in dot decimal format; <mask> is the subnet
mask in dot decimal format; [secondary] indicates the IP configured is a secondary IP
address.
Default: No IP address is configured upon switch shipment.
Command mode: VLAN Interface Mode
Usage Guide: A VLAN interface must be created first before the user can assign an IP
address to the switch.
Example: Set 10.1.128.1/24 as the IP address of VLAN1 interface.
54
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch(Config)#interface vlan 1
Switch(Config-If-Vlan1)#ip address 10.1.128.1 255.255.255.0
Switch(Config-If-Vlan1)#exit
Switch(Config)#
Related command: ip address bootp、ip address dhcp
2.3.2.2
ip address bootp
Command: ip address bootpno ip address bootp
Function: Enable the switch to be a BootP client and obtain IP address and gateway
address through BootP negotiation; the “no ip bootp-client enable” command disables
the BootP client function and releases the IP address obtained in BootP .
Default: BootP client function is disabled by default.
Command mode: VLAN Interface Mode
Usage Guide: Obtaining IP address through BootP, Manual configuration and DHCP are
mutually exclusive, enabling any 2 methods for obtaining IP address is not allowed. Note:
To obtain IP address via DHCP, a DHCP server or a BootP server is required in the
network.
Example: Get IP address through BootP.
Switch(Config)#interface vlan 1
Switch(Config-If-Vlan1)# ip address bootp
Switch (Config-If-Vlan1)#exit
Switch (Config)#
Related command: ip address、ip address dhcp
2.3.2.3 ip address dhcp
Command: ip address dhcp
no ip address dhcp
Function: Enable the switch to be a DHCP client and obtain IP address and gateway
address through DHCP negotiation; the “no ip dhcp -client enable” command disables
the DHCP client function and releases the IP address obtained in DHCP . Note: To obtain
IP address via DHCP, a DHCP server is required in the network.
Default: DHCP client function is disabled by default.
Command mode: VLAN Interface Mode
Usage Guide: Obtaining IP address through DHCP, Manual configuration and BootP are
mutually exclusive, enabling any 2 methods for obtaining IP address is not allowed.
Example: Get IP address through DHCP.
55
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch (Config)#interface vlan 1
Switch (Config-If-Vlan1)# ip address dhcp
Switch (Config-If-Vlan1)#exit
Switch (Config)#
Related command: ip address, ip address bootp
2.4 SNMP
2.4.1Introduction to SNMP
SNMP (Simple Network Management Protocol) is a standard network management
protocol widely used in computer network management. SNMP is an evolving protocol.
SNMP v1 [RFC1157] is the first version of SNMP which is adapted by vast numbers of
manufacturers for its simplicity and easy implementation; SNMP v2c is an enhanced
version of SNMP v1, which supports layered network management; SNMP v3 strengthens
the security by adding USM (User-based Security Mode) and VACM (View-based Access
Control Model).
SNMP protocol provides a simple way of exchange network management information
between two points in the network. SNMP employs a polling mechanism of message
query, and transmits messages through UDP (a connectionless transport layer protocol).
Therefore it is well supported by the existing computer networks.
SNMP protocol employs a station-agent mode. There are two parts in this structure:
NMS (Network Management Station) and Agent. NMS is the workstation on which SNMP
client program is running. It is the core on the SNMP network management. Agent is the
server software runs on the devices which need to be managed. NMS manages all the
managed objects through Agents. The switch supports Agent function.
The communication between NMS and Agent functions in Client/Server mode by
exchanging standard messages. NMS sends request and the Agent responds. There are
seven types of SNMP message:
z
z
z
z
z
z
z
Get-Request
Get-Response
Get-Next-Request
Get-Bulk-Request
Set-Request
Trap
Inform-Request
NMS sends queries to the Agent with Get-Request, Get-Next-Request,
Get-Bulk-Request and Set-Request messages; and the Agent, upon receiving the
56
Download from Www.Somanuals.com. All Manuals Search And Download.
requests, replies with Get-Response message. On some special situations, like network
device ports are on Up/Down status or the network topology changes, Agents can send
Trap messages to NMS to inform the abnormal events. Besides, NMS can also be set to
alert to some abnormal events by enabling RMON function. When alert events are
triggered, Agents will send Trap messages or log the event according to the settings.
Inform-Request is mainly used for inter-NMS communication in the layered network
management.
USM ensures the transfer security by well-designed encryption and authentication.
USM encrypts the messages according to the user typed password. This mechanism
ensures that the messages can’t be viewed on transmission. And USM authentication
ensures that the messages can’t be changed on transmission. USM employs DES-CBC
cryptography. And HMAC-MD5 and HMAC-SHA are used for authentication.
VACM is used to classify the users’ access permission. It puts the users with the
same access permission in the same group. Users can’t conduct the operation which is
not authorized.
2.4.2Introduction to MIB
The network management information accessed by NMS is well defined and
organized in a Management Information Base (MIB). MIB is pre-defined information which
can be accessed by network management protocols. It is in layered and structured form.
The pre-defined management information can be obtained from monitored network
devices. ISO ASN.1 defines a tree structure for MID. Each MIB organizes all the available
information with this tree structure. And each node on this tree contains an OID (Object
Identifier) and a brief description about the node. OID is a set of integers divided by
periods. It identifies the node and can be used to locate the node in a MID tree structure,
shown in the figure below:
57
Download from Www.Somanuals.com. All Manuals Search And Download.
Fig 2-1 ASN.1 Tree Instance
In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through
this unique OID and gets the standard variables of the object. MIB defines a set of
standard variables for monitored network devices by following this structure.
If the variable information of Agent MIB needs to be browsed, the MIB browse
software needs to be run on the NMS. MIB in the Agent usually consists of public MIB and
private MIB. The public MIB contains public network management information that can be
accessed by all NMS; private MIB contains specific information which can be viewed and
controlled by the support of the manufacturers
MIB-I [RFC1156] is the first implemented public MIB of SNMP, and is replaced by
MIB-II [RFC1213]. MIB-II expands MIB-I and keeps the OID of MIB tree in MIB-I. MIB-II
contains sub-trees which are called groups. Objects in those groups cover all the
functional domains in network management. NMS obtains the network management
information by visiting the MIB of SNMP Agent.
The switch can operate as a SNMP Agent, and supports both SNMP v1/v2c and
SNMP v3. The switch supports basic MIB-II, RMON public MIB and other public MID such
as BRIDGE MIB. Besides, the switch supports self-defined private MIB.
2.4.3Introduction to RMON
RMON is the most important expansion of the standard SNMP. RMON is a set of MIB
definitions, used to define standard network monitor functions and interfaces, enabling the
communication between SNMP management terminals and remote monitors. RMON
provides a highly efficient method to monitor actions inside the subnets.
MID of RMON consists of 10 groups. The switch supports the most frequently used
58
Download from Www.Somanuals.com. All Manuals Search And Download.
group 1, 2, 3 and 9:
Statistics: Maintain basic usage and error statistics for each subnet monitored by the
Agent.
History: Record periodical statistic samples available from Statistics.
Alarm: Allow management console users to set any count or integer for sample
intervals and alert thresholds for RMON Agent records.
Event: A list of all events generated by RMON Agent.
Alarm depends on the implementation of Event. Statistics and History display some
current or history subnet statistics. Alarm and Event provide a method to monitor any
integer data change in the network, and provide some alerts upon abnormal events
(sending Trap or record in logs).
2.4.4SNMP Configuration
2.4.4.1 SNMP Configuration Task Sequence
1. Enable or disable SNMP Agent server function
2. Configure SNMP community string
3. Configure IP address of SNMP management base
4. Configure engine ID
5. Configure user
6. Configure group
7. Configure view
8. Configuring TRAP
9. Enable/Disable RMON
1. Enable or disable SNMP Agent server function
Command
Explanation
snmp-server
no snmp-server
Enable the SNMP Agent function on the
switch; the “no snmp-server enable”
command disables the SNMP Agent
function on the switch.
2. Configure SNMP community string
Command
Explanation
snmp-server community
{ro|rw}
<string> Configure the community string for the
switch; the “no snmp-server community
no snmp-server community <string>
<string>” command deletes the configured
59
Download from Www.Somanuals.com. All Manuals Search And Download.
community string.
3. Configure IP address of SNMP management base
Command
Explanation
snmp-server securityip <ip-address>
Configure the secure IP address which is
no snmp-server securityip <ip-address> allowed to access the switch on the NMS;
the
“no
snmp-server
securityip
<ip-address>”
command
deletes
configured secure address.
snmp-server SecurityIP enable
snmp-server SecurityIP disable
Enable or disable secure IP address check
function on the NMS.
4. Configure engine ID
Command
Explanation
snmp-server engineid < engine-string >
Configure the local engine ID on the switch.
no snmp-server engineid < engine-string This command is used for SNMP v3.
>
5. Configure user
Command
Explanation
snmp-server
<group-string>
user
<user-string> Add a user to a SNMP group. This
[[encrypted]
{auth command is used to configure USM for
{md5|sha} <password-string>}]
SNMP v3.
no snmp-server user <user-string>
<group-string>
6. Configure group
Command
Explanation
<group-string> Set the group information on the switch.
{NoauthNopriv|AuthNopriv|AuthPriv} This command is used to configure VACM
[[read <read-string>] [write for SNMP v3.
snmp-server
group
<write-string>] [notify <notify-string>]]
no snmp-server group <group-string>
{NoauthNopriv|AuthNopriv|AuthPriv}
7. Configure view
Command
Explanation
snmp-server
view
<view-string> Configure view on the switch. This
60
Download from Www.Somanuals.com. All Manuals Search And Download.
<oid-string> {include|exclude}
command is used for SNMP v3.
no snmp-server view <view-string>
8. Configuring TRAP
Command
Explanation
snmp-server enable traps
no snmp-server enable traps
snmp-server host <host-address
{v1|v2c|{v3
Enable the switch to send Trap message.
This command is used for SNMP v1/v2/v3.
Set the host IP address which is used to
receive SNMP Trap information. For SNMP
v1/v2, this command also configures Trap
community string; for SNMP v3, this
>
{NoauthNopriv|AuthNopriv|AuthPriv}}}
<user-string>
no snmp-server host <host-address> command also configures Trap user name
{v1|v2c|{v3 {NoauthNopriv|AuthNopriv and security level.
|AuthPriv}}} <user-string>
9. Enable/Disable RMON
Command
Explanation
rmon enable
no rmon enable
Enable/disable RMON.
2.4.4.2 SNMP Configuration Commands
2.4.4.2.1 snmp-server
Command: snmp-server
no snmp-server
Function: Enable the SNMP agent server function on the switch; the “no snmp-server
enable” command disables the SNMP agent server function.
Command mode: Global Mode
Default: SNMP agent server function is disabled by default.
Usage Guide: To enable configuration and management via network administrative
software, this command must be executed to enable the SNMP agent server function on
the switch.
Example: Enable SNMP Agent server function on the switch.
Switch(Config)#snmp-server
61
Download from Www.Somanuals.com. All Manuals Search And Download.
2.4.4.2.2
snmp-server community
Command: snmp-server community <string> {ro|rw}
nmp-server community <string>
Function: Configure the community string for the switch; the “no snmp-server
community <string>” command deletes the configured community string.
Parameter: <string> is the community string set; ro|rw is the specified access mode to
MIB, ro for read-only and rw for read-write.
Command mode: Global Mode
Usage Guide: The switch supports up to 4 community strings.
Example 1: Add a community string named “private” with read-write permission.
Switch(config)#snmp-server community private rw
Example 2: Add a community string named “public” with read-only permission.
Switch(config)#snmp-server community public ro
Example 3: Modify the read-write community string named “private” to read-only.
Switch(config)#snmp-server community private ro
Example 4: Delete community string “private”.
Switch(config)#no snmp-server community private
2.4.4.2.3
snmp-server enable traps
Command: snmp-server enable traps
no snmp-server enable traps
Function: Enable the switch to send Trap message; the “no snmp-server enable traps”
command disables the switch to send Trap message.
Command mode: Global Mode
Default: Trap message is disabled by default.
Usage Guide: When Trap message is enabled, if Down/Up in device ports or of system
occurs, the device will send Trap messages to NMS that receives Trap messages.
Example 1: Enable to send Trap messages.
Switch(config)#snmp-server enable traps
Example 2: Disable to send Trap messages.
Switch(config)#no snmp-server enable trap
2.4.4.2.4
snmp-server engineid
Command: snmp-server engineid < engine-string >
62
Download from Www.Somanuals.com. All Manuals Search And Download.
no snmp-server engineid
Function: Configure the engine ID; the “no snmp-server engineid < engine-string >”
command restores the default engine ID.
Parameter: <engine-string> is the engine ID which is 1-32 hexadecimal characters.
Command mode: Global Mode
Default: The engine ID is manufacturer number + local MAC address by default.
Example 1: Set the engine ID to A66688999F.
Switch(config)#snmp-server engineid A66688999F
Example 2: Restore the default engine ID.
Switch(config)#no snmp-server engineid
2.4.4.2.5
snmp-server user
Command: snmp-server user <user-string> <group-string> [[encrypted] {auth
{md5|sha} <password-string>}]
no snmp-server user <user-string> <group-string>
Function: Add a new user to SNMP group; The “no snmp-server user <user-string>
<group-string>” command deletes the user.
Parameter: <user-string> is the user name which is 1 to 32 characters; <group-string>
is the group name which the user belongs to; encrypted means that messages are
encrypted by DES; auth means that messages are authenticated; md5 is used for
authentication; sha is used for authentication; <password-string> is user password
which is 1 to 32 characters.
Command mode: Global Mode
Usage Guide: Messages are not encrypted by default. If users enable the encryption,
they have to enable authentication. When users delete a user with the right user name
and wrong group name, the user still can be deleted.
Example 1: Add a user named “tester” to group “UserGroup”, with encryption, “HMAC
md5” authentication and password “hello”
Switch (Config)#snmp-server user tester UserGroup encrypted auth md5 hello
Example 2: Delete a user.
Switch (Config)#no snmp-server user tester UserGroup
2.4.4.2.6
snmp-server group
Command: snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv}
[[read <read-string>] [write <write-string>] [notify <notify-string>]]no
63
Download from Www.Somanuals.com. All Manuals Search And Download.
snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv}
Function: Configure a new SNMP server group; the “no snmp-server group
<group-string> {NoauthNopriv|AuthNopriv|AuthPriv}” command deletes the group.
Parameter: <group-string > is the group name; NoauthNopriv means no encryption and
no authentication; AuthNopriv means authentication and no encryption; AuthPriv means
authentication and encryption; read-string is view name with read permission. It is 1 to 32
characters; write-string is view name with write permission. It is 1 to 32 characters;
notify-string is view name with modify (trap) permission. It is 1 to 32 characters
Command mode: Global Mode
Usage Guide: There is a default view named “v1defaultviewname” which is
recommended to be used. If there is no view with read or write permission, this operation
is forbidden.
Example 1: Create a group named “CompanyGroup” with encryption and authentication.
The view named “readview” with read permission but without write permission.
Switch (Config)#snmp-server group CompanyGroup AuthPriv read readview
Example 2: Delete the group.
Switch (Config)#no snmp-server group CompanyGroup AuthPriv
2.4.4.2.7
snmp-server view
Command: snmp-server view <view-string> <oid-string> {include|exclude}
no snmp-server view <view-string>
Function: Create or modify view information; the “no snmp-server view <view-string>”
command deletes view information.
Parameter: < view-string > is the view name which is 1 to 32 characters; < oid-string >
is OID string or the node name which is 1 to 255 characters. include|exclude refers to
including or excluding the OID.
Command mode: Global Mode
Usage Guide: This command supports not only OID string but also node name.
Example 1: Create a view named “readview” which includes the node named “iso”, but
excludes the node named “iso.3”
Switch (Config)#snmp-server view readview iso include
Switch (Config)#snmp-server view readview iso.3 exclude
Example 2: Delete view.
Switch (Config)#no snmp-server view readview
2.4.4.2.8
snmp-server host
64
Download from Www.Somanuals.com. All Manuals Search And Download.
Command: snmp-server host <host-address> {v1|v2c|{v3
{NoauthNopriv|AuthNopriv|AuthPriv}}} <user-string>
no snmp-server host <host-address> {v1|v2c|{v3 {NoauthNopriv|AuthNopriv
|AuthPriv}}} <user-string>
Function: This command functions differently for different versions of SNMP. For SNMP
v1/v2, this command is used to configure Trap community string and the IP address of
the NMS which receives SNMP Trap messages. For SNMP v3, this command is used to
configure the IP address of the NMS which receives SNMP Trap messages, and Trap
user name and security level; the “no snmp-server host <host-address> {v1|v2c|{v3
{NoauthNopriv|AuthNopriv |AuthPriv}}} <user-string>” command deletes the IP
address.
Parameter: <host-addr> is the IP address of the NMS which receives SNMP Trap
messages;
v1|v2c|v3
is
SNMP
version
for
Trap
message;
NoauthNopriv|AuthNopriv|AuthPriv is the security level: no authentication and no
encryption | authentication and no encryption | authentication and encryption. <user
-string> stands for the community string for sending Trap message for SNMP v1/v2; and
it stands for user name for SNMP v3.
Command mode: Global Mode
Usage Guide: The community string in the command is also used for RMON event
community string. If RMON event community string is not configured, the community
string in the command is used for RMON event community string. If RMON event
community string is configured, RMON event uses its own community string.
Example 1 : Set the IP address of the NMS which receives SNMP Trap messages.
Switch(config)#snmp-server host 1.1.1.5 v1 usertrap
Example 2 : Delete the IP address of the NMS which receives SNMP Trap messages.
Switch(config)#no snmp-server host 1.1.1.5 v1 usertrap
2.4.4.2.9
snmp-server securityip
Command: snmp-server securityip <ip-address>
no snmp-server securityip <ip-address>
Function: Configure the secure IP address which is allowed to access the switch on the
NMS; the “no snmp-server securityip <ip-address>” command deletes configured
secure address.
Parameter: <ip-address> is the secure IP address in dotted decimal format.
Command mode: Global Mode
Usage Guide: Only if the IP address of NMS and the secure IP address are the same, the
SNMP messages sent by the NMS are processed by the switch. This command is only
65
Download from Www.Somanuals.com. All Manuals Search And Download.
used for SNMP v1 and SNMP v2.
Example 1: Set the secure IP address to 1.1.1.5
Switch(config)#snmp-server securityip 1.1.1.5
Example 2: Delete the secure IP address
Switch(config)#no snmp-server securityip 1.1.1.5
2.4.4.2.10
snmp-server SecurityIP enable
Command: snmp-server SecurityIP enable
snmp-server SecurityIP disable
Function: Enable or disable secure IP address check function on the NMS.
Command mode: Global Mode
Default: Secure IP address check function is enabled by default.
Example: Disable secure IP address check function.
Switch(config)#snmp-server securityip disable
2.4.4.2.11
rmon enable
Command: rmon enable
no rmon enable
Function: Enable RMON; the “no rmon enable” command disables RMON.
Command mode: Global Mode
Default: RMON is disabled by default.
Example 1: Enable RMON
Switch(config)#rmon enable
Example 2: Disable RMON
Switch(config)#no rmon enable
2.4.5Typical SNMP Configuration Examples
The IP address of the NMS is 1.1.1.5; the IP address of the switch (Agent) is 1.1.1.9
Scenario 1: The NMS network administrative software uses SNMP protocol to obtain data
from the switch.
The configuration on the switch is listed below:
Switch(config)#snmp-server
66
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch(Config)#snmp-server community private rw
Switch(Config)#snmp-server community public ro
Switch(Config)#snmp-server securityip 1.1.1.5
The NMS can use “private” as the community string to access the switch with read-write
permission, or use “public” as the community string to access the switch with read-only
permission.
Scenario 2: NMS will receive Trap messages from the switch (Note: NMS may have
community string verification for the Trap messages. In this scenario, the NMS uses a
Trap verification community string of “ectrap”).
The configuration on the switch is listed below:
Switch(config)#snmp-server
Switch(Config)#snmp-server host 1.1.1.5 ectrap
Switch(Config)#snmp-server enable traps
Scenario 3: NMS uses SNMP v3 to obtain information from the switch.
The configuration on the switch is listed below:
Switch(config)#snmp-server
Switch (Config)#snmp-server user tester UserGroup encrypted auth md5 hello
Switch (Config)#snmp-server group UserGroup AuthPriv read max write max notify max
Switch (Config)#snmp-server view max 1 include
Scenario 4: NMS wants to receive the v3Trap messages sent by the switch.
The configuration on the switch is listed below:
Switch(config)#snmp-server
Switch(config)#snmp-server host 10.1.1.2 v3 AuthPriv tester
Switch(config)#snmp-server enable traps
2.4.6SNMP Troubleshooting Help
2.4.6.1Monitor and Debug Commands
2.4.6.1.1
show snmp
Command: show snmp
67
Download from Www.Somanuals.com. All Manuals Search And Download.
Function: Display all SNMP counter information.
Command mode: Admin Mode
Example:
Switch#show snmp
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Max packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Get-response PDUs
0 SNMP trap PDUs
Displayed information
snmp packets input
Explanation
Total number of SNMP packet inputs.
Number of version information error
packets.
bad snmp version errors
unknown community name
Number of community name error
packets.
illegal operation for community name Number of permission for community
supplied
name error packets.
encoding errors
Number of encoding error packets.
Number of variables requested by NMS.
Number of variables set by NMS.
Number of packets received by “get”
requests.
number of requested variablest
number of altered variables
get-request PDUs
get-next PDUs
Number of packets received by “getnext”
requests.
set-request PDUs
Number of packets received by “set”
requests.
68
Download from Www.Somanuals.com. All Manuals Search And Download.
snmp packets output
too big errors
Total number of SNMP packet outputs.
Number of “Too_ big” error SNMP
packets.
maximum packet size
no such name errors
Maximum length of SNMP packets.
Number of packets requesting for
non-existent MIB objects.
bad values errors
general errors
Number of “Bad_values” error SNMP
packets.
Number of “General_errors” error SNMP
packets.
response PDUs
trap PDUs
Number of response packets sent.
Number of Trap packets sent.
2.4.6.1.2
show snmp status
Command: show snmp status
Function: Display SNMP configuration information.
Command mode: Admin Mode
Example:
Switch#show snmp status
Trap enable
RMON enable
Community Information:
V1/V2c Trap Host Information:
V3 Trap Host Information:
Security IP Information:
Displayed information
Community string
Description
Community string
Community access
Trap-rec-address
Trap enable
Community access permission
IP address which is used to receive Trap.
Enable or disable to send Trap.
SecurityIP
IP address of the NMS which is allowed
to access Agent
69
Download from Www.Somanuals.com. All Manuals Search And Download.
2.4.6.1.3
show snmp engineid
Command: show snmp engineid
Function: Display SNMP engine ID information.
Command mode: Admin Mode
Example:
Switch#show snmp engineid
SNMP engineID: 3138633303f1276c
Displayed information
Engine Boots is: 1
Description
SNMP engineID
SNMP engine ID
Engine Boots
The number of times that the engine
boots.
2.4.6.1.4
show snmp user
Command: show snmp user
Function: Display user name information.
Command mode: Admin Mode
Example:
Switch#show snmp user
User name: initialsha
Engine ID: 1234567890
Auth Protocol: MD5
Row status: active
Displayed information
User name
Priv Protocol: DES-CBC
Description
User name
Engine ID
Engine ID
Priv Protocol
Auth Protocol
Row status
Encryption protocol
Authentication protocol
User state
2.4.6.1.5
show snmp group
Command: show snmp group
Function: Display group information.
Command mode: Admin Mode
70
Download from Www.Somanuals.com. All Manuals Search And Download.
Example:
Switch#show snmp group
Group Name: initial
Read View: one
Security Level: noAuthnoPriv
Write View: <no writeview specified>
Notify View: one
Displayed information
Group Name
Description
Group name
Security level
Read View
Security level
Read view name
Write View
Write view name
Notify View
Notify view name
<no writeview specified>
Users don’t specify view names.
2.4.6.1.6
show snmp view
Command: show snmp view
Function: Display view information.
Command mode: Admin Mode
Example:
Switch#show snmp view
View Name: readview
1.
1.3.
-Included
- Excluded
active
active
Displayed information
View Name
Description
View name
1. and 1.3.
Included
OID number
View includes the sub-tree which has this
OID as the root.
Excluded
active
View doesn’t include the sub-tree which
has this OID as the root.
State
2.4.6.1.7
show snmp mib
71
Download from Www.Somanuals.com. All Manuals Search And Download.
Command: show snmp mib
Function: Display all the MIB supported on the switch.
Command mode: Admin Mode
2.4.6.2SNMP Troubleshooting Help
When users configure the SNMP, the SNMP server may fail to run properly due to
physical connection failure and wrong configuration, etc. Users can troubleshoot the
problems by following the guide below:
—
—
Good condition of the physical connection.
Interface and datalink layer protocol is Up (use the “show interface” command), and
the connection between the switch and host can be verified by ping ( use “ping”
command).
—
—
The switch enabled SNMP Agent server function (use “snmp-server” command)
Secure IP for NMS (use “snmp-server securityip” command) and community string
(use “snmp-server community” command) are correctly configured, as any of them
fails, SNMP will not be able to communicate with NMS properly.
If Trap function is required, remember to enable Trap (use “snmp-server enable traps”
command): Qnd remember to properly configure the target host IP address and
community string for Trap (use “snmp-server host” command) to ensure Trap
message can be sent to the specified host.
—
—
—
If RMON function is required, RMON must be enabled first (use “rmon enable”
command).
Use “show snmp” command to verify sent and received SNMP messages; Use “show
snmp status” command to SNMP configuration information; Use “debug snmp
packet” to enable SNMP debug function and verify debug information.
If users still can’t solve the SNMP problems, Please contact our technical and service
center.
—
2.5 Switch Upgrade
ES4626/ES4650 provides two ways for switch upgrade: BootROM upgrade and the
TFTP/FTP upgrade under Shell.
2.5.1 BootROM Upgrade
72
Download from Www.Somanuals.com. All Manuals Search And Download.
There are two methods for BootROM upgrade: TFTP and FTP, which can be selected
at BootROM command settings.
Console cable
connection
cable
connection
Fig -2-2 Typical topology for switch upgrade in BootROM mode
The upgrade procedures are listed below:
Step 1:
As shown in the figure, a PC is used as the console for the switch. A console cable is used
to connect PC to the management port on the switch. The PC should have FTP/TFTP
server software installed and has the img file required for the upgrade.
Step 2:
Press “ctrl+b” on switch boot up until the switch enters BootROM monitor mode. The
operation result is shown below:
ES4626 Management Switch
Copyright (c) 2001-2004 by Accton Technology Corporation.
All rights reserved.
Reset chassis ... done.
Testing RAM...
134,217,728 RAM OK.
Loading BootROM...
Starting BootRom...
Attaching to file system ... done.
265.96 BogoMIPS
CPU: Motorola MPC82xx ADS - HIP7
Version: 5.4
73
Download from Www.Somanuals.com. All Manuals Search And Download.
BootRom version: 1.0.4
Creation date: Jun 9 2006, 14: 54: 12
Attached TCP/IP interface to lnPci0.
[Boot]:
Step 3:
Under BootROM mode, run “setconfig” to set the IP address and mask of the switch under
BootROM mode, server IP address and mask, and select TFTP or FTP upgrade. Suppose
the switch address is 192.168.1.2/24, and PC address is 192.168.1.66/24, and select
TFTP upgrade, the configuration should like:
[Boot]: setconfig
Host IP Address: 10.1.1.1 192.168.1.2
Server IP Address: 10.1.1.2 192.168.1.66
FTP(1) or TFTP(2): 1 2
Network interface configure OK.
[Boot]:
Step 4:
Enable FTP/TFTP server in the PC. For TFTP, run TFTP server program; for FTP, run FTP
server program. Before start downloading upgrade file to the switch, verify the connectivity
between the server and the switch by ping from the server. If ping succeeds, run “load”
command in the BootROM mode from the switch; if it fails, perform troubleshooting to find
out the cause. The following is the configuration for the system update mirror file.
[Boot]: load nos.img
Loading...
entry = 0x10010
size = 0x1077f8
Step 5:
Execute “write nos.img” in BootROM mode. The following saves the system update mirror
file.
[Boot]: write nos.img
Programming...
Program OK.
74
Download from Www.Somanuals.com. All Manuals Search And Download.
[Boot]:
Step 6:
After successful upgrade, execute “run” command in BootROM mode to return to CLI
configuration interface.
[Boot]: run(or reboot)
Other commands in BootROM mode
1. DIR command
Used to list existing files in the FLASH.
[Boot]: dir
boot.rom
boot.conf
327,440 1900-01-01 00: 00: 00 --SH
83 1900-01-01 00: 00: 00 --SH
nos.img
2,431,631 1980-01-01 00: 21: 34 ----
2,922 1980-01-01 00: 09: 14 ----
2,431,631 1980-01-01 00: 00: 32 ----
startup-config
temp.img
2. CONFIG RUN command
Used to set the IMG file to run upon system start-up, and the configuration file to run upon
configuration recovery.
[Boot]: config run
Boot File: [nos.img] nos1.img
Config File: [boot.conf]
2.5.2 FTP/TFTP Upgrade
2.5.2.1 Introduction to FTP/TFTP
FTP(File Transfer Protocol)/TFTP(Trivial File Transfer Protocol) are both file transfer
protocols that belonging to fourth layer(application layer) of the TCP/IP protocol stack,
used for transferring files between hosts, hosts and switches. Both of them transfer files in
a client-server model. Their differences are listed below.
FTP builds upon TCP to provide reliable connection-oriented data stream transfer
service. However, it does not provide file access authorization and uses simple
authentication mechanism(transfers username and password in plain text for
authentication). When using FTP to transfer files, two connections need to be established
between the client and the server: a management connection and a data connection. A
transfer request should be sent by the FTP client to establish management connection on
port 21 in the server, and negotiate a data connection through the management
connection.
75
Download from Www.Somanuals.com. All Manuals Search And Download.
There are two types of data connections: active connection and passive connection.
In active connection, the client transmits its address and port number for data
transmission to the sever, the management connection maintains until data transfer is
complete. Then, using the address and port number provided by the client, the server
establishes data connection on port 20 (if not engaged) to transfer data; if port 20 is
engaged, the server automatically generates some other port number to establish data
connection.
In passive connection, the client, through management connection, notify the server
to establish a passive connection. The server then create its own data listening port and
inform the client about the port, and the client establishes data connection to the specified
port.
As data connection is established through the specified address and port, there is a
third party to provide data connection service.
TFTP builds upon UDP, providing unreliable data stream transfer service with no user
authentication or permission-based file access authorization. It ensures correct data
transmission by sending and acknowledging mechanism and retransmission of time-out
packets. The advantage of TFTP over FTP is that it is a simple and low overhead file
transfer service.
ES4626/ES4650 can operate as either FTP/TFTP client or server. When
ES4626/ES4650 operates as a FTP/TFTP client, configuration files or system files can be
downloaded from the remote FTP/TFTP servers(can be hosts or other switches) without
affecting its normal operation. And file list can also be retrieved from the server in ftp client
mode. Of course, ES4626/ES4650 can also upload current configuration files or system
files to the remote FTP/TFTP servers(can be hosts or other switches). When
ES4626/ES4650 operates as a FTP/TFTP server, it can provide file upload and download
service for authorized FTP/TFTP clients, as file list service as FTP server.
Here are some terms frequently used in FTP/TFTP.
ROM: Short for EPROM, erasable read-only memory. EPROM is repalced by FLASH
memory in ES4626/ES4650.
SDRAM: RAM memory in the switch, used for system software operation and
configuration sequence storage.
FLASH: Flash memory used to save system file and configuration file
System file: including system mirror file and boot file.
System mirror file: refers to the compressed file for switch hardware driver and software
support program, usually refer to as IMG upgrade file. In ES4626/ES4650, the system
mirror file is allowed to save in FLASH only. ES4626/ES4650 mandates the name of
system mirror file to be uploaded via FTP in Global Mode to be nos.img, other IMG system
files will be rejected.
Boot file: refers to the file initializes the switch, also referred to as the ROM upgrade file
(Large size file can be compressed as IMG file). In ES4626/ES4650, the boot file is
76
Download from Www.Somanuals.com. All Manuals Search And Download.
allowed to save in ROM only. ES4626/ES4650 mandates the name of the boot file to be
boot.rom.
Configuration file: including start up configuration file and active configuration file. The
distinction between start up configuration file and active configuration file can facilitate the
backup and update of the configurations.
Start up configuration file: refers to the configuration sequence used in switch start up.
ES4626/ES4650 start up configuration file stores in FLASH only, corresponding to the so
called configuration save. To prevent illicit file upload and easier configuration,
ES4626/ES4650 mandates the name of start up configuration file to be startup-config.
Active configuration file: refers to the active configuration sequence use in the switch. In
ES4626/ES4650, the active configuration file stores in the RAM. In the current version, the
active configuration sequence running-config can be saved from the RAM to FLASH by
write command or copy running-config startup-config command, so that the active
configuration sequence becomes the start up configuration file, which is called
configuration save. To prevent illicit file upload and easier configuration, ES4626/ES4650
mandates the name of active configuration file to be running-config.
Factory configuration file: The configuration file shipped with ES4626/ES4650 in the
name of factory-config. Run set default and write, and restart the switch, factory
configuration file will be loaded to overwrite current start up configuration file.
2.5.2.2 FTP/TFTP Configuration
The configurations of ES4626/ES4650 as FTP and TFTP clients are almost the same,
so the configuration procedures for FTP and TFTP are described together in this manual.
2.5.2.2.1
FTP/TFTP Configuration Task Sequence
1. FTP/TFTP client configuration
Upload/download the configuration file or system file.
(1) For FTP client, server file list can be checked.
2. FTP server configuration
(1)Start FTP server
(2)Configure FTP login username and password
(3)Modify FTP server connection idle time
(4)Shut down FTP server
3. TFTP server configuration
(1)Start TFTP server
(2)Configure TFTP server connection idle time
77
Download from Www.Somanuals.com. All Manuals Search And Download.
(3)Configure retransmission times before timeout for packets without
acknowledgement
(4)Shut down TFTP server
1. FTP/TFTP client configuration
(1)FTP/TFTP client upload/download file
Command
Explanation
Admin Mode
copy <source-url> <destination-url>
[ascii | binary]
FTP/TFTP client upload/download file
(2)For FTP client, server file list can be checked.
Global Mode
For FTP client, server file list can be
checked.
dir <ftpServerUrl>
FtpServerUrl format looks like: ftp: //user:
password@IP Address
2. FTP server configuration
(1)Start FTP server
Command
Explanation
Global Mode
Start FTP server, the “no ftp-server enable”
command shuts down FTP server and
prevents FTP user from logging in.
ftp-server enable
no ftp-server enable
(2)Modify FTP server connection idle time
Command
Explanation
Global Mode
ftp-server timeout <seconds>
Set connection idle time
3. TFTP server configuration
(1)Start TFTP server
Command
Explanation
Global Mode
Start TFTP server, the “no ftp-server enable”
command shuts down TFTP server and
prevents TFTP user from logging in.
tftp-server enable
no tftp-server enable
(2)Modify TFTP server connection idle time
78
Download from Www.Somanuals.com. All Manuals Search And Download.
Command
Explanation
Global Mode
tftp-server
retransmission-number
number >
<
Set maximum retransmission time within
timeout interval.
(3)Modify TFTP server connection retransmission time
Command
Explanation
Global Mode
tftp-server
retransmission-number
number >
<
Set maximum retransmission time within
timeout interval.
2.5.2.2.2
2.5.2.2.3
FTP/TFTP Configuration Commands
copy(FTP)
Command: copy <source-url> <destination-url> [ascii | binary]
Function: FTP client upload/download file
Parameter: <source-url> is the source file or directory location to be copied;
<destination-url> is the target address to copy file or directory; <source-url> and
<destination-url> varies according to the file or directory location. ascii Indicates the files
are transferred in ASCII; binary indicates the files are transferred in binary (default) The
URL format for FTP address looks like:
ftp: //<username>: <password>@<ipaddress>/<filename>, where <username>
is the FTP username, <password> is the FTP user password, <ipaddress> is the IP
address of FTP server/client; <filename> is the name of the file to be
uploaded/downloaded via FTP.
Special Keywords in filename
keyword
Source/Target IP address
Active configuration file
Start up configuration file
System file
running-config
startup-config
nos.img
boot.rom
System boot file
Command mode: Admin Mode
79
Download from Www.Somanuals.com. All Manuals Search And Download.
Usage Guide: The command provides command line prompt messages. If the user
enters a command like copy <filename> ftp: // or copy ftp: // <filename> and press
Enter, the following prompt will appear:
ftp server ip address [x.x.x.x] :
ftp username>
ftp password>
ftp filename>
This prompts for the FTP server address, username, password and file name.
Example:
(1)Save the mirror in FLASH to FTP server 10.1.1.1, the login username for the FTP
server is “Switch”, and the password is “Accton”.
Switch#copy nos.img ftp: //Switch: [email protected]/nos.img
(2)Get the system file nos.img from FTP server 10.1.1.1, the login username for the FTP
server is “Switch”, and the password is “Accton”.
Switch#copy ftp: //Switch: [email protected]/nos.img nos.img
(3)Save active configuration file:
Switch#copy running-config startup-config
Related command: write
2.5.2.2.4
dir
Command: dir <ftp-server-url>
Function: check the list for files in the FTP server
Parameter: < ftp-server-url > takes the following format: ftp: //<username>:
<password>@<ipaddress>, where <username> is the FTP username, <password> is the
FTP user password, <ipaddress> is the IP address of FTP server.
Command mode: Global Mode
Example: view file list of the FTP server 10.1.1.1 with the username “Switch” and
password “switch”.
Switch#config
Switch(Config)#dir ftp: //Switch: [email protected]
2.5.2.2.5
ftp-server enable
Command: ftp-server enable
80
Download from Www.Somanuals.com. All Manuals Search And Download.
no ftp-server enable
Function: Start FTP server, the “no ftp-server enable” command shuts down FTP server
and prevents FTP user from logging in.
Default: FTP server is not started by default.
Command mode: Global Mode
Usage Guide: When FTP server function is enabled, the switch can still perform ftp client
functions. FTP server is not started by default.
Example: enable FTP server service.
Switch#config
Switch(Config)# ftp-server enable
2.5.2.2.6
ftp-server timeout
Command: ftp-server timeout <seconds>
Function: Set data connection idle time
Parameter: < seconds> is the idle time threshold ( in seconds) for FTP connection, the
valid range is 5 to 3600.
Default: The system default is 600 seconds.
Command mode: Global Mode
Usage Guide: When FTP data connection idle time exceeds this limit, the FTP
management connection will be disconnected.
Example: Modify the idle threshold to 100 seconds.
Switch#config
Switch(Config)#ftp-server timeout 100
2.5.2.2.7
copy(TFTP)
Command: copy <source-url> <destination-url> [ascii | binary]
Function: TFTP client upload/download file
Parameter: <source-url> is the source file or directory location to be copied;
<destination-url> is the target address to copy file or directory; <source-url> and
<destination-url> varies according to the file or directory location. ascii Indicates the files
are transferred in ASCII; binary indicates the files are transferred in binary (default) The
URL format for TFTP address looks like: tftp: //<ipaddress>/<filename>, where
<ipaddress> is the IP address of TFTP server/client, <filename> is the name of the file to
be uploaded/downloaded via TFTP.
Special Keywords in filename
81
Download from Www.Somanuals.com. All Manuals Search And Download.
keyword
Source/Target IP address
Active configuration file
Start up configuration file
System file
running-config
startup-config
nos.img
boot.rom
System boot file
Command mode: Admin Mode
Usage Guide: The command provides command line prompt messages. If the user
enters a command like copy <filename> tftp: // or copy tftp: // <filename> and press Enter,
the following prompt will appear:
tftp server ip address>
tftp filename>
This prompts for the TFTP server address and file name.
Example:
(1)Save the mirror in FLASH to TFTP server 10.1.1.1:
Switch#copy nos.img tftp: // 10.1.1.1/ nos.img
(2)Get the system file nos.img from TFTP server 10.1.1.1:
Switch#copy tftp: //10.1.1.1/nos.img nos.img
(3)Save active configuration file:
Switch#copy running-config startup-config
Related command: write
2.5.2.2.8
tftp-server enable
Command: tftp-server enable
no tftp-server enable
Function: Start TFTP server, the “no ftp-server enable” command shuts down TFTP
server and prevents TFTP user from logging in.
Default: TFTP server is not started by default.
Command mode: Global Mode
Usage Guide: When TFTP server function is enabled, the switch can still perform tftp
client functions. TFTP server is not started by default.
Example: enable TFTP server service.
Switch#config
Switch(Config)#tftp-server enable
82
Download from Www.Somanuals.com. All Manuals Search And Download.
Related command: tftp-server timeout
2.5.2.2.9
tftp-server retransmission-number
Command: tftp-server retransmission-number <number>
Function: Set the retransmission time for TFTP server
Parameter: < number> is the time to re-transfer, the valid range is 1 to 20.
Default: The default value is 5 retransmission.
Command mode: Global Mode
Example: Modify the retransmission to 10 times.
Switch#config
Switch(Config)#tftp-server retransmission-number 10
2.5.2.2.10
tftp-server transmission-timeout
Command: tftp-server transmission-timeout <seconds>
Function: Set the transmission timeout value for TFTP server
Parameter: < seconds> is the timeout value, the valid range is 5 to 3600s.
Default: The system default timeout setting is 600 seconds.
Command mode: Global Mode
Example: Modify the timeout value to 60 seconds.
Switch#config
Switch(Config)#tftp-server transmission-timeout 60
2.5.2.3 FTP/TFTP Configuration Examples
10. 1. 1. 2
10. 1. 1. 1
Fig -2-3 Download nos.img file as FTP/TFTP client
83
Download from Www.Somanuals.com. All Manuals Search And Download.
Scenario 1: The switch is used as FTP/TFTP client. The switch connects from one of its
ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the switch
acts as a FTP/TFTP client, the IP address of the switch management VLAN is 10.1.1.2.
Download “nos.img” file in the computer to the switch.
„
FTP Configuration
Computer side configuration:
Start the FTP server software on the computer and set the username “Switch”, and the
password “switch”. Place the “12_30_nos.img” file to the appropriate FTP server directory
on the computer.
The configuration procedures of the switch is listed below:
Switch(Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy ftp: //Switch: [email protected]/12_30_nos.img nos.img
With the above commands, the switch will have the “nos.img” file in the computer
downloaded to the FLASH.
„
TFTP Configuration
Computer side configuration:
Start TFTP server software on the computer and place the “nos.img” file to the appropriate
TFTP server directory on the computer.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy tftp: //10.1.1.1/12_30_nos.img nos.img
Scenario 2: The switch is used as FTP server. The switch operates as the FTP server
and connects from one of its ports to a computer, which is a FTP client. Transfer the
“nos.img” file in the switch to the computer and save as 12_25_nos.img.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
84
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#ftp-server enable
Switch(Config)# username Switch password 0 Admin
Computer side configuration:
Login to the switch with any FTP client software, with the username “Admin” and
password “switch”, use the command “get nos.img 12_25_nos.img” to download “nos.img”
file from the switch to the computer.
Scenario 3: The switch is used as TFTP server. The switch operates as the TFTP server
and connects from one of its ports to a computer, which is a TFTP client. Transfer the
“nos.img” file in the switch to the computer.
The configuration procedures of the switch is listed below:
Switch(Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#tftp-server enable
Computer side configuration:
Login to the switch with any TFTP client software, use the “tftp” command to download
“nos.img” file from the switch to the computer.
Scenario 4: The switch is used as FTP/TFTP client. The switch connects from one of its
ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; several
switch user profile configuration files are saved in the computer. The switch operates as
the FTP/TFTP client, the management VLAN IP address is 10.1.1.2. Download switch
user profile configuration files from the computer to the switch FLASH.
„
FTP Configuration
Computer side configuration:
Start the FTP server software on the computer and set the username “Switch”, and the
password “Admin”. Save “Profile1”, “Profile2” and “Profile3” in the appropriate FTP server
directory on the computer.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
85
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy ftp: //Switch: [email protected]/Profile1 Profile1
Switch#copy ftp: //Switch: [email protected]/Profile2 Profile2
Switch#copy ftp: //Switch: [email protected]/Profile3 Profile3
With the above commands, the switch will have the user profile configuration file in the
computer downloaded to the FLASH.
„
TFTP Configuration
Computer side configuration:
Start TFTP server software on the computer and place “Profile1”, “Profile2” and “Profile3”
to the appropriate TFTP server directory on the computer.
The configuration procedures of the switch is listed below:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#exit
Switch#copy tftp: //10.1.1.1/ Profile1 Profile1
Switch#copy tftp: //10.1.1.1/ Profile2 Profile2
Switch#copy tftp: //10.1.1.1/ Profile3 Profile3
Scenario 5: ES4626/ES4650 acts as FTP client to view file list on the FTP server.
Synchronization conditions: The switch connects to a computer by a Ethernet port, the
computer is a FTP server with an IP address of 10.1.1.1; the switch acts as a FTP client,
and the IP address of the switch management VLAN1 interface is 10.1.1.2.
FTP Configuration
PC side:
Start the FTP server software on the PC and set the username “Switch”, and the password
“Admin”.
ES4626:
Switch (Config)#inter vlan 1
Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch (Config-If-Vlan1)#no shut
Switch (Config-If-Vlan1)#exit
Switch (Config)#dir ftp: //Switch: [email protected]
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
86
Download from Www.Somanuals.com. All Manuals Search And Download.
230 User logged in, proceed.
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
recv total = 480
nos.img
nos.rom
parsecommandline.cpp
position.doc
qmdict.zip
shell maintenance statistics.xls
… (some display omitted here)
show.txt
snmp.TXT
226 Transfer complete.
Switch (Config)#
2.5.2.4 FTP/TFTP Troubleshooting Help
2.5.2.4.1
Monitor and Debug Commands
2.5.2.4.1.1
show ftp
Command: show ftp
Function: display the parameter settings for the FTP server
Command mode: Admin Mode
Default: No display by default.
Example:
Switch#show ftp
Timeout : 600
Displayed information
Timeout
Description
Timeout time.
2.5.2.4.1.2
show tftp
Command: show tftp
Function: display the parameter settings for the TFTP server
87
Download from Www.Somanuals.com. All Manuals Search And Download.
Default: No display by default.
Command mode: Admin Mode
Example:
Switch#show tftp
timeout
: 60
Retry Times : 10
Displayed information
Timeout
Explanation
Timeout time.
Retry Times
Retransmission times.
2.5.2.4.2
FTP Troubleshooting Help
When upload/download system file with FTP protocol, the connectivity of the link
must be ensured, i.e., use the “Ping” command to verify the connectivity between the FTP
client and server before running the FTP program. If ping fails, you will need to check for
appropriate troubleshooting information to recover the link connectivity.
&
The following is what the message displays when files are successfully transferred.
Otherwise, please verify link connectivity and retry “copy” command again.
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
200 PORT Command successful.
nos.img file length = 1526021
read file ok
send file
150 Opening ASCII mode data connection for nos.img.
226 Transfer complete.
close ftp client.
&
The following is the message displays when files are successfully received.
Otherwise, please verify link connectivity and retry “copy” command again.
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
200 PORT Command successful.
recv total = 1526037
************************
write ok
88
Download from Www.Somanuals.com. All Manuals Search And Download.
150 Opening ASCII mode data connection for nos.img (1526037 bytes).
226 Transfer complete.
&
If the switch is upgrading system file or system start up file through FTP, the switch
must not be restarted until “close ftp client” or “226 Transfer complete.” is displayed,
indicating upgrade is successful, otherwise the switch may be rendered unable to
start. If the system file and system start up file upgrade through FTP fails, please try
to upgrade again or use the BootROM mode to upgrade.
2.5.2.4.3
TFTP Troubleshooting Help
When upload/download system file with TFTP protocol, the connectivity of the link
must be ensured, i.e., use the “Ping” command to verify the connectivity between the
TFTP client and server before running the TFTP program. If ping fails, you will need to
check for appropriate troubleshooting information to recover the link connectivity.
&
The following is the message displays when files are successfully transferred.
Otherwise, please verify link connectivity and retry “copy” command again.
nos.img file length = 1526021
read file ok
begin to send file,wait...
file transfers complete.
close tftp client.
&
The following is the message displays when files are successfully received.
Otherwise, please verify link connectivity and retry “copy” command again.
begin to receive file,wait...
recv 1526037
************************
write ok
transfer complete
close tftp client.
If the switch is upgrading system file or system start up file through TFTP, the switch must
not be restarted until “close tftp client” is displayed, indicating upgrade is successful,
otherwise the switch may be rendered unable to start. If the system file and system start
up file upgrade through TFTP fails, please try upgrade again or use the BootROM mode to
upgrade.
89
Download from Www.Somanuals.com. All Manuals Search And Download.
2.6 WEB Management
Click Switch Basic Configuration. Users can deploy the switch basic configuration such as
enter or quit privileged mode, enter or quit interface mode, show switch clock and show
switch system version etc.
2.6.1 Switch Basic Configuration
Click Switch Basic Configuration, Switch Basic Configuration. Users can configure
switch clock, CLI prompt message and timeout value for exiting Admin Mode etc.
2.6.1.1BasicConfig
Click Switch Basic Configuration, Switch Basic Configuration, BasicConfig. Users can
configure switch clock, CLI prompt message and mapping between hosts and IP
addresses.
&
Basic clock configuration - Configure system date and clock. See the equivalent
CLI command at 2.1.1
Set HH: MM: SS to 23: 0: 0, set YY.MM.DD to 2002.8.1, and then click Apply. The
switch time is set.
&
Hostname configuration - Configure switch CLI prompt message. See the
equivalent CLI command at 2.1.9
Set Hostname to Test, and then click Apply. The configuration is applied on the
switch.
2.6.1.2Configure exec timeout
Click Switch Basic Configuration, Switch Basic Configuration, Configure exec timeout.
Configure timeout value for exiting Admin Mode. See the equivalent CLI command at
2.1.5
Set Timeout to 6, and then click Apply. The switch timeout value for exiting Admin
Mode is set to 6 minutes.
90
Download from Www.Somanuals.com. All Manuals Search And Download.
2.6.2SNMP Configuration
Click Switch Basic Configuration, SNMP Configuration. The switch SNMP
configuration is shown. Users can configure SNMP.
2.6.2.1 SNMP manager configuration
Click Switch Basic Configuration, SNMP Configuration, SNMP manager configuration.
Configure switch community string. See the equivalent CLI command at 2.4.4.2.2
&
Community string (0-255 character) - Configure community string
Access priority - Specify access mode to MIB. There are two options: Read only
and Read and write.
&
&
State - Valid means to set; Invalid means to delete
For example: Set Community string to qiantu; set Access priority to Read only; set
State to Valid, and click Apply. The configuration is applied on the switch.
2.6.2.2 TRAP manager configuration
Click Switch Basic Configuration, SNMP Configuration, TRAP manager configuration.
Users can configure the IP address and Trap community string of the NMS to receive
SNMP trap message. See the equivalent CLI command at 2.4.4.2.5
&
Trap receiver - IP address of NMS to receive Trap messages
Community string (0-255 character) - Community string used in sending Trap
message
&
&
State - Valid means to set; Invalid means to delete
For example: Set Trap receiver to 41.1.100, set Community string to kevin, set State
to Valid, and then click Apply. The configuration is applied on the switch.
91
Download from Www.Somanuals.com. All Manuals Search And Download.
2.6.2.3 Configure ip address of snmp manager
Click Switch Basic Configuration, SNMP Configuration. Users can configure the
secure IP address for NMS allowed to access the switch. See the equivalent CLI
command at 2.4.4.2.6
&
Security ip address - NMS secure IP address
&
State - Valid means to set; Invalid means to delete
For example: Set Security ip address to 41.1.1.100, set State to Valid, and then click
Apply. The configuration is applied on the switch.
2.6.2.4 SNMP statistics
Click Switch Basic Configuration, SNMP Configuration, SNMP statistics. Users can
display SNMP configuration information. See the equivalent CLI command at 2.4.6.1.1.
2.6.2.5 RMON and TRAP configuration
92
Download from Www.Somanuals.com. All Manuals Search And Download.
Click Switch Basic Configuration, SNMP Configuration, RMON and TRAP
configuration. Users can configure switch RMON:
&
&
&
Snmp Agent state - Enable/disable the switch as SNMP agent. See the
equivalent CLI command at 2.4.4.2.3
RMON state - Enable/disable RMON on the switch. See the equivalent CLI
command at 2.4.4.2.1
Trap state - Enable the switch to send Trap messages. See the equivalent CLI
command at 2.4.4.2.4
For example: Set Snmp Agent state to Enabled, set RMON state to Enabled, set Trap
state to Enabled, and then click Apply. The configuration is applied on the switch.
2.6.3Switch Upgrade
Click Switch update, switch upgrading configuration tree is shown:
TFTP Upgrade:
TFTP client service - TFTP client configuration
TFTP server service - TFTP server configuration
FTP Upgrade:
FTP client service - FTP client configuration
FTP server service - FTP server configuration
2.6.3.1TFTP client configuration
Click TFTP client service. The configuration page is shown. See the equivalent CLI
command at 2.5.2.2.9
The explanation of each field is as below:
Server IP address - Server IP address
Local file name - Local file name
Server file name - Server file name
Operation type - Upload means to upload file, Download means to download file.
Transmission type - ascii means to transmit file in ASCII format, binary means to transmit
93
Download from Www.Somanuals.com. All Manuals Search And Download.
file in binary format
For example: Get system file nos.img from TFTP server 10.1.1.1. Input the information as
below, and then click Apply
2.6.3.2TFTP server configuration
Click TFTP server service. The configuration page is shown. See the equivalent CLI
command at 2.2.2.2
The explanation of each field is as below:
Server state - Server status, enable or disable. See the equivalent CLI command at
2.5.2.2.10
TFTP Timeout - Value of TFTP timeout. See the equivalent CLI command at 2.5.2.2.12
TFTP Retransmit times - Times of TFTP retransmit. See the equivalent CLI command at
2.5.2.2.11
For example: Enable TFTP server. Check “Enabled” box, then click Apply
2.6.3.3FTP client configuration
Click FTP client service. The configuration page is shown. See the equivalent CLI
command at 2.5.2.2.3
The explanation of each field is as below:
Server IP address - Server IP address
Local file name - Local file name
94
Download from Www.Somanuals.com. All Manuals Search And Download.
Server file name - Server file name
Operation type – Upload means to upload file, Download means to download file.
Transmission type-ascii means to transmit file in ASCII format, binary means to transmit
file in binary format
2.6.3.4FTP server configuration
Click FTP server service. The configuration page which includes server configuration and
client configuration is shown.
The explanation of each field for client configuration is as below:
FTP server state - Server state, enabled or disabled. See the equivalent CLI command at
2.5.2.2.5
FTP Timeout - FTP timeout. See the equivalent CLI command at 2.5.2.2.6
The explanation of each field for server configuration is as below:
User name - User name. See the equivalent CLI command at 2.5.2.2.8
Password - Password. See the equivalent CLI command at 2.5.2.2.7
State - Status of password. Plain text means password is in plain text, Encrypted means
password is encrypted. See the equivalent CLI command at 2.5.2.2.32.5.2.2.7
Remove user - Remove user. See the equivalent CLI command at 2.5.2.2.8
Add user – Add user. See the equivalent CLI command at 2.5.2.2.8
2.6.4Monitor and debug command
Click Basic configuration debug. The following terms are displayed.
95
Download from Www.Somanuals.com. All Manuals Search And Download.
Debug command - Debug command
Show clock - Show clock. See the equivalent CLI command at 2.2.4.1
Show flash - Show flash file information. See the equivalent CLI command at 2.2.4.3
Show history - Show recent user input history. See the equivalent CLI command at 2.2.4.4
Show running-config - Show the current effective switch configuration. See the equivalent
CLI command at 2.2.4.6
Show switchport interface - Show port vlan attribute. See the equivalent CLI command at
2.2.4.8
Show tcp - Show the current TCP connection status established to the switch. See the
equivalent CLI command at 2.2.4.9
Show udp - Show the current UDP connection status established to the switch. See the
equivalent CLI command at 2.2.4.10
Show version - Show switch version. See the equivalent CLI command at 2.2.4.13
2.6.4.1Debug command
Click Debug command. The configuration page which includes ping and traceroute is
shown. See the equivalent CLI command at 2.2.1 and at 2.2.3
The explanation of each field for Ping is as below:
IP address - Destination IP address
Hostname - Hostname
The explanation of each field for Traceroute is as below:
IP address - Target host IP address
Hostname – Hostname for the remote host
Hops - Maximum gateway number allowed
Timeout - Timeout value for test packets in milliseconds
2.6.4.2Show port Vlan information
96
Download from Www.Somanuals.com. All Manuals Search And Download.
Click show switchport interface. The configuration page is shown. See the equivalent CLI
command at 2.2.4.8
The explanation of each field is as below:
Port - Port list
Select port1/1, and then click Apply. The port Vlan information is shown.
2.6.4.3Other
Other parts are quite straight forward. Click the node. The relevant information is shown.
There is no need to input or to select.
For example:
Show clock:
Show flash file:
2.6.5Switch basic information
Click Switch basic information node, the configuration page is shown. See the equivalent
CLI command at 2.2.4.13
The explanation of each field is as below:
Device type - Device type
Software version - Software version
Hardware version - Hardware version
97
Download from Www.Somanuals.com. All Manuals Search And Download.
Prompt - Command line prompt messages
2.6.6Switch on-off configuration
Click Switch on-off information node. The configuration page is shown.
The explanation of each field is as below:
RIP Status - Enable or disable RIP. See the equivalent CLI command at 15.3.2.2.17
IGMP Snooping – Enable or disable IGMP Snooping. See the equivalent CLI command at
7.2.2.1
Switch GVRP Status – Enable or disable GVRP. See the equivalent CLI command at
5.3.2.5
Check the items, and click Apply. The configuration is applied on the switch.
2.6.7Switch maintenance
On the mainpage, click Switch maintenance on the left column. Users can make the
configuration of the switch maintenance.
Click Reboot to reboot the switch. See the equivalent CLI command at 2.1.10:
Click Reboot with the default configuration to delete the current configuration and
reboot the switch. The default configuration is used when the switch is rebooted:
98
Download from Www.Somanuals.com. All Manuals Search And Download.
2.6.8Telnet service configuration
On the mainpage, click Talent server configuration on the left column Users can
configure telnet service.
Click Telnet server user configuration to configure telnet service. See the equivalent
CLI command at 2.2.2.3.3:
Telnet server State – Enable or disable telnet server. See the equivalent CLI
command at 2.2.2.3.3
Click Telnet security IP to configure secure IP address which can configure telnet
service. See the equivalent CLI command at 2.2.2.3.4:
Security IP address – Specify secure IP address
Operation – Drop-menu selection: Add Security IP address; Remove Security IP
address
2.6.9username service
In username service, users can add and delete management user name and user
password.
The global user can perform FTP, TFTP, Telnet and Web service.
Level is the user priority. 0 refers to guest priority and 15 refers to admin priority.
State sets if the encrypted password is used.
99
Download from Www.Somanuals.com. All Manuals Search And Download.
2.6.10 Basic host configuration
&
Basic host configuration - Set the mapping relationship between the host and IP
address. See the equivalent CLI command at 2.1.8
Set Hostname to London, set IP address to 200.121.1.1,and then click Apply. The
configuration is applied on the switch.
100
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3 Port Configuration
3.1 Introduction to Port
The front panel of ES4626 provide 4 Combo ports (these Combo ports can be configured as
either 1000MB copper ports or 1000MB SFP fiber ports, but only one type can be selected), 20
1000MB copper ports and 2 XFP 10GB fiber port.
If the user need to configure some network ports, he/she can use the “interface ethernet
<interface-list>” command to enter the appropriate Ethernet port configuration mode, where
<interface-list> stands for one or more ports. If <interface-list> contains multiple ports,
special characters such as “;” or “-” can be used to separate ports. “;” is used for discrete port
numbers and “-” is used for consecutive port number. Suppose operation should be performed
to ports 2, 3, 4, 5, the command can look like this: interface ethernet 1/2-5. Port speed,
duplex mode and traffic control can also be configured under Ethernet Port configuration Mode,
and the performance of the corresponding physical network ports will change accordingly.
3.2 Port Configuration
3.2.1 Network Port Configuration
3.2.1.1 Network Port Configuration Task Sequence
1. Enter the network port configuration mode
2. Configure the properties for the network ports
Configure the combo mode for combo ports
Enable/Disable ports
Configure port names
Configure port cable types
Configure port speed and duplex mode
Configure bandwidth control
Configure traffic control
Enable/Disable port loopback function
Configure broadcast storm control function for the switch
1. Enter the Ethernet port configuration mode
101
Download from Www.Somanuals.com. All Manuals Search And Download.
Command
Explanation
Interface Mode
interface ethernet <interface-list>
Enter the network port configuration mode.
2. Configure the properties for the Ethernet ports
Command
Explanation
Interface Mode
combo-forced-mode { copper-forced Set the combo port mode (combo ports
| copper-preferred-auto | sfp-forced | only); the “no combo-forced-mode”
sfp-preferred-auto }
no combo-forced-mode
shutdown
command restores the default combo
mode for combo ports, i.e. fiber ports first.
Enable/Disable specified ports
no shutdown
description<string>
no description
Name or cancel the name of specified
ports
Set the cable type for the specified port;
this command is not supported on the ports
of 1000MB and above.
mdi { auto | across | normal }
no mdi
speed-duplex {auto | force10-half | Set port speed and duplex mode of
force10-full
|
force100-half
{force1g-half
|
|
100Base/1000Base-TX ports. The “no”
format of this command restores the
force100-full
|
{
force1g-full} [nonegotiate [master | default setting, i.e. negotiate speed and
slave]] } }
duplex mode automatically.
Enable/Disable the auto-negotiation
negotiation
no negotiation
function of 1000Base-FX port.
rate-limit {input|output} <level>
Set or cancel the bandwidth used for
incoming/outgoing traffic for specified ports
Enable/Disable traffic control function for
specified ports
no rate-limit {input|output}
flow control
no flow control
loopback
Enable/Disable loopback test function for
specified ports
no loopback
Enable the storm control function for
broadcast, multicast and unicast for
rate-suppression {dlf | broadcast | unknown destination (short for broadcast),
multicast} <packets>
and set allowed broadcast packet number;
the “no” format of this command disables
the broadcast storm control function.
102
Download from Www.Somanuals.com. All Manuals Search And Download.
3.2.1.2 Ethernet Port Configuration Commands
3.2.1.2.1 Rate-limit
Command: rate-limit {input|output} <level>
no rate-limit {input|output}
Function: Enable the bandwidth control function for the port: the “no bandwidth control”
command disables the bandwidth control function for the port.
Parameter: <level>is the bandwidth limit in Mbps, the valid value ranges from 1 to 10000
M; input means bandwidth control applies to incoming traffic from outside the switch;
output means bandwidth control applies to outgoing traffic to outside the switch
Command mode: Interface Mode
Default: Port bandwidth control is disabled by default.
Usage Guide: When bandwidth control is enabled for a port, and bandwidth limit is set,
then the maximum bandwidth will be limited and no longer be the 10/100/1000M line
speed. Note: The bandwidth limit set must not exceed the maximum physical connection
speed possible of the port. For example, a bandwidth limit of 101 M (or more) cannot be
set for a 10/100M Ethernet port. But for a 10/100/1000M port working less than 100 M, a
bandwidth limit of 101 M (or more) is permitted.
Example: set the bandwidth limit of port 1 – 8 of slot 3 card to 40M.
Switch(Config)#interface ethernet 3/1-8
Switch(Config-Port-Range)# rate-limit input 40
Switch (Config-Port-Range)#rate-limit output 40
3.2.1.2.2
combo-forced-mode
Command: combo-forced-mode {copper-forced | copper-preferred-auto | sfp-forced
| sfp-preferred-auto }
no combo-forced-mode
Function: Set the combo port mode (combo ports only); the “no combo-forced-mode”
command restores the default combo mode for combo ports, i.e. fiber ports first.
Parameter: copper-forced will force to use the copper cable port;
copper-preferred-auto for copper cable port first; sfp-forced for fiber cable forces to use
fiber cable port; sfp-preferred-auto for fiber cable port first.
103
Download from Www.Somanuals.com. All Manuals Search And Download.
Command mode: Interface Mode
Default: The default setting for combo mode of combo ports is fiber cable port first.
Usage Guide: The combo mode of combo ports and the port connection condition
determines the active port of the combo ports. A combo port consists of one fiber port and
a copper cable port. It should be noted that the speed-duplex command applies to the
copper cable port while the negotiation command applies to the fiber cable port, so they
will not conflict. Only one of the fiber cable port or the copper cable port of the same
combo port can be active at a time. Only the active port can send and receive data
normally.
For the determination of active port in a combo port, see the table below. The headline row
in the table indicates the combo mode of the combo port, while the first column indicates
the connection conditions of the combo port, in which “connected” refers to a good
connection of fiber cable port or copper cable port to the other devices.
Copper
forced
Copper
SFP
SFP forced
preferred
preferred
Fiber
connected, Copper
Fiber cable Fiber cable Fiber cable
copper not connected cable port
Copper connected, Copper
fiber not connected cable port
Both fiber and copper Copper
port
port
port
Copper
cable port
Copper
cable port
Fiber cable
port
Fiber cable Copper
port
cable port
Fiber cable Fiber cable
are connected
cable port
port
port
None of fiber and Copper
Fiber cable Fiber cable
port port
copper
connected
Note:
are cable port
&
Combo port is a conception involving physical layer and the LLC sublayer of datalink
layer. The status of combo port will not affect any operation in the MAC sublayer of
datalink layer and upper layers. If the bandwidth limit for a combo port is 1 Mb, then
this 1 Mb applies to the active port of this combo port, regardless of the port type
being copper or fiber.
&
&
If a combo port connects to another combo port, it is recommended for both parties to
use copper- or fiber-forced mode.
Run “show interfaces status” under Admin Mode to check for the active port of a
combo port The following result indicates the active port for a combo port is the fiber
cable port (or copper cable port): Hardware is Gigabit-combo, active is fiber (copper).
Example: Set Port 1/25 -28 to fiber-forced.
Switch(Config)#interface ethernet 1/25-28
Switch(Config-Port-Range)#combo-forced-mode sfp-forced
104
Download from Www.Somanuals.com. All Manuals Search And Download.
3.2.1.2.3
flow control
Command: flow control
no flow control
Function: Enable the flow control function for the port: the “no flow control” command
disables the flow control function for the port.
Command mode: Interface Mode
Default: Port flow control is disabled by default.
Usage Guide: After the flow control function is enabled, the port will notify the sending
device to slow down the sending speed to prevent packet loss when traffic received
exceeds the capacity of port cache. The ports of ES4626/ES4650 support 802.3X fallback
flow control ; the ports work in half duplex mode, supporting fallback flow control. If the
fallback control may result in serious HOL, the switch will automatically start HOL control
(discard some packets in the COS queue that may result in HOL) to prevent drastic
degradation of network performance.
Note: Port flow control function is NOT recommended unless the user needs a slow
speed, low performance network with low packet loss. Flow control will not work
between different cards in the switch. When enable the port flow control function, speed
and duplex mode of both ends should be the same.
Example: Enable the flow control function in ports 1/1-8.
Switch(Config)#interface ethernet 1/1-8
Switch(Config-Port-Range)#flow control
3.2.1.2.4
interface ethernet
Command: interface ethernet <interface-list>
Function: Enter Ethernet Interface Mode from Global Mode.
Parameter: <interface-list> stands for port number.
Command mode: Global Mode
Usage Guide: Run exit command will exit the Ethernet Interface Mode to Global Mode.
Example: Enter the Ethernet Interface Mode for port 1/1, 2/4-5, 3/8.
Switch(Config)#interface ethernet 1/1;2/4-5;3/8
Switch(Config-Port-Range)#
3.2.1.2.5
loopback
105
Download from Www.Somanuals.com. All Manuals Search And Download.
Command: loopback
no loopback
Function: Enable the loopback test function in Ethernet port; the “no loopback”
command disables the loopback test on Ethernet port.
Command mode: Interface Mode
Default: Loopback test is disabled in Ethernet port by default.
Usage Guide: Loopback test can be used to verify the Ethernet ports are working
normally. After loopback enabled, the port will assume a connection established to itself,
and all traffic send from the port will receive in this very port.
Default: Enable loopback test in Ethernet ports 1/1 – 8.
Switch(Config)#interface ethernet 1/1-8
Switch(Config-Port-Range)#loopback
3.2.1.2.6
mdi
Command: mdi { auto | across | normal }
no mdi
Function: Sets the cable types supported by the Ethernet port; the “no mdi” command
sets cable type auto-identification. This command is not supported on the
ES4626/ES4650 ports of 1000MB and above, these ports have auto-identification set for
cable types.
Parameter: auto indicates auto identification of cable types; across indicates crossover
cable support only; normal indicates straight-through cable support only.
Command mode: Interface Mode
Default: Port cable type is set to auto-identification by default.
Usage Guide: Auto-identification is recommended. Generally, straight-through cable is
used for switch-PC connection and crossover cable is used for switch-switch connection.
Example: Set the cable type support of Ethernet ports 3/5 – 8 to straight-through cable
only.
Switch(Config)#interface ethernet 3/5-8
Switch(Config-Port-Range)#mdi normal
3.2.1.2.7
description
Command: description <string>
no description
Function: Sets a name for the specified port “no name” command cancels the setting.
106
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter: <string> is a string, up to 32 characters are allowed.
Command mode: Interface Mode
Default: No name is set by default.
Usage Guide: This command facilitates the management of the switch. The user can
name the ports according to their usage, for example, 1/1-2 ports used by the financial
department, and they can be named "financial”; 2/9 port is used by the engineering
department, and can be named “engineering”; 3/12 port connects to the server, and can
be named “Servers”. Thus the usage of the ports are obvious.
Example: Name ports 1/1-2 as “financial”.
Switch(Config)#interface ethernet 1/1-2
Switch(Config-Port-Range)# descriptionfinancial
3.2.1.2.8
negotiation
Command: negotiation no negotiation
Function: Enable the auto-negotiation function of 1000Base-FX port. Use the “no”
command to disable the auto-negotiation function of 1000Base-FX port. Command mode:
Port configuration Mode
Default: Auto-negotiation is enabled by default.
Usage Guide: This command applies to 1000Base-FX interface only. The negotiation
command is not available for 1000Base-TX or 100Base-TX interface. . For combo port,
this command applies to the 1000Base-FX port only and has no effect on 1000Base-TX
port. To change the negotiation mode, speed and duplex mode of 1000Base-TX port, use
speed-duplex command instead.
Example: Port 1 of Switch1 is connected to port 1 of Switch2, the following will disable the
negotiation for both ports.
Switch1(Config)#interface e1/1
Switch1(Config-Ethernet1/1)# no negotiationSwitch2(Config)#interface e1/1
Switch2(Config-Ethernet1/1)#negotiation
3.2.1.2.9
rate-suppression
Command: rate-suppression {dlf | broadcast | multicast} <packets>
no rate-suppression {dlf | broadcast | multicast}
Function: Sets the traffic limit for broadcast, multicast and unicast for unknown
destination on all ports in the switch; the “no rate-suppression” command disables the
traffic throttle function of broadcast, multicast and unicast for unknown destination on all
ports in the switch, i.e., enable broadcast, multicast and unicast for unknown destination
107
Download from Www.Somanuals.com. All Manuals Search And Download.
to pass through the switch at line speed.
Parameter: use dlf to limit unicast traffic for unknown destination; multicast to limit
multicast traffic; broadcast to limit broadcast traffic. <packets> stands for the number of
packets allowed to pass through per second for non-10Gb ports; for 10 Gb ports, this is
the number of packets allowed to pass through multiplies 1,040. The valid range for both
ports is 1 to 262,143.
Command mode: Interface Mode
Default: no limit is set by default, broadcast, multicast and unicast for unknown
destination are allowed to pass at line speed.
Usage Guide: All the ports in the switch belong to a same broadcast domain if no VLAN is
set. The switch will send the abovementioned three traffics to all the ports in the broadcast
domain, which may result in broadcast storm. Broadcast storm can greatly degrade the
switch performance, enabling broadcast storm control function can protect the switch from
broadcast storm to the best possibility. Note the difference of this command in 10 Gb ports
and other ports. If the allowed traffic is set to 3, it means to allow 3120 packets per second
and discard the rest for 10 Gb ports; while the same setting for non-10 Gb ports means to
allow 3 broadcast packets per second and discard the rest.
Example: Set port 8 – 10(1000Mb) of slot 2 to allow 3 broadcast packets per second.
Switch(Config)#interface ethernet 2/8-10
Switch(Config-Port-Range)#rate-suppression broadcast 3
3.2.1.2.10
shutdown
Command: shutdown
no shutdown
Function: Shut down the specified Ethernet port; the “no shutdown” command enables
the port.
Command mode: Interface Mode
Default: Ethernet port is enable by default.
Usage Guide: When Ethernet port is shut down, no data frames are sent in the port, and
the port status displayed when the user typed “show interfaces status” command is
“down”.
Example: Enable ports 1/1-8.
Switch(Config)#interface ethernet1/1-8
Switch(Config-Port-Range)#no shutdown
3.2.1.2.11
speed-duplex
108
Download from Www.Somanuals.com. All Manuals Search And Download.
Command: speed-duplex {auto | force10-half | force10-full | force100-half |
force100-full | { {force1g-half | force1g-full} [nonegotiate [master | slave]] } }
no speed-duplex
Function: Set the speed and duplex mode for 1000Base-TX or 100Base-TX ports; the
“no speed-duplex” command restores the default speed and duplex mode setting, i.e.
auto speed negotiation and duplex.
Parameter: auto for auto speed negotiation; force10-half for forced 10Mb/s at half
duplex; force10-full for forced 10Mb/s at full duplex mode; force100-half for forced
100Mb/s at half duplex mode; force100-full for forced 100Mb/s at full duplex mode;
force1g-half for forced 1000Mb/s at half duplex mode; force1g-full for forced 1000Mb/s
at full duplex mode; nonegotiate for disable auto negotiation for 1000 Mb port; master for
force the 1000 Mb port to be master mode; slave for force the 1000 Mb port to be slave
mode.
Command mode: Port configuration Mode.
Default: Auto negotiation for speed and duplex mode is set by default.
Usage Guide: This command applies to 1000Base-TX or 100Base-TX ports only.
speed-duplex command is not available for 1000Base-FX port. For combo port, this
command applies to the 1000Base-TX port only and has no effect on 1000Base-FX port.
To change the negotiation mode of 1000Base-FX port, use negotiation command
instead.
When configuring port speed and duplex mode, the speed and duplex mode must be the
same as the setting of the remote end, i.e. if the remote device is set to auto-negotiation,
then auto-negotiation should be set at the local port. If the remote end is in forced mode,
the same should be set in the local end.
1000Gb ports are defaulted to master when configuring nonegotiate mode. If one end is
set to master mode, the other end must be set to slave mode.
force1g-half Is not supported yet.
Example: Port 1 of Switch1 is connected to port 1 of Switch2, the following will set both
ports in forced 100Mb/s at half duplex mode.
Switch1(Config)#interface e1/1
Switch1(Config-Ethernet1/1)#speed-duplex force100-half
Switch2(Config)#interface e1/1
Switch2(Config-Ethernet1/1)#speed-duplex force100-half
3.2.2 VLAN Interface Configuration
3.2.2.1 VLAN Interface Configuration Task Sequence
109
Download from Www.Somanuals.com. All Manuals Search And Download.
1. Enter VLAN Mode
2. Configure the IP address for VLAN interface and enables VLAN interface.
1. Enter VLAN Mode
Command
Explanation
Global Mode
Enter VLAN Interface Mode; the “no
interface vlan <vlan-id>” command
deletes specified VLAN interface or
startup client protocol for bootp/dhcp
ip
[secondary] | bootp | dhcp}
no ip address [<ip-address> <mask>]
address
{<ip-address>
<mask>
2. Configure the IP address for VLAN interface and enables VLAN interface.
Command
Explanation
VLAN Mode
Configure the VLAN interface
IP address;
the “no ip
ip address <ip-address> <mask> [secondary]
no ip address [<ip-address> <mask>]
address
[<ip-address>
<mask>]” command deletes
VLAN interface IP address.
VLAN Mode
shutdown
Enable/Disable VLAN interface
no shutdown
3.2.2.2 VLAN Interface Configuration Commands
3.2.2.2.1 interface vlan
Command: interface vlan <vlan-id>
no interface vlan <vlan-id>
Function: Enter VLAN Interface Mode; the “no interface vlan <vlan-id>” command
deletes existing VLAN interface. .
Parameter: <vlan-id> is the VLAN ID for the establish VLAN, valid range is 1 to 4094.
Command mode: Global Mode
Usage Guide: Before setting a VLAN interface, the existence of the VLAN must be
verified. Run the exit command will exit the VLAN Mode to Global Mode.
Example: Enter the VLAN Interface Mode for VLAN1.
Switch(Config)#interface vlan 1
110
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch(Config-If-Vlan1)#
3.2.2.2.2
ip address
Command: ip address{<ip-address> <mask> [secondary] | bootp | dhcp}
address [<ip-address> <mask>] [secondary]
no ip
Function: Set the IP address and mask for the switch; the “no ip address [<ip-address>
<mask>]” command deletes the specified IP address setting.
Parameter: <ip-address> is the IP address in dot decimal format; <mask> is the subnet
mask in dot decimal format; [secondary] indicates the IP configured is a secondary IP
address.
Command mode: VLAN Interface Mode
Default: No IP address is configured by default.
Usage Guide: This command configures IP address for VLAN interface manually. If the
optional parameter secondary is not present, the IP address will be the primary IP of the
VLAN interface, otherwise, the IP address configured will be the secondary IP address for
the VLAN interface. A VLAN interface can have only one primary IP address but multiple
secondary IP address. Both primary IP address and secondary IP address can be used for
SNMP/Web/Telnet management. In addition, ES4626/ES4650allows IP address to be
obtained through BootP/DHCP.
Example: Set the IP address of VLAN1 interface to 192.168.1.10/24.
Switch(Config-If-Vlan1)#ip address 192.168.1.10 255.255.255.0
3.2.2.2.3
shutdown
Command: shutdown
no shutdown
Function: Shut down the specified VLAN Interface; the “no shutdown” command
enables the VLAN interface.
Command mode: VLAN Interface Mode
Default: VLAN Interface is enable by default.
Usage Guide: When VLAN interface is shutdown, no data frames will be sent by the
VLAN interface. If the VLAN interface need to obtain IP address via BootP/DHCP protocol,
it must be enabled.
Example: Enable VLAN1 interface of the switch.
Switch(Config-If-Vlan1)#no shutdown
111
Download from Www.Somanuals.com. All Manuals Search And Download.
3.2.3 Port Mirroring Configuration
3.2.3.1 Introduction to Port Mirroring
Port mirroring refers to duplicate the data frames sent/received on a port to another
port, where the duplicated port is referred to as mirror source port, and the duplicating port
is referred to as mirror destination port. A protocol analyzer (such as Sniffer) or RMON
monitoring instrument is often attached to the mirror destination port to monitor and
manage the network and diagnostic.
ES4626/ES4650 support one mirror destination port only. The number of mirror
source port is not limited, one or more ports can be used. Multiple source ports can be
within the same VLAN or across several VLANs. The destination port and source port(s)
can locate in different VLANs.
3.2.3.2 Port Mirroring Configuration Task Sequence
1. Specify mirror source port
2. Specify mirror destination port
1. Specify mirror source port
Command
Explanation
Port configuration mode
Specify mirror source port;
the “ no monitor session
port monitor <interface-list> [rx| tx| both] no port
monitor <interface-list> no port monitor
<interface-list>
<session>
<interface-list> | cpu [slot
<slotnum>]}” command
deletes mirror port.
{interface
112
Download from Www.Somanuals.com. All Manuals Search And Download.
3.2.3.3 Port Mirroring Configuration
3.2.3.3.1 port monitor
Command: port monitor <interface-list> [rx| tx| both]
no port monitor <interface-list>
Parameter: <interface-list> is the list of the monitored source interfaces; rx is the
inbound traffic of the monitored source interface; tx is the outbound traffic of the monitored
source interface; both is the inbound and outbound traffic of the monitored source
interface.
Command mode: Interface Mode
Default: There is no monitored interface by default. After this function is enabled, the
inbound and outbound traffic on the source interface is monitored by default.
Usage Guide: The source interface and the destination interface must have the same
speed; otherwise some packets will be lost. Multiple source interfaces can be monitored
on a single destination interface.
Example: On the interface 1/11, monitor the inbound and outbound traffic of the source
interface 1/6.
Switch(config)#interface Ethernet 1/11
Switch(Config-Ethernet1/11)#port monitor Ethernet 1/6 both
3.2.3.4 Port Mirroring Examples
See “Port Configuration Examples”.
3.2.3.5 Device Mirroring Troubleshooting Help
3.2.3.5.1
Monitor and Debug Commands
3.2.3.5.1.1
show port monitor
Command: show port monitor [interface <interface-list>]
Function: Display information about mirror source/destination ports.
Parameter: <interface-list>is the mirror source port(s)
Command mode: Admin Mode
Usage Guide: This command displays the mirror source port(s) and destination port
currently configured.
Example:
113
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch#show port monitor
3.2.3.5.2
Device Mirroring Troubleshooting Help
If problems occur configuring port mirroring, please check the following first for
causes:
& Whether the mirror destination port is a member of a trunk group or not, if yes,
modify the trunk group.
& If the throughput of mirror destination port is smaller than the total throughput of
mirror source port(s), the destination port will not be able to duplicate all source
port traffic; please decrease the number of source ports or duplicate traffic of one
direction only, or choose a port with greater throughput as the destination port.
3.3 Port Configuration Example
No VLAN has been configure in the switches, the default VLAN1 is used.
Switch
SW1
Port
2/7
Property
Ingress bandwidth limit: 150 M
Mirror source port
SW2
1/8
3/9
100M/full, mirror source port
1000M/full, mirror destination port
100M/full
4/12
4/10
SW3
The configurations are listed below:
SW1:
Switch1(Config)#interface ethernet 1/7
Switch1(Config-Ethernet1/7)# rate-limit input 150
Switch1(Config-Ethernet1/7)#rate-limit output 150
SW2:
Switch2(Config)#interface ethernet 1/9
Switch2(Config-Ethernet1/9)# speed-duplex force100-full
Switch2(Config-Ethernet1/9)#exit
Switch2(Config)#interface ethernet 1/12
Switch2(Config-Ethernet1/12)# speed-duplex force1000-full
Switch2(Config-Ethernet1/12)#port monitor interface ethernet1/8;1/9 both
Switch2(Config-Ethernet1/12)#exit
114
Download from Www.Somanuals.com. All Manuals Search And Download.
SW3:
Switch3(Config)#interface ethernet 1/10
Switch3(Config-Ethernet1/10)# speed-duplex force100-full
Switch3(Config-Ethernet1/10)#duplex full
3.4
Port Troubleshooting Help
3.4.1 Monitor and Debug Commands
3.4.1.1 clear counters
Command: clear counters [{ethernet <interface-list> | vlan <vlan-id> | port-channel
<port-channel-number> | <interface-name>}]
Function: Clear the statistics of the specified port.
Parameter: <interface-list> stands for the Ethernet port number; < vlan-id > stands for
the VLAN interface number; <port-channel-number> for trunk interface number;
<interface-name> for interface name, such as port-channel1.
Command mode: Admin Mode
Default: Port statistics are not cleared by default.
Usage Guide: If no port is specified, then statistics of all ports will be cleared.
Example: Clear the statistics for Ethernet port 1/1.
Switch#clear counters ethernet 1/1
3.4.1.2 show interfaces status
Command: show interfaces status [{ethernet <interface-number> | vlan <vlan-id> |
port-channel <port-channel-number> | <interface-name>}]
Function: Display information about specified port.
Parameter: <interface-number> stands for the Ethernet port number; < vlan-id > stands
for the VLAN interface number; <port-channel-number> for trunk interface number;
<interface-name> for interface name, such as port-channel1.
Command mode: Admin Mode
Default: No port information is displayed by default.
Usage Guide: for Ethernet port, this command displays information about port speed,
duplex mode, traffic control on/off, broadcast storm control and statistics for packets
sent/received; for VLAN interface, this command displays MAC address, IP address and
statistics for packets sent/received; for trunk port, this command displays port speed,
115
Download from Www.Somanuals.com. All Manuals Search And Download.
duplex mode, traffic control on/off, broadcast storm control and statistics for packets
sent/received. Usage Guide: If no port is specified, then information for all ports will be
displayed.
Example: Display information about port 4/1.
Switch#show interfaces status ethernet 4/1
3.4.2 Port Troubleshooting Help
Here are some situation frequently occurs in port configuration and the advised
solutions:
&
Two connected fiber interfaces won’t link up if one interface is set to auto
negotiation but the other to forced speed/duplex. This is determined by IEEE
802.3.
&
The following combinations are not recommended: enable traffic control as well
as set multicast limit for the same port; set broadcast, multicast and unicast for
unknown destination control as well as port bandwidth limit for the same port. If
such combinations are set, the port throughput may fall below the expected
performance.
3.5 WEB Management
Click Port configuration, the port configuration page is shown. Users can configure
switch ports features such as port speed and port duplex etc.
3.5.1Ethernet port configuration
Click Port configuration, Ethernet port configuration. The Ethernet port configuration
page is shown. Users can configure Ethernet ports features, such as port speed, port
duplex and bandwidth control etc.
3.5.1.1Physical port configuration
Click Port configuration, Ethernet port configuration, Physical port configuration. The
following port features can be configured:
&
&
Port - Specify the port
mdi – Set the supported cable types on the Ethernet port. Auto
means automatic detected; across means that only the crossover
116
Download from Www.Somanuals.com. All Manuals Search And Download.
cable is support; normal means that only the straight cable is
support. See the equivalent CLI command at 3.2.1.2.6
Admin Status – Enable or disable port. See the equivalent CLI
command at 3.2.1.2.9
&
&
speed/duplex status – Set port duplex. The supported types
include: auto, 10M/Half, 10M/Full, 100M/Half, 100M/Full,
1000M/Half and 1000M/Full. See the equivalent CLI command at
3.2.1.2.2 and 3.2.1.2.10
&
&
port flow control status – Configure port flow control. See the
equivalent CLI command at 3.2.1.2.3
Loopback – Set to allow or not to allow loopback test. See the
equivalent CLI command at 3.2.1.2.5
For example: Specify port as Ethernet1/1; set mdi to normal; set Admin Status to no
shutdown; set speed/duplex status to auto; set port flow control status to Invalid flow
control; set Loopback to no loopback, and then click Apply. The configuration is applied on
the port 1/1.
The switch port information is shown in post list page:
3.5.1.2 Bandwidth control
117
Download from Www.Somanuals.com. All Manuals Search And Download.
Click Port configuration, Ethernet port configuration, Bandwidth control. Users can
configure port bandwidth control. See the equivalent CLI command at 3.2.1.2.1
&
&
Port – Specify the port
Bandwidth control level – Port bandwidth control; valid ranges is 1
to 10000 in Mbps.
&
Control type –input and output means that bandwidth control is
applied to the inbound and outbound traffic; input means that
bandwidth control is only applied to the inbound traffic; output
means that bandwidth control is only applied to the outbound
traffic.
For example: Specify port as Ethernet1/1; set Bandwidth control level to 5000; set
Control type to input, and then click Apply. The configuration is applied on the port 1/1.
The switch port information is shown in post list page:
3.5.2 Vlan interface configuration
118
Download from Www.Somanuals.com. All Manuals Search And Download.
Click Port configuration, Vlan interface configuration. The VLAN port configuration
page is shown. Users can configure port Layer 3 information such as IP address and
network mask etc.
3.5.2.1 Allocate IP address for L3 port
Click Port configuration, Vlan interface configuration, Allocate IP address for L3 port.
Users can configure port Layer 3 IP address. See the equivalent CLI command at
3.2.2.2.2:
&
&
&
&
&
Port – Specify port
Port IP address – Port Layer 3 IP address
Port network mask – Port network mask
Port status – Port Layer 3 status
Operation type – Add or delete IP address
For example: Specify port as Vlan1; set Port IP address to 192.168.1.180; set Port
network mask to 255.255.255.0; set Port status to no shutdown; set Operation type to Add
address, and then click Apply. The configuration is applied on the switch.
3.5.2.2 L3 port IP addr mode configuration
Click Port configuration, Vlan interface configuration, L3 port IP addr mode
configuration. Users can configure the mode of obtaining IP address of the port:
&
&
Port – Specify the port
IP mode – Specify IP address means users specify the IP address
manually; bootp-client means IP address is obtained by BootP. See
the equivalent CLI command at 3.3.2.2; dhcp-client means that IP
address is obtained by DHCP. See the equivalent CLI command at
3.3.2.2.
For example: Specify port as Vlan1; set IP mode to Specify IP address, and then click
Apply. The configuration is applied on the switch.
119
Download from Www.Somanuals.com. All Manuals Search And Download.
3.5.3 Port mirroring configuration
Click Port configuration, Port mirroring configuration. Users can configure port
mirroring.
3.5.3.1 Mirror configuration
Click Port configuration, Port mirroring configuration, Mirror configuration. Users can
configure port mirroring for source interface and destination interface.
Source Interface configuration. See the equivalent CLI command at 3.2.3.3.1:
&
&
&
session – Mirroring session
source interface list – Source interface list for mirroring
Mirror direction – rx means that received traffic is mirrored; tx
means sent traffic is mirrored; both means both received and sent
traffic is mirrored.
For example: Select session 1; set source interface to eth1/1-4, set Mirror direction to
rx, and then click Apply. The configuration is applied on the switch.
Destination Interface configuration. See the equivalent CLI command at 3.2.3.3.2:
&
&
&
session – Mirroring session
destination interface – destination interface for mirroring
tag – Set the vlan tag of the packets sent by the destination
interface. All means that all the packets have vlan tag; preserve
mean that if the packets with vlan tag when they enter the switch,
they keep vlan tag when they are sent out. If the packets without
vlan tag when they enter the switch, they don’t have vlan tag when
they are sent out.
For example: Select session 1; set source interface to 1/5; set tag to preserve, and
then click Apply. The configuration is applied on the switch.
3.5.4 Port debug and maintenance
Click Port configuration, Port debug and maintenance. It is used to enable port debug
management list for obtaining port information.
120
Download from Www.Somanuals.com. All Manuals Search And Download.
3.5.4.1Show port information
Click Port configuration, Port debug and maintenance, Show port information. The
port statistics information is shown. See the equivalent CLI command at 3.4.1.2
For example: Select to display Ethernet1/1, and then click Refresh. The statistics
information of port Ethernet 1/1 is shown.
121
Download from Www.Somanuals.com. All Manuals Search And Download.
122
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4 MAC Table Configuration
4.1 Introduction to MAC Table
MAC table is a table identifies the mapping relationship between destination MAC
addresses and switch ports. MAC addresses can be categorized as static MAC addresses
and dynamic MAC addresses. Static MAC addresses are manually configured by the user,
have the highest priority and are permanently effective (will not be overwritten by dynamic
MAC addresses); dynamic MAC addresses are entries learnt by the switch in data frame
forwarding, and is effective for a limited period. When the switch receives a data frame to
be forwarded, it stores the source MAC address of the data frame and creates a mapping
to the destination port. Then the MAC table is queried for the destination MAC address, if
hit, the data frame is forwarded in the associated port, otherwise, the switch forwards the
data frame to its broadcast domain. If a dynamic MAC address is not learnt from the data
frames to be forwarded for a long time, the entry will be deleted from the switch MAC
table.
There are two MAC table operations:
1. Obtain a MAC address;
2. Forward or filter data frame according to the MAC table.
4.1.1 Obtaining MAC Table
The MAC table can be built up by static configuration and dynamic learning. Static
configuration is to set up a mapping between the MAC addresses and the ports; dynamic
learning is the process in which the switch learns the mapping between MAC addresses
and ports, and updates the MAC table regularly. In this section, we will focus on the
dynamic learning process of MAC table.
123
Download from Www.Somanuals.com. All Manuals Search And Download.
1/5
1/12
PC2
PC1
MAC:00-01-11-11-11-11
PC3
PC4
MAC:00-01-22-22-22-22
MAC:00-01-33-33-33-33 MAC:00-01-44-44-44-44
Fig 4-1 MAC Table dynamic learning
The topology of the figure above: 4 PCs connected to ES4626/ES4650, where PC1
and PC2 belongs to a same physical segment (same collision domain), the physical
segment connects to port 1/5 of ES4626/ES4650; PC3 and PC4 belongs to the same
physical segment that connects to port 1/12 of ES4626/ES4650.
The initial MAC table contains no address mapping entries. Take the communication
of PC1 and PC3 as an example, the MAC address learning process likes the following:
1. When PC1 is sending a message to PC3, the switch receives the source MAC
address 00-01-11-11-11-11 for this message, the mapping entry of 00-01-11-11-11-11
and port 1/5 is added to the switch MAC table.
2. At the same time, the switch learns the message is destined to 00-01-33-33-33-33, as
the MAC table contains only a mapping entry of MAC address 00-01-11-11-11-11 and
port 1/5, and no port mapping for 00-01-33-33-33-33 present, the switch broadcast
this message to all the ports in the switch (assuming all ports belong to the default
VLAN0.
3. PC3 and PC4 on port 1/12 receive the message sent by PC1, but PC4 will not reply,
as the destination MAC address is 00-01-33-33-33-33, only PC3 will reply to PC1.
When port 1/12 receives the message sent by PC3, a mapping entry for MAC address
00-01-33-33-33-33 and port 1/12 is added to the MAC table.
4. Now the MAC table has two dynamic entries, MAC address 00-01-11-11-11-11 - port
1/5 and 00-01-33-33-33-33 – port 1/12.
5. After the communication between PC1 and PC3, the switch does not receive any
message sent from PC1 and PC3. And the MAC address mapping entries in the MAC
table are deleted after 300 seconds. The 300 seconds here is the default aging time
124
Download from Www.Somanuals.com. All Manuals Search And Download.
for MAC address entry in ES4626/ES4650. Aging time can be modified in
ES4626/ES4650.
4.1.2 Forward or Filter
The switch will forward or filter received data frames according to the MAC table.
Take the above figure as an example, assuming ES4626/ES4650 has learnt the MAC
address of PC1 and PC3, and the user manually configured the mapping relationship for
PC2 and PC4 to ports. The MAC table of ES4626/ES4650 will be:
MAC Address
Port number
1/5
Entry added by
00-01-11-11-11-11
00-01-22-22-22-22
00-01-33-33-33-33
00-01-44-44-44-44
Dynamic learning
Static configuration
Dynamic learning
Static configuration
1/5
1/12
1/12
1. Forward data according to the MAC table
If PC1 sends a message to PC3, the switch will forward the data received on port 1/5 from
port 1/12.
2. Filter data according to the MAC table
If PC1 sends a message to PC2, the switch, on checking the MAC table, will find PC2 and
PC1 are in the same physical segment and filter the message (i.e. drop this message).
Three types of frames can be forwarded by the switch:
—
—
—
Broadcast frame
Multicast frame
Unicast frame
The following describes how the switch deals with all the three types of frames:
1. Broadcast frame: The switch can segregate collision domains but not broadcast
domains. If no VLAN is set, all devices connected to the switch are in the same
broadcast domain. When the switch receives a broadcast frame, it forwards the frame
in all ports. When VLANs are configured in the switch, the MAC table will be adapted
accordingly to add VLAN information. In this case, the switch will not forward the
received broadcast frames in all ports, but forward the frames in all ports in the same
VLAN.
2. Multicast frame: When IGMP Snooping function is not enabled, multicast frames are
processed in the same way as broadcast frames; when IGMP Snooping is enabled,
the switch will only forward the multicast frame to the ports belonging to the very
multicast group.
3. Unicast frame: When no VLAN is configured, if the destination MAC addresses are in
the switch MAC table, the switch will directly forward the frames to the associated
125
Download from Www.Somanuals.com. All Manuals Search And Download.
ports; when the destination MAC address in a unicast frame is not found in the MAC
table, the switch will broadcast the unicast frame. When VLANs are configured, the
switch will forward unicast frame within the same VLAN. If the destination MAC
address is found in the MAC table but belonging to different VLANs, the switch can
only broadcast the unicast frame in the VLAN it belongs to.
4.2 MAC Table Configuration
4.2.1 mac-address-table aging-time
Command: mac-address-table static <mac-addr> interface <interface-name>
vlan <vlan-id >
no mac-address-table [<mac-addr>] [interface
<interface-name>] [vlan <vlan-id>] [static| dynamic]
Function: Set the aging time for address mapping entries in the MAC table dynamically
learnt; the “no mac-address-table aging-time” command restores the aging time to the
default 300 seconds.
Parameter: < age> is the aging time in seconds, the valid range is 10 to 100000; 0 for no
aging.
Command mode: Global Mode
Default: The system default aging time is 300 seconds.
Usage Guide: Too short aging time results in many unnecessary broadcasts and causing
performance degradation; too long aging time will leave some obsolete entries occupying
the space of MAC table. For this reason, the user should set a reasonable aging time
according to the production conditions.
If the aging time is set to 0, addresses dynamically learned by the switch will not age in
time, the addresses learned will be kept in the MAC table permanently.
Example: Set the aging time for dynamically learned entries in the MAC table to 400
seconds.
Switch(Config)#mac-address-table aging-time 400
4.2.2 mac-address-table static
Command: mac-address-table static address <mac-addr> vlan <vlan-id> interface
<interface-name>
no mac-address-table [{static | dynamic} [address <mac-addr>] [vlan
<vlan-id>] [interface <interface-name>] ]
126
Download from Www.Somanuals.com. All Manuals Search And Download.
Function: Add or modify static address entry , the “no mac-address-table” command
delete static address entries and dynamic address entries.
Parameter: static stands for static address entry; dynamic for dynamic address entry;
<mac-addr> for MAC address to add or delete; <interface-name> for port name to
forward the MAC frame; <vlan-id> for VLAN number.
Command mode: Global Mode
Default: When configuring VLAN interface, the system will generate a static address
mapping entry for a system inherent MAC address and the VLAN number.
Usage Guide: For some special purpose or if the switch can not learn MAC address
dynamically, the user can use this command to establish mapping relationship between
MAC addresses and ports/VLAN.
“no mac-address-table” command will delete all existing dynamic, static and filter MAC
address entries, except system default reserved entries.
Example: Port 1/1 belongs to VLAN200, set a mapping to MAC address
00-03-0f-f0-00-18.
Switch(Config)#mac-address-table static 00-03-0f-f0-00-18 interface Ethernet 1/5 vlan
200
4.2.3 mac-address-table discard
Command: mac-address-table static <mac-addr> discard vlan <vlan-id >
no mac-address-table [<mac-addr>] discard [vlan <vlan-id>]
Function: Add or modify filter address entry , the “no mac-address-table blackhole”
command delete filter address entries.
Parameter: blackhole stands for a filter entry, filter entries is configured to discard frames
of specified MAC addresses, so that traffic can be filtered. Both source addresses and
destination addresses can be filtered. <mac-addr> stands for MAC addresses to be
added or deleted, <vlan-id> for VLAN number.
Command mode: Global Mode
Usage Guide: “no mac-address-table blackhole” command will delete all filter MAC
address entries in the switch MAC table.
Example: Set 00-03-0f-f0-00-18 to be a filter MAC address entry for VLAN200.
Switch(Config)# mac-address-table static 00-03-0f-f0-00-18 discard vlan 200
127
Download from Www.Somanuals.com. All Manuals Search And Download.
4.3
Typical Configuration Examples
1/5
1/7
1/9
1/11
PC2
PC1
MAC:00-01-11-11-11-11
PC3
PC4
MAC:00-01-22-22-22-22
MAC:00-01-33-33-33-33 MAC:00-01-44-44-44-44
Fig 4-2 MAC Table typical configuration example
Scenario: Four PCs as shown in the above figure connect to port 1/5, 1/7, 1/9, 1/11 of
switch, all the four PCs belong to the default VLAN1. As required by the network
environment, dynamic learning is enabled. PC1 holds sensitive data and can not be
accessed by any other PC that is in another physical segment; PC2 and PC3 have static
mapping set to port 7 and port 9, respectively.
The configuration steps are listed below:
1. Set the MAC address 00-01-11-11-11-11 of PC1 as a filter address.
Switch(Config)# mac-address-table static 00-01-11-11-11-11 discard vlan 12. Set the
static mapping relationship for PC2 and PC3 to port 7 and port 9, respectively.
Switch(Config)# mac-address-table static 00-01-22-22-22-22 interface ethernet 1/7 vlan 1
Switch(Config)#mac-address-table static 00-01-33-33-33-33 interface ethernet 1/9 vlan 1
4.4
Troubleshooting Help
4.4.1 Monitor and Debug Commands
4.4.1.1 show mac-address-table
128
Download from Www.Somanuals.com. All Manuals Search And Download.
Command:
show
mac-address-table
[static|aging-time|discard]
[address
<mac-addr>] Function: Show the current MAC table
Parameter: static static entry; aging-time address aging time; discardiia filter entry;
<mac-addr> entry’s MAC address; <vlan-id> entry’s VLAN number; <interface-name>
entry’s interface name
Command mode: Admin mode
Default: MAC address table is not displayed by default.
Usage guide: This command can display various sorts of MAC address entries. Users
can also use show mac-address-table to display all the MAC address entries.
Example: Display all the filter MAC address entries.
Switch#show mac-address-table discardish
4.4.2 Troubleshooting Help
Using the show mac-address-table command, a port is found to be failed to learn the
MAC of a device connected to it. Possible reasons:
)
)
The connected cable is broken, replace the cable.
Spanning Tree is started and the port is in “discarding” status; or the device is just
connected to the port and Spanning Tree is still under calculation, wait until the
Spanning Tree calculation finishes, and the port will learn the MAC address.
If not the abovementioned problem, please check for port healthy and contact
technical support for solution for port problems.
)
4.5
MAC Address Function Extension
4.5.1 MAC Address Binding
4.5.1.1 Introduction to MAC Address Binding
Most switches support MAC address learning, each port can dynamically learn
several MAC addresses, so that forwarding data streams between known MAC addresses
within the ports can be achieved. If a MAC address is aged, the packet destined for that
entry will be broadcasted. In other words, a MAC address learned in a port will be used for
forwarding in that port, if the connection is changed to another port, the switch will learn
129
Download from Www.Somanuals.com. All Manuals Search And Download.
the MAC address again to forward data in the new port.
However, in some cases, security or management policy may require MAC
addresses to be bound with the ports, only data stream from the binding MAC are allowed
to be forwarded in the ports. That is to say, after a MAC address is bound to a port, only
the data stream destined for that MAC address can flow in from the binding port, data
stream destined for the other MAC addresses that not bound to the port will not be allowed
to pass through the port.
4.5.1.2 MAC Address Binding Configuration
4.5.1.2.1
MAC Address Binding Configuration Task
Sequence
1.
2.
3.
Enable MAC address binding function for the ports
Lock the MAC addresses for a port
MAC address binding property configuration
1. Enable MAC address binding function for the ports
Command
Explanation
Interface Mode
Enable MAC address binding function for
the port and lock the port. When a port is
locked, the MAC address learning
function for the port will be disabled: the
port securityno port-security
“no
switchport
port-security”
command disables the MAC address
binding function for the port,and restores
the MAC address learning function for
the port.
2. Lock the MAC addresses for a port
Command
Explanation
Interface Mode
Convert dynamic secure MAC addresses
learned by the port to static secure MAC
addresses.
switchport port-security convert
130
Download from Www.Somanuals.com. All Manuals Search And Download.
switchport
port-security
timeout Enable port locking timer function; the
“no switchport port-security timeout”
<value>
no switchport port-security timeout
switchport port-security mac-address Add static secure MAC address;
<mac-address> “no switchport port-security
no switchport port-security mac-address” command deletes static
restores the default setting.
the
mac-address <mac-address>
secure MAC address.
Admin Mode
clear port-security dynamic [address Clear dynamic MAC addresses learned
<mac-addr> | interface <interface-id>] by the specified port.
3. MAC address binding property configuration
Command
Explanation
Interface Mode
Set the maximum number of secure
switchport
port-security
maximum
MAC addresses for a port; the “no
<value>
switchport
port-security
no switchport port-security maximum
maximum” command restores the
default value.
<value>
Set the violation mode for the port;
the “no switchport port-security
violation” command restores the
default setting.
port security actionshutdown
no port security violation
4.5.1.2.2
MAC
Address
Binding
Configuration
Commands
4.5.1.2.2.1
port security
Command: port security
no port security
Function: Enable MAC address binding function for the port and lock the port. When a
port is locked, the MAC address learning function for the port will be disabled: the “no
switchport port-security” command disables the MAC address binding function for the
port and restores the MAC address learning function for the port.
Command mode: Interface Mode
Default: MAC address binding is not enabled by default.
Usage Guide: The MAC address binding function, Spanning Tree and Port Aggregation
functions are mutually exclusive. Therefore, if MAC binding function for a port is to be
131
Download from Www.Somanuals.com. All Manuals Search And Download.
enabled, the Spanning Tree and Port Aggregation functions must be disabled, and the
port enabling MAC address binding must not be a Trunk port.
Example: Enable MAC address binding function for port 1and and lock the port. When a
port is locked, the MAC address learning function for the port will be disabled.
Switch(Config)#interface Ethernet 1/1
Switch(Config-Ethernet1/1)#port security
4.5.1.2.2.2
switchport port-security convert
Command: switchport port-security convert
Function: Convert dynamic secure MAC addresses learned by the port to static secure
MAC addresses, and disables the MAC address learning function for the port.
Command mode: Interface Mode
Usage Guide: The port dynamic MAC convert command can only be executed after the
secure port is locked. After this command is executed, the dynamic secure MAC
addresses learned by the port will be converted to static secure MAC addresses. The
command does not reserve configuration.
Example: Convert MAC addresses in port 1 to static secure MAC addresses.
Switch(Config)#interface Ethernet 1/1
Switch(Config-Ethernet1/1)#switchport port-security convert
4.5.1.2.2.3
switchport port-security timeout
Command: switchport port-security timeout <value>
no switchport port-security timeout
Function: Set the timer for port locking; the “no switchport port-security timeout”
command restores the default setting.
Parameter: < value> is the timeout value, the valid range is 0 to 300s.
Command mode: Interface Mode
Default: Port locking timer is not enabled by default.
Usage Guide: The port locking timer function is a dynamic MAC address locking function.
MAC address locking and conversion of dynamic MAC entries to secure address entries
will be performed on locking timer timeout. The MAC address binding function must be
enabled prior to running this command.
Example: Set port1 locking timer to 30 seconds.
Switch(Config)#interface Ethernet 1/1
132
Download from Www.Somanuals.com. All Manuals Search And Download.
Switch(Config-Ethernet1/1)# switchport port-security timeout 30
4.5.1.2.2.4
switchport port-security mac-address
Command: switchport port-security mac-address <mac-address>
no switchport port-security mac-address <mac-address>
Function: Add static secure MAC address; the “no switchport port-security
mac-address” command deletes static secure MAC address.
Command mode: Interface Mode
Parameter: <mac-address> stands for the MAC address to be added/deleted.
Usage Guide: The MAC address binding function must be enabled before static secure
MAC address can be added.
Example: Add MAC 00-03-0F-FE-2E-D3 to port1.
Switch(Config)#interface Ethernet 1/1
Switch(Config-Ethernet1/1)#switchport port-security mac-address 00-03-0F-FE-2E-D3
4.5.1.2.2.5
clear port-security dynamic
Command: clear port-security dynamic [address <mac-addr>
<interface-id> ]
|
interface
Function: Clear the Dynamic MAC addresses of the specified port.
Command mode: Admin Mode
Parameter: <mac-addr> stands MAC address; <interface-id> for specified port number.
Usage Guide: The secure port must be locked before dynamic MAC clearing operation
can be perform in specified port. If no ports and MAC are specified, then all dynamic MAC
in all locked secure ports will be cleared; if only port but no MAC address is specified, then
all MAC addresses in the specified port will be cleared.
Example: Delete all dynamic MAC in port1.
Switch#clear port-security dynamic interface Ethernet 1/1
4.5.1.2.2.6
switchport port-security maximum
Command: switchport port-security maximum <value>
no switchport port-security maximum
Function: Sets the maximum number of secure MAC addresses for a port; the “no
switchport port-security maximum” command restores the maximum secure address
number of 1.
Command mode: Interface Mode
133
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter: < value> is the up limit for static secure MAC address, the valid range is 1 to
128.
Default: The default maximum port secure MAC address number is 1.
Usage Guide: The MAC address binding function must be enabled before maximum
secure MAC address number can be set. If secure static MAC address number of the port
is larger than the maximum secure MAC address number set, the setting fails; extra
secure static MAC addresses must be deleted, so that the secure static MAC address
number is no larger than the maximum secure MAC address number for the setting to be
successful.
Example: Set the maximum secure MAC address number for port 1 to 4.
Switch(Config)#interface Ethernet 1/1
Switch(Config-Ethernet1/1)#switchport port-security maximum 4
4.5.1.2.2.7
port security action shutdown
Command: port security actionshutdown
no port security action
Function: Set the violation mode for the port; the “no” command restores the violation
mode to protect mode ..
Command mode: Interface Mode
Default: The default violation mode for the port “protect mode”.
Usage Guide: The port violation mode can only be set after MAC address binding
function is enabled. If the port violation mode is set to “protect mode”, when the secure
Mac address number exceeds maximum secure MAC address number set, only the
dynamic MAC address learning ability is disabled; if the violation mode is set to
“shutdown”, then the port will be shutdown when the secure Mac address number
exceeds maximum secure MAC address number set, the user can manually enable the
port by “no shutdown” command.
Example: Set the violation mode for port1 to “shutdown”.
Switch(Config)#interface Ethernet 1/1
Switch(Config-Ethernet1/1)# port security action shutdown
4.5.1.3 Mac Address Binding Troubleshooting Help
4.5.1.3.1
MAC Address Binding Debug and Monitor
Commands
134
Download from Www.Somanuals.com. All Manuals Search And Download.
4.5.1.3.1.1
show port-security
Command: show port-security
Function: display the global configuration of secure ports.
Command mode: Admin Mode
Default: Configuration of secure ports is not displayed by default.
Usage Guide: This command displays the information for ports that are currently
configured as secure ports.
Example:
Switch#show port-security
Security Port
MaxSecurityAddr CurrentAddr
(count) (count)
--------------------------------------------------------------------------------------------------------------
Ethernet1/3 128 Protect
Security Action
0
--------------------------------------------------------------------------------------------------------------
Max Addresses limit per port : 128
Total Addresses in System : 2
Displayed information
Security Port
Explanation
Name of port that is configured as a secure
port.
MaxSecurityAddr
CurrentAddr
The maximum secure MAC address
number set for the secure port.
Current secure MAC address number for
the secure port.
Security Action
Violation mode set for the port.
Maximum secure MAC address number set
for each secure port.
Max Addresses limit per port
Total Addresses in System
Current secure MAC address number in the
system.
4.5.1.3.1.2
show port-security interface
Command: show port-security interface <interface-id>
Function: display the configuration of secure port.
Command mode: Admin Mode
Parameter: <interface-list> stands for the port to be displayed.
Default: Configuration of secure ports is not displayed by default.
135
Download from Www.Somanuals.com. All Manuals Search And Download.
Usage Guide: This command displays the detailed configuration information for the
secure port.
Example:
Switch#show port-security interface ethernet 1/1
Ethernet1/1 Port Security : Enabled
Port status : Security Up
Violation mode : Protect
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Lock Timer is ShutDown
Mac-Learning function is : Closed
Displayed information
Port Security :
Explanation
Is port enabled as a secure port?
Port secure status
Port status:
Violation mode :
Violation mode set for the port.
The maximum secure MAC address
number set for the port
Maximum MAC Addresses :
Total MAC Addresses :
Configured MAC Addresses :
Lock Timer
Current secure MAC address number for
the port.
Current secure static MAC address number
for the port.
Whether locking timer (timer timeout) is
enabled for the port.
Mac-Learning function
Is the MAC address learning function
enabled?
4.5.1.3.1.3
show port-security address
Command: show port-security address [interface <interface-id>]
Function: Display the secure MAC addresses of the port.
Command mode: Admin Mode
Parameter: <interface-list> stands for the port to be displayed.
Usage Guide: This command displays the secure port MAC address information, if no
port is specified, secure MAC addresses of all ports are displayed. The following is an
example:
Switch#show port-security address interface ethernet 1/3
Ethernet1/3 Security Mac Address Table
136
Download from Www.Somanuals.com. All Manuals Search And Download.
--------------------------------------------------------------------------------------------------
Vlan
1
Mac Address
Type
Ports
0000.0000.1111
SecureConfigured
Ethernet1/3
--------------------------------------------------------------------------------------------------
Total Addresses : 1
Displayed information
Explanation
Vlan
The VLAN ID for the secure MAC Address
Secure MAC address
Mac Address
Type
Secure MAC address type
The port that the secure MAC address
belongs to
Ports
Total Addresses
Current secure MAC address number in the
system.
4.5.1.3.2
MAC Address Binding Troubleshooting Help
Enabling MAC address binding for ports may fail in some occasions. Here are some
possible causes and solutions:
&
If MAC address binding cannot be enabled for a port, make sure the port is not
executing Spanning tree, port aggregation and is not configured as a Trunk port. MAC
address binding is exclusive to such configurations. If MAC address binding is to be
enabled, the abovementioned functions must be disabled first.
&
If a secure address is set as static address and deleted, than that secure address will
be unusable even though it exists. For this reason, it is recommended to avoid static
address for ports enabling MAC address binding.
4.6 WEB Management
Click MAC address table configuration. The MAC address configuration page is
shown. Users can manage MAC addresses on the switch.
4.6.1 MAC address table configuration
Click MAC address table configuration, MAC address table configuration. Users can
manage, add and delete MAC addresses.
137
Download from Www.Somanuals.com. All Manuals Search And Download.
4.6.1.1 Unicast address configuration
Click MAC address table configuration, MAC address table configuration, Unicast
address configuration. Users can add and delete MAC address. See the equivalent CLI
command at 4.2.2:
&
&
&
&
&
&
MAC address – Specify MAC address
VID – Vlan number of the MAC address
Configuration type – static; blackhole
Port list – Port of the MAC address
Address aging-time – MAC address aging-time
Operation type – Add MAC address; delete MAC address
For example: Set MAC address to 00-11-11-11-11-11; Select VID to 1; select
Configuration type to static; select Port list to Ethernet1/1; set Address aging-time to
400 seconds; select Operation type to add mac address, and then click Add. This
configuration is to add static MAC address 00-11-11-11-11-11 to interface Ethernet 1/1
with VID of 1.
4.6.1.2 Remove static MAC address
Click MAC address table configuration, MAC address table configuration, Remove
static MAC address. Users can delete MAC address. See the equivalent CLI command at
4.2.2:
&
&
&
&
Delete by VID – Specify VID to delete static MAC address. Check “Delete”
box to delete MAC address according to VID.
Delete by MAC – Specify MAC address. Check “Delete” box to delete
specified MAC address.
Delete by port – Specify port to delete MAC address. Check “Delete” box to
delete MAC address according to port.
Port status – Static; dynamic; discard. Check “Delete” box to delete MAC
address according to port MAC status.
138
Download from Www.Somanuals.com. All Manuals Search And Download.
For example: Select VID 1; select interface Ethernet1/1; select Port status to Static,
and then click Apply. All the static MAC addresses on the interface Ethernet 1/1 are
deleted.
4.6.1.3 Static MAC query
Click MAC address table configuration, MAC address table configuration, Static MAC
query. Users can query MAC address. See the equivalent CLI command at 4.4.1.1:
&
&
&
&
Query by VID – Specify VID to search static MAC address. Check “Search”
box to search MAC address according to VID.
Query by MAC –Search MAC address. Check “Search” box to search MAC
address according to MAC address typed.
Query by port – Specify port to search MAC address. Check “Search” box
to search MAC address according to port.
Port status – Static; dynamic; discard. Check “Search” box to search MAC
address according to port MAC status.
For example: Select Port status; check “Port status” box, and then click Search.
The query results are displayed in the new page.
4.6.1.4 Show mac-address-table
Click MAC address table configuration, MAC address table configuration, show
139
Download from Www.Somanuals.com. All Manuals Search And Download.
|