User manual D-LINK DES-3526 - Reference Guide

DES-3526 Layer 2 Switch Command Line Interface Reference Manual Release 2 Second Edition (June 2004) 651ES3526025 Printed In Taiwan RECYCLABLE Wichtige Sicherheitshinweise 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Bitte lesen Sie sich diese Hinweise sorgfältig durch. Heben Sie diese Anleitung für den spätern Gebrauch auf. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur Zubehörteile verwenden, die vom Hersteller zugelassen sind. Das Gerät is vor Feuchtigkeit zu schützen. Bei der Aufstellung des Gerätes ist auf sichern Stand zu achten. Ein Kippen oder Fallen könnte Verletzungen hervorrufen. Verwenden Sie nur sichere Standorte und beachten Sie die Aufstellhinweise des Herstellers. Die Belüftungsöffnungen dienen zur Luftzirkulation die das Gerät vor Überhitzung schützt. Sorgen Sie dafür, daß diese Öffnungen nicht abgedeckt werden. Beachten Sie beim Anschluß an das Stromnetz die Anschlußwerte. Die Netzanschlußsteckdose muß aus Gründen der elektrischen Sicherheit einen Schutzleiterkontakt haben. Verlegen Sie die Netzanschlußleitung so, daß niemand darüber fallen kann. Es sollete auch nichts auf der Leitung abgestellt werden. Alle Hinweise und Warnungen die sich am Geräten befinden sind zu beachten. Wird das Gerät über einen längeren Zeitraum nicht benutzt, sollten Sie es vom Stromnetz trennen. Somit wird im Falle einer Überspannung eine Beschädigung vermieden. Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder Flüssigkeiten in das Gerät gelangen. Dies könnte einen Brand bzw. Elektrischen Schlag auslösen. Öffnen Sie niemals das Gerät. Das Gerät darf aus Gründen der elektrischen Sicherheit nur von authorisiertem Servicepersonal geöffnet werden. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einer qualifizierten Servicestelle zu überprüfen: a ­ Netzkabel oder Netzstecker sint beschädigt. b ­ Flüssigkeit ist in das Gerät eingedrungen. c ­ Das Gerät war Feuchtigkeit ausgesetzt. d ­ Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. e ­ Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt. f ­ Wenn das Gerät deutliche Anzeichen eines Defektes aufweist. Bei Reparaturen dürfen nur Orginalersatzteile bzw. den Orginalteilen entsprechende Teile verwendet werden. Der Einsatz von ungeeigneten Ersatzteilen kann eine weitere Beschädigung hervorrufen. Wenden Sie sich mit allen Fragen die Service und Repartur betreffen an Ihren Servicepartner. Somit stellen Sie die Betriebssicherheit des Gerätes sicher. Zum Netzanschluß dieses Gerätes ist eine geprüfte Leitung zu verwenden, Für einen Nennstrom bis 6A und einem Gerätegewicht grßer 3kg ist eine Leitung nicht leichter als H05VV-F, 3G, 0.75mm2 einzusetzen. 16. 17. 18. WARRANTIES EXCLUSIVE IF THE D-LINK PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, THE CUSTOMER'S SOLE REMEDY SHALL BE, AT D-LINK'S OPTION, REPAIR OR REPLACEMENT. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. D-LINK NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION MAINTENANCE OR USE OF D-LINK'S PRODUCTS D-LINK SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY THE CUSTOMER'S OR ANY THIRD PERSON'S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING OR OTHER HAZARD. LIMITATION OF LIABILITY IN NO EVENT WILL D-LINK BE LIABLE FOR ANY DAMAGES, INCLUDING LOSS OF DATA, LOSS OF PROFITS, COST OF COVER OR OTHER INCIDENTAL, CONSEQUENTIAL OR INDIRECT DAMAGES ARISING OUT THE INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE OR INTERRUPTION OF A D- LINK PRODUCT, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. THIS LIMITATION WILL APPLY EVEN IF D-LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. IF YOU PURCHASED A D-LINK PRODUCT IN THE UNITED STATES, SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU. ii Limited Warranty Hardware: D-Link warrants each of its hardware products to be free from defects in workmanship and materials under normal use and service for a period commencing on the date of purchase from D-Link or its Authorized Reseller and extending for the length of time stipulated by the Authorized Reseller or D-Link Branch Office nearest to the place of purchase. This Warranty applies on the condition that the product Registration Card is filled out and returned to a D-Link office within ninety (90) days of purchase. A list of D-Link offices is provided at the back of this manual, together with a copy of the Registration Card. If the product proves defective within the applicable warranty period, D-Link will provide repair or replacement of the product. D-Link shall have the sole discretion whether to repair or replace, and replacement product may be new or reconditioned. Replacement product shall be of equivalent or better specifications, relative to the defective product, but need not be identical. Any product or part repaired by D-Link pursuant to this warranty shall have a warranty period of not less than 90 days, from date of such repair, irrespective of any earlier expiration of original warranty period. When D-Link provides replacement, then the defective product becomes the property of D-Link. Warranty service may be obtained by contacting a D-Link office within the applicable warranty period, and requesting a Return Material Authorization (RMA) number. If a Registration Card for the product in question has not been returned to D-Link, then a proof of purchase (such as a copy of the dated purchase invoice) must be provided. If Purchaser's circumstances require special handling of warranty correction, then at the time of requesting RMA number, Purchaser may also propose special procedure as may be suitable to the case. After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package to ensure that it will not be damaged in transit, and the RMA number must be prominently marked on the outside of the package. The package must be mailed or otherwise shipped to D-Link with all costs of mailing/shipping/insurance prepaid. D-Link shall never be responsible for any software, firmware, information, or memory data of Purchaser contained in, stored on, or integrated with any product returned to D-Link pursuant to this warranty. Any package returned to D-Link without an RMA number will be rejected and shipped back to Purchaser at Purchaser's expense, and D-Link reserves the right in such a case to levy a reasonable handling charge in addition mailing or shipping costs. Software: Warranty service for software products may be obtained by contacting a D-Link office within the applicable warranty period. A list of D-Link offices is provided at the back of this manual, together with a copy of the Registration Card. If a Registration Card for the product in question has not been returned to a D-Link office, then a proof of purchase (such as a copy of the dated purchase invoice) must be provided when requesting warranty service. The term "purchase" in this software warranty refers to the purchase transaction and resulting license to use such software. D-Link warrants that its software products will perform in substantial conformance with the applicable product documentation provided by D-Link with such software product, for a period of ninety (90) days from the date of purchase from D-Link or its Authorized Reseller. D-Link warrants the magnetic media, on which D-Link provides its software product, against failure during the same warranty period. This warranty applies to purchased software, and to replacement software provided by D-Link pursuant to this warranty, but shall not apply to any update or replacement which may be provided for download via the Internet, or to any update which may otherwise be provided free of charge. D-Link's sole obligation under this software warranty shall be to replace any defective software product with product which substantially conforms to D-Link's applicable product documentation. Purchaser assumes responsibility for the selection of appropriate application and system/platform software and associated reference materials. D-Link makes no warranty that its software products will work in combination with any hardware, or any application or system/platform software product provided by any third party, excepting only such products as are expressly represented, in D-Link's applicable product documentation as being compatible. D-Link's obligation under this warranty shall be a reasonable effort to provide compatibility, but D-Link shall have no obligation to provide compatibility when there is fault in the third-party hardware or software. D-Link makes no warranty that operation of its software products will be uninterrupted or absolutely error-free, and no warranty that all defects in the software product, within or without the scope of D-Link's applicable product documentation, will be corrected. iii Subject to the terms and conditions set forth herein, D-Link Systems, Inc. ("D-Link") provides this Limited warranty for its product only to the person or entity that originally purchased the product from: D-Link or its authorized reseller or distributor and Products purchased and delivered within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates, and U.S. Military Installations, addresses with an APO or FPO. Limited Warranty: D-Link warrants that the hardware portion of the D-Link products described below will be free from material defects in workmanship and materials from the date of original retail purchase of the product, for the period set forth below applicable to the product type ("Warranty Period"), except as otherwise stated herein. Limited Lifetime Warranty for the Product(s) is defined as follows: Hardware for as long as the original customer/end user owns the product, or five years after the product discontinuance, whichever occurs first (exclude power supplies and fans) Power Supplies and Fans Three (3) Year Spare parts and spare kits Ninety (90) days D-Link's sole obligation shall be to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to refund at D-Link's sole discretion. Such repair or replacement will be rendered by D-Link at an Authorized D-Link Service Office. The replacement Hardware need not be new or have an identical make, model or part. D-Link may in its sole discretion replace the defective Hardware (or any part thereof) with any reconditioned product that D-Link reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. Repaired or replacement Hardware will be warranted for the remainder of the original Warranty Period from the date of original retail purchase. If a material defect is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to repair or replace the defective Hardware, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware. All Hardware (or part thereof) that is replaced by D-Link, or for which the purchase price is refunded, shall become the property of D-Link upon replacement or refund. Limited Software Warranty: D-Link warrants that the software portion of the product ("Software") will substantially conform to D-Link's then current functional specifications for the Software, as set forth in the applicable documentation, from the date of original retail purchase of the Software for a period of ninety (90) days ("Warranty Period"), provided that the Software is properly installed on approved hardware and operated as contemplated in its documentation. D-Link further warrants that, during the Warranty Period, the magnetic media on which D-Link delivers the Software will be free of physical defects. D-Link's sole obligation shall be to replace the non-conforming Software (or defective media) with software that substantially conforms to D-Link's functional specifications for the Software or to refund at D-Link's sole discretion. Except as otherwise agreed by D-Link in writing, the replacement Software is provided only to the original licensee, and is subject to the terms and conditions of the license granted by D-Link for the Software. Software will be warranted for the remainder of the original Warranty Period from the date or original retail purchase. If a material non-conformance is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to replace the non-conforming Software, the price paid by the original licensee for the non-conforming Software will be refunded by D-Link; provided that the nonconforming Software (and all copies thereof) is first returned to D-Link. The license granted respecting any Software for which a refund is given automatically terminates. Non-Applicability of Warranty: The Limited Warranty provided hereunder for hardware and software of D-Link's products, will not be applied to and does not cover any product purchased through the inventory clearance or liquidation sale or other sales in which D-Link, the sellers, or the liquidators expressly disclaim their warranty obligation pertaining to the product and in that case, the product is being sold "As-Is" without any warranty whatsoever including, without limitation, the Limited Warranty as described herein, notwithstanding anything stated herein to the contrary. Submitting A Claim: Any claim under this limited warranty must be submitted in writing before the end of the Warranty Period to an Authorized DLink Service Office. The customer must submit as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same. The original product owner must obtain a Return Material Authorization ("RMA") number from the Authorized D-Link Service Office and, if requested, provide written proof of purchase of the product (such as a copy of the dated purchase invoice for the product) before the warranty service is provided. After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package to ensure that it will not be damaged in transit, and the RMA number must be prominently marked on the outside of the package. Do not include any manuals or accessories in the shipping package. D-Link will only replace the defective portion of the Product and will not ship back any accessories. The customer is responsible for all shipping charges to D-Link. No Charge on Delivery ("COD") is allowed. Products sent COD will either be rejected by D-Link or become the property of D-Link. Products should be fully insured by the customer and shipped to D-Link Systems, 17595 MT. Herrman Street, Fountain Valley, CA. 92708. D-Link will not be held responsible for any packages that are lost in transit to DLink. The repaired or replaced packages will be shipped via UPS Ground or any common carrier selected by D-Link, with shipping charges prepaid. Expedited shipping is available if shipping charges are prepaid by the customer. iv D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA number is not visible from the outside of the package. The product owner agrees to pay D-Link's reasonable handling and return shipping charges for any product that is not packaged and shipped in accordance with the foregoing requirements, or that is determined by D-Link not to be defective or non-conforming. What Is Not Covered: This limited warranty provided by D-Link does not cover: Products, if in D-Link's judgment, have been subjected to abuse, accident, alteration, modification, tampering, negligence, misuse, faulty installation, lack of reasonable care, repair or service in any way that is not contemplated in the documentation for the product, or if the model or serial number has been altered, tampered with, defaced or removed; Initial installation, installation and removal of the product for repair, and shipping costs; Operational adjustments covered in the operating manual for the product, and normal maintenance; Damage that occurs in shipment, due to act of God, failures due to power surge, and cosmetic damage; Any hardware, software, firmware or other products or services provided by anyone other than D-Link; Products that have been purchased from inventory clearance or liquidation sales or other sales in which D-Link, the sellers, or the liquidators expressly disclaim their warranty obligation pertaining to the product. Repair by anyone other than D-Link or an Authorized D-Link Service Office will void this Warranty. Disclaimer of Other Warranties: EXCEPT FOR THE LIMITED WARRANTY SPECIFIED HEREIN, THE PRODUCT IS PROVIDED "AS-IS" WITHOUT ANY WARRANTY OF ANY KIND WHATSOEVER INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IF ANY IMPLIED WARRANTY CANNOT BE DISCLAIMED IN ANY TERRITORY WHERE A PRODUCT IS SOLD, THE DURATION OF SUCH IMPLIED WARRANTY SHALL BE LIMITED TO NINETY (90) DAYS. EXCEPT AS EXPRESSLY COVERED UNDER THE LIMITED WARRANTY PROVIDED HEREIN, THE ENTIRE RISK AS TO THE QUALITY, SELECTION AND PERFORMANCE OF THE PRODUCT IS WITH THE PURCHASER OF THE PRODUCT. Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY CHARACTER, WHETHER DIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOSS OF REVENUE OR PROFIT, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, FAILURE OF OTHER EQUIPMENT OR COMPUTER PROGRAMS TO WHICH D-LINK'S PRODUCT IS CONNECTED WITH, LOSS OF INFORMATION OR DATA CONTAINED IN, STORED ON, OR INTEGRATED WITH ANY PRODUCT RETURNED TO D-LINK FOR WARRANTY SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY, EVEN IF D-LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SOLE REMEDY FOR A BREACH OF THE FOREGOING LIMITED WARRANTY IS REPAIR, REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON-CONFORMING PRODUCT. THE MAXIMUM LIABILITY OF D-LINK UNDER THIS WARRANTY IS LIMITED TO THE PURCHASE PRICE OF THE PRODUCT COVERED BY THE WARRANTY. THE FOREGOING EXPRESS WRITTEN WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ANY OTHER WARRANTIES OR REMEDIES, EXPRESS, IMPLIED OR STATUTORY. Governing Law: This Limited Warranty shall be governed by the laws of the state of California. Some states do not allow exclusion or limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the foregoing limitations and exclusions may not apply. This limited warranty provides specific legal rights and the product owner may also have other rights which vary from state to state For detailed warranty outside the United States, please contact corresponding local D-Link office. Register online your D-Link product at http://support.dlink.com/register/ D-Link Offices for Registration and Warranty Service The product's Registration Card, provided at the back of this manual, must be sent to a D-Link office. To obtain an RMA number for warranty service as to a hardware product, or to obtain warranty service as to a software product, contact the D-Link office nearest you. An address/telephone/fax/e-mail/Web site list of D-Link offices is provided in the back of this manual. Trademarks Copyright 2004 D-Link Corporation. Contents subject to change without prior notice. D-Link is a registered trademark of D-Link Corporation/D-Link Systems, Inc. All other trademarks belong to their respective proprietors. Copyright Statement No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems Inc., as stipulated by the United States Copyright Act of 1976. FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with this user's guide, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. CE Mark Warning v This is a Class A product. In a domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures. vi Table of Contents Introduction ..................................................................................................................................................................... 1 Using the Console CLI.................................................................................................................................................... 4 Command Syntax ........................................................................................................................................................... 9 Basic Switch Commands .............................................................................................................................................. 12 Switch Port Commands ................................................................................................................................................ 24 Port Security Commands.............................................................................................................................................. 27 Network Management (SNMP) Commands ................................................................................................................. 30 Switch Utility Commands .............................................................................................................................................. 54 Network Monitoring Commands ................................................................................................................................... 58 Multiple Spanning Tree Protocol (MSTP) Commands ................................................................................................. 72 Forwarding Database Commands................................................................................................................................ 86 Broadcast Storm Control Commands........................................................................................................................... 94 QoS Commands ........................................................................................................................................................... 96 Port Mirroring Commands........................................................................................................................................... 104 VLAN Commands ....................................................................................................................................................... 108 Asymmetric VLAN Commands ................................................................................................................................... 115 Link Aggregation Commands ..................................................................................................................................... 117 Basic IP Commands ................................................................................................................................................... 123 IGMP Snooping Commands ....................................................................................................................................... 125 802.1X Commands ..................................................................................................................................................... 135 Access Control List (ACL) Commands ....................................................................................................................... 148 Traffic Segmentation Commands ............................................................................................................................... 158 Time and SNTP Commands....................................................................................................................................... 160 ARP Commands ......................................................................................................................................................... 167 Routing Table Commands .......................................................................................................................................... 171 MAC Notification Commands ..................................................................................................................................... 173 Access Authentication Control Commands ................................................................................................................ 178 SSH Commands ......................................................................................................................................................... 204 SSL Commands.......................................................................................................................................................... 213 D-Link Single IP Management Commands.................................................................................................................220 Command History List.................................................................................................................................................232 Technical Specifications .............................................................................................................................................236 DES-3526 Layer 2 Fast Ethernet Switch 1 INTRODUCTION The Switch can be managed through the Switch's serial port, Telnet, or the Web-based management agent. The Command Line Interface (CLI) can be used to configure and manage the Switch via the serial port or Telnet interfaces. This manual provides a reference for all of the commands contained in the CLI. Configuration and management of the Switch via the Web-based management agent is discussed in the Manual. Accessing the Switch via the Serial Port The Switch's serial port's default settings are as follows: · · · · 9600 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT-100 terminal and a serial port configured as above is then connected to the Switch's serial port via an RS-232 DB-9 cable. With the serial port properly connected to a management computer, the following screen should be visible. If this screen does not appear, try pressing Ctrl+r to refresh the console screen. Figure 1-1. Initial CLI screen There is no initial username or password. Just press the Enter key twice to display the CLI input cursor - DES-3526:4#. This is the command line where all commands are input. Setting the Switch's IP Address Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch's default IP address is 10.90.90.90. You can change the default Switch IP address to meet the specification of your networking address scheme. 1 DES-3526 Layer 2 Fast Ethernet Switch The Switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found on the initial boot console screen ­ shown below. Figure 1-2. Boot Screen The Switch's MAC address can also be found in the Web management program on the Switch Information (Basic Settings) window on the Configuration menu. The IP address for the Switch must be set before it can be managed with the Web-based manager. The Switch IP address can be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the Switch must be known. The IP address may be set using the Command Line Interface (CLI) over the console serial port as follows: 1. Starting at the command line prompt, enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x's represent the IP address to be assigned to the IP interface named System and the y's represent the corresponding subnet mask. Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x's represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation. 2. The IP interface named System on the Switch can be assigned an IP address and subnet mask which can then be used to connect a management station to the Switch's Telnet or Web-based management agent. 2 DES-3526 Layer 2 Fast Ethernet Switch Figure 1-3. Assigning an IP Address In the above example, the Switch was assigned an IP address of 10.53.13.144 with a subnet mask of 255.0.0.0. The system message Success indicates that the command was executed successfully. The Switch can now be configured and managed via Telnet, SNMP MIB browser and the CLI or via the Web-based management agent using the above IP address to connect to the Switch. 3 DES-3526 Layer 2 Fast Ethernet Switch 2 USING THE CONSOLE CLI The DES-3526 supports a console management interface that allows the user to connect to the Switch's management agent via a serial port and a terminal or a computer running a terminal emulation program. The console can also be used over the network using the TCP/IP Telnet protocol. The console program can be used to configure the Switch to use an SNMP-based network management software over the network. This chapter describes how to use the console interface to access the Switch, change its settings, and monitor its operation. Note: Switch configuration settings are saved to non-volatile RAM using the save command. The current configuration will then be retained in the Switch's NV-RAM, and reloaded when the Switch is rebooted. If the Switch is rebooted without using the save command, the last configuration saved to NV-RAM will be loaded. Connecting to the Switch The console interface is used by connecting the Switch to a VT100-compatible terminal or a computer running an ordinary terminal emulator program (e.g., the HyperTerminal program included with the Windows operating system) using an RS-232C serial cable. Your terminal parameters will need to be set to: · · · · · · VT-100 compatible 9600 baud 8 data bits No parity One stop bit No flow control You can also access the same functions over a Telnet interface. Once you have set an IP address for your Switch, you can use a Telnet program (in VT-100 compatible terminal mode) to access and control the Switch. All of the screens are identical, whether accessed from the console port or from a Telnet interface. After the Switch reboots and you have logged in, the console looks like this: 4 DES-3526 Layer 2 Fast Ethernet Switch Figure 2-1. Initial Console Screen Commands are entered at the command prompt, DES-3526:4#. There are a number of helpful features included in the CLI. Entering the ? command will display a list of all of the top-level commands. Figure 2-2. The ? Command When you enter a command without its required parameters, the CLI will prompt you with a Next possible completions: message. 5 DES-3526 Layer 2 Fast Ethernet Switch Figure 2-3. Example Command Parameter Help In this case, the command config account was entered with the parameter . The CLI will then prompt you to enter the with the message, Next possible completions:. Every command in the CLI has this feature, and complex commands have several layers of parameter prompting. In addition, after typing any given command plus one space, you can see all of the next possible sub-commands, in sequential order, by repeatedly pressing the Tab key. To re-enter the previous command at the command prompt, press the up arrow cursor key. The previous command will appear at the command prompt. Figure 2-4. Using the Up Arrow to Re-enter a Command In the above example, the command config account was entered without the required parameter , the CLI returned the Next possible completions: prompt. The up arrow cursor control key was pressed to re-enter the previous command (config account) at the command prompt. Now the appropriate username can be entered and the config account command re-executed. 6 DES-3526 Layer 2 Fast Ethernet Switch All commands in the CLI function in this way. In addition, the syntax of the help prompts are the same as presented in this manual - angle brackets < > indicate a numerical value or character string, braces { } indicate optional parameters or a choice of parameters, and brackets [ ] indicate required parameters. If a command is entered that is unrecognized by the CLI, the top-level commands will be displayed under the Available commands: prompt. Figure 2-5. The Next Available Commands Prompt The top-level commands consist of commands such as show or config. Most of these commands require one or more parameters to narrow the top-level command. This is equivalent to show what? or config what? Where the what? is the next parameter. For example, if you enter the show command with no additional parameters, the CLI will then display all of the possible next parameters. Figure 2-6. Next possible completions: Show Command 7 DES-3526 Layer 2 Fast Ethernet Switch In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt, the up arrow was used to re-enter the show command, followed by the account parameter. The CLI then displays the user accounts configured on the Switch. 8 DES-3526 Layer 2 Fast Ethernet Switch 3 COMMAND SYNTAX The following symbols are used to describe how command entries are made and values and arguments are specified in this manual. The online help contained in the CLI and available through the console interface uses the same syntax. Note: All commands are case-sensitive. Be sure to disable Caps Lock or any other unwanted function that changes text case. Purpose Syntax Description Encloses a variable or value that must be specified. create ipif vlan ipaddress In the above syntax example, you must supply an IP interface name in the space, a VLAN name in the space, and the network address in the space. Do not type the angle brackets. create ipif Engineering vlan Design ipaddress 10.24.22.5/255.0.0.0 Example Command [square brackets] Purpose Syntax Description Example Command Encloses a required value or set of required arguments. One value or argument can be specified. create account [admin | user] In the above syntax example, you must specify either an admin or a user level account to be created. Do not type the square brackets. create account admin | vertical bar Purpose Syntax Description Example Command Separates two or more mutually exclusive items in a list, one of which must be entered. show snmp [community | detail] In the above syntax example, you must specify either community, or detail. Do not type the backslash. show snmp community {braces} Purpose Encloses an optional value or set of optional arguments. 9 DES-3526 Layer 2 Fast Ethernet Switch {braces} Syntax Description reset {[config | system]} In the above syntax example, you have the option to specify config or detail. It is not necessary to specify either optional value, however the effect of the system reset is dependent on which, if any, value is specified. Therefore, with this example there are three possible outcomes of performing a system reset. See the following chapter, Basic Commands for more details about the reset command. reset config Example command Line Editing Key Usage Delete Backspace Insert or Ctrl+R Left Arrow Right Arrow Up Arrow Deletes the character under the cursor and then shifts the remaining characters in the line to the left. Deletes the character to the left of the cursor and then shifts the remaining characters in the line to the left. Toggle on and off. When toggled on, inserts text and shifts previous text to the right. Moves the cursor to the left. Moves the cursor to the right. Repeats the previously entered command. Each time the up arrow is pressed, the command previous to that displayed appears. This way it is possible to review the command history for the current session. Use the down arrow to progress sequentially forward through the command history list. The down arrow will display the next command in the command history entered in the current session. This displays each command sequentially as it was entered. Use the up arrow to review previous commands. Shifts the cursor to the next field to the left. Down Arrow Tab Multiple Page Display Control Keys Space CTRL+c ESC n p q r Displays the next page. Stops the display of remaining pages when multiple pages are to be displayed. Stops the display of remaining pages when multiple pages are to be displayed. Displays the next page. Displays the previous page. Stops the display of remaining pages when multiple pages are to be displayed. Refreshes the pages currently displayed. 10 DES-3526 Layer 2 Fast Ethernet Switch a Enter Displays the remaining pages without pausing between pages. Displays the next line or table entry. 11 DES-3526 Layer 2 Fast Ethernet Switch 4 BASIC SWITCH COMMANDS The basic switch commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command create account config account show account delete account show session show switch show serial_port config serial_port enable clipaging disable clipaging enable telnet disable telnet enable web disable web save reboot reset login logout Parameters [admin | user] {baud_rate [9600 | 19200 | 38400 | 115200] auto_logout [never | 2_minutes | 5_minutes | 10_minutes | 15_minutes]} {[config | system]} Each command is listed, in detail, in the following sections. create account Purpose Syntax Description Used to create user accounts. create [admin | user] The create account command is used to create user accounts that consist of a username of 1 to 15 characters and a password of 0 to 15 characters. Up to 8 user accounts can be created. admin user Restrictions Only Administrator-level users can issue this command. 12 Parameters DES-3526 Layer 2 Fast Ethernet Switch create account Usernames can be between 1 and 15 characters. Passwords can be between 0 and 15 characters. Example usage: To create an administrator-level user account with the username "dlink". DES-3526:4#create account admin dlink Command: create account admin dlink Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success. DES-3526:4# config account Purpose Syntax Description Parameters Restrictions Used to configure user accounts config account The config account command configures a user account that has been created using the create account command. Only Administrator-level users can issue this command. Usernames can be between 1 and 15 characters. Passwords can be between 0 and 15 characters. Example usage: To configure the user password of "dlink" account: DES-3526:4#config account dlink Command: config account dlink Enter a old password:**** Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success. DES-3526:4# 13 DES-3526 Layer 2 Fast Ethernet Switch show account Purpose Syntax Description Parameters Restrictions Example usage: To display the accounts that have been created: DES-3526:4#show account Command: show account Current Accounts: Username --------------dlink Total Entries: 1 DES-3526:4# Access Level -----------Admin Used to display user accounts show account Displays all user accounts created on the Switch. Up to 8 user accounts can exist at one time. None. Only Administrator-level users can issue this command. delete account Purpose Syntax Description Parameters Restrictions Example usage: To delete the user account "System": DES-3526:4#delete account System Command: delete account System Success. 14 Used to delete an existing user account. delete account The delete account command deletes a user account that has been created using the create account command. Only Administrator-level users can issue this command. DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4# show session Purpose Syntax Description Parameters Restrictions Example usage: To display the way that the users logged in: DES-3526:4#show session Command: show session ID Login Time -*8 00000 days 00:00:37 Live Time From -----------Serial Port 03:36:27 Level Name ----4 ----------Anonymous Used to display a list of currently logged-in users. show session This command displays a list of all the users that are logged-in at the time the command is issued. None None. ------------------------------ --------- show switch Purpose Syntax Description Parameters Restrictions Example usage: To display the Switch's information: DES-3526:4#show switch Command: show switch Device Type Combo Port : DES-3526 Fast Ethernet Switch : 1000Base-T + 1000Base-T 15 Used to display general information about the Switch. show switch This command displays information about the Switch. None. Only Administrator-level users can issue this command. DES-3526 Layer 2 Fast Ethernet Switch MAC Address IP Address VLAN Name Subnet Mask Default Gateway Firmware Version Hardware Version Device S/N Power Status System Name System Location System Contact Spanning Tree GVRP IGMP Snooping TELNET WEB RMON Asymmetric VLAN DES-3526:4# : 00-01-02-03-04-00 : 10.41.44.22 (Manual) : default : 255.0.0.0 : 0.0.0.0 : Build 2.00-B02 : 0A1 : : Main ­ Normal, Redundant ­ Not Present : DES-3526 : 7th_flr_east_cabinet : Julius_Erving_212-555-6666 : Disabled : Disabled : Disabled : Enabled (TCP 23) : Enabled (TCP 80) : Enabled : Disabled Boot PROM Version : Build 3.00.002 show serial_port Purpose Syntax Description Parameters Restrictions Example usage: To display the serial port setting: Used to display the current serial port settings. show serial_port This command displays the current serial port settings. None. None 16 DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#show serial_port Command: show serial_port Baud Rate Data Bits Parity Bits Stop Bits Auto-Logout DES-3526:4# : 9600 :8 : None :1 : 10 mins config serial_port Purpose Syntax Used to configure the serial port. config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never | 2_minutes | 5_minutes | 10_minutes | 15_minutes]} This command is used to configure the serial port's baud rate and auto logout settings. baud_rate [9600 | 19200 | 38400 | 115200]- The serial bit rate that will be used to communicate with the management host. There are four options: 9600, 19200, 38400, 115200. never - No time limit on the length of time the console can be open with no user input. 2_minutes - The console will log out the current user if there is no user input for 2 minutes. 5_minutes - The console will log out the current user if there is no user input for 5 minutes. 10_minutes - The console will log out the current user if there is no user input for 10 minutes. 15_minutes - The console will log out the current user if there is no user input for 15 minutes. Restrictions Description Parameters Only administrator-level users can issue this command. Example usage: To configure baud rate: 17 DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#config serial_port baud_rate 115200 Command: config serial_port baud_rate 115200 Success. DES-3526:4# enable clipaging Purpose Syntax Description Used to pause the scrolling of the console screen when the show command displays more than one page. enable clipaging This command is used when issuing the show command which causes the console screen to rapidly scroll through several pages. This command will cause the console to pause at the end of each page. The default setting is enabled. None. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To enable pausing of the screen display when the show command output reaches the end of the page: DES-3526:4#enable clipaging Command: enable clipaging Success. DES-3526:4# disable clipaging Purpose Used to disable the pausing of the console screen scrolling at the end of each page when the show command displays more than one screen of information. disable clipaging This command is used to disable the pausing of the console screen at the end of each page when the show command would display more than one screen of information. None. Only administrator-level users can issue this command. Syntax Description Parameters Restrictions Example usage: 18 DES-3526 Layer 2 Fast Ethernet Switch To disable pausing of the screen display when show command output reaches the end of the page: DES-3526:4#disable clipaging Command: disable clipaging Success. DES-3526:4# enable telnet Purpose Syntax Description Used to enable communication with and management of the Switch using the Telnet protocol. enable telnet This command is used to enable the Telnet protocol on the Switch. The user can specify the TCP or UDP port number the Switch will use to listen for Telnet requests. - The TCP port number. TCP ports are numbered between 1 and 65535. The "well-known" TCP port for the Telnet protocol is 23. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To enable Telnet and configure port number: DES-3526:4#enable telnet 23 Command: enable telnet 23 Success. DES-3526:4# disable telnet Purpose Syntax Description Parameters Restrictions Example usage: To disable the Telnet protocol on the Switch: 19 Used to disable the Telnet protocol on the Switch. disable telnet This command is used to disable the Telnet protocol on the Switch. None. Only administrator-level users can issue this command. DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#disable telnet Command: disable telnet Success. DES-3526:4# enable web Purpose Syntax Description Used to enable the HTTP-based management software on the Switch. enable web This command is used to enable the Web-based management software on the Switch. The user can specify the TCP port number the Switch will use to listen for Telnet requests. - The TCP port number. TCP ports are numbered between 1 and 65535. The "well-known" port for the Web-based management software is 80. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To enable HTTP and configure port number: DES-3526:4#enable web 80 Command: enable web 80 Success. DES-3526:4# disable web Purpose Syntax Description Parameters Restrictions Example usage: To disable HTTP: 20 Used to disable the HTTP-based management software on the Switch. disable web This command disables the Web-based management software on the Switch. None. Only administrator-level users can issue this command. DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#disable web Command: disable web Success. DES-3526:4# save Purpose Syntax Description Used to save changes in the Switch's configuration to non-volatile RAM. save This command is used to enter the current switch configuration into non-volatile RAM. The saved switch configuration will be loaded into the Switch's memory each time the Switch is restarted. None Only administrator-level users can issue this command. Parameters Restrictions Example usage: To save the Switch's current configuration to non-volatile RAM: DES-3526:4#save Command: save Saving all configurations to NV-RAM... Done. DES-3526:4# reboot Purpose Syntax Description Parameters Restrictions Example usage: To restart the Switch: Used to restart the Switch. reboot This command is used to restart the Switch. None. None. 21 DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#reboot Command: reboot Are you sure want to proceed with the system reboot? (y|n) Please wait, the switch is rebooting... reset Purpose Syntax Description Parameters Used to reset the Switch to the factory default settings. reset {[config | system]} This command is used to restore the Switch's configuration to the default settings assigned from the factory. config - If the keyword `config' is specified, all of the factory default settings are restored on the Switch including the IP address, user accounts, and the switch history log. The Switch will not save or reboot. system - If the keyword `system' is specified all of the factory default settings are restored on the Switch. The Switch will save and reboot after the settings are changed to default. Rebooting will clear all entries in the Forwarding Data Base. If no parameter is specified, the Switch's current IP address, user accounts, and the switch history log are not changed. All other parameters are restored to the factory default settings. The Switch will not save or reboot. Restrictions Example usage: To restore all of the Switch's parameters to their default values: DES-3526:4#reset config Command: reset config Are you sure to proceed with system reset?(y/n) Success. DES-3526:4# Only administrator-level users can issue this command. login Purpose Syntax Description Parameters Restrictions Used to log in a user to the Switch's console. login This command is used to initiate the login procedure. The user will be prompted for a Username and Password. None. None. 22 DES-3526 Layer 2 Fast Ethernet Switch Example usage: To initiate the login procedure: DES-3526:4#login Command: login UserName: logout Purpose Syntax Description Parameters Restrictions Example usage: To terminate the current user's console session: DES-3526:4#logout Used to log out a user from the Switch's console. logout This command terminates the current user's session on the Switch's console. None. None. 23 DES-3526 Layer 2 Fast Ethernet Switch 5 SWITCH PORT COMMANDS The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command config ports Parameters [ {speed [auto | 10_half | 10_full |100_half | 100_full | 1000_full} | flow_control [enable | disable] | learning [enable | disable] state [enable | disable]} description {description} show ports Each command is listed, in detail, in the following sections. config ports Purpose Syntax Used to configure the Switch's Ethernet port settings. config ports[ {speed [auto | 10_half | 10_full |100_half | 100_full | 1000_full} | flow_control [enable | disable] | learning [enable | disable] state [enable | disable] description This command allows for the configuration of the Switch's Ethernet ports. Only the ports listed in the will be affected. all - Configure all ports on the Switch. - Specifies a port or range of ports to be configured. speed ­ Allows the user to adjust the speed for a port or range of ports. The user has a choice of the following: · · auto - Enables auto-negotiation for the specified range of ports. [10 | 100 | 1000] - Configures the speed in Mbps for the specified range of ports. Gigabit ports are statically set to 1000 and cannot be set to slower speeds. [half | full] - Configures the specified range of ports as either full-duplex or half-duplex. Description Parameters · flow_control [enable | disable] ­ Enable or disable flow control for the specified ports. learning [enable | disable] - Enables or disables the MAC address learning on the specified range of ports. state [enable | disable] - Enables or disables the specified range of ports. description - Enter an alphanumeric string of no more than 32 characters to describe a selected port interface. Restrictions Example usage: To configure the speed of port 3 to be 10 Mbps, full duplex, with learning and state enabled: 24 Only administrator-level users can issue this command. DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#config ports 1-3 speed 10_full learning enable state enable Command: config ports 1-3 speed 10_full learning enable state enable Success. DES-3526:4# show ports Purpose Syntax Description Parameters Used to display the current configuration of a range of ports. show ports {description} This command is used to display the current configuration of a range of ports. - Specifies a port or range of ports to be displayed. {description} ­ Adding this parameter to the show ports command indicates that a previously entered port description will be included in the display. Restrictions Example usage: To display the configuration of all ports on a standalone switch: DES-3526:4#show ports Command show ports: Port -----1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Port State -------Settings --------------------Connection --------------------Link Down Link Down Link Down Link Down Link Down Link Down Link Down Link Down Link Down 100M/Full/None Link Down Link Down Link Down Link Down Link Down Link Down Address -------Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled None. Speed/Duplex/FlowCtrl Speed/Duplex/FlowCtrl Learning Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Enabled Enabled Auto/Disabled Enabled Auto/Disabled Enabled Auto/Disabled Enabled Auto/Disabled 25 DES-3526 Layer 2 Fast Ethernet Switch 17 18 19 20 Enabled Auto/Disabled Enabled Auto/Disabled Enabled Auto/Disabled Enabled Auto/Disabled Link Down Link Down Link Down Link Down Enabled Enabled Enabled Enabled CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh Example usage: To display the configuration of all ports on a standalone switch, with description: DES-3526:4#show ports description Command: show ports description Port Port State ------ -------1 Settings Connection Address Learning -------Enabled Speed/Duplex/FlowCtrl Speed/Duplex/FlowCtrl ----------------------------------------Link Down Enabled Auto/Disabled Description: dads1 2 Enabled Auto/Disabled Link Down Enabled Description: 3 Enabled Auto/Disabled Link Down Enabled Description: 4 Enabled Auto/Disabled Link Down Enabled Description: 5 Enabled Auto/Disabled Link Down Enabled Description: 6 Enabled Auto/Disabled Link Down Enabled Description: 7 Enabled Auto/Disabled Link Down Enabled Description: 8 Enabled Auto/Disabled Link Down Enabled Description: 9 Enabled Auto/Disabled Link Down Enabled Description: 10 Enabled Auto/Disabled Link Down Enabled Description: CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh 26 DES-3526 Layer 2 Fast Ethernet Switch 6 PORT SECURITY COMMANDS The Switch's port security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command config port_security ports delete port_security entry clear port_security_entry show port_security Parameters [ | all ] {admin_state [enable| disable] | max_learning_addr | lock_address_mode [Permanent | DeleteOnTimeout | DeleteOnReset]} vlan_name mac_address port port {ports } Each command is listed, in detail, in the following sections. config port_security ports Purpose Syntax Used to configure port security settings. config port_security ports [ | all ] {admin_state [enable| disable] | max_learning_addr | lock_address_mode [Permanent | DeleteOnTimeout | DeleteOnReset]} This command allows for the configuration of the port security feature. Only the ports listed in the are affected. portlist - Specifies a port or range of ports to be configured. all - Configure port security for all ports on the Switch. admin_state [enable | disable] ­ Enable or disable port security for the listed ports. max_learning_addr - Use this to limit the number of MAC addresses dynamically listed in the FDB for the ports. lock_address_mode [Permanent | DeleteOnTimout | DeleteOnReset] ­ Indicates the method of locking addresses. The user has three choices: Permanent ­ The locked addresses will not age out after the aging timer expires. DeleteOnTimeout ­ The locked addresses will age out after the aging timer expires. DeleteOnReset ­ The locked addresses will not age out until the Switch has been reset. Restrictions Only administrator-level users can issue this command. Description Parameters 27 DES-3526 Layer 2 Fast Ethernet Switch Example usage: To configure the port security: DES-3526:4#config port_security ports 1-5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Command: config port_security ports 1-5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Success. DES-3526:4# delete port_security_entry Purpose Syntax Description Parameters Used to delete a port security entry by MAC address, port number and VLAN ID. delete port_security_entry vlan name mac_address port This command is used to delete a single, previously learned port security entry by port, VLAN name, and MAC address. vlan name - Enter the corresponding vlan name of the port which the user wishes to delete. mac_address - Enter the corresponding MAC address, previously learned by the port, which the user wishes to delete. port - Enter the port number which has learned the previously enterd MAC address. Restrictions Example usage: To delete a port security entry: DES-3526:4#delete port_security_entry vlan_name default mac_address 00-01-30-10-2C-C7 port 6 Command: delete port_security_entry vlan_name default mac_address 00-01-30-10-2C-C7 port 6 Success. DES-3526:4# Only administrator-level users can issue this command. clear port_security_entry Purpose Used to clear MAC address entries learned from a specified port for the port security function. 28 DES-3526 Layer 2 Fast Ethernet Switch clear port_security_entry Syntax Description clear port_security_entry ports This command is used to clear MAC address entries which were learned by the Switch by a specified port. This command only relates to the port security function. - Specifies a port or port range the user wishes to clear. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To clear a port security entry by port: DES-3526:4# clear port_security_entry port 6 Command: clear port_security_entry port 6 Success. DES-3526:4# show port_security Purpose Syntax Description Used to display the current port security configuration. show port_security {ports } This command is used to display port security information of the Switch's ports. The information displayed includes port security, admin state, maximum number of learning address and lock mode. - Specifies a port or range of ports to be viewed. None. Parameters Restrictions Example usage: To display the port security configuration: DES-3526:4#show port_security ports 1-5 Command: show port_security ports 1-5 Port ---1 2 3 4 5 Admin State ----------Disabled Disabled Disabled Disabled Disabled Max. Learning Addr. ------------------1 1 1 1 1 Lock Address Mode ----------------DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh 29 DES-3526 Layer 2 Fast Ethernet Switch 7 NETWORK MANAGEMENT (SNMP) COMMANDS The network management commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. The DES-3526 supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. You can specify which version of the SNMP you want to use to monitor and control the Switch. The three versions of SNMP vary in the level of security provided between the management station and the network device. The following table lists the security features of the three SNMP versions: SNMP Version v1 v2c v3 v3 Authentication Method Community String Community String Username MD5 or SHA Description Community String is used for authentication - NoAuthNoPriv Community String is used for authentication - NoAuthNoPriv Username is used for authentication - NoAuthNoPriv Authentication is based on the HMAC-MD5 or HMAC-SHA algorithms - AuthNoPriv Authentication is based on the HMAC-MD5 or HMAC-SHA algorithms - AuthPriv. DES 56-bit encryption is added based on the CBC-DES (DES-56) standard v3 MD5 DES or SHA DES Command create snmp user Parameters {encrypted [by_password auth [md5 | sha ] priv [none | des ] | by_key auth [md5 | sha ] priv [none | des ]]} delete snmp user show snmp user create snmp view delete snmp view show snmp view create snmp community delete snmp community show snmp view_type [included | excluded] [all | oid] view [read_only | read_write] 30 DES-3526 Layer 2 Fast Ethernet Switch Command community config snmp engineID show snmp engineID create snmp group Parameters {v1 | v2c |v3 [noauth_nopriv | auth_nopriv | auth_priv ]} {read_view | write_view | notify_view } delete snmp group show snmp groups create snmp host delete snmp host show snmp host create trusted_host delete trusted_host show trusted_host enable snmp traps enable snmp authenticate_traps show snmp traps disable snmp traps disable snmp authenticate_traps config snmp system contact config snmp system location config snmp system name enable rmon disable rmon {v1 |v2c | v3 [noauth_nopriv | auth_nopriv | auth_priv]} Each command is listed, in detail, in the following sections. create snmp user Purpose Syntax Used to create a new SNMP user and adds the user to an SNMP group that is also created by this command. create snmp user {encrypted [by_password auth [md5 | sha ] priv [none | des ] | by_key auth [md5 | sha ] priv [none | des ]]} 31 DES-3526 Layer 2 Fast Ethernet Switch create snmp user Description The create snmp user command creates a new SNMP user and adds the user to an SNMP group that is also created by this command. SNMP ensures: Message integrity - Ensures that packets have not been tampered with during transit. Authentication - Determines if an SNMP message is from a valid source. Encryption - Scrambles the contents of messages to prevent it from being viewed by an unauthorized source. Parameters - An alphanumeric name of up to 32 characters that will identify the new SNMP user. - An alphanumeric name of up to 32 characters that will identify the SNMP group the new SNMP user will be associated with. encrypted ­ Allows the user to choose a type of authorization for authentication using SNMP. The user may choose: · by_password ­ Requires the SNMP user to enter a password for authentication and privacy. The password is defined by specifying the auth_password below. This method is recommended. by_key ­ Requires the SNMP user to enter a encryption key for authentication and privacy. The key is defined by specifying the key in hex form below. This method is not recommended. · auth - The user may also choose the type of authentication algorithms used to authenticate the snmp user. The choices are: md5 - Specifies that the HMAC-MD5-96 authentication level will be used. md5 may be utilized by entering one of the following: · - An alphanumeric sting of between 8 and 16 characters that will be used to authorize the agent to receive packets for the host. - Enter an alphanumeric sting of exactly 32 characters, in hex form, to define the key that will be used to authorize the agent to receive packets for the host. · sha - Specifies that the HMAC-SHA-96 authentication level will be used. · - An alphanumeric sting of between 8 and 20 characters that will be used to authorize the agent to receive packets for the host. - Enter an alphanumeric sting of exactly 40 characters, in hex form, to define the key that 32 · DES-3526 Layer 2 Fast Ethernet Switch create snmp user will be used to authorize the agent to receive packets for the host. priv ­ Adding the priv (privacy) parameter will allow for encryption in addition to the authentication algorithm for higher security. The user may choose: · des ­ Adding this parameter will allow for a 56-bit encryption to be added using the DES-56 standard using: - An alphanumeric string of between 8 and 16 characters that will be used to encrypt the contents of messages the host sends to the agent. - Enter an alphanumeric key string of exactly 32 characters, in hex form, that will be used to encrypt the contents of messages the host sends to the agent. · Restrictions Example usage: To create an SNMP user on the Switch: DES-3526:4#create snmp user dlink default encrypted by_password auth md5 canadian priv none Command: create snmp user dlink default encrypted by_password auth md5 canadian priv none Success. DES-3526:4# none ­ Adding this parameter will add no encryption. Only administrator-level users can issue this command. delete snmp user Purpose Syntax Description Parameters Restrictions Example usage: To delete a previously entered SNMP user on the Switch: 33 Used to remove an SNMP user from an SNMP group and also to delete the associated SNMP group. delete snmp user The delete snmp user command removes an SNMP user from its SNMP group and then deletes the associated SNMP group. - An alphanumeric string of up to 32 characters that identifies the SNMP user that will be deleted. Only administrator-level users can issue this command. DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#delete snmp user dlink Command: delete snmp user dlink Success. DES-3526:4# show snmp user Purpose Syntax Description Parameters Restrictions Example usage: To display the SNMP users currently configured on the Switch: DES-3526:4#show snmp user Command: show snmp user Used to display information about each SNMP username in the SNMP group username table. show snmp user The show snmp user command displays information about each SNMP username in the SNMP group username table. None. Only administrator-level users can issue this command. Username Group Name SNMP Version --------------- -------------initial initial -----------V3 Auth-Protocol PrivProtocol ----------------None ----------------None Total Entries: 1 DES-3526:4# create snmp view Purpose Syntax Description Parameters Used to assign views to community strings to limit which MIB objects and SNMP manager can access. create snmp view view_type [included | excluded] The create snmp view command assigns views to community strings to limit which MIB objects an SNMP manager can access. - An alphanumeric string of up to 32 characters that identifies the SNMP view that will be created. - The object ID that identifies an object tree (MIB tree) that will 34 DES-3526 Layer 2 Fast Ethernet Switch create snmp view be included or excluded from access by an SNMP manager. view type ­ Sets the view type to be: · · Restrictions Example usage: To create an SNMP view: DES-3526:4#create snmp view dlinkview 1.3.6 view_type included Command: create snmp view dlinkview 1.3.6 view_type included Success. DES-3526:4# included - Include this object in the list of objects that an SNMP manager can access. excluded - Exclude this object from the list of objects that an SNMP manager can access. Only administrator-level users can issue this command. delete snmp view Purpose Syntax Description Parameters Used to remove an SNMP view entry previously created on the Switch. delete snmp view [all | ] The delete snmp view command is used to remove an SNMP view previously created on the Switch. - An alphanumeric string of up to 32 characters that identifies the SNMP view to be deleted. all - Specifies that all of the SNMP views on the Switch will be deleted. - The object ID that identifies an object tree (MIB tree) that will be deleted from the Switch. Restrictions Example usage: To delete a previously configured SNMP view from the Switch: Only administrator-level users can issue this command. 35 DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#delete snmp view dlinkview all Command: delete snmp view dlinkview all Success. DES-3526:4# show snmp view Purpose Syntax Description Parameters Restrictions Example usage: To display SNMP view configuration: DES-3526:4#show snmp view Command: show snmp view Vacm View Table Settings View Name -------------------ReadView WriteView NotifyView restricted restricted restricted restricted restricted CommunityView CommunityView CommunityView Total Entries: 11 DES-3526:4# Subtree ------------------------1 1 1.3.6 1.3.6.1.2.1.1 1.3.6.1.2.1.11 1.3.6.1.6.3.10.2.1 1.3.6.1.6.3.11.2.1 1.3.6.1.6.3.15.1.1 1 1.3.6.1.6.3 1.3.6.1.6.3.1 View Type ---------Included Included Included Included Included Included Included Included Included Excluded Included Used to display an SNMP view previously created on the Switch. show snmp view {} The show snmp view command displays an SNMP view previously created on the Switch. - An alphanumeric string of up to 32 characters that identifies the SNMP view that will be displayed. None. create snmp community Purpose Used to create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the Switch. One or more of the following characteristics can be associated with the community string: 36 DES-3526 Layer 2 Fast Ethernet Switch create snmp community An Access List of IP addresses of SNMP managers that are permitted to use the community string to gain access to the Switch's SNMP agent. An MIB view that defines the subset of all MIB objects that will be accessible to the SNMP community. read_write or read_only level permission for the MIB objects accessible to the SNMP community. Syntax Description create snmp community view [read_only | read_write] The create snmp community command is used to create an SNMP community string and to assign access-limiting characteristics to this community string. - An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the Switch's SNMP agent. - An alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the Switch. read_only - Specifies that SNMP community members using the community string created with this command can only read the contents of the MIBs on the Switch. read_write - Specifies that SNMP community members using the community string created with this command can read from and write to the contents of the MIBs on the Switch. Restrictions Example usage: To create the SNMP community string "dlink:" DES-3526:4#create snmp community dlink view ReadView read_write Command: create snmp community dlink view ReadView read_write Success. Only administrator-level users can issue this command. Parameters DES-3526:4# delete snmp community Purpose Syntax Used to remove a specific SNMP community string from the Switch. delete snmp community 37 DES-3526 Layer 2 Fast Ethernet Switch delete snmp community Description Parameters The delete snmp community command is used to remove a previously defined SNMP community string from the Switch. - An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the Switch's SNMP agent. Only administrator-level users can issue this command. Restrictions Example usage: To delete the SNMP community string "dlink:" DES-3526:4#delete snmp community dlink Command: delete snmp community dlink Success. DES-3526:4# show snmp community Purpose Syntax Description Parameters Used to display SNMP community strings configured on the Switch. show snmp community {} The show snmp community command is used to display SNMP community strings that are configured on the Switch. - An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the Switch's SNMP agent. None. Restrictions Example usage: To display the currently entered SNMP community strings: 38 DES-3526 Layer 2 Fast Ethernet Switch DES-3526:4#show snmp community Command: show snmp community SNMP Community Table Community Name dlink private public Total Entries: 3 DES-3526:4# View Name ReadView CommunityView CommunityView Access Right read_write read_write read_only -------------------------------- ------------------------------- ------------ config snmp engineID Purpose Syntax Description Parameters Restrictions Example usage: To give the SNMP agent on the Switch the name "0035636666" DES-3526:4#config snmp 0035636666 Command: config snmp engineID 0035636666 Success. DES-3526:4# Used to configure a name for the SNMP engine on the Switch. config snmp engineID The config snmp engineID command configures a name for the SNMP engine on the Switch. - An alphanumeric string that will be used to identify the SNMP engine on the Switch. Only administrator-level users can issue this command. show snmp engineID Purpose Syntax Description Used to display the identification of the SNMP engine on the Switch. show snmp engineID The show snmp engineID command displays the identification of the SNMP engine on the Switch 39 DES-3526 Layer 2 Fast Ethernet Switch show snmp engineID the SNMP engine on the Switch. Parameters Restrictions Example usage: To display the current name of the SNMP engine on the Switch: DES-3526:4#show snmp engineID Command: show snmp engineID SNMP Engine ID : 0035636666 DES-3526:4# None. None. create snmp group Purpose Syntax Used to create a new SNMP group, or a table that maps SNMP users to SNMP views. create snmp group [v1 | v2c | v3 [noauth_nopriv | auth_nopriv | auth_priv]] {read_view | write_view | notify_view } The create snmp group command creates a new SNMP group, or a table that maps SNMP users to SNMP views. - An alphanumeric name of up to 32 characters that will identify the SNMP group the new SNMP user will be associated with. v1 ­ Specifies that SNMP version 1 will be used. The Simple Network Management Protocol (SNMP), version 1, is a network management protocol that provides a means to monitor and control network devices. v2c ­ Specifies that SNMP version 2c will be used. The SNMP v2c supports both centralized and distributed network management strategies. It includes improvements in the Structure of Management Information (SMI) and adds some security features. v3 ­ Specifies that the SNMP version 3 will be used. SNMP v3 provides secure access to devices through a combination of authentication and encrypting packets over the network. SNMP v3 adds: · · Message integrity - Ensures that packets have not been tampered with during transit. Authentication - Determines if an SNMP message is from a valid source. 40 Description Parameters DES-3526 Layer 2 Fast Ethernet Switch create snmp group · Encryption - Scrambles the contents of messages to prevent it being viewed by an unauthorized source. noauth_nopriv - Specifies that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager. auth_nopriv - Specifies that authorization will be required, but there will be no encryption of packets sent between the Switch and a remote SNMP manager. auth_priv - Specifies that authorization will be required, and that packets sent between the Switch and a remote SNMP manger will be encrypted. read_view ­ Specifies that the SNMP group being created can request SNMP messages. write_view ­ Specifies that the SNMP group being created has write privileges. notify_view - Specifies that the SNMP group being created can receive SNMP trap messages generated by the Switch's SNMP agent. · - An alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the Switch. Restrictions Example usage: Only administrator-level users can issue this command. To create an SNMP group named "sg1:" DES-3526:4#create snmp group sg1 v3 noauth_nopriv read_view v1 write_view v1 notify_view v1 Command: create snmp group sg1 v3 noauth_nopriv read_view v1 write_view v1 notify_view v1 Success. DES-3526:4# delete snmp group Purpose Syntax Description Used to remove an SNMP group from the Switch. delete snmp group The delete snmp group command is used to remove an SNMP group from the Switch. 41 DES-3526 Layer 2 Fast Ethernet Switch delete snmp group Parameters - An alphanumeric name of up to 32 characters that will identify the SNMP group the new SNMP user will be associated with. Only administrator-level users can issue this command. Restrictions Example usage: To delete the SNMP group named "sg1". DES-3526:4#delete snmp group sg1 Command: delete snmp group sg1 Success. DES-3526:4# show snmp groups Purpose Used to display the group-names of SNMP groups currently configured on the Switch. The security model, level, and status of each group are also displayed. show snmp groups The show snmp groups command displays the group-names of SNMP groups currently configured on the Switch. The security model, level, and status of each group are also displayed. None. None. Syntax Description Parameters Restrictions Example usage: To display the currently configured SNMP groups on the Switch: DES-3526:4#show snmp groups Command: show snmp groups Vacm Access Table Settings Group Name : Group3 ReadView Name : ReadView WriteView Name : WriteView Notify View Name : NotifyView Security Model : SNMPv3 Security Level : NoAuthNoPriv Group Name ReadView Name WriteView Name Notify View Name Security Model : Group4 : ReadView : WriteView : NotifyView : SNMPv3 42