User manual D-LINK DGS-3312SR - Reference Guide

DGS-3312SR Release 3.5 12-Port Gigabit Layer 3 Stackable Switch Command Line Interface Reference Manual Third Edition (Oct 2005) Version 0.35 Printed In China RECYCLABLE __________________________________________________________________________________ Information in this document is subject to change without notice. © 2005 D-Link Computer Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Computer Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Computer Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own. October 2005 P/N DGS3312SR.A3 Table of Contents Introduction ...................................................................................................................................................................................... 1 Using the Console CLI..................................................................................................................................................................... 4 Command Syntax ........................................................................................................................................................................... 10 Basic Switch Commands................................................................................................................................................................ 12 Switch Port Commands .................................................................................................................................................................. 24 Port Security Commands................................................................................................................................................................ 27 Network Management (SNMP) Commands .................................................................................................................................. 31 Switch Utility Commands .............................................................................................................................................................. 52 Network Monitoring Commands.................................................................................................................................................... 56 Multiple Spanning Tree Protocol (MSTP) Commands .................................................................................................................. 69 Forwarding Database Commands .................................................................................................................................................. 82 Broadcast Storm Control Commands............................................................................................................................................. 89 QoS Commands.............................................................................................................................................................................. 91 Port Mirroring Commands ............................................................................................................................................................. 99 VLAN Commands........................................................................................................................................................................ 104 Link Aggregation Commands ...................................................................................................................................................... 111 IP Commands (Including IP Multinetting)................................................................................................................................... 117 IGMP Commands......................................................................................................................................................................... 122 IGMP Snooping Commands ........................................................................................................................................................ 125 MAC Notification Commands ..................................................................................................................................................... 133 Access Authentication Control Commands.................................................................................................................................. 137 SSH Commands ........................................................................................................................................................................... 161 SSL Commands............................................................................................................................................................................ 169 802.1X Commands....................................................................................................................................................................... 174 Access Control List (ACL) Commands ....................................................................................................................................... 186 Traffic Segmentation Commands................................................................................................................................................. 195 Stacking Commands..................................................................................................................................................................... 197 D-Link Single IP Management Commands ................................................................................................................................. 200 Time and SNTP Commands......................................................................................................................................................... 210 ARP Commands........................................................................................................................................................................... 216 VRRP Commands ........................................................................................................................................................................ 220 Routing Table Commands............................................................................................................................................................ 227 Route Redistribution Commands ................................................................................................................................................. 231 BOOTP Relay Commands ........................................................................................................................................................... 237 DNS Relay Commands ................................................................................................................................................................ 241 RIP Commands .............................................................................................................................................................................245 DVMRP Commands .....................................................................................................................................................................248 PIM Commands ............................................................................................................................................................................253 IP Multicasting Commands...........................................................................................................................................................257 MD5 Configuration Commands ...................................................................................................................................................259 OSPF Configuration Commands ..................................................................................................................................................262 Command History List..................................................................................................................................................................282 Technical Specifications ...............................................................................................................................................................284 VCCI Warning...................................................................................................................................................................................286 DGS-3312SR Layer 3 Gigabit Switch 1 INTRODUCTION The switch can be managed through the switch's serial port, Telnet, or the Web-based management agent. The Command Line Interface (CLI) can be used to configure and manage the switch via the serial port or Telnet interfaces. This manual provides a reference for all of the commands contained in the CLI. Configuration and management of the switch via the Web-based management agent is discussed in the User's Guide. Accessing the Switch via the Serial Port The switch's serial port's default settings are as follows: · · · · 9600 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT-100 terminal and a serial port configured as above is then connected to the switch's serial port via an RS-232 DB-9 cable. With the serial port properly connected to a management computer, the following screen should be visible. If this screen does not appear, try pressing Ctrl+r to refresh the console screen. Figure 1-1. Initial CLI screen 1 DGS-3312SR Layer 3 Gigabit Switch There is no initial username or password. Just press the Enter key twice to display the CLI input cursor - DGS-3312SR:4#. This is the command line where all commands are input. Setting the Switch's IP Address Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The switch's default IP address is 10.90.90.90. You can change the default Switch IP address to meet the specification of your networking address scheme. The switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found on the initial boot console screen ­ shown below. Figure 1-2. Boot Screen The switch's MAC address can also be found in the Web management program on the Switch Information (Basic Settings) window on the Configuration menu. The IP address for the switch must be set before it can be managed with the Web-based manager. The switch IP address can be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the switch must be known. The IP address may be set using the Command Line Interface (CLI) over the console serial port as follows: 1. Starting at the command line prompt, enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x's represent the IP address to be assigned to the IP interface named System and the y's represent the corresponding subnet mask. Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x's represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation. 2. The IP interface named System on the switch can be assigned an IP address and subnet mask which can then be used to connect a management station to the switch's Telnet or Web-based management agent. 2 DGS-3312SR Layer 3 Gigabit Switch Figure 1-3. Assigning an IP Address In the above example, the switch was assigned an IP address of 10.53.13.144/8 with a subnet mask of 255.0.0.0. The system message Success indicates that the command was executed successfully. The switch can now be configured and managed via Telnet and the CLI or via the Web-based management agent using the above IP address to connect to the switch. 3 DGS-3312SR Layer 3 Gigabit Switch 2 USING THE CONSOLE CLI The DGS-3312SR supports a console management interface that allows the user to connect to the switch's management agent via a serial port and a terminal or a computer running a terminal emulation program. The console can also be used over the network using the TCP/IP Telnet protocol. The console program can be used to configure the switch to use an SNMP-based network management software over the network. This chapter describes how to use the console interface to access the switch, change its settings, and monitor its operation. Note: Switch configuration settings are saved to non-volatile RAM using the save command. The current configuration will then be retained in the switch's NV-RAM, and reloaded when the switch is rebooted. If the switch is rebooted without using the save command, the last configuration saved to NV-RAM will be loaded. Connecting to the Switch The console interface is used by connecting the Switch to a VT100-compatible terminal or a computer running an ordinary terminal emulator program (e.g., the HyperTerminal program included with the Windows operating system) using an RS-232C serial cable. Your terminal parameters will need to be set to: · · · · · · VT-100 compatible 9600 baud 8 data bits No parity One stop bit No flow control You can also access the same functions over a Telnet interface. Once you have set an IP address for your Switch, you can use a Telnet program (in VT-100 compatible terminal mode) to access and control the Switch. All of the screens are identical, whether accessed from the console port or from a Telnet interface. After the switch reboots and you have logged in, the console looks like this: 4 DGS-3312SR Layer 3 Gigabit Switch Figure 2-1. Initial Console Screen Commands are entered at the command prompt, DGS-3312SR:4#. There are a number of helpful features included in the CLI. Entering the ? command will display a list of all of the top-level commands. Figure 2-2. The ? Command 5 DGS-3312SR Layer 3 Gigabit Switch When you enter a command without its required parameters, the CLI will prompt you with a Next possible completions: message. Figure 2-3. Example Command Parameter Help In this case, the command config account was entered with the parameter . The CLI will then prompt you to enter the with the message, Next possible completions:. Every command in the CLI has this feature, and complex commands have several layers of parameter prompting. In addition, after typing any given command plus one space, you can see all of the next possible sub-commands, in sequential order, by repeatedly pressing the Tab key. To re-enter the previous command at the command prompt, press the up arrow cursor key. The previous command will appear at the command prompt. 6 DGS-3312SR Layer 3 Gigabit Switch Figure 2-4. Using the Up Arrow to Re-enter a Command In the above example, the command config account was entered without the required parameter , the CLI returned the Next possible completions: prompt. The up arrow cursor control key was pressed to re-enter the previous command (config account) at the command prompt. Now the appropriate User name can be entered and the config account command re-executed. All commands in the CLI function in this way. In addition, the syntax of the help prompts are the same as presented in this manual - angle brackets < > indicate a numerical value or character string, braces { } indicate optional parameters or a choice of parameters, and brackets [ ] indicate required parameters. If a command is entered that is unrecognized by the CLI, the top-level commands will be displayed under the Available commands: prompt. 7 DGS-3312SR Layer 3 Gigabit Switch Figure 2-5. The Next Available Commands Prompt The top-level commands consist of commands such as show or config. Most of these commands require one or more parameters to narrow the top-level command. This is equivalent to show what? or config what? Where the what? is the next parameter. For example, if you enter the show command with no additional parameters, the CLI will then display all of the possible next parameters. Figure 2-6. Next possible completions: Show Command 8 DGS-3312SR Layer 3 Gigabit Switch In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt, the up arrow was used to re-enter the show command, followed by the account parameter. The CLI then displays the user accounts configured on the switch. 9 DGS-3312SR Layer 3 Gigabit Switch 3 COMMAND SYNTAX The following symbols are used to describe how command entries are made and values and arguments are specified in this manual. The online help contained in the CLI and available through the console interface uses the same syntax. Note: All commands are case-sensitive. Be sure to disable Caps Lock or any other unwanted function that changes text case. Purpose Syntax Description Encloses a variable or value that must be specified. create ipif vlan ipaddress In the above syntax example, you must supply an IP interface name in the space, a VLAN name in the space, and the network address in the space. Do not type the angle brackets. create ipif Engineering vlan Design ipaddress 10.24.22.5/255.0.0.0 Example Command [square brackets] Purpose Syntax Description Encloses a required value or set of required arguments. One value or argument can be specified. create account [admin | user] In the above syntax example, you must specify either an admin or a user level account to be created. Do not type the square brackets. create account admin Example Command | vertical bar Purpose Syntax Description Example Command Separates two or more mutually exclusive items in a list, one of which must be entered. show snmp [community | detail] In the above syntax example, you must specify either community, or detail. Do not type the backslash. show snmp community {braces} Purpose Encloses an optional value or set of optional arguments. 10 DGS-3312SR Layer 3 Gigabit Switch {braces} Syntax Description reset {[config | system]} In the above syntax example, you have the option to specify config or system. It is not necessary to specify either optional value, however the effect of the system reset is dependent on which, if any, value is specified. Therefore, with this example there are three possible outcomes of performing a system reset. See the following chapter, Basic Commands for more details about the reset command. reset config Example command Line Editing Key Usage Delete Backspace Left Arrow Right Arrow Up Arrow Deletes the character under the cursor and then shifts the remaining characters in the line to the left. Deletes the character to the left of the cursor and shifts the remaining characters in the line to the left. Moves the cursor to the left. Moves the cursor to the right. Repeat the previously entered command. Each time the up arrow is pressed, the command previous to that displayed appears. This way it is possible to review the command history for the current session. Use the down arrow to progress sequentially forward through the command history list. The down arrow will display the next command in the command history entered in the current session. This displays each command sequentially as it was entered. Use the up arrow to review previous commands. Shifts the cursor to the next field to the left. Down Arrow Tab Multiple Page Display Control Keys Space CTRL+c ESC n p q r a Enter Displays the next page. Stops the display of remaining pages when multiple pages are to be displayed. Stops the display of remaining pages when multiple pages are to be displayed. Displays the next page. Displays the previous page. Stops the display of remaining pages when multiple pages are to be displayed. Refreshes the pages currently displayed. Displays the remaining pages without pausing between pages. Displays the next line or table entry. 11 DGS-3312SR Layer 3 Gigabit Switch 4 BASIC SWITCH COMMANDS The basic switch commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command create account config account show account delete account show session show switch show config show serial_port config serial_port enable clipaging disable clipaging enable telnet disable telnet enable web disable web save reboot reset login logout Parameters [admin | user] [current_config | config_in_NVRAM] {baud_rate [9600 | 19200 | 38400 | 115200] auto_logout [never | 2_minutes | 5_minutes | 10_minutes | 15_minutes]} {[config | system]} Each command is listed, in detail, in the following sections. create account Purpose Syntax Description Used to create user accounts create [admin | user] The create account command is used to create user accounts that consist of a username of 1 to 15 characters and a password of 0 to 15 characters. Up to 8 user accounts can be created. admin user Restrictions Only Administrator-level users can issue this command. 12 Parameters DGS-3312SR Layer 3 Gigabit Switch create account Usernames can be between 1 and 15 characters. Passwords can be between 0 and 15 characters. Example usage: To create an administrator-level user account with the username "dlink". DGS-3312SR:4#create account admin dlink Command: create account admin dlink Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success. DGS-3312SR:4# config account Purpose Syntax Description Parameters Restrictions Used to configure user accounts config account The config account command configures a user account that has been created using the create account command. Only Administrator-level users can issue this command. Usernames can be between 1 and 15 characters. Passwords can be between 0 and 15 characters. Example usage: To configure the user password of "dlink" account: DGS-3312SR:4#config account dlink Command: config account dlink Enter a old password:**** Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success. DGS-3312SR:4# 13 DGS-3312SR Layer 3 Gigabit Switch show account Purpose Syntax Description Parameters Restrictions Example usage: To display the accounts created: DGS-3312SR:4#show account Command: show account Current Accounts: Username --------------dlink DGS-3312SR:4# Access Level -----------Admin Used to display user accounts show account Displays all user accounts created on the switch. Up to 8 user accounts can exist on the switch at one time. None. None. delete account Purpose Syntax Description Parameters Restrictions Example usage: To delete the user account "System": Used to delete an existing user account delete account The delete account command deletes a user account that has been created using the create account command. Only Administrator-level users can issue this command. DGS-3312SR:4#delete account System Command: delete account System Success. DGS-3312SR:4# 14 DGS-3312SR Layer 3 Gigabit Switch show switch Purpose Syntax Description Parameters Restrictions Example usage: To display the switch information: DGS-3312SR:4#show switch Command: show switch Device Type : DGS-3312SR Gigabit-Ethernet Switch Module 1 Type : Empty Module 2 Type : Empty Unit ID : 15 MAC Address : DA-10-21-00-00-01 IP Address : 10.41.44.22 (Manual) VLAN Name : default Subnet Mask : 255.0.0.0 Default Gateway : 0.0.0.0 Boot PROM Version : Build 2.00.003 Firmware Version : Build 3.50-B06 Hardware Version : 2A1 Device S/N : System Name : DGS-3312SR_#3 System Location : 7th_flr_east_cabinet System Contact : Julius_Erving_212-555-6666 Spanning Tree : Disabled GVRP : Disabled IGMP Snooping : Disabled TELNET : Enabled (TCP 23) WEB : Enabled (TCP 80) RMON : Disabled RIP : Disabled DVMRP : Disabled PIM-DM : Disabled OSPF : Disabled DGS-3312SR:4# Used to display information about the switch. show switch This command displays information about the switch. None. None. 15 DGS-3312SR Layer 3 Gigabit Switch show config Purpose Syntax Description Parameters Used to display the configuration of the switch. show config [current_config | config_in_NVRAM] This command displays either the current configuration of the switch, or the configuration stored in the switch's NVRAM. current_config - displays the switch's current configuration. If you have entered a configuration command, but have not saved the configuration in the switch's Non-Volatile RAM (NVRAM), this configuration will differ from the one saved in the switch's NVRAM. config_in_NVRAM - displays the switch's configuration saved in the switch's NVRAM. Any configuration commands that have been entered, but not saved in the switch's NVRAM will not be shown. Restrictions Example usage: To display the switch's configuration information: DGS-3312SR:4#show config current_config Command: show current_config # BASIC config serial_port baud_rate 9600 auto_logout 10_minutes enable telnet 23 enable web 80 # STORM config traffic control 15:1-15:2 broadcast disable multicast disable dlf disable threshold 128 # GM config sim candidate disable sim config sim dp_interval 30 config sim hold_time 100 # SYSLOG disable syslog #QOS config scheduling_mechanism round_robin config scheduling_mechanism round_robin config scheduling_mechanism round_robin config scheduling_mechanism round_robin config scheduling_mechanism round_robin config scheduling_mechanism round_robin config scheduling_mechanism round_robin config scheduling_mechanism round_robin config 802.1p user_priority 0 2 16 Only Administrator-level users can issue this command. DGS-3312SR Layer 3 Gigabit Switch config 802.1p user_priority 1 0 config 802.1p user_priority 2 1 config 802.1p user_priority 3 3 config 802.1p user_priority 4 4 config 802.1p user_priority 5 5 config 802.1p user_priority 6 6 config 802.1p user_priority 7 7 config 802.1p default_priority 15:1-15:12 0 config bandwidth_control 15:1 rx_r CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All show serial_port Purpose Syntax Description Parameters Restrictions Example usage: To display the serial port setting: DGS-3312SR:4#show serial_port Command: show serial_port Baud Rate Data Bits Parity Bits Stop Bits Auto-Logout : 9600 :8 : None :1 : 10 mins Used to display the current serial port settings. show serial_port This command displays the current serial port settings. None. None DGS-3312SR:4# config serial_port Purpose Syntax Used to configure the serial port. config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never | 2_minutes | 5_minutes | 10_minutes | 15_minutes]} This command is used to configure the serial port's baud rate and auto logout settings. baud_rate [9600 | 19200 | 38400 | 115200] - The serial bit rate used to communicate with the management host. auto logout ­ This parameter will set the time that the switch will wait before logging out automatically, if left idle. The choices that accompany this parameter are: Description Parameters 17 DGS-3312SR Layer 3 Gigabit Switch config serial_port never - No time limit on the length of time the console can be open with no user input. 2_minutes - The console will log out the current user if there is no user input for 2 minutes. 5_minutes - The console will log out the current user if there is no user input for 5 minutes. 10_minutes - The console will log out the current user if there is no user input for 10 minutes. 15_minutes - The console will log out the current user if there is no user input for 15 minutes. Restrictions Only administrator-level users can issue this command. Example usage: To configure baud rate: DGS-3312SR:4#config serial_port baud_rate 9600 Command: config serial_port baud_rate 9600 Success. DGS-3312SR:4# enable clipaging Purpose Syntax Description Used to pause the scrolling of the console screen when the show command displays more than one page. enable clipaging This command is used when issuing the show command which causes the console screen to rapidly scroll through several pages. This command will cause the console to pause at the end of each page. The default setting is enabled. None. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To enable pausing of the screen display when the show command output reaches the end of the page: DGS-3312SR:4#enable clipaging Command: enable clipaging Success. DGS-3312SR:4# 18 DGS-3312SR Layer 3 Gigabit Switch disable clipaging Purpose Used to disable the pausing of the console screen scrolling at the end of each page when the show command displays more than one screen of information. disable clipaging This command is used to disable the pausing of the console screen at the end of each page when the show command would display more than one screen of information. None. Only administrator-level users can issue this command. Syntax Description Parameters Restrictions Example usage: To disable pausing of the screen display when show command output reaches the end of the page: DGS-3312SR:4#disable clipaging Command: disable clipaging Success. DGS-3312SR:4# enable telnet Purpose Syntax Description Used to enable communication with and management of the switch using the Telnet protocol. enable telnet This command is used to enable the Telnet protocol on the switch. The user can specify the TCP or UDP port number the switch will use to listen for Telnet requests. - The TCP port number. TCP ports are numbered between 1 and 65535. The "well-known" TCP port for the Telnet protocol is 23. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To enable Telnet and configure port number: DGS-3312SR:4#enable telnet 23 Command: enable telnet 23 Success. DGS-3312SR:4# 19 DGS-3312SR Layer 3 Gigabit Switch disable telnet Purpose Syntax Description Parameters Restrictions Example usage: To disable the Telnet protocol on the switch: DGS-3312SR:4#disable telnet Command: disable telnet Success. DGS-3312SR:4# Used to disable the Telnet protocol on the switch. disable telnet This command is used to disable the Telnet protocol on the switch. None. Only administrator-level users can issue this command. enable web Purpose Syntax Description Used to enable the HTTP-based management software on the switch. enable web This command is used to enable the Web-based management software on the switch. The user can specify the TCP port number the switch will use to listen for Telnet requests. - The TCP port number. TCP ports are numbered between 1 and 65535. The "well-known" port for the Web-based management software is 80. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To enable HTTP and configure port number: DGS-3312SR:4#enable web 80 Command: enable web 80 Success. DGS-3312SR:4# 20 DGS-3312SR Layer 3 Gigabit Switch disable web Purpose Syntax Description Parameters Restrictions Example usage: To disable HTTP: DGS-3312SR:4#disable web Command: disable web Success. DGS-3312SR:4# Used to disable the HTTP-based management software on the switch. disable web This command disables the Web-based management software on the switch. None. Only administrator-level users can issue this command. save Purpose Syntax Description Used to save changes in the switch's configuration to non-volatile RAM. save This command is used to enter the current switch configuration into non-volatile RAM. The saved switch configuration will be loaded into the switch's memory each time the switch is restarted. Entering just the save command will save the switch configuration to NV-Ram Only administrator-level users can issue this command. Parameters Restrictions Example usage: To save the switch's current configuration to non-volatile RAM: DGS-3312SR:4#save Command: save Saving all configurations to NV-RAM... Done DGS-3312SR:4# 21 DGS-3312SR Layer 3 Gigabit Switch reboot Purpose Syntax Description Parameters Restrictions Example usage: To restart the switch: DGS-3312SR:4#reboot Command: reboot Are you sure want to proceed with the system reboot? (y/n) Please wait, the switch is rebooting... Used to restart the switch. reboot This command is used to restart the switch. None. Only administrator-level users can issue this command. reset Purpose Syntax Description Parameters Used to reset the switch to the factory default settings. reset {[config | system]} This command is used to restore the switch's configuration to the default settings assigned from the factory. config - If the keyword `config' is specified, all of the factory default settings are restored on the switch including the IP address, user accounts, and the switch history log. The switch will not save or reboot. system - If the keyword `system' is specified all of the factory default settings are restored on the switch. The switch will save and reboot after the settings are changed to default. Rebooting will clear all entries in the Forwarding Data Base. If no parameter is specified, the switch's current IP address, user accounts, and the switch history log are not changed. All other parameters are restored to the factory default settings. The switch will not save or reboot. Restrictions Example usage: To restore all of the switch's parameters to their default values: DGS-3312SR:4#reset config Command: reset config Success. DGS-3312SR:4# Only administrator-level users can issue this command. 22 DGS-3312SR Layer 3 Gigabit Switch login Purpose Syntax Description Parameters Restrictions Example usage: To initiate the login procedure: DGS-3312SR:4#login Command: login UserName: Used to log in a user to the switch's console. login This command is used to initiate the login procedure. The user will be prompted for his Username and Password. None. None. logout Purpose Syntax Description Parameters Restrictions Example usage: To terminate the current user's console session: DGS-3312SR:4#logout Used to log out a user from the switch's console. logout This command terminates the current user's session on the switch's console. None. None. 23 DGS-3312SR Layer 3 Gigabit Switch 5 SWITCH PORT COMMANDS The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command config ports Parameters [ {speed [auto | 10_half | 10_full | 100_half | 100_full | 1000_full {[master | slave]}} | flow_control [enable | disable] | learning [enable | disable] | state [enable | disable] description | clear]} {} {description} show ports Each command is listed, in detail, in the following sections. NOTE: As a stand-alone switch or as a master switch in a switch stack, the switch number will be referred to as 15 for all configurations, graphs and tables. config ports Purpose Syntax Used to configure the Switch's Ethernet port settings. [ {speed [auto | 10_half | 10_full | 100_half | 100_full | 1000_full{[master | slave]}} | flow_control [enable | disable] | learning [enable | disable] state [enable | disable] description | clear]} This command allows for the configuration of the switch's Ethernet ports. Only the ports listed in the will be affected. - Specifies a range of ports to be configured. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon. Then the highest switch number, and the highest port number of the range (also separated by a colon) are specified. The beginning and end of the port list range are separated by a dash. For example, 1:3 specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3-2:4 specifies all of the ports between switch 1, port 3 and switch 2, port 4 - in numerical order. all - Configure all ports on the switch. auto - Enables auto-negotiation for the specified range of ports. [10 | 100 | 1000] - Configures the speed in Mbps for the specified range of ports. [half | full] - Configures the specified range of ports as either fullor half-duplex. {[master | slave}] - Configures the specified range of ports as either master or slave ports. 24 Description Parameters DGS-3312SR Layer 3 Gigabit Switch config ports flow_control [enable | disable] ­ Enable or disable flow control for the specified ports. learning [enable | disable] - Enables or disables the MAC address learning on the specified range of ports. state [enable | disable] - Enables or disables the specified range of ports. description - Enter an alphanumeric string of no more than 32 characters to describe a selected port interface. clear - Enter this command to clear the port description of the selected port(s). Restrictions Example usage: To configure the speed of port 3 to be 10 Mbps, full duplex, learning and state enable: DGS-3312SR:4#config ports 1:1-1:3 speed 10_full learning enable state enable Command: config ports 1:1-1:3 speed 10_full learning enable state enable Success. DGS-3312SR:4# Only administrator-level users can issue this command. show ports Purpose Syntax Description Parameters Used to display the current configuration of a range of ports. show ports {} {description} This command is used to display the current configuration of a range of ports. - Specifies a range of ports to be configured. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon. Then the highest switch number, and the highest port number of the range (also separated by a colon) are specified. The beginning and end of the port list range are separated by a dash. For example, 1:3 specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:32:4 specifies all of the ports between switch 1, port 3 and switch 2, port 4 - in numerical order. description ­ Enter this parameter to view the description of the port previously set in the config ports command. Restrictions Example usage: To display the configuration of all ports on a standalone switch: 25 None. DGS-3312SR Layer 3 Gigabit Switch DGS-3312SR:4#show ports Command show ports: Port -----15:1 15:2 15:3 15:4 15:5 15:6 15:7 15:8 15:9 15:10 15:11 15:12 Port State -------Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Settings Speed/Duplex/FlowCtrl --------------------Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Auto/Enabled Connection Speed/Duplex/FlowCtrl --------------------Link Down Link Down Link Down Link Down Link Down Link Down Link Down Link Down Link Down 100M/Full/802.3x Link Down Link Down Address Learning -------Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh Example usage: To view port 1:1 with description DGS-3312SR:4# show ports 15:1 description Command: show ports 15:1 description Port -----1:1 Port Settings State Speed/Duplex/FlowCtrl ---------------------------Enabled Auto/Enabled Desc: Darren's Connection Speed/Duplex/FlowCtrl --------------------Link Down Address Learning -------Enabled CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh 26 DGS-3312SR Layer 3 Gigabit Switch 6 PORT SECURITY COMMANDS The switch port security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command config port_security ports Parameters [| all] {admin_state [enable | disable] | max_learning_addr | lock_address_mode [Permanent | DeleteOnTimeout | DeleteOnReset]} {ports } mac_address port show port_security delete port_security_entry vlan_name clear port_security_entry port Each command is listed, in detail, in the following sections. NOTE: As a stand-alone switch or as a master switch in a switch stack, the switch number will be referred to as 15 for all configurations, graphs and tables. config port_security ports Purpose Syntax Used to configure port security settings. config [ | all] {admin_state [enable | disable] | max_learning_addr | lock_address_mode [Permanent | DeleteOnTimeout | DeleteOnReset]} This command allows for the configuration of the port security feature. Only the ports listed in the are affected. - Specifies a range of ports to be configured. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon. Then the highest switch number, and the highest port number of the range (also separated by a colon) are specified. The beginning and end of the port list range are separated by a dash. For example, 1:3 specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3-2:4 specifies all of the ports between switch 1, port 3 and switch 2, port 4 - in numerical order. all - Configure port security for all ports on the switch. admin_state [enable | disable] ­ Enables or disables port security for the listed ports. max_learning_addr - Use this to limit the number of MAC addresses dynamically listed in the FDB for the ports. 27 Description Parameters DGS-3312SR Layer 3 Gigabit Switch config port_security ports lock_address_mode [Permanent | DeleteOnTimeout | DeleteOnReset] ­ Delete FDB dynamic entries for the ports on timeout of the FDB (see Forwarding Database Commands). Specify DeleteOnReset to delete all FDB entries, including static entries upon system reset or rebooting. Entering the Permanent parameter will permanently set the MAC address in the switch's memory until deleted by the user. Restrictions Example usage: To configure the port security: DGS-3312SR:4#config port_security ports 1:1-1:5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Command: config port_security ports 1:1-1:5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Success DGS-3312SR:4# Only administrator-level users can issue this command. show port_security Purpose Syntax Description Used to display the current port security configuration. show port_security {ports } This command is used to display port security information of the switch ports. The information displayed includes port security admin state, maximum number of learning address and lock mode. - Specifies a range of ports to be viewed. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon. Then the highest switch number, and the highest port number of the range (also separated by a colon) are specified. The beginning and end of the port list range are separated by a dash. For example, 1:3 specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3-2:4 specifies all of the ports between switch 1, port 3 and switch 2, port 4 - in numerical order. None. Parameters Restrictions Example usage: To display the port security configuration: 28 DGS-3312SR Layer 3 Gigabit Switch DGS-3312SR:4#show port_security ports Command: show port_security ports Port# Admin State -------------15:1 Disabled 15:2 Disabled 15:3 Disabled 15:4 Disabled 15:5 Disabled 15:6 Disabled 15:7 Enabled 15:8 Disabled 15:9 Disabled 15:10 Disabled 15:11 Disabled 15:12 Disabled Max. Learning Addr. ------------------1 1 1 1 1 1 10 1 1 1 1 1 Lock Address Mode ----------------DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset DeleteOnReset CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh delete port_security_entry_vlan_name Purpose Syntax Description Used to delete an entry from the switch's port security settings. delete port_security_entry_vlan_name mac_address port This command is used to remove an entry from the port security entries learned by the switch and entered into the forwarding database. - Enter the corresponding vlan of the entry the user wishes to delete. mac_address - Enter the corresponding MAC address of the entry the user wishes to delete. port - Enter the corresponding port of the entry to delete. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon. Then the highest switch number, and the highest port number of the range (also separated by a colon) are specified. The beginning and end of the port list range are separated by a dash. For example, 1:3 specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3-2:4 specifies all of the ports between switch 1, port 3 and switch 2, port 4 - in numerical order. Restrictions Example usage: To delete an entry from the port security list: DGS-3312SR:4#delete port_security_entry_vlan_name default mac_address 00-0C-6E-73-2B-C9 port 1:1 Command: delete port_security_entry_vlan_name default mac_address 00-0C-6E-73-2B-C9 port 1:1 Success DGS-3312SR:4# 29 Only administrator-level users can issue this command. Parameters DGS-3312SR Layer 3 Gigabit Switch clear port_security_entry port Purpose Syntax Description Used to clear MAC address entries learned from a specified port for the port security function. clear port_security_entry port This command is used to clear MAC address entries which were learned by the switch by a specified port. This command only relates to the port security function. - Specifies a port or port range the user wishes to clear. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon. Then the highest switch number, and the highest port number of the range (also separated by a colon) are specified. The beginning and end of the port list range are separated by a dash. For example, 1:3 specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3-2:4 specifies all of the ports between switch 1, port 3 and switch 2, port 4 - in numerical order. Only administrator-level users can issue this command. Parameters Restrictions Example usage: To clear a port security entry by port: DGS-3312SR:4# clear port_security_entry port 6 Command: clear port_security_entry port 6 Success. DGS-3312SR:4# 30 DGS-3312SR Layer 3 Gigabit Switch 7 NETWORK MANAGEMENT (SNMP) COMMANDS The DGS-3312SR supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. You can specify which version of the SNMP you want to use to monitor and control the switch. The three versions of SNMP vary in the level of security provided between the management station and the network device. The following table lists the security features of the three SNMP versions: The network management commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. SNMP Version v1 v2c v3 v3 v3 Authentication Method Community String Community String Username MD5 or SHA MD5 DES or SHA DES Description Community String is used for authentication - NoAuthNoPriv Community String is used for authentication - NoAuthNoPriv Username is used for authentication - NoAuthNoPriv Authentication is based on the HMAC-MD5 or HMAC-SHA algorithms - AuthNoPriv Authentication is based on the HMAC-MD5 or HMAC-SHA algorithms - AuthPriv. DES 56-bit encryption is added based on the CBC-DES (DES-56) standard Each command is listed, in detail, in the following sections. Command create snmp user Parameters create snmp user {encrypted [by_password auth [md5 | sha ] priv [none | des ] | by_key auth [md5 | sha ] priv [none | des ]]} delete snmp user show snmp user create snmp view delete snmp view show snmp view create snmp community delete snmp community show snmp community config snmp engineID show snmp engineID view_type [included | excluded] [all | oid] view [read_only | read_write] 31 DGS-3312SR Layer 3 Gigabit Switch Command create snmp group Parameters {v1 | v2c |v3 [noauth_nopriv | auth_nopriv | auth_priv ]} {read_view | write_view | notify_view } delete snmp group show snmp groups create snmp host delete snmp host show snmp host create trusted_host delete trusted_host show trusted_host enable snmp traps enable snmp authenticate_traps disable snmp traps disable snmp authenticate_traps config snmp system contact config snmp system location config snmp system name enable rmon disable rmon {v1 | v2c | v3 [noauth_nopriv | auth_nopriv | auth_priv]} Each command is listed, in detail, in the following sections. create snmp user Purpose Syntax Used to create a new SNMP user and adds the user to an SNMP group that is also created by this command. create snmp user {encrypted [by_password auth [md5 | sha ] priv [none | des ] | by_key auth [md5 | sha ] priv [none | des ]]} The create snmp user command creates a new SNMP user and adds the user to an SNMP group that is also created by this command. SNMP ensures: Message integrity - Ensures that packets have not been tampered with during transit. Authentication - Determines if an SNMP message is from a valid 32 Description DGS-3312SR Layer 3 Gigabit Switch create snmp user source. Encryption - Scrambles the contents of messages to prevent it being viewed by an unauthorized source. Parameters - An alphanumeric name of up to 32 characters that will identify the new SNMP user. - An alphanumeric name of up to 32 characters that will identify the SNMP group with which the new SNMP user will be associated. encrypted ­ Allows the user to choose a type of authorization for authentication using SNMP. The user may choose: by_password auth ­ Requires the SNMP user to enter a password for authentication and privacy. The password is defined by specifying the auth_password below. This method is recommended. · md5 - Specifies that the HMAC-MD5-96 authentication level will be used. md5 may be utilized by entering the following: · - An alphanumeric sting of between 8 and 16 characters,used to authorize the agent to receive packets for the host. · sha - Specifies that the HMAC-SHA-96 authentication level will be used. · - An alphanumeric sting of between 8 and 20 characters, used to authorize the agent to receive packets for the host. priv ­ Adding the priv (privacy) parameter will allow for encryption in addition to the authentication algorithm for higher security. The user may choose: · des ­ Adding this parameter will allow for a 56-bit encryption to be added using the DES-56 standard using: · - An alphanumeric string of between 8 and 16 characters that will be used to encrypt the contents of messages the host sends to the agent. by_key auth ­ Requires the SNMP user to enter an encryption key for authentication and privacy. The key is defined by specifying the key in hex form below. This method is not recommended. · md5 - Specifies that the HMAC-MD5-96 authentication level will be used. md5 may be utilized by entering the following: · - Enter an alphanumeric sting of exactly 32 characters, in hex form, to define the key that will be used to authorize the agent to receive packets for the host. · sha - Specifies that the HMAC-SHA-96 authentication level will be used. - Enter an alphanumeric sting 33 DGS-3312SR Layer 3 Gigabit Switch create snmp user of exactly 40 characters, in hex form, to define the key that will be used to authorize the agent to receive packets for the host. priv ­ Adding the priv (privacy) parameter will allow for encryption in addition to the authentication algorithm for higher security. The user may choose: · · none ­ Adding this parameter will add no encryption. des ­ Adding this parameter will allow for a 56-bit encryption to be added using the DES-56 standard using: - Enter an alphanumeric key string of exactly 32 characters, in hex form, that will be used to encrypt the contents of messages the host sends to the agent. Restrictions Example usage: To create an SNMP user on the switch: DGS-3312SR:4#create snmp user dlink default encrypted by_password auth md5 auth_password priv none Command: create snmp user dlink default encrypted by_password auth md5 auth_password priv none Success. DGS-3312SR:4# Only administrator-level users can issue this command. delete snmp user Purpose Syntax Description Parameters Restrictions Example usage: To delete a previously entered SNMP user on the switch: DGS-3312SR:4#delete snmp user dlink Command: delete snmp user dlink Success. DGS-3312SR:4# 34 Used to remove an SNMP user from an SNMP group and also to delete the associated SNMP group. delete snmp user The delete snmp user command removes an SNMP user from its SNMP group and then deletes the associated SNMP group. - An alphanumeric string of up to 32 characters that identifies the SNMP user that will be deleted. Only administrator-level users can issue this command. DGS-3312SR Layer 3 Gigabit Switch show snmp user Purpose Syntax Description Parameters Restrictions Example usage: To display the SNMP users currently configured on the switch: DGS-3312SR:4#show snmp user Command: show snmp user Username --------------initial Total Entries: 1 DGS-3312SR:4# Group Name -------------initial Ver -----------V3 Auth Priv -------------------- -----------------None None Used to display information about each SNMP username in the SNMP group username table. show snmp user The show snmp user command displays information about each SNMP username in the SNMP group username table. None. Only administrator-level users can issue this command. create snmp view Purpose Syntax Description Parameters Used to assign views to community strings to limit which MIB objects and SNMP manager can access. create snmp view view_type [included | excluded] The create snmp view command assigns views to community strings to limit which MIB objects an SNMP manager can access. - An alphanumeric string of up to 32 characters that identifies the SNMP view that will be created. - The object ID that identifies an object tree (MIB tree) that will be included or excluded from access by an SNMP manager. included - Include this object in the list of objects that an SNMP manager can access. excluded - Exclude this object from the list of objects that an SNMP manager can access. Restrictions Example usage: To create an SNMP view: 35 Only administrator-level users can issue this command. DGS-3312SR Layer 3 Gigabit Switch DGS-3312SR:4#create snmp view dlinkview 1.3.6 view_type included Command: create snmp view dlinkview 1.3.6 view_type included Success. DGS-3312SR:4# delete snmp view Purpose Syntax Description Parameters Used to remove an SNMP view entry previously created on the switch. delete snmp view [all | ] The delete snmp view command is used to remove an SNMP view previously created on the switch. - An alphanumeric string of up to 32 characters that identifies the SNMP view to be deleted. all - Specifies that all of the SNMP views on the switch will be deleted. - The object ID that identifies an object tree (MIB tree) that will be deleted from the switch. Restrictions Example usage: To delete a previously configured SNMP view from the switch: DGS-3312SR:4#delete snmp view dlinkview all Command: delete snmp view dlinkview all Success. DGS-3312SR:4# Only administrator-level users can issue this command. show snmp view Purpose Syntax Description Parameters Restrictions Example usage: 36 Used to display an SNMP view previously created on the switch. show snmp view {} The show snmp view command displays an SNMP view previously created on the switch. - An alphanumeric string of up to 32 characters that identifies the SNMP view that will be displayed. None. DGS-3312SR Layer 3 Gigabit Switch To display SNMP view configuration: DGS-3312SR:4#show snmp view Command: show snmp view Vacm View Table Settings View Name -------------------ReadView WriteView NotifyView restricted restricted restricted restricted restricted CommunityView CommunityView CommunityView Total Entries: 11 DGS-3312SR:4# Subtree ------------------------1 1 1.3.6 1.3.6.1.2.1.1 1.3.6.1.2.1.11 1.3.6.1.6.3.10.2.1 1.3.6.1.6.3.11.2.1 1.3.6.1.6.3.15.1.1 1 1.3.6.1.6.3 1.3.6.1.6.3.1 View Type ---------Included Included Included Included Included Included Included Included Included Excluded Included create snmp community Purpose Used to create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the switch. One or more of the following characteristics can be associated with the community string: An Access List of IP addresses of SNMP managers that are permitted to use the community string to gain access to the switch's SNMP agent. An MIB view that defines the subset of all MIB objects that will be accessible to the SNMP community. Read write or read-only level permission for the MIB objects accessible to the SNMP community. Syntax Description create snmp community view [read_only | read_write] The create snmp community command is used to create an SNMP community string and to assign access-limiting characteristics to this community string. - An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the switch's SNMP agent. - An alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the switch. read_only - Specifies that SNMP community members using the community string created with this command can only read the 37 Parameters DGS-3312SR Layer 3 Gigabit Switch create snmp community contents of the MIBs on the switch. read_write - Specifies that SNMP community members using the community string created with this command can read from and write to the contents of the MIBs on the switch. Restrictions Example usage: To create the SNMP community string "dlink:" Only administrator-level users can issue this command. DGS-3312SR:4#create snmp community dlink view ReadView read_write Command: create snmp community dlink view ReadView read_write Success. DGS-3312SR:4# delete snmp community Purpose Syntax Description Parameters Used to remove a specific SNMP community string from the switch. delete snmp community The delete snmp community command is used to remove a previously defined SNMP community string from the switch. - An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the switch's SNMP agent. Only administrator-level users can issue this command. Restrictions Example usage: To delete the SNMP community string "dlink:" DGS-3312SR:4#delete snmp community dlink Command: delete snmp community dlink Success. DGS-3312SR:4# 38 DGS-3312SR Layer 3 Gigabit Switch show snmp community Purpose Syntax Description Parameters Used to display SNMP community strings configured on the switch. show snmp community {} The show snmp community command is used to display SNMP community strings that are configured on the switch. - An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the switch's SNMP agent. None. Restrictions Example usage: To display the currently entered SNMP community strings: DGS-3312SR:4#show snmp community Command: show snmp community SNMP Community Table Community Name View Name ----------------------------------------------------------dlink ReadView private CommunityView public CommunityView Total Entries: 3 DGS-3312SR:4# Access Right -----------read_write read_write read_only config snmp engineID Purpose Syntax Description Parameters Restrictions Example usage: To give the SNMP agent on the switch the name "0035636666" DGS-3312SR:4#config snmp engineID 0035636666 Command: config snmp engineID 0035636666 Success. DGS-3312SR:4# 39 Used to configure a name for the SNMP engine on the switch. config snmp engineID The config snmp engineID command configures a name for the SNMP engine on the switch. - An alphanumeric string that will be used to identify the SNMP engine on the switch. Only administrator-level users can issue this command. DGS-3312SR Layer 3 Gigabit Switch show snmp engineID Purpose Syntax Description Parameters Restrictions Example usage: To display the current name of the SNMP engine on the switch: DGS-3312SR:4#show snmp engineID Command: show snmp engineID SNMP Engine ID : 0035636666 DGS-3312SR:4# Used to display the identification of the SNMP engine on the switch. show snmp engineID The show snmp engineID command displays the identification of the SNMP engine on the switch. None. None. create snmp group Purpose Syntax Used to create a new SNMP group, or a table that maps SNMP users to SNMP views. create snmp group [v1 | v2c | v3 [noauth_nopriv | auth_nopriv | auth_priv]] {read_view | write_view | notify_view } The create snmp group command creates a new SNMP group, or a table that maps SNMP users to SNMP views. - An alphanumeric name of up to 32 characters that will identify the SNMP group with which the new SNMP user will be associated. v1 ­ Specifies that SNMP version 1 will be used. The Simple Network Management Protocol (SNMP), version 1, is a network management protocol that provides a means to monitor and control network devices. v2c ­ Specifies that SNMP version 2c will be used. The SNMP v2c supports both centralized and distributed network management strategies. It includes improvements in the Structure of Management Information (SMI) and adds some security features. v3 ­ Specifies that the SNMP version 3 will be used. SNMP v3 provides secure access to devices through a combination of authentication and encrypting packets over the network. SNMP v3 adds: Description Parameters 40 DGS-3312SR Layer 3 Gigabit Switch create snmp group Message integrity - Ensures that packets have not been tampered with during transit. Authentication - Determines if an SNMP message is from a valid source. Encryption - Scrambles the contents of messages to prevent it being viewed by an unauthorized source. noauth_nopriv - Specifies that no authorization and no encryption of packets is sent between the switch and a remote SNMP manager. auth_nopriv - Specifies that authorization will be required, but there will be no encryption of packets sent between the switch and a remote SNMP manager. auth_priv - Specifies that authorization will be required, and that packets sent between the switch and a remote SNMP manger will be encrypted. read_view ­ Specifies that the SNMP group being created can request SNMP messages. · - An alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the switch. write_view ­ Specifies write privileges for the SNMP group being created. · - An alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the switch. notify_view - Specifies that the SNMP group being created can receive SNMP trap messages generated by the switch's SNMP agent. · - An alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the switch. Restrictions Example usage: Only administrator-level users can issue this command. To create an SNMP group named "sg1:" DGS-3312SR:4#create snmp group sg1 v3 noauth_nopriv read_view v1 write_view v1 notify_view v1 Command: create snmp group sg1 v3 noauth_nopriv read_view v1 write_view v1 notify_view v1 Success. DGS-3312SR:4# 41 DGS-3312SR Layer 3 Gigabit Switch delete snmp group Purpose Syntax Description Parameters Restrictions Example usage: To delete the SNMP group named "sg1". DGS-3312SR:4#delete snmp group sg1 Command: delete snmp group sg1 Success. DGS-3312SR:4# Used to remove an SNMP group from the switch. delete snmp group The delete snmp group command is used to remove an SNMP group from the switch. - An alphanumeric name of up to 32 characters that will identify the SNMP group to be deleted. Only administrator-level users can issue this command. show snmp groups Purpose Used to display the group-names of SNMP groups currently configured on the switch. The security model, level, and status of each group are also displayed. show snmp groups The show snmp groups command displays the group-names of SNMP groups currently configured on the switch. The security model, level, and status of each group are also displayed. None. None. Syntax Description Parameters Restrictions Example usage: To display the currently configured SNMP groups on the switch: DGS-3312SR:4#show snmp groups Command: show snmp groups Vacm Access Table Settings Group Name ReadView Name WriteView Name Notify View Name Security Model Security Level Group Name ReadView Name WriteView Name : Group3 : ReadView : WriteView : NotifyView : SNMPv3 : NoAuthNoPriv : Group4 : ReadView : WriteView 42 DGS-3312SR Layer 3 Gigabit Switch Notify View Name Security Model Security Level Group Name ReadView Name WriteView Name Notify View Name Security Model Security Level Total Entries: 3 DGS-3312SR:4# : NotifyView : SNMPv3 : authNoPriv : Group5 : ReadView : WriteView : NotifyView : SNMPv3 : authNoPriv create snmp host Purpose Syntax Description Parameters Used to create a recipient of SNMP traps generated by the switch's SNMP agent. create snmp host [v1 | v2c | v3 [noauth_nopriv | auth_nopriv | auth_priv] ] The create snmp host command creates a recipient of SNMP traps generated by the switch's SNMP agent. - The IP address of the remote management station that will serve as the SNMP host for the switch. v1 ­ Specifies that SNMP version 1 will be used. The Simple Network Management Protocol (SNMP), version 1, is a network management protocol that provides a means to monitor and control network devices. v2c ­ Specifies that SNMP version 2c will be used. The SNMP v2c supports both centralized and distributed network management strategies. It includes improvements in the Structure of Management Information (SMI) and adds some security features. v3 ­ Specifies that the SNMP version 3 will be used. SNMP v3 provides secure access to devices through a combination of authentication and encrypting packets over the network. SNMP v3 adds: Message integrity - Ensures that packets have not been tampered with during transit. Authentication - Determines if an SNMP message is from a valid source. Encryption - Scrambles the contents of messages to prevent it being viewed by an unauthorized source. noauth_nopriv - Specifies no authorization and no encryption of packets is sent between the switch and a remote SNMP manager. auth_nopriv - Specifies that authorization will be required, but there will be no encryption of packets sent between the switch 43 DGS-3312SR Layer 3 Gigabit Switch create snmp host and a remote SNMP manager. auth_priv - Specifies that authorization will be required, and that packets sent between the switch and a remote SNMP manger will be encrypted. · - An alphanumeric string used to authorize a remote SNMP manager to access the switch's SNMP agent. Restrictions Example usage: Only administrator-level users can issue this command. To create an SNMP host to receive SNMP messages: DGS-3312SR:4#create snmp host 10.48.74.100 v3 auth_priv public Command: create snmp host 10.48.74.100 v3 auth_priv public Success. DGS-3312SR:4# delete snmp host Purpose Syntax Description Parameters Restrictions Example usage: To delete an SNMP host entry: DGS-3312SR:4#delete snmp host 10.48.74.100 Command: delete snmp host 10.48.74.100 Success. DGS-3312SR:4# Used to remove a recipient of SNMP traps generated by the switch's SNMP agent. delete snmp host The delete snmp host command deletes a recipient of SNMP traps generated by the switch's SNMP agent. - The IP address of a remote SNMP manager that will receive SNMP traps generated by the switch's SNMP agent. Only administrator-level users can issue this command. 44