Manual Maipu Switch S3026G-PoE-AC
Contents
1. Authentication Flow of 802 1x EAP Termination Mode The difference of the authentication flow between EAP termination mode and EAP relay mode is that the random encryption word used for encrypting the user password information is generated by the device end And then the access control unit sends the user name random encryption word and password information encrypted by the client to the RADIUS server for the related authentication 802 1x Extension and Optimization Besides supporting the port based access authentication method specified by the protocol devices also extend and optimize it when implementing the EAP relay mode and EAP termination mode of 802 1x Supports some applications in the case of which one physical port can have more than one users Maipu Confidential amp Proprietary Information Page 279 of 472 MyPower S3026G POE AC Switch User Manual V1 0 There are three access control methods the methods to authenticate users port based MAC based and user based IP address MAC address port A When the port based method is used as long as the first user of this port passes the authentication all the other users can access the network resources without being authenticated However once the first user is offline the network won t be available to all the other users B When the MAC based method is used all the users accessing a port should be authenticated separately only those pass t2. eeeeeeeeeeeenene 417 Commands for Configuring Port Loopback Detection Function eeeeeeeeeeenen 418 Typical Instance of Port Loopback DetectOn einer ceti rec dai 420 Port Loopback Detection Troubleshooting 2 1 nn es 421 Debugging and Monitoring Cormtrnards uer iiio hera insansa cece anra ties sien nea ua c 421 Port Loopback Detection Tro bleshooting 55 io ianua aaa praua arn isinin nair ARR KR RR Rea RR IE 422 SNTP Configuration 2 enses see sienne nnne nnn nna naues 42D Introduction EO SNITP s ien tet nen en edere daed aa aaa aess 423 SNTP CotifigUratiOn ia EX EXERRRRYDR Speak nnn nine pint 424 SNTP Configuration TaslclElsE sc pereo uoce Sere deo c Er cR epa trem iod uv audet ede o oor Erro cues Ere eS doe SEEN ERra Ed 424 SNTP Configuration COMMANRGSS s sou priora Soap habt fradtebadeentdenteeasehancen 1081 ARE rry x ERE Diae Temi capt RERS 424 SNIP TROUDIESHOOUNG uncta tun annu aene dnd dett d dde nde edu dee a dd daga 426 SNTP Debugging and Monitoring Commands eeeeeeeeeeee eene 426 SNIP Typical Configuration InstatCe 1 2c15201211 1016222 100812 10010 heeds 427 QoS CONFIGUratiON 0 ccccesceeceeseeeeencenseeeeeueeeeanseesenssenseeesessseesseesssessseees 28 Introductiomtor DOS srt tumet dn E CLE 428 QOS TEMS reve ex eve pri ae sees SYN YRDE EYE Yr DECHEVER EY A uos dns VETT EVE Ye Le Eea EEFVESU TEE RAE TERE 428 QOS
3. 23 Setup Configuration enis sies eeee sena naana nadaa uaa uua uuu 27 Setup Configurationiz senex eR XDRREREREDRSRE inb 2E eddie HERE PIRA AREIS aaa 27 Setup Main o 27 Setup Sub Menu io rena sopa seu RERE RR AE RERRERERERYERREMRRYRIEARARRIRERENER AIRYRN BINA YY NIIT RYE 28 Configuring SWitch EIOSEname ucc puse ex ud enc see uus eta tuc za UR Yeh snc ASi thc ka vus Sa reu d iua 28 Configure Vlant Interface oeil riae raa Ex tube PER RR cveannepacancaenseteeneatosataentessentags 28 Configure Telnet Server 29 Config re Web Server e ME 30 Eon eE DLE 30 Exit Set p Configuration MOGe 2 cess eese sate sa duran vices dd hi eap a or EVE RI dite es 32 Switch Management enseeiee enean na ianiai uana uana uana aa nu aa naa uu 33 Management MOGGS xix xr ERR NRERERHNRRS S dE FOLE Keve dU TIAM Tra E AA TE HAE Cose de E LEE FEE RE PEE dE 33 Out band Managements cessi erue terne ta Rap ce Erste fe coe aa n Fen a dee U re bis aara lots dE ER Cea DUE dd 33 In band Managemieht 5 ranger titii ka cede ctp a per ka recs EY ERE iaasa iere raa eas iida CER REEE 37 Ma nagerrnerit InterfaCes centered ned ihi aded dao rded tasa beo Naa 43 eR MEET 43 Web Interface P 49 Basic Configuration of Switch 1 e
4. 2 Configure DHCP address pool A Create Delete DHCP address pool Command Explanation Global Mode ip dhcp pool lt name gt no ip dhcp pool lt name gt Configure DHCP address pool B Configure dynamic DHCP address pool parameters Command Explanation DHCP Address Pool Mode network address lt network number gt mask prefix length no network address Configure the address scope that can be allocated to the address pool default router addressi address2 address8 Configure default gateway for DHCP clients no default router dns server addressi address2 address8 Configure DNS server for DHCP clients no dns server Configure the domain name for DHCP clients the no domain name command deletes the domain name domain name domain no domain name netbios name server addressi address2 address8 Configure the address for WINS server no netbios name server netbios node type b node h node m node p node lt type Configure node type for DHCP clients number no netbios node type bootfile lt filename gt Configure the file to be imported for DHCP no bootfile clients on boot up next server addressi address2 address8 Configure the address of the server saving the no next server imported files of the client addressi address2 address8 option code ascii lt string gt hex he
5. Attached policy map for Ingress p1 Policy map bound to the port Maipu Confidential amp Proprietary Information Page 450 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch show mls qos interface statistics ethernet 0 0 2 Device Ethernet0 0 2 Classmap classified in profile out profile in packets cl 0 0 0 Displayed information Explanation Ethernet0 0 2 Port name ClassMap Name of the Class map classified Total packets matching this class map in profile Total in profile packets matching this class map out profile Total out profile packets matching this class map show mls qos maps Command show mis qos maps cos dscp dscp cos dscp mutation policed dscp Function Display mapping configuration information for QoS Parameters cos dscp mapping from CoS to DSCP dscp cos mapping from DSCP to CoS dscp mutation is mapping from DSCP value to DSCP value policed dscp is DSCP mark down mapping Default none Command mode Admin mode Usage guide Example Switch show mls qos maps Cos dscp map cos 01234567 dscp 0 8 16 24 32 40 48 56 Dscp cos map dl d2 ooo SSS d2O0 tuc Maipu Confidential amp Proprietary Information Page 451 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Policed dscp map di d20123456789 0 0123456789 1 10111213 14 15 16 17 18 19 2 2021222324 25 26 27 28 29 3 3031 32 33 34 35 36 37 38 39 4
6. Gas Average mg m Maximum value mg m SO 0 2 1 5 H2S 0 006 0 03 NO 0 04 0 15 NH3 0 05 0 15 Cl 0 01 0 3 Temperature and Humidity For a good air circulation after the switch being installed it is recommended to keep the switch rack in a room with a stable temperature and humidity Please use an air conditioner to cool it up in summer and a heating system in winter If the humidity in the equipment room is too high for long time it causes the poor insulation and even electricity leak of insulation materials easily Sometimes the mechanical performances of materials change and the metal parts are corroded easily too If the relative humidity is too low insulation pads shrink which causes the fastened screws loose Meanwhile in dry environment static electricity appears easily which harms the circuits on the switch If the temperature is too high the reliability of the switch reduces greatly The long time high temperature affects the life and speeds up the aging of insulation materials The recommended working temperature and humidity are listed in the following table Temperature Relevant humidity 0 50 C 10 90 Note The working environment temperature and humidity of the switch should be measured at 1 5m above the floor and 0 4m in front of the rack without front or back protective panel on the rack Power The switch uses module switching power The parameters of input AC pow
7. Fuzzy Match Support MyPower S3026G POE AC shell supports fuzzy match in searching command and keyword Shell recognizes the commands or keywords correctly if the entered string causes no conflict Maipu Confidential amp Proprietary Information Page 48 of 472 MyPower S3026G POE AC Switch User Manual V1 0 For example For the admin configuration command show interface ethernet 0 0 1 you just need to input sh in e 0 0 1 For the admin configuration command show running config the system reports gt Ambiguous command if only show r is entered because Shell is unable to tell whether it is show run or show running config Therefore Shell can recognize the command correctly only when sh ru is entered Web Interface Mabu 3 aaas 4444 sasa aa f aa are hemos a Mitertreeer s WWW WW Vere wy On les ain crrray Pam n un lt 9 530266 P0E HI IANA WOKE PO MACMAURIERI gt VLAN WF H erum gt 4c BE LJ Port Channel J oHcPRS GER ECI SNTORE 2 Qos RE Ly MSTOM HE CJ IGMP 5nceprg Mticast vis 1 AM R 1 amer ENXUMHET Port EG Wine tJ EGET Wo 16 Jiurinq Averue mitch mv Copyright C 2008 Naipu Sichusm Comaunication Technology Co Ltd hitpi rww Anipu coa 400 886 8669 Web configuration interface of MyPower S3026G POE AC As shown in the above figure the web configuration interface includes three parts that is upper part lower left part and lower r
8. Switch dhep 1 config bootfile c temp nos img Related Command next server client identifier Command client identifier lt unique identifier gt no client identifier Function Specify the unique ID of the user when binding an address manually the no client identifier command deletes the identifier Parameters unique identifier is the user identifier in hyphen Hexadecimal format Command Mode DHCP Address Pool Mode Usage guide This command is used with host when binding an address manually If the requesting client identifier matches the specified identifier DHCP server assigns the IP address defined in host command to the client Example Bind the IP address 10 1 128 160 with user whose unique id is 00 10 5a 60 af 12 Switch dhcp 1 config client identifier 00 10 5a 60 af 12 Switch dhcp 1 config host 10 1 128 160 24 Related command host client name Command client name lt name gt no client name Function Configure the username when binding addresses manually the no client name command deletes the username Maipu Confidential amp Proprietary Information Page 367 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters name is the name of the user up to 255 characters are allowed Command Mode DHCP Address Pool Mode Usage guide Configure a username for the manually bound device domain should not be included when configuring username Example Set the username
9. eese eiie nanus LOD Introduction to IGMP Snoopihg oedenelele ined ettet ele Ghee Gila 235 IGMP Snooping Configuration 55 5552222225 22282 5 2522 sky ERE En kp RE R4 RKR A RRRRERARRRRRABRRARRRRRNAT 235 IGMP Snooping Confgi ration Task Listes cisscccccseccsersteccdeateedeastetadenctcssacnetetecsesutsneeacestadecctensas 235 IGMP Snooping Configuration Commandis eeeeeeeeeeee ener 237 IGMP Snoopirig InstafiCe ceret umen a eee 244 IGMP Snooping Troubleshooting cis cscesasecseicasesnescasesecscssasecscacasascaaseasasaateacexis 247 IGMP Snooping Monitoring and Debuging Commands eese 247 IGMP Snooping Troubleshooting 25 22 acia coa cedacecenebatesnncentaensetadeed bedecteetebadesnedendecneaseeaen 249 Multicast VLAN Configuration eese eese nana nnn nnns 290 Introduction to Multicast VLAN og c c oen eru c ta oh crea nics enseedevedeuvesveresseenerevac 250 Maipu Confidential amp Proprietary Information Page 7 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Multicast VLAN Configuration esae puppy E E Rn HER ER ER HERR EAE ANAIE EE ERE R Ra Rag is 250 Multicast VEAN Configuration Task EISE uerius asins iaa as aaa a ass xk Xa 250 M lticast VLAN Configuration Command S siisi 5 2 casae panna enean rh atat R Ru RR A RRRR ERR RR A PR KR RR FR RR RR ip 251 Multicast VLAN Instante usses M 252 DCSCM Configuration
10. Configure the rules used by the destination control to the specified VLAN MAC The NO form of the command cancels the configuration no ip multicast destination control source lt source wildcard gt access group 6000 7999 Configure the rules used by the destination control to the specified source IP address mask The NO form of the command cancels the configuration Maipu Confidential amp Proprietary Information Page 256 of 472 MyPower S3026G POE AC Switch User Manual V1 0 3 Multicast policy configuration Multicast policy uses the manner of specifying priority for specified multicast data to ensure the effects the specific user requires It is noticeable that multicast data cannot get a special care all along unless the data are transmitted at TRUNK port The configuration is very simple and has only one command that is set the priority for the specified multicast The commands are as follows Command Explanation Global Configuration Mode no ip multicast policy source source Configure multicast policy and specify wildcard destination lt destination wildcard gt priority for sources and groups in cos priority specific range and the range is 0 7 DCSCM Configuration Commands access list multicast source control Command access list 5000 5099 lt deny permit ip lt source gt source wildcard host source lt source host ip gt
11. Exit the configuration mode of exit the named standard IP access list D Configure one named extended IP access list a Create one named extended IP access list Command Explanation Global mode ip access list extended lt name gt no ip access list extended lt name gt Create one named extended IP access list The no format of the command deletes the named extended IP access list b Specify multiple permit or deny rules Command Explanation Configuration mode of the named extended IP access list no deny permit icmp s pAdar lt sMask gt any source host source lt sIpAddr gt lt dlpAdar gt lt dMask gt any destination host destination lt dIpAddr gt lt icmp type gt lt icmp code gt precedence lt prec gt tos lt tos gt time range lt time range name gt Create one ICMP named extended IP access rule The no format of the command deletes the named extended IP access rule no deny permit igmp s pAdar lt sMask gt any source host source lt sIpAddr gt lt dlpAdar gt lt dMask gt any destination host destination lt dIpAddr gt lt igmp type gt precedence lt prec gt tos lt tos gt time range lt time range name gt Create one IGMP named extended IP access rule The no format of the command deletes the named extended IP access rule no deny permit tcp s pAdar lt sMas
12. Get Response Get Next Request Get Bulk Request Set Request e Trap e Inform Request NMS sends queries to the Agent with Get Request Get Next Request Get Bulk Request and Set Request messages and the Agent upon receiving the requests replies with Get Response message On some special situations like network device ports are on Up Down status or the network topology changes Agents can send Trap messages to NMS to inform the abnormal events Besides NMS can also be set to alarm to some abnormal events by enabling RMON function When alarm events are triggered Agents send Trap messages or log the event according to the settings Inform Request is mainly used for inter NMS communication in the layered network management Maipu Confidential amp Proprietary Information Page 83 of 472 MyPower S3026G POE AC Switch User Manual V1 0 USM ensures the transfer security by well designed encryption and authentication USM encrypts the messages according to the user typed password This mechanism ensures that the messages can t be viewed on transmission And USM authentication ensures that the messages can t be changed on transmission USM employs DES CBC cryptography And HMAC MD5 and HMAC SHA are used for authentication VACM is used to classify the users access permission It puts the users with the same access permission in the same group Users can t conduct the operation which is not authorized Introduction to
13. Maipu Confidential amp Proprietary Information Page 318 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Configuration mode of the named extended MAC IP access list no deny permit any source mac host source mac lt host_smac gt smac smac mask any destination mac host destination mac host dmac 4 lt dmac gt lt dmac mask gt icmp 4 source source wilacard any source host source source host ip X destination destination wildcard gt any destination host destination lt destination host ip gt lt icmp type gt lt icmp code gt precedence precedence tos tos time range lt time range name Create one mac icmp named extended MAC IP access rule The no format of the command deletes the named extended IP access rule no deny permit any source mac host source mac host smac smac smac mask any destination mac host destination mac host dmac lt dmac gt lt dmac mask gt igmp 4 source source wilacard any source host source lt source host ip gt 4 destination lt destination wildcard gt any destination host destination lt destination host ip gt igmp type precedence lt precedence gt tos tos time range lt time range name Create one mac igmp named extended MAC IP access rule The no format of the command deletes the named extended IP access rul
14. Enable or disable the loopback test function of the specified port 3 Setthe data traffic suppression function Command Explanation Port configuration mode packet suppression packets broadcast brmc brmcdlf all no packet suppression Enable the packet suppression function of the switch and set the max data traffic allowed to pass The no format of the command is used to cancel the packet suppression function Commands for Configuring Ethernet Ports bandwidth Command bandwidth control bandwidth both receive transmit no bandwidth control Function Enable the bandwidth limit function on the port the no format of the command disables this function Parameter bandwidth is the bandwidth limit which is shown in kbps ranging between 62 to 1000000 transmit refers to the bandwidth limit when the port sends data receive refers to the bandwidth limit when the port receives data both refers to the bandwidth limit when the port receives and sends data To control the bandwidth when the port receives the data use the command packet suppresstion Maipu Confidential amp Proprietary Information Page 151 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Port Mode Default status Bandwidth limit function is disabled by default Usage guide When the bandwidth limit is enabled with a size set the max bandwidth of the port is determined by this size other than
15. Command clear ip dhcp binding 1 address all Function Delete the specified IP address hardware address binding record or all IP address hardware address binding records Parameters address is the IP address that has a binding record in decimal nomination all refers to all IP addresses that have a binding record Command mode Admin Mode Usage guide show ip dhcp binding command can be used to view binding information for IP addresses and corresponding DHCP client hardware addresses If the DHCP server is informed that a DHCP client is not using the assigned IP address for some reason before the lease period expires the DHCP server would not remove the binding information automatically The system administrator can use this command to delete that IP address client hardware address binding manually if all is specified then all auto binding records will be deleted thus all addresses in the DHCP address pool will be reallocated Maipu Confidential amp Proprietary Information Page 378 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Remove all IP hardware address binding records Switch clear ip dhcp binding all Related command show ip dhcp binding clear ip dhcp conflict Command clear ip dhcp conflict address all Function Delete an address recorded in the address conflict log Parameters address is the IP address that has a conflict record all stands for all addresses that have
16. Command mode VLAN configuration mode Default There is no Private VLAN association by default Usage guide This command can only be used for Private VLAN The ports in Secondary VLANs which are associated to Primary VLAN can communicate to the ports in Primary VLAN Before setting Private VLAN association three types of Private VLANs should have no member ports the Private VLAN with Private VLAN association can t be deleted When users delete Private VLAN association all the member ports in the Private VLANs whose association is deleted are removed from the Private VLANs Example Associate Isolated VLAN200 and Community VLAN300 to Primary VLAN100 Switch Config Vlan100 private vlan association 200 300 VLAN Typical Application Scenario Maipu Confidential amp Proprietary Information Page 194 of 472 MyPower S3026G POE AC Switch User Manual V1 0 VLAN100 VLAN200 Desktop PC Switch A Trunk Link Switch B VLAN200 m VLAN100 Desktop P PC VLAN2 ue Desktop PC orkstation Workstation Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements The three VLANs are VLAN2 VLAN100 and VLAN20O Those three VLANs are cross two different location A and B One switch is placed in each site and cross location requirement can be met if VLAN traffic can be transferred between the two switches Configuration Item Configur
17. Command switch mac address The MAC address of the command switch Heartbeat interval Heartbeat period Heartbeat hold time The heartbeat holdtime Candidate switch Displayed as the table form Candidate switch Candidate switch Register timer Register timer interval show cluster candidates Command show cluster candidates Function Display the candidate switches that can be added to the cluster on the commander switch Parameter none Default status none Command mode Admin Mode Usage guide Execute the command on the command switch to display the list of all candidate switches If running the command on the non command switch return error Example Display the list of all cluster candidate switches that can be added to the cluster on the command switch Switch show cluster candidates SN MAC Address Ip Address Name Device Type 0 00 03 0f 00 28 e8 192 168 184 slavel MyPower S3026G POE AC E ATE 192 168 1 23 slave2 MyPower S3026G POE AC See eres 192 168 2 5 slave3 MyPower S3026G POE AC 30003 0005 8 67 192 168 3 3 slaved MyPower S3026G POE AC E Maipu Confidential amp Proprietary Information Page 145 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Displayed information show cluster candidates Displayed as the table form SN Serial number MAC Address The MAC address of the candidate switch IP Address The IP address of the cand
18. Parameters class map name is the class map name Default No class map is configured by default Command mode Global configuration mode Usage guide Example Create and then delete a class map named c1 Switch config class map cl Switch config no class map c1 match Command match access group lt acl index or name gt ip dscp lt dscp list gt ip precedence lt ip precedence list gt vlan lt vian list gt cos lt cos list gt no match access grouplip dscplip precedencelvlanlcos Function Configure the matching standard of the class map the no form of this command deletes the specified matching standard Parameter access group lt acl index or name gt match specified ACL the parameters are the number or name of the ACL ip dscp lt dscp list gt match specified DSCP value the parameter is a list of DSCP consisting of maximum 8 DSCP values ip precedence ip precedence list match specified IP Precedence the parameter is a IP Precedence list consisting of maximum 8 IP Precedence values with a valid range of 0 7 vlan vlan list match specified VLAN ID the parameter is a VLAN ID list consisting of maximum 8 VLAN IDs cos lt cos list gt match specified CoS value the parameter is a CoS list consisting of maximum 8 CoS Default No match standard by default Command Mode Class map Mode Usage guide Only one match standard can be configured in a class map When matching the ACL only the permit ru
19. Switch Config interface ethernet 0 0 1 8 Switch Config Port Range flow control interface ethernet Command interface ethernet lt nterface list gt Function Enter Ethernet Port Mode from Global Configuration Mode Parameter lt interface list gt indicates the port number Command mode Global Configuration Mode Usage guide Run the exit command to exit the Ethernet Port Mode to Global Configuration Mode Example Enter the Ethernet ports0 0 1 0 0 4 5 0 0 8 Switch Config interface ethernet 0 0 1 0 0 4 5 0 0 8 Switch Config Port Range loopback Command loopback Maipu Confidential amp Proprietary Information Page 155 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no loopback Function Enable the loopback test function on an Ethernet port the no loopback command disables the loopback test on an Ethernet port Command mode Port Mode Default status Loopback test is disabled in Ethernet port by default Usage guide Loopback test can be used to check whether the Ethernet ports are working normally Example Enable loopback test in Ethernet ports 0 0 1 8 Switch Config interface ethernet 0 0 1 8 Switch Config Port Range loopback mdi Command mdi auto across normal no mdi Function Set the cable types supported by the Ethernet port the no mdi command restores the default cable type of the Ethernet port Parameter auto indicates negotiating the cable type automatically acros
20. Usage guide This command is used with the host when binding address manually If the requesting client hardware address matches the Maipu Confidential amp Proprietary Information Page 369 of 472 MyPower S3026G POE AC Switch User Manual V1 0 specified hardware address the DHCP server assigns the IP address defined in host command to the client Example Bind IP address 10 1 128 160 with hardware address 00 00 e2 3a 26 04 in manual address binding Switch dhcp 1 config hardware address 00 00 e2 3a 26 04 Switch dhcp 1 config host 10 1 128 160 24 Related command host host Command host lt address gt lt mask gt lt prefix length gt no host Function Specifies the IP address to be assigned to the user when binding addresses manually the no host command deletes the IP address Parameters lt address gt is the IP address in decimal format lt mask gt is the subnet mask in decimal format lt prefix length gt means mask is indicated by prefix For example mask 255 255 255 0 in prefix is 24 and mask 255 255 255 252 in prefix is 30 Command Mode DHCP Address Pool Mode Usage guide If no mask or prefix is configured when configuring the IP address and no information in the IP address pool indicates anything about the mask the system will assign a mask automatically according to the classful IP address This command is used with hardware address command or client identifier co
21. When user based access control is applied un authenticated users can only access limited resources of the network The user based access control falls into two kinds the standard access control and the advanced access control The standard user based access control does not limit the access to the limited resources when the user is not authenticated yet While the user based advanced access control can control the access to the limited resources before authentication is done Notes Currently user based control mode supports the advanced mode Example Configure Etherent0 0 4 to adopt the user based advanced control mode Switch Config Ethernet0 0 4 dot1x port method userbased advanced dot1x privateclient enable Command dotix privateclient enable Maipu Confidential amp Proprietary Information Page 292 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no dotix privateclient enable Function Configure the switch to force the authentication client to use private 802 1x authentication packet format The no format of the command disables the function and allows the authentication client to use the standard 802 1x authentication packet format Command Global configuration mode Default Private 802 1x authentication packet format is disabled by default Usage guide To implement integrated solution the switch must be enabled to support the private 802 1x authentication packet Otherwise many applications cannot be use
22. lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt lt eigrp greligrp ip ipinip ospf lt protoco num gt 4 source source wildcard any source host source source host ip X destination destination wildcard any destination 4host destination lt destination host ip gt precedence precedence tos tos time range time range name Functions Define an extended name MAC IP ACL rule the no format of the command deletes one extended numeric MAC IP ACL access list rule Parameters deny if rules are matching deny to access permit if rules are matching permit to access any source mac any source MAC address any destination mac any destination MAC address host smac smac source MAC address smac mask mask reverse mask of source MAC address host dmac dmas destination MAC address dmac mask mask reverse mask of destination MAC address protocol No of name or IP protocol It can be a key word eigrp gre icmp igmp igrp ip ipinip ospf tcp or udp or an integer from 0 255 of list No of IP address Use key word ip to match all Internet protocols including ICMP TCP AND UDP list source host ip source No of source network or source host of packet delivery Numbers of 32 bit binary system with dotted decimal notation expression host means the address is the IP address of source host otherwise the I
23. 12 59 Maipu Confidential amp Proprietary Information Page 328 of 472 MyPower S3026G POE AC Switch User Manual V1 0 for tagged 802 3 12 63 Command Mode Global configuration mode Default Configuration No access list configured Usage guide When the user assigns specific num for the first time the ACL of the serial number is created and then the lists are added into this ACL Currently the customized window is not supported Example Permit tagged eth2 with any source MAC addresses and any destination MAC addresses and the packets with the 15th and 16th characters as 0x08 and 0x0 respectively to pass Switch Config access list 1100 permit any source mac any destination mac tagged eth2 mac access extended Command mac access list extended lt name gt no mac access list extended lt name gt Function Define a name manner MAC ACL or enter access list configuration mode no mac access list extended lt name gt command deletes the ACL Parameters lt name gt the name of access list excluding blank or quotation mark and it must start with letter and the length cannot exceed 16 remark sensitivity on capital or small letter Command Mode Global configuration mode Default Configuration No access lists configured Usage guide After assigning this command for the first time only an empty name access list is created and no list item is included Example Create an MAC ACL named mac_acl
24. Set the current port as Trunk or Access port 5 Set Trunk port Command Explanation Port Mode switchport trunk allowed vlan lt Vian ist gt all no switchport trunk allowed vlan lt v an ist Set delete VLAN allowed to be crossed by Trunk switchport trunk native vlan lt V an id gt no switchport trunk native vlan Set delete PVID for Trunk port 6 Set Access port Command Explanation Port Mode switchport access vlan lt Vian id gt no switchport access vlan Add the current port to the specified VLAN or exit the specified VLAN 7 Disable Enable VLAN Ingress Rules Command Explanation Port Mode vlan ingress enable no vian ingress enable Enable Disable VLAN ingress rules Maipu Confidential amp Proprietary Information Page 188 of 472 MyPower S3026G POE AC Switch User Manual V1 0 8 Configure Private VLAN Command Explanation VLAN mode private vlan primary isolated community no private vlan Set current VLAN as Private VLAN 9 Set Private VLAN binding Command Explanation VLAN mode private vlan association lt secondary vian list gt no private vlan association Set delete Private VLAN binding VLAN Configuration Commands vlan Command vlan v an id no vlan lt vlan id gt Function Create VLANs and enter VLAN configuration
25. Start the FTP server software on the PC and set the username admin and the password admin Place the nos img file to the appropriate FTP server directory on the PC The configuration steps of the switch are listed below MyPower S3026G POE AC Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config If Vlan1 exit Switch Config exit Switch copy ftp admin admin 10 1 1 1 nos img nos img Switch reload With the above commands the switch has the nos img file in the computer downloaded to the FLASH TFTP Configuration PC configuration Start TFTP server software on the PC and place the nos img file to the appropriate TFTP server directory on the PC The configuration steps of the switch are listed below MyPower S3026G POE AC Switch Config inter vlan 1 Maipu Confidential amp Proprietary Information Page 111 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config If Vlan 1 exit Switch Config exit Switch copy tftp 10 1 1 1 nos img nos img Switch reload Scenario 2 MyPower S3026G POE AC is used as FTP server MyPower S3026G POE AC operates as the FTP server The PC is a FTP client Transmit the nos img file on the switch to the PC The configuration steps of the switch are listed below MyPowe
26. anti arpscan recovery time seconds Command anti arpscan recovery time seconds no anti arpscan recovery time Function Configure automatic recovery time no anti arpscan recovery time command resets the automatic recovery time to default value Parameters Automatic recovery time in seconds ranging from 5 to 86400 Maipu Confidential amp Proprietary Information Page 409 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default Settings 300 seconds Command Mode Global configuration mode Usage guide Automatic recovery function should be enabled first Example Set the automatic recovery time as 3600 seconds Switch Config anti arpscan recovery time 3600 anti arpscan log enable Command anti arpscan log enable no anti arpscan log enable Function Enable anti ARPscan log function no anti arpscan log enable command disables this function Parameters None Default Enable anti ARPscan log function Command Mode Global configuration mode Usage guide After enabling anti ARPscan log function users can check the detailed information of ports being closed or automatically recovered by anti ARPscan or IP being disabled and recovered by Anti ARPscan The level of the log is Warning Example Enable anti ARPscan log function of the switch Switch Config anti arpscan log enable anti arpscan trap enable Command anti arpscan trap enable no anti arpscan trap enable Function Enable the
27. destination lt dIpAddr gt igmp type precedence lt prec gt tos lt tos gt time range lt time range name gt access list num denylpermit tcp lt slpAddr gt lt sMask gt lany sourcel host source lt sIpAddr gt s port lt sPort gt lt dIpAddr gt lt dMask gt lany destinationl host destination lt dIpAddr gt d port lt dPort gt ack fin psh rst urg syn precedence lt prec gt tos lt tos gt time range lt time range name gt access list num denylpermit udp lt s pAddr gt lt sMask gt lany sourcel host source lt sIpAddr gt s port lt sPort gt lt dIpAddr gt lt dMask gt lany destinationl host destination lt dIpAddr gt d port lt dPort gt precedence lt prec gt tos lt tos gt time range time range name access list num denylpermit eigrplgreligrplipinipliplospfl lt int gt lt sIpAddr gt lt sMask gt lany sourcel host source lt s pAddr gt lt dIpAddr gt lt dMask gt any destinationl host destination lt dIpAddr gt precedence lt prec gt tos lt tos gt time range lt time range name gt no access list lt num gt Function Create a numeric extended IP access rule matching specific IP protocol or all IP protocol if the numeric extended IP access list does not exist create the access list Parameters lt num gt is the No of access list 100 299 lt sIpAddr gt is the source IP address and the forma
28. no ssh server timeout command restores the default timeout value for SSH authentication Parameter lt timeout gt is timeout value valid range is 10 to 600 seconds Command mode Global Configuration Mode Default status SSH authentication timeout is 180 seconds by default Example Set SSH authentication timeout to 240 seconds Switch Config ssh server timeout 240 gt ssh server authentication retries Command ssh server authentication retries lt authentication retries gt no ssh server authentication retries Maipu Confidential amp Proprietary Information Page 68 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Configure the number of attempts for retrying SSH authentication the no ssh server authentication retries command restores the default number of attempts for retrying SSH authentication Parameter authentication retries is the number of attempts for retrying authentication valid range is 1 to 10 Command mode Global Configuration Mode Default status The number of attempts for retrying SSH authentication is 3 by default Usage guide The command sets the number of attempts for retrying SSH authentication By default it is 3 Example Set the number of attempts for retrying SSH authentication as 5 Switch Config ssh server authentication retries 5 gt ssh server host key create rsa Command ssh server host key create rsa modulus modulus Function Generate
29. the no ssh server enable command disables SSH server function ssh user user name password 0 7 password no ssh user user name Configure the username and password of SSH client software for logging into the switch the no ssh user lt user name gt command deletes the authorized SSH user ssh server timeout lt timeout gt no ssh server timeout Configure timeout for SSH authentication the no ssh server timeout command restores the default timeout value for SSH authentication ssh server authentication retires authentication retires gt no ssh server authentication retries Configure the times for retrying SSH authentication the no ssh server authentication retries command restores the default times for retrying SSH authentication ssh server host key create rsa modulus lt modulus gt Generate the new RSA host key on the SSH server Admin mode Make the SSH client logging into the switch display the debug information the no monitor EU terminal monitor command stops no monitor displaying SSH debug information on the SSH client SSH Configuration Commands gt ssh server enable Command ssh server enable no ssh server enable Function Enable SSH function on the switch the no ssh server enable command disables SSH function Default status SSH function is disabled by default Command mode Global Configuration Mode Usage guide To
30. 4041 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 6061 62 63 Global Dscp dscp mutation map di d20123456789 0 0000000000 1 0000000000 2 0000000000 3 0000000000 4 0000000000 5 0000000000 6 0000 show class map Command show class map lt class map name gt Function Display class map of QoS Parameters lt class map name is the class map name Default none Command mode Admin mode Example Switch show class map Class map name cl used by 0 times Match acl name 1 Displayed information Explanation Class map name ci ame of the Class map Match acl name 1 Classifying rule for the class map show policy map Command show policy map lt policy map name gt Function Display policy map of QoS Parameters policy map name is the policy map name Maipu Confidential amp Proprietary Information Page 452 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default none Command mode Admin mode Usage guide Example Switch show policy map Policy Map pl used by 0 port Class Map name cl police 16000000 2000 exceed action drop Displayed information Explanation Policy Map p1 Name of policy map Class map name ci Name of the referenced class map police 16000000 8000 exceed action drop Policy implemented QoS Troubleshooting By default QoS is disabled on the switch port 4 sending queues are set queue 1 adopts the best effor
31. After all uplink ports are deleted the port isolation function is disabled automatically that is all ports can inter work with each other 100M ports are used as downlink ports If 100M ports need to be used as uplink ports in some cases note that 8 ports as a group can take effect That is if Ethernet 0 0 1 is configured as uplink port Ethernet 0 0 1 8 are all configured as uplink ports and can inter work with other ports If Ethernet 0 0 1 is configured as downlink port Ethernet 0 0 1 8 are all configured as downlink ports Similarly every eight ports of the subsequent ports are configured as one group Example Set ethernet 0 0 25 and ethernet 0 0 26 as uplink ports and the other ports as downlink ports to perform port isolation Maipu Confidential amp Proprietary Information Page 131 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config isolate port allowed ethernet 0 0 25 26 Maipu Confidential amp Proprietary Information Page 132 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Cluster Network Management Introduction to Cluster Network Management Cluster network management is an in band configuration management Unlike CLI SNMP and Web Config which implement a direct management of the target switches through a management workstation cluster network management implements a direct management of the target switches member switches through an intermediate switch command switch A command swi
32. Channel must have the same properties as follows All ports are in full duplex mode All Ports are of the same speed All ports are Access ports and belong to the same VLAN or are all TRUNK ports If the ports are TRUNK ports then their Allowed VLAN and Native VLAN property should also be the same If Port Channel is configured manually or dynamically on the switch the system automatically sets the port with the smallest number to be Master Port of the Port Channel If the spanning tree function is enabled in the switch the spanning tree protocol regards Port Channel as a logical port and sends BPDU frames via the master port Port aggregation is closely related with switch hardware The switch allows physical port aggregation of any two switches MyPower S3026G POE AC supports up to eight groups and up to eight ports can be configured in the group Once ports are aggregated they can be used as a normal port Switch have a built in aggregation interface configuration mode the user can perform related configuration in this mode just like in the VLAN and physical port configuration mode Port Channel Configuration Port Channel Configuration Task List 1 Create a port group in Global Mode 2 Add ports to the specified groups in the Port Mode 3 Enter port channel configuration mode m Create port group Maipu Confidential amp Proprietary Information Page 352 of 472 MyPower S3026G POE AC Swit
33. Configure the access control mode of the port C Configure the expanded 802 1x function of the switch 3 Configure the attributes related with the user access devices optional 4 Configure the attributes related with the RADIUS server A Configure RADIUS authentication key B Configure RADIUS server C Configure RADIUS service parameters 1 Enable 802 1x function of the switch no aaa enable Command Explanation Global Mode Enable the AAA authentication function of the aaa enable switch The no format of the command is used to disable the AAA authentication function of the switch aaa accounting enable no aaa accounting enable Enable the accounting function of the switch The no format of the command is used to disable the accounting function of the switch aaa accounting update enable disable Enable or disable the accounting update function dotix enable no dotix enable Enable the 802 1x function in the switch and ports the no command disables the 802 1x function dotix privateclient enable no dotix privateclient enable Enable the switch force client software using private 802 1x authentication packet format The no command disables this function and permits the client software to use the standard 802 1x authentication packet format dotix user free resource prefix mask no dotix user free resource Set the limited resources that the user can access The n
34. Conflict bindings 0 Expiried bindings 0 Malformed message 0 Message Recieved BOOTREQUEST 3814 DHCPDISCOVER 1899 DHCPREQUEST 6 DHCPDECLINE 0 DHCPRELEASE 1 DHCPINFORM 1 Message Send BOOTREPLY 1911 DHCPOFFER 6 DHCPACK 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch Displayed information Explanation Address pools The number of the configured DHCP address pools Database agents The number of the proxy databases Automatic bindings The number of addresses assigned automatically Manual bindings The number of the addresses bound manually Conflict bindings The number of conflicting addresses Expiried bindings The number of addresses whose leases are expired Malformed message The number of the error messages Message Recieved The statistics of the received DHCP packets BOOTREQUEST The total number of the received packets DHCPDISCOVER The number of the DHCPDISCOVER packets DHCPREQUEST The number of DHCPREQUEST packets DHCPDECLINE The number of DHCPDECLINE packets DHCPRELEASE The number of DHCPRELEASE packets DHCPINFORM The number of DHCPINFORM packets Message Send The statistics of the sent DHCP packets BOOTREPLY The total number of the sent packets DHCPOFFER The number of DHCPOFFER packets DHCPACK The number of DHCPACK packets DHCPNAK The number of DHCPNAK packets DHCPRELAY The number of DHCPRELAY packets DHCPFORWARD The
35. Default status None Command mode Admin Mode Usage guide The command displays the configured multicast source control rules including detail option and access list information applied in detail Example Switch show ip multicast source control detail ip multicast source control is enabled Interface Ethernet0 0 1 use multicast source control access list 5000 access list 5000 permit ip 10 1 1 0 0 0 0 255 232 0 0 0 0 0 0 255 access list 5000 deny ip 10 1 1 0 0 0 0 255 233 0 0 0 0 255 255 255 show ip multicast destination control Command show ip multicast destination control detail show ip multicast destination control interface lt Interfacename gt detail show ip multicast destination control host address lt ipaddress gt detail show ip multicast destination control v an id lt mac address gt detail Function Display the multicast destination control configuration Parameter detail whether to display the detailed information Interfacename the port name or port aggregation name such as Ethernet0 0 1 port channel 1 or ethernet 0 0 1 Default status none Command mode admin mode Usage guide The command displays the configured multicast destination control rules including detail option and access list information applied in detail Example Maipu Confidential amp Proprietary Information Page 266 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config show ip multicast destina
36. Display the information of all the ports at dotiq tunnel state Parameter None Command mode Admin Mode Usage guide This command is used for displaying the information of the ports at dotiq tunnel state Example Display current dotiq tunnel state Switch show dotlq tunnel Tpid 0x9100 Port Type Ethernet0 0 1 Customer Ethernet0 0 20 Uplink Typical Dot1q tunnel Application Scenario Edge switch PE1 and PE2 of the ISP forward the VLAN200 300 data between CE1 and CE2 of the customer network with VLAN3 The porti of PE1 is connected to CE1 port10 is connected to public network and the Maipu Confidential amp Proprietary Information Page 200 of 472 MyPower S3026G POE AC Switch User Manual V1 0 TPID of the connected equipment is 9100 porti of PE2 is connected to CE2 and port10 is connected to public network Configuration Configuration Explanation Item VLAN3 Porti of PE1 and PE2 dotig tunnel Porti of PE1 and PE2 tpid Port 10 of PE1 Trunk port Port 10 of PE1 and PE2 Configuration steps are as follows PEL Switch Config vlan 3 Switch Config Vlan3 switchport interface ethernet 0 0 1 Switch Config Vlan3 ffexit Switch Config stdotlq tunnel enable Switch Config dot1q tunnel tpid 9100 Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport dot1q tunnel mode customer Switch Config Ethernet0 0 1 exit Switch Config interface ethernet 0 0 10 Switch Config Ethernet
37. Proprietary Information Page 307 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable the debug information of dotix errors the no operation of this command disables that debug information Parameter None Command mode Admin Mode Usage guide none Example Enable the debug information of dot1ix errors Switch debug dot1x error debug dot1x packet Command debug dotix packet send receive all interface ethernet lt InterfaceName gt no debug dot1x packet sendlreceivelall interface ethernet InterfaceName Function Enable the debug information of dotix sending and receiving packets the no format of the command disables the debug information Command mode Admin Mode Parameters send Enable the debug information of dot1x about sending packets receive Enable the debug information of dot1x about receiving packets all Enable the debug information of dotix about both sending and receiving packets interface name the name of the interface Usage guide none Switch debug dot1x packet receive interface ethernet 0 0 1 debug dot1x detail Command debug dotix detail pkt send pkt receive internal userbased all interface ethernet lt InterfaceName gt no debug dot1x detail pkt sendlpkt receivelinternalluserbasedlall interface ethernet lt nterfaceName gt Function Enable the debug information of dotix details the no format of the command disables the de
38. Switch Config no ip igmp snooping vlan 100 static group 224 1 1 1 interface eth0 0 6 IGMP Snooping Instance Scenario 1 IGMP Snooping function Group 1 Group Group 1 IURE Enable the IGMP Snooping function on the switch As shown in the above figure a VLAN 100 is configured on the switch and includes ports 1 2 6 10 and 12 Four hosts are connected to port 2 6 10 12 respectively and the multicast router is connected to port 1 Suppose that we need to perform IGMP Snooping on vlan 100 By default the global IGMP Snooping of the switch and the IGMP Snooping of the vlan are disabled Therefore to enable the IGMP Snooping function globally and enable IGMP Snooping on the VLAN 100 you need to set port 1 of vlan 100 as mrouter port Maipu Confidential amp Proprietary Information Page 244 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The configuration steps are listed below Switch config Switch config ip igmp snooping Switch config ip igmp snooping vlan 100 Switch config ip igmp snooping vlan 100 mrouter port interface ethernet 0 0 1 Multicast Configuration Suppose there are two multicast serves Multicast Server 1 and Multicast Server 2 Here Multicast server 1 provides program 1 and multicast server 2 provides program 2 using the group address Group 1 and Group 2 respectively Run the multicast application software on four hosts at the same time The three hosts connected to port 2 6 and 10 play
39. Usage guide The debug information that the DHCP SNOOPING processing packets including every step of processing packets adding alarm information adding binding information forwarding DHCP packets and etc Example switch debug ip dhcp snooping packet null 0 packet all debug is on debug ip dhcp snooping update Command debug ip dhcp snooping update no debug ip dhcp snooping update Function This command is used to enable the DHCP snooping debug switch to debug the communication information between DHCP snooping and helper server Command Mode Admin Mode Usage guide Debug the information of communication packets with HELPER SERVER received and sent by DHCP snooping Example switch debug ip dhcp snooping update null 0 packet update debug is on debug ip dhcp snooping event Command debug ip dhcp snooping event no debug ip dhcp snooping event Function This command is used to enable the DHCP SNOOPING debug switch to debug the status of DHCP SNOOPING task Command Mode Admin mode Maipu Confidential amp Proprietary Information Page 399 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide This command is mainly used to debug the state of DHCP SNOOPING task It can output the detection binding data and execute port action and so on Example switch debug ip dhcp snooping event null 0 event all debug is on debug ip dhcp snooping binding Command debug ip dhcp snooping binding no d
40. c Whether the mirror destination port is a member of a trunk group or not If yes modify the trunk group c If the throughput of mirror destination port is smaller than the total throughput of mirror source port s the destination port cannot duplicate all source port traffic decrease the number of source ports duplicate traffic for one direction only or choose a port with greater throughput as the destination port Maipu Confidential amp Proprietary Information Page 163 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Configuration Instance z malbu m i cuum wcll SW MAl2u 4 ENTE Ssosscmm v SW res SIC pees Von Madde do JL 4 Ke A 10 Port configuration instance Use default VLAN1 since VLAN is not configured on all of the switches Switch Port Attribute Swi 0 0 7 10M full SW2 0 0 8 9 10M full source port of port mirroring 0 0 24 100M full destination port of port mirroring SW3 0 0 10 10M full The configurations are listed below SW1 Switch1 Config interface ethernet 0 0 7 Switch 1 Config Ethernet0 0 7 speed duplex force10 full SW2 Switch2 Config interface ethernet 0 0 8 9 l Switch2 Config Port Range speed duplex force10 full Switch2 Config Port Range exit Switch2 Config interface ethernet 0 0 24 Switch2 Config Ethernet0 0 24 speed duplex force100 full Switch2 Config Ethernet0 0 24 exit Switch2 Config mon
41. c cceeeeeeeeeneeeeeeeeeeeeeseeeseeeseaeseaeeeaeenaeeneeeeeeensnnees LO INCFOCUEHION TO IDESOM cicrincatiatia ssueriietertatinlsaal ct ina cise secncececteaeceercasten tes desastessecnctcuseess 254 DCSCM COMMQUIALON e 254 DCSCM Configuration Task UStis ciccicecscctarecctccanecaeantnnaaenadeeanencannaceccanscaectinnteeceinnanercanedaeceie 254 DESEM Configuration Commands 2 1e rensretea ee rever Prae bera ros Ce reu abra e DE Ee ta poda erre du Re us ide 257 Typical DCSCM Instahce iun sunu e pun n RR RRX a yk ARR aAA RARERRARRRRISRARRRK INANE RR IRR LEESE SEEK 263 DCSCM Trou bleshOooOtilg aorta ert tu trao rona to repeto repos a cav sposa vae zz osa y ri iaia 264 DCSCM Monitoring and Debugging Commands eeeennnn nennen 264 DESCEM TrOUBDIESMOOUMG pese EET 267 802 1x Configuration 1 eeeee siena eene nan nan AOG TMCFOGUEHON TO BO IXan ENSAR NEEESE ETENEE ER ETE REEF ER ER FERRE sas 802 1x Authentication Architecture 802 1x Work Mechanism EAPOL Message Encapsulation EAP Attribute Encapsulation 802 1x Authentication Mode 802 1x Extension and Optimization VLAN Allocation Featill8s is 3e eatiesdtek rq er ene exp dcus e Coustessavceuts rcp exe de diui e ne pese Eeee Ed eue ne dues 902 1x ConfigulratlODi dune tenu a da cese eve cado De ru ded ck ra ed Pena dea dees ded ves 802 1x Configuration Task List 802 1x Config
42. disables the multicast vlan function of the VLAN multicast vlan association v an ist Associate a multicast VLAN with several no multicast vlan association v an ist VLANs The no format of the command deletes the related VLANs associated with the multicast VLAN 2 Configure IGMP Snooping Command Explanation Global Mode Maipu Confidential amp Proprietary Information Page 250 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ip igmp snooping vlan v an d Enable the IGMP Snooping function on the no ip igmp snooping vlan lt V an id gt multicast VLAN The no format of the command disables the IGMP Snooping on the multicast VLAN ip igmp snooping Enable the IGMP Snooping function The no no ip igmp snooping format of the command disables the IGMP snooping function Multicast VLAN Configuration Commands multicast vlan Command multicast vlan no multicast vlan Function Enable multicast VLAN function on a VLAN the no form of this command disables the multicast VLAN function Parameter None Command Mode VLAN Configuration Mode Default Multicast VLAN function is not enabled by default Usage guide The multicast VLAN function can not be enabled on Private VLAN To disable the multicast VLAN function of the VLAN configuration of VLANs associated with the multicast VLAN should be deleted Note that the default VLAN can not be configured with this command
43. ftprotocol vlan enable protocol vlan mode Command protocol vlan mode ethernetii etype etype id llc dsap lt dasp id gt ssap lt ssap id gt snap etype lt etype id gt vlan vlan id priority lt priority id gt no protocol vlan mode ethernetii etype lt etype id gt lllc dsap lt dasp id gt ssap lt ssap id gt snap etype lt etype id gt lall Maipu Confidential amp Proprietary Information Page 203 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Add the corresponding relation between the protocol and the VLAN namely specify the protocol to join specified VLAN The no form of this command deletes all the correspondence Parameter mode is the encapsulation type of the configuration which is ethernetii llc and snap the encapsulation type of the ethernetii is EthernetII etype id is the type of the packet protocol with a valid range of 1536465535 llc is LLC encapsulation format dsap id is the access point of the destination service the valid range is 0 255 ssap id is the access point of the source service with a valid range of 0 255 snap is SNAP encapsulation format etype id is the type of the packet protocol the valid range is 1536 65535 vlan id is the ID of VLAN the valid range is 1 4094 all indicates all the encapsulation protocols Command Mode Global configuration mode Default No protocol joined the VLAN by default Usage guide The command adds specified protocol into specifi
44. lt mem id gt On the commander switch this command is used to reset the member switch cluster update member lt mem id gt src url lt dst url ascii binary On the commander switch this command is used to remotely upgrade the member switch It can only upgrade nos img file Maipu Confidential amp Proprietary Information Page 135 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Cluster Configuration Commands cluster run Command cluster run no cluster run Function Enable cluster function the no cluster run command disables cluster function Parameter no Command mode Global Mode Default status Cluster function is disabled by default Usage guide This command enables cluster function Cluster function has to be enabled before implementing any other cluster commands The no cluster run disables cluster function Example Enable the cluster task on the local switch Switch Config cluster run cluster register timer Command cluster register timer time value no cluster register timer Function Set the interval of sending the cluster register packets The no format of the command is used to restore the default value Parameter The value range of timer value is 30 65535 and the unit is second Command mode Global mode Default status The default value is 60s Usage guide The command sets the interval of sending the cluster register packets
45. lt sIpAddr gt lt dIpAdar gt lt dMask gt any destination host destination lt dIpAddr gt precedence lt prec gt tos lt tos gt time range lt time range name gt Create a numbered extended IP access rule matching other specific IP protocol or all IP protocols if the access list exists create the access list no access list num Delete one numbered extended IP access list C Configure one named standard IP access list a Create one named standard IP access list Command Explanation Global Mode ip access list standard lt name gt no ip access list standard lt name gt Create a named standard IP access list the no ip access list standard lt name gt command deletes the named standard IP access list b Specify multiple permit or deny rules Command Explanation Configuration mode of the named standard IP access list no deny permit lt s pAddr gt lt sMask gt any source host source lt slpAdar gt Create one named standard IP access rule The no format of the command deletes the named standard IP access rule Maipu Confidential amp Proprietary Information Page 314 of 472 MyPower S3026G POE AC Switch User Manual V1 0 c Exit the configuration mode of the named standard IP access list Command Explanation Configuration mode of the named standard IP access list
46. lt seconds gt Configure the accounting realtime update no radius server accounting interim update interval timeout 802 1x Configuration Commands aaa enable Command aaa enable no aaa enable Function Enable the AAA authentication function on the switch the no AAA enable command disables the AAA authentication function Command mode Global configuration mode Parameter No Default AAA authentication is not enabled by default Usage guide The AAA authentication for the switch must be enabled first to enable IEEE 802 1x authentication for the switch Example Enable AAA function for the switch Switch Config aaa enable aaa accounting enable Command aaa accounting enable no aaa accounting enable Function Enable the AAA accounting function on the switch the no aaa accounting enable command disables the AAA accounting function Command mode Global configuration mode Default AAA accounting is not enabled by default Usage guide When accounting is enabled in the switch accounting is performed according to the traffic or online time for port the authenticated user is using The switch sends an accounting started message to the Maipu Confidential amp Proprietary Information Page 285 of 472 MyPower S3026G POE AC Switch User Manual V1 0 RADIUS accounting server on starting the accounting and an accounting packet for the online user to the RADIUS accounting server every five seconds
47. mask next hop address interface and so on Example Switch show ip route Codes C connected S static R RIP derived O OSPF derived A OSPF ASE B BGP derived D DVMRP derived Destination Mask Nexthop Interface Preference C 2 22 0 255 255 255 0 0 0 0 0 vlan2 0 Maipu Confidential amp Proprietary Information Page 458 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Displayed information Explanation C connected Direct connected route that is the segment directly connected to the L3 switch S static The static route configured by the user manually R RIP derived The RIP route got by the L3 switch via the RIP protocol O OSPF derived OSPF route got by the L3 switch via the OSPF protocol A OSPF ASE The OSPF route B BGP derived The BGP route got via the BGP protocol D DVMRP derived The DVMRP route got via the DVMRP protocol Destination The destination network Mask The mask of the destination network Nexthop The next hop IP address Interface The L3 switch interface passed by the next hop Preference The route priority if there are other kinds of route reaching the destination network only the information about the routes with the high priority is displayed in the core route table ARP Introduction to ARP ARP Address Resolution Protocol is mainly used to resolve IP address to Ethernet MAC addres
48. ration Cornmatids 2 2 22 carina annia aussi rues th uiia eonR kara Rae reda Red eana KK Rd 802 1x Application Inistarice iioc a ette rna neo none ma serus vaa sere ska anie guae voa sagas 802 1x TroubleshOOLlligsuuceudexuo seen nan aa terete e da Tn da Ced E TR CR TR E Sada 802 1x Debugging and Monitoring Commands eeeeeeeeeeee nennen 302 802 1x Troubleshooting unas ena rona sesinin upainia n anir cecvecenanesiccnsdeecedenanediecmnanedece 310 ACL Configuration eeeeeeee eene eene unn nan nana annes SLL Introduction grosse M 311 Daiccd o diiad 311 ACCeSS QrOUDiacssvecres ts rd e saan VrSEURGu FIER O FA FIBER EF ERA E coa er E NIRE VR DE TE d VERRE RE 311 Access list Action and Global Default ACtion o oan oit ruere 312 ACL Configuration canciones ees ACL Configuration Task List 22 52 ioca rine ine inno mno om iore a uaisa aiii ACL Configuration Commands Delle BUT ACL Troubleshooting necu cea ania thine ACL Debugging and Monitoring Commands 22222 cce ciui ara iau am au ckma aea mi Rara umi R ekun 340 ACL Troubleshooting 2 222 iion nane inui tton necu e ee kou tees Reap ek ehe uper uuu d 342 Maipu Confidential amp Proprietary Information Page 8 of 472 MyPower S3026G POE AC Switch User Manual V1 0 AM Configuration 1 eeeee eese ena ena seen seen seen aaisa
49. request MD5 retransmission times Example Change the maximum retransmission times for EAP request MD5 frames to 5 times Switch Config dot1x max req 5 dotix max user macbased Command dotix max user macbased number no dotlx max user macbased Function Set the maximum users allowed to be connected to the port the no dotix max user command restores the default setting Parameters number is the maximum users allowed the valid range is 1 to 256 Command mode Port configuration Mode Default The default maximum user allowed is 1 Usage guide This command is available for ports using MAC based access control management if the number of the authenticated MAC addresses exceeds the maximum number of allowed users the additional users cannot access the network Example Set Ethernet0 0 3 to allow 5 users Switch Config Ethernet0 0 3 stdotl x max user macbased 5 Maipu Confidential amp Proprietary Information Page 290 of 472 MyPower S3026G POE AC Switch User Manual V1 0 dotix max user userbased Command dotix max user userbased number no dotlx max user userbased Function Set the maximum number of users allowed to connect the specified port when using user based access control mode the no dotix max user userbased command is used to restore the default value Parameters number the maximum number of users allowed to access the network ranging from 1 to 256 Command mode Port Mode Def
50. the system prompts as follows ftp server ip address x x x x or hostname ftp username ftp password ftp filename It is required to input the address user name password and file name of the FTP server Example 1 Save images in the FLASH to the FTP server of 10 1 1 1 FTP server username is admin password is admin Switch copy nos img ftp admin admin 10 1 1 1 nos img 2 Obtain system file nos img from the FTP server 10 1 1 1 the username is admin and password is admin Switch copy ftp admin admin 10 1 1 1 nos img nos img 3 Savethe running configuration files Switch copy running config startup config Related command write dir lt ftp server url gt Command dir ftp server Function View the file list on the FTP server Maipu Confidential amp Proprietary Information Page 106 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter The form of lt ftp server url gt is ftp lt username gt lt password gt lt ipaddress gt amongst lt username gt is the FTP user name lt password gt is the FTP user password ipaddress is the IP address of the FTP server Command mode Global mode ftp server enable Command ftp server enable no ftp server enable Function Start FTP server the no ftp server enable command shuts down FTP server and prevents FTP user from logging in Default status FTP server is not started by default Command mode Global Mode Usag
51. to the left an entered command Right The cursor moves one character o to the right Ctrl p The same as Up key 1 Ctrl n The same as Down key Ctrl o The same as Left key Ctrl f The same as Right key gt Ctrl z Return to the Admin Mode directly from the other configuration modes except User Mode Ctrl c Break the ongoing command process such as ping or other command execution Tab When a string for a command or keyword is entered the Tab can be used to complete the command or keyword if there is no conflict Execute the command of the last directory For example execute the show command of the admin mode in config mode Switch Config show run Maipu Confidential amp Proprietary Information Page 47 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Execute the command of the last directory of the last directory For example execute the show command in the admin mode Switch Config Port Range show clock Help Function MyPower S3026G POE AC provides two ways for the user to get the help information the help command and the Access to Help Usage and function Help Under any command line prompt type help and you can get a brief description of the associated help system P Under any command line prompt input to get a command list of the current mode and related brief description
52. use ip igmp snooping vlan lt vlan id gt Make sure that one VLAN is configured as L2 general querier in the same segment or the static mrouter is configured Use the show ip igmp snooping vlan lt vid gt command to check whether the IGMP Snooping information is correct Maipu Confidential amp Proprietary Information Page 249 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Multicast VLAN Configuration Introduction to Multicast VLAN Based on current multicast order method when users in different VLANs order each VLAN copies a multicast flows in this VLAN which is a great waste of the bandwidth By configuring multicast VLAN we add the switch ports to the multicast VLAN After IGMP Snooping MLD Snooping is enabled users in different VLANs share the same multicast VLAN The multicast flow is transmitted only in a multicast VLAN so as to save the bandwidth As the multicast VLAN is absolutely separated from the user VLAN the security and bandwidth are ensured at the same time After the multicast VLAN is configured the multicast flow can be continuously sent to the users Multicast VLAN Configuration Multicast VLAN Configuration Task List 1 Enable multicast VLAN function 2 Configure IGMP Snooping 1 Enable multicast VLAN function Command Explanation VLAN configuration mode multicast vlan Configure a VLAN and enable the multicast no multicast vlan VLAN on it The no format of the command
53. 1 2 9 am mac ip pool Command am mac ip pool mac address ip address no am mac ip pool mac address ip address Function Create one MAC IP address binding to be put in the address pool or delete one configured MAC IP address binding in the address pool The MAC address corresponds to one IP address one by one Parameter mac address is the source MAC address in the format of HH HH HH HH HH HH lt ip address is the source IP address which is a 32 bit binary number represented in four separated decimal numbers Command Mode Port Mode Default MAC IP address pool is empty Usage guide The command is used by the user to configure the contents of the MAC IP address pool permitting the corresponding source MAC IP packets on the corresponding interface to pass Example Enable AM and permit the users with source IP as 192 1 1 2 and source MAC as 00 01 10 22 33 10 on interface 4 to pass Switch Config am enable Switch Config interface Ethernet 0 0 4 Switch Config Ethernet0 0 4 am port Switch Config Ethernet0 0 4 am mac ip pool 00 01 10 22 33 10 192 1 1 2 Maipu Confidential amp Proprietary Information Page 347 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no am all Command no am all ip poollmac ip pool Function Delete all MAC IP address pools or IP address pools configured by the user Parameters ip pool is the IP address pool mac ip pool is the MAC IP address pool all means all
54. 10 of the switch connects to 10 0 0 0 24 segment ftp is not desired for the user Configuration change 1 Create a proper ACL 2 Configuring packet filtering function 3 Bind ACL to the port Maipu Confidential amp Proprietary Information Page 337 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The configuration steps are listed below Switch Config access list 110 deny tcp 10 0 0 0 0 0 0 255 any destination d port 21 Switch Config firewall enable Switch Config firewall default permit Switch Config interface ethernet 0 0 10 Switch Config Ethernet0 0 10 ip access group 110 in Switch Config Ethernet0 0 10 exit Switch Config exit Configuration result Switch show firewall Firewall is enabled Firewall default rule is to permit any packet Switch show access lists access list 110 used 1 time s access list 110 deny tcp 10 0 0 0 0 0 0 255 any destination d port 21 Switch show access group interface ethernet 0 0 10 interface name Ethernet0 0 10 the ingress acl use in firewall is 110 Scenario 2 The user has the following configuration requirement The port 10 of the switch cannot forward all 802 3 packets with 00 12 11 23 xx xx as the source MAC address Configuration description 1 Create the corresponding MAC ACL 2 Configure packet filtering 3 Bind ACL to port The configuration steps are listed as below Switch Config access list 1100 deny 00 12 11 23 00 00 00 00 00 00 ff ff any destination m
55. 5 Switch 6 Switch 7 Sep See mom NOU EE E Em M E BE Personal Personal Personal Personal Personal Personal Computer Computer Computer Computer Computer Computer Cluster network management instance As shown in the above figure N switches are connected to seven hosts One is the command switch connected to the network workstation Configuration steps switchl the other switches are the same Switch1 config cluster run Switch1 config cluster register timer 90 Commander switch Switch config cluster run Swich config cluster ip pool 192 168 1 64 Switch config cluster commander master vlan 1 Switch config cluster auto add enable Switch config cluster member mac address 00 03 0f 23 16 28 id 16 password 1234567 Switch config exit Switch rcommand member 16 Maipu Confidential amp Proprietary Information Page 143 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Cluster Troubleshooting Cluster Monitoring and Debugging Commands show cluster Command show cluster Function Display the cluster information Parameter none Default status none Command mode Admin Mode Usage guide The command switch member switch and candidate switch do not process this Example Display the cluster information on the command switch Switch show cluster Command switch for cluster admin Total number of members 4 Status O Inactive Time since last status change 2 hours 34 minutes 25 seconds Heartbeat
56. AC Switch User Manual V1 0 Enable the output channel of the user logging monitor terminal The no format of the command no logging monitor disables the output of the user terminal output channel 4 Set the output channel of the log buffer Command Description Global mode Enable the output channel of the log buffer The no format of the command disables the output of the log buffer output channel logging buffered buffersize gt no logging buffered Display detailed information of the channel of show logging buffered buffersize gt the log buffer clear logging Clear the information in the log buffer 5 Set the output channel of the log host Command Description Global mode Enable the output channel of the log host The no format of the command disables the output of the log host output channel logging lt p addr gt facility lt oca number gt no logging lt p addr gt 6 Display the information of the log channel Command Description Admin mode Py eh nnel console monitor logbuff Display the information of the log channel 7 Set the filter items of the log output channel Command Description Global mode logging source anti_attack default m_shell sys_event channel console logbuff loghost monitor level Add filter items to the output channel of the as TT n log critical debu
57. CST root The IST master is also the IST Root if there is only one domain within the network If the CST root is outside the domain one bridge of the domain edge is selected as CIST Regional Root The root port on the CIST Regional Root in the domain is Master Port of all MSTIs in the domain When an MSTP bridge initializes it sends BPDUs claiming itself as CIST Regional Root with both of the path codes to CIST Root and CIST Regional Root set to zero The bridge also initializes all MSTIs and claims to be the root for all of them If the bridge receives superior CIST MSTI root information lower path cost BridgeId and so forth it relinquishes itself as CIST or MSTI root Within a domain only IST sends and receives BPDUs Because the MST BPDU carries the information for all instances the number of BPDUs that need to be processed by a switch to support multiple spanning tree instances is significantly reduced All instances in the MST domain share the same protocol timers but each MST instance has its own topology parameters such as Regional Root root path cost and so forth Maipu Confidential amp Proprietary Information Page 208 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Operations between MST Domains If there are multiple MST domains or 802 1D bridges within the network MSTP maintains the connection between domains or between the domain and the 802 1D bridge via CST IST connects the bridges in the domain toge
58. Cancel Browse Run the HTTP protocol Step 3 Access the switch via web Log in to the Web configuration interface Valid login name and password are required Otherwise the switch rejects HTTP access This is a method to protect the switch from unauthorized access As a result when web is enabled for configuring and managing the switch username and password for authorized Telnet users must be configured via the command web user lt user gt password 0 7 lt password gt Assume an authorized user in the switch has a username of admin and password of admin the configuration procedure is as follows Switch gt en Switch config Switch Config web user admin password 0 admin The login interface of web configuration is as follows Maipu Confidential amp Proprietary Information Page 41 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MAIPU 530266 POK Copyright C 2008 Naipu Sichuan Communication Technology Co Ltd http wmnu maipu com Web Login Interface of MyPower S3026G POE AC Input the right username and password and then the main Web configuration interface is shown as below Ut MAME Copyright C 2008 Naipu Sichuan Communication Technology Co Ltd C SRE P Pomme hitoz evs maine com 400 886 8669 O Wine ESNT Main web configuration interface of MyPower S3026G POE AC Manage Switch via LinkManager To manage the switch via LinkManager the following conditions
59. Command ip multicast destination control access group lt 6000 7999 gt no ip multicast destination control access group 6000 7999 Function Configure multicast destination control access list used on interface the no form of the command deletes the configuration Parameter 6000 7999 destination control access list number Default status None Command Mode Interface Configuration Mode Usage guide The command works when the global multicast destination control is enabled after configuring the command if IGMP SPOOPING is enabled for adding the interface to multicast group match by the configured access list such as matching permit the interface can be added otherwise the port cannot be added Each port can only use one destination control access list number You can directly configure new destination control access list to cover the existing destination control access list number Example Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 ip multicast destination control access group 6000 ip multicast destination control access group vmac Command ip multicast destination control lt 1 4094 gt macaddr access group lt 6000 7999 gt no ip multicast destination control lt 4094 gt lt macaddr gt access group lt 6000 7999 gt Function Configure multicast destination control access list used on specified vlan mac the no form of the command deletes this configuration Maipu Confi
60. DSCP values of those packets to new DSCP values When policed dscp is referenced it cannot be modified Example Set the CoS to DSCP mapping value from the default O 8 16 24 32 40 48 56t001234567 Switch config mls qos map cos dscp 01234567 Maipu Confidential amp Proprietary Information Page 445 of 472 MyPower S3026G POE AC Switch User Manual V1 0 QoS Instances Example 1 Enable the QoS function the default weight of the egress queue is 1 2 4 8 set the port ethernet 0 0 1 as trust CoS mode and set the default QoS value of the port as 5 The configuration steps are listed below Switch 7t config Switch config mls qos Switch config interface ethernet 0 0 1 Switch config Ethernet0 0 1 mls qos trust cos Switch config Ethernet0 0 1 mls qos cos 5 Configuration result When QoS is enabled in Global Mode the egress bandwidth proportion is 1 2 4 8 When the packets from ethernet 0 0 1 have the CoS value the CoS value 0 to 7 correspond to egress queue 1 1 2 2 3 3 4 4 respectively according to the mapping of COS value to the egress queue and the packets are put into the queues with different priorities If the packet has no CoS value it is set as 5 and is put in queue 3 Example 2 On port ethernet0 0 2 set the bandwidth for the packets from segment 192 168 1 0 as 10 Mb s with a burst value of 4 MB and all packets that exceed this bandwidth setting are dropped The configuration steps are listed belo
61. Ethernet0 0 10 untrust Ethernet0 0 11 trust Ethernet0 0 12 untrust Ethernet0 0 13 untrust Ethernet0 0 14 untrust Ethernet0 0 15 untrust Ethernet0 0 16 untrust Ethernet0 0 17 untrust Ethernet0 0 18 untrust Ethernet0 0 19 untrust Ethernet0 0 20 untrust Ethernet0 0 21 untrust Ethernet0 0 22 untrust Ethernet0 0 23 untrust Ethernet0 0 24 untrust Ethernet0 0 25 untrust Ethernet0 0 26 untrust Ethernet0 0 27 untrust Ethernet0 0 28 untrust ZZZZZZZZZZZZZZZZZ ZZZZZZK ZZZ c cOOcOoOcococococococococoooooo oocoooc Prohibited IP IP shutTime seconds Maipu Confidential amp Proprietary Information Page 412 of 472 MyPower S3026G POE AC Switch User Manual V1 0 1 1 1 2 132 Trust IP 192 168 99 5 255 255 255 255 192 168 99 6 255 255 255 255 192 168 99 7 255 255 0 0 debug anti arpscan portlip Command debug anti arpscan port ip no debug anti arpscan portlip Function Enable the debug switch of Anti ARPscan no debug anti arpscan port ip command disables the switch Parameters None Default Disable the debug switch of anti ARPscan Command Mode Admin Mode Usage guide After enabling debug switch of Anti ARPscan output the status change of the debug information including a port is closed by Anti ARPscan or recovered automatically and IP t is closed or recovered Example Enable the debug function for Anti ARPscan of the switch Swit
62. Example Assume the IP addresses of the SNTP NTP servers are 10 1 1 1 and 20 1 1 1 respectively and SNTP NTP server function such as NTP master is enabled and then configurations for any switch are as follows Switch config Switch config sntp server 10 1 1 1 Switch config sntp server 20 1 1 1 And then SNTP synchronizes time with the server according to the default setting polltime 64s version 1 Maipu Confidential amp Proprietary Information Page 427 of 472 MyPower S3026G POE AC Switch User Manual V1 0 QoS Configuration Introduction to QoS QoS Quality of Service means that one network can use various technologies to provide better services for selected network communication QoS is a guarantee for service quality of stable and predictable data transmission service to fulfill program requirements QoS cannot generate new bandwidth but provides more effective bandwidth management according to the application requirement and network management setting QoS Terms CoS Class of Service the classification information carried by L2 802 1Q frames taking 3 bits of the Tag field in frame header is called user priority in the range of 0 to 7 Layer 2 802 1Q P Frame Preamble Startframe pa sa PT Data FCS delimiter 3 bits used for CoS user priority CoS priority ToS Type of Service a one byte field carried in L3 IPv4 packet header to symbolize the service type of IP packets Among ToS field c
63. Getting an IP address through DHCP Switch Config interface vlan 1 Switch Config If Vlan1 ip bootp client enable Switch Config If Vlan1 no shutdown Switch Config If Vlan 1 exit Switch Config Related command ip address ip dhcp client enable ip dhcp client enable Command ip dhcp client enable no ip dhcp client enable Function Enable the switch to be a DHCP client and obtain IP address and gateway address through DHCP negotiation the no ip dhcp client enable command disables the DHCP client function and releases the IP address and gateway address obtained in DHCP Default status The DHCP client function is disabled by default Command mode VLAN Interface Mode Usage guide Obtaining IP address by DHCP Manual configuration and BootP are mutually exclusive enabling any 2 methods for obtaining an IP address is not allowed To get the IP address there should be DHCP Server on the network Besides if the cluster network management function is enable in VLAN and the switch enters the cluster the BootP Client function cannot be enabled on the L3 interface of the VLAN Example Getting an IP address through DHCP Switch Config interface vlan 1 Switch Config If Vlan1 ip dhcp client enable Switch Config If Vlan1 no shutdown Switch Config If Vlan 1 exit Switch Config Related command ip address ip bootp client enable Maipu Confidential amp Proprietary Information Page 82 of 472 MyPower S3026G POE AC Swi
64. IMpPleMeNtAtiOn PR M 429 Basic QOS MOG scsi usd n 430 QOS COMMGUPALOR p 433 QoS Configuration Task List uae uoa urna to tinae iina oe ita cae suae a cnni inaia Re KE Ira DRE rRdR 433 QoS Configuration Commands cciueueu ana naar pesa tea ier esa pee tue rada tere shd rapax a En aaaeei sisia ienasi 436 QOS INStANGCES 446 QoS Tro bleshootlrq iix Ex EE Rex Dx exelente cd cud dE FU XE LEE ILE cerrcer errr rere rr rrrret terre 448 QoS Debugging and Monitoring Commands 22er einm tiran iaeiiai 448 QOS Troubleshooting cnr rna enn rra rna perro pursue Pes eo ERR ERR Y RIP SEDE ERR eR iasi ERR 453 L3 Configuration ense seen sienne senes nu nna ADA Maipu Confidential amp Proprietary Information Page 10 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Messias I 454 Introduction to L3 dip yr Toa 454 L3 Interface ConfigubatiOli 2 22 23 2 2 2 ner Eae RR ER a naaa ea E a IR HERE TER ESIa aR EAKATE OERS TapE ETRE 454 ARP m 459 TmtrOduction tO ARP 459 ARP Configuratio sii cctce see ccewsceececnenes cease anececcecenteecdcnnceecesendeeceantacccedetseedecntdee cess deetecmnsnedact 459 POE Configuration cccceeseeeeeeeeeeeeeeneeeueeeueeeeueeeaeseeesegeseageeageeaase
65. IP address pools or MAC address pools Command Mode Global configuration mode Defaul status none Usage guide The command is used by the user to clear all configured addresses in the MAC IP address pool or IP address pool Example Delete all configured IP addresses Switch Config no am all mac ip pool AM Instances Instance 1 The user has the following configuration requirements Port 1 of the switch is connected to segment 10 1 1 0 8 and the administrator hopes the users with IP addressesO 1 1 1 10 1 1 8 8 to access Internet Configuration change 1 Enable the AM function 2 Configure IP address pool Configuration steps Switch Config am enable Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 am port Switch Config Ethernet0 0 1 am ip pool 10 1 1 1 8 Switch Config Ethernet0 0 1 exit Switch Config exit Configuration result Switch show am Global AM is enabled Interface Ethernet0 0 1 am is enable Interface Ethernet0 0 1 am ip pool 10 1 1 1 8 User config Maipu Confidential amp Proprietary Information Page 348 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Instance 2 The user has the following configuration requirement Port 10 of the switch is connected to 100 1 1 0 8 segment the administrator hopes the user MAC IP binding as user 1 100 1 1 1 00 00 00 00 01 12 and user 2 100 1 1 2 00 00 00 00 00 13 Configuration change 1 Enable the AM function 2 Configure MAC
66. Input a after the command keyword with a embedded space If the position should be a parameter the description of the parameter type scope etc is output if the position should be a keyword a set of keywords and the brief description are listed if the output is lt cr gt the command is complete and press Enter to run the command If a immediately follows a string all the commands that begin with the string are displayed Input Verification 1 Success Returned Information All commands entered via keyboards undergo syntax check by the Shell Nothing is returned if the user enters a correct command under corresponding modes and the execution is successful 2 Error Returned Information Output Error Information Reason Unrecognized command or illegal The entered command does not exist or there is parameter error in parameter scope type or format Ambiguous command At least two interpretations are possible based on the current input Invalid command or parameter The command is recognized but no valid parameter record is found This command is not exist in current The command is recognized but this command can mode not be used under current mode Please configurate precursor command The command is recognized but the prerequisite at frist command has not been configured syntax error missing before the Quotation marks are not used in pairs end of command line
67. MyPower S3026G POE AC Switch User Manual V1 0 Command tftp server retransmission number number Function Set the retransmission time for TFTP server Parameter number is the re transmission times and the valid range is 1 to 20 Default status The default value is 5 Command mode Global Mode Example Modify the retransmission times to 10 Switch config Switch Config tftp server retransmission number 10 tftp server transmission timeout Command tftp server transmission timeout lt seconds gt Function Set the transmission timeout value for TFTP server Parameter lt seconds gt is the timeout value the valid range is 5 to 3600s Default status The default timeout setting is 600 seconds Command mode Global Mode Example Modify the timeout value to 60 seconds Switch config Switch Config tftp server transmission timeout 60 FTP TFTP Configuration Instance Scenario 1 MyPower S3026G POE AC is used as FTP TFTP client The switch is connected to a PC via Ethernet port The PC is a FTP TFTP server with an IP address of 10 1 1 1 the switch acts as a FTP TFTP client the IP address of the switch VLAN1 interface is 10 1 1 2 Download nos img file in the computer to the switch Maipu Confidential amp Proprietary Information Page 110 of 472 MyPower S3026G POE AC Switch User Manual V1 0 10 1 1 2 10 1 1 1 Download nos img file as FTP TFTP client FTP Configuration PC configuration
68. PAE of the authenticator system and adopt the messages containing RAP Password Authentication Protocol or CHAP Challenge Handshake Authentication Protocol attributes to do the authentication interaction with the RADIUS server c When the user passes the authentication the authentication server system sends the relative information of the user to authenticator system and the PAE of the authenticator system decides the authenticated unauthenticated status of the controlled port according to the authentication result of the RADIUS server EAPOL Message Encapsulation 1 The Format of EAPOL Packet EAPOL is a kind of message encapsulation format defined in 802 1x protocol and is mainly used to transmit EAP messages between the supplicant system and the authenticator system in order to allow the transmission of EAP messages through the LAN In IEEE 802 Ethernet LAN environment the format of EAPOL packet is illustrated in the next figure The beginning of the EAPOL packet is the Type Length domain of the MAC frames Maipu Confidential amp Proprietary Information Page 271 of 472 MyPower S3026G POE AC Switch User Manual V1 0 PAE Ethernet Type 2 Protocol Version 4 Length 6 Packet Body The Format of EAPOL Packet PAE Ethernet Type Represents the type of the protocol whose value is 0x888E Protocol Version Represents the version of the protocol supported by the sender of EAPOL data packets Type represents the type of
69. Page 430 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Classification process Policing and remark Each packet in classified ingress traffic is assigned an internal DSCP value and can be policed and remarked Policing can be performed based on DSCP value to configure different policies that allocate bandwidth to classified traffic If the traffic exceeds the bandwidth set in the policy out of profile the out of profile traffic can be allowed discarded or remalred Remakring is to use one new DSCP value with a lower priority to replace the original DSCP value with higher priority in the packet which is called Marlking Down The following flowchart describes the operations during policing and remarking Maipu Confidential amp Proprietary Information Page 431 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Read packet DSCP value Matching policmg policy for this DSCP value Yos Check poling policy is traffic m profile Check process for out of profile traffic Remark packet DSCP according to polied DSCP mappmg Policing process Queuing and scheduling Packets at the egress re map the internal DSCP value to CoS value and the queuing operation assigns packets to appropriate queues of priority according to the CoS value while the scheduling operation performs packet forwarding according to the prioritized queue weight The following flowchart describes the operations during queu
70. Server Dead 0 Socket No 0 accounting server 1 sock_addr 2 172 16 1 100 1813 Is Primary 0 Js Server Dead 0 Socket No 0 Time Out 3 Retransmit 3 Dead Time 5 Intrim Update Accounting Interval 300 Displayed Content Is Aaa Enabled Whether the AAA authentication function is enabled 1 means enabled 0 means disabled Is Account Enabled Whether the accounting function is enabled 1 means enabled 0 means disabled authentication server X sock_addr The authentication server and the IP Is Primary address UDP port number whether it is Is Server Dead the Primary server whether it is down and Socket No the Socket number accounting server X sock addr The accounting server and the IP address Is Primary UDP port number whether it is the Primary Is Server Dead server whether it is down and the Socket Socket No number The re transmission times of the RADIUS server authentication packets server is down Intrim Update Accounting Interval The accounting interval show aaa authenticated user Command show aaa authenticated user Function Displays the authenticated online users Command mode Admin Mode Maipu Confidential amp Proprietary Information Page 303 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide Usually the administrator concerns only the information about the online user the other information displayed is used for troubleshooting by technical support Example
71. Switch Testing RAM 0x00400000 RAM OK Initializing OK Checking ECC of MiniBootRom OK Safe Block Write restoring OK Booting IMG from FLASH OK Checking ECC of IMG OK Starting at 0x 10000 Current time is MON JAN 01 00 00 00 2001 S3026G POE Series Switch Operating System SoftWare Version 3026G POE_1 6 113 0 Copyright C 2008 Maipu Sichuan Communication Technology Co Ltd http www maipu com 28 Ethernet IEEE 802 3 interface s Switch gt The user can now enter commands to manage the switch For details please refer to the following chapters In band Management In band management refers to the management by loging to the switch via Telnet or HTTP or SNMP management software to configure the switch In band management enables the management of the switch for some devices attached to the switch In the case when in band management fails due to switch configuration changes outband management can be used for configuring and managing the switch Manage Switch via Telnet To manage the switch with Telnet the following conditions should be met 1 The switch has an IP address configured 2 The host IP address Telnet client and the switch s VLAN interface IP address are in the same network segment 3 If item 2 is not met Telnet client can connect to an IP address of the switch via other devices such as a router Maipu Confidential amp Proprietary Information Page 37 of 472 MyPower S3026G POE AC
72. TLS TLS certificate ertificate_verify TLS change cipher spec TLSI S client key exchange TLS certificate veri finished TLS change cipher spec 7LS finished RADIUS Access Challenge EAP Response EAP TLS EAP Response EAP TLS TLS change cp er spec TLS change cip er spec TLS finished TLS finished RADIUS Access Request EAP Response EAP TLS EAP Response EAP TLS RADIUS Access Accept EAP Success EAP Success The authentication flow of 802 1x EAP TLS 3 EAP TTLS Authentication Method EAP TTLS is a product of the cooperation of Funk Software and Certicom It can provide an authentication as strong as that provided by EAP TLS but without requiring users to have their own digital certificate The only request is that the Radius server should have a digital certificate The authentication of users identity is implemented with passwords transmitted in a safely encrypted tunnel established via the certificate of the authentication server Any kind of authentication request including EAP PAP and MS CHAPV2 can be transmitted within TTLS tunnels 4 PEAP Authentication Method Maipu Confidential amp Proprietary Information Page 277 of 472 MyPower S3026G POE AC Switch User Manual V1 0 EAP PEAP is brought up by Cisco Microsoft and RAS Security as a recommended open standard It has long been utilized in products and provides very good security Its design of protocol and security is similar to that of EAP TTLS using a ser
73. The defense action of HCP Snooping also can be recorded as the system abnormal information You can use the command to view Command mode admin mode Example Display the log information Switch show logging lastFailureInfo DHCP Snooping Troubleshooting If there is any problem when using DHCP Snooping function please check whether the problem is caused by the following reasons Check that whether the global DHCP Snooping is enabled e If the port does not take any action for the invalid DHCP Sever packet check whether the port is set as the un trusted packet of DHCP Snooping debug ip dhcp snooping packet interface Command debug ip dhcp snooping packet interface ifName no debug ip dhcp snooping packet lt ifName gt Function This command is used to enable the DHCP SNOOPING debug to debug the information about DHCP SNOOPING receiving packets Command Mode Admin Mode Usage guide DHCP snooping receives packets from specific ports Example switch debug ip dhcp snooping packet interface ethernet 0 0 1 Ethernet0 0 1 0 packet all debug is on Maipu Confidential amp Proprietary Information Page 398 of 472 MyPower S3026G POE AC Switch User Manual V1 0 debug ip dhcp snooping packet Command debug ip dhcp snooping packet no debug ip dhcp snooping packet Function This command is used to enable the DHCP SNOOPING debug switch to debug the flow of DHCP SNOOPING processing packets Command Mode Admin Mode
74. The parameters should meet the following conditions Otherwise the MSTP may work incorrectly 2 x Bridge Forward Delay 1 0 seconds gt Bridge Max Age Bridge_Max_Age gt 2 x Bridge Hello Time 1 0 seconds Example In global mode set max age time to 25 seconds Switch Config spanning tree maxage 25 spanning tree max hop Command spanning tree max hop lt hop count gt no spanning tree max hop Function Set maximum hops of BPDU in the MSTP domain the command no spanning tree max hop restores the default setting Parameter lt hop count gt sets maximum hops The valid range is from 1 to 40 Command mode Global configuration mode Default The max hop is 20 by default Usage guide The MSTP uses max age to count BPDU lifetime In addition MSTP also uses max hop to count BPDU lifetime The max hop is Maipu Confidential amp Proprietary Information Page 217 of 472 MyPower S3026G POE AC Switch User Manual V1 0 descending in the network The BPDU has the max value when it initiates from MSTI root bridge Once the BPDU is received the value of the max hop is reduced by 1 When a port receives the BPDU with max hop of O it drops this BPDU and sets the port as designated port to send the BPDU Example Set max hop to 32 Switch Config spanning tree max hop 32 spanning tree mcheck Command spanning tree mcheck Function Force the port to run in the MSTP mode Command mode Port configuration mode Defa
75. Usage guide The command works only under global multicast destination control enabled after configuring the command if IGMP SPOOPING or IGMP is enabled for adding the members to multicast group if the source IP address of transmitted igmp report is configured with multicast destination control match by the configured access list such as matching permit the interface can be added otherwise do not be added Example Maipu Confidential amp Proprietary Information Page 261 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config ip multicast destination control 10 1 1 0 255 255 255 0 access group 6000 ip multicast destination control Command ip multicast destination control no ip multicast destination control Function Configure to globally enable multicast destination control The no operation of this command is to recover and disable the multicast destination control globally Parameter None Default status Disabled Command Mode Global Configuration Mode Usage guide Only after globally enabling the multicast destination control the other destination control configuration can take effect The destination access list can be applied to ports VLAN MAC and SIP After configuring this command IGMP SNOOPING matches according to the rules mentioned above when they try to add ports after receiving IGMP REPORT Example Switch Config ip multicast destination control ip multicast policy Command i
76. User Manual V1 0 Command mode Port Mode Default The 802 1x guest vlan function is not configured on the port User Guide The access device adds the port into Guest VLAN if there is no supplicant getting authenticated successfully in a certain stretch of time because of lacking private authentication supplicant system or the version of the supplicant system being too low In Guest VLAN users can get 802 1x supplicant system software update supplicant system or update some other applications such as anti virus software the patches of operating system When a user of a port within Guest VLAN starts an authentication the port remains in Guest VLAN in the case of a failed authentication If the authentication finishes successfully there are two possible results The authentication server assigns an Auto VLAN causing the port to leave Guest VLAN to join the assigned Auto VLAN After the user gets offline the port is allocated back into the specified Guest VLAN The authentication server assigns an Auto VLAN then the port leaves Guest VLAN and joins the specified VLAN When the user becomes offline the port is allocated to the specified Guest VLAN again Attention There can be different Guest VLAN set on different ports while only one Guest VLAN is allowed on one port Only when the access control mode is portbased the Guest VLAN can take effect If the access control mode of the port is macbased or userbased the Guest VLAN ca
77. V1 0 Parameters days is number of days ranging from O to 365 hours is number of hours from 0 to 23 minutes is number of minutes from 0 to 59 infinite means perpetual use Default The default lease duration is 1 day Command Mode DHCP Address Pool Mode Usage guide DHCP is the protocol to assign network addresses dynamically instead of permanently so the lease duration is limited Lease setting depends on network conditions too long lease duration offsets the flexibility of DHCP while too short duration results in increased network traffic and overhead Example Setting the lease of DHCP pool 1 to 3 days 12 hours and 30 minutes Switch dhcp 1 config lease 3 12 30 netbios name server Command netbios name server lt address1 gt lt address2 gt lt address8 gt no netbios name server Function Configure the address of the WINS servers the no netbios name server command deletes the WINS server Parameters lt addressi gt lt address8 gt are IP addresses in dotted decimal format Default No WINS server is configured by default Command Mode DHCP Address Pool Mode Usage guide This command is used to specify WINS server for the client up to 8 WINS server addresses can be configured The WINS server address assigned first has the highest priority Therefore address 1 has the highest priority and address 2 the second and so on netbios node type Command netbios node type b n
78. VLAN Parameter vlan id is the VID for the VLAN to be added the current port valid range is 1 to 4094 Command mode Port configuration mode Default All ports belong to VLAN1 by default Usage guide Only ports in Access mode can join specified VLANs and an Access port can only join one VLAN at a time Example Add some Access port to VLAN100 Switch Config interface ethernet 0 0 8 Switch Config ethernet0 0 8 switchport mode access Switch Config ethernet0 0 8 switchport access vlan 100 Switch Config ethernet0 0 8 exit switchport interface Command switchport interface lt jnterface list gt no switchport interface lt interface list gt Function Assign Ethernet ports to VLAN the no switchport interface ethernet portchannel interface name interface list command deletes one or one set of ports from the specified VLAN Maipu Confidential amp Proprietary Information Page 190 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter ethernet is the Ethernet port to be added or deleted and are supported such as ethernet 0 0 1 2 5 or ethernet 0 0 1 6 8 Command mode VLAN Mode Default A newly created VLAN contains no port by default Usage guide Access ports are normal ports and can join a VLAN but a port can only join one VLAN for a time Example Assign 100M Ethernet port 1 3 4 7 8 for VLAN100 Switch Config Vlan100 switchport interface ethernet 0 0 1 3 4 7 8 swi
79. a fiber cable port or a copper cable port can be active at the same time When a fiber port is at active state all operations to combo ports are shown on the fiber port the cable port is shielded and combo port is used as a fiber port The similar condition when cable port is at active state It should be noted that the speed duplex set is accepted by copper cable port whether currently active port is fiber or copper cable port the fiber port is affected by the speed duplex setting For the determination of the active port in a combo port refer to the table below The headline row in the table indicates the work mode of the combo port while the first column indicates the connection conditions of the combo port in which connected refers to a correct connection of fiber cable port or copper cable port to the other devices Copper Copper SFP forced preferred SFP forced preferred Fiber connected copper Copper cable Fiber cable Fiber cable Fiber cable not connected port port port port Copper connected fiber Copper cable Copper cable Fiber cable Copper cable not connected port port port port Both fiber and copper are Copper cable Copper cable connected port port Fiber cable Fiber cable port port Neither fiber nor copper Copper cable Fiber cable are connected port port Fiber cable Fiber cable port port Maipu Confidential amp Proprietary Information Note 1 If a combo port connects t
80. amp Proprietary Information Page 34 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Connection Description uy New Connection Enter a name and choose an icon for the connection Name SwitcH Icon Open HyperTerminal In the Connect using drop list select the RS 232 serial port used by the PC such as COMI and click OK ixi S Switch Enter details for the phone number that you want to dial Country region China 85 K Area code 10 Opening HyperTerminal COM1 property appears select 9600 for Baud rate 8 for Data bits none for Parity checksum 1 for stop bit and none for traffic control or you can also click Restore default and click OK Maipu Confidential amp Proprietary Information Page 35 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Comt Properties TES Pott Settings te en Open HyperTerminal The configuration interface of the Hyper Terminal sw 28255 SAS SAD Sem THO 20 sw Oils e scies ce SHITCH SHITCH Seno Sse omes fal 095 we HO Open HyperTerminal Step 3 Enter switch CLI interface Maipu Confidential amp Proprietary Information Page 36 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Power on the switch the following prompt appears on the configuration interface of HyperTerminal that is enter the CLI configuration mode for
81. and send it to the peer end after configuring the digest snooping command on the port and receiving the packet from the peer end spanning tree digest snooping no spanning tree digest snooping 8 Configure the FLUSH mode once MSTP topology changes Command Explanation Global Mode Set the FLUSH mode when transmitting the topology change message The protocol requires FLUSH every time the topology changes but in the actual environment the too frequent refresh may cause the unstable traffic so it is permitted to set the different processing mode according to the actual environment Disable don t refresh when the topology changes Protect refresh no more than one time every ten seconds so as to avoid the too frequent refresh caused by the tolopogy change attack The global configuration takes effeect on all the ports that are not configured seperately The no format of the command restores the default enable mode that is refresh once the topology changes spanning tree tcflush enable spanning tree tcflush disable spanning tree tcflush protect no spanning tree tcflush Port mode Configure the refresh mode of the port The spanning tree tcflush enable port configured with the refresh mode does spanning tree tcflush disable not affect the global mode The no format of spanning tree tcflush protect the command is used to cancel the no spanning tree tcflush configured refresh mode on the port
82. any source 4 destination lt destination wildcard gt host destination lt destination host ip gt any destination no access list lt 5000 5099 gt deny permit ip lt source gt lt source wildcard gt host source lt source host ip gt any source lt destination gt lt destination wildcard gt host destination lt destination host ip gt any destination Function Configure source control multicast access list the no form of the command deletes the access list Parameter lt 5000 5099 gt source control access list number deny permit deny or permit lt source gt multicast source address lt source wildcard gt multicast source address wildcard character lt source host ip gt multicast source host address lt destination gt multicast destination address lt destination wildcard gt multicast destination address wildcard character lt destination host ip gt multicast destination host address Default status None Command Mode Global Configuration Mode Maipu Confidential amp Proprietary Information Page 257 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide ACL of Multicast source control table entry is controlled by specified ACL number from 5000 to 5099 The command is used to configure this ACL ACL of Multicast source control only needs to configure source IP address and destination IP address controlled group IP address the configuration mode is basically the
83. any source host source lt sIpAddr gt no access list lt num gt Function Create a numeric standard IP access list If this access list exists add one rule entry the no access list lt num gt operation of this command is to delete a numeric standard IP access list Parameters lt num gt is the No of access list 1 99 lt sIpAddr gt is the source IP address and the format is dotted decimal notation lt sMask gt is the reverse mask of source IP the format is dotted decimal notation Command Mode Global configuration mode Default No access list is configured Usage guide When the user assign specific num for the first time ACL of the serial number is created and the lists are added into this ACL Example Create a numeric standard IP access list whose serial No is 20 and permit date packets with source address of 10 1 1 0 24 to pass and deny other packets with source address of 10 1 1 0 16 Switch Config access list 20 permit 10 1 1 0 0 0 0 255 Switch Config access list 20 deny 10 1 1 0 0 0 255 255 firewall Command firewall enable disable Function Enable or disable firewall Parameters enable means to enable of firewall disable means to disable firewall Default The firewall is disabled Command Mode Global configuration mode Usage guide Whether enabling or disabling firewall access rules can be configured But only when the firewall is enabled the rules can be used in specific orienta
84. au na au nu au naa nu uu 344 Mylesors D europe sia 344 Pire E 344 AM COMMGUPATION ROMPE TT 344 AM Configuration Task List 425 22 iura nue iu eu na tue ce ate eran nete imaa ararnar s imaa re RR ud 344 AM Configuration COMMMANGS sic scusa eoe cikui cua uino eet uiia Pa E HERE CU uiai EP Urea ER MEA i 345 AM INSt NCES EMM 348 AM Troubleshooting du ueniunt E eo ce ur de a uno Loa METRE IR RENE UE N AR aS 349 AM Debt gging and Monitoring COMIMMANGS ss 5 5 noo in Srt iaaa ae pen aiina iaaa ATEAN 349 AM Troubleshooting P 350 Port Channel Configuration e neeeseee eese eene annua nn nan naa 351 Introduction to Port Channel ic cce ennt wastes 351 Port Channel COMPMQURATIOM uc ere vensdanecenadsaneedivtsleletetedelolatedslatatedalatateldetatelsiots 352 Port Channel Configuration Task LisE usurpari cues rara trainer nde k nn sues dens ada severe 352 Port Channel Configuration Commands uiua uin nhan un uan aka EAR ERR RR AY FRE RARE ERR YR 353 Port Channel Instance eerte et a 355 Port Channel Troubleshooting esscr neee eado diea 357 Monitoring and Debugging COMmMANS is isicccccceiscceccsccanscanacsencteesccecvenstenstsceantestarsensdnescteerens 357 Port Channel Troubleshooting ieiesciscctacsnacanarenacctaranstnadeecncctvensadsctensdentanscatactneanecstenenasctnecneteis 361 DHCP Configuration cceseeeeeeeeeeee
85. authentication login Command authentication login local radius local radius radius local no authentication login Function Configure the password authentication mode and priority of Telnet server for the remote login user The no form command restores the default authentication mode Default status By default the login authentication mode is local Command mode Global Configuration Mode Usage guide When adopting the combined authentication modes the priority goes from left to right If passing the high priority authentication mode the user is directly permitted to login and the later authentication modes are ignored As long as one authentication mode is passed the user can login When using the radius authentication you should enable the AAA function and configure the radius server Example Configure the remote login authentication mode as radius Switch Config authentication login radius Related commands aaa enable radius server authentication host 2 monitor Command monitor no monitor Function Enable the debug information of the Telnet client and disable the function of displaying the debug information on the console The no format of the command is used to disable the debug information of the Telnet client and enable the function of displaying the debug information on the console Command mode Admin Mode Maipu Confidential amp Proprietary Information Page 63 of 472 MyPower S3026G POE AC Switch User
86. by get requests The number of packets received by getnext requests The number of packets received by set requests snmp packets output Total number of the output SNMP packets too big errors The number of Too big error SNMP packets Maipu Confidential amp Proprietary Information Page 95 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Maximum length of SNMP packet existent MIB objects The number of Bad_values error SNMP packets general errors The number of General_errors error SNMP packets get response PDUs The number of response packets sent snmp trap PDUs The number of Trap packets sent show snmp status Command show snmp status Function Display SNMP configuration information Command mode Admin Mode Example Switch show snmp status System Name MyPower S3026G POE AC System Contact Maipu Sichuan Communication Technology Co Ltd System Location China Trap disable RMON enable Community Information Security IP is Enabled V1 V2c Trap Host Information V3 Trap Host Information Displayed information Description Trap disable RMON enable Community Information Security IP is Enabled show snmp engineid Command show snmp engineid Function Display the engine ID Command mode Admin Mode Example Maipu Confidential amp Proprietary Information Page 96 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch s
87. cos8 no wrr queue cos map lt queue id gt Function Sets the CoS value mapping to the specified egress queue the no wrr queue cos map command restores the default setting Parameters lt queue id gt is the ID of egress queue ranging from 1 to 4 cos1 cos8 are CoS values mapping to the queue out ranging from O to 7 up to 8 values are supported Default Default CoS to Egress Queue Map when QoS is Enabled CoS Value Queue Selected 0 1 1 23 4 5 3 6 7 4 Command mode Global configuration mode Usage guide When global QoS is disabled all COS values are mapped to queue 1 by default Example Map the packets with CoS value 2 and 3 to egress queue 1 Switch config wrr queue cos map 1 2 3 Maipu Confidential amp Proprietary Information Page 444 of 472 MyPower S3026G POE AC Switch User Manual V1 0 mls qos map Command mis qos map cos dscp lt dscp1 dscp8 gt dscp cos lt dscp list gt to cos dscp mutation in dscp to out dscp gt policed dscp lt dscp list gt to lt mark down dscp gt no mls qos map cos dscpldscp cosldscp mutationlpoliced dscp Function Set class of service CoS to Differentiated Services Code Point DSCP mapping DSCP to CoS mapping DSCP to DSCP mutation mapping and policed DSCP mapping the no command restores the default mapping Parameters cos dscp lt dscp1 dscp8 gt defines the mapping from CoS value to DSCP lt dscp1 dscp8 gt are the 8 DSCP va
88. default master when configuring nonegotiate mode If one end is set to master mode the other end must be set to slave mode forceig half is not supported yet Example Port 1 of Switchi is connected to port 1 of Switch2 the following operation sets both ports in forced 100Mbps at half duplex mode Switch1 Config interface ethernet 0 0 1 Switch 1 Config Ethernet0 0 1 speed duplex force100 half Switch2 Config interface ethernet 0 0 1 Switch2 Config Ethernet0 0 1 speed duplex force100 half combo forced mode Command combo forced mode copper forced copper prefered auto sfp forced sfp prefered auto no combo forced mode Function Set the work mode of the combo port valid only for the combo port The no format of the command restores the default work mode of the combo port that is the optical port is first Parameter copper forced forces use of copper cable port copper preferred auto for copper cable port first sfp forced forces use of fiber cable port sfp preferred auto for fiber cable port first Command mode port mode Maipu Confidential amp Proprietary Information Page 153 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default status prefered auto By default the work mode of the combo port is sfp Usage guide The work mode of combo ports and the port connection status determines the active port of the combo ports A combo port consists of one fiber port and a copper cable port Only one
89. does not function The client stops sending requesting packets after one is sent And after a while it can not receive multicast traffic Example Switch Config ip igmp snooping vlan 2 12 general query source 192 168 1 2 Maipu Confidential amp Proprietary Information Page 239 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ip igmp snooping vlan limit Command ip igmp snooping vlan v an id limit group g limit source s limit no ip igmp snooping vlan vlan id limit Function Configure the max group count of vlan and the max source count of every group Parameter vlan id is the VLAN number and the value range is 1 4094 g limit lt 1 65535 gt max number of groups joined s limit lt 1 65535 gt max number of source entries in each group include source and exclude source Command mode Global Configuration Mode Default Maximum 50 groups by default with each group storing 40 source entries Usage guide When the number of joined group reaches the limit new group requesting for joining in is rejected for preventing hostile attacks To use this command IGMP snooping must be enabled on vlan The no form of this command restores the default other than set to no limit For the safety considerations this command will not be configured to no limit It is recommended to use default value Example Switch config ip igmp snooping vlan 2 limit group 300 ip igmp snooping vlan mr
90. gt Function In MSTP domain configuration mode create the instance and set the mappings between VLANs and instances or add the mapping between VLAN table entry and specified instance the command no instance lt instance id gt vlan lt vlan list gt deletes the specified instance and the specified mappings between the VLANs and instances Parameter Normally lt instance id gt sets the instance number The valid range is from 0 to 4 in the command no instance lt instance id gt vlan lt vlan list gt lt instance id gt sets the instance number The valid number is from 1 to 4 vlan list sets consecutive or non consecutive VLAN numbers refers to consecutive numbers and refers to non consecutive numbers Command mode MSTP domain comfiguration mode Default Before creating any Instances there is only the instance 0 and VLAN 1 4094 all belong to the instance 0 Usage guide This command sets the mappings between VLANs and instances Only if all the mapping relationships and other parameters of the MSTP domain are the same the switches are considered to be in the same MSTP domain Before setting any instances all the VLANs belong to Maipu Confidential amp Proprietary Information Page 213 of 472 MyPower S3026G POE AC Switch User Manual V1 0 instance 0 MSTP can support up to 4 MSTIs except for CISTs CIST can be treated as MSTI O All other instances are considered as instance 1 to 4 The specif
91. gt command deletes the ACL Parameters name the name of access list excluding blank or quotation mark and it must start with letter and the length cannot exceed 16 note sensitivity on capital or small letter Command Mode Global configuration mode Default No named MAC IP access list Usage guide After assigning the commands for the first time only an empty name access list is created and no list item included Example Create an MAC IP ACL named macip acl Switch Config mac ip access list extended macip acl Switch Config MacIp Ext Nacl macip_acl permit deny mac ip extended Command no deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt icmp lt source gt lt source wildcard gt any source host source lt source host ip gt 4 destination destination wildcard any destination host destination lt destination host ip gt icmp type icmp code precedence precedence tos tos time range time range name no 4deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt igmp source source wildcard any source host source lt source host ip gt lt destination gt lt destination
92. guide The command displays the number of the L2 unicast broadcast multicast and error packets at the input and output directions The information pf each port is displayed in two lines The first line displays the information at the IN direction and the second line displays the OUT direction Example Display the statistics information of the port packet quantity Switch show interface ethernet counter packet Interface Unicast pkts BroadCast pkts MultiCast pkts Err pkts 0 0 1 IN 12 345 678 12 345 678 9 12 345 678 09 4 567 OUT 23 456 789 34 567 890 5 678 0 0 0 2 IN 0 0 0 0 OUT 0 0 0 0 0 0 3 IN 0 0 0 0 OUT 0 0 0 0 0 0 4 IN 0 0 0 0 OUT 0 0 0 0 Displayed Information Description Interface The port ID the Ethernet prefix is not displayed IN OUT Direction Unicast Unicast packet quantity BroadCast Broadcast packet quantity MultiCast Multicast packet quantity Err Total number of the error packets show interface ethernet counter rate Command show interface ethernet counter rate Function Display the rate statistics information of all Ethernet ports that is the input and output packets and bytes of five minutes and five seconds Parameter none Maipu Confidential amp Proprietary Information Page 167 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode admin mode Usage guide The information of each port is displayed in two lines The first line displays the statist
93. in an EAP packet is larger than 253 bytes the packet can be divided into fragments which then are encapsulated in several EAP Messages attributes in their original order EAP packets EAP Message attribute encapsulation 2 Message Authenticator As illustrated in the next figure this attribute is used in the process of using authentication methods like EAP and CHAP to prevent the access request packets from being eavesdropped Message Authenticator should be included in the packets containing the EAP Message attribute or the packet is dropped as an invalid one 0 1 2 18 bytes Te Message Authenticator attribute 802 1x Authentication Mode The authentication can either be started by supplicant system initiatively or by devices When the device detects unauthenticated users to access the network it sends supplicant system EAP Request Identity messages to start authentication On the other hand the supplicant system can send EAPOL Start message to the device via supplicant software 802 1 x systems supports EAP relay method and EAP termination method to implement authentication with the remote RADIUS server The following is the description of the process of these two authentication methods both started by the supplicant system EAP Relay Mode EAP relay is specified in IEEE 802 1x standard to carry EAP in other high level protocols such as EAP over RADIUS making sure that extended authentication protocol messages can
94. information according to the configured policing policies and may discard some packets with low priority in case of bandwidth shortage If the devices of each hop in a network support differentiated service an end to end QoS solution can be created The QoS configuration is flexible the complexity or simplicity depends on the network topology and devices and analysis to incoming outgoing traffic Basic QoS Model The basic QoS consists of five parts Classification Policing Remark Queuing and Scheduling where classification policing and remark are sequential ingress actions and Queuing and Scheduling are QoS egress actions 3 e Generate Classificatio PSP sludp ofici scheduling Sortthe packet traffic Decide whether the Foris ipi RN ER S queues accordimg to C08 value and service accordmg the aueue weighte accordmg tothe classification traffic is m profile orout 35563 discard out info and ACLs and convert of profile according to of profile packets classification info to DSCP the packet DSCP value value and plicimg policy Basic QoS Model Classification Classify traffic according to packet classification information and generate internal DSCP value based on the classification information For different packet types and switch configurations classification is performed differently the flowchart below explains this in detail Maipu Confidential amp Proprietary Information
95. interval 10 seconds Heartbeat hold time 100 seconds Cluster IP pool 44 4 45 1 Display the cluster information on the member switch Switch show cluster Member switch for cluster admin Member Number 3 Management IP address 192 168 1 64 Command switch mac address 00 03 0f 00 28 e6 Heartbeat interval 10 seconds Heartbeat hold time 100 seconds Status Active Display the cluster information on the candidate switch Switch show cluster Candidate switch Register timer 60 seconds Maipu Confidential amp Proprietary Information Page 144 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Displayed contents Command switch Displayed as the table form Command switch for cluster c ustername The cluster name and role c ustername is the cluster name Total number of members The number of the members in the cluster Status The status of the member in the cluster display the number of the down members Time since last status change The time since the last status change Heartbeat interval Heartbeat period Heartbeat hold time Heartbeat hold time Member switch Displayed as the table form Member switch for cluster c ustername The cluster name and role c ustername is the cluster name Member number The ID of the member switch in the cluster Management IP address The management IP of the cluster the public IP of the command switch
96. is the string for the prompt At most 30 characters are allowed Command mode Global Configuration Mode Default status The default prompt is related with the switch model Usage guide With this command the user can set the CLI prompt of the switch according to their own requirements Example Set the prompt to Switch Switch Config hostname Switch Switch config reload Command reload Function Warm reset the switch Command mode Admin Mode Usage guide The user can use this command to restart the switch without power off Example Hot start Maipu Confidential amp Proprietary Information Page 55 of 472 MyPower S3026G POE AC Switch User Manual V1 0 set default Command set default Function Restore the switch to factory settings Command mode Admin Mode Usage guide Reset the switch to factory settings That is to say all configurations made by the user to the switch will disappear When the switch is restarted the prompt will be the same as when the switch is powered on for the first time Note After the command write command must be executed to save the configuration The switch restores to factory settings after restart Example Switch set default Are you sure Y N 2 y Switch write Switch reload setup Command setup Function Enter the Setup Mode of the switch Command mode Admin Mode Usage guide Switch provides a Setup Mode in which the user can configure IP addre
97. learned by the port to static secure MAC addresses switchport port security timeout lt va ue gt no switchport port security timeout Enable port locking timer function the no switchport port security timeout restores the default setting switchport port security mac address mac address no switchport port security mac address mac adaress Add static secure MAC address the no switchport port security mac address command deletes static secure MAC address clear port security dynamic address lt mac adar interface nterface id Clear dynamic MAC addresses learned by the specified port 3 Configure MAC address binding property Command Explanation Port Mode Set the maximum number of secure MAC addresses for a port the no switchport port security maximum command restores the default value switchport port security maximum lt va ue gt no switchport port security maximum value switchport port security violation protect shutdown no switchport port security violation Set the violation mode for the port the no switchport port security violation command restores the default setting Commands for Configuring Mac Address Binding switchport port security Command switchport port security no switchport port security Function Enable MAC address binding function for the port the no switchport port security command disa
98. levels Each port can set its own bandwidth rate according to the requirements for controlling access bandwidth Maipu Confidential amp Proprietary Information Page 13 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port trunk MyPower S3026G POE AC switch supports IEEE802 3ad standard TRUNK and can realize link redundancy and traffic load balance IGMP Snooping MyPower S3026G POE AC switch supports multicast applications based on the IGMP Snooping mechanism and thus realizes all kinds of multicast services decreases the network traffic and meets the requirements of multicast services like multimedia playing remote teaching and entertainment e Multicast VLAN MyPower S3026G POE AC switch adds ports of the switch into a multicast VLAN by configuring the multicast VLAN With the IGMP Snooping enabled users of different VLANs can use the same multicast VLAN which restricts the multicast flow within only one multicast VLAN and thus save the bandwidth effectively Broadcast Storm Suppression MyPower S3026G POE AC switch supports broadcast storm suppression and thus can effectively control broadcast storm decrease useless occupation of the bandwidth and increase the overall network performance Spanning Tree MyPower S3026G POE AC switch supports IEEE802 1d spanning tree IEEE802 1w rapid spanning tree and IEEE802 1s spanning tree The spanning tree can effectively avoid loopback and at the same time crea
99. logging no ip dhcp conflict logging Enable logging for DHCP address to detect address conflicts Admin Mode clear ip dhcp conflict lt address all gt Delete a single address conflict record or all conflict records 4 Configure the number of the sent ping packets and timeout Command Explanation Global Mode ip dhcp ping packets lt count gt no ip dhcp ping packets Configure the number of the sent ping packets of the addresses to be distributed in the address pool ip dhcp ping timeout lt milliseconds gt no ip dhcp ping timeout Configure the timeout of waiting for the response after sending the ping packets DHCP Configuration Commands bootfile Command bootfile filename no bootfile Function Set the file name for DHCP client to import on boot up the no bootfile command deletes this setting Maipu Confidential amp Proprietary Information Page 366 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters filename is the name of the file to be imported up to 255 bytes are allowed Command Mode DHCP Address Pool Mode Usage guide Specify the name of the file to be imported for the client This is usually used for diskless workstations that need to download a configuration file from the server on boot up This command works with the next sever Example The path and filename for the file to be imported is c temp nos img
100. lt sMask gt any source host source s pAadr 4 lt dIpAddr gt lt dMask gt any destination host destination lt dIpAddr gt gmp type precedence lt prec gt tos lt tos gt time range lt time range name gt Create an IGMP numbered extended IP access rule if the numbered extended access list does not exist create the access list access list num deny permit tcp 1 lt spAdar gt lt sMask gt any source host source s pAadr s port lt sPort gt dipAdar lt dMask gt any destination host destination lt d pAdadr gt d port lt dPort gt ack fin psh rst urg syn precedence lt prec gt tos tos time range lt time range name gt Create a TCP numbered extended IP access rule if the numbered extended access list does not exist create the access list access list num deny permit udp szpAdar lt sMask gt any source host source s pAadr s port lt sPort gt lt dIpAddr gt lt dMask gt any destination host destination lt d pAdar gt d port lt dPort gt precedence lt prec gt tos lt tos gt time range lt time range name gt Create a UDP numbered extended IP access rule if the numbered extended access list does not exist create the access list access list num deny permit eigrp gre igrp ipinip ip ospf lt int gt lt sIpAddr gt lt sMask gt any source host source
101. make SSH client log into the switch the users need to configure the SSH user and enable SSH function on the switch Example Enable SSH function on the switch Switch Config ssh server enable Maipu Confidential amp Proprietary Information Page 67 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ssh user Command ssh user username password 0 7 password no ssh user username Function Configure the username and password of SSH client software for logging into the switch the no ssh user user name command deletes the SSH user Parameter username is SSH client username It can t exceed 16 characters password is SSH client login password It can t exceed 32 characters 0 7 indicates unencrypted password and encrypted password Command mode Global Configuration Mode Default status There are no SSH username and password by default Usage guide This command is used to configure the authorized SSH client Any unauthorized SSH clients can t log in and configure the switch When the switch serves as the SSH server up to three users can set and up to three SSH clients are permitted to set up the TCP connection Example Set a SSH client which has admin as username and switch as password Switch Config ssh user admin password 0 admin gt ssh server timeout Command ssh server timeout lt timeout gt no ssh server timeout Function Configure timeout value for SSH authentication the
102. mask is 255 255 255 0 Switch Config dot1x user free resource 1 1 1 0 255 255 255 0 radius server accounting host Command radius server accounting host ip address port lt port number primary no radius server accounting host lt ip address gt Function Set the IP address and listening port number for RADIUS accounting server the no command deletes the RADIUS accounting server Maipu Confidential amp Proprietary Information Page 296 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters ip address stands for the server IP address port number the listening port number of the server ranging from O to 65535 primary the primary server Command Mode Global configuration mode Default No RADIUS accounting server is configured by default Usage guide This command is used to specify the IP address and port number of the specified RADIUS server for switch accounting and multiple command instances can be configured The lt port number gt parameter is used to specify accounting port number which must be the same as the specified accounting port on the RADIUS server the default port number is 1813 If this port number is set to 0 accounting port number is generated at random and can result in invalid configuration This command can be used repeatedly to configure multiple RADIUS servers communicating with the switch the switch sends accounting packets to all the configured accounting servers and all
103. model of the switch The chapter adopts Switch to indicate the common CLI prompts clock set Command clock set lt HH MM SS gt lt YYYY MM DD gt Function Set system date and time Parameter lt HH MM SS gt is the current time and the valid scope for HH is O to 23 MM and SS 0 to 59 YYYY MM DD is the current year month and date and the valid scope for YYYY is 20002035 MM range is 1 12 and DD between 1 to 31 Command mode Admin Mode Default status upon first time start up it is defaulted to 2001 1 1 0 0 0 Usage guide The switch can not continue timing with power off so the current date and time must be first set at environments where exact time is required Example To set the switch current date and time to 2002 8 1 23 0 0 Switch clock set 23 0 0 2002 8 1 Related command show clock Maipu Confidential amp Proprietary Information Page 52 of 472 MyPower S3026G POE AC Switch User Manual V1 0 config Command config terminal Function Enter Global Configuration Mode from Admin Mode Parameter terminal indicates terminal configuration Command mode Admin Mode Example Switch config exec timeout Command exec timeout lt minutes gt Function Configure the timeout of exiting admin mode Parameters lt minute gt is the time value shown in minute and ranges between 0 300 Command mode Global configuration mode Default status Default timeout is 5 minutes Usage guide T
104. n y To enable the Web service input y or press Enter If the user does not need to enable the web service input n and press Enter And then return to the Telnet server configuration menu If selecting 2 in the Telnet server configuration menu return to the Setup main menu Configure SNMP Select 4 in the Setup main menu and press Enter to start configuring SNMP as follows Configure SNMP 0 Config SNMP server read write community string 1 Config SNMP server read only community string 2 Config traps host and community string 3 Config SNMP server status 4 Config SNMP traps status 5 Add SNMP NMS security IP address Maipu Confidential amp Proprietary Information Page 30 of 472 MyPower S3026G POE AC Switch User Manual V1 0 6 Exit Selection number Select 0 in SNMP configuration menu press Enter and the following screen appears Please input the read write access community string private Note The valid length for a read write access community string is 1 to 255 characters The default value is private After a valid read write access community string is entered press Enter and return to the SNMP configuration menu Select 1 in the SNMP configuration menu press Enter and the following screen appears Please input the read only access community string public Note The valid length for a read only access community string is 1 to 255 characters The default value is
105. na ur oxic saute 201 Protocol VLAN Configuration sicdesicanestesiearescesnsectesuws esss4eie s0041s04s004isehseriisehesatssase3 es Introduction to Protocol MEAN sisser se enaena vice suena ae es ac aue aac iue eue eat ates ve UE RE ESEN KE uad eig Protocol VLAN Configuration Task List Protocol VLAN Configuration Commands Protocol VLAN Troubleshooting iscsi aniline Fn Le La dE MEAN Troubleshooting e Monitoring and Debugging Information eene nnn nnn nnn 205 MSTP Configuration 11 eeee eese nnn nnn nnns 207 Introd ction to MSTP icc cccceissiecaciececewessivecadetecetviebesclededeashesetecetedededaieteteiededidetetess 207 MSTP DOMAI sistas snanctanasasacadssancsaventa nina Ck raa e Fk rk ka CHA L4 epa sana FL ra a Fa Ha CEA LEY HR tied Fla a rn 207 POMIROIGS EUM 209 MSTP Netelz ecc e EE 209 MSTP ConfigUtatlOlr sio ipu apu ws EH EE ER RXARREREREER ER EERRR ERES RRRRNEIRARRRIPISARIRRIN TG YEA 209 MSTP Configuration Task List resonare annececssnds snes cans cunnncnsanais anna ceed Ra xu k EY a ERR d RYE Rau sees 209 MSTP Configuratioti Command S sesiis 5 222 253 pes paa CERE XR AR ERRETRRR aO E EE E aE DETERE 212 MSTIPUINSCAMCES cided TELE MSIP TroubleshooOtihg eoo ineo nan pu Rua rat E HR RE YER EE HERE ARE HYRRE MEE SERRE MER REFREIPRYED Monitoring and Debugging Commands MSTP Tro bleshooting 2 212r ooh non enne IGMP Snooping Configuration
106. no shutdown Step 2 Run Telnet Client program Run Telnet client program included in Windows and specify the destination address of Telnet Type the name of a program folder document or Internet resource and Windows will open it For you Open telnet 10 1 128 251 x Run telnet client program included in Windows Step 3 Log into the switch Log in to the Telnet configuration interface Valid login name and password are required Otherwise the switch rejects Telnet access This is a method to protect the switch from unauthorized access As a result when Telnet is enabled for configuring and managing the switch username and password for authorized Telnet users must be configured with the command telnet user user password 0 7 password For example the authorized user name of the switch is admin and password is admin The setting mode is as follows Switch gt en Switch config Switch Config telnet user admin password 0 admin Input valid login name and password on the Telnet configuration interface and Telnet user can enter the switch s CLI configuration interface The commands used on the Telnet CLI interface after login is the same as that on the Console interface Maipu Confidential amp Proprietary Information Page 39 of 472 MyPower S3026G POE AC Switch User Manual V1 0 C WINNT system32 cmd exe telnet 10 1 128 251 login test Telnet Configuration Interface Manage Switch
107. not send data frames If the switch gets the IP address via BOOTP DHCP protocol the VLAN interface is disabled and the switch cannot get the IP address To get the IP address via BOOTP DHCP protocol the VLAN interface must be enabled Example Enable the VLAN interface of the switch Switch Config If Vlan1 no shutdown Port Mirroring Configuration Introduction to Port Mirroring Port mirroring refers to the duplication of data frames sent received on a port to another port The duplicated port is called mirror source port and the duplicating port is called mirror destination port A protocol analyzer such as Sniffer or RMON monitoring instrument is attached to the mirror destination port to monitor and manage the network and diagnostic MyPower S3026G POE AC supports one mirror destination port only The number of mirror source ports are not limited one or more may be used Multiple source ports can be within the same VLAN or across several VLANs Maipu Confidential amp Proprietary Information Page 160 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Mirroring Configuration Task List 1 Specify mirror source port 2 Specify mirror destination port 1 Specify mirror source port Command Description Global mode monitor session lt session gt source interface nterface list rx tx both no monitor session lt session gt source interface nterface list Specify mirror source port th
108. number of DHCPFORWARD packets debug ip dhcp server Command debug ip dhcp server events linkage packets Maipu Confidential amp Proprietary Information Page 381 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no debug ip dhcp server eventsllinkagelpackets Function Enable DHCP server debug information the no debug ip dhcp server events linkage packets command disables the debug information for DHCP server Default Debug information is disabled by default Command mode admin mode Example switch debug ip dhcp server events dhcp event debug is on debug ip dhcp client Command debug ip dhcp cliet events packets no debug ip dhcp cliet eventslpackets Function Enable the debug information of the DHCP client The no format of the command disables the debug information of the DHCP client Default status By default the debug is disabled Command mode admin mode Example switch debug ip dhcp client event dhcp client event debug is on DHCP Troubleshooting If the DHCP clients cannot obtain IP addresses and other network parameters the following procedures can be followed when DHCP client hardware and cables have been verified ok Check whether the DHCP server is started If not start the related DHCP server e If the DHCP client and the server are not in the same physical network check the router that is responsible for forwarding the DHCP packets has the DHCP relay functi
109. on the switch to PC The configuration steps are as follows MyPower S3026G POE AC Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config If Vlan1 exit Switch Config ftp server enable Switch Config ip ftp server username admin password 0 admin PC configuration Log into MyPower S3026G POE AC via the FTP client software Input the user name admin and password admin via the Is command or dir command C gt ftp 10 1 1 2 Connected to 10 1 1 2 220 welcome your using ftp server User 10 1 1 2 none admin 331 User name okay need password Password 230 User logged in proceed ftp gt dir 200 PORT Command successful 150 ascii type in transfer file file name file length nos img 1195841 nos rom 557980 startup config 2611 running config 226 transfer complete ftp 137 bytes received in 0 08Seconds 1 73Kbytes sec ftp gt ls 200 PORT Command successful 150 ascii type in transfer file file name file length nos img 1195841 nos rom 557980 startup config 2611 running config 226 transfer complete ftp 137 bytes received in 0 08Seconds 1 73Kbytes sec Maipu Confidential amp Proprietary Information Page 113 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ftp Scenario 5 MyPower S3026G POE AC serves as FTP client to view the file list on the FTP server The switch is connected to PC via Ethernet port The P
110. only use it when set as trunk Protocol VLAN Configuration Task List 1 Enable Protocol VLAN 2 Configure protocol entry Maipu Confidential amp Proprietary Information Page 202 of 472 MyPower S3026G POE AC Switch User Manual V1 0 1 Eanble Protocol VLAN Command Explanation Global Configuration Mode protocol vlan enable Enable exit Protocol VLAN no protocol vlan enable 2 Confgiure protocol entry Command Explanation Global Configuration Mode protocol vlan mode ethernetii etype etype id llc dsap lt dasp id gt ssap lt ssap id gt snap etype lt etype id gt vlan vlan id priority lt priotiry id gt no protocol vlan mode ethernetii etype etype id llc dsap lt dasp id gt ssap lt ssap id gt snap etype lt etype id gt all Add Delete the correspondence between the protocol and VLAN that is the specified protocol is added into removed from the specified VLAN Protocol VLAN Configuration Commands protocol vlan enable Command protocol vlan enable no protocol vlan enable Function Enable the Protocol VLAN function The no format of the command restores the default state Command mode Global configuration mode Default status Protocol VLAN is not enabled Usage guide Enabling the Protocol VLAN function is the precondiction of the following commands Example Enable the Protocol VLAN function Switch config Switch Config
111. packet filter function A Enable the packet filter function globally B Configure the default action 3 Configure time range function A Create time range name B Configure periodic time range C Configure absolute time range 4 Bind access list to a specified direction of the specified port 1 Configure access list A Configure a numbered standard IP access list Command Explanation Global Mode access list num deny permit s pAddr lt sMask gt any source host source szpAdar no access list num Create a numbered standard IP access list if the access list already exists add one rule entry the no access list lt num gt command deletes a numbered standard IP access list B Configure a numbered extended IP access list Maipu Confidential amp Proprietary Information Page 313 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Global Mode access list num deny permit icmp lt sIpAddr gt lt sMask gt any source host source s pAadr lt dIpAddr gt lt dMask gt any destination host destination lt dIpAddr gt lt icmp type gt icmp code precedence lt prec gt tos tos time range lt time range name Create an ICMP numbered extended IP access rule if the access list does not exist create the access list access list num deny permit igmp 1 szpAdar
112. packets to be transferred between the DHCP client and DHCP server The implementation of DHCP is shown below DHCPDiscover Broadcast DHCPOFFER Unicast lt DHCPREQUEST Broadcast CU n DHCPACK Unicast DHCP server DHCP client DHCP protocol interaction Explanation 1 DHCP client broadcasts DHCPDISCOVER packets in the local subnet 2 On receiving the DHCPDISCOVER packet DHCP server sends a DHCPOFFER packet with IP address and other network parameters to the DHCP client 3 DHCP client broadcasts DHCPREQUEST packet with the information for the DHCP server it selected after selecting from the received DHCPOFFER packets Maipu Confidential amp Proprietary Information Page 363 of 472 MyPower S3026G POE AC Switch User Manual V1 0 4 The DHCP server selected by the client sends a DHCPACK packet and the client gets an IP address and other network configuration parameters The above four steps finish a process of assigning the host configuration dynamically However if the DHCP server and the DHCP client are not in the same network the server cannot receive the DHCP broadcast packets sent by the client Therefore no DHCP packets are sent to the client by the server In this case a DHCP relay is required to forward such DHCP packets so that the exchanging of the DHCP packets can be completed between the DHCP client and server The switch can act as both a DHCP server and a DHCP relay DHCP server supports
113. physical interface but a virtual interface L3 interface is created on VLANs The L3 interface can contain one or more L2 ports which belong to the same VLAN or contain no L2 ports At least one of the L2 ports contained in L3 interface should be in UP state so that the L3 interface can be in UP state Otherwise L3 interface is in DOWN state By default all L3 interfaces on the switch use the same MAC address which is selected from the reserved MAC address while creating L3 interface The L3 interface is the base for the L3 protocols and you can configure IP address on the L3 interface The switch can use the IP addresses set in the L3 interfaces to communicate with the other devices via IP L3 Interface Configuration L3 Interface Configuration Task List 1 Create L3 interface 2 Set the default gateway address of the switch 1 Create L3 Interface Command Explanation Global Mode Create a VLAN interface the VLAN interface interface vlan v an id is a L3 interface the no format of the no interface vlan lt v an id gt command deletes the VLAN interface L3 interface created in the switch Maipu Confidential amp Proprietary Information Page 454 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Global mode Set the default gateway address of the switch The no format of the command deletes the default gateway address ip route 0 0 0 0 0 0 0 0 gateway no ip route 0 0 0 0 0 0 0 0 ga
114. plus the compensating power C 50Vx2 44mA 122mA B A C 500 122 622mW So only when the displayed power reaches 622mW the PD will be disconnected Table Max Working Current mA Compensating Current mA 50 2 44 100 4 88 150 9 76 200 17 08 250 24 41 350 31 73 Maipu Confidential amp Proprietary Information Page 472 of 472
115. radius server authentication host 10 1 1 3 Switch Config radius server accounting host 10 1 1 3 Switch Config radius server key test Switch Config aaa enable Switch Config aaa accounting enable Switch Config dot1x enable Switch Config interface ethernet 0 0 2 Switch Config Ethernet0 0 2 dot1x enable Switch Config Ethernet0 0 2 dot1x port method macbased Switch Config Ethernet0 0 2 dot1x port control auto Switch Config Ethernet0 0 2 exit 802 1x Troubleshooting 802 1x Debugging and Monitoring Commands show aaa config Command show aaa config Function Display the existing configuration commands for the switch as a RADIUS client Command mode Admin Mode Usage guide Display whether AAA authentication and accounting are enabled as well as the information for key authentication and accounting server specified Example Switch show aaa config For Boolean value 1 stands for TRUE and 0 for FALSE Is Aaa Enabled 1 Is Account Enabled 1 MDS Server Key aa authentication server sum 2 authentication server 0 sock_addr 2 172 16 1 99 1812 Maipu Confidential amp Proprietary Information Page 302 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Js Primary 1 Js Server Dead 0 Socket No 0 authentication server 1 sock_addr 2 172 16 1 100 1812 Is Primary 0 Js Server Dead 0 Socket No 0 accounting server sum 2 accounting server 0 sock_addr 2 172 16 1 99 1813 Is Primary 1 Js
116. received on port 0 0 5 from port0 0 12 2 Filter data according to the MAC table If PC1 sends a message to PC2 the switch on checking the MAC table finds that PC2 and PC1 are in the same physical segment and filters the message i e drop this message Three types of frames can be forwarded by the switch x Broadcast frame lt Multicast frame gt Unicast frame The following describes how the switch deals with all the three types of frames 1 Broadcast frame The switch can segregate collision domains but not broadcast domains If no VLAN is set all devices connected to the switch are in the same broadcast domain When the switch receives a broadcast frame it forwards the frame in all ports When VLANs are configured in the switch the MAC table will be adapted accordingly to add VLAN information In this case the switch will not forward the received broadcast frames in all ports but forward the frames in all ports in the same VLAN Maipu Confidential amp Proprietary Information Page 172 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 Multicast frame When IGMP Snooping function is not enabled multicast frames are processed in the same way as broadcast frames when IGMP Snooping is enabled the switch will only forward the multicast frames to the ports belonging to the very multicast group 3 Unicast frame When no VLAN is configured if the destination MAC addresses are in the switch MAC table the swit
117. source and destination MAC If modifying the load balance mode and the port group has formed a port channel the modified load balance mode cannot take effect until aggregating again Default Switch ports do not belong to a port channel by default LACP is not enabled by default Command mode Global Configuration Mode Example Create a port group and adopt the default load balance mode Switch Config port group 1 Maipu Confidential amp Proprietary Information Page 353 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Delete one port group Switch Config no port group 1 port group mode Command port group lt port group number gt mode activelpassivelon no port group lt port group number gt Function Add a physical port to port channel the no format of the command removes specified port from the port channel Parameters port group number is the group number of port channel from 1 to 15 active enables LACP on the port and sets it to Active mode passive enables LACP on the port and sets it to Passive mode on forces the port to join a port channel without enabling LACP Command mode Port Mode Default Switch ports do not belong to a port channel by default LACP is not enabled by default Usage guide If the specified port group does not exist create the group first and then add the ports to the group All ports in a port group must be added in the same mode i e all ports use the mode used by the
118. spanning tree mst configuration Function Enter the MSTP mode Under the MSTP mode the MSTP attributes can be set The command no spanning tree mst configuration restores the parameters of the MSTP to their default values Command mode Global configuration mode Default The default values of the attributes of the MSTP region are listed as below Attribute of MSTP Default Value Instance There is only the instance 0 All the VLANs 1 4094 are mapped to the instance 0 Name MAC address of the bridge Revision 0 Usage guide Whether the switch is in the MSTP region mode or not users can enter the MSTP mode configure the attributes and save the configuration When the switch is running in the MSTP mode the system will generate the MST configuration identifier according to the MSTP configuration Only the switches with the same MST configuration identifier are considered as in the same MSTP region Example Enter MST configuration mode Switch Config spanning tree mst configuration Switch Config Mstp Region ft spanning tree mst cost Command spanning tree mst lt instance id gt cost cost no spanning tree mst instance id cost Function Sets path cost of the current port in the specified instance the command no spanning tree mst lt instance id gt cost restores the default setting Parameter instance id sets the instance ID The valid range is from 0 to 48 cost sets path
119. status UP or DOWN separated by A DOWN of Link means administratively down Speed The port rate the display format is mode rate Mode a means auto In auto mode the later rate is negotiated automatically If port Protocol is DOWN just auto is displayed Mode f means force and the later rate is set forcedly Duplex The duplex status the display format is mode duplex status Mode a means auto f means force The duplex status is full or half Vian When the port is access port it shows the VLAN of the port When the port is trunk it shows trunk Type The hardware type of the port Currently the existing hardware type is displayed SFP G USB G TX G Combo GBIC XGE GBIC and FE The bottom of the table prompts that G means Gigabit When the port type is Combo the port is up and is not loopback the current displayed Active is Copper or Fiber Alias Name The port name set by the user If the port name is not set it is displayed as null If the name is too long exceeding 15 characters the subsequent part is cut off and is not displayed Maipu Confidential amp Proprietary Information Page 166 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show interface ethernet counter packet Command show interface ethernet counter packet Function Display the packet quantity statistics information of all Ethernet ports Parameter none Command mode admin mode Usage
120. swich cannot learn the MAC address dynamically or in some special usage the user can use the command to set up the mapping relation between MAC address and port VLAN manually When the port type is one port channel the port channel must be up The no mac address table all command deletes all dynamic static and filter MAC address entries in the MAC address table of the switch excluding the mapping entries reserved in the system Example Port 0 0 5 belongs to VLAN200 which sets up the address mapping with 00 03 0f f0 00 18 Switch Config mac address table static address 00 03 Of f0 00 18 vlan 200 interface ethernet 0 0 5 mac address table blackhole Command mac address table blackhole address lt mac addr gt vlan vlan id no mac address table blackhole address lt mac addr gt vlan lt vlan id gt Maipu Confidential amp Proprietary Information Page 174 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Add or modify the filter address entries The no format of the command deletes the filter address entries Parameter mac addr is the MAC address to be added or deleted vlan id is the VLAN number that receives the MAC address packets Command mode Global mode Default status no filter entry Usage guide Configure the purpose of the filter entry is to drop the frames of the specified MAC address filtering the undesired traffic It can filter the source address and target address The filter
121. switch to send Trap message the no snmp server enable traps command disables the switch to send Trap message Command mode Global Configuration Mode Default status Sending trap message is disabled by default Usage guide When Trap message is enabled if Down Up in device ports or of system occurs the device will send Trap messages to NMS that receives Trap messages Example Enable to send Trap messages Switch config snmp server enable traps Disable to send Trap messages Switch config no snmp server enable trap snmp server engineid Command snmp server engineid engine string no snmp server engineid lt engine string gt Function Configure the engine ID the no form of this command restores to the default engine ID Command mode Global Configuration Mode Parameter lt engine string gt is the engine ID shown in 10 digit hex characters Default status Default value is the company ID plus local MAC address Example Set current engine ID to A66688999F Switch config snmp server engineid A66688999F Restore the default engine ID Switch config no snmp server engineid A66688999F snmp server user Command snmp server user lt user string gt lt group string gt encrypted auth md5 sha lt password string gt no snmp server user lt user string gt lt group string gt Function Add a new user to an SNMP group the no form of this command deletes this user Command mode Global Config
122. switches are not automatically added to the cluster Maipu Confidential amp Proprietary Information Page 138 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Global Mode Usage guide After enabling this command on a commander switch when the command switch discover the new cluster register packets sent by the switches it adds them to the cluster If running the command on non command switch return error Example Enable the auto adding function on the commander switch Switch config cluster auto add enable rcommand member Command rcommand member lt mem id gt Function On the commander switch this command is used to remotely manage the member switches in the cluster Parameter lt member id gt is the member id allocated by command switch to each member whose range is 1 23 Default status None Command mode Admin Mode Usage guide After executing this command users remotely login to a member switch and enter Admin Mode Use the exit command to quit the configuration interface of the member switch If running the command on non command switch return error Example On the commander switch enter the configuration interface of the member switch with mem id 15 Switch rcommand member 15 rcommand commander Command rcommand commander Function On the member switch use this command to configure and manage the commander switch Parameter None Default status None Command mode Admin
123. the Shell for the switch are as follows c Configuration Modes c Configuration Syntax Shortcut keys lt gt Help function Input verification Fuzzy match support Maipu Confidential amp Proprietary Information Page 43 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Configuration Modes User Mode Admin Mode Global Mode Interface Mode Vlan Mode configuration Mode ACL configuration DHCP address pool Route configuration The shell configuration mode of MyPower S3026G POE AC 1 Common User Mode When entering the CLI interface the user enters the common user mode first the prompt is Switch and the symbol gt is the prompt for Common User Mode When the user runs the Exit command to exit in the Admin Mode it can return to the Common User Mode In the common user mode you cannot configure the switch but can only query the clock of the switch and the version information of the switch 2 Admin Mode Admin Mode Switch can be entered in the User Mode by running the enable command and entering corresponding admin user password if a password is set When the exit command runs under Global Mode it also can return to the Admin Mode MyPower S3026G POE AC also provides a shortcut key Ctrl z so that the switch can return to the Admin Mode from any configuration mode except User Mode In Admin Mode the user can query the switch configuration information connection st
124. the Dotix authentication transparent transmission function of the switch is enabled and the Dotix function is not enabled globally the switch transmits the Dotix authentication packets transparently When the Dotix function is enabled transparently the command does not take effect Example Enable the 802 1x authentication transparent transmission function of the switch Switch Config dot1x bpdu forward enable dot1x eapor enable Command dotix eapor enable no dotix eapor enable Function Set the switch to adopt the EAP relay to authenticate The no format of the command is used to set the switch to adopt the EAP local termination to authenticate Command mode Global configuration mode Default EAP relay authentication is used by default Maipu Confidential amp Proprietary Information Page 287 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide The switch and RADIUS may be connected via Ethernet or PPP If an Ethernet connection exists between the switch and RADIUS server the switch needs to authenticate the user by EAP relay EAPoR authentication if the switch connects to the RADIUS server by PPP the switch will use EAP local end authentication CHAP authentication The switch should use different authentication methods according to the connection between the switch and the authentication server Example Set the switch to adopt the EAP local termination to authenticate Switch Config no dot1x eapor e
125. the accounting servers can be backup servers for each other If primary is not configured the servers become the accounting server of the switch by the configuration order If primary is specified the RADIUS server becomes the primary server Example Set the IP address of the RADIUS accounting server to 100 100 100 60 and the port number to 3000 serving as the primary server Switch Config radius server accounting host 100 100 100 60 port 3000 primary radius server authentication host Command radius server authentication host lt ip address gt port port number gt primary no radius server authentication host lt ip address gt Function Set the IP address and listening port number of the RADIUS server the no format of the command deletes the RADIUS authentication server Parameters lt ip address gt stands for the server IPv4 IPv6 address lt port number gt for listening port number from O to 65535 where 0 stands for non authentication server usage primary for primary server Command mode Global configuration mode Default No RADIUS authentication server is configured by default Maipu Confidential amp Proprietary Information Page 297 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide This command is used to specify the IP address and port number of the specified RADIUS server for switch authentication and multiple command instances can be configured The port parameter is used to spec
126. the highest level of output information to be debugging Maipu Confidential amp Proprietary Information Page 124 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config logging source m shell channel loghost level notifications state on Switch Config logging source m shell channel logbuff level debugging state on Related command logging on logging console logging monitor logging host logging buffered System Log Configuration Instance When the IP address of the management VLAN of the switch is 100 100 100 1 and the IP address of the remote log server is 100 100 100 5 it is required to send all log information of the shell module and system events to locali of the remote log host and output the log information of a module shell with Severity Level as warning or critical to the log buffer Configuration steps Switch Config logging on Switch Config logging 100 100 100 5 facility locall Switch Config logging source m shell channel loghost level debugging state on Switch Config logging source sys event channel loghost level debugging state on Switch Config logging buffered 1000 Switch Config logging source m shell channel logbuff level warning state on System Log Troubleshooting Monitoring and Debugging Commands show channel Command show channel console monitor logbuff loghost Function Display brief information of the log channel Parameters console means that the output channel of log
127. the interface Usage guide none Example Enable the debug information of Authenticator state machine of port 0 0 1 Maipu Confidential amp Proprietary Information Page 309 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch debug dot1x fsm asm interface ethernet 0 0 1 802 1x Troubleshooting It is possible that 802 1x cannot be configured on ports or 802 1x authentication status is auto and the port still cannot change to the state of passing the authentication after the user runs 802 1x supplicant software Here are some possible causes and solutions c If 802 1x cannot be enabled for a port check whether the port runs MAC binding or configured as Trunk port aggregation port To enable the 802 1x authentication the above functions must be disabled If the switch is configured properly but still cannot pass authentication the connectivity between the switch and RADIUS server the switch and 802 1x client should be verified and the port VLAN configuration for the switch should be checked too Check the event log in the RADIUS server for possible causes In the event log not only unsuccessful logins are recorded but prompts for the causes of unsuccessful login are recorded If the event log indicates wrong authenticator password radius server key parameter shall be modified if the event log indicates no such authenticator the authenticator needs to be added to the RADIUS server if the event log indicates n
128. the max output power 3 Globally set power management mode 4 Globally set non standard PD detection mode 5 Enable or disable PoE on specified ports 6 Set the max output power on specified ports 7 Set the power priority on specified ports Maipu Confidential amp Proprietary Information Page 462 of 472 MyPower S3026G POE AC Switch User Manual V1 0 1 Globally Enable or Disable PoE Command Explanation Global Mode power inline enable no power inline enable Enable disable PoE globally 2 Globally set the max output power Command Explanation Global Mode power inline max lt max wattage gt no power inline max Globally set the max output power of PoE 3 Globally set the power management mode Command Explanation Global Mode power inline police enable no power inline police enable Enable disable the power priority management policy mode 4 Globally set non standard PD detection mode Command Explanation Global Mode power inline legacy enable no power inline legacy enable Set whether or not to provide power for non standard IEEE PD 5 Enable or disable PoE on specified ports Command Explanation Port Mode power inline enable no power inline enable Enable disable PoE 6 Set the max output power on specified ports Command Explanation Port Mode power i
129. this chapter Command mode admin mode Usage guide This command is used to display the port rate duplex mode flow control switch broadcast storm suppression and statistics information about receiving and transmitting packets Example Display the information about port 0 0 1 Switch show interface ethernet 0 0 1 show interface ethernet status Command show interface ethernet status Maipu Confidential amp Proprietary Information Page 165 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Display the important status information of all Ethernet ports Parameter none Command mode Admin mode Usage guide The displayed information includes port number Link and Protocol status Speed Duplex VLAN port type and port name The first line explains the meanings of the abbreviations and then the information of each port is displayed in one line The ports are displayed in order Example Display the important status information of the port Switch show interface ethernet status Codes A Down administratively down a auto f force G Gigabit Interface Link Protocol Speed Duplex Vlan Type Alias Name 0 0 1 UP UP f 100M f full 1 G TX 0 0 2 UP UP a 100M a full trunk G TX 0 0 55 UP DOWN auto auto 1 G TX 0 0 4 A Down DOWN auto auto 1 G TX Displayed Information Description Interface The port ID the Ethernet prefix is not displayed Link Protocol The port and protocol connection
130. timeout is 2 seconds Success rate is 100 percent 5 5 round trip min avg max 0 0 0 ms In the example above 10 1 128 161 is configured as the source address of the ICMP echo request packet while the destination device is configured to be at 10 1 128 160 The command receives all the ICMP reply packets for all of the five ICMP echo requests The success rate is 100 It is denoted on the switch for ping failure which means unreachable link while for ping success which means reachable link Example 3 Use the method provided by the ping program to modify the ping parameters Switch ping Target IP address 10 1 128 160 Use source address option n y Source IP address 10 1 128 161 Repeat count 5 100 Datagram size in byte 56 1000 Timeout in milli seconds 2000 500 Extended commands n n Displayed Information Explanation protocol IP Select the ping of the IP protocol Target IP address The IP address of the target device Use source address option n Whether or not to use ping with source address Source IP address To specify the source IP address for ping Repeat count 5 The number of the sent packets by default it is 5 Datagram size in byte 56 The size of the ICMP packet by default it is 56 Timeout in milli seconds 2000 The timeout the unit is ms the default value is 2s Extended commands n Whether or to use other extended options Telnet Intro
131. type precedence precedence tos lt tos gt time range lt time range name gt Create one mac igmp numbered extended mac ip access rule If the numbered extended access list does not exist create the access list access list lt num gt deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac 4host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tcp lt source gt lt source wildcard gt any source host source lt source host ip gt s port lt port1 gt lt destination gt lt destination wildcard gt any destination host destination lt destination host ip gt d port lt port3 gt ack fin psh rst urg syn precedence lt precedence gt tos tos J time range t me range name Create one mac tcp numbered extended mac ip access rule If the numbered extended access list does not exist create the access list access list lt num gt deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt udp 4 source lt source wildcard gt any source host source lt source host ip gt s port lt port1 gt destination lt destination wildcard gt any destination host destination lt destination host ip gt d port lt port3 gt precedence lt precedence gt tos lt tos
132. wrr queue bandwidth Function Set the WRR weight of the egress queue of all switch ports The no format of the command restores the default value Parameter weight1 weight2 weight3 weight4 gt WRR weight ranging from 1 100 Default status By default weight1 weight2 weight3 weight4 are 25 Command mode Global mode Usage guide The absolute value of the WRR weight is meaningless WRR distributes the bandwidth according to the ratio of the four weights Currently the ratio of the WRR four queue bandwidths is fixed as 1 2 4 8 which cannot be changed Example Set the ratio of the four egress queue bandwidths as 1 2 4 8 Switch Config wrr queue bandwidth 1 2 4 8 priority queue out Command priority queue out no priority queue out Maipu Confidential amp Proprietary Information Page 443 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Configure the queue out mode The no format of the command restores the default value Parameters None Default Non priority queue mode Command Mode Global Configuration Mode Usage guide When adopting priority queue out mode the WRR weighting algorithm is not used to send packets Instead packets from the next queue can only be sent after those ones from the currently queue are all sent Example Set the queue out mode of port as priority queue mode Switch config priority queue out wrr queue cos map Command wrr queue cos map lt queue id gt lt cos1
133. 0 Default If no mask is specified default mask will be assigned according to the classful address Command Mode DHCP Address Pool Mode Usage guide This command sets the scope of addresses that can be used for dynamic assignment by the DHCP server one address pool can only have one corresponding segment This command is exclusive with the manual address binding command hardware address and host Example Configure the assignable address in pool 1 to be 10 1 128 0 24 Switch dhcp 1 config network address 10 1 128 0 24 Related command ip dhcp excluded address next server Command next server address1 address2 address8 no next server Maipu Confidential amp Proprietary Information Page 375 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Set the server address for storing the imported file of the client file the no next server command cancels the setting Parameters lt address1 gt lt address8 gt are IP addresses in the dotted decimal format Command Mode DHCP Address Pool Mode Usage guide This command configures the address for the server hosting client import file This is usually used for diskless workstations that need to download configuration files from the server on boot up This command is used together with bootfile Example Set the hosting server address as 10 1 128 4 Switch dhcep 1 config next server 10 1 128 4 Related command bootfile option Comman
134. 0 0 10 switchport mode trunk Switch Config Ethernet0 0 10 switchport dotlq tunnel mode uplink Switch Config Ethernet0 0 10 exit Switch Config PE2 Switch Config vlan 3 Switch Config Vlan3 switchport interface ethernet 0 0 1 Switch Config Vlan3 exit Switch Config stdotlq tunnel enable Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport dotlq tunnel mode customer Switch Config Ethernet0 0 1 exit Switch Config interface ethernet 0 0 10 Switch Config Ethernet0 0 10 switchport mode trunk Switch Config Ethernet0 0 10 switchport dotlq tunnel mode uplink Switch Config Ethernet0 0 10 exit Switch Config Dot1q tunnel Troubleshooting The customer port mode can only be configured on an access port while the uplink port mode only on a trunk port Maipu Confidential amp Proprietary Information Page 201 of 472 MyPower S3026G POE AC Switch User Manual V1 0 It is recommended to use the uplink port mode on a 1000M port to achieve the expected transmission rate and guarantee the high efficiency of the network This function can t be used simultaneously with private vlan Protocol VLAN Configuration Introduction to Protocol VLAN Protocol VLAN maps packets without any tag to a VLAN according to their protocol type instead of determining their VLAN according to the connected physical port of the switch After configuring Protocol VLAN the switch checks the packets rec
135. 0 2 Maipu Confidential amp Proprietary Information Page 449 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Ethernet0 0 2 default cos 0 DSCP Mutation Map Default DSCP Mutation Map Attached policy map for Ingress pl Displayed information Explanation Ethernet0 0 2 Port name default cos 0 Default CoS value of the port DSCP Mutation Map Default DSCP Mutation Map Port DSCP mapping name Attached policy map for Ingress p1 The name of the policy bound to port Switch show mls qos interface buffers ethernet 0 0 2 Ethernet0 0 2 buffer size of 4 queue 256 256 256 256 Displayed information Explanation Ethernet0 0 2 Port name buffer size of 4 queue 256 256 256 256 The four egress queues of the port The setting of the available buf quantity is fixed and cannot be changed Switch show mls qos interface queueing ethernet 0 0 2 Cos queue map Cos 0 1 2 3 4 5 6 Queue 1 2 2 3 3 4 Queue and weight type ql q2 q3 q4 QType 1 2 4 8 WFQ Displayed information Explanation Cos queue map Cos 0 1 2 34567 Queue 1 12 2 33 4 4 The mapping from COS value to queue Queue and weight type qi q2 q3 q4 QType 1 2 4 8 WFQ The weights corresponding to the four queues Switch show mls qos interface policers ethernet 0 0 2 Ethernet0 0 2 Attached policy map for Ingress p1 Displayed information Explanation Ethernet0 0 2 Port name
136. 00 13 The users with source MAC 00 00 00 00 00 100 1 1 2 User config 13 and source IP 100 1 1 2 to pass which is configured by the user am mac ip pool 00 00 00 00 01 12 The users with source MAC 00 00 00 00 01 100 1 1 1 User config 12 and source IP 100 1 1 1 to pass which is configured by the user am ip pool 10 1 1 1 8 User config The users with source IP 10 1 1 1 10 1 1 8 can pass which is configured by the user AM Troubleshooting c For AM the hardware resources are limited so each port can only be configured with 507 entries at most AM resources requires that the IP address and MAC address configured by the user cannot conflict that is different users cannot have the same configured IP or MAC on one switch Maipu Confidential amp Proprietary Information Page 350 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Channel Configuration Introduction to Port Channel To understand Port Channel Port Group should be introduced first Port Group is a group of physical ports in the configuration level only physical ports in the Port Group can take part in link aggregation and become a member port of a Port Channel Logically Port Group is not a port but a port sequence Under certain conditions physical ports in a Port Group perform port aggregation to form a Port Channel that has all the properties of a logical port therefore it becomes an independent logical port Port aggregation is a proces
137. 10 100M Example Set the bandwidth limit of 0 0 1 8 port to 40M Switch Config interface ethernet 0 0 1 8 Switch Config Port Range bandwidth control 40000 packet suppression Command packet suppression kbps broadcast brmc brmcdlf all no packet suppression Function Set the allowed data flow passing the switch port the no format of the command disables the data suppression of the port that is allow any data flow to pass at the wire speed Parameter kbps means the kbits permitted every second and the value range is 62 1000000 broadcast means the broadcast flow brmc means the broadcast and multicast flow brmcdlf means the broadcast multicast and DLF flow all means all data flow Command mode Port Mode Default status Allow data flow to pass at the wire speed by default Usage guide This command allows users to set the data suppression for some specific flow types and control the negative effect to the switch performance caused by redundant data flow Without any VLAN all switch ports are in the same broadcast domain in which case the broadcast flow greatly affects the switch performance As a result by using this command with the broadcast parameter users can protect the switch from broadcast storms When setting the allowed broadcast flow as 1000kps it means when there are more than 1000 kbit received per second the extra part are suppressed Example Set the port 1 8 to allow 1000kbit of broadcast data
138. 16 22 Switch Config Vlan200 exit Switch Config interface ethernet 0 0 23 Switch Config Ethernet0 0 23 switchport mode trunk Switch Config Ethernet0 0 23 exit Dot1q tunnel Configuration Introduction to Dot1q tunnel Dotiq tunnel is also called QinQ 802 1Q in 802 1Q which is an expansion of 802 1Q Its key idea is to encapsulate the customer VLAN tag CVLAN tag to the public VLAN tag SPVLAN tag With the two VLAN tags the packet is transmitted through the backbone network of the ISP internet so to provide a simple layer 2 tunnel for users It is simple and easy to manage applicable only by static configuration and especially adaptive to small office network or small scale metropolitan area network using layer 3 switch as backbone equipment Maipu Confidential amp Proprietary Information Page 196 of 472 MyPower S3026G POE AC Switch User Manual V1 0 On the customer port Trunk VLAN 200 300 This port on PE is configured as netrical PE e Ri N QinQ access port and belongs to SP networks S VLANS T Y runk eonnection L M P f U ea P T j i z i Thispor onPElisenabledQiQ A S PE2 CE2 and belong to VLAN3 i BR Fa a Rx r Customer connection ks On the customer port A Trunk VLAN 200 300 Dotig tunnel based Internetworking mode As shown in above after being enabled on the user port dotiq tunnel assigns each user an SPVL
139. 2 MyPower S3026G POE AC Switch User Manual V1 0 nonegotiate master slave the user can input the command as follows speed duplex auto speed duplex force10 half speed duplex force10 full speed duplex force100 half speed duplex force100 full speed duplex forcel g half speed duplex forcel g half nonegotiate speed duplex forcel g half nonegotiate master speed duplex forcel g half nonegotiate slave speed duplex forcel g full speed duplex forcelg full nonegotiate speed duplex forcelg full nonegotiate master speed duplex forcel g full nonegotiate slave snmp server community ro rw lt string gt the user can input the command as follows snmp server community ro lt string gt snmp server community rw lt string gt Shortcut Key Support MyPower S3026G POE AC provides several shortcut keys to facilitate user configuration such as up down left right and Blank Space If the terminal does not support the Up and Down keys ctrl p and ctrl n can be used instead Key s Function Back Delete a character before the cursor and the cursor moves forward Space Up t Show the previous command entered Up to 20 recently entered commands can be shown Down Show the next command entered When using the Up key to get previously entered ud commands you can use the Down key to return to the next command Left The cursor moves one character You can use the Left and Right key to modify
140. 21 Ethernet0 0 22 Ethernet0 0 23 Ethernet0 0 24 Ethernet0 0 25 Ethernet0 0 26 Displayed information Explanation VLAN VLAN number Name VLAN name Type first VLAN attributes statically configured or dynamically learned Media The network type of VLAN port Ports Access port within a VLAN Maipu Confidential amp Proprietary Information Page 206 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MSTP Configuration Introduction to MSTP The MSTP Multiple STP is a new spanning tree protocol based on the STP and the RSTP It runs on all the bridges of a bridged LAN It calculates a common and internal spanning tree CIST for the bridge LAN which consists of the bridges running the MSTP the RSTP and the STP It also calculates the independent multiple spanning tree instances MSTI for each MST domain MSTP domain The MSTP which adopts the RSTP for its rapid convergence of the spanning tree enables multiple VLANs to be mapped to the same spanning tree instance which is independent to other spanning tree instances The MSTP provides multiple forwarding paths for data traffic and enables load balancing Moreover because multiple VLANs share a same MSTI the MSTP can reduce the number of spanning tree instances which consumes less CPU resources and reduces the bandwidth consumption MSTP Domain Because multiple VLANs can be mapped to a single spanning tree instance IEEE 802 1s committee raises the MST conc
141. 255 255 255 0 The user can configure the IP address and mask according to the actual network environment After the configuration return to the VLAN1 interface configuration menu Select 1 in the Vlani interface configuration menu press Enter and the following screen appears Open interface Vlan1 for remote configuration y n y Maipu Confidential amp Proprietary Information Page 28 of 472 MyPower S3026G POE AC Switch User Manual V1 0 When powering on for the first time the Vlan1 interface that is CPU port is in the closed state and the user needs to enable the Vlani interface of the switch via the command Pressing Enter means to enable the VLan1 interface of the switch If selecting 2 in the Vlani interface configuration menu return to the Setup main menu Configure Telnet Server Select 2 in the Setup main menu and press Enter to start configuring the Telnet server The follow appears Configure telnet server 0 Add telnet user 1 Config telnet server status 2 Exit Selection number Select 0 in the Telnet server configuration menu press Enter and the following screen appears Please input the new telnet user name Note The valid username length is 1 to 16 characters When the user enters a valid username and presses Enter the following screen appears Please input the new telnet user password Note The valid length of the password is 1 8 characters After configuri
142. 3 5 20 loopback detection interval time Command loopback detection interval time lt oopback gt lt no loopback gt Function Set the loopback detection interval The no operate closes the loopback detection interval function Parameters oopback gt the detection interval if any loopback is found ranging from 5 to 300 in seconds no loopback gt the detection interval if no loopback is found ranging from 1 to 30 in seconds Default The default value is 30s with loopbacks existing and 10s otherwise Command Mode Global Configuration Mode Usage guide When there is no loopback detection the detection interval can be relatively shorter the short time is a disaster for the whole Maipu Confidential amp Proprietary Information Page 419 of 472 MyPower S3026G POE AC Switch User Manual V1 0 network if there is any loopback So a relatively longer interval is recommended when loopbacks exist Example Set the loopback detection interval as 35 15 Switch Config loopback detection interval time 35 15 Typical Instance of Port Loopback Detection SWITCH Network topology A typical instance of port loopback detection As shown in the above configuration the switch detects the existence of loopback in the network topology After enabling the function of loopback detection on the port connecting the switch with the outside network the switch informs the connected network of the existence of a loopback and
143. 306 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable the debug information of AAA about receiving and sending packets the no operation of this command disables the debug information Parameters send Enable the debug information of AAA about sending packets receive Enable the debug information of AAA about receiving packets all Enable the debug information of AAA about both sending and receiving packets lt interface number gt the number of interface Command mode Admin Mode Usage guide none Example Enable the debug information of AAA about sending and receiving packets on interface0 0 1 Switch debug aaa packet receive interface ethernet 0 0 1 debug aaa detail Command debug aaa detail connection eventlattribute interface ethernet lt InterfaceName gt no debug aaa detail connectionleventlattribute interface ethernet lt InterfaceName gt Function Enable the AAA detail debug information The no format of the command disables the AAA detail debug information Command mode admin mode Parameters connection means the connection details event means the event details attribute means the Radius attribute details lt InterfaceName gt means the interface name Usage guide none Example Enable the connection detail debug information Switch debug aaa detail connection debug dot1x error Command debug dotix error no debug dot1x error Maipu Confidential amp
144. 37 KOKK K K KK K K K K K K K K K K K K K K K K K write ok transfer complete close tftp client Maipu Confidential amp Proprietary Information Page 116 of 472 MyPower S3026G POE AC Switch User Manual V1 0 If the switch is upgrading system file or system boot file through TFTP the switch cannot be restarted until close tftp client is displayed indicating upgrade is successful Otherwise the switch may be rendered unable to start If the system file and system start up file upgrade through TFTP fails please try upgrade again or use the BootROM mode to upgrade System Log Introduction to System Log The system log takes over all information output and makes the detailed classification so to select the information effectively Combining with the Debug command it provides a powerful support for the network administrator and developer in monitoring the network operation state and locating the network failures The switch system log has the following features Log output from four directions or log channels of the Console Telnet terminal and monitor log buffer zone and log host The log information is classified to four levels of severities by which the information is filtered The log information can be divided according to different source modules and thus can be filtered by module Log Output Channel Currently the system log can output the log information via four channels Output the log informat
145. 50 Maipu Confidential amp Proprietary Information Page 464 of 472 MyPower S3026G POE AC Switch User Manual V1 0 power inline police Command power inline police enable no power inline police enable Function Enable disable the power priority management policy mode Parameters None Command Mode Global Mode Default The power priority management policy mode is disabled Usage guide Decide whether to use priority policy in power management policy The enable command makes priority policy in effect while no command recovers the first come first served policy With priority policy enabled port priority can be configured individually In priority mode when not enough PSE power is available ports with low priority will be closed to satisfy the power supply for ports with high priority no matter how long the access time of a PD is If two ports have same priority the one with smaller sequence number is higher privileged In first come first served mode new PDs will not get power supply if available PSE power is not enough Example Enable the power priority policy mode Switch Config power inline police enable power inline legacy Command power inline legacy enable no power inline legacy enable Function Set whether or not to provide power supply for non standard IEEE PD Parameters None Command Mode Global Mode Default Do not provide power supply for non standard IEEE PD Usage guide With this funct
146. 7 of 472 MyPower S3026G POE AC Switch User Manual V1 0 debug ip packet Command debug ip packet no debug ip packet Function Enable the IP packet debug function the no debug IP packet command disables this debug function Parameter None Default IP packet debugging function is disabled by default Command mode Admin Mode Usage guide Display the contents of IP packets received sent including source destination address and bytes etc Example Enable IP packet debug Switch debug ip packet IP PACKET rcvd src 1 1 1 1 dst 1 1 1 2 size 100 show ip route Command show ip route dest lt destination gt mask lt destMask gt nextHop lt nextHopValue gt protocol connected static rip ospf ospf ase bgp dvmrp lt vlan id gt preference lt pref gt count Function Display the route table Parameters lt destination gt is the destination network address lt destMask gt is the mask of the destination network lt nextHopValue gt is the next hop IP address connected is the direct connected route static is the static route rip is the RIP route ospf is the OSPF route ospf ase is the OSPF route bgp is the BGP route dvmrp is the DVMRP route vlan id is the VLAN ID pref is the route priority ranging from 0 to 255 count is the IP route entry quantity Command mode Admin mode Usage guide Display the contents of the core route table including route type destination network
147. AN identification SPVID Here the identification of user is 3 Same SPVID should be assigned for the same network user on different PEs When packet reaches PE1 from CE1 it carries the VLAN tag 200 300 of the user internal network Since the dotiq tunnel function is enabled the user port on PE1 adds another VLAN tag to the packet of which the ID is the SPVID assigned to the user Afterwards the packet is only transmitted in VLAN3 when traveling in the ISP internet network while carrying two VLAN tags the inner tag is added when entering PE1 and the outer is SPVID whereas the VLAN information of the user network is open to the provider network When the packet reaches PE2 and before being forwarded to CE2 from the client port on PE2 the outer VLAN tag is removed and then the packet CE2 receives is absolutely identical to the one sent by CE1 For the user the role the operator network plays between PE1 and PE2 is to provide a reliable layer 2 link The Dotiq tuunel technology provides the ISP the ability of supporting many client VLANs by only one VLAN of theirselves Both the ISP and the clients can configure their own VLAN independently It is obvious that the dotiq tunnel function has the following features Applicable through simple static configuration no complex configuration or maintenance to be needed Operators only have to assign one SPVID for each user which increases the number of concurrent supportable users whil
148. C serves as FTP server whose IP address is 10 1 1 1 The switch serves as the FTP CLIENT The IP address of the switch VLAN1 interface is 10 1 1 2 View the file list on the FTP server FTP configuration PC Enable FTP Server software on PC and set user as admin and the password as admin MyPower S3026G POE AC Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config If Vlan1 exit Switch Config dir ftp admin admin 10 1 1 1 220 Serv U FTP Server v2 5 build 6 for WinSock ready 331 User name okay need password 230 User logged in proceed 200 PORT Command successful 150 Opening ASCII mode data connection for bin ls recv total 480 nos img nos rom parsecommandline cpp position doc qmdict zip shell maintenance statistics xls omitted show txt snmp TXT 226 Transfer complete Switch Config FTP TFTP Troubleshooting Monitoring and Debugging Commands show ftp Command show ftp Function Display the parameter settings for the FTP server Maipu Confidential amp Proprietary Information Page 114 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Admin mode Default status No display by default Example Switch show ftp Timeout 600 seconds Displayed information Description timeout Timeout show tftp Command show tftp Function Display the parameter settings for the TF
149. CP ICMP c HTTP v SNMP V1 V2C V3 Management Protocols and Methods c CLI command line Supports SNMP V1 V2C Supports Web and Telnet management RFC1757 RMON 1 2 3 9 MIB RFC1213 MIB II RFC1493 Bridge MIB Maipu Confidential amp Proprietary Information Page 16 of 472 MyPower S3026G POE AC Switch User Manual V1 0 gt RFC1643 Ether Like MIB c Private MIB Physical Specifications MyPower S3026G POE AC Weight 4 13KG Dimension 440x171 2x43 mm Operation 0 C 45 C temperature Storage 40 C 70 C Temperature Relative 10 90 with no condensation humidity AC Power Input 100 240VAC 50 60Hz Power Max 30W 45W system power Consumption consumptio 180W PoE power consumption for outside 225W max power consumption during full load Mean Time 80 000 hours Before Failure Product Appearance Front Panel The front panel of MyPower S3026G POE AC switch Malou 23 pana eseseses aas ea ee eer ieees loc om Back Panel The back panel of MyPower S3026G POE AC switch eb dp Maipu Confidential amp Proprietary Information Page 17 of 472 MyPower S3026G POE AC Switch User Manual V1 0 LED The LED indicators of MyPower S3026G POE AC switch include System Link Act and 1000M indicators The following figure demonstrates the LED indicators of MyPower S3026G POE AC The LED indicators of MyPower S3026G POE AC The LED indi
150. Config service dhcp DHCP Server Configuration Instance Scenario 1 To save configuration efforts of network administrators and users a company is using the switch as a DHCP server The IP address of Admin VLAN is 10 16 1 2 24 The local area network for the company is divided into network A and B according to the office locations The network configurations for location A and B are shown below PoolA network 10 16 1 0 PoolB network 10 16 2 0 Device IP address Device IP address Default gateway 10 16 1 200 Default gateway 10 16 1 200 10 16 1 201 10 16 1 201 DNS server 10 16 1 202 DNS server 10 16 1 202 WINS server 10 16 1 209 WWNW server 10 16 1 209 WINS node type H node Lease 3 days Lease 1day In location A a machine with MAC address 00 03 22 23 dc ab is assigned with a fixed IP address of 10 16 1 210 and named as management Switch Config interface vlan 1 Switch Config If Vlan1 ip address 10 16 1 2 255 255 255 0 Switch Config If Vlan 1 exit Switch Config ip dhcp pool A Switch dhcp A config network address 10 16 1 0 24 Switch dhcp A config lease 3 Switch dhcp A config default router 10 16 1 200 10 16 1 201 Switch dhcp A config dns server 10 16 1 202 Switch dhcp A config netbios name server 10 16 1 209 Switch dhcp A config netbios node type H node Switch dhcp A config exit Switch Config ip dhcp excluded address 10 16 1 200 10 16 1 210 Switch Config ip dhcp pool B Swi
151. Configure the expanded 802 1x function of the switch Command Explanation Global Mode dotix macfilter enable no dotix macfilter enable Enable the 802 1x address filter function on the switch the no command disables the 802 1x address filtering function dotix accept mac mac address interface interface name no dotix accept mac lt mac address interface nterface name Add 802 1x address filter entry the no command deletes 802 1x filter address table entries dotix eapor enable no dotix eapor enable Enable the EAP relay authentication function on the switch the no command sets EAP local termination authentication dotix unicast enable no dotix unicast enable Enable the 802 1x unicast authentication function of the switch The no format of the command disables the 802 1x unicast authentication function dotix bpdu forward enable no dotix bpdu forward enable Enable the 802 1x authentication transparent transmission function of the switch The no format of the command disables the 802 1x authentication transparent transmission function Ji Configure the attributes of Supplicant Maipu Confidential amp Proprietary Information Page 283 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Global Mode dotix max req lt count gt no dotix max req Set the times of sending EAP request MD5 frame before the sw
152. E 99 Last 30 second CPU IDLE 99 Last 5 minute CPU IDLE 99 From running CPU IDLE 99 show tech support Command show tech support Function Collect the technical support information Command mode Admin and Configuration Mode Usage guide This command is used to collect the relative information when the switch fails Example Maipu Confidential amp Proprietary Information Page 58 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch show tech support vendorcontact Command vendorcontact information Function set the contact information of the vendor in the switch Parameter information is the contact information character string of the vendor Command mode global mode Usage guide The contact information of thr vendor set by the command can be telephone fax and so on Example Set the contact telephone of the vendor as 400 886 8669 Switch Config vendorcontact 400 886 8669 vendorlocation Command vendorlocation information Function set the location of the switch Parameter information is the character string of the switch location Command mode global mode Example set the character string of the switch location as china Switch Config vendorlocation china web language Command web language chinese english Function Set the language for displaying the information on the web interface Parameter Chinese sets the display language of the web interface as Chinese Eng
153. Explanation Global Mode radius server authentication host lt IPaddress gt port lt portNum gt primary no radius server authentication host lt IPaddress gt Configure the IP address and monitoring port number of the RADIUS authentication server The no format of the command deletes the RADIUS host radius server accounting host Paddress port lt portNum gt primary no radius server accounting host lt Paddress gt Configure the IP address and monitoring port number of the RADIUS accounting server The no format of the command deletes the RADIUS host C Configure RADIUS service parameters Command Explanation Global Mode Maipu Confidential amp Proprietary Information Page 284 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Configure the recovery time after the RADIUS server becomes down The no format of the command restores the default configuration radius server dead time lt minutes gt no radius server dead time Configure the RADIUS re transmission times The no format of the command restores the default configuration radius server retransmit lt retries gt no radius server retransmit Configure the timeout of the RADIUS server The no format of the command restores the default configuration radius server timeout lt seconds gt no radius server timeout radius server accounting interim update timeout
154. FFER DHCPACK and DHCPNAK it alarms and responds according to the situation shutdown the port or send Black hole Defense against DHCP over load attacks To avoid too many DHCP messages attacking CPU users should limit the DHCP speed of receiving packets on trusted and non trusted ports Record the binding data of DHCP DHCP SNOOPING records the binding data allocated by DHCP SERVER while forwarding DHCP messages it can also upload the binding data to the specified server to backup it The binding data is mainly used to configure the dynamic users of dotix user based ports Please refer to the chapter called dotix configuration to find more about the usage of dot1x use based mode Add binding ARP DHCP SNOOPING can add static binding ARP according to the binding data after capturing binding data thus to avoid ARP cheating Add trusted users DHCP SNOOPING can add trusted user list entries according to the parameters in binding data after capturing binding data thus these users can access all resources without DOT1X authentication Automatic Recovery A while after the switch shut down the port or send blockhole it should automatically recover the communication of the port or source MAC and send information to Log Server via syslog LOG Function When the switch discovers abnormal received packets or automatically recovers it should send syslog information to Log Server Maipu Confidential amp Proprietary Information Page 384
155. HHHBHHHHHHHBHHBHHHHHHHBHHBE Instance 4 HAHAHAHA Self Bridge Id 32768 00 03 0f 01 0e 30 Region Root Id this switch Int RootPathCost 0 Root Port ID 0 Current port list in Instance 4 Ethernet0 0 1 Ethernet0 0 2 Total 2 PortName ID IntRPC State Role DsgBridge DsgPort Ethernet0 0 1 128 001 0 FWD MSTR 32768 00030f010e30 128 001 Ethernet0 0 2128 002 0 BLK ALTR 32768 00030f010e30 128 002 Displayed Information Description O 1 1 1 O Bridge Information p LLL Standard Standad O Bridge MAC Bridge MAC address Max Age Hello Time and Forward Delay of the bridge Maipu Confidential amp Proprietary Information Page 231 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Version of STP Instance Information aaa Self Bridge Id The priority and the MAC address of the current bridge for the current instance Root Id The priority and the MAC address of the root bridge for the ne current instance Ext RootPathCost Total cost from the current bridge to the root of the entire network Int RootPathCost neu a the current bridge to the region root of the current MSTP Port List Of The Current Instance ID Portpririyandpotindx 1 O EXtRPC IntRPC Cost from the current port to the region root of the current instance Port status of the current instance Roe J Portrole of the current instance instance instance show spanning tree mst config Command show spanning tree mst config Function Displ
156. II as well as standard management information libraries such as RMON 1 2 3 9 MIB It supports SSH protocol which ensures the security of the configuration management in the switch Besides it provides a unique function to manage and set the IP of workstations enabling the switch to automatically filter invalid remote network management access and thus guarantee the efficiency security and consistency of remote network management access Main Features Applying Store and Forward switch mode to ensure block free transmission All of the RJ 45 ports support MDI MDI X self adaptation can be conveniently cascade connected to other switcher using straightthrough twisted pair Providing Console port Allowing users to check the working state and statistic information of ports Can be rebooted locally and remotely to reset the switch to the default configuration Can update the firmware via TFTP FTP Maipu Confidential amp Proprietary Information Page 15 of 472 MyPower S3026G POE AC Switch User Manual V1 0 e Can be fixed in a standard 19 inch frame Technical Specifications Protocols and Standards c EEE802 3 10BASE T Ethernet c EEE802 3u 100BASE TX FX fast Ethernet c EEE802 3x traffic control c EEE802 1x network access control c EEE802 1d s spanning tree IEEE802 1p priority control c IEEE802 1q VLAN c EEE802 3ad link aggregation c TFTP FTP DHCP c BootP c Telnet gt IP UDP T
157. IP address and the format is dotted decimal notation lt sMask gt is the reverse mask of source IP and the format is dotted decimal notation lt dIpAddr gt is the destination IP address and the format is dotted decimal notation lt dMask gt is the reverse mask of destination IP and the format is dotted decimal notation attentive position o ignored position 1 igmp type the type of igmp 0 255 lt icmp type gt the type of icmp 0 255 icmp code protocol No of icmp 0 255 prec IP priority 0 7 tos to value 0 15 sPort source port No 0 65535 dPort the number of the destination port ranging from O to 65535 time range name the range of the time Command Mode The named extended IP access list configuration mode Default No access list is configured Maipu Confidential amp Proprietary Information Page 326 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Create the extended access list named udpFlow deny icmp packet to pass and permit udp packet with destination address 192 168 0 1 and destination port 32 to pass Switch Config ip access list extended udpFlow Switch Config Ext Nacl udpFlow access list 110 deny igmp any source any destination Switch Config Ext Nacl udpFlow access list 110 permit udp any source host destination 192 168 0 1 d port 32 permit deny ip standard Command deny permit lt sIpAddr gt lt sMask gt any source host source lt
158. IP address pool Configuration steps Switch Config am enable Switch Config interface ethernet 0 0 10 Switch Config Ethernet0 0 10 am port Switch Config Ethernet0 0 10 am mac ip pool 00 00 00 00 01 12 100 1 1 1 Switch Config Ethernet0 0 10 am mac ip pool 00 00 00 00 00 13 100 1 1 2 Switch Config Ethernet0 0 10 exit Switch Config exit Configuration result Switch show am Global AM is enabled Interface Ethernet0 0 10 am is enable Interface Ethernet0 0 10 am mac ip pool 00 00 00 00 00 13 100 1 1 2 User config am mac ip pool 00 00 00 00 01 12 100 1 1 1 User config AM Troubleshooting AM Debugging and Monitoring Commands show am Command show am interface lt interfaceName gt Function Display the configured address entries of the switch Parameters lt interface name gt is the physical interface name Command Mode Global mode Default status none Maipu Confidential amp Proprietary Information Page 349 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide When the name of the access interface is not specified display all access control lists Example Switch show am Global AM is enabled Interface Ethernet0 0 10 am mac ip pool 00 00 00 00 00 13 100 1 1 2 User config am mac ip pool 00 00 00 00 01 12 100 1 1 1 User config Interface Ethernet0 0 1 am ip pool 10 1 1 1 8 User config Displayed Content Explanation Global AM is enabled AM is enabled am mac ip pool 00 00 00 00
159. If it is configuration for modules such as shutdown or speed configuration the configuration to current port will apply to all member ports in the corresponding port group Example Enter configuration mode for port channel 1 Switch Config interface port channel 1 Switch Config If Port Channel Port Channel Instance Scenario 1 Configure Port Channel in LACP 52 Configuring Port Channel in LACP The following takes Switch to express the switch As shown in the above figure ports 49 50 and 51 on Switch1 are access ports and belong to VLAN 1 Add the three ports to groupi in active mode Ports 49 50 and 51 of Switch 2 are trunk ports and allow all Add the three ports to group 2 in passive mode All the ports should be connected with cables The configuration steps are listed below Switchl Config Switch1 Config interface eth 0 0 49 51 Switch1 Config Port Range port group 1 mode active Switch Config Port Range exit Switch1 Config interface port channel 1 Switch1 Config If Port Channel Maipu Confidential amp Proprietary Information Page 355 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch2 config Switch2 Config port group 2 Switch2 Config interface eth 0 0 49 Switch2 Config Ethernet0 0 49 port group 2 mode passive Switch2 Config Ethernet0 0 49 exit Switch2 Config interface eth 0 0 50 51 Switch2 Config Port Range port group 2 mode passive Switch2 C
160. LAN Troubleshooting Although without necessity each IP protocol VLAN should include ARP protocols to avoid possible communication problems caused by ARP failures VLAN Troubleshooting Monitoring and Debugging Information show vlan Command show vlan brief private vlan id lt vlan id gt name lt vlan name gt summary Function Display detailed information for all VLANs or specified VLAN Parameter brief stands for brief information summary for VLAN statistics lt vlan id gt for VLAN ID of the VLAN to display status information the valid range is 1 to 4094 lt vlan name gt is the VLAN name for the VLAN to display status information valid length is 1 to 11 characters Summary shows all existing VLAN IDs Command mode Admin Mode Usage guide If no lt vlan id gt or lt vlan name gt is specified then information for all VLANs in the switch will be displayed Example Display the status information of VLAN1 Switch show vlan id 1 VLAN Name Type Media Ports 1 defaut Static ENET Ethernet0 0 1 Ethernet0 0 2 Ethernet0 0 3 Ethernet0 0 4 Ethernet0 0 6 Ethernet0 0 7 Ethernet0 0 8 Ethernet0 0 9 Ethernet0 0 10 Ethernet0 0 11 Ethernet0 0 12 Ethernet0 0 14 Maipu Confidential amp Proprietary Information Page 205 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Ethernet0 0 15 Ethernet0 0 16 EthernetO0 0 17 Ethernet0 0 18 Ethernet0 0 19 Ethernet0 0 20 EthernetO0 0
161. MAIPU MyPower S3026G POE AC Switch User Manual V1 0 Maipu Communication Technology Co Ltd No 16 Jiuxing Avenue Hi tech Park Chengdu Sichuan Province People s Republic of China 610041 Tel 86 28 85148850 85148041 Fax 86 28 85148948 85148139 URL http www maipu com Email overseas maipu com Maipu Confidential amp Proprietary Information Page 1 of 472 MyPower S3026G POE AC Switch User Manual V1 0 All rights reserved Printed in the People s Republic of China No part of this document may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written consent of Maipu Communication Technology Co Ltd Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose Further Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes Maipu values and appreciates comments you may have concerning our products or this document Please address comments to Maipu Communication Technology Co Ltd No 16 Jiuxing Avenue Hi tech Park Chengdu Sichuan Province People s Republic of C
162. MIB The network management information accessed by NMS is well defined and organized in a Management Information Base MIB MIB is pre defined information which can be accessed by network management protocols It is in layered and structured form The pre defined management information can be obtained from monitored network devices ISO ASN 1 defines a tree structure for MID Each MIB organizes all the available information with this tree structure And each node on this tree contains an OID Object Identifier and a brief description about the node OID is a set of integers divided by periods It identifies the node and can be used to locate the node in a MID tree structure shown in the figure below Root Node 1 Node 2 Node 1 Node 2 Object 1 Node 1 Object 2 ObjectA 1 ASN 1 tree instance In this figure the OID of the object A is 1 2 1 1 NMS can locate this object through this unique OID and gets the standard variables of the object MIB defines a set of standard variables for monitored network devices by following this structure If the variable information of Agent MIB needs to be browsed the MIB browse software needs to be run on the NMS MIB in the Agent usually Maipu Confidential amp Proprietary Information Page 84 of 472 MyPower S3026G POE AC Switch User Manual V1 0 consists of public MIB and private MIB The public MIB contains public network management information that can be accessed by al
163. Manual V1 0 Usage guide If enabling the debug information when Telnet client accesses the switch the debug information is not displayed on the Telnet interface but on the HyperTerminal connected to the Console port The command can make the debug information be displayed on the Telnet terminal interface but not the Console or other Telnet terminal interface Example Enable the Telnet client to display the debug information Switch monitor Related command telnet user 3 telnet Command telnet lt ip addr gt lt ip host name gt lt port gt Function Log into the remote host with the IP address of lt ipv6 addr gt by Telnet Parameter ip addr is the IP address of the remote host shown in dotted decimal format ipv6 addr is the IPv6 address of the remote host hostname is the name of the remote host containing max 30 characters lt port gt is the port number ranging between 0 65535 Command mode Admin Mode Usage guide This command is used when the switch is applied as Telnet client for logging into remote host to configure parameters When a switch is applied as a Telnet client it can only establish the TCP connection with one remote host To connect to another remote host the current TCP connection must be disconnected with a shortcut Ctrl I Example 1 The switch Telnets to a remote router whose IP address is 20 1 1 1 Switch telnet 20 1 1 1 23 Trying 20 1 1 1 Service port is 23 Con
164. Mode Usage guide Display the content of current ARP table such as IP address hardware address hardware type interface name etc Example Switch sh arp Total arp items is 1 the matched arp items is 1 Address Hardware Addr Interface Port Flag 2 2 2 66 00 10 00 00 00 C5 Vlanl Ethernet0 0 13 Dynamic Displayed information Explanation Addrss IP address here it is 2 2 2 66 Hardware Address Hardware address here it is 00 10 00 00 00 C5 Interface L3 interface here it is the L3 interface on VLAN1 Port L2 interface Flag ARP entry attributes Dynamic or Static Maipu Confidential amp Proprietary Information Page 460 of 472 MyPower S3026G POE AC Switch User Manual V1 0 debug arp Command debug arp no debug arp Function Enable the ARP debugging function the no debug arp receive send state command disables this debugging function Default ARP debug is disabled by default Command mode Admin Mode Usage guide Display the contents for ARP packets received sent including type source and destination address etc Example Enable ARP RECEIVE debugging Switch debug arp ARP rcvd type 1 src 1 1 1 1 1234 1234 1234 dst 1 1 1 2 5678 5678 5678 ARP Trousbleshooting If ping from the switch to directly connected network devices fails the following can be used to check the possible cause and create a solution Check whether the corresponding ARP is learned by the swit
165. Mode Instructions This command is used to configure and manage the commander switch remotely Users have to telnet the commander switch by passing the authentication The command exit is used to quit the Maipu Confidential amp Proprietary Information Page 139 of 472 MyPower S3026G POE AC Switch User Manual V1 0 configuration interface of the commander switch If running the command on non command switch return error Example On the member switch enter the configuration interface of the commander switch Switch rcommand commander cluster reset member Command cluster reset member lt mem id gt Function On the commander switch this command can be used to restart the member switch Parameter member id ranging from 1 to 23 Use hyphen or semicolon to select more than one member Default status none Command mode Admin Mode Instructions On the commander switch users can use this command to reset a member switch If this command is executed in a non commander switch an error is displayed Example On the commander switch reset the member switch 16 Switch cluster reset member 16 cluster update member Command cluster update member lt mem id gt lt src url gt lt dst url gt ascii binary Parameter lt mem id gt is cluster ID of the member switch and the value range is 1 23 src url is the location of the copied source file or directory lt dst url gt is the destination of the c
166. NID The VLANID here means the VID of VLAN ranging from 1 to 4094 For example Tunnel Private Group ID 30 means VLAN 30 Maipu Confidential amp Proprietary Information Page 280 of 472 MyPower S3026G POE AC Switch User Manual V1 0 When the switch receives the assigned Auto VLAN information the current Access port leaves the VLAN set by the user and joins Auto VLAN Auto VLAN does not change or affect the port s configuration But the priority of Auto VLAN is higher than that of the user set VLAN that is Auto VLAN is the one takes effect when the authentication is finished while the user set VLAN do not work until the user become offline Note At present Auto VLAN can only be used in the port based access control mode and on the ports whose link type is Access 2 Guest VLAN Guest VLAN feature is used to allow the unauthenticated user to access some specified resources The user authentication port belongs to a default VLAN Guest VLAN before passing the 802 1x authentication with the right to access the resources within this VLAN without authentication But the resources in other networks are beyond reach Once authenticated the port leaves Guest VLAN and the user can access the resources of other networks In Guest VLAN users can get 802 1x supplicant system software update supplicant system or update some other applications such as anti virus software the patches of operating system The access device adds the p
167. P Snooping has no static binding table entry by default Usage guide The static binding users is deal in the same way as the dynamic binding users captured by DHCP SNOOPING the follwoing actions are all allowed notifying DOT1X to be a controlled user of DOT1X adding a trusted user table entry directly adding a bingding ARP table entry The static binding uses will never be aged and have a priority higher than dynamic binding users Only after the DHCP SNOOPING binding function is enabled the static binding users can be enabled Example Configure static binding users on switch port Ethernet0 0 16 Switch Config ip dhcp snooping binding user 00 03 0f 12 34 56 address 192 168 1 16 255 255 255 0 vlan 1 interface Ethernet0 0 16 Related command ip dhcp snooping binding enable ip dhcp snooping binding arp Command ip dhcp snooping binding arp no ip dhcp snooping binding arp Function Enable the DHCP Snooping binding ARP funciton Parameters None Command Mode Global configuration mode Default Settings DHCP Snooping binding ARP funciton is disabled by default Usage guide When this function is enbaled DHCP SNOOPING will add binding ARP list entries according to binding information Only after the binding function is enabled can the binding ARP function be enabled Binding ARP list entries are static entries without configuration of reservation and will be added to the NEIGHBOUR list directly The priority of binding ARP list ent
168. P address of network source wildcard reverse of source IP Numbers of 32 bit binary system expressed by decimal s numbers with four point separated reverse mask destination host ip destination No of destination network or host to which packets are delivered Numbers of 32 bit binary system with dotted decimal notation expression host means the address is that the destination host address otherwise the network IP address destination wildcard mask of destination I Numbers of 32 bit binary system expressed by decimal s numbers with four point separated reverse mask s port optional means the need to match TCP UDP source port porti optional value of TCP UDP source interface No Interface No is an integer from 0 65535 d port optional means need to match TCP UDP destination interface port3 optional value of TCP UDP destination interface No Interface No is an integer from 0 65535 ack fin psh rst urg syn optional only for TCP protocol multi choices of tag positions are available and when TCP data reports the configuration of corresponding position then initialization of TCP data report is enabled to form a match when in connection precedence optional packets can be filtered by priority which is a number from 0 7 tos optional packets can be filtered by service type which ia number from 0 15 icmp type optional ICMP packets can be fillered by packet type which is a number from 0 255 icmp code Maipu Conf
169. P address pool for cluster member devices cluster member candidate sn lt cand sn gt mac address lt mac add gt lt mem id gt password lt pass gt no cluster member lt mem id gt Add or remove a member switch 3 Configure the attributes of the cluster on the command switch Command Explanation Global Mode cluster auto add enable no cluster auto add enable Enable or disable adding newly discovered candidate switch to the cluster cluster holdtime lt second gt no cluster holdtime Set the heartbeat hold time of the cluster cluster heartbeat lt nterva gt no cluster heartbeat Set the interval of the switches in the cluster sending the heartbeat packets Admin mode clear cluster candidate table Clear the list of the candidate switches discovered by the command switch 4 Configure the parameters of the cluster on the candidate switch Command Explanation Global Mode cluster register timer lt timer value gt no cluster register timer Set the interval of sending the cluster register packets 5 Remote cluster network management Command Explanation Admin Mode rcommand lt mem id gt On the command switch this command is used to configure and manage member switches rcommand commander On the member switch this command is used to configure the commander switch cluster reset member
170. P debugging information Command mode Admin Mode Usage guide This command is the general switch for all the MSTP debugging Users should enable the detailed debugging information and then they can use this command to display the relevant debugging information The functions of the debug switch include view the sending and receiving of the dpdu packets the even processing status machine and timer when the MSTP protocol runs In general this command is used by skilled technicians Example Enable port 0 0 1 to receive the debugging information of BPDU packets Switch debug spanning tree Switch debug spanning tree bpdu rx interface ethernet 0 0 1 Maipu Confidential amp Proprietary Information Page 233 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MSTP Troubleshooting v In order to run the MSTP on the switch port the MSTP has to be enabled globally If the MSTP is not enabled globally it can t be enabled on the port The MSTP timer parameters co work with each other The wrong configuration may result in the abnormal working of the switch The relation of the timer parameters is as follows 2x Bridge Forward Delay 1 0 seconds gt Bridge Max Age Bridge Max Age gt 2 x Bridge Hello Time 1 0 seconds c When users modify the MSTP parameters they have to be sure about the generated topologies Except for the global bridge based parameter configuration the other configurations are based on the instance
171. P scanning function set the port as anti arpscan trust supertrust port before configuring the port as port channel Otherwise the ports may be disabled because of sending too many ARP packets when the switch is enabled and as a result port channel cannot be set up Maipu Confidential amp Proprietary Information Page 362 of 472 MyPower S3026G POE AC Switch User Manual V1 0 DHCP Configuration Introduction to DHCP DHCP RFC2131 is the acronym for Dynamic Host Configuration Protocol It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway DNS server and default route and host image file position within the network DHCP is the enhanced version of BOOTP It is a mainstream technology that can not only provide boot information for diskless workstations but can also release the administrators from manual recording of IP allocation and reduce user effort and cost on configuration Another benefit of DHCP is it can partially ease the pressure on IP demands when the user of an IP leaves the network that IP can be assigned to another user DHCP is a client server protocol and the DHCP client requests the network address and configuration parameters from the DHCP server the server provides the network address and configuration parameters for the clients if DHCP server and clients are located in different subnets DHCP relay is required for DHCP
172. POE AC Switch User Manual V1 0 Configuration Classification Introduction to Configuration Classification To effectively protect the network the switch allows users to log on as different identities to configure it allows different password for those identities and allows those identities to use different rights Currently the switch provides two identities that is visitor and admin Their differences are listed as follows Identity to login Configuration Rights visitor Most of show command and ping traceroute clear config commands the identity cannot enter the config mode admin All commands Configure Classified Configuration Task List of Configuring Classified Configuration 1 Command to enter the admin mode 2 Setthe corresponding password for the login identity 1 Command to enter the admin mode Command Explanation enable level visitor admin lt password gt Use the specified identity and password to log in to the switch 2 Set the password of the login identity Command Explanation enable password level visitor admin Specify the password of logging in to the configuration mode Commands for Configuring Classified Configuration enable Command enable level visitor admin lt password gt Function This command is used to specify the login user to be management level or access level Maipu Confidential amp Proprietary Informati
173. SNMP Trap function of anti arpscan no anti arpscan trap enable command disable the SNMP Trap function of anti arpscan Parameters None Default Disable Anti ARPscan SNMP Trap function Command Mode Global configuration mode Maipu Confidential amp Proprietary Information Page 410 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide After enabling the SNMP Trap function of anti arpscan users receive Trap message whenever a port is closed or recovered by anti ARPscan and whenever IP t is closed or recovered by anti ARPscan Example Enable Anti ARPscan SNMP Trap function of the switch Switch Config anti arpscan trap enable Anti ARP Scanning Troubleshooting By default the anti ARP scanning is disabled After enabling anti ARP scanning users can enable the debug switch via the command debug anti arpscan to view debug information If the port status is displayed as not closed when using the command show anti arpscan it only indicates that the port is not disabled by the anti ARP scan function If it is disabled by other module you can use the command show interface to view To configure the port as port channel you should configure the port as the trust port Otherwise the port may be shut down because of sending too many ARP packets when the switch is enabled IP based anti ARP scan can disable 128 IP at most If exceeding the threshold the system returns the prompt information When remotely ma
174. So when the severity threshold is set to debugging all information is outputted and if severity threshold is set as critical only critical alerts and emergencies are outputted Severity Level Description Syslog critical 2 Critical conditions LOG CRIT warnings 4 Warning conditions LOG WARNING notifications 5 Normal but significant condition LOG NOTICE debugging 7 Debugging messages LOG DEBUG The switch can generate information of following two levels Up down switch topology change aggregate port state change of the interface are classified to warnings The display level of the output monitored by shell Configure command is notifications By default the system log is disabled When it is enabled because of the classification and output of the information especially when there is a large amount of information under processing the system performance will be affected Three level switch of Log Message The system log uses three level switch architecture to control the output of the log message global log switch log output channel state and the module state of channel filter Items Only when the global switch is on the log message is written to the log message queue Maipu Confidential amp Proprietary Information Page 118 of 472 MyPower S3026G POE AC Switch User Manual V1 0 After the switch boots the system log task is started The aim of this task is to read out every log messa
175. Switch Config mac access list extended mac_acl Switch Config Mac Ext Nacl mac_acl permit deny mac extended Command no deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt cos lt cos val gt lt cos bitmask gt vlanId vid value lt vid mask gt ethertype protocol lt protocol mask gt Maipu Confidential amp Proprietary Information Page 329 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no deny permit any source mac host source mac host smac lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt untagged eth2 ethertype protocol protocol mask no deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt untagged 802 3 no deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tagged eth2 cos lt cos val lt cos bitmask gt vlanId lt vid value gt lt vid mask gt ethertype protocol lt protocol mask gt no deny permit any source mac host source mac lt host_smac gt lt
176. Switch User Manual V1 0 MyPower S3026G POE AC is the L2 switch and can be configured with one IP address For the configuration refer to the later chapter The following example assumes the shipment status of the switch and only VLAN1 exists in the system The following describes the steps for a Telnet client to connect to the switch s VLAN1 interface via Telnet Manage the switch via Telnet Step 1 Configure the IP addresses for the switch First configure the IP address of the host which should be in the same network segment as the IP address of the switch VLAN1 interface For example if the IP address of the switch s VLAN1 interface is 10 1 128 251 you can set the IP address of the host as 10 1 128 252 Run ping 10 1 128 251 on the host and verify the result Check for reasons if ping failed The commands of configuring the IP address of the VLAN1 interface of the switch are listed below Before in band management the switch must be configured with an IP address by outband management that is Console mode The configuration commands are as follows All switch configuration prompts are assumed to be Switch hereafter if not otherwise specified Maipu Confidential amp Proprietary Information Page 38 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Switch gt en Switch config Switch Config interface vlan 1 Switch Config If Vlan1 ip address 10 1 128 251 255 255 255 0 Switch Config If Vlan1
177. Switch show aaa authenticated user authenticated users UserName Port OnTime sec UserIP MAC show aaa authenticating user Command show aaa authenticating user Function Display the authenticating users Command mode Admin Mode Usage guide Usually the administrator concerns only information about the authenticating user the other information displays is used for troubleshooting by the technical support Example Switch show aaa authenticating user authenticating users User name Retry time Radius ID Port Eap ID Chap ID Mem Addr State bb 0 4 2 1 0 16652824 ACCOUNT STARTING show radius count Command show radius authencated user authencating user count Function Display the statistics for RADIUS authentication users Parameters authenticated user displays the authenticated users online authenticating user displays the authenticating users Command mode Admin Mode Maipu Confidential amp Proprietary Information Page 304 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide The statistics for RADIUS authentication users can be displayed with the show radius count command Example Display the statistics for RADIUS authenticated users Switch show radius authencated user count The authencated online user num is 1 Display the statistics for RADIUS authenticated users and others
178. Switch show radius authencating user count The authencating user num is 1 show dotix Command show dotix interface lt interface list gt Function Display dotix parameter information if the parameter information is added the dot1x status for corresponding port is displayed Parameters lt interface list gt is the port list If no parameter is specified the information for all ports is displayed Command mode Admin Mode Usage guide The dotix related parameter and dotix information can be displayed with show dotix command Example Display the information about dotix global parameter of the switch Switch show dotlx Global 802 1X Parameters free resource unknown reauth enabled yes reauth period 3600 quiet period 10 tx period 30 max req 2 authenticator mode active Mac Filter Disable MacAccessList dotlx EAPoR Enable dot1x privateclient Enable dot1x unicast Disable 802 1X is enabled on ethernet Ethernet0 0 8 Maipu Confidential amp Proprietary Information Page 305 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Authentication Method User based advanced Max User Number 10 Notify DCBI is 0 Displayed information Explanation Global 802 1x Parameters Global 802 1x parameter information free resource Limited resources reauth enabled Whether re authentication is enabled or not reauth period Re authentication interval quiet period Sil
179. TP server Default status No display by default Command mode Admin mode Example Switch show tftp Timeout 20 seconds Retry Times 5 Displayed information Explanation Timeout Timeout time Retry Times Retransmission times FTP Troubleshooting When uploading downloading system file with the FTP protocol the connectivity of the link must be ensured i e use the Ping command to verify the connectivity between the FTP client and server before running the FTP program If ping fails you need to check for appropriate troubleshooting information to recover the link connectivity The following is what the message displays when files are successfully transmitted Otherwise please verify link connectivity and retry the copy command again 220 Serv U FTP Server v2 5 build 6 for WinSock ready 331 User name okay need password 230 User logged in proceed 200 PORT Command successful nos img file length 1526021 read file ok send file 150 Opening ASCII mode data connection for nos img 226 Transfer complete Maipu Confidential amp Proprietary Information Page 115 of 472 MyPower S3026G POE AC Switch User Manual V1 0 close ftp client The following is the message displays when files are successfully received Otherwise please verify link connectivity and retry copy command again 220 Serv U FTP Server v2 5 build 6 for WinSock ready 331 User name okay need password 230 User logg
180. The statistics information of the ICMP packets Rcvd 0 total 0 errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 The statistics of total received ICMP packets and the statistics of the classified ICMP echo replies packets 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies Sent 0 total 0 errors 0 time exceeded The statistics of the sent ICMP packets and 0 redirects 0 unreachable 0 echo 0 the statistics of the classified ICMP packets echo replies 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies TCP statistics TCP packet statistics TcpActiveOpens 2 TcpAttemptFails The current valid tcp connections statistics of 0 the TCP connection failures the statistics of TcpCurrEstab 1 TcpEstabResets the sent RST the statistics of the received 0 error packets the statistics of the TcpInErrs 0 TcpInSegs retransmitted packets and so on 896 TcpMaxConn 0 TcpOutRsts 18 TcpOutSegs 1277 TcpPassiveOpens 0 TcpRetransSegs 262 TcpRtoAlgorithm 0 TcpRtoMax 0 TcpRtoMin 0 UDP statistics The statistics of the UDP packets UdpInDatagrams 0 UdpInErrors The statistics of the received packets the 0 statistics of the error packets the statistics of UdpNoPorts 0 UdpOutDatagrams the packets without destination port and the 0 statistics of the sent packets Maipu Confidential amp Proprietary Information Page 45
181. Usage guide To perform configuration management on the switch with network manage software the SNMP proxy server function has to be enabled with this command Example Enable the SNMP proxy server function on the switch Switch Config snmp server enable snmp server community Command snmp server community ro rw lt string gt no snmp server community lt string gt Function Configure the community string for the switch the no snmp server community lt string gt command deletes the configured community string Command mode Global Configuration Mode Parameter lt string gt is the community string set ro rw is the specified access mode to MIB ro for read only and rw for read write Usage guide The switch supports up to 4 community strings Example Add a community string named private with read write permission Switch config snmp server community rw private Add a community string named public with read only permission Switch config snmp server community ro public Modify the read write community string named private to read only Switch config snmp server community ro private Delete community string private Switch config no snmp server community private snmp server enable traps Command snmp server enable traps Maipu Confidential amp Proprietary Information Page 88 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no snmp server enable traps Function Enable the
182. Usage guide When the AM function is enabled globally the user can configure the AM function of the port to the control the users connected to the port Usually the AM function is not configured on the uplink port Example Enable the AM function of port 0 0 1 Switch Config am enable Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 am port am ip pool Command am ip pool start ip address lt num gt no am ip pool start ip address lt num gt Function Create one IP address segment to be put in the address pool The no format of the command deletes one configured IP address segment in the address pool Maipu Confidential amp Proprietary Information Page 346 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters ip address the start address of an address segment in the IP address pool num is the number of consecutive addresses following start ip address The default value is 1 Default IP address pool is empty Command Mode Port Mode Usage guide The command is used by the user to configure the contents of the IP address pool permitting the corresponding source IP packets on the corresponding interface to pass Example Enable AM and permit the nine users with source IP as 192 1 1 2 192 1 1 10 on interface 4 to pass Switch Config am enable Switch Config interface Ethernet 0 0 4 Switch Config Ethernet0 0 A tam port Switch Config Ethernet0 0 4 am ip pool 192 1
183. WITCHA SWITCHB Work Station PC1 PC2 Multicast VLAN configuration As shown in the figure the multicast server is connected to the L3 switch A via port 0 0 1 which belongs to the VLAN10 of the switch The L3 switch A is connected with L2 switch B through the port0 0 10 which is configured as trunk port On the switch B the VLAN100 is configured to contain port0 0 15 and VLAN101 to contain port0 0 20 PC1 and PC2 are respectively connected to port 0 0 15 and0 0 20 The switch B is connected with the switch A through port0 0 10 which is configured as trunk port VLAN 20 is the multicast VLAN By configuring multicast vlan PC1 and PC2 receive the multicast data from the multicast VLAN The following based on the IP address of the switch is configured and all the equipment are connected correctly The configuration steps are as follows SwitchA config SwitchA config vlan 10 Maipu Confidential amp Proprietary Information Page 252 of 472 MyPower S3026G POE AC Switch User Manual V1 0 SwitchA config vlan10 switchport interface ethernet 0 0 1 SwitchA config vlan10 exit SwitchA config vlan 20 SwitchA config vlan20 exit SwitchA config ip igmp snooping SwitchA config ip igmp snooping vlan 20 SwitchA config interface ethernet 0 0 10 SwitchA Config Ethernet0 0 10 switchport mode trunk SwitchB config SwitchB config vlan 100 SwitchB config vlan100 switchport interface ethernet 0 0 15 SwitchB conf
184. able 5 1 The recommended ratio of the interval of sending fee counting update messages to the maximum number of the users supported by NAS The maximum number of users The interval of sending fee counting update messages in seconds 1 299 300 default value 300 599 600 600 1199 1200 1200 1799 1800 21800 3600 Example The maximum number of users supported by NAS is 700 the interval of sending accounting update packets 1200 seconds Switch config radius server accounting interim update timeout 1200 802 1x Application Instance 10 1 1 2 10 1 1 1 Radius Server 10 1 1 3 IEEE 802 1x configuration example topology The PC is connecting to port 0 0 2 of the switch IEEE 802 1x authentication is enabled on port0 0 2 the access mode is the default MAC based authentication The switch IP address is 10 1 1 2 Any port other than port 0 0 2 is used to connect to RADIUS authentication server which has an IP address of 10 1 1 3 and use the default port 1812 for authentication and port 1813 for accounting IEEE 802 1x authentication cient software is installed on the PC and is used in IEEE 802 1x authentication The configuration steps are as follows Maipu Confidential amp Proprietary Information Page 301 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config interface vlan 1 Switch Config if vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config if vlan 1 exit Switch Config
185. ac untagged 802 3 Switch Config access list 1100 deny 00 12 11 23 00 00 00 00 00 00 ff ff any destination mac tagged 802 3 Switch Config firewall enable Switch Config firewall default permit Maipu Confidential amp Proprietary Information Page 338 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config interface ethernet 0 0 10 Switch Config Ethernet0 0 10 ip access group 1100 in Switch Config Ethernet0 0 10 exit Switch Config exit Configuration result Switch show firewall Firewall is enabled Firewall default rule is to permit any packet Switch show access lists access list 1100 used 1 time s access list 1100 deny 00 12 11 23 00 00 00 00 00 00 FF FF any destination mac untagged 802 3 access list 1100 deny 00 12 11 23 00 00 00 00 00 00 FF FF any destination mac tagged 802 3 Switch show access group interface name Ethernet0 0 10 MAC Ingress access list used is 1100 Scenario 3 The user has the following configuration requirement The MAC address range of the network connected to the interface 10 of the switch is 00 12 11 23 xx xx and IP is 10 0 0 0 24 FTP should be disabled Configuration description 1 Create the corresponding ACL 2 Configure packet filtering 3 Bind ACL to packet The configuration steps are listed as below Switch Config access list 3110 deny 00 12 11 23 00 00 00 00 00 00 FF FF any destination mac tcp 10 0 0 0 0 0 0 255 any destination d port 21 Switch Con
186. ake effect only after the global system log function is enabled Example Enable the Ethernet switch to send log information to PC with IP address 100 100 100 5 The information is saved to log recording tool locali Switch Config logging 100 100 100 5 facility locall Related command logging on show channel loghost logging monitor Command logging monitor no logging monitor Function This command is used to enable the output channel of user terminal Adding no before the command means to disable the channel Command mode Global mode Default status By default do not output log information to user terminal Maipu Confidential amp Proprietary Information Page 122 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide This command can take effect only after the global system log function is enabled Example Enable the channel for outputting log information to user terminal Switch Config logging monitor Related command logging on show channel monitor logging on Command logging on no logging on Function This command is used to enable global system log function Adding no before the command means to disable global system log function Command mode Global mode Default status By default the global system log function is disabled Use guide The system can output system log information to log host and console only after global system log function is enabled Example Enable system log fu
187. al amp Proprietary Information Page 392 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config ip dhcp snooping action 100 ip dhcp snooping information enable Command ip dhcp snooping information enable no ip dhcp snooping information enable Function This command is used to enable option 82 function of DHCP Snooping on the switch the no operation of this command disables the function Parameters None Default Settings Option 82 function is disabled in DHCP Snooping by default Command Mode Global Configuration Mode Usage guide Only by configuring this command can DHCP Snooping add standard option 82 to DHCP request packets and forward the packets The format of option1 in option 82 Circuit ID option is standard vlan name plus physical port name like vlani ethernet1 12 That of option2 in option 82 remote ID option is CPU MAC of the switch like 00030f023301 If a DHCP request message with option 82 options is received DHCP Snooping will replace those options in the message with its own If a DHCP reply message with option 82 options is received DHCP Snooping will dump those options in the message and forward it This command and ip dhcp snooping option82 enable command are mutually exclusive Example Enable option 82 function of DHCP Snooping on the switch Switch Config ip dhcp snooping enable Switch Config ip dhcp snooping binding enable Switch Config ip dhcp snooping informa
188. al packets can be filtered by priority which is a number from 0 7 tos optional packets can be filtered by service type which ia number from 0 15 icmp type optional ICMP packets can be fillered by packet type which is a number from 0 255 icmp code optional ICMP packets can be filtered by packet code which is a number from 0 255 igmp type optional ICMP packets can be filtered by IGMP packet name or packet type which is a number from 0 15 time range name gt name of time range Command Mode Global configuration mode Default Configuration No access list configured Usage guide When the user assigns specific num for the first time the ACL of the serial number is created and then the lists are added into this ACL Example Permit the TCP packets with source MAC 00 12 34 45 XX XX any destination MAC address source IP address 100 1 1 0 0 255 255 255 and source port 100 and destination interface 40000 to pass Switch Config access list 3199 permit 00 12 34 45 67 00 00 00 00 00 FF FF any destination mac tcp 100 1 1 0 0 255 255 255 s port 100 any destination d port 40000 mac ip access extended Command mac ip access list extended name no mac ip access list extended name Maipu Confidential amp Proprietary Information Page 332 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Functions Define a name manner MAC IP ACL or enter access list configuration mode no mac ip access list extended lt name
189. al querier It is recommended to configure a L2 general querier on a segment The format of the command cancels this configuration ip igmp snooping vlan vlan id I2 general querier version version Configure the version number of a general query from a L2 general querier ip igmp snooping vlan vlan id I2 general querier source source no ip igmp snooping vlan vlanid L2 general query source Configure the source address of a general query from a L2 general querier ip igmp snooping vlan v an d mrouter port interface interface name no ip igmp snooping vlan lt v an id gt mrouter port interface interface name gt Configure static mrouter port in the specified VLAN The no form of the command cancels this configuration ip igmp snooping vlan lt van d mrpt lt value gt no ip igmp snooping vlan lt V an id gt mrpt Configure this survive time of mrouter port The no format of the command restores the default value ip igmp snooping vlan lt van d query interval value no ip igmp snooping vlan lt v an d query interval Configure this query interval The no format of the command restores the default value ip igmp snooping vlan lt V an id gt immediate leave no ip igmp snooping vlan lt V an id gt immediate leave Enable the IGMP fast leave function for the specified VLAN the no format of the command disables the IGMP fast leave function
190. alarm info The max number of automatic defense actions that can be recorded by the port binding dotix Whether the binding dotix function is enabled on the port binding user Whether the binding user function is enabled on the port Alarm info The quantity of alarm information Binding info The quantity of binding information Expired Binding The expired binding information Request Binding REQUEST information logging source Command logging source default m shell sys event anti attack channel console logbuff loghost monitor level critical debugging notifications warnings state on off Function For the details about the command refer to the chapter of System Logs The data source of the command anti_attack records the information about various defense network attacks including auto defense actions of DHCP Snooping Parameter Refer to the chapter of System Logs Command mode Global mode Default status The log function is disabled Usage guide Refer to the chapter of System Logs Maipu Confidential amp Proprietary Information Page 397 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Record the information about the defense network information to the buffer Switch Config logging source anti attack channel logbuff show logging lastFailurelnfo Command show logging lastFailureInfo Function The command is used to display the system abnormal information recorded in the flash
191. allation are prepared as well as a proper site for installation and debugging During the installation it is required to use the brackets and screws provided in the accessory kit and proper tools to ensure stability and reliability Users should always wear antistatic uniforms and ESD wrist straps to prevent damaging the switch and should only use and make standard cables and connecters Be cautious to potential dangers during the installation and make protective preparations to avoid accidents Clean the site after the installation Please ensure the switch is well grounded before powering it on Users should also maintain the switch regularly to extend its lifespan Security Warnings c Do not stare directly at the fiber port during operation to prevent eye damage caused by the laser transceiver in the SFP optical module of the switch Do not attempt to conduct any operation which may cause physical injuries accidents or damage the switch Do not install remove or disassemble switch and modules with power on to avoid injuring yourself or damaging the equipment Maipu Confidential amp Proprietary Information Page 22 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Do not open the switch without permission Please resort to the manufacturer for help if any problem occurs to prevent physical injuries and device damages No contact between metals and the working power is allowed and do not drop metals into the
192. amp Proprietary Information Page 418 of 472 MyPower S3026G POE AC Switch User Manual V1 0 loopback detection specified vlan Command loopback detection specified vlan v an list no loopback detection specified vlan lt vlan list gt Function Enable the function of loopback detection on the port and specify the VLAN to be checked the no format of this command disables the function of detecting loopbacks of this port or in the specified VLAN Parameters lt vian list gt the list of VLANs allowed passing through the port Given the situation of a trunk port the specified VLANs can be checked So this command is used to set the vlan list to be checked Default Disable the function of detecting the loopback via the port Command Mode Port Mode Usage guide If a port can be a TRUNK port of multiple Vlans the detection of loopbacks can be implemented on the basis of port Vlan which means the objects of the detection can be the specified Vlans on a port If the port is an ACCESS port only one Vlan on the port is allowed to be checked despite the fact that multiple Vlans can be configured This function is not supported under Port channel Example Enable the function of loopback detection under port 0 0 2 mode Switch Config interface ethernet 0 0 2 Switch Config Ethernet0 0 2 switchport mode trunk Switch Config Ethernet0 0 2 switchport trunk allowed vlan all Switch Config Ethernet0 0 2 loopback detection specified vlan 1
193. an be IP Precedence value or DSCP value Layer 3 IPv4 Packet Version ToS T precedence or DSCP ToS priority Maipu Confidential amp Proprietary Information Page 428 of 472 MyPower S3026G POE AC Switch User Manual V1 0 IP Precedence IP priority Classification information carried in L3 IP packet header occupying 3 bits in the range of 0 to 7 DSCP Differentiated Services Code Point classification information carried in L3 IP packet header occupying 6 bits in the range of 0 to 63 and is downward compatible with IP Precedence Classification The entry action of QoS classify packet traffic according to the classification information carried in the packet and ACLs Policing Ingress action of QoS lay down the policing policy to manage the classified packets Remark Ingress action of QoS perform allowing degrading or discarding operations to packets according to the policin policies Shaping Egress action of QoS put the packets to appropriate egress queues according to the packet CoS value Scheduling Egress action of QoS forward packets according to the configured priority queue In Profile Traffic within the QoS policing policy range bandwidth or burst value is called In Profile Out of Profile Traffic out of the QoS policing policy range bandwidth or burst value is called Out of Profile QoS Implementation To implement the switch software QoS a general a mature reference model shou
194. and Explanation ip address ip address mask no ip address ip address mask Configure the IP address of the the switch the no format of the command deletes the IP address of the switch 2 BootP mode Command Explanation ip bootp client enable no ip bootp client enable Enable the switch to be a BootP client and obtain IP address and gateway address through BootP negotiation the no ip bootp client enable command disables the BootP client function 3 DHCP Command Explanation ip dhcp client enable no ip dhcp client enable Enable the switch to be a DHCP client and obtain IP address and gateway address through DHCP negotiation the no ip bootp client enable command disables the DHCP client function Maipu Confidential amp Proprietary Information Page 80 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Commands for Configuring Switch IP Address ip address Command ip address lt ip address gt lt mask gt secondary no ip address lt ip address gt lt mask gt secondary Function Set the IP address and mask for the switch the no format of the command deletes the specified IP address setting Parameter ip address is the IP address in decimal dotted format mask is the subnet mask in decimal dotted format secondary indicates the IP configured is a secondary IP address Default status No IP address is co
195. and an accounting stopped message is sent to the RADIUS accounting server on accounting end Note The switch send the user offline message to the RADIUS accounting server only when accounting is enabled the user offline message is not sent to the RADIUS authentication server Example Enable the AAA accounting function for the switch Switch Config aaa accounting enable aaa accounting update enable Command aaa accounting update enable disable Function Enable or disable the AAA update accounting function of the switch Command Mode Global configuration mode Default Enable the AAA update accounting function Usage guide After the update accounting function is enabled the switch sends accounting message to each online user on time Example Disable the AAA update accounting function on the switch Switch Config aaa accounting update disable dot1x accept mac Command dotix accept mac lt mac address gt interface lt jnterface name gt no dotix accept mac lt mac address gt interface lt interface name gt Function Add a MAC address entry to the dotix address filter table If a port is specified the entry added applies to the specified port only If no port is specified the entry added applies to all the ports The no dotix accept mac lt mac address gt interface lt interface name gt command deletes the entry from dotix address filter table Parameters lt mac address gt stands for MAC ad
196. and mode Admin Mode Usage guide When the user finishes a set of configuration and needs to verify the configuration show running config command can be used to display the current active parameters Example Switch show running config show startup config Command show startup config Maipu Confidential amp Proprietary Information Page 75 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Display the switch parameter configurations written into the Flash memory at the current operation those are usually also the configuration files used for the next power up Default status If the configuration parameters read from the Flash are the same as the default operating parameter nothing is displayed Command mode Admin Mode Usage guide The show running config command differs from show startup config in that when the user finishes a set of configurations show running config displays the added on configurations whilst show startup config won t display any configurations However if write command is executed to save the active configuration to the Flash memory the displays of show running config and show startup config will be the same show switchport interface Command show switchport interface ethernet interface list Function Show the VLAN port mode of the switch port VLAN number and Trunk port information of the switch Parameter interface list is the port number which can be 0 0 1 maximum po
197. and only one multicast VLAN is allowed on a switch Example Switch config vlan 2 Switch Config Vlan2 multicast vlan multicast vlan association vlan list Command multicast vlan association v an list no multicast vlan association v an list Function Associate several VLANs with a multicast VLAN the no form of this command cancels the association relations Parameter lt vian list gt the VLAN ID list associated with multicast VLAN Each VLAN can only be associated with one multicast VLAN and the association can succeed only when every VLAN listed in the VLAN ID table exists Command mode VLAN Mode Default The multicast VLAN is not associated with any VLAN by default Maipu Confidential amp Proprietary Information Page 251 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide After a VLAN is associated with the multicast VLAN the port in the VLAN is added to the multicast VLAN when any port orders the multicast VLAN traffic then the multicast data is sent from the multicast VLAN to this port so as to reduce the data traffic The VLAN associated with the multicast VLAN should not be a Private VLAN A VLAN can only be associated with another VLAN after the multicast VLAN is enabled Only one multicast VLAN can be enabled on a switch Example Switch config vlan 2 Switch Config Vlan2 tmulticast vlan Switch Config Vlan2 multicast vlan association 3 4 Multicast VLAN Instance S
198. ange word Functions Display the configuration information of time range function Parameters word the name of time range to be displayed Default None Command Mode Admin Mode Usage guide When not assigning time range names all time range are displayed Example Switch show time range time range timer inactive used 1 times absolute periodic Saturday 0 0 0 to Sunday 23 59 59 time range timer2 active used 1 times absolute periodic Monday 0 0 0 to Friday 23 59 59 ACL Troubleshooting 1 Checking for the entries in the ACL is done in a top down order and ends as long as an entry is matched 2 Default rule is used only if no ACL is bound to the specified direction of the port or no ACL entry is matched Maipu Confidential amp Proprietary Information Page 342 of 472 MyPower S3026G POE AC Switch User Manual V1 0 10 Each port ingress can bind one MAC IP ACL or one IP ACL or one MAC ACL Each port egress can bind one MAC IP ACL or one IP ACL or one MAC ACL When binding ACLs to both the egress and ingress of the port and the packets match multiple rules in the two ACLs the priority of the egress rules is higher than that of the ingress rules In one group of ACLs the rules configured earlier have higher priority When one ACL is bound to the egress of the port it can only contain the deny entry The number of ACLs that can be successfully bound depends on the content of the ACL bound and the ha
199. anning tree port mirroring and so on Features MAC address control Besides the standard dynamic learning of MAC address MyPower S3026G POE AC switch also supports several MAC managing methods based on the MAC address list For secure access the MAC address binding function can restrict the MAC addresses of access devices connected to a port The MAC address filtering function can block the invalid access devices by filtering source and destination MAC addresses VLAN Configuration Maipu Confidential amp Proprietary Information Page 12 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MyPower S3026G POE AC switch supports standard IEEE802 1Q VLAN port protection VLAN and PVLAN IEEE802 1 Q VLAN can divide ports into as many as 4094 VLAN groups It can also realize multi switch VLAN division via IEEE802 1 Q VLAN tags and thus manage to control broadcast traffic guarantee the security and performance of the network at the same time PVLAN function can divide ports into isolated ports and community ports It can isolate or connect ports according to the network applications demands e QoS MyPower S3026G POE AC switch supports rich QoS policies by providing 4 precedence queues on each port and by supporting WRR SP scheduling This switch also supports port trust by sorting its traffic according to port VLAN DSCP IP precedence and ACL table Besides it can modify the DSCP and IP precedence of the packets and specif
200. anning tree format Function Configure the format of the port packet to interconnect with products of other companies The no command restores the default format Parameter standard The packet format specified by IEEE Privacy Private packet format which is compatible with CISCO equipment Auto Auto identified packet format which is determined by the format of the received packets Default the private packet format Maipu Confidential amp Proprietary Information Page 222 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Port Mode Usage guide As the CISCO has adopted the packet format different with the format specified by IEEE while many companies also adopted the CISCO format to be compatible with CISCO we have to support both formats The standard format is originally the one specified by IEEE and the privacy packet format is compatible with CISCO If we are not sure about the packet format of the opposite end the AUTO configuration will be preferred to identify the format according to the packets they sent The AUTO packet format is set by default in the concern of better compatibility with previous products and the leading companies The packet format will be privacy format before receiving the partner packet when configured to AUTO When the format is not AUTO and the received packet format from the partner does not match the configured format we set the state of the port which receives the unmatche
201. ansmit Function Configure a policy for a classified traffic the no command deletes the specified policy Parameters lt rate kbps gt is the average baud rate kb s of classified traffic ranging from 1 to 10 000 000 lt burst kbyte gt is the burst baud rate kbyte of classified traffic ranging from 1 to 1000 000 exceed action drop means drop packets when specified speed is exceeded exceed action policed dscp transmit specifies to mark down packet DSCP value according to policed dscp mapping when specified speed is exceeded Default There is no policy by default Command mode Policy class map configuration mode Usage guide The ranges of lt rate kbps gt and lt burst kbyte gt are quite large if the setting exceeds the actual speed of the port the policy map Maipu Confidential amp Proprietary Information Page 439 of 472 MyPower S3026G POE AC Switch User Manual V1 0 applying this policy is not bound to switch ports if selecting policed dscp transmit add the reference of policed dscp Example Set the bandwidth for packets that matching c1 class rule to 20 Mbps with a burst value of 20K bytes all packets exceeding this bandwidth setting are dropped Switch config policy map pl Switch config PolicyMap class cl Switch config Policy Class police 20000000 20000 exceed action drop Switch config Policy Class exit Switch config PolicyMap exit mls qos aggregate policer Command mls qos aggregate police
202. anual V1 0 Command Mode DHCP Address Pool Mode Usage guide Up to 8 DNS server addresses can be configured The DNS server address assigned first has the highest priority therefore address 1 has the highest priority and address 2 has the second and so on Example Set 10 1 128 3 as the DNS server address for DHCP clients Switch dhcp 1 config dns server 10 1 128 3 domain name Command domain name domain no domain name Function Configures the Domain name for DHCP clients the no domain name command deletes the domain name Parameters domain is the domain name up to 255 characters are allowed Command Mode DHCP Address Pool Mode Default None Usage guide Specify a domain name for the client Example Specify digitalchina com cn as the DHCP clients domain name Switch dhcp 1 config domain name maipu com cn hardware address Command hardware address lt hardware address gt Ethernet IEEE80O2 lt type number gt no hardware address Function Specify the hardware address of the user when binding address manually the no hardware address command deletes the setting Parameters hardware address is the hardware address in Hex Ethernet IEEES8O2 is the Ethernet protocol type lt type number gt should be the RFC number defined for protocol types from 1 to 255 e g 1 for Ethernet and 6 for IEEE 802 Default The default protocol type is Ethernet Command Mode DHCP Address Pool Mode
203. arameters 6000 7999 Access list number Default status None Command mode Admin Mode Usage guide Use this command to display the configured destination control multicast access list Example Switch sh ip multicast destination control acc access list 6000 deny ip any source any destination access list 6000 deny ip any source host destination 224 1 1 1 access list 6000 deny ip host source 2 1 1 1 any destination access list 6001 deny ip host source 2 1 1 1 225 0 0 0 0 255 255 255 access list 6002 permit ip host source 2 1 1 1 225 0 0 0 0 255 255 255 access list 6003 permit ip 2 1 1 0 0 0 0 255 225 0 0 0 0 255 255 255 show ip multicast policy Command show ip multicast policy Function Display the configured multicast policy Parameter None Default status None Command mode Admin Mode Usage guide The command displays the configured multicast policy Example Switch show ip multicast policy ip multicast policy 10 1 1 0 0 0 0 255 225 0 0 0 0 255 255 255 cos 5 Maipu Confidential amp Proprietary Information Page 265 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show ip multicast source control Command show ip multicast source control detail show ip multicast source control interface lt Interfacename gt detail Function Display multicast source control configuration Parameter detail displays information in detail Interfacename interface name such as Ethernet 0 0 1 or ethernet0 0 1
204. arpscan trust port supertrust port no anti arpscan trust lt portlsupertrust port gt Function Configure a port as a trust port or a supertrust port no anti arpscan trust port supertrust port command restores the port as an untrusted port Parameters None Default Settings By default all the ports are non trusted Command Mode Port configuration mode Usage guide If a port is configured as a trusted port then the anti ARPscan function will not deal with this port even if the rate of received ARP messages exceeds the set threshold this port will not be closed but the non trustful IP of this port will still be checked If a port is set as a super non trustful port then neither the port nor the IP of the port will be dealt with If the port is already closed by Anti ARPscan it will be opened right after being set as a trusted port When remotely managing a switch with a method like telnet users should set the uplink port as a Super Trust port before enabling anti ARP scan function preventing the port from being shutdown because of receiving too many ARP packets After the anti ARP scan function is disabled this port will be reset to its default attribute that is Untrust port Example Set port ethernet 0 0 5 of the switch as a trusted port Switch Config interface ethernet 0 0 5 Switch Config ethernet 0 0 5 anti arpscan trust port anti arpscan trust ip ip address netmask Command anti arpscan
205. as lt time value gt Example Set the interval of sending the cluster register packets as 80 Switch Config cluster register timer 80 cluster ip pool Command cluster ip pool lt commander ip gt Maipu Confidential amp Proprietary Information Page 136 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no cluster ip pool Function Configure private IP address pool for member switches of the cluster Parameters commander ip is the IP address of the command switch in decimal dotted format The value of the last byte of the IP address is smaller than 255 24 Command mode Global Mode Default status The private IP address pool is not configured Usage guide Before setting up the cluster the user should set the private IP address pool on the command switch if the address pool is not set the cluster cannot be set up When the candidate switch is added to the cluster the command switch allocates one private IP address that can be used in the cluster for each member and distributes to the member switch for the communication within the cluster In this way the command switch can manage and maintain the member switches The command can only be used on the non member switches of the cluster If the cluster is set up the user cannot modify the IP address pool The no format of the command is used to clear the address pool configuration There is no default value to be restored Example Set the private IP address pool use
206. at of the command shuts down FTP server and prevents FTP user from logging in B Configure FTP login username and password Maipu Confidential amp Proprietary Information Page 104 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Global Mode ip ftp server username lt username Configure FTP login username and password password 0 7 password this no format of the command deletes the no ip ftp server username username configured username C Modify FTP server connection idle time Command Explanation Global Mode Set the idle time of the connection The no ftp server timeout seconds format of the command restores the default no ftp server timeout value 3 TFTP server configuration A Start TFTP server Command Explanation Global Mode Start TFTP server the no format of the command shuts down TFTP server and prevents TFTP user from logging in tftp server enable no tftp server enable B Modify idle time of TFTP server connection Command Explanation Global Mode tftp server transmission timeout seconds Set the timeout interval C Modify TFTP server connection retransmission times Command Explanation Global Mode tftp server Set the maximum retransmission times within retransmission number number the timeout FTP TFTP Configuration Comman
207. ation description VLAN2 Site A and site B switch port 2 8 VLAN100 Site A and site B switch port 9 15 VLAN200 Site A and site B switch port 16 22 Trunk port Site A and site B switch port 23 Connect the Trunk ports of both switches for a Trunk link to convey the cross switch VLAN traffic connect all network devices to the other ports of the corresponding VLANs In this example port 1 and port 24 are idle and can be used for management port or for other purposes The configuration steps are listed below Switch A Switch Config vlan 2 Switch Config Vlan2 switchport interface ethernet 0 0 2 8 Maipu Confidential amp Proprietary Information Page 195 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config Vlan2 exit Switch Config vlan 100 Switch Config Vlan100 switchport interface ethernet 0 0 9 15 Switch Config Vlan100 exit Switch Config vlan 200 Switch Config Vlan200 switchport interface ethernet 0 0 16 22 Switch Config Vlan200 exit Switch Config interface ethernet 0 0 23 Switch Config Ethernet0 0 23 switchport mode trunk Switch Config Ethernet0 0 23 exit Switch Config B switch Switch Config vlan 2 Switch Config Vlan2 switchport interface ethernet 0 0 2 8 Switch Config Vlan2 exit Switch Config vlan 100 Switch Config Vlan100 switchport interface ethernet 0 0 9 15 Switch Config Vlan100 exit Switch Config vlan 200 Switch Config Vlan200 switchport interface ethernet 0 0
208. ation failure caused by the bottom entries being full so we suggest users to use the simplest rules if possible The configuration commands are as follows Command Explanation Port Configuration Mode no ip multicast source control access group 5000 5099 Configure the rules used by source control to the port The NO format of the command cancels the configuration 2 Destination Control Configuration Maipu Confidential amp Proprietary Information Page 255 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Like source control configuration destination control configuration also has three steps First enable destination control globally Since destination control needs to prevent unauthorized user from receiving multicast data the switch does not broadcast the received multicast data after configuring global destination control Therefore it should be avoided to connect two or more other L3 switches in the same VLAN on a switch on which destination control is enabled The configuration commands are as follows Command Explanation Global Configuration Mode Globally enable IP destination control multicast The no format of the command globally disables destination control All the other configuration can only take effect after destination control is globally enabled no ip multicast destination control mandatory Next is to configure destination contr
209. atus and traffic statistics of all ports and the user can further enter the Global Mode from Admin Mode to modify all configurations of the Maipu Confidential amp Proprietary Information Page 44 of 472 MyPower S3026G POE AC Switch User Manual V1 0 switch Therefore the admin password must be set to prevent unauthorized access and malicious modification to the switch after entering the admin mode 3 Global Mode Type the config command in Admin Mode and you enter the Global Mode Switch config The user can use the exit command in other configuration modes such as Port Mode and LAN mode to return to Global Mode The user can perform global configuration under Global Mode such as MAC Table Port Mirroring VLAN creation IGMP Snooping start and STP And the user can enter the interface configuration mode in the global mode via the commands to configure the interfaces 4 Interface Mode Use the interface command under Global Mode and you can enter the corresponding interface mode MyPower S3026G POE AC provides three interface types 1 VLAN interface 2 Ethernet port 3 port channel There are three interface configuration modes accordingly Interface Entering Mode Command Operation Exiting Type Prompt Mode VLAN interface Input the command Switch Config If Configure the Use the exit interface vlan Vlanx IP address of command to Vlan id in the switch return to global mode Global Mode Ethernet p
210. ault The maximum number of users allowed to access each port is 10 by default User Guide This command can only take effect when the port adopts user based access control mode If the number of authenticated users exceeds the maximum number of users allowed to access the network the additional users can not access the network Example Set port 0 0 3 to allow 5 users Switch Config Ethernet0 0 3 dotix max user userbased 5 dot1x port control Command dotix port control auto force authorized force unauthorized no dot1x port control Function Set the 802 1x authorization status the no dotix port contro command restores the default setting Parameters auto enable 802 1x authorization the port authorization status depends on the authorization information between the switch and the supplicant force authorized sets port to authorized status unauthorized data is allowed to pass through the port force unauthorized sets the port to non authorized mode the switch does not provide authorization for the supplicant and prohibit data from passing through the port When the port access control mode is userbased the 802 1x authorization status of the port can only be set as auto or force unauthorized Command mode Port configuration Mode Default When 802 1x is enabled for the port auto is set by default Usage guide If the port needs to provide 802 1x authorization for the user the port authorization mode should be set
211. ay the paramegter configuration of the valid MSTP domain in the Admin mode Command mode Admin Mode Usage guide In the Admin mode this command can show the parameters of the MSTP configuration such as MSTP name revision VLAN and instance mapping Example Display the configuration of the MSTP domain on the switch Switch show spanning tree mst config Name maipu Revision 0 Instance Vlans Mapped 00 1 29 31 39 41 4094 03 30 04 40 show mst pending Command show mst pending Maipu Confidential amp Proprietary Information Page 232 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function In the MSTP region mode display the configuration of the current MSTP region Command mode MSTP domain configuration mode Usage guide In the MSTP domain mode display the configuration of the current MSTP domain such as MSTP name revision VLAN and instance mapping Note Before quitting the MSTP domain configuration mode the displayed parameters may not be effective Example Display the configuration of the current MSTP domain Switch Config spanning tree mst configuration Switch Config Mstp Region show mst pending Name Switch Revision 0 Instance Vlans Mapped 00 1 29 31 39 41 4094 03 30 04 40 Switch Config Mstp Region debug spanning tree Command debug spanning tree no debug spanning tree Function Enable the MSTP debugging information the command no debug spanning tree disables the MST
212. be authenticated by the access controlling unit on the other end of the link A Supplicant system usually is a user terminal device Users start 802 1x authentication by starting supplicant system software A supplicant system should support EAPOL Extensible Authentication Protocol over LAN The authenticator system is another entity on one end of the LAN segment to authenticate the supplicant systems connected An authenticator system usually is a network device supporting 802 1x protocol providing ports to access the LAN for supplicant systems The ports provided can either be physical or logical The authentication server system is an entity to provide authentication service for authenticator systems The authentication server system is used to authenticate and authorize users as well as does fee counting and usually is a RADIUS Remote Authentication Dial In User Service server which can store the relative user information including username password and other parameters such as the VLAN and ports which the user belongs to The three entities above concerns the following basic concepts PAE of the port the controlled ports and the controlled direction 1 PAE PAE Port Access Entity is the entity to implement the operation of algorithms and protocols ou The PAE of the supplicant system is supposed to respond the authentication request from the authenticator systems and submit user s authentication information to the a
213. bled PC1 holds confidential data and can not be accessed by any other PC that is in another physical segment PC2 and PC3 have static mapping set to port 7 and port 9 respectively The configuration steps are listed below 1 Setthe MAC address 00 01 11 11 11 11 of PC1 as a filter address Switch Config mac address table blackhole address 00 01 11 11 11 11 vlan 1 2 Set the static mapping relationship for PC2 and PC3 to port 7 and port 9 respectively Switch Config mac address table static address 00 01 22 22 22 22 vlan 1 interface ethernet 0 0 7 Switch Config mac address table static address 00 01 33 33 33 33 vlan 1 interface ethernet 0 0 9 Maipu Confidential amp Proprietary Information Page 176 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MAC Table Troubleshooting Monitoring and Bugging Commands show mac address table Command show mac address table static aging time blackhole count multicast address lt mac addr gt vlan lt vlan id gt interface lt interface name gt Function Display the contents of current MAC address table of the switch Parameter static static entries blackhole filter entries aging time address aging time count the number of entries multicast multicast entries lt mac addr gt the MAC addresses in the entry lt vlan id gt the VLAN number of the entry lt interface name gt the interface name of the entry Command mode Admin Mode Default status MAC address table
214. bles the MAC address binding function for the port Command mode Port configuration mode Default status MAC address binding is not enabled by default Usage guide The MAC address binding function is mutually exclusive with 802 1x Spanning Tree and port aggregation Therefore to enable the MAC address binding function of the port first disable the 802 1x Spanning Tree and port aggregation function of the port and the port enabled with the MAC address binding function cannot be Trunk port Example Enable MAC address binding function for port Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport port security Maipu Confidential amp Proprietary Information Page 179 of 472 MyPower S3026G POE AC Switch User Manual V1 0 switchport port security convert Command switchport port security convert Function Convert dynamic secure MAC addresses learned by the port to static secure MAC addresses and disables the MAC address learning function for the port Command mode Port configuration mode Usage guide The port dynamic MAC convert command can only be executed after the secure port is locked After this command has been executed dynamic secure MAC addresses learned by the port is converted to static secure MAC addresses The command does not reserve configuration Example Converting MAC addresses in port 1 to static secure MAC addresses Switch Config interface Ethernet 0 0 1 Switch Config Ether
215. bug information Parameters pkt send Enable the debug information of dotix about sending packets Maipu Confidential amp Proprietary Information Page 308 of 472 MyPower S3026G POE AC Switch User Manual V1 0 pkt receive Enable the debug information of dotix about receiving packets internal Enable the debug information of dot1x about internal details userbased user based information all Enable all detail information lt interface name gt the name of the interface Command mode Admin Mode Usage guide none Example Enable the debug information about receiving and sending packets on port 0 0 1 Switch debug dot1x detail pkt receive interface ethernet 0 0 1 debug dot1x fsm Command debug dotix fsm asm aksm ratsm basm all interface ethernet lt InterfaceName gt no debug dotlx fsm asmlaksmlratsmlbasmlall interface ethernet InterfaceName Function Enable the debug information of dotix state machine the no format of the command disables the debug information Command mode Admin Mode Parameter asm Enable the debug information of Authenticator state machine aksm Enable the debug information of Authenticator Key Transmit state machine ratsm Enable the debug information of Re Authentication Timer state machine basm Enable the debug information of Backend Authentication state machine all Enable the debug information of dotix state machine lt interface name gt the name of
216. c MAC access list rule Parameters lt access list number gt is the access list No which is in decimal format ranging from 1100 1199 deny if rules are matching deny access permit if rules are matching permit access lt any source mac gt any source address lt any destination mac gt any destination address lt host_smac gt lt smac gt source MAC address lt smac mask gt mask reverse mask of source MAC address lt host_dmac gt lt dmac gt destination MAC address lt dmac mask gt mask reverse mask of destination MAC address untagged eth2 format of untagged ethernet II packet tagged eth2 format of tagged ethernet II packet untagged 802 3 format of untagged ethernet 802 3 packet tagged 802 3 format of tagged ethernet 802 3 packet Offset x the offset starting from the packet header ranging from 12 to 79 the window must start from the back of source MAC configure from the front to the back the windows cannot be overlapped that is Offset x 1 must be greater than or equal to Offset x len x Length x is between 1 4 and Offset x Length x must be no greater than 80 currently no greater than 64 Value x is in hex format The range is when Length x 1 it is O ff when Length x 2 it is O ffff when Length x 3 it is O ffffff when Length x 4 it is O ffffffff For offset x the value range varies in different frame type for untagged eth2 12 51 for untagged 802 3 12 55 for tagged eth2
217. cal re authentication for supplicant is enabled the switch re authenticates the supplicant at regular interval This function is not recommended for common use Example Enable the periodical re authentication for authenticated users Switch Config dot1x re authentication dot1x timeout quiet period Command dotix timeout quiet period seconds no dotix timeout quiet period Function Set the time to keep silent on supplicant authentication failure the no dotix timeout quiet period command restores the default value Parameters seconds is the silent time for the port in seconds the valid range is 1 to 65535 Command mode Global configuration mode Default The default value is 10 seconds Usage guide Default value is recommended Example Set the silent time to 120 seconds Switch Config dot1x timeout quiet period 120 dot1x timeout re authperiod Command dotix timeout re authperiod seconds no dot1x timeout re authperiod Function Set the re authentication interval for the supplicant the no dotix timeout re authperiod command restores the default setting Parameters seconds is the interval for re authentication in seconds the valid range is 1 to 65535 Command mode Global configuration mode Default The default value is 3600 seconds Maipu Confidential amp Proprietary Information Page 294 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide dotix re authentication must b
218. cation methods that may be extended in the future In EAP relay if any authentication method in EAP MD5 EAP TLS EAP TTLS and PEAP is adopted the authentication methods of the supplicant system and the RADIUS server should be the same 1 EAP MD5 Authentication Method Maipu Confidential amp Proprietary Information Page 275 of 472 MyPower S3026G POE AC Switch User Manual V1 0 EAP MD5 is an IETF open standard which providing the least security since MD5 Hash function is vulnerable to dictionary attacks The following figure illustrated the basic operation flow of the EAP MD5 authentication method Authenticat Supplicant PAE EAPOL uthenticator system PAE EAPOL Start EAP Request Identity RADIUS Access Request EAP Response ldenti EAP Response ldentity RADIUS Access Challenge EAP Request MD5 Challenge EAP Request MD5 Challenge RADIUS Access Request EAP Response MD5 Challenge EAP Response MD5 Challenge RADIUS Access Accept EAP Success EAP Success thorized RADIUS server po Port au PF Expiry of the Handshake Handshake request packet EAP Request Identity Handshake response packet EAP Response Identity EAPOL Logoff Bort unauthorized pem Authentication Flow of 802 1x EAP MD5 2 EAP TLS Authentication Method EAP TLS is brought up by Microsoft based on EAP and TLS protocols It uses PKI to protect the id authentication betw
219. cators of of MyPower S3026G POE AC LED State Description Link ACT Blinking The port is successfully linked It is receiving sending data Off The port is down Amber The port is providing power Green The port is linked 1000M LED On The corresponding G interface is in the connected state 1000M Off The corresponding G interface is in the connected state 100M or down state PWR On green The power is connected Off The power is not connected Maipu Confidential amp Proprietary Information Page 18 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Hardware Installation Precautions To ensure your security and the normal operation of the MyPower S3026G POE AC switch please carefully read the following instructions and notices while installing and using the switch Installation Environment A clean environment is necessary for normal operation of the switch No dust is allowed Otherwise the switch may be damaged by electrostatic adherence The switch does not have the switch During the installation you need to out connect the circuit control switch so as to cut off the power when the emergency happens The switch requires a non condensing environment with a temperature between 0 to 45 C and humidity from 10 to 90 The switch must be kept in a dry and cool place with sufficient space around it for air circulation The switch requires a power input ranging fr
220. cedly because the aggregation is triggered by the manual configuration if aggregation fails due to the inconsistency of the port VLAN information the aggregation group always stops at the status of no aggregation and you should add and delete ports to the group to trigger port aggregation again If the VLAN information is still inconsistent the aggregation still cannot succeed The aggregation cannot succeeds until the VLAN information Maipu Confidential amp Proprietary Information Page 361 of 472 MyPower S3026G POE AC Switch User Manual V1 0 becomes consistent and the ports are added and deleted to trigger the aggregation Check whether the ports of the peer switch are configured with the port aggregation group and whether the configuration modes are the same If the local end is manual mode the peer end should also be configured as manual mode If the local end is LACP dynamic generation the peer end should also be LACP dynamic generation Otherwise the port aggregation group cannot work normally If both of two sides receive and send the LACP protocol at least one side should be ACTIVE Otherwise the two sides do not initiate LACP packets Once the port channel created all port configurations can only be done on the port channel port LACP should be mutually exclusive to Security and 802 1x ports If a port has already enabled these two protocols it is not allowed to use LACP If the switch enables the anti AR
221. ch If ARP is not learned enable the ARP debugging information and view the sending receiving condition of ARP packets Defective cable is a common cause of ARP problems and may disable ARP learning Maipu Confidential amp Proprietary Information Page 461 of 472 MyPower S3026G POE AC Switch User Manual V1 0 POE Configuration Introduction to POE PoE Power over Ethernet is a technology to provide direct currents for some IP based terminals such as IP phones APs of wireless LANs and network cameras while transmitting data signals to them Such DC receiving devices are called PD Powered Device The max distance of reliable power supply provided by PoE is 100 meters IEEE 802 3af standard is a new PoE standard and an extension to the current Ethernet standard by adding new items on power supply via network cables to IEEE 802 3 standard It is also the first international standard on power distribution The application of PoE used to be in two areas IP phone and 802 11 wireless network However along with the development of this technology many applications with more practical meanings have emerged and benefited from PoE such as video monitoring integrated building management solution and remote video service booth All these existing and predictably more of such applications arouse needs for switches supporting PoE POE Configuration POE Configuration Task List 1 Globally Enable or disable PoE 2 Globally set
222. ch User Manual V1 0 Command Explanation Global Mode port group lt port group number gt load balance dst src mac no port group lt port group number gt load Create or delete a port group and set the load balance method for balance that group 2 Add physical ports to the port group Command Explanation Port Mode port group lt port group number gt mode active passive on no port group lt port group number gt Add ports to the port group and set their mode 3 Enter port channel configuration mode Command Explanation Global Mode Enter port channel configuration interface port channel lt port channel number gt mode Port Channel Configuration Commands port group Command port group lt port group number gt load balance dst src mac no port group lt port group number gt load balance Function Create a port group and set the load balance method for that group If the traffic load balance mode is not specified adopt the default load balance mode The format of the command deletes that group or restores the default load balance setting Enter load balance for restoring default load balance otherwise the group is deleted Parameters lt port group number gt is the group number of a port channel from 1 to 15 if the group number already exists an error message is given dst src mac performs load balancing according to
223. ch debug anti arpscan Maipu Confidential amp Proprietary Information Page 413 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Typical Instance of Anti ARP scan SWITCHB E0 0 1 E0 0 19 SWITCH Server PC PC 192 168 1 100 24 Typical configuration instance of anti ARP scan In the network topology above port E0 0 1 of SWITCH B is connected to port E0 0 19 of SWITCH A the port E0 0 2 of SWITCH A is connected to file server IP address is 192 168 1 100 and all the other ports of SWITCH A are connected to common PC The following configuration can prevent ARP scanning effectively without affecting the normal operation of the system SWITCH A configuration task list SwitchA Config anti arpscan enable SwitchA Config anti arpscan recovery time 3600 SwitchA Config anti arpscan trust ip 192 168 1 100 255 255 255 0 SwitchA Config interface ethernet 0 0 2 SwitchA Config Ethernet0 0 2 anti arpscan trust port SwitchA Config Ethernet0 0 2 exit SwitchA Config interface ethernet 0 0 19 SwitchA Config Ethernet0 0 19 anti arpscan trust supertrust port Maipu Confidential amp Proprietary Information Page 414 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch A Config Ethernet0 0 19 exit SWITCHB configuration task list Switch B Config anti arpscan enable SwitchB Config interface ethernet 0 0 1 SwitchB Config Ethernet0 0 1 anti arpscan trust port Swi
224. ch learns the mapping between MAC addresses and ports and updates the MAC table regularly In this section we focus on the dynamic learning process of MAC table Maipu Confidential amp Proprietary Information Page 170 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Connected to port 15 Connected to port 5 PCI MAC 00 01 11 11 11 11 PC4 IAC 00 01 44 44 44 44 PC2 MAC 00 01 22 22 22 22 PC3 MAC 00 01 33 33 33 33 MAC Table dynamic learning The topology of the figure above four PCs are connected to the switch where PC1 and PC2 belong to a same physical segment same collision domain the physical segment is connected to port 5 of the switch PC3 and PC4 belong to the same physical segment that is connected to port 12 of switch The initial MAC table contains no learned address mapping entries Take the communication of PC1 and PC3 as an example the MAC address learning process is as follow When PCi sends message to PC3 the switch receives the source MAC address 00 01 11 11 11 11 from this message the mapping entry of 00 01 11 11 11 11 and port 5 is added to the switch MAC table At the same time the switch learns the message is destined to 00 01 33 33 33 33 as the MAC table contains only a mapping entry of MAC address 00 01 11 11 11 11 and port 5 and no port mapping for 00 01 33 33 33 33 present the switch broadcast this message to all the ports in the switch assuming all ports belong t
225. ch will directly forward the frames to the associated ports when the destination MAC address in a unicast frame is not found in the MAC table the switch will broadcast the unicast frame When VLANs are configured the switch will forward unicast frame within the same VLAN If the destination MAC address is found in the MAC table but belonging to different VLANs the switch can only broadcast the unicast frame in the VLAN it belongs to MAC Address Table Configuration mac address table aging time Command mac address table aging time lt age gt 0 no mac address table aging time Function Set the aging time of the address mapping entry learned dynamically in the MAC address table The no format of the command restores the default aging time 300s Parameter age is the aging time the unit is second and the range form 10 to 1000000 0 means not age Command mode Global mode Default status Default aging time is 300s Usage guide If the aging time is set too small much unnecessary broadcast is added in the switch which affects the performance If the aging time is set two large the useless entries exist in the MAC address table for long time Therefore the user should set the appropriate aging time When the aging time is set as 0 the address learned dynamically by the switch is aged but is reserved in the MAC address table forever Note The actual aging time of the dynamic MAC address of the switch is 1 2 multip
226. chnology is based on the control over IGMP report packet sent out by the user so the module to control is IGMP snooping module whose control logic includes the following three that is take control according to the VLAN MAC address of the sent packet take control according to the IP address of the sent packet and to take control according to the port where the packet enters IGMP snooping can use the above three methods to take control simultaneously The Service Oriented Priority Strategy Multicast of Controlled multicast technology adopts the following mode for multicast data in limited range set the priority specified by the user at the access end so that data can be sent with a higher priority on the TRUNK port so as to ensure that the data is sent with the priority specified by the user in the entire network DCSCM Configuration DCSCM Configuration Task List 1 Source control configuration Maipu Confidential amp Proprietary Information Page 254 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 Destination control configuration 3 Multicast policy configuration 1 Source control configuration Source control configuration has three parts First enable source control globally The command of enabling source control globally is as follows Command Explanation Global Configuration Mode Enable source control globally the no ip multicast source control command disables source control globally It is
227. cluster heartbeat time and cluster holdtime on the command switch the cluster heartbeat time should be smaller than the current heartbeat holdtime Otherwise the setting becomes invalid and error is displayed Maipu Confidential amp Proprietary Information Page 147 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Check whether the command switch is configured correctly whether cluster auto add enable is enabled and whether the ports connected to the command switch and member switch belong to VLAN1 Currently when using the cluster network management function the ports that form the cluster need to be located in VLAN1 x Tf the switches in the cluster are inter connected via TRUNK port ALLOWED VLAN must contain VLAN1 Otherwise the switches in the cluster cannot communicate with each other normally c When the user configures the private IP address pool of the cluster ensure that it does not conflict with the public IP segment Ifthe L3 interface of the switch VLAN1 is configured with BootP Client or DHCP Client enable the cluster function again after deleting the function Maipu Confidential amp Proprietary Information Page 148 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Configuration Introduction to Port MyPower S3026G POE AC ports The port configuration of MyPower S3026G POE AC is as shown above take MyPower S3026G POE AC as example MyPower S3026G POE AC provides 24 2 2
228. coccucococ econ SP moe v Maipu Confidential amp Proprietary Information Page 395 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Ethernet0 014 untrust none Osecond 0 0 Ethernet0 015 untrust none Osecond 0 0 Ethernet0 016 untrust none Osecond 0 0 Ethernet0 017 untrust none Osecond 0 0 Ethernet0 018 untrust none Osecond 0 0 Ethernet0 019 untrust none Osecond 0 0 Ethernet0 020 untrust none Osecond 0 0 Ethernet0 021 untrust none Osecond 0 0 Ethernet0 022 untrust none Osecond 0 0 Ethernet0 023 untrust none Osecond 0 0 Ethernet0 024 untrust none Osecond 0 0 Displayed Information Explanation DHCP Snooping is enable Whether the DHCP Snooping is globally enabled or disabled DHCP Snooping binding arp Whether the ARP binding function is enabled DHCP Snooping maxnum of action info The number limitation of port defense actions DHCP Snooping limit rate The rate limitation of receiving packets switch ID The switch ID is used to identify the switch usually using the CPU MAC address DHCP Snooping droped packets The number of dropped packets when the received DHCP packets exceed the rate limit discarded packets The number of discarded packets caused by the communication failure within the system If the CPU of the switch is too busy to schedule the DHCP SNOOPING task and thus can not handle the received DHCP messages such situation might happen DHCP Snooping alarm count Th
229. conflict records Command mode Admin Mode Usage guide show ip dhcp conflict command can be used to check which IP addresses are conflicting for use The clear ip dhcp conflict command can be used to delete the conflict record for an address If the all parameter is specified all conflict records in the log will be removed When records are removed from the log the addresses are available for allocation by the DHCP server Example The network administrator finds 10 1 128 160 that has a conflict record in the log is no longer used by anyone so he deletes the record from the address conflict log Switch clear ip dhcp conflict 10 1 128 160 Related command ip dhcp conflict logging show ip dhcp conflict clear ip dhcp server statistics Command clear ip dhcp server statistics Function Deletes the statistics for DHCP server clears the DHCP server counter Command mode Admin Mode Usage guide DHCP counter statistics can be viewed with show ip dhcp server statistics command all information is accumulated You can use the clear ip dhcp server statistics command to clear the counter for easier statistics checking Example Clear the counter of DHCP server Switch clear ip dhcp server statistics Related command show ip dhcp server statistics Maipu Confidential amp Proprietary Information Page 379 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show ip dhcp binding Command show ip dhcp bindin
230. controls the port on the switch to guarantee the normal operation of the whole network The configuration task list of SWITCH A Switch config loopback detection interval time 35 15 Switch config interface ethernet 0 0 1 Switch Config If Ethernet0 0 1 loopback detection special vlan 1 3 Switch Config If Ethernet0 0 1 loopback detection control block Maipu Confidential amp Proprietary Information Page 420 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Loopback Detection Troubleshooting Debugging and Monitoring Commands show loopback detection Command show loopback detection interface lt interface list gt Function Display the state of loopback detection on all ports if no parameter is provided otherwise the state and result of the specified ports according to the parameters Parameters interface list the list of ports to be displayed supporting such as ethernet 0 0 1 2 5 or ethernet 0 0 1 6 8 Command Mode Admin Mode Usage guide Display the state and result of loopback detection on ports with this command Example Display the state of loopback detection on port 4 Switch show loopback detection interface Ethernet 0 0 4 loopback detection config and state information in the switch Ethernet 0 0 4 Port loopback detection No Port control mode block Is port controlled No Switch S debug loopback detection Command debug loopback detection Function After
231. cost The valid range is from 1 to 200 000 000 Command mode Port Mode Default By default the port cost is relevant to the port bandwidth Port Type Default Path Cost Suggested Range Maipu Confidential amp Proprietary Information Page 219 of 472 MyPower S3026G POE AC Switch User Manual V1 0 10Mbps 2000000 2000000 20000000 100Mbps 200000 200000 2000000 1Gbps 20000 20000 200000 10Gbps 2000 2000 20000 For the aggregation ports the default costs are as below Port Type Allowed Number Of Default Port Cost Aggregation Ports 10Mbps N 2000000 N 100Mbps N 200000 N 1Gbps N 20000 N 10Gbps N 2000 N Usage guide By setting the port cost users can control the cost from the current port to the root bridge in order to control the elections of root port and the designated port of the instance Example On the port0 0 2 set the MSTP port cost in the instance 2 to 3000000 Switch Config Ethernet0 0 2 spanning tree mst 2 cost 3000000 spanning tree mst port priority Command spanning tree mst instance id port priority lt port priority gt no spanning tree mst lt instance id gt port priority Function Set the current port priority for the specified instance the command no spanning tree mst lt instance id gt port priority restores the default setting Parameter instance id sets the instance ID The valid range is from 0 to 48 lt por
232. cpInSegs 896 TcpMaxConn 0 TcpOutRsts 18 TcpOutSegs 1277 TcpPassiveOpens 0 TcpRetransSegs 262 TcpRtoAlgorithm 0 TcpRtoMax 0 TcpRtoMin 0 UDP statics Maipu Confidential amp Proprietary Information Page 456 of 472 MyPower S3026G POE AC Switch User Manual V1 0 UdpInDatagrams UdpNoPorts 0 UdpInErrors 0 0 UdpOutDatagrams 0 Displayed information Explanation IP statistics The statistics information of the IP packets Rcvd 290 total 44 local destination 0 header errors 0 address errors 0 unknown protocol 0 discards Statistics of total packets received including the number of packets reaching local destination the number of packets with header errors the number of erroneous addresses the number of unknown protocol packets and the number of packets dropped 0 reassembled 0 timeouts 0 fragment rcvd 0 fragment dropped 0 fragmented 0 couldn t fragment 0 fragment sent Frags Fragmentation statistics the number of packets reassembled the number of timeouts the number of fragments received the number of fragments discarded the number of the packets that cannot be fragmented the number of fragments sent etc Sent 0 generated 0 forwarded 0 dropped 0 no route Statistics for total packets sent including the number of local packets the number of the forwarded packets the number of the dropped packets and the number of the packets without route ICMP statistics
233. ction Enable the VLAN ingress rule for a port the no vlan ingress enable command disables the ingress rule Maipu Confidential amp Proprietary Information Page 192 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Port mode Default VLAN ingress rules are enabled by default Usage guide When VLAN ingress rules are enabled on the port and the system receives data check whether the source port is the member port of the VLAN If yes accept and forward the data to the destination port Otherwise the data is dropped Example Disable VLAN ingress rules on the port Switch Config Ethernet0 0 1 vlan ingress enable private vlan Command private vlan primary isolated community no private vlan Function Configure current VLAN to Private VLAN The no private vlan command cancels the Private VLAN configuration Parameter primary set current VLAN to Primary VLAN isolated set current VLAN to Isolated VLAN community set current VLAN to Community VLAN Command Mode VLAN mode Default Private VLAN is not configured by default Usage guide There are three Private VLANs Primary VLAN Isolated VLAN and Community VLAN The ports in Primary VLAN can communicate with the ports of Isolated VLAN and Community VLAN associated with this Primary VLAN Ports in Isolated VLAN are isolated from each other and only communicate with the ports in associated Primary VLAN the ports in Community VLAN can communicat
234. ction must be enabled prior to running this command Example Set locking timer of port 1 to 30 seconds Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport port security timeout 30 switchport port security mac address Command switchport port security mac address lt mac address gt no switchport port security mac address lt mac address gt Function Add a static secure MAC address the no switchport port security mac address command deletes a static secure MAC address Command mode Port configuration mode Parameter mac address stands for the MAC address to be added or deleted Usage guide The MAC address binding function must be enabled before static secure MAC address can be added Example Add MAC 00 03 0F FE 2E D3 to porti Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport port security mac address 00 03 OF FE 2E D3 clear port security dynamic Command clear port security dynamic address mac addr interface interface id Function Clear the Dynamic MAC addresses of the specified port Command mode Admin Mode Parameter lt mac addr gt indicates the MAC address lt interface id gt for specified port number Maipu Confidential amp Proprietary Information Page 181 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide The secure port must be locked before dynamic MAC clearing operation can be performed in specified po
235. d For detailed information please refer to DCBI integrated solution If the switch forces the authentication client to use private 802 1x authentication packet format the standard 802 1x client cannot work Example Force the authentication client to use private 802 1x authentication packet format Switch Config dot1x privateclient enable dot1x re authenticate Command dotix re authenticate interface interface name Function Enable the 802 1x re authentication no wait timeout requires for all ports or a specified port Parameters lt interface name gt stands for port number if no parameter it means all ports Command mode admin mode Usage guide This command is a command in admin mode It makes the switch re authenticate the client at once without waiting for re authentication timer timeout This command is no longer valid after authentication Example Enable real time re authentication on port0 0 8 Switch dot1x re authenticate interface ether 0 0 8 dot1x re authentication Command dotix re authentication no dotix re authentication Maipu Confidential amp Proprietary Information Page 293 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable periodical re authentication for the supplicant the no dotix re authentication command disables this function Command mode Global configuration mode Default Periodical re authentication is disabled by default Usage guide When periodi
236. d option lt code gt ascii string hex hex ip lt ipaddress gt no option lt code gt Function Set the network parameter specified by the option code the no option lt code gt command cancels the setting for option Parameters lt code gt is the code for network parameters lt string gt is the ASCII string up to 255 characters lt hex gt is a value in Hex that is no greater than 510 and must be of even length lt ipaddress gt is the IP address in dotted decimal format up to 63 IP addresses can be configured Command Mode DHCP Address Pool Mode Usage guide The switch provides common commands for network parameter configuration as well as various commands useful in network configuration to meet different user needs The definition of option code is described in detail in RFC2123 Example Set the WWW server address as 10 1 128 240 Switch dhcp 1 config option 72 ip 10 1 128 240 service dhcp Command service dhcp no service dhcp Function Enables DHCP server the no service dhcp command disables the DHCP service Maipu Confidential amp Proprietary Information Page 376 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default DHCP service is disabled by default Command mode Global Configuration Mode Usage guide The IP addresses and other network parameters can be distributed to the DHCP client only when the DHCP server function is enabled Example Enable DHCP server Switch
237. d 8 ONTP Troubleshooting SNTP Debugging and Monitoring Commands show sntp Command show sntp Function Display the current SNTP client configuration and server status Parameters none Command Mode Admin Mode Example Display the current SNTP configuration Switch show sntp server address version last receive 2 1 0 2 1 never Displayed Information Explanation server address The IP address of the SNTP server version The version number of SNTP protocol last receive The IP address of the SNTP server received last debug sntp Command debug sntp adjust packet select no debug sntp adjustlpacketlselect Function Display or disable the SNTP debug information Parameters adjust stands for SNTP clock adjustment information packet for SNTP packets select for SNTP clock selection Maipu Confidential amp Proprietary Information Page 426 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Admin Mode Example Display the debugging information for SNTP packets Switch debug sntp packet SNTP Typical Configuration Instance SNTP NTP Server III Typical SNTP configuration All switches in the autonomous system domain are required to perform time synchronization which is done through two redundant SNTP NTP servers To make the time synchronous the network must be properly configured There should be reachable route between any switch and the two SNTP NTP servers
238. d IP address the no operation of this command will delete the mapping Parameter hostname is the host name up to 30 characters are allowed ip addr is the corresponding IP address for the host name in a dot decimal format Command mode Global Configuration Mode Usage guide Set the association between host and IP address which can be used in commands such as ping host Example Set IP address of a host with the hostname of beijing to 200 121 1 1 Switch config ip host beijing 200 121 1 1 Command related telnet ping traceroute ip http server Command ip http server no ip http server Maipu Confidential amp Proprietary Information Page 54 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable Web configuration the no ip http server command disables Web configuration Command mode Global configuration mode Default status the web server is disabled Usage guide Web configuration is to provide the HTTP configuration interface for the user which is straight and visual and easy to understand The function of the command is similar to configuring web server by selecting 2 of main menu in the Setup configuration mode Example Enable Web Server function and enable Web configurations Switch Config ip http server Related command web user hostname Command hostname lt hostname gt Function Set the prompt in the switch command line interface Parameter lt hostname gt
239. d by cluster member devices as 192 168 1 64 Switch config cluster ip pool 192 168 1 64 cluster commander Command cluster commander cluster name vlan lt vlan id gt no cluster commander Function Enable a commander switch create a cluster and modify the cluster name The no format of the command deletes the cluster Parameter lt cluster name gt is the cluster s name vlan id is the VLAN of the L3 device of the cluster If the user does not input the parameter the VLAN of the L3 device of the cluster is VLAN1 Default status By default the cluster is not set up Command mode Global Mode Usage guide This command sets the role of a switch as command switch and creates a cluster Before executing the command configure the private IP address pool first If executing the command on the command switch again modify the cluster name and distribute to the member switch If executing the command on the member switch return error If executing the command on the command switch again and again there is new VLAN id but the new VLAN id is invalid Maipu Confidential amp Proprietary Information Page 137 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Set the current switch as the commander switch with the cluster name of admin The vlan is is 1 Switch config cluster commander admin vlan 1 cluster member Command cluster member candidate sn cand sn mac address mac add lt mem id g
240. d class set ip dscp lt new dscp gt ip precedence new precedence cos lt new cos gt no set ip dscp ip precedence cos Assign a new DSCP IP Precedence or Cos value for the classified traffic the no format of the command cancels the newly assigned value police lt rate bps gt lt burst byte gt exceed action drop policed dscp transmit no police lt rate bps gt lt burst byte gt exceed action drop policed dscp transmit Configure a policy for the classified flow The no format of the command deletes the specified policy mls qos aggregate policer aggregate policer name lt rate bps gt lt burst byte gt exceed action drop policed dscp transmit no mls qos aggregate policer lt aggregate policer name gt Configure an aggregate policy This policy can be used by more than one policy classed in one policy map The no format of the command deletes the specified aggregate policy police aggregate lt aggregate policer name gt no police aggregate lt aggregate policer name gt Apply a policy set to a classified traffic the no policy aggregate lt aggregate policy name gt command deletes the specified policy set 4 Apply QoS to port Command Explanation Port Configuration Mode mls qos trust cos dscp port priority lt priority gt no mls qos trust Configure port trust status the no mls qos trust command disables the cur
241. d disables the IGMP Snooping fast leave function Parameter lt vian id gt is the VLAN number specified The value range is 1 4094 Command mode Global Configuration Mode Default This function is disabled by default Usage guide Enabling the fast leave function of the IGMP protocol can speed up the processing for the the port leave multicast group Do not send the specified group query of the group but delete directly Example Enable the IGMP fast leave function for VLAN 100 Switch Config ip igmp snooping vlan 100 immediate leave ip igmp snooping vlan I2 general querier Command ip igmp snooping vlan v an id 2 general querier no ip igmp snooping vlan vlan id 12 general querier Function Set this vlan to layer 2 general querier Parameter vlan id is ID of the VLAN ranging from 1 to 4094 Command Mode Global Configuration Mode Default VLAN is not the IGMP Snooping layer 2 general querier Usage guide It is recommended to configure a layer 2 general querier on a segment IGMP Snooping function should be enabled first by this command if not enabled on this vlan before configuring this command IGMP Snooping function is not disabled when disabling the layer 2 general querier function This command is mainly for sending general queries regularly to help switches within this segment learn mrouter ports Comment In IGMP Snooping there are two ways for learning the mrouter ports Port that receives the IGMP query
242. d packet to DISCARDING to prevent both sides consider themselves the root which leads to circuits When the AUTO format is set and over one equipment which is not compatible with each other are connected on the port e g a equipment running through a HUB or Transparent Transmission BPDU is connected with several equipments running MSTP the format alter counts will be recorded and the port will be disabled at certain count threshold The port can only be re enabled by the administrator Example Switch Config interface ethernet 0 0 2 Switch Config Ethernet 0 0 2 spanning tree format standard Switch Config Ethernet 0 0 2 spanning tree digest snooping Command spanning tree digest snooping no spanning tree digest snooping Function Configure the port to use the authentication key of opposite port with the command no spanning tree digest snooping the port does not use the opposite authentication key Command mode Port Mode Default Don t use the authentication key of the opposite port Usage guide MSTP protocol uses the specified key For the correspondence between instance and VLAN use the MD5 algorithm to generate the authentication key of the region Some manufacturers do not comply with the requirements of the protocol and use the specified key as a result the equipment cannot interconnect with equipment of other manufacturers Through this command the specified port can use the authentication key of the oppos
243. data only when the MAC addresses are converted to security addresses Maipu Confidential amp Proprietary Information Page 185 of 472 MyPower S3026G POE AC Switch User Manual V1 0 VLAN Configuration Introduction to VLAN VLAN Virtual Local Area Network is a technology that divides the logical addresses of the devices within the network to separate network segments based on functions applications or management requirements In this way virtual workgroups can be formed regardless of the physical location of the devices IEEE announced IEEE 802 1Q protocol to direct the standardized VLAN implementation and the VLAN function of switch is implemented following IEEE 802 1Q The feature of the VLAN technology is that a large LAN can be partitioned into many separate broadcast domains dynamically to meet the demands Swltch Switch Switch g g m VLANT m m c 1 4 a ge IBM PC Semo oc AE Desktop PC gt A VLAN network defined logically Each broadcast domain is a VLAN VLANs have the same properties as the physical LANs except VLAN is a logical partition rather than physical one Therefore the partition of VLANs can be performed regardless of physical locations and the broadcast multicast and unicast traffic within a VLAN is separated from the other VLANs Maipu Confidential amp Proprietary Information Page 186 of 472 MyPower S3026G POE AC Switch User Manual V1 0 With the a
244. day end time no periodic monday tuesday wednesday thursday friday saturday sunda y Idailyl weekdays weekend start time to end time Functions Define the time range of different requirements within one week and every week to circulate subject to this time Maipu Confidential amp Proprietary Information Page 335 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters friday Friday monday Monday saturday Saturday sunday Sunday thursday Thursday tuesday Tuesday wednesday Wednesday daily Every day of the week weekdays Monday through Friday weekend Saturday and Sunday start time start time hh mm hour minute end time end time hh mm hour minute Note time range polling is one minute per time so the time error shall be lt one minute Command Mode time range mode Default No time range configuration Usage guide Periodic time and date The definition of period is specific time period of Monday to Saturday and Sunday every week You can configure multiple periodic time periods whose relation is or For example dayl hh mm ss To day2 hh mm ss or day 1 day2 day3 day4 day5 day6 day7 lweekendlweekdaysldaily hh mm ss To hh mm ss Example Enable the configuration within the period from 9 15 30 to 12 30 00 during Tuesday to Saturday Switch Config time range dc_timer Switch Config Time Range absolute periodic tuesday 9 15 30 to saturday 12 30 00 Enable the configuration w
245. de under Global Mode Extended IP Type the ip Switch Config Ext Nacl b Configure Use the exit ACL Mode access list the command to extanded extended return to command IP ACL Global Mode under Global Mode Mode Configuration Syntax MyPower S3026G POE AC provides various configuration commands Although all the commands are different they all abide by the syntax for MyPower S3026G POE AC configuration commands The general command formats of the switch are shown below cmdtxt variable enum enumN option Conventions cmdtxt in bold font indicates a command keyword variable indicates a variable parameter enum1 enumN indicates a mandatory parameter that should be selected from the parameter set enumivenumN and optioni optionN indicates an optional parameter There may be combinations of lt gt and in the command line such as lt variable gt enum1 variable enum2 option1 option2 Here are some examples for actual configuration commands show version no parameters required This is a command with only a keyword and no parameter just type the command to run gt vlan vlan id parameter values are required after inputting the keyword gpeed duplex auto forcei10 half force10 full force100 half forceiO0 full forceig half forceig full Maipu Confidential amp Proprietary Information Page 46 of 47
246. de The operation result is shown below Testing RAM 0x00200000 RAM OK Loading BootRom OK Checking ECC of BootRom OK Starting BootRom BSP version 1 6 3 Creation date May 12 2008 10 51 00 Initializing OK Boot Step 3 Under BootROM mode run setconfig to set the IP address and mask of the switch under the BootROM mode server IP address and mask and Maipu Confidential amp Proprietary Information Page 100 of 472 MyPower S3026G POE AC Switch User Manual V1 0 select TFTP or FTP upgrade Suppose the switch address is 10 1 129 2 24 and PC address is 10 1 129 66 24 and select TFTP upgrade the configuration should like Boot setconfig Host IP Address 10 1 1 1 192 168 1 189 Server IP Address 10 1 1 2 192 168 1 101 FTP 1 or TFTP 2 1 2 Network interface configure OK Boot Step 4 Enable FTP TFTP server in the PC For TFTP run TFTP server program for FTP run FTP server program Before downloading upgrade file to the switch verify the connection between the server and the switch by ping from the server If ping succeeds run load command in the BootROM mode from the switch if it fails perform troubleshooting to find out the cause The following is the configuration for the system update image file Boot load nos img Loading entry 2 0x10010 size 0x1077f8 Step 5 Execute writeimg in BootROM mode The following saves the system update image file Boo
247. dential amp Proprietary Information Page 260 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter lt 1 4094 gt VLAN ID macaddr the source MAC address sending the IGMP REPORT the format is Xx Xx Xx XX XX XX 6000 7999 Destination control access list number Default status None Command Mode Global Configuration Mode Usage guide The command works when the global multicast destination control is enabled After configuring the command if IGMP SPOOPING is enabled for adding the members to multicast group if configuring multicast destination control to source MAC address of transmitted igmp report match by the configured access list such as matching permit the interface can be added otherwise the interface cannot be added Example Switch Config ip multicast destination control 1 00 01 03 05 07 09 access group 6000 ip multicast destination control access group sip Command ip multicast destination control source lt source wildcard gt access group 6000 7999 no ip multicast destination control source lt source wildcard gt access group 6000 7999 Function Configure multicast destination control access list used on specified segment the no form of the command deletes this configuration Parameter source IP address lt source wildcard gt mask 6000 7999 Destination control access list number Default status None Command Mode Global Configuration Mode
248. dg TroubleshooLbilgi i soi ssio sopa E382 KEb 23e cb XE Fa KE xz kR ERE TERR bsbI FERY Ade cR be KazRELeRe TERR Lee gRde 125 Configuration Classificato isea ning aar ead na tenia canne ao ne e ne Lea SE 128 Introduction to Configuration Classification eeeeeee esee 128 Configure Classified Configuration 2 ecectaceensaeensccccenascecentacecccuadcentassteccccenaneeceatanecece 128 Port Isolation ixi E ERR reRT ere Ere rrrer er rer cece ce errrrr cert ere rerrerrrr err ere rrerrerr reer rr erere 130 Introduction to Port Isolation cision iiare iiei iiia diinan 130 Port Isolation COMAQUIAUON ssiccaccievscacapeccnacanacanercensizactcecnntavensceecanaaahartedatzantcecsiedenstecacceeced 131 Cluster Network Management ss ssssssss1s211 15555 5 55 5 133 Introduction to Cluster Network Management essem 133 Basic Configuration of Cluster Network Management eeeeeene 134 Cluster Network Management Configuration Task List sssssssssssrrrrrrrrrsrrrnrnrnrnrnrnrnrnrernrns 134 Cluster Configuration Commnarids 2 cescters ceccenectececenscececerscmeanensceecenacsaneacnscaccnetecweanenesses 136 Cluster Configuration Instance cnra y po Rake Er tere a re ra EH Fa E n a Fe 143 Gl ster Tro bleshOOEllg xui xe aaea 144 Cluster Monitoring and Debugging Commands eeeeeeeeeee nennen 144 Cluster Troubleshooting P 147 Port Conf
249. dress lt interface name gt stands for interface name and port number Command mode Global configuration mode Default status none Usage guide The dotix address filter function is implemented according to the MAC address filter table dotix address filter table is manually Maipu Confidential amp Proprietary Information Page 286 of 472 MyPower S3026G POE AC Switch User Manual V1 0 added or deleted by the user When a port is specified in adding a dotix address filter table entry that entry applies to the port only when no port is specified the entry applies to all ports in the switch When dotix address filter function is enabled the switch will filter the authentication user by the MAC address Only the authentication request initialed by the users in the dotix address filter table is accepted and the rest is rejected Example Add MAC address 00 01 34 34 2e 0a to the filter table of Ethernet 0 0 5 Switch Config dot1x accept mac 00 01 34 34 2e 0a interface ethernet 0 0 5 dot1x bpdu forward enable Command dotix bpdu forward enable no dotix bpdu forward enable Function Enable the 802 1x authentication transparent transmission function of the switch The no format of the command is used to disable the 802 1x authentication transparent transmission function Command mode Global mode Default status By default the 802 1x authentication transparent transmission function is disabled on the switch Usage guide After
250. ds Event A list of all events generated by RMON Agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs SNMP Configuration SNMP Configuration Task List 1 Enable or disable SNMP Agent server function Maipu Confidential amp Proprietary Information Page 85 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 Configure the SNMP community string and the attributes of the agent devices 3 Configure the IP address of SNMP management base 4 Configure engine ID 5 Configure user 6 Configure group 7 Configure view 8 Configuring TRAP 9 Enable Disable RMON 1 Enable or disable SNMP Agent server function Command Explanation snmp server enable no snmp server enable Enable the SNMP Agent function on the switch the no format of the command disables the SNMP Agent function on the switch 2 Configure SNMP community string Command Explanation snmp server community ro rw lt string gt no snmp server community lt string gt Configure the community string for the switch the no format of the command deletes the configured community string 3 Configure IP address of SNMP management station Command Explanation snmp server s
251. ds Copy FTP Command copy lt source url gt lt destination url gt ascii binary Function Download upload files on the FTP client Parameter source url is the location of the source files or destination directory lt destination url gt is the destination address to which the files or directories are copied forms of source url and lt destination url gt vary with different locations of the files or directories ascii indicates the ASCII standard will be adopted binary indicates that the binary system is adopted in the file transmission default transmission method When URL represents an FTP address its form should be ftp username password Q ipaddress filename amongst Maipu Confidential amp Proprietary Information Page 105 of 472 MyPower S3026G POE AC Switch User Manual V1 0 username is the FTP user name password is the FTP user password ipaddress is the IP address of the FTP server client filename is the name of the FTP upload download file Special keywords of the filename Keywords Source or destination addresses running config Running configuration files startup config Startup configuration files nos img System files nos rom System startup files Command mode Admin Mode Usage guide The command supports the CLI prompt That is if the user can input the command like copy filename ftp or copy ftp filename and then press Enter
252. duction to Telnet Telnet is a simple remote terminal protocol for remote login With Telnet the user can login to a remote host with its IP address or hostname from Maipu Confidential amp Proprietary Information Page 61 of 472 MyPower S3026G POE AC Switch User Manual V1 0 his own workstation Telnet can send the user s keystrokes to the remote host and send the remote host output to the user s screen through TCP connection This is a transparent service because for the user the keyboard and monitor seem to be connected to the remote host directly Telnet employs the Client Server mode the local system is the Telnet client and the remote host is the Telnet server MyPower S3026G POE AC can be either the Telnet Server or the Telnet client When MyPower S3026G POE AC is used as the Telnet server the user can use the Telnet client program included in Windows or the other operation systems to log into MyPower S3026G POE AC as described earlier in the inband management section As a Telnet server MyPower S3026G POE AC can set up the TCP connection with up to 5 telnet clients And as Telnet client use telnet command under Admin Mode and the user can log into the other remote hosts MyPower S3026G POE AC can establish TCP connection with only one remote host If a connection to another remote host is desired the current TCP connection must be dropped Telnet Task List 1 Configure Telnet Server 2 Telnet to a remote host from th
253. e anti arpscan trust lt port supertrust port gt no anti arpscan trust lt port supertrust port gt Set the trust attributes of the ports 4 Configure trust IP Command Explanation Global configuration mode Maipu Confidential amp Proprietary Information Page 405 of 472 MyPower S3026G POE AC Switch User Manual V1 0 anti arpscan trust ip lt p address lt netmask gt gt no anti arpscan trust ip lt p address lt netmask gt gt Set est opus G IR 5 Configure automatic recovery time Command Explanation Global configuration mode anti arpscan recovery enable Enable or disable the no anti arpscan recovery enable automatic recovery function anti arpscan recovery time lt seconds gt Set automatic recovery time no anti arpscan recovery time 6 Display and debug the anti ARP scanning information Command Explanation Global configuration mode anti arpscan log enable Enable or disable the log no anti arpscan log enable function of anti ARP scanning Enable or disable the SNMP Trap function of anti ARP scanning anti arpscan trap enable no anti arpscan trap enable Display the running and configuration status of the anti ARP scanning show anti arpscan trust p port supertrust port gt prohibited lt p port gt debug anti arpscan port ip Enable or disable the debug no debug an
254. e no deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tcp lt source gt lt source wildcard gt any source host source lt source host ip gt s port lt port1 gt lt destination gt lt destination wildcard gt any destination host destination lt destination host ip gt d port lt port3 gt ack fin psh rst urg syn precedence lt precedence gt tos lt tos gt time range lt time range name gt Create one mac tcp named extended MAC IP access rule The no format of the command deletes the named extended IP access rule no deny permit any source mac host source mac lt host_smac gt smac smac mask any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt udp 4 lt source gt lt source wildcard gt any source host source lt source host ip gt s port lt port1 gt destination lt destination wildcard gt any destination host destination lt destination host ip gt d port lt port3 gt precedence lt precedence gt tos lt tos gt time range lt time range name Create one mac udp named extended MAC IP access rule The no format of the command deletes the named extended IP access rule no deny permit any source mac host source mac host smac smac smac mas
255. e Usage guide This command can display the MSTP information of the instances and the current bridge the domain configuration information and the port MSTP information Example Display the bridge MSTP The displayed content is as follows Switch sh spanning tree MSTP Bridge Config Info Standard IEEE 802 1s Bridge MAC 00 03 0f 01 0e 30 Bridge Times Max Age 20 Hello Time 2 Forward Delay 15 Maipu Confidential amp Proprietary Information Page 230 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Force Version 3 THHHHHHHBHHHHHHHBHHBHHBHHHHHBHHBE Instance O HAHAH Self Bridge Id 32768 00 03 0f 01 0e 30 Root Id 16384 00 03 0f 01 0f 52 Ext RootPathCost 200000 Region Root Id this switch Int RootPathCost 0 Root Port ID 128 1 Current port list in Instance 0 Ethernet0 0 1 Ethernet0 0 2 Total 2 PortName ID ExtRPC IntRPC State Role DsgBridge DsgPort EthernetO0 0 1 128 001 0 OFWD ROOT 16384 00030f010f52 128 007 Ethernet0 0 2 128 002 0 0 BLK ALTR 16384 00030f010f52 128 011 THHHHHHHHHHHHHHHHHHHHBHHBHHHHE Instance 3 HHEHHHHHHHHHHHHHHHHHHHHHHHE Self Bridge Id 0 00 03 0f 01 0e 30 Region Root Id this switch Int RootPathCost 0 Root Port ID 0 Current port list in Instance 3 Ethernet0 0 1 Ethernet0 0 2 Total 2 PortName ID IntRPC State Role DsgBridge DsgPort EthernetO0 0 1 128 001 0FWD MSTR 0 00030f010e30 128 001 Ethernet0 0 2 128 002 0 BLK ALTR 0 00030f010e30 128 002 THHHH
256. e 2 Success 3 Failure 4 lt There is no Data domain in the packets of which the type is Success or Failure and the value of the Length domains in such packets is 4 The format of Data domains in the packets of which the type is Request and Response is illustrated in the next figure Type is the authentication type of EAP the content of Type data depends on the type For example when the value of the type is 1 it means Identity and is used to query the identity of the other side When the type is 4 it means MD5 Challenge like PPP CHAP protocol contains query messages 0 7 N The Format of Data Domain in Request and Response Packet Identifier to assist matching the Request and Response messages Length the length of the EAP packet covering the domains of Code Identifier Length and Data in byte Data the content of the EAP packet depending on the Code type EAP Attribute Encapsulation RADIUS adds two attributes to support EAP authentication EAP Message and Message Authenticator Please refer to the Introduction of RADIUS protocol in AAA RADIUS HWTACACS operation to check the format of RADIUS messages 1 EAP Message As illustrated in the next figure this attribute is used to encapsulate EAP packet the type code is 79 String domain should be no longer than 253 Maipu Confidential amp Proprietary Information Page 273 of 472 MyPower S3026G POE AC Switch User Manual V1 0 bytes If the data length
257. e Admin Mode Maipu Confidential amp Proprietary Information Page 108 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide The command supports the CLI prompt That is if the user can input the command like copy filename tftp or copy tftp filename and then press Enter the system prompts as follows tftp server ip address x x x x or hostname tftp filename It is required to input the address and file name of the TFTP server Example 1 Save images in the FLASH to the TFTP server of 10 1 1 1 Switch copy nos img tftp 10 1 1 1 nos img 2 Obtain system file nos img from the TFTP server 10 1 1 1 Switch copy tftp 10 1 1 1 nos img nos img 3 Save the running configuration files Switch copy running config startup config Related command write tftp server enable Command tftp server enable no tftp server enable Function Start TFTP server the no ftp server enable command shuts down TFTP server and prevents TFTP user from logging in Default status TFTP server is not started by default Command mode Global Mode Usage guide When TFTP server function is enabled the switch can still perform tftp client functions TFTP server is not started by default Example Enable TFTP server service Switch config Switch Config tftp server enable Related command tftp server timeout tftp server retransmission number Maipu Confidential amp Proprietary Information Page 109 of 472
258. e no format of the command deletes mirror source port 2 Specify mirror destination port Command Description Global mode monitor session lt session gt destination interface interface number no monitor session lt session gt destination interface interface number Specify mirror destination port the no format of the command deletes mirror destination port Commands for Configuring Port Mirroring monitor session source interface Command monitor session session source interface interface list irx tx both no monitor session lt session gt source interface lt interface list gt Function This command is used to specify the mirroring source port The no format of the command is used to delete the mirroring source port Parameter lt session gt is the mirroring session value and the value range is 1 100 Currently up to 1 session is supported lt interface list gt is the mirroring source port list and the special characters such as are supported rx is the flow received by the mirroring source port tx is the flow transmitted by the mirroring source port both is the output and input flow of the mirroring source port Command mode Global configuration mode Usage guide This command is used to set the mirroring source port MyPower S3026G POE AC does not have any restriction for the mirroring source port That is the mirroring port can be one port or s
259. e the DHCP server regards that the address is not used and distributes the IP address to the client If receiving the response record the address to the conflict log Example Set the timeout as 1s Switch Config ip dhcp ping timeout 1000 Related command ip dhcp ping packets loghost dhcp Command loghost dhcp ip address port no loghost dhcp Function Enable the DHCP log function and specify the IP address and port number of the DHCP log host the no format of the command disables the DHCP log function Parameter ip address the IP address of the host recording the DHCP logs in the decimal dotted format port is the port number ranging from 0 65535 Default status By default the DHCP log function is disabled Command mode Global mode Usage guide After configuring the command the user can view the records about the DHCP address distribution on the log host The host that executes the logtest exe program provided by Maipu can become the DHCP log host Example Enable the DHCP log function the log host is 192 168 1 101 the port number is 45 Switch Config loghost dhcp 192 168 1 101 45 lease Command lease lt days gt lt hours gt lt minutes gt infinite no lease Function Set the lease time for addresses in the address pool the no lease command restores the default setting Maipu Confidential amp Proprietary Information Page 373 of 472 MyPower S3026G POE AC Switch User Manual
260. e DHCP snooping binding ARP function 5 Set trusted ports Command Explanation Port mode Ip dhcp snooping trust no Ip dhcp snooping trust Set or delete the DHCP snooping trust attributes of ports 6 Enable DHCP SNOOPING binding DOT1X function Command Explanation Port mode Ip dhcp snooping binding dotix no Ip dhcp snooping binding dotix Enable or disable the DHCP snooping binding dotix function 7 Enable the DHCP SNOOPING binding USER function Command Explanation Port mode Ip dhcp snooping binding user control no Ip dhcp snooping binding user control Enable or disable the DHCP snooping binding user function 8 Add static binding information Command Explanation Globe mode Ip dhcp snooping binding user lt mac gt address pAddr mask vlan vid interface ethernet ifname no Ip dhcp snooping binding user lt rac interface ethernet lt fname gt Add delete DHCP snooping static binding entries 9 Set defense actions Maipu Confidential amp Proprietary Information Page 386 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Port mode ip dhcp snooping action shutdown blackhole recovery Set or delete the DHCP snooping lt second gt automatic defense actions of ports no ip dhcp snooping action Global mode y
261. e WN S ON eee ai A Connect to Console port e V SS Connecting Console port to MyPower S3026G POE AC 1 Insert the connector of the Console cable to the Console port of the switch 2 Connect the other end of the console to a character terminal usually a computer 3 After the switch and the character terminal are powered on you can create the configuration management connection with the switch through the character terminal Note Please use the provided console cable and the console adaptor of the switch Don t insert the console cable to other ports or insert other cables in the Console port to prevent damaging the cable and the port Power Cable Connection The power of the MyPower S3026G POE AC switch is 100 240VAC 50 60Hz allowing a certain extent of voltage fluctuation Perform the following steps to connect the power cable Maipu Confidential amp Proprietary Information Page 25 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Connecting power cable to MyPower S3026G POE AC 1 Insert one end of the provided power cable into the power slot at the back of the switch Insert the other end of the power cable into power socket with overloading leakage protection 2 Check whether the power indicator in the front panel is on The switch is self adjustable according to the input voltage Therefore if the input voltage complies with the specified voltage range the switch can operate no
262. e broadcasts lots of ARP messages in the segment which takes up a large part of the bandwidth of the network It might even do large traffic attack in the network via fake ARP messages to collapse of the network by exhausting the bandwidth Usually ARP scanning is just a preface of other more dangerous attack methods such as automatic virus infection or the ensuing port scanning vulnerability scanning aiming at stealing information distorted message attack and DOS attack etc Since ARP scanning threatens the security and stability of the network with great danger so it is very significant to prevent it The switch provides a complete resolution to prevent ARP scanning if there is any host or port with ARP scanning features found in the segment cut off the attack source to ensure the security of the network There are two methods to prevent ARP scanning port based and IP based The port based ARP scanning will count the number to ARP messages received from a port in a certain time range if the number is larger than a preset threshold this port will be down The IP based ARP scanning will count the number to ARP messages received from an IP in the segment in a certain time range if the number is larger than a preset threshold any traffic from this IP will be blocked while the port related with this IP will not be down These two methods can be enabled simultaneously After a port or an IP is disabled users can recover its sta
263. e enabled first before supplicant re authentication interval can be modified If authentication is not enabled for the switch the supplicant re authentication interval set does not take effect Example Set the re authentication time to 1200 seconds Switch Config dot1x timeout re authperiod 1200 dot1x timeout tx period Command dotix timeout tx period seconds no dot1x timeout tx period Function Set the interval for the supplicant to re transmit EAP request identity frame the no dotix timeout tx period command restores the default setting Parameters seconds is the interval for re transmission of EAP request frames in seconds the valid range is 1 to 65535 Command mode Global configuration mode Default The default value is 30 seconds Usage guide Default value is recommended Example Set the EAP request frame re transmission interval to 1200 seconds Switch Config dot1x timeout tx period 1200 dot1x unicast enable Command dotix unicast enable no dotix unicast enable Function Enable the global 802 1x unicast transparent transmission function on the switch The no format of the command disables the 802 1x unicast transparent transmission function Command mode global configuration mode Default status By default the 802 1x unicast transparent transmission function is disabled on the switch Usage guide To enable the 802 1x unicast transparent transmission function on the port first enable the
264. e ever cauda 176 MAC Table Troubleshooting 2 rna adadenn adado asais Monitoring and Bugging Commands Bde s goo MAC Address Function Extension eene MAC Address Biriding 2 norunt nhan eeu aa ERE REXR RRYYRYRRRREYRYRRRRYY XR ERE RXR ARX Y Rd VLAN Configuration 1 eene einen nne nennen nnns 196 Maipu Confidential amp Proprietary Information Page 6 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Introductiomto VAN Em 186 VLAN Configuratio siiicar a 187 VLAN Configuration Task LiSt i e cuc rine ini imita tu ccetsecatanecoccssmeacccceetsnccsteascedeen 187 VLAN Config tration Commands ccc usus ect ick ca eaux etus eeu etos dude cac EEA eta NEA 189 VLAN Typical AppliCatiOni 3 2 222 21252 naeh t na Iu ioa caca Lees tes iota cho ext eae EA Ee cosa Lek se neR esa cesa Lege EU 194 Dotfq tunnel Configurations ricos viter aa aaa S RA AND SEA AREA 196 Introduction to Dottq turnnel 2 25 22 2 rp cearcedacagstectenenPoadtaanachsceancemeaagedensendh FERE U ERR RAE Pd 196 Dottq tunnel Configuration Task Uist euo praetor in a etra preparada xa br Rae eere 198 Dotiq tunnel Configuration Commands 5 5 ianna anrea nnn nnn narra ka nan 198 Typical Dotiq tunnel Application u s onini on cot ona apo niea o sni eii rapa earn nhau ain nea cune 200 DDottq tunnel trodbleshoOtlh sssusa e cea Ait anata wise vite pur suits snc e xnav ued uta
265. e guide Traceroute is usually used to locate the problem for unreachable network nodes Example Switch traceroute 192 168 1 2 Type c to abort Traceroute to host 192 168 1 2 maxhops is 30 timeout is 2000ms 1 16ms 192 168 1 2 Traceroute completed Related command ip host Show The show command is used to display the system information port information and protocol running status of the switch This section describes the show commands of displaying the system information and the other show commands are described in other chapters show arp Command show arp Function Display the ARP mapping table Command mode admin mode Usage guide Display the contents of the current ARP mapping table such as IP address hardware address hardware type and interface name Example Switch show arp Total arp items is 2 the matched arp items is 2 Address Hardware Addr Interface Port Flag 1 1 1 2 00 03 0F 43 65 73 Vlanl Ethernet0 0 23 Dynamic 192 168 1 145 00 03 0F FE 38 8A Vlanl Ethernet0 0 23 Dynamic Maipu Confidential amp Proprietary Information Page 72 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show clock Command show clock Function Display the current system clock Command mode Admin Mode Usage guide If the system clock is inaccurate user can adjust the time by examining the system date and clock Example Switch show clock Current time is TUE AUG 22 11 00 01 2002 Related command cloc
266. e guide When FTP server function is enabled the switch can still perform FTP client functions FTP server is not started by default Example enable FTP server service Switch config Switch Config ftp server enable Related command ip ftp server username ftp server timeout Command ftp server timeout seconds no ftp server timeout Function Set the idle time of data connection The no format of the command restores the default value Parameter seconds is the idle time threshold in seconds for FTP connection the valid range is 5 to 3600 Default status The default value is 600 seconds Command mode Global Mode Usage guide When FTP data connection idle time exceeds this limit the FTP control connection is disconnected Example Modify the idle threshold to 100 seconds Switch config Switch Config ftp server timeout 100 Maipu Confidential amp Proprietary Information Page 107 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ip ftp server username Command ip ftp server username username password 0 7 password no ip ftp server username username Function Configure the user name and password of the FTP login The no format of the command deletes the configured user name Parameter username is the user name of the FTP connection consisting of up to 16 characters O 7 means the plain text or encrypted password is the password used by the FTP connection consisting of up
267. e mask of one byte is 00001111b the normal mask is 11110000 do not permit 00010011 Command Mode The named extended IP access list configuration mode Default No access list configured Usage guide none Example Deny the packets with ant source MAC address destination MAC as 00 00 aa bb cc xx encapsulated as ethernet II format and the Ethernet protoco number as 2048 0x0800 to pass in the named extended MAC access list me Switch Config Mac Ext Nacl me deny any source mac 00 00 aa bb cc 01 00 00 00 00 00 ff tagged eth2 ethertype 2048 Maipu Confidential amp Proprietary Information Page 330 of 472 MyPower S3026G POE AC Switch User Manual V1 0 access list mac ip extended Command access list num deny permit 4any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt icmp lt source gt lt source wildcard gt any source host source lt source host ip gt lt destination gt lt destination wildcard gt any destination host destination lt destination host ip gt lt icmp type gt icmp code precedence lt precedence gt tos lt tos gt time range time range name access list num deny permit 4any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac ma
268. e mst configuration no spanning tree mst configuration Enter MSTP domain mode The no format of the command restores the default setting MSTP domain mode instance lt instance id gt vlan lt vlan list gt no instance lt instance id gt vlan lt vlan list gt Create Instance and set mapping between VLAN and Instance name lt name gt no name Set the MSTP domain name revision level lt eve gt no revision level Set the bMSTP domain revision level Maipu Confidential amp Proprietary Information Page 210 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Quit the MSTP domain mode and return to abort Global mode without saving MSTP domain configuration Quit the MSTP domain mode and return to exit Global mode with saving MSTP domain configuration 4 Configure MSTP time parameters Command Explanation Global Mode spanning tree forward time lt time gt no spanning tree forward time Set the time value for switch forward delay spanning tree hello time lt time gt no spanning tree hello time Set the Hello time for sending BPDU packets spanning tree maxage lt time gt no spanning tree maxage Set the maximum aging time for BPDU information spanning tree max hop lt op count gt no spanning tree max hop Set the maximum number of the hops of BPDU packets in the MSTP domain 5 Configure the fast migrate feature
269. e password level visitor admin enable password Maipu Confidential amp Proprietary Information Page 129 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function This command is used to delete the password for logging in to the configuration mode Command mode Global mode Parameter enable password is to specify the password for logging into the configuration mode to be deleted Default status Use guide If enable password is not specified and the password of admin is to be deleted enable the interactive mode to query the password to be deleted when configuring the command When deleting the password of visitor the user does not need to specify enable password Example Delete the login password admin of admin switch config no enable password level admin Input password lt input admin Port Isolation Introduction to Port Isolation Port isolation is aimed at meeting the user s demand showed below F0 0 1 150 0 25 trunk trunk allow vlan Aallon vlan 11 07 1911 807 M arora jaccess jaccess vian j2 1 Switch 1 ng aS Switch 2 Suc E Configure vlan 911 mE and vlan 807 Switch 3 The topology of the switches is illustrated in the figure above The demand is that once configuring the port isolation on switchi e0 0 1 and e0 0 2 on switch1 are not connected while both of them can be connected to the up
270. e quantity of the alarm information binding count The quantity of the binding information expired binding The quantity of binding information which is already expired but has not been deleted The reason why the expired information is not deleted immediately might be that the switch needs to notify the helper server about the information but the helper server has not acknowledged it request binding The quantity of the REQUEST information interface The port name trust The truest attributes of the port action The automatic defense action of the port recovery The automatic recovery time of the port alarm num The number of history records of the port automatic defense actions bind num The number of port relative binding information Switch show ip dhcp snooping interface Ethernet0 0 1 Maipu Confidential amp Proprietary Information Page 396 of 472 MyPower S3026G POE AC Switch User Manual V1 0 interface Ethernet0 0 1 user config trust attribute untrust action none binding dot1x disabled binding user disabled recovery interval O s Alarm info 0 Binding info 0 Expired Binding 0 Request Binding 0 Displayed Information Explanation interface The port name trust attribute The truest attributes of the port action The automatic defense action of the port recovery interval The automatic recovery time of the port maxnum of
271. e switch 1 Configure Telnet server Command Explanation Global Mode Enable the Telnet server function telnet server enable of the switch the no telnet no telnet server enable server enable command disables the Telnet function Configure the local user name and password for logging into the switch via telnet The no format of the command is used to delete the local authorized Telnet user telnet user lt user name gt password 0 7 password no telnet user user name Configure the secure IP address to log into the switch via Telnet the no format of the command is used to delete the authorized Telnet secure address telnet server securityip p addr no telnet server securityip lt p addr gt authentication login local radius local radius radius Configure the authentication mode il Meses login of the remote login Admin mode Make the Telnet client logging into monitor the switch display the debug no monitor information the no format of the command is used to disable the Maipu Confidential amp Proprietary Information Page 62 of 472 MyPower S3026G POE AC Switch User Manual V1 0 debug information 2 Telnet to a remote host from the switch Command Explanation Admin Mode Log into a remote host with the telnet lt ip addr gt lt ip host name gt lt port gt Telnet client included in the switch Commands for Telnet 1
272. e the users has got the ultimate freedom in selecting and managing the VLAN IDs select within 1 4094 at users will The user network is considerably independent When the ISP internet is upgrading their network the user networks do not have to change their original configuration Maipu Confidential amp Proprietary Information Page 197 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The detailed description on the application and configuration of dotiq tunnel is provided in this section Dot1q tunnel Configuration Task List 1 Configure the dotiq tunnel function on switch 2 Configure the type of protocol TPID on switch 3 Set the dotiq tunnel type of the port 1 Configure the dotiq tunnel function on switch Command Explanation Global mode dotiq tunnel enable no dotiq tunnel enable Enter exit the dotiq tunnel mode 2 Configure the type of protocol TPID on switch Command Explanation Global mode Configure the type of protocol on dotiq tunnel tpid 8100 9100 9200 Switehi 3 Setthe dotiq tunnel type of the port Command Explanation Port Configuration Mode switchport dotig tunnel mode customer uplink no switchport dotiq tunnel Set the dotiq tunnel type of the port Dot1q tunnel Configuration Commands dotiq tunnel enable Command dotiq tunnel enable no dotlq tunnel enable Function Set the switch to enter dotiq
273. e with each other and with the ports of the associated Primary VLAN there is no communication between ports in Community VLAN and ports in Isolated VLAN Only VLANs containing empty Ethernet ports can be set to Private VLAN and only the Private VLANs configured with associated private relationships can set the Access Ethernet ports as their member ports Normal VLAN clears its Ethernet ports after being set to Private VLAN It is to be noted Private VLAN messages cannot be transmitted by GVRP Example Set VLAN100 200 300 to private vlans with respectively primary Isolated Community types Switch Config vlan 100 Switch Config Vlan100 private vlan primary Switch Config Vlan100 exit Switch Config vlan 200 Maipu Confidential amp Proprietary Information Page 193 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config Vlan200 private vlan isolated Switch Config Vlan200 exit Switch Config vlan 300 Switch Config V1lan300 private vlan community Switch Config Vlan300 exit private vlan association Command private vlan association secondary vlan list no private vlan association HH Function Set Private VLAN binding the no private vlan association command cancels Private VLAN binding Parameter lt secondary vlan list gt Sets Secondary VLAN list which is associated to Primary VLAN There are two types of Secondary VLAN Isolated VLAN and Community VLAN Users can set multiple Secondary VLANs by
274. eate one absolute time end data range no absolute Stop one absolute time range start start time start data end end time end data function 4 Bind access list to a specific direction of the specified port Command Explanation Physical Port Mode Apply one access list to one direction of the port The no format of the command deletes the access list bound to the port ip mac mac ip access group ac name in out no ip mac mac ip access group lt ac name gt in out 5 Clear the packet filtering statistics information of the specified port Command Explanation Admin Mode Clear the packet filtering clear access group statistic ethernet lt interface name gt information of the specified port ACL Configuration Commands access list ip extended Command access list num lt deny permit icmp lt sIpAddr gt lt sMask gt any source host source lt sIpAddr gt lt dIpAddr gt lt dMask gt any destination host destination lt dIpAddr gt lt icmp type icmp code precedence lt prec gt tos lt tos gt time range time range name Maipu Confidential amp Proprietary Information Page 321 of 472 MyPower S3026G POE AC Switch User Manual V1 0 access list num denylpermit igmp s pAddr lt sMask gt lany sourcel host source lt sIpAddr gt lt dIpAddr gt lt dMask gt lany destination host
275. ebug ip dhcp snooping binding Function This command is used to enable the DHCP SNOOPING debug switch to debug the status of binding data of DHCP SNOOPING Command Mode Admin mode Usage guide This command is mainly used to debug the state of DHCP SNOOPING task when it adds ARP table entries dotix users and trusted user table entries according to binding data Example switch debug ip dhcp snooping binding null O packet binding debug is on Maipu Confidential amp Proprietary Information Page 400 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ARP Guard Configuration Introduction to ARP Guard There is serious security vulnerability in the design of the ARP protocol that is any network device can send ARP messages to advertise the mapping relationship between IP address and MAC address This provides a chance for ARP cheating Attackers can send ARP REQUEST messages or ARP REPLY messages to advertise a wrong mapping relationship between IP address and MAC address causing problems in network communication The danger of ARP cheating has two forms 1 PC4 sends an ARP message to advertise that the IP address of PC2 is mapped to the MAC address of PC4 which causes all the IP messages to PC2 are sent to PC4 and thus PC4 can monitor and capture the messages to PC2 2 PC4 sends ARP messages to advertise that the IP address of PC2 is mapped to an illegal MAC address which prevents PC2 from receiving the messages to
276. ecified instance And the bridge ID can influence the elections of root bridge and designated port for the specified instance The smaller tha bridge priority the higher the priority Example Set the priority for Instance 2 to 4096 Switch Config spanning tree mst 2 priority 4096 spanning tree mst rootguard Command spanning tree mst lt instance id gt rootguard no spanning tree mst instance id rootguard Function Enable the rootguard function for specified instance no spanning tree mst instance id rootguard disables the rootguard function Parameter instance id MSTP instance ID Command mode Port Mode Default Disable rootguard function Usage guide The rootguard function is configured based on the port The port is forbidden to be a MSTP root port that is the port should always keep in the specified state If superior BPDU packet is received from a rootguard port MSTP did not recalculate spanning tree and just set the status of the port to be root inconsistent blocked If no superior BPDU packet is received from a blocked rootguard port the port status restores to be forwarding The rootguard function can maintain a relative stable spanning tree topology when a new switch is added to the network Example Switch Config interface ethernet 0 0 2 Switch Config Ethernet 0 0 2 spanning tree mst 0 rootguard Maipu Confidential amp Proprietary Information Page 221 of 472 MyPower S3026G POE AC Switc
277. ecureConfigured Ethernet0 0 3 Total Addresses 1 Max Addresses limit in System 128 Displayed information Explanation Vlan The VLAN ID for the security MAC Address Mac Address Security MAC address Type Security MAC address type Ports The port that the security MAC address belongs to Total Addresses The number of the current secure MAC addresses in the system 2 Binding MAC Address Binding Troubleshooting Enabling MAC address binding for ports may fail in some occasions Here are some possible causes and solutions If MAC address binding cannot be enabled for a port check whether the port runs Spanning tree 802 1x port aggregation or whether the port is configured as a Trunk port MAC address binding is exclusive with such configurations If MAC address binding is to be enabled the functions mentioned above must be disabled first If a security address is set as static address and then is deleted that secure address is unusable even though it exists Therefore it is recommended to avoid setting static address on the MAC binding port If some devices connected to the ports configured with the MAC address binding function cannot transmit data check whether the MAC addresses of the devices are converted to security MAC If not the MAC addresses of the devices are learned the devices still cannot transmit data because the ports configured with the MAC address binding function can transmit
278. ecurityip lt p address gt no snmp server securityip lt p address gt Configure the secure IP address which is allowed to access the switch on the NMS the no format of the command deletes configured secure address snmp server SecurityIP enable snmp server SecurityIP disable Enable or disable secure IP address check function on the NMS 4 Configure engine ID Command Explanation snmp server engineid lt engine string gt no snmp server engineid lt engine string gt Configure the local engine ID on the switch This command is used for SNMP v3 5 Configure user Maipu Confidential amp Proprietary Information Page 86 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation snmp server user lt user string gt lt group Add a user to a SNMP group This command string gt encrypted auth md5 sha is used to configure USM for SNMP v3 password string no snmp server user lt user string gt group string 6 Configure group Command Explanation snmp server group group string NoauthNopriv AuthNopriv AuthPriv read read string write lt write string gt notify lt notify string gt no snmp server group lt group string gt NoauthNopriv AuthNopriv AuthPriv Set the group information on the switch This command is used to configure VACM for SNMP v3 7 Configure view C
279. ed VLAN If any non VLAN label packet from specified protocol enters through the switch port it will be assigned with specified VLAN ID and enter the specified VLAN No matter which port the packets go through their belonging VLAN is the same The command will not interfere with VLAN labeled data packets It is recommended to configure ARP protocol together with the IP protocol or else some application may be affected Example Assign the IP protocol and ARP protocol data packet encapsulated by the EthernetII to VLAN200 and the QoS priority is 0 Switch config Switch Config protocol vlan enable Switch Config protocol vlan mode ethernetii etype 2048 vlan 200 priority 0 Switch Config protocol vlan mode ethernetii etype 2054 vlan 200 priority 0 show protocol vlan Command show portocol vlan Function Display the configuration of Protocol based VLAN on the switch Parameter None Command mode Admin Mode Usage guide Display the configuration of Protocol based VLAN on the switch The value of Priority means the priority When the priority is O it means that the value depends on the default value of the port Example Display the configuration of the current Protocol based VLAN Switch show protocol vlan Encapsulation Protocol VLAN Priority Maipu Confidential amp Proprietary Information Page 204 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Etherll 0x800 200 0 EtherlI 0x806 200 0 SNAP 0x800 300 Protocol V
280. ed extended MAC access list a Create one named extended MAC access list Command Explanation Global mode mac access list extended lt name gt no mac access list extended lt name gt Create one named extended MAC access list The no format of the command deletes the named extended MAC access list b Specify multiple permit or deny rule entries Command Explanation Configuration mode of the named extended MAC access list Maipu Confidential amp Proprietary Information Page 316 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no deny permit any source mac host source mac host smac smac smac mask any destination mac host destination mac ost dmac lt dmac gt lt dmac mask gt cos lt cos val gt cos bitmask vlanId vid value lt vid mask gt ethertype protocol lt protocol mask gt Create one named extended MAC access rule matching the common MAC frame The no format of the command deletes the named extended MAC access rule no deny permit any source mac host source mac iost smac lt smac gt lt smac mask gt any destination mac 4host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt untagged eth2 ethertype lt protoco gt protocol mask Create one named extended MAC access rule matching untagged Ethernet 2 type The no format of the c
281. ed in proceed 200 PORT Command successful recv total 2 1526037 eoe K K K K K K K K K K K K K K K K K K K write ok 150 Opening ASCII mode data connection for nos img 1526037 bytes 226 Transfer complete If the switch is upgrading system file or system boot file through FTP the switch cannot be restarted until close ftp client or 226 Transfer complete is displayed indicating upgrade is successful Otherwise the switch may be rendered unable to start If the system file and system start up file upgrade through FTP fails please try to upgrade again or use the BootROM mode to upgrade TFTP Troubleshooting When uploading downloading system file with the TFTP protocol the connectivity of the link must be ensured i e use the Ping command to verify the connectivity between the TFTP client and server before running the TFTP program If ping fails you need to check for appropriate troubleshooting information to recover the link connectivity The following is the message displays when files are successfully transferred Otherwise please verify link connectivity and retry copy command again nos img file length 1526021 read file ok begin to send file wait file transfers complete close tftp client The following is the message displays when files are successfully received Otherwise please verify link connectivity and retry copy command again begin to receive file wait recv 15260
282. eeeeeeee eene enne nana nnn nnn 52 Basic Configuratiori Commigiids oft af era ou dS 52 ClOGK SCE EH T T E EE 52 Maipu Confidential amp Proprietary Information Page 4 of 472 MyPower S3026G POE AC Switch User Manual V1 0 iov niis Se ciecccatnees A T stuageeetausepeeeanageecsmebenes 53 EXEC UMEO t aisis suruari anatwedeacusdeimnancnaseitavatananatuatenenedadsnensusssen 53 D m MT MATT ME T 53 MGI MERMDEPEMUPEUUEMEREEUPPEEPEROEDERPOEEUUCHPEPRETUEDEEDPEESEDD 54 A OSU sat cc 54 IP NEP SOV Laas R HER 54 ADI M EETES 55 gc M 55 set default SCUUD iiaei language iom P 57 cc usa naarsuehocadswenanansivebends dweamaah svar osad suis nieh dived veda dauabondsditaensettutaaahanas ETT 58 SNOW estu 58 SHOW LCH SUP POM H 58 Pisgeoreej e dE 59 WVENGOMOCAUON e E 59 ceno ce aaia 59 Maintaining and Debugging Commands sssesssseeeen eee 60 om M 60 Ecce RE 61 cL ULL LL ILL ULL 66 WP ACCOUNTS sai wes RET 71 E O AET E T nate ccea
283. een the supplicant system and the RADIUS server and the dynamically generated session keys requiring both the supplicant system and the Radius authentication server to possess digital certificate to implement bidirectional authentication It is the earliest EAP authentication method used in wireless LAN Since every user should have a digital certificate this method is rarely used practically considering the difficult maintenance However it is still one of the safest EAP standards and enjoys prevailing supports from the vendors of wireless LAN hardware and software The following figure illustrates the basic operation flow of the EAP TLS authentication method Maipu Confidential amp Proprietary Information Page 276 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Supplicant PAE RADIUS server EAP Requestiidentity RADIUS Access Request EAP Response identity EAP Response ldentity RADIUS Access Challenge EAP Request EAP TLS Start EAP Request EAP TLS Stan RAD US Access Request EAP Response EAP TLS dient hello EAP Response EAP TLS client hello RADIUS Access Chal enge EAP Response EAP TLS EAP Response EAP TLS TLS server_hello TLS certificate TLS server_hello TLS certificate LS server exchange TLS certficate request LS server exchange TLS certificate_request TLS serve hello done TLS server elo done EAP Response EAP TLS RADIUS Access Request TLS certificate TLS client key exchange TLS EAP Response EAP
284. eeneeeneeeueeeeaeeeaeseaeseaeseaeseaasneeseeeeneeeees 363 INtFOdUCtION to DACP RR 363 CONGUE DACP SEVER arnser ea ENa ASEE S teed 364 DHCP Server Configuration Task List ieccicnsceeccavernaeapacatnn sas dunn sinssnencenesnanstuestion seas maaka rear 364 DHCP Configuration Commands 2 erae n nn annu nnn ainena iiine 366 DHCP Server Configuration InSEariCe z iu dure paure taire urna a asais a xe raian ee eer 377 DHCP TroubleshoOtihg euo prep ph auno RR RE REX RAE ARARRR RARRRRARKKRARAMARARARARARKKS 378 Monitoring and Debugging Comrmnands 1 c eurer eren epa nra nana ena una aka n anna kann 378 DHCP TROUDIGSHOOUING REPRE EET PEPEEEEECEEET T EEEETOUIEPITUEITEETTTLILLDULPTLILURELPEEIT 382 DHCP Snooping Configuration eneee esee nennen nnn nnn nnn nna 384 Introduction to DHCP SnoOplrg escrita e send ona n e Ra RE Ra RAT LAE 384 DHCP Snooping COnfigulatlOD ci uk tonat aa xu RAO SER aean aau ed kr ecaesddyexausces eau ned nes dati 385 DHCP Snooping Configuration Task list is 2 22er caesar rade enr run nun enu nr unn xe nnn na naa c 385 DHCP Snooping Configuration Commands 55a cae raa nube trauen rn RR ERR CRRR YR RR XR E RR XRRR iaren 387 Typical Application of DHCP Sno pihg s s s 5e a oos ooi t no nuin no euh o nun taut osea eanais Eana 394 DHCP Snooping Troubleshooting i Ec i En HEEL E EGRE REDE E EE ES 395 Monitoring and Debugging Information n unen nnne nk nnt e
285. egeneeenas 462 Introduction to POE ete etie e rne retira ranae rera aerae d aao rae roe dene 462 POE Configuratio Mees aa deded leh edel ele leh blob aes 462 POE Configuration Task LISE 251 222 52 32 2 0 op RE ask t kia pe nk eu ns anr SB nE PA KR RATE QR RR a Pas VR a RR eR ERE 462 POE Configuration COMMANA S isr misis n pinnas uan ka huh kn Rhea kA E ARX R3 RR RR n Ra Rana Rx Re RR 464 POE ily pical AppliCatlOniz2i ui tu Ru aaea 467 POE TroubleshoOtllQgiu u enun anat dad dede d deca duda da dade lial sige 469 Monitoring and Debugging Information een nnn 469 POE Troubleshootihg 5 iniu epar haa au RR RR SERRE ARR XRRR REX YRAR RAE RR RRRYY RYRR PE RERRR E Ri 471 Maipu Confidential amp Proprietary Information Page 11 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Production Introduction Overview NY fal Pp VENA MyPower S3026G POE AC switch About the Product MyPower S3026G POE AC Switch can not only be utilized in large scale enterprise network campus network and MAN as access equipment but also can meet the demand of medium scale office network The switch has unique network access functions and flexible network management function including MAC binding filtering limiting the number of MAC addresses IEEE802 1Q VLAN PVLAN IEEE802 1x access authentication QoS ACL bandwidth control IEEE802 3ad TRUNK IGMP Snooping broadcast storm suppression IEEE802 1d w sp
286. eived from the port and designates a VLAN member identity for them according to their protocol type and encapsulation type For example with the configuration of IPv4 protocol VLAN and Ethernet II encapsulation all packets of this type without any VLAN tag are treated as a member of the VLAN specified by IP protocol The Protocol VLAN filter only applies to packets without any VLAN tag while those with a VLAN tag received from the same port are not affected by Protocol VLAN and keep their original status Protocol VLAN does not create new VLANs instead it shares the same ones with port based VLAN Once a packet enters those VLANs they are forwarded according to rules the same as those of port based VLAN The VLAN is divided by the network layer protocol assigning different protocol to different VLANs This is very attractive to the network administrators who wish to organize the user by applications and services Moreover the user can move freely within the network while maintaining his membership Advantage of this method enables user to change physical position without changing their VLAN residing configuration while the VLAN can be divided by types of protocols which is important to the network administrators Further this method has no need of additional frame label to identify the VLAN which reduce the network traffic 1000M Ethernet ports of MyPower S3026G POE AC support Protocol VLAN function unconditionally while 100M ones can
287. enabling the loopback detection debug on a port the BEBUG information is generated when sending receiving packets and changing states Parameters None Command Mode Admin Mode Default Disabled by default Usage guide Display the packet sending receiving and state changes via this command Maipu Confidential amp Proprietary Information Page 421 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Switch debug loopback detection Jan 01 03 29 18 2006 Send loopback detection packet dev Ethernet0 0 10 vlan id 1 Jan 01 03 29 18 2006 Send loopback detection packet dev Ethernet0 0 10 vlan id 2 Port Loopback Detection Troubleshooting By default the function of port loopback detection is disabled and should only be enabled if required Otherwise the system performance may be affected because the loop detection packet is the broadcast packet If the connected network obviously has loop after enabling the port loopback function under the normal configuration you can use the debug loopback detection command to view the loopback detection information and whether the detection result is correct If there is something wrong you can send the result to Maipu Service Center Maipu Confidential amp Proprietary Information Page 422 of 472 MyPower S3026G POE AC Switch User Manual V1 0 SNTP Configuration Introduction to SNTP The Network Time Protocol NTP is widely used for clock synchronization for the co
288. ent interval tx period EAP retransmission interval max req EAP packet retransmission times authenticator mode Switch authentication mode Mac Filter Enable dotix address filter or not MacAccessList Dotix address filter table dot1x EAPoR Authentication method used by the switch EAP relay EAP local termination dotix privateclient Whether the private client is enabled dotix unicast Whether the unicast mode is enabled 802 1x is enabled on ethernet 0 0 8 Whether the port dotix is enabled Authentication Method Port authentication method MAC based port based user based Status Port authentication status Port control Port authorization status Supplicant Authenticator MAC address Max User Number The maximum number of the users Notify DCBI Whether sending notify to the DCBI server succeeds debug aaa error Command debug aaa error no debug aaa error Function Enable the debug information of AAA about errors the no operation of this command disables the debug information Parameter None Command mode Admin Mode Usage guide None Example Enable the debug information of AAA errors Switch debug aaa error debug aaa packet Command debug aaa packet send receivelall interface ethernet lt InterfaceName gt no debug aaa packet sendlreceivelall interface ethernet InterfaceName Maipu Confidential amp Proprietary Information Page
289. entry is just related with VLAN and MAC not related with port Example In VLAN200 set the MAC address 00 03 0f f0 00 18 as the filter entry Switch Config mac address table blackhole address 00 03 0f f0 00 18 vlan 200 clear mac address table dynamic Command clear mac address table dynamic address lt mac_addr gt vlan lt vid gt interface ethernet port channel lt Interfacename gt Function Clear dynamic address entry Parameter lt mac addr gt is the MAC address to be deleted lt interface name is the name of the port that forwards the MAC packets vlan id gt is the VLAN ID that receives the MAC address packets Command mode admin mode Usage guide The command is used to delete the dynamic address entry in admin mode Example Delete all dynamic address entries Switch clear mac address table dynamic Maipu Confidential amp Proprietary Information Page 175 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Typical Configuration Instance Connected to port 5 Connected to port 11 Connected to port 7 Connected to port 9 MAC 00701 11 11 HL H MAC 00 01 44 44 44 44 MAC 00 01 22 22 22 22 MAC 00 01 33 33 33 33 MAC Table typical configuration instance Scenario Four PCs as shown in the above figure are connected to port 5 7 9 11 of the switch and all the four PCs belong to the default VLAN1 As required by the network environment dynamic learning is ena
290. ept The MST is used to make the mapping of a certain VLAN to a certain spanning tree instance A MSTP region is composed of one or multiple bridges with the same MCID MST Configuration Identification and the bridged LAN a certain bridge in the MSTP region is the designated bridge of the LAN and the bridges attaching to the LAN are not running STP All the bridges in the same MSTP region have the same MSID MSID consists of three attributes Configuration Name Composed by digits and letters Revision Level c Configuration Digest VLANs mapping to spanning tree instances The bridges with the same 3 above attributes are considered as in the same MST domain Maipu Confidential amp Proprietary Information Page 207 of 472 MyPower S3026G POE AC Switch User Manual V1 0 In CIST of the bridged LAN the MSTP domain is considered as a bridge as shown in the following figure CIST and MST domain In the above network if the bridges run the STP or the RSTP one port between Bridge M and Bridge B should be blocked But if the bridges in the yellow range run the MSTP and are configured in the same MST domain MSTP treats this domain as a bridge Therefore one port between Bridge B and Root is blocked and one port on Bridge D is blocked Operations within MST Domain The IST connects all the MSTP bridges in a domain When the IST runs the CIST Regional Root becomes the root bridge with the lowest bridge ID and path cost to the
291. er are as follows Maipu Confidential amp Proprietary Information Page 20 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Input Voltage 100 240VAC Frequency 50 60Hz Total power consumption lt 225W maximum power consumption with full load Before powering on the switch please make sure a proper grounding of the power supply system and the stability of the input power Use a voltage adapter device if necessary A fuse or a circuit breaker no greater than 240 V 10 A is required to prevent short circuits A UPS is recommended to provide a more reliable power supply Warning An improper grounding of power supply system dramatic electric fluctuations or pulses can result in abnormal operation and even hardware damage Anti static Static electric may damage the switch circuits or the entire device To prevent the damages of static electricity please ensure a good grounding keep the environment dust free and maintain a proper temperature and humidity Operators should wear antistatic uniforms straps or gloves Anti interference Various interference sources no matter from the switch or other devices or from interior or exterior affect the switch through capacitance coupling inductance coupling electromagnetic radiation public impedance including grounding system and lead such as power lines signal lines and output lines To avoid the interferences please follow the instructions below Take anti elec
292. ername is the authorized user name of the web access which consists of up to 16 characters password is the login password which consists of up to eight characters 0 7 means that the password is not encrypted to display or the password is encrypted to display Command mode Global mode Usage guide To prevent the web access of the un authorized user the administrator can use the command to configure the authorized user and password of the web access Example Set the web access user named as admin and the password is admin Switch Config web user admin password 0 admin Related command ip http server Maipu Confidential amp Proprietary Information Page 57 of 472 MyPower S3026G POE AC Switch User Manual V1 0 write Command write Function Save the currently configured parameters to the Flash memory Command mode Admin Mode Usage guide After a set of configuration with desired functions is complete the setting should be saved to the Flash memory so that the system can revert to the saved configuration automatically in the case of unexpected power off or power failure This is the equivalent to the copy running config startup config command Example Switch write show cpu usage Command show cpu usage Function Display the CPU usage of the switch Command mode admin mode Usage guide Use the command to get the CPU load of the device at any time Example Switch show cpu usage Last 5 second CPU IDL
293. erver enabled or disable as well as the information of the login SSH user Command mode Admin Mode Example Switch show ssh server ssh server is enabled connection version state user name 1 2 0 session started admin Related command ssh server enable no ssh server enable 3 debug ssh server Command debug ssh server no debug ssh server Function Display SSH server debugging information the no debug ssh server command stops displaying SSH server debugging information Default status This function is disabled by default Command mode Admin Mode Example Switch debug ssh server Ssh server debugging is on Traceroute Command traceroute lt p addr gt host hostname hops lt hops gt timeout timeout Function This command is used to test the gateway passed in the route of a packet from the source device to the target device This can be used to test connectivity and locate a network fault Maipu Confidential amp Proprietary Information Page 71 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter ip addr is the assigned source host IP address in decimal dotted format hostname is the hostname for the remote host hops is the maximum gateway number allowed by Traceroute timeout is the timeout value for test packets in ms between 100 10000 Default status The default maximum gateway number is 16 timeout in 2000 ms Command mode Admin Mode Usag
294. ess from user The prevailing application of WLAN and LAN access in telecommunication networks in particular make it necessary to control ports in order to implement the user level access control And as a result IEEE LAN WAN committee defined a standard which is 802 1x to do Port Based Network Access Control This standard has been widely used in wireless LAN and ethernet Port Based Network Access Control means to authenticate and control the user devices on the level of ports of LAN access devices Only when the user devices connected to the ports pass the authentication can they access the resources in the LAN Otherwise the resources in the LAN won t be available 802 1x Authentication Architecture The system using 802 1x has a typical Client Server structure which contains three entities as illustrated in the next figure Supplicant system Authenticator system and Authentication server system Maipu Confidential amp Proprietary Information Page 268 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Supplicant system Supplicant PAE Authentication Services offered by Authenticator s EAP protocol system exchanges Port higher layer unauthorized protocol I i 1 I 1 L carried in 1 i i I LAN WLAN The authentication structure of 802 1x The supplicant system is an entity on one end of the LAN segment should
295. et lt name gt Functions Display the bound ACL on port Parameters name Interface name Default None Command Mode Admin Mode Usage guide When not assigning interface names all bound ACLs on the port are displayed Example Switch show access group interface name Ethernet0 0 2 IP Ingress access list used is 111 interface name Ethernet0 0 1 IP Ingress access list used is 10 Displayed information Explanation interface name Ethernet0 0 2 The binding of port Ethernet0 0 2 IP Ingress access list used is 111 Bind the numbered extended ACL 111 to the ingress direction of the port Ethernet0 0 2 interface name Ethernet0 0 1 The binding of Ethernet0 0 1 IP Ingress access list used is 10 Bind the numbered extended ACL 10 to the ingress direction of the port Ethernet0 0 1 Maipu Confidential amp Proprietary Information Page 341 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show firewall Command show firewall Functions Display the configuration information of packet filtering function Parameters None Default None Command Mode Admin Mode Example Switch show firewall Firewall is enabled Firewall default rule is to permit any packet Displayed information Explanation fire wall is enable Packet filtering function enabled the default action of firewall is permit Default packet filtering function is permit show time range Command show time r
296. everal ports The transmitted and received flows of the source port can be mirrored together or separately If rx tx both is not specified the default value is both Maipu Confidential amp Proprietary Information Page 161 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Remarks The session values of the matched source and destination ports should be the same Example Set the output flow of mirroring source ports 0 0 1 4 Switch Config monitor session 1 source interface ethernet 0 0 1 4 tx monitor session destination interface Command monitor session session destination interface interface number no monitor session session destination interface lt interface number gt Function This command is used to specify the mirroring destination port The no format of the command is used to delete the mirroring destination port Parameter session is the mirroring session value and the value range is 1 100 lt interface number gt is the mirroring destination port Command mode Global mode Usage guide Currently MyPower S3026G POE AC supports only one mirroring destination port Note that the mirroring destination port cannot be the member of port aggregation group The port throughput had better be larger or equal to the total throughput of all mirroring source ports Remarks The session values of the matched source and destination ports should be the same Example Set the mirroring destination por
297. f the COS value to the egress queue of the switch port The no format of the command restores the default value 6 Configure QoS mapping Command Explanation Global Mode mls qos map cos dscp lt dscp1 dscp8 gt dscp cos lt dscp list gt to cos dscp mutation in dscp to out dscp policed dscp dscp list to lt mark down dscp no mls qos map cos dscp dscp cos dscp mutation policed dscp Set CoS to DSCP mapping DSCP to CoS mapping DSCP to DSCP mutation mapping and policed to DSCP mapping the no format of the command restores the default mapping QoS Configuration Commands mls qos Command mls qos no mls qos Function Enables QoS in global configuration mode the no mls qos command disables the global QoS Parameter None Command mode Global configuration mode Default QoS is disabled by default Usage guide QoS provides four queues to process flows at four different precedence levels Example Enable and then disable the QoS function Switch config mls qos Switch config no mls qos class map Command class map lt class map name gt Maipu Confidential amp Proprietary Information Page 436 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no class map lt class map name gt Function Create a class map and enter class map mode the no class map lt class map name gt command deletes the specified class map
298. fig firewall enable Switch Config firewall default permit Switch Config interface ethernet 0 0 10 Switch Config Ethernet0 0 10 mac ip access group 3110 in Switch Config Ethernet0 0 10 exit Switch Config exit Configuration result Maipu Confidential amp Proprietary Information Page 339 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch show firewall Firewall is enabled Firewall default rule is to permit any packet Switch show access lists access list 3110 used 1 time s access list 3110 deny 00 12 11 23 00 00 00 00 00 00 FF FF any destination mac tcp 10 0 0 0 0 0 0 255 any destination d port 21 Switch show access group interface name Ethernet0 0 10 MAC IP Ingress access list used is 3110 ACL Troubleshooting ACL Debugging and Monitoring Commands show access lists Command show access lists num acl name Functions Display the configured ACL Parameters lt acl name gt specific ACL name character string num specific ACL No Default None Command Mode Admin Mode Usage guide When not assigning the name of ACL all ACLs are displayed used x time s indicates the times of ACL to be used Example Switch show access lists access list 10 used 0 time s access list 10 deny any source access list 100 used 1 time s access list 100 deny ip any source any destination access list 100 deny tcp any source any destination access list 1100 used 0 time s access l
299. figuration mode Command Explanation Global mode Enter the VLAN interface configuration mode or delete the existing VLAN interface interface vlan lt vlan id gt no interface vlan lt vlan id gt Maipu Confidential amp Proprietary Information Page 158 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 Configure IP address of VLAN interface and enable the VLAN interface Command Explanation VLAN interface mode ip address lt jp address gt mask secondary Configure the IP address of the no ip address lt ip address gt lt mask gt VLAN interface VLAN interface mode shutdown Enable or disable the VLAN no shutdown interface Commands for Configuring VLAN Interface interface vlan Command interface vlan vlan id no interface vlan vlan id Function Enter the VLAN interface configuration mode The no format of the command deletes the existing VLAN interface Parameter v an id is the VLAN ID of the existing VLAN and the value range is 1 4094 Command mode global mode Usage guide none Example Enter VLAN1 port mode Switch Config interface vlan 1 Switch Config If Vlan1 ip address Command ip address lt ip address gt lt mask gt secondary no ip address lt ip address gt lt mask gt secondary Function Set the IP address and mask of the switch The no format of the command deletes the configured IP address Parameter i
300. first port added Adding a port in on mode is a forced action which means that the local switch port aggregation does not rely on the information of the peer information Port aggregation succeeds as long as there are 2 or more ports in the group and all ports have consistent VLAN information Adding a port in active or passive mode enables LACP Ports of at least one end must be added in active mode if ports of both ends are added in passive mode the ports never aggregate Example Under the Port Mode of Ethernet0 0 51 add current port to port group 1 in active mode Switch Config Ethernet0 0 5 1 port group 1 mode on interface port channel Command interface port channel lt port channel number gt Function Enter the aggregation interface configuration mode Command mode Global Configuration Mode Default None Usage guide On entering aggregation port mode the configuration to GVRP or spanning tree modules will apply to aggregation ports if the aggregation port does not exist i e ports have not been aggregated an error message will be displayed and configuration will be saved and will be restored until the ports are aggregated Note such restoration will be Maipu Confidential amp Proprietary Information Page 354 of 472 MyPower S3026G POE AC Switch User Manual V1 0 performed only once if an aggregated group is ungrouped and aggregated again the initial user configuration will not be restored
301. forementioned features the VLAN technology provides us with the following convenience c c Improving network performance Saving network resources Simplifying network management Lowering network cost Enhancing network security VLAN and GVRP GARP VLAN Registration Protocol defined by 802 1Q are implemented in switch The chapter will describe the use and configuration of VLAN and GVRP in details VLAN Configuration VLAN Configuration Task List 1 Create or delete VLAN 2 Setor delete VLAN name 3 Assign Switch ports for VLAN 4 Setthe switch port type 5 Set Trunk port 6 Set Access port 7 Enable Disable VLAN ingress rules on ports 8 Configure Private VLAN 9 Set Private VLAN association 1 Create or delete VLAN Command Explanation Global Mode vlan vlan id Create delete VLAN or enter VLAN no vlan lt vian id Mode Maipu Confidential amp Proprietary Information Page 187 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 Set or delete VLAN name Command Explanation VLAN mode name vlan name no name Set or delete VLAN name 3 Assign Switch ports for VLAN Command Explanation VLAN Mode switchport interface lt nterface ist no switchport interface lt nterface list Assign the switch ports to VLAN 4 Set switch port type Command Explanation Port Mode switchport mode trunk access
302. format of the command restores the default value Parameter interval is the cluster heartbeat interval and the value range is 1 65535s It is an integer Default status The default value is 8s Command mode Global mode Usage guide After the command switch executes the command set the heartbeat interval as the specified value and distribute to all member switches If executing the command on the non command switch or the input heartbeat interval value is larger than or equal to the current holdtime the setting becomes invalid and error is displayed Example Set the interval of sending the heartbeat packets as 10 Switch config cluster heartbeat 10 clear cluster candidate table Command clear cluster candidate table Function Clear the list of the candidate switches discovered by the command switch Parameter none Default status none Command mode admin mode Usage guide The command is used to clear the list of the candidate switches discovered by the command switch When executing the command on the non command switch return error Example Clear the list of the candidate switches discovered by the command switch Switch clear cluster candidate table Maipu Confidential amp Proprietary Information Page 142 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Cluster Configuration Instance Master mS Pass ej Switch 1 Switch 2 Switch 3 itch 4 Switch n 2000E Switch
303. g Function Display the binding of the IP address and MAC address Command mode Admin mode Example Switch sh ip dhcp binding IP address Hardware adress Lease expiration Type 10 1 1 233 00 00 E2 3A 26 04 Infinite Manual 10 1 1 254 00 00 E2 3A 5C D3 60 Automatic Displayed information Explanation IP address IP address assigned to a DHCP client Hardware adress The hardware address of the DHCP client Lease expiration Valid time for the DHCP client to hold the IP address Type Type of assignment manual binding or dynamic assignment show ip dhcp conflict Command show ip dhcp conflict Function Displays log information for addresses that have a conflict record Command mode Admin Mode Example Switch sh ip dhcp conflict IP Address Detection method Detection Time 10 1 1 1 Ping FRI JAN 02 00 07 01 2002 Displayed information Explanation IP Address Conflicting IP address Detection method Method of detecting the conflict Detection Time Time when the conflict is detected show ip dhcp server statistics Command show ip dhcp server statistics Function Display statistics of all DHCP packets for a DHCP server Command mode Admin Mode Example Switch sh ip dhcp server statistics Maipu Confidential amp Proprietary Information Page 380 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Address pools 3 Database agents 0 Automatic bindings 2 Manual bindings 0
304. g access list 5000 permit ip any source host 225 1 2 3 Switch Config access list 5001 permit ip any source any destination Switch Config ip multicast source control Switch Config interface Ethernet0 0 5 Switch Config If Ethernet0 0 5 ip multicast source control access group 5000 Switch Config interface Ethernet0 0 25 Switch Config If Ethernet0 0 25 ip multicast source control access group 5001 2 Destination Control To limit users with address in 10 0 0 0 8 segment from entering the group of 238 0 0 0 8 make the following configuration Firstly enable IGMP snooping in the VLAN where it is located Here it is VLAN2 Switch Config ip igmp snooping Switch Config ip igmp snooping vlan 2 And then configure relative destination control access list and configure specified IP address to use that access list Switch Config access list 6000 deny ip any source 238 0 0 0 0 255 255 255 Maipu Confidential amp Proprietary Information Page 263 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config access list 6000 permit ip any source any destination Switch Config ip multicast destination control Switch Config ip multicast destination control 10 0 0 0 0 255 255 255 access group 6000 In this way the users of the segment can only be added to the groups other than 238 0 0 0 8 3 Multicast policy Server 210 1 1 1 is releasing important multicast data on group 239 1 2 3 and we can configure on its access s
305. g function Switch Config ip dhcp snooping enable ip dhcp snooping binding Command ip dhcp snooping binding enable no ip dhcp snooping binding enable Function Enable the DHCP Snooping binding funciton Command Mode Global configuration mode Default Settings DHCP Snooping binding is disabled by default Usage guide When the function is enabled it records the binding information allocated by DHCP Server of all trusted ports Only after the DHCP SNOOPING function is enabled the binding function can be enabled Example Enable the DHCP Snooping binding funciton Switch Config ip dhcp snooping binding enable Related command ip dhcp snooping enable ip dhcp snooping binding user Command ip dhcp snooping binding user mac address ipAddr mask vlan vid interface Ethernet lt ifname gt no Ip dhcp snooping binding user mac interface Ethernet lt ifname gt Function Configure the information of static binding users Parameters lt mac gt The MAC address of the static binding user whic is the only index of the binding user ipaddress mask The IP address and mask of the static binding user lt vid gt The VLAN ID which the static binding user belongs to Maipu Confidential amp Proprietary Information Page 388 of 472 MyPower S3026G POE AC Switch User Manual V1 0 lt ifname gt The access interface of static binding user Command Mode Global configuration mode Default Settings DHC
306. ge 214 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide This command is to set revision level for MSTP configuration The bridges with the same MSTP revision level and same other attributes are considered in the same MSTP domain Example Set revision level to 2000 Switch Config spanning tree mst configuration Switch Config Mstp Region revision level 2000 spanning tree Command spanning tree no spanning tree Function Enable MSTP in global mode and in port mode The command no spanning tree is to disable MSTP Command mode Global Mode and Port Mode Default MSTP is not enabled by default Usage guide If the MSTP is enabled in global mode enable the port exclusive with MSTP application on the port and enable MSTP protocol on all ports by default Example Enable the MSTP in global mode and disable the MSTP in the interface0 0 2 Switch Config spanning tree Switch Config interface ethernet 0 0 2 Switch Config Ethernet0 0 2 no spanning tree spanning tree forward time Command spanning tree forward time time no spanning tree forward time AAJ Function Set the switch forward delay time the command spanning tree forward time restores the default setting no Parameter lt time gt is forward delay time in seconds The valid range is from 4 to 30 Command mode Global Mode Default The forward delay time is 15 seconds by default Usage guide When the network topology change
307. ge from the log message queue and to send them out through every output channel Only when the output channel is in Enable state the log message can be sent out through it When the log message enters the output channel it is checked according to the output channel s filter items only when the source module of the log message is marked as On in the filter items the log message can be actually sent out through the output channel System Log Configuration System Log Configuration Task List 1 Set the global log switch 2 Set the output channel of the console 3 Set the output channel of the user s terminal 4 Set the output channel of the log buffer 5 Set the output channel of the log host 6 Display the information of the log channel 7 Set the filter items of the log output channel 1 Set the global log switch Command Description Global Mode logging on Enable the global log function The no format no logging on of the command disables this function 2 Set the output channel of the console Command Description Global Mode logging console no logging console Open the output channel of the console The no format of the command disables the output of the console output channel 3 Set the output channel of the user s terminal Command Description Global mode Maipu Confidential amp Proprietary Information Page 119 of 472 MyPower S3026G POE
308. gging notifications warnings Delete filter items from the output channel of state on off the log no logging source anti_attack default m_shell sys_event channel console logbuff loghost monitor Commands for Configuring System Log clear logging Command clear logging Maipu Confidential amp Proprietary Information Page 120 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function This command is used to clear all the information in the log buffer zone Command mode Admin Mode Usage guide When the old information in the log buffer zone is no longer concerned we can use this command to clear all the information Example Clear all information in the log buffer Switch clear logging Related command show logging buffered logging buffered Command logging buffered lt buffersize gt no logging buffered Function This command is used to enable the output channel of the log buffer Adding no before the command means to disable the output channel of the log buffer Parameter buffersize is the size of the memory buffer the number of messages that can be held and the value range is 10 1000 Command mode Global mode Default status By default do not output log information to memory buffer The default memory buffer size is 100 Usage guide The command can take effect only after the global system log function is enabled Example Enable the Ethernet switch to send log infor
309. global 802 1x function then enable the global 802 1x unicast transparent transmission function and at last configure the 802 1x function on the port Maipu Confidential amp Proprietary Information Page 295 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Enable the 802 1x unicast transparent transmission function on the switch and enable the 802 1x on port 0 0 1 Switch Config dot1x enable Switch Config dotlx unicast enable Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 dot1x enable dot1x user free resource Command dotix user free resource prefix mask no dotix user free resource Function Configure the 802 1x free resources of the switch the no form command disables the function Parameter prefix is the segment for free resource in decimal dotted format mask is the mask for free resource in decimal dotted format Command Mode Global configuration mode Default There is no free resource by default Usage guide This command is available only if user based access control is adopted If user based access control is used t the un authenticated users can access the limited resources configured by the command For port based and MAC based access control mode un authenticated users cannot access any network resources To be noticed only one free resource can be configured for the overall network Example Set the segment of the free resource as 1 1 1 0 and the
310. gt time range lt time range name Create one mac udp numbered extended mac ip access rule If the numbered extended access list does not exist create the access list access list lt num gt deny permit any source mac host source mac lt host_smac gt smac smac mask any destination mac 4host destination mac host dmac lt dmac gt lt dmac mask gt 1eigrp gre igrp iplipinip ospf 4 lt protoco num gt 4 source source wilacard any source host source lt source host ip gt destination destination wildcard gt any destination host destination lt destination host ip gt precedence precedence tos tos time range time range name Create one numbered extended mac ip access rule matching other specified mac IP protocol or all mac IP protocols If the numbered extended access list does not exist create the access list no access list num Delete one numbered extended MAC IP access list I Configure one named extended MAC IP access list a Create one named extended MAC IP access list Command Explanation Global mode mac ip access list extended lt name gt no mac ip access list extended lt name gt Create one named extended MAC IP access list The no format of the command deletes the named extended MAC IP access list b Specify multiple permit or deny rule entries Command Explanation
311. h the debug information is not displayed on the SSH interface but on the HyperTerminal connected to the Console port The command can make the debug information be displayed on the specified SSH terminal interface but not the Console or other Telnet or SSH terminal interface Example Enable the SSH client to display the debug information Switch monitor Related command ssh user SSH Server Configuration Instance Example 1 Network requirement Enable SSH server on the switch and run SSH2 0 client software such as Secure shell client or putty on the terminal Log into the switch via the username and password from the client Configure the local address add SSH user and enable SSH service on the switch so that SSH2 0 client can log into the switch by using the username and password to configure the switch Switch Config interface vlan 1 Switch Config Vlan 1 ip address 100 100 100 200 255 255 255 0 Switch Config Vlan 1 exit Switch Config ssh user admin password 0 admin Switch Config ssh server enable SSH Monitoring and Debugging Commands 1 show ssh user Command show ssh user Function Display all configured SSH user names Command mode Admin Mode Example Switch show ssh user Maipu Confidential amp Proprietary Information Page 70 of 472 MyPower S3026G POE AC Switch User Manual V1 0 admin Related command ssh user 2 show ssh server Command show ssh server Function Display the status of the SSH s
312. h User Manual V1 0 spanning tree portfast Command spanning tree portfast bpdufilter bpduguard default no spanning tree portfast Function Set the current port as boundary port and BPDU filter BPDU guard as default mode the mode specified by the protocol namely the port is changed into non boundary port after receiving BPDU packets the command no spanning tree portfast sets the current port as non boundary port Parameter bpdufilter configure the border port mode as BPDU filter bpduguard configure the border port mode as BPDU guard default configure the border port mode as the default mode Command mode Port Mode Default All the ports are non boundary ports by default Usage guide The boundary port enters the forwarding state when it is changed into the specified port There are three modes for the boundary ports The boundary port changes into non boundary ports by default after receiving BPDU ports In the BPDU filter mode if the BPDU is received it will be discarded In the BPDU guard mode if the BPDU is received the packet will be discarded and the port will be disabled There is only one mode at the same time The no form of the command restores the port to a non boundary port Example Switch Config interface ethernet 0 0 2 Switch Config Ethernet 0 0 2 spanning tree portfast bpdufilter Switch Config Ethernet 0 0 2 spanning tree format Command spanning tree format standard privacy auto no sp
313. he authentication can access the network while the others can not When one user becomes offline the other users are not affected C When the user based IP address MAC address port method is used all users can access limited resources before being authenticated There are two kinds of control in this method standard control and advanced control The user based standard control does not restrict the access to limited resources which means all users of this port can access limited resources before being authenticated The user based advanced control restricts the access to limited resources only some particular users of the port can access limited resources before being authenticated Once those users pass the authentication they can access all resources Attention when using private supplicant systems user based advanced control is recommended to effectively prevent ARP cheat VLAN Allocation Features 1 Auto VLAN Auto VLAN feature enables RADIUS server to change the VLAN to which the access port belongs based on the user information and the user access device information When an 802 1x user passes authentication on the server the RADIUS server sends the authorization information to the device if the RADIUS server has enabled the VLAN assigning function then the following attributes should be included in the Access Accept messages Tunnel Type VLAN 13 c Tunnel Medium Type 802 6 Tunnel Private Group ID VLA
314. he switch Example Switch show port security Security Port MaxSecurityAddr CurrentAddr Security Action count count Ethernet0 0 3 1 1 Protect Ethernet0 0 4 10 1 Protect Ethernet0 0 5 1 0 Protect Max Addresses limit per port 128 Total Addresses in System 2 Displayed information Explanation Security Port The name of the port configured as security port MaxSecurityAddr The maximum secure MAC address number set for the security port CurrentAddr The current secure MAC address number of Maipu Confidential amp Proprietary Information Page 183 of 472 MyPower S3026G POE AC Switch User Manual V1 0 the security port Security Action The violation mode of the port configuration Total Addresses in System The current secure MAC address number of the system Max Addresses limit in System The maximum secure MAC address number of the system show port security interface Command show port security interface lt interface id gt Function Display the security port configuration Command mode Admin Mode Parameter interface id stands for the port to be displayed Default status The security port configuration is not displayed by default Usage guide This command displays the detailed configuration information for the security port Example Switch show port security interface ethernet 0 0 1 Ethernet 0 0 1 Port Security Enabled Port status Security Up Vio
315. he specified policy map to the ingress of switch port output lt policy map name gt applies the specified policy map to the egress of switch port Default No policy map is bound to ports by default Command mode Port Configuration Mode Usage guide Every port can only have one policy table on each direction No policy table is allowed on the egress port Example Bind policy pi to ingress Ethernet port 0 0 1 Switch config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 service policy input p1 mls qos dscp mutation Command mls qos dscp mutation Maipu Confidential amp Proprietary Information Page 442 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no mls qos dscp mutation Function Apply DSCP mutation mapping to the switch port the no format of the command restores the default value of the DSCP mutation mapping Parameters none Default There is no DSCP mutation mapping by default Command mode Port Configuration Mode Usage guide While configuring the DSCP mutation map on the switch port the trsut status of the port should be trust DSCP Example Configure trust DHCP on Ethernet port 0 0 1 using DSCP mutation mapping Currently the command is not supported Switch config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 mls qos trust dscp Switch Config Ethernet0 0 1 mls qos dscp mutation wrr queue bandwidth Command wrr queue bandwidth lt weight1 weight2 weight3 weight4 gt no
316. hentication timeout timer value to 30 seconds Switch Config radius server timeout 30 radius server accounting interim update timeout Command radius server accounting interim update timeout seconds no radius server accounting interim update timeout Function Set the interval of sending accounting update packets the no format of this command restores the default configuration Parameters seconds is the interval of sending accounting update packets in seconds ranging from 60 to 3600 Command Mode Global configuration mode Default The default interval of sending accounting update packets is 300 seconds User Guide This command sets the interval at which NAS sends accounting update packets In order to realize the real time accounting of users from the moment the user becomes online NAS sends an accounting update packet of this user to the RADIUS server at the configured interval The interval of sending accounting update packets is relative to the maximum number of users supported by NAS The smaller the interval the less the maximum number of the users supported by NAS the bigger the interval the more the maximum number of the users supported by NAS The following is the recommended ratio of interval of sending fee counting update messages to the maximum number of the users supported by NAS Maipu Confidential amp Proprietary Information Page 300 of 472 MyPower S3026G POE AC Switch User Manual V1 0 T
317. hernet0 0 1 The port connected to switch2 is a trunk port On Switch2 set ethernet 0 0 1 connected to swtich1 as trust CoS priority Thus in the QoS domain the packets with different priorities go to different queues and get different bandwidths Maipu Confidential amp Proprietary Information Page 447 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The configuration steps are listed below The QoS configuration on switch 1 Switch config Switch config access list 1 permit 192 168 1 0 0 0 0 255 Switch config mls qos Switch config class map cl Switch config ClassMap match access group 1 Switch config ClassMap exit Switch config policy map pl Switch config PolicyMap class cl Switch config Policy Class set ip precedence 5 Switch config Policy Class exit Switch config PolicyMap exit Switch config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 service policy input p1 QoS configuration in Switch2 Switch config Switch config mls qos Switch config interface ethernet 0 0 1 Switch config Ethernet0 0 1 mls qos trust cos QoS Troubleshooting QoS Debugging and Monitoring Commands show mls qos Command show mls qos Function Display global configuration information for QoS Parameters none Default none Command mode Admin mode Usage guide Example Maipu Confidential amp Proprietary Information Page 448 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch show mls qos Q
318. hina 610041 Tel 86 28 85148850 85148041 Fax 86 28 85148948 85148139 URL http www maipu com Email overseas maipu com All other products or services mentioned herein may be registered trademarks trademarks or service marks of their respective manufacturers companies or organizations Maipu Confidential amp Proprietary Information Page 2 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Maipu Feedback Form Your opinion helps us improve the quality of our product documentation and offer better services Please fax your comments and suggestions to 86 28 85148948 85148139 or email to overseas maipu com Document Title MyPower S3026G POE AC Switch User Manual V1 0 Product Document 1 0 Version Revision Number Evaluate this Presentation document Introductions procedures illustrations completeness arrangement appearance Good Fair O Average O Poor Accessibility Contents index headings numbering Good Fair O Average O Poor Editorial Language vocabulary readability clarity technical accuracy content Good Fair O Average O Poor Your Please check suggestions to improve this document suggestions to Improve introduction Make more concise r Improve Contents Add more step by step procedures tutorials Improve arrangeme
319. hing this port is visible on both the controlled and uncontrolled ports Controlled direction In unauthenticated status controlled ports can be set as unidirectional controlled or bi directionally controlled c When the port is bi directionally controlled the sending and receiving of all frames is forbidden c When the port is unidirectional controlled no frames can be received from the supplicant systems while sending frames to the supplicant systems is allowed Note At present this kind of switch only supports unidirectional control Maipu Confidential amp Proprietary Information Page 270 of 472 MyPower S3026G POE AC Switch User Manual V1 0 802 1x Work Mechanism IEEE 802 1x authentication system uses EAP Extensible Authentication Protocol to implement the exchanging of authentication information between the supplicant system authenticator system and authentication server system EAPOL Supplicant system Authenticator system SANUS Authentication server PAE PAE system 802 1x Work Mechanism c EAP messages adopt EAPOL encapsulation format between the PAE of the supplicant system and the PAE of the authenticator system in the environment of LAN gt Between the PAE of the authenticator system and the RADIUS server there are two methods to exchange information one method is that EAP messages adopt EAPOR EAP over RADIUS encapsulation format in RADIUS protocol the other is that EAP messages terminate with the
320. holdtime second no cluster holdtime Function On the command switch use the command to set the heartbeat hold time of the cluster The no format of the command is used to restore the default value Parameter second is the heartbeat holdtime of the cluster and the value range is 20 65535 The heartbeat time means the longest valid time of the heartbeat packet information and when receiving the heartbeat packet again refresh the holdtime If no heartbeat packet is received within the heartbeat holdtime the heartbeat packet information becomes invalid that is the cluster relation becomes invalid Default status The default value is 80s Command mode Global mode Usage guide After the command switch executes the command set the heartbeat holdtime as the specified value and distribute to all member switches If executing the command on the non command switch or the input holdtime value is smaller than or equal to the current heartbeat interval the setting becomes invalid and error is displayed Example Set the holdtime of the cluster heartbeat packet as 100 Switch config cluster holdtime 100 cluster heartbeat Command cluster heartbeat interval no cluster heartbeat Maipu Confidential amp Proprietary Information Page 141 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function On the command switch use the command to set the interval of the switch in the cluster sending the heartbeat packet The no
321. how snmp engineid SNMP engineID 18c3159876 Engine Boots is 1 Displayed Information Explanation SNMP engineID Engine Boots Engine boot counts show snmp user Command show snmp user Function Display the user information Command mode Admin Mode Example Switch show snmp user User name initialsha Engine ID 1234567890 Auth Protoco MD5 Priv Protocol DES CBC Row status active Displayed Information Explanation O Username 1 0 00 User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state show snmp group Command show snmp group Function Display the group information Command mode Admin Mode Example Switch show snmp group Group Name initial Security Level noAuthnoPriv Read View one Write View lt no writeview specified gt Notify View one Displayed Information Explanation show snmp view Maipu Confidential amp Proprietary Information Page 97 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command show snmp view Function Display the view information commands Command mode Admin Mode Example Switch show snmp view View Name readview 1 Included active 1 3 Excluded active Explanation 1 and 1 3 OID number Included The view includes sub trees rooted at this OID Excluded The view does not include sub trees rooted at this OID
322. i 395 DHCP Snooping Troubleshooting n1 ioa opo toa urna nuu enhn opea esni rna rada exea 398 ARP Guard Configuration eese esie ee enin na enn nna nun nun nnn nn 401 Introduction to ARP Guard c csssecesdriatka esum enne Eurer exea Een array Fre Seat Yeu TYAS ER Eres 401 ARP Guard Configuration acini ine he as 402 Maipu Confidential amp Proprietary Information Page 9 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ARP Guard Configuration Task ll ISb 2222 esc ea o2 22i bas oto oaa p acea teen eap ERR rhe e EE RSEN Naa neasg 402 ARP Guard Configuration Cornmatd 2 tatnen ennemi heroe neuen 402 Anti ARP Scanning 1 seen enean nnn nana nn nana 404 Introduction to Anti ARP Scanfllg jst Anti ARP Scanning Config latlOri ciel ns iie erede ede dedu ele ie dade nd RR cael saeee Anti ARP Scanning Configuration Task List nennen Anti ARP Scanning Configuration Commands Antiz ARP Scanning TroubleShoOtlng siii rcc enr n d rer dix Monitoring and Debugging Information nnnm nnn kn nh i 411 Typical instanceof Anti ARP SCaHi siii enirn re nr n ci na cen rc d a d 414 Port Loopback Detection Function nee nnns 416 Introduction to Port Loopback Detection Function e eese nennen 416 Port Loopback Detection Function Configuration eeeseeeeeemnne 417 Configuration Task List of Port Loopback Detection Function
323. ic number depends on the product specification and 4 is only the maximum specification value Example Configure the mapping between VLAN1 10 VLAN 100 110 and Instance 1 Switch Config spanning tree mst configuration Switch Config Mstp Region instance 1 vlan 1 10 100 110 name Command name lt name gt no name Function In MSTP domain configuration mode set MSTP domain name the no name command deletes the MSTP domain name Parameter lt name gt is the MSTP domain name The length of the name should be less than 32 characters Command mode MSTP domain configuration mode Default By default the MSTP domain name is the MAC address of this bridge Usage guide This command is to set MSTP domain name The bridges with the same MSTP domain name and same MSTP domain parameters are considered in the same MSTP domain Example Set MSTP domain name to mstp test Switch Config spanning tree mst configuration Switch Config Mstp Region name mstp test revision level Command revision level lt eve gt no revision level Function In MST configuration mode this command is to set the revision level for calculating the MST tag the command no revision level restores the default setting to 0 Parameter evel is revision level The valid range is from 0 to 65535 Command mode MSTP domain configuration mode Default The default revision level is 0 Maipu Confidential amp Proprietary Information Pa
324. ic of VLAN 40 and VLAN 50 is sent through the topology of the instance 4 And the traffic of other VLANs is sent through the topology of the instance 0 The port 1 in Switch2 is the master port of the instance 3 and the instance 4 Maipu Confidential amp Proprietary Information Page 228 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The MSTP calculation generates 3 topologies the instance 0 the instance 3 and the instance 4 marked with blue lines The ports with the mark x are in the status of discarding The other ports are in the status of forwarding Because the instance 3 and the instance 4 are only valid in the MSTP domain the following figure only shows the topology of the MSTP domain The topology of instance 3 in MSTP domain after MSTP changes Maipu Confidential amp Proprietary Information Page 229 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The topology of instance 4 in MSTP domain after MSTP changes MSTP Troubleshooting Monitoring and Debugging Commands show spanning tree Command show spanning tree mst lt instance id gt interface interface list detail Function Display the information of MSTP protocol and instances Parameter lt interface list gt sets interface list lt instance id gt sets the instance ID The valid range is from O0 to 48 lt interface list gt sets the configuration port detail sets the detailed spanning tree information Command mode Admin Mod
325. ics information of five minutes and the second line displays the statistics information of five seconds Example Print the rate statistics information of the Ethernet port Switch show interface ethernet counter rate Interface IN pkts s IN bytes s OUT pkts s OUT bytes s 0 0 1 5m 13 473 12 345 678 12 345 1 234 567 5s 135 65 800 245 92 600 0 0 2 5m 0 0 0 0 5s 0 0 0 0 0 0 3 5m 0 0 0 0 5s 0 0 0 0 0 0 4 5m 0 0 0 0 5s 0 0 0 0 Displayed Information Explanation Interface The port number Do not display the Ethernet prefix 5m 5s Time IN pkts s The number of the packets every second at the in direction IN bytes s The number of bytes every second at the in direction OUT pkts s The number of the packets every second at the out direction OUT bytes s The number of bytes every second at the out direction show interface ethernet counter Command show interface ethernet counter Function Display the packet quantity statistics information and rate statistics information of all Ethernet ports Parameter none Command mode admin mode Usage guide First displat the packet quantity statistics information and then display the rate statistics information Maipu Confidential amp Proprietary Information Page 168 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Print the statistics information of Ethernet port Switchz show interface ethernet counter Maipu Confidential am
326. id range is 10 3600 Command Mode Port configuration mode Default Settings No default defense action Usage guide Only when DHCP Snooping is globally enabled can this command be set Trusted port will not detect pseudo DHCP Server so will never trigger the corresponding defense action When a port turns into a trusted port from a non trusted port the original defense action of the port is automatically deleted Example Set the DHCP Snooping defense action of port ethernet0 0 1 as setting blackhole and the recovery time is 30 seconds Switch Config interface ethernet 0 0 1 Switch Config Ethernet 0 0 1 ip dhcp snooping action blackhole recovery 30 ip dhcp snooping action MaxNum Command ip dhcp snooping action lt maxNum gt default Function Set the number of defense actions that can simultaneously take effect Parameters lt maxNum gt the number of defense action on each port the range of which is 1 200 and the value of which is 10 by default default restore the default value Command Mode Global configuration mode Default Settings The default value is 10 Usage guide Set the max number of defense actions to avoid the resource exhaustion of the switch caused by attacks If the number of alarm information is larger than the set value then the earliest defense action will be recovered forcibly in order to send new defense actions Example Set the number of port defense actions to 100 Maipu Confidenti
327. idate switch Name HOSTNAME of the candidate switch Device Type Device type show cluster members Command show cluster members Function On the command switch display the member information of the cluster Parameter none Default status none Command mode admin mode Usage guide Execute the command on the command switch to display the information If running the command on non command switch return error Example On the command switch display the member information of the cluster Switch show cluster members SN MAC Address Name Device Type Status 0 00 03 0f 00 28 e6 master MyPower S3026G POE AC 2026E UP 1 00 03 0f 00 28 e8 slavel MyPower S3026G POE AC 2008E UP 2 00 03 0f 01 d2 69 slave2 X MyPower S3026G POE AC 2017E DOWN 3 00 03 0f 25 13 f2 slave3 MyPower S3026G POE AC 2026E UP 4 00 03 0f 09 a35 c7 slave4 MyPower S3026G POE AC 2008E DOWN Displayed information show cluster members Displayed as the table form SN The cluster ID of the member switch MAC Address The MAC address of the member switch Name The hostname of the member switch Device Type The model of the member switch Status The running status of the member switch up or down debug cluster application Maipu Confidential amp Proprietary Information Command debug cluster application no debug cluster application Page 146 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable the a
328. idential amp Proprietary Information Page 334 of 472 MyPower S3026G POE AC Switch User Manual V1 0 optional ICMP packets can be filtered by packet code which is a number from 0 255 igmp type optional ICMP packets can be filtered by IGMP packet name or packet type which is a number from 0 255 time range name name of time range Command Mode The named extended MAC IP access list configuration mode Default No access list configured Usage guide none Example Deny the UDP packets with any source MAC address and destination MAC address any source IP address and destination IP address and source port 100 and destination port 40000 to pass Switch Config Mac Ext Nacl mie deny any source mac any destination mac udp any source s port 100 any destination d port 40000 time range Command no time range time range name Functions Create a time range name named time range name and enter the time range mode at the same time Parameters time range name time range name must start with letter and the length cannot exceed 16 characters long Command Mode Global configuration mode Default No time range configuration Usage guide None Example Create a time range named dc timer Switch Config timer range dc timer absolute periodic periodic Command no absolute periodic mondayltuesdaylwednesdaylthursdaylfridaylsaturdayl sunday start time to mondayltuesdaylwednesdaylthursdaylfridaylsaturdayl sun
329. ify authentication port number which must be the same as the specified authentication port in the RADIUS server The default port number is 1812 If this port number is set to O the specified server does not have the authentication function This command can be used repeatedly to configure multiple RADIUS servers communicating with the switch the configured order is used as the priority for the switch authentication server If primary is specified then the specified RADIUS server serves as the primary server Example Setting the RADIUS authentication server address as 200 1 1 1 Switch Config radius server authentication host 200 1 1 1 radius server dead time Command radius server dead time minutes no radius server dead time Function Configure the recovering time when RADIUS server is down the no radius server dead time command restores the default setting Parameters minute is the recovering time for RADIUS server in minutes and the valid range is 1 to 255 Command mode Global configuration mode Default The default value is 5 minutes Usage guide This command specifies the time to wait for the RADIUS server to recover from inaccessible to accessible When the switch acknowledges a server to be inaccessible it marks that server as having invalid status After the interval specified by this command the system resets the status for that server to valid Example Set the recovering time for RADIUS server to 3
330. ig vlan100 exit SwitchB config SwitchB config vlan 101 SwitchB config vlan101 switchport interface ethernet 0 0 20 SwitchB config vlan101 exit SwitchB config interface ethernet 0 0 10 SwitchB Config Ethernet0 0 10 switchport mode trunk SwitchB Config Ethernet0 0 10 exit SwitchB config vlan 20 SwitchB config vlan20 multicast vlan SwitchB config vlan20 multicast vlan association 100 101 SwitchB config vlan20 exit SwitchB config ip igmp snooping SwitchB config ip igmp snooping vlan 20 Maipu Confidential amp Proprietary Information Page 253 of 472 MyPower S3026G POE AC Switch User Manual V1 0 DCSCM Configuration Introduction to DCSCM DCSCM Destination control and source control multicast technology mainly includes three aspects that is Multicast Information Source Controllable Multicast User Controllable and Service Priority Oriented Policy Multicast The Multicast Packet Source Controllable technology of Controlled Multicast technology is mainly processed in the following manners 1 On the edge switch if source controlled multicast is configured then only multicast data from specified group of specified source can pass 2 For RP switch in the core of PIM SM for REGISTER information out of specified source and specified group REGISTER_STOP is transmitted directly and the entry is not allowed to set up The implement of Multicast User Controllable technology of Controlled Multicast te
331. ight part The upper part of the Web configuration interface displays the front panel of MyPower S3026G POE AC The indicators on the front panel display the connection status of the ports in real time Click the ports on the front panel and the lower right part of the web configuration interface can display the traffic statistics information of the ports The lower left part of the web configuration interface is the main menus through which you can configure manage maintain and monitor the ports of the switch The lower right part of the web configuration interface displays the interacting part with the user When the user clicks the upper Maipu Confidential amp Proprietary Information Page 49 of 472 MyPower S3026G POE AC Switch User Manual V1 0 part or the lower left part the lower right part of the web configuration interface displays the configuration interface of the menu sub menu The user can configure the switch as desired For the parameters on the configuration interface refer to the configuration introduction of the related chapter When using the web interface configuration pay attention to the following 1 Use the IE6 0 or higher browser and 1024 768 resolutionl JaveScript must be enabled 2 To ensure that the CGI program is executed correctly make sure that the browser reads new contents from the server but not from the system cache The following shows how to ensure that the browser new contents from
332. iguration 1 e neer see munanan nnana nan nana nana nnns L4Q IMEFOCUEHION TO sop EE 149 Port ConfiguratiOnzss cie a a a CHFIA ER REFERE ERE ER ERR EEE n RE AREE DEUS 150 Ethernet Port Configuration eoo sin poer ean bna uk uaa ku a RRE Yu FE ERN KRR EY RARE ERR YR RR ERN Rd 150 VLAN Interface Configuratio Mssari nsaan tanii Tennerien re ka aariad cR Dx ER 158 Port Mirroring Configuration Port Configuration Instance eere eec a a a eo RE ER 164 Port Troubleshooting eee non to y xa Rua kR R3 ER ERR RER ERR RRRERER AR KR EAS RARKRRARRARKR KARRRRARARKRAKRS 165 Monitoring and Debugging Commands 52 5 dai pi aoa su oat utu eurn nna bna nb aree ze nu dn revu aa 165 MAC Address Table neeeeeeeeeeeeeee enne nana nana aasaran 120 Introduction to MAC Address Table ssseee Henn 170 Obtaih MAC Table scciansasses EE 170 Forward OF FING oi ss EE 172 MAC Address Table Cotifig tatior 2 222 152 iis liens 173 mac address table agihg Erie 22 e prions spar ase xo ER re ana ARE RR ARR RR Ea rean tian KR RRRIR E RRYRRR UR RR GR ip 173 prem apicc 174 imac address table blackhiole rii erae eerte tu vues rne Eee uel eod reg De Reese e NE iex uie S OE 174 Clear mac address table dynamic uina onim nnt eria sacatanecneceeenanccncmnarereen 175 Typical Configuration Instance i t eet tiro neis neve rusa tree dos
333. in the new port However in some cases security or management policy may require MAC addresses to be bound with the ports and only data flow from the binding MAC is allowed to be forwarded in the ports That is to say after a MAC address is bound to a port only the data flow destined for that MAC address can flow in from the binding port and the data flow destined for the other MAC addresses that is not bound to the port is not allowed to pass through the port MAC Address Binding Configuration Task List 1 Enable MAC address binding function for the ports 2 Lock the MAC addresses for a port 3 MAC address binding property configuration 1 Enable MAC address binding function for the ports Command Explanation Port Mode Enable MAC address binding function for the switchport port security port and the no switchport port security no switchport port security command disables the MAC address binding function for the port 2 Lock the MAC addresses for a port Command Explanation Port Mode Lock the port and then MAC addresses switchport port security lock learning function is disabled The no no switchport port security lock switchport port security lock command restores the function Maipu Confidential amp Proprietary Information Page 178 of 472 MyPower S3026G POE AC Switch User Manual V1 0 switchport port security convert Convert dynamic secure MAC addresses
334. ing and scheduling Maipu Confidential amp Proprietary Information Page 432 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Read packet DSCP and convert it to CoS according to DSCP to Co8 mapping Read packet CoS and Cos to queue mapping Queue Number Read the buffer value for egress queue Queue buffer available Discard packets until queue buffer available Place packet into specified queue and forward according to the weight priority of the queues Queuing and Scheduling process QoS Configuration QoS Configuration Task List 1 Enable QoS Enable and disable QoS in Global Mode The other QoS commands can be configured only after enabling QoS in Global Mode Maipu Confidential amp Proprietary Information Page 433 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 Configure class map Set up a classification rule according to ACL CoS VLAN ID IP Precedent DSCP to classify the data flow 3 Configure a policy map Set up one policy table so as to limit the bandwidth for the classification rules and lower the priority 4 Apply QoS to the ports Configure the trust mode for ports or bind policies to ports A policy takes effect on a port only when it is bound to that port 5 Configure egress queue working mode and weight Configure egress queue working mode as PQ or WRR the mapping from internal priority to egress queue are global commands and they take effect on all po
335. ink type p2p Command spanning tree link type p2p auto force true force false no spanning tree link type i Function Set the link type of the current port the command no spanning tree link type restores link type to auto detection Parameter auto sets auto detection force true forces the link as point to point type force false forces the link as non point to point type Command mode Port configuration mode Default The link type is auto by default The MSTP detects the link type automatically Maipu Confidential amp Proprietary Information Page 216 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide When the port is full duplex MSTP sets the port link type as point to point When the port is half duplex MSTP sets the port link type as shared Example Force the port 0 0 7 8 as point to point type Switch Config interface ethernet 0 0 7 8 Switch Config Port Range spanning tree link type p2p force true spanning tree maxage Command spanning tree maxage time no spanning tree maxage b Function Set the max aging time for BPDU the command spanning tree maxage restores the default setting no Parameter lt time gt is max aging time in seconds The valid range is from 6 to 40 Command mode Global configuration mode Default The max age is 20 seconds by default Usage guide The lifetime of BPDU is called max aging time The max age is relevant with hello time and forward delay
336. ion enabled the switch is compatible with and provides power supply for non standard IEEE PD Example Set the switch to provide power supply for non standard IEEE PD Switch Config power inline legacy enable Maipu Confidential amp Proprietary Information Page 465 of 472 MyPower S3026G POE AC Switch User Manual V1 0 power inline enable Port Command power inline enable no power inline enable Function Enable disable PoE power supply Parameters None Command Mode Port Mode Default The power supply state on ports is enabled Usage guide Enabled Automatically detect PD In such a state PSE will automatically detect and classify a PD and provide power supply for it according to the classification If a PD connection is detected its specified output power will be satisfied as long as there is enough available power after which the corresponding LED indicator will be updated Otherwise the power distribution rules will decide whether or not to implement this power supply During a normal power supply process if PD requires for an extra power which exceeds the max threshold value the supply will be cut off and the corresponding LED indicator will be updated When the PD is disconnected from the PSE normally PSE will stop outputting power supply and update the corresponding LED indicator Disabled Disable power supply With the PSE power supply disabled no power will be output regardless of the existence of PD connec
337. ion via Console port to the local console Output the log information to remote Telnet terminal or monitor This function is good for remote maintenance Assign a proper log buffer zone inside the switch for recording the log information permanently or temporarily Configure the log host The log system directly sends the log information to the log host and save it in files to be viewed at any time Specify the needed channel for each output direction by configuring commands All information is filtered and sent to the corresponding output direction through specified channels The user can filter all information and Maipu Confidential amp Proprietary Information Page 117 of 472 MyPower S3026G POE AC Switch User Manual V1 0 re direct by configuring the channels used in the output direction as desired and configuring the filtered information of channels Note that the settings of four directions are independent from each other But you need to enable the global log switch first so that the settings can take effect Severity of Log Information The log information format is compatible with the BSD syslog protocol so we can record and analyze the log by the systlog system log protect process on the UNIX LINUX as well as syslog similar applications on PC The rule applied in filtering the log information by severity level is that only the log information with level equal to or higher than the threshold is outputted
338. iority lt priority gt configures the port to trust port priority Default No value is trusted Command mode Port Configuration Mode Example Configuring ethernet port 0 0 1 to trust CoS value i e classifying the packets according to CoS value Switch config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 mls qos trust cos Maipu Confidential amp Proprietary Information Page 441 of 472 MyPower S3026G POE AC Switch User Manual V1 0 mls qos cos Command mls qos cos 1 default cos no mls qos cos Function Configure the default CoS value of the port the no mls qos cos command restores the default setting Parameters default cos is the default CoS value for the port the valid range is O to 7 Default The default CoS value is 0 Command mode Port Configuration Mode Example Setting the default CoS value of ethernet port 0 0 1 to 5 i e packets coming in through this port will be assigned a default CoS value of 5 if no CoS value present Switch config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 mls qos cos 5 service policy Command service policy input policy map name output policy map name no service policy input lt policy map name gt loutput lt policy map name gt Function Apply a policy map to the specified port the no format of the command deletes the specified policy map applied on the switch port Parameters input lt policy map name gt applies t
339. ip igmp snooping vlan lt van d query mrspt lt va ue no ip igmp snooping vlan lt v an d query mrspt Configure the maximum query response period The no format of the command restores the default value ip igmp snooping vlan lt vlan id gt query robustness value no ip igmp snooping vlan vlan id query robustness Configure the query robustness The no format of the command restores the default value ip igmp snooping vlan lt v an d suppression query time lt va ue no ip igmp snooping vlan lt v an d suppression query time Configure the suppression query time The no format of the command restores the default value ip igmp snooping vlan lt V an id gt static group lt multicast IPAddress gt interface ethernet port channel lt nterfaceName gt no ip igmp snooping vlan lt v an d static group Configure static group source The no format of the command cancels this configuration Maipu Confidential amp Proprietary Information Page 236 of 472 MyPower S3026G POE AC Switch User Manual V1 0 lt multicast IPAddress gt interface ethernet port channel lt nterfaceName gt IGMP Snooping Configuration Commands ip igmp snooping Command ip igmp snooping no ip igmp snooping Function Enable the IGMP Snooping function the no ip igmp snooping command disables this function Command mode Global Configuration Mode Defau
340. is console monitor means that the output channel of log is the user s terminal logbuff means that the output channel of log is the log buffer loghost means that the output channel of log is the log host Command mode admin mode Default status show channel displays the brief information of all the channels without any parameter Maipu Confidential amp Proprietary Information Page 125 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide This command is used to view the summary information of a log channel Example Display the contents of Loghost channel Switch show channel loghost J eee sese sek Loghost Channel ARE EE IEEE k k k kk K Channel ID 2 channel name loghost State On Send messages 0 Dropped messages 0 Loghosts IPAddress Facility 100 100 100 5 locall Filter Items Module State Servirity shell On debugging Related command logging on show logging buffered Command show logging buffered lt buffersize gt Function Display detailed information of the channel of the log buffer Parameters lt buffersize gt is the number of the log message to display Command mode admin mode Default status 100 log messages are displayed without any parameter Usage guide If the number of messages in current log buffer is fewer than the specified lt buffersize gt the log information of the actual number is displayed Example Display the details of latest 20 log messages in log buffer chan
341. is not displayed by default Usage guide This command can display various sorts of MAC address entries Users can also use show mac address table to display all the MAC address entries Example Display all the filter MAC address entries Switch show mac address table blackhole Troubleshooting Using the show mac address table command a port fails to learn the MAC of a device connected to it The possible reasons The connected cable is broken Spanning Tree is enabled and the port is in discarding status or the device is just connected to the port and Spanning Tree is still under calculation wait until the Spanning Tree calculation finishes and the port can learn the MAC address If not the problems mentioned above please check for the switch port and contact Maipu Technical Center Maipu Confidential amp Proprietary Information Page 177 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MAC Address Function Extension MAC Address Binding Introduction to MAC Address Binding Most switches support MAC address learning each port can dynamically learn several MAC addresses so that forwarding data flow between known MAC addresses within the ports can be achieved If a MAC address is aged the packet destined for that entry is broadcasted In other words a MAC address learned on a port is used for forwarding If the connection is changed to another port the switch learns the MAC address again to forward data
342. ist 1100 permit any source mac any destination mac tagged eth2 14 2 0800 Maipu Confidential amp Proprietary Information Page 340 of 472 MyPower S3026G POE AC Switch User Manual V1 0 access list 3100 used 0 time s access list 3100 deny any source mac any destination mac udp any source s port 100 any destination d port 40000 Displayed information Explanation access list 10 used 0 time s Number ACL10 0 times to be used access list 10 deny any source Deny any IP packets to pass access list 100 used 1 time s Nnumber ACL10 1 time to be used access list 100 deny ip any source any Deny IP packets of any source IP address and destination destination address to pass access list 100 deny tcp any source any Deny TCP packet of any source IP address and destination destination address to pass access list 1100 permit any source mac Permit tagged eth2 with any source MAC any destination mac tagged eth2 14 2 0800 addresses and any destination MAC addresses and the packets whose 15th and 16th bytes are 0x08 and 0x0 respectively to pass access list 3100 permit any source mac Deny the UDP packets with any source MAC any destination mac udp any source s port address and destination MAC address any 100 any destination d port 40000 source IP address and destination IP address and source port 100 and destination interface 40000 to pass show access group Command show access group interface Ethern
343. it Particularly if the attacker pretends to be the gateway and do ARP cheating the whole network is collapsed Switch LT pci H ie ENS E ja PC2 Emr pc3 Li PC4 PCS PC6 ARP Guard schematic diagram We utilize the filtering entries of the switch to protect the ARP entries of important network devices from being imitated by other devices The basic theory is to use the filtering entries of the switch to check all the ARP messages entering through the port If the source address of the ARP message is protected the messages are directly dropped and are not forwarded Maipu Confidential amp Proprietary Information Page 401 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ARP GUARD function is usually used to protect the gateway from being attacked If all the accessed PCs in the network should be protected from ARP cheating a large number of ARP GUARD address should be configured on the port which takes up a big part of FFP entries in the chip and as a result it may affect other applications so it is improper It is recommended to adopt the FREE RESOURCE related access scheme Please refer to relative documents for details ARP Guard Configuration ARP Guard Configuration Task List Configure the protected IP address Command Explanation Port configurati
344. itch configuration or when in band management is not available For instance the user must assign an IP address to the switch via the Console interface to be able to access the switch via Telnet The procedures for managing the switch via the Console interface are listed below Step 1 set up the environment Connect with serial port Outband management configuration environment of MyPower S3026G POE AC As shown in above the serial port RS 232 is connected to the switch with the serial cable provided The table below lists all the devices used in the connection Maipu Confidential amp Proprietary Information Page 33 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Device Name Description PC Has functional keyboard and RS 232 with terminal emulator installed such as HyperTerminal included in Windows 9x NT 2000 XP Serial port cable One end is connected to the RS 232 serial port and the other end to the Console port MyPower S3026G POE Functional Console port required AC Step 2 Enter the HyperTerminal Open the HyperTerminal included in Windows after the connection is established The example below is based on the HyperTerminal included in Windows XP Click Start gt All Programs gt Accessories gt Communication gt HyperTerminal Ju a e we a0 j pr Open Hyper Terminal Type a name for opening HyperTerminal such as Switch Maipu Confidential
345. itch re initials authentication on no supplicant response the no command restores the default setting dotix re authentication no dotix re authentication Set permitting the periodical re authentication for supplicant The no format of the command disables the function dotix timeout quiet period seconds no dotix timeout quiet period Set the time to keep silent after the port authentication fails The no format of the command restores the default value dotix timeout re authperiod seconds no dotix timeout re authperiod Set the interval of the switch to re authenticate the suppliant The no format of the command restores the default value dotix timeout tx period seconds no dotix timeout tx period Set the interval of the switch to re send EAP request identity frame to the supplicant The no format of the command restores the default value Admin mode dotix re authenticate interface nterface name Set the 802 1x re authentication for all ports or one specified port not need to wait timeout 4 Configure the attributes related with Authentication Server RADIUS server A Configure RADIUS authentication key Command Explanation Global Mode radius server key string no radius server key Set the key of the RADIUS server The no format of the command deletes the key of the RADIUS server B Configure RADIUS Server Command
346. ite current start up configuration file FTP TFTP Configuration The configurations of MyPower S3026G POE AC as FTP and TFTP clients are almost the same so the configuration procedures for FTP and TFTP are described together in this manual Maipu Confidential amp Proprietary Information Page 103 of 472 MyPower S3026G POE AC Switch User Manual V1 0 FTP TFTP Configuration Task List 1 FTP TFTP client configuration A Upload download the configuration file or system file B For FTP client server file list can be checked 2 FTP server configuration A Start FTP server B Configure FTP login username and password C Modify FTP server connection idle time D Shut down FTP server 3 TFTP server configuration A Start TFTP server B Configure TFTP server connection idle time C Configure retransmission times before timeout for packets without acknowledgement D Shut down TFTP server 1 FTP TFTP client configuration FTP TFTP client upload download file Command Explanation Admin Mode BE id ad sestnatonsarEs paso FTP TFTP client uploads downloads file Global configuration mode Dir ftpServerUrl FTP client views the file list FtpServerUrl on the server in ftp user password IP Address format 2 FTP server configuration A Start FTP server Command Explanation Global Mode ftp server enable no ftp server enable Start FTP server the no form
347. ite port to implement interconnection Note The configuration may cause that the adjacent devices with different Maipu Confidential amp Proprietary Information Page 223 of 472 MyPower S3026G POE AC Switch User Manual V1 0 correspondence between instance and VLAN considers the opposite port is in the same region Therefore when the function is used the administrator should ensure that the correspondence is consistent In addition the configuration should be performed on all ports to prevent unexpected results Example Switch Config interface ethernet 0 0 2 Switch Config Ethernet 0 0 2 spanning tree digest snooping Switch Config Ethernet 0 0 2 spanning tree tcflush Global Mode Command spanning tree tcflush enable disable protect no spanning tree tcflush Function Configure the spanning tree flush mode once the topology changes no spanning tree tcflush restores the default setting Parameter enable The spanning tree flush once the topology changes disable The spanning tree don t flush when the topology changes protect the spanning tree flush not more than one time every ten seconds Command mode Global configuration mode Default status Enable Usage guide According to MSTP when topology changes the port that send change message clears MAC ARP table FLUSH In fact it is not needed for some network environment to do FLUSH with every topology change At the same time as a method to avoid net
348. ithin the period from 14 30 00 to 16 45 00 on Monday Wednesday Friday and Sunday Switch Config Time Range periodic monday wednesday friday sunday 14 30 00 to 16 45 00 Maipu Confidential amp Proprietary Information Page 336 of 472 MyPower S3026G POE AC Switch User Manual V1 0 absolute start Command no absolute start start time start data end end time end data Functions Define an absolute time range this time range operates subject to the clock of this equipment Paramter start time start time hh mm hour minute end time end time hh mm hour minute start data start date the format is YYYY MM DD year month day end data start date the format is YYYY MM DD year month day Note time range is one minute per time so the time error shall be one minute Command Mode Time range mode Default No time range configuration Usage guide Absolute time and date assign specific year month day hour minute of the start you shall not configure multiple absolute time and date when in repeated configuration the latter configuration covers the absolute time and date of the former configuration Example Enable the configuration from 2004 10 1 6 00 00 to 2005 1 26 13 30 00 Switch Config Time range admin timer Switch Config Time Range absolute start 6 00 00 2004 10 1 end 13 30 00 2005 1 26 ACL Instances Scenario 1 The user has the following configuration requirement port
349. itor session source interface ethernet 0 0 8 9 Switch2 Config monitor session destination interface ethernet 0 0 24 SW3 Switch3 Config interface ethernet 0 0 10 Switch3 Config Ethernet0 0 10 speed duplex force 10 full Maipu Confidential amp Proprietary Information Page 164 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Troubleshooting Monitoring and Debugging Commands clear counters ethernet Command clear counters ethernet interface list vlan vlan id port channel lt port channel number gt l lt interface name gt Function Clear the statistics information of Ethernet port Parameter lt interface list gt is the Ethernet port ID lt vlan id gt is the VLAN interface ID port channel number is the aggregation interface ID interface name is the interface name such as port channel1 Command mode admin mode Default status Do not delete the statistics information of Ethernet interface by default Usage guide If the port is not specified all port statistics information is deleted Example Clear the statistics information of Ethernet port 0 0 1 Switch clear counters ethernet 0 0 1 show interface ethernet Command show interface ethernet lt nterface list gt Function To display the information of the ports on the specified switch Parameter interface list is the port ID the format and value range of the port ID is explained in the port introduction part of
350. k any destination mac host destination mac host dmac lt dmac gt lt dmac mask gt eigrp greligrp ip ipinip ospf protocol num 4 source source wilacard any source host source lt source host ip gt 4 destination destination wildcard any destination host destination lt destination host ip gt precedence precedence tos tos time range lt time range name Create one named extended MAC IP access rule of mac ip other protocol type The no format of the command deletes the named extended IP access rule C Exit the configuration mode of the MAC IP access list Command Explanation Configuration mode of the named extended MAC IP access list Maipu Confidential amp Proprietary Information Page 319 of 472 MyPower S3026G POE AC Switch User Manual V1 0 exit Exit the configuration mode of the named extended MAC IP access list 2 Configure packet filter function A nable the packet filter function globally Command Explanation Global mode firewall enable Enable the packet filter function globally firewall disable Disable the packet filter function globally B Configure default action Command Explanation Global mode firewall default permit Set the default action as permit firewall default deny Set the default action as deny 3 Configu
351. k gt any source host source lt sipAddr gt s port lt sPort gt lt dIpAddr gt lt dMask gt any destination host destination lt dIpAddr gt d port lt dPort gt ack fin psh rst urg syn precedence lt prec gt tos lt tos gt time range lt time range name gt Create one TCP named extended IP access rule The no format of the command deletes the named extended IP access rule no deny permit udp lt sZpAddr gt lt sMask gt any source host source lt sipAddr gt sPort s port 4 lt dIpAddr gt lt dMask gt any destination host destination lt dZpAddr gt d port lt dPort gt precedence prec tos lt tos gt time range lt time range name gt Create one UDP named extended IP access rule The no format of the command deletes the named extended IP access rule no deny permit eigrp gre igrp ipinip ip ospf int lt sIpAddr gt sMask any source host source sipAddr 4 dipAdar lt dMask gt any destination host destination lt dIpAddr gt precedence lt prec gt tos tos time range lt time range name gt Create one numbered extended IP access rule matching other specified IP protocol or all IP protocols If the numbered extended access list does not exist create the access list c Exit the configuration mode of the named extended IP access list Maipu Confidential amp Prop
352. k set show debugging Command show debugging Function Display the debug switch status Usage guide If the user needs to check which debug switches are enabled show debugging command can be executed Command mode Admin Mode Example View the current enabled debug switch Switch show debugging STP Stp input packet debugging is on Stp output packet debugging is on Stp basic debugging is on Related command debug show flash Command show flash Function Show the size of the files which are reserved in the system flash memory Command mode Admin Mode Example View the files in flash and the file size Maipu Confidential amp Proprietary Information Page 73 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch show flash file name file length nos img 1122380 bytes startup config 1061 bytes Switch show history Command show history Function Display the recent user command history Command mode Admin Mode Usage guide The system holds up to 10 commands the user entered the user can use the UP DOWN key or their equivalent Ctrl P and Ctrl N to access the command history Example Switch show history enable config interface ethernet 0 0 3 enable show flash show ftp show memory Command show memory Function Display the contents in the memory Command mode Admin Mode Usage guide This command is used to debug the switch The command interactively prompts the user to enter sta
353. l amp Proprietary Information Page 360 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Index Port Mode 1 Ethernet0 0 49 active 2 Ethernet0 0 50 active Displayed Explanation information Port channels in If port channel does not exist the above information is not displayed the group Number of port The number of the ports in port channel Standby port The port in standby status which means the port is qualified to join the channel but cannot join the channel due to the maximum port limit thus the port status is standby instead of selected debug lacp Command debug lacp no debug lacp Function Enable the LACP debug function no debug lacp command disables the debug function Command mode Admin Mode Default LACP debug information is disabled by default Usage guide Use this command to enable LACP debugging so that LACP packet processing information can be displayed Example Enable LACP debug Switch debug lacp Port Channel Troubleshooting If problems occur when configuring port aggregation please first check the following for causes Ensure all ports in a port group have the same properties i e whether they are in full duplex mode forced to the same speed and have the same VLAN properties etc If inconsistency occurs modify to be the same Some commands cannot be used on a port on port channel such as arp bandwidth and ip ip forward When generating aggregation group for
354. l NMS private MIB contains specific information which can be viewed and controlled by the support of the manufacturers MIB I RFC1156 is the first implemented public MIB of SNMP and is replaced by MIB II RFC1213 MIB II expands MIB I and keeps the OID of MIB tree in MIB I MIB II contains sub trees which are called groups Objects in those groups cover all the functional domains in network management NMS obtains the network management information by visiting the MIB of SNMP Agent The switch can operate as a SNMP Agent and supports both SNMP v1 v2c and SNMP v3 The switch supports basic MIB II RMON public MIB and other public MID such as BRIDGE MIB Besides the switch supports self defined private MIB Introduction to RMON RMON is the most important expansion of the standard SNMP RMON is a set of MIB definitions used to define standard network monitor functions and interfaces enabling the communication between SNMP management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets MID of RMON consists of 10 groups The switch supports the most frequently used group 1 2 3 and 9 Statistics Maintain basic usage and error statistics for each subnet monitored by the Agent History Record periodical statistic samples available from Statistics Alarm Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent recor
355. lation mode Protect Maximum MAC Addresses 1 Total MAC Addresses 1 Configured MAC Addresses 1 Lock Timer is ShutDown Mac Learning function is Opened Displayed information Explanation Port Security Whether the port is enabled as a security port Port status Port secure status Violation mode Violation mode set for the port Maximum MAC Addresses The maximum secure MAC address number set for the port Total MAC Addresses Current secure MAC address number for the port Configured MAC Addresses Current secure static MAC address number for the port Lock Timer Whether locking timer timer timeout is enabled for the port Mac Learning function Whether the MAC address learning function is enabled show port security address Command show port security address interface lt interface id gt Maipu Confidential amp Proprietary Information Page 184 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Display the security MAC addresses of the port Command mode Admin Mode Parameter interface id gt stands for the port to be displayed Usage guide This command displays the security MAC address information of the port if no port is specified secure MAC addresses of all ports are displayed The following is an example Switch show port security address interface ethernet 0 0 1 Security Mac Address Table Vlan Mac Address Type Ports 1 0000 0000 1111 S
356. ld be given The following describes QoS as accurate as possible The data transmission specifications of the IP protocol cover only addresses and services of the sending end and the receiving end and ensure correct packet transmission by using OSI L4 or above protocols such as TCP However rather than providing a mechanism for providing and protecting packet transmission bandwidth the IP protocol provides the bandwidth service by the best effort This is acceptable for services like Mail and FTP but for increasing multimedia business data and e business data transmission this best effort method cannot satisfy the bandwidth and low delay requirement QoS can not create new bandwidth but can maximize the adjustment and configuration for the current bandwidth resource Fully implementing QoS can achieve complete management over the network data Based on differentiated service QoS specifies a priority for each packet at the ingress The classification information is carried in L3 IP packet header or L2 802 1Q frame header QoS provides the same service for the packets of the same priority while offers different operations for the packets of different priorities The switch or router that supports QoS can Maipu Confidential amp Proprietary Information Page 429 of 472 MyPower S3026G POE AC Switch User Manual V1 0 provide different bandwidth resources according to the packet classification information and can remark the classification
357. ld not exceed 9000mW Topology of Network Configuration Steps Globally enable PoE Switch Config power inline enable Globally set the max power to150W Switch Config power inline max 150 Globally enable the priority policy of power management Switch Config power inline police enable Maipu Confidential amp Proprietary Information Page 468 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Set the priority of Port 0 0 2 to critical Switch Config Ethernet0 0 2 power inline priority critical Set the max output power of Port 0 0 6 to 9000mW Switch Config Ethernet0 0 6 power inline max 9000 POE Troubleshooting Monitoring and Debugging Information show power inline Command show power inline Function Display global PoE configurations and status Parameters None Command Mode Admin Mode Default None Usage guide The meaning of each field islisted in the following table Field Description Power Inline Status The global PoE status enabled or disabled Power Avaliable The global max value of available power Power Used The global value of used power Power Remaining The global value of remaining power Min Voltage The global threshold of under voltage Max Voltage The global threshold of over voltage Police The power priority policy status enabled or disabled Legacy The non standard PD detection status enabled or disabled Disconnect The PD disc
358. le can be set in the ACL Example Create a class map named ci and configure the class rule of this class map to match packets with IP Precedence of 0 and 1 Switch config class map cl Switch config ClassMap match ip precedence 0 1 Switch config ClassMap exit Maipu Confidential amp Proprietary Information Page 437 of 472 MyPower S3026G POE AC Switch User Manual V1 0 policy map Command policy map policy map name no policy map lt policy map name gt Function Create a policy map and enter the policy map mode the no policy map lt policy map name gt command deletes the specified policy map Parameters lt policy map name gt is the policy map name Default No policy map is configured by default Command mode Global configuration mode Usage guide QoS classification matching and marking operations can be done in the policy map configuration mode Example Creating and deleting a policy map named p1 Switch config policy map pl Switch config no policy map pl class Command class class map name no class lt class map name gt Function Set up a class map and enter the class map mode the no format of the command deletes the specified class map Parameters lt class map name is the name used by the class map Default No policy class is configured by default Command mode Policy map configuration Mode Usage guide Before setting up a policy class create a policy map first and ente
359. les of the set value If no data flow from the dynamic MAC address is received during the period the dynamic MAC address is aged Maipu Confidential amp Proprietary Information Page 173 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Set the aging time of the MAC address learned dynamically in the MAC address table as 400s Switch Config mac address table aging time 400 mac address table Command mac address table static address lt mac addr gt vlan vlan id interface Ethernet port channel interface name no mac address table alllstaticldynamic address lt mac addr gt vlan lt vlan id interface lt interface name gt Function Add or modify the static address entry The no format of the command deletes the static address entry Parameter static is the static entry lt mac addr gt is the MAC address to be added or deleted lt interface name gt is the name of the port to forward the MAC packets vlan id is the number of the VLAN that receives the MAC address packets In the no operation all means to delete all entries including static entries dynamic entries and filter entries but excluding the entries whose Creator is System and App Command mode Global mode Default status After configuring VLAN interface or L3 interface the system generates the static address mapping entries of one VLAN interface or L3 interface with the fixed MAC address of the switch Usage guide When the
360. link port e0 0 25 Maipu Confidential amp Proprietary Information Page 130 of 472 MyPower S3026G POE AC Switch User Manual V1 0 That is all the downlink ports cannot connect to each other but a downlink port can be connected to a specified uplink port The uplink port can be connected to any port Port Isolation Configuration Port Isolation Configuration Task Set the uplink port Command Explanation isolate port allowed ethernet lt JnterfaceList gt Enable or disable the port isolation function no isolate port allowed ethernet An uplink port list is needed to enable it This lt InterfaceList gt command can be called more than once to set or cancel uplink ports Commands for Configuring Port Isolation Command isolate port allowed ethernet lt InterfaceList gt no isolate port allowed ethernet lt nterfaceList gt Function This command is used to set or cancel port isolation function When the function is enabled the uplink port list needs to be specified You can use the command repeatedly to set or cancel the uplink port Parameter lt InterfaceList gt is the uplink port list which supports and Command mode Global mode Default status The port isolation function is disabled Usage guide As long as there is uplink port the port isolation function is enabled That is the downlink ports can inter work with uplink ports but the downlink ports cannot inter work with each other
361. lish sets the display language of the web interface as English Command mode Global Configuration Mode Usage guide After configuring the web language command you need to restart the switch to make the configuration take effect Example set the display language of the web interface of the switch as English Maipu Confidential amp Proprietary Information Page 59 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config web language english Maintaining and Debugging Commands When configuring the switch the user needs to view whether the configurations are correct and whether the switch works normally as desired or when the network fails the user needs to diagnose the fault MyPower S3026G POE AC provides the debugging commands such as ping telnet show and debug helping the user to view the system configuration and running status and find the fault reason Ping Command ping src lt source address gt lt destination address gt hostname Function The switch sends ICMP request packets to remote devices Check whether the switch can access the remote device Parameters source address is the source IP address of the source host that sends the packets in dotted decimal format destination address is the target IP address of the ping command in dotted decimal format hostname is the target host name of the ping command which consists of numbers and letters and begins with letters The
362. lt IGMP Snooping is disabled by default Usage guide Use this command to enable IGMP Snooping that is permit every vlan to configure the IGMP snooping function The no ip igmp snooping command disables this function Example Enable IGMP Snooping in the global mode Switch Config ip igmp snooping ip igmp snooping vlan Command ip igmp snooping vlan v an id no ip igmp snooping vlan lt vlan id gt Function Enable the IGMP Snooping function for the specified VLAN the no ip igmp snooping vlan vlan id command disables the IGMP Snooping function for the specified VLAN Parameter lt vlan id gt is the VLAN number The value range is 1 4094 Command mode Global Configuration Mode Default IGMP Snooping is disabled by default Usage guide To configure IGMP Snooping on specified vlan the global IGMP Snooping should be first enabled Disable IGMP Snooping on specified vlan with the no ip igmp snooping vlan vlan id command Example Enable IGMP Snooping for VLAN 100 in Global Configuration Mode Switch Config ip igmp snooping vlan 100 Maipu Confidential amp Proprietary Information Page 237 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ip igmp snooping vlan immediate leave Command ip igmp snooping vlan v an id immediate leave no ip igmp snooping vlan lt vlan id gt immediate leave Function Enable the IGMP Snooping fast leave function for the specified VLAN the no form of the comman
363. lt status None Command Mode Global Configuration Mode Usage guide ACL of Multicast destination control table entry is controlled by specified ACL number from 6000 to 7999 The command is used to configure this ACL ACL of Multicast destination control only needs to configure source IP address and destination IP address controlled group IP address the configuration mode is basically the same as other ACLs and use wildcard character to configure address range and also specify a Maipu Confidential amp Proprietary Information Page 258 of 472 MyPower S3026G POE AC Switch User Manual V1 0 host address or all address Note that all addresses is 224 0 0 0 4 for group IP address not 0 0 0 0 0 in other access list IGMP Snooping V2 only supports G but not lt S G gt so for IGMP Snooping V2 only the ACL entries whose multicast source address is any source are meaningful Example Switch Config access list 6000 permit ip 10 1 1 0 0 0 0 255 232 0 0 0 0 0 0 255 ip multicast source control Command ip multicast source control no ip multicast source control Function Configure to globally enable multicast source control the no form of the command restores global multicast source control disabled Parameter None Default Disabled Command Mode Global Configuration Mode Usage guide The source control access list applies to interface with only enabling global multicast source control and configure to disabled global m
364. lues corresponding to the O to 7 CoS value and each DSCP value is delimited with space ranging from 0 to 63 dscp cos lt dscp list gt to cos defines the mapping from DSCP to CoS value dscp list is a list of DSCP value consisting of up to 8 DSCP values cos are the CoS values corresponding to the DSCP values in the list dscp mutation lt in dscp gt to out dscp defines the mutation mapping from DSCP to DSCP in dscp stand for incoming DSCP values up to 8 values are supported and each DSCP value is delimited with space ranging from O to 63 out dscp is the sole outgoing DSCP value and the 8 values defined in incoming DSCP are converted to outgoing DSCP values policed dscp lt dscp list gt to mark down dscp defines DSCP mark down mapping where lt dscp list gt is a list of DSCP values containing up to 8 DSCP values lt mark down dscp gt are DSCP value after mark down Default Default mapping values are Default CoS to DSCP Map CoS Value 0 1 2 3 4 5 6 7 DSCP Value 0 8 16 24 32 40 48 56 Default DSCP to CoS Map DSCP Value 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 CoS Value 0 1 2 3 4 3 6 7 dscp mutation and policed dscp are not configured by default Command mode Global configuration mode Usage guide In police command classified packet traffic can be set to mark down if it exceeds specified average speed or burst value policed dscp lt dscp list gt to mark down dscp can mark down the
365. mation to memory buffer and set the memory buffer size as 50 Switch Config logging buffered 50 Related command logging on show channel logbuff show logging buffered logging console Command logging console no logging console Function This command is used to enable the channel for outputting log information to console Adding no before the command means to disable the channel Maipu Confidential amp Proprietary Information Page 121 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Global mode Default status By default do not output log information to console Usage guide This command can take effect only after the global system log function is enabled Example Enable the channel for outputting log information to console Switch Config logging console Related command logging on show channel console logging host Command logging lt ip addr gt facility lt local number gt no logging lt ip addr gt Function This command is used to enable the output channel of the log host Adding no before the command means to disable the channel Parameter lt ip addr gt is the IP address of the log host lt local number gt is the recording tool of the log host and the value range is local0 local7 Command mode Global mode Default status By default do not output log information to the log host The default recording tool of log host is localo Use guide This command can t
366. messages Statically configured port Maipu Confidential amp Proprietary Information Page 238 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ip igmp snooping vlan I2 general query version Command ip igmp snooping vlan v lanid 2 general query version version Function Configure the L2 query version Parameters vlan id is the id of the VLAN limited to 1 4094 version is the version number limited to 1 3 Command Mode Global Configuration Mode Default version 3 Usage guide When the switch is in the environment supporting V1 or V2 only the VLAN that is configured with the L2 query can be identified only when sending the corresponding version query The command is used to configure the version of sending the L2 query Example Switch Config ip igmp snooping vlan 2 12 general query version 2 ip igmp snooping vlan I2 general query source Command ip igmp snooping vlan lt vlanid gt 12 general query source lt A B C D gt no ip igmp snooping vlan vlanid I2 general query source Function Configure the source address of igmp snooping L2 querier sending query Parameters vlanid the id of the vlan with limitation to 1 4094 A B C D is the source address of the query operation Command Mode Global Configuration Mode Default 0 0 0 0 Usage guide It is not supported on Windows 2000 XP to query with the source address as 0 0 0 0 So the layer 2 query source address configuration
367. meter ip addr is the secure IP address that accesses the switch shown in decimal dotted format Default status By default the system does not configure any IP address Command mode Global configuration mode Usage guide Before the secure IP address is not configured the IP address of the Telnet client that logs into the switch is not limited After configuring the secure IP address only the host of the secure IP address Maipu Confidential amp Proprietary Information Page 65 of 472 MyPower S3026G POE AC Switch User Manual V1 0 can telnet to the switch to configure The switch permits configuring multiple secure IP addresses Example Set 192 168 1 21 as the secure IP address Switch Config telnet server securityip 192 168 1 21 6 telnet user Command telnet user username password 0 7 password no telnet user username Function Set the user name and password of the Telnet client The no format of the command is used to delete the Telnet user Parameter username is the user name of the Telnet client consisting of 16 characters at most password is the login password consisting of eight characters at most O 7 means that the password is not encrypted to display or is encrypted to display Command mode Global configuration mode Default status By default the system does not set the user name and password of the Telnet client Usage guide The command is sued when the switch serves as Telne
368. meters rate threshold ranging from 2 to 200 Default Settings 10 packets second Command Mode Global Configuration Mode Usage guide the threshold of port based Anti ARP scan should be larger than the threshold of IP based anti ARP scan or the IP based anti ARP scan fails Example Set the threshold of port based anti ARP scan as 10 packets second Switch Config anti arpscan port based threshold 20 anti arpscan ip based threshold lt threshold value Command anti arpscan ip based threshold lt threshold value gt no anti arpscan ip based threshold Function Set the threshold of received packets of the IP based anti ARP scan If the rate of received ARP packets exceeds the threshold the IP packets from this IP are blocked The unit is packet second The no anti arpscan ip based threshold command restores the default value 3 packets second Parameters rate threshold ranging from 1 to 200 Default Settings 3 packets second Command Mode Global configuration mode Maipu Confidential amp Proprietary Information Page 407 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide The threshold of port based anti ARPscan should be larger than the threshold of IP based anti ARPscan or the IP based anti ARPscan fails Example Set the threshold of IP based anti ARPscan as 6 packets second Switch Config anti arpscan ip based threshold 6 anti arpscan trust lt port supertrust port gt Command anti
369. minutes Switch Config radius server dead time 3 radius server key Command radius server key lt string gt no radius server key Function Set the key for the RADIUS server authentication and accounting the no radius server key command deletes the key for RADIUS server Maipu Confidential amp Proprietary Information Page 298 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters string is a key string for RADIUS server and up to 16 characters are allowed Command mode Global configuration mode Usage guide The key is used in the encrypted communication between the switch and the specified RADIUS server The key set must be the same as the RADIUS server set otherwise proper RADIUS authentication and accounting will not perform properly Example Set the RADIUS authentication key to be test Switch Config radius server key test radius server retransmit Command radius server retransmit lt retries gt no radius server retransmit Function Configures the re transmission times for RADIUS authentication packets the no radius server retransmit command restores the default setting Parameters retries is a retransmission times for RADIUS server and the valid range is 0 to 100 Command mode Global configuration mode Default The default value is 3 times Usage guide This command specifies the retransmission time for a packet without a RADIUS server response after the switch se
370. mmand cancels this IP address Command mode Global Configuration Mode Parameter lt host ipv4 addr gt lt host ipv6 addr gt is the IP address of the NMS managing station which receives Trap message vi v2c v3 is the version number used in sending the trap NoauthNopriv AuthNopriv AuthPriv is the safety level v3 trap is applied which may be non encrypted and non authentication non encrypted and authentication encrypted and authentication lt user string gt is the community character string applied when sending the Trap message at v1 v2 and will be the user name at v3 Usage guide The Community character string configured in this command is the default community string of the RMON event group If the RMON event group has no community character string configured the community character string configured in this command will be applied when sending the Trap of RMON and if the community character string is configured its configuration will be applied when sending the RMON trap This command allows configuration the IP address of the network manage station receiving the SNMP Trap message but the IP addresses are less than 8 in all Example Configure an IP address to receive Trap Switch config snmp server host 1 1 1 5 v1 testtrap Delete one IP address of receiving the Trap Switch config no snmp server host 1 1 1 5 v1 testtrap snmp server securityip Command snmp server securityip lt ip address gt no snmp
371. mmand when binding addresses manually If the identifier or hardware address of the requesting client matches the specified identifier or hardware address the DHCP server assigns the IP address defined in host command to the client Example Bind IP address 10 1 128 160 with hardware address 00 10 5a 60 af 12 in manual address binding Switch dhcp 1 config hardware address 00 10 5a 60 af 12 Switch dhcp 1 config host 10 1 128 160 24 Related command hardware address client identifier ip dhcp conflict logging Command ip dhcp conflict logging no ip dhcp conflict logging Maipu Confidential amp Proprietary Information Page 370 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable logging for address conflicts detected by the DHCP server the no ip dhcp conflict logging command disables the logging Default Logging for address conflict is enabled by default Command mode Global Configuration Mode Usage guide When logging is enabled once the address conflict is detected by the DHCP server the conflicting address will be logged Addresses present in the log for conflicts will not be assigned dynamically by the DHCP server until the conflicting records are deleted Example Disable logging for DHCP server Switch Config no ip dhcp conflict logging Related command clear ip dhcp conflict ip dhcp excluded address Command ip dhcp excluded address lt ow address gt lt high address gt
372. mode In VLAN Mode the user can configure the VLAN name and assign the switch ports to the VLAN The no command deletes specified VLANs Parameter lt vlan id gt is the VLAN ID to be created deleted valid range is 1 to 4094 Command mode Global mode Default Only VLAN1 is set by default Usage guide VLAN1 is the default VLAN and cannot be configured or deleted by the user The maximal VLAN number is 4094 Example Create VLAN100 and enter the configuration mode of VLAN 100 Switch Config vlan 100 Switch Config Vlan100 name Command name lt v an name gt no name Maipu Confidential amp Proprietary Information Page 189 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Specify the name for VLAN the VLAN name is one description character string of the VLAN The no format of the command deletes the VLAN name Parameters vlan name is the specified VLAN name string Command mode VLAN Mode Default The default VLAN name is vlanXXX where xxx is VID Usage guide The switch can specify names for different VLANs making it easier for users to identify and manage VLANs Example Specify the name of VLAN100O as TestVlan Switch Config Vlan100 name TestVlan switchport access vlan Command switchport access vlan vlan id no switchport access vlan Function Add the current Access port to the specified VLAN The no switchport access vlan command deletes the current port from the specified
373. mputers in Internet NTP can estimate the round trip delay of the packet on the network and the computer s clock difference independently so as to realize high accuracy in network computer clocking Generally NTP can provide accuracy from 1 to 50ms according to the features of the synchronization source and network route Simple Network Time Protocol SNTP is the simplified version of NTP removing the complex algorithm of NTP SNTP is used for hosts who do not require full NTP functions it is a subset of NTP It is common practice to synchronize the clocks of several hosts in LAN with other NTP hosts through the Internet and provide time synchronization service for other clients in LAN The following figure describes a NTP SNTP application network topology where SNTP mainly works between second level servers and various terminals since the scenario does not require very high time accuracy and the accuracy of SNTP 1 to 50 ms is usually sufficient for those services Level 1 server DNS server Campus users router Campus users Maipu Confidential amp Proprietary Information Page 423 of 472 MyPower S3026G POE AC Switch User Manual V1 0 NTP SNTP working scenario The switch realizes the SNTP client and supports SNTP client unicast as described in RFC2030 SNTP client multicast and anycast are not supported nor is the SNTP server function SNTP Configuration SNTP Configuration Task List 1 Setserver addres
374. n 30 SW3 Config Vlan30 exit SW3 Config vlan 40 SW3 Config Vlan40 exit SW3 Config vlan 50 SW3 Config Vlan50 ffexit SW3 Config spanning tree mst configuration SW3 Config Mstp Region name mstp SW3 Config Mstp Region instance 3 vlan 20 30 SW3 Config Mstp Region instance 4 vlan 40 50 SW3 Config Mstp Region exit SW3 Config interface e 0 0 1 7 SW3 Config Port Range switchport mode trunk SW3 Config Port Range exit SW3 Config spanning tree SW3 Config spanning tree mst 3 priority 0 SW4 SW4 Config vlan 20 SW4 Config Vlan20 exit SW4 Config vlan 30 SW4 Config Vlan30 exit SW4 Config vlan 40 SW4 Config Vlan40 exit SW4 Config vlan 50 SW4 Config Vlan50 exit SW4 Config spanning tree mst configuration SW4 Config Mstp Region name mstp SW4 Config Mstp Region instance 3 vlan 20 30 SW4 Config Mstp Region instance 4 vlan 40 50 SW4 Config Mstp Region exit SW4 Config interface e 0 0 1 7 SW4 Config Port Range switchport mode trunk SW4 Config Port Range exit SW4 Config spanning tree SW4 Config spanning tree mst 4 priority 0 After the above configuration Switch1 is the root bridge of the instance 0 of the entire network In the MSTP domain which Switch2 Switch3 and Switch4 belong to Switch2 is the domain root of the instance 0 Switch3 is the domain root of the instance 3 and Switch4 is the domain root of the instance 4 The traffic of VLAN 20 and VLAN 30 is sent through the topology of the instance 3 The traff
375. n be successfully set without taking effect Example Set Guest VLAN of port Ethernet0 0 3 as VLAN 10 Switch Config Ethernet0 0 3 dot1x guest vlan 10 dot1x macfilter enable Command dotix macfilter enable no dotix macfilter enable Function Enables the dotix address filter function in the switch the no dotix macfilter enable command disables the dotix address filter function Command mode Global configuration mode Default dotix address filter is disabled by default Usage guide When dotix address filter function is enabled the switch filters the authentication user by the MAC address Only the authentication request initialed by the users in the dotix address filter table is accepted Maipu Confidential amp Proprietary Information Page 289 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Enabling dotix address filter function for the switch Switch Config dot1x macfilter enable dot1x max req Command dotix max req count no dotlx max req Function Sets the number of EAP request MD5 frame to be sent before the switch re initials authentication on no supplicant response the no dotix max req command restores the default setting Parameters count is the times to re transfer EAP request MD5 frames the valid range is 1 to 10 Command mode Global configuration mode Default The default maximum for retransmission is 2 Usage guide The default value is recommended in setting the EAP
376. n the segment The command needs to ensure that the query intervalconfigurations of different switches in the same segment are consistent It is recommended to use the default value Example Switch config ip igmp snooping vlan 2 suppression query time 270 ip igmp snooping vlan static group Command ip igmp snooping vlan lt vianid gt static group lt multicast IPAddress interface ethernet port channel lt interfaceName gt no ip igmp snooping vlan vlanid static group multicast IPAddress interface ethernetlport channel lt interfaceName gt Function Set the IGMP Snooping static multicast group member function The no format of the command is used to cancel the function Parameter vlan id is the VLAN ID ranging from 1 4094 lt multicast ip addr gt is the multicast IP address lt interface name gt is the multicast group member port Command mode global mode Default By default there is no static multicast group Maipu Confidential amp Proprietary Information Page 243 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide When the added static multicast address exists and it is the dynamic address the static address covers the dynamic address Example Create one static mutlcast address 224 1 1 1 in VLAN100 and add port 0 0 6 to the group Switch Config ip igmp snooping vlan 100 static group 224 1 1 1 interface eth0 0 6 Delete the static multicast address 224 1 1 1 on VLAN 100
377. nable dot x enable Command dotix enable no dot1x enable Function Enable the 802 1x function on the switch globally and ports the no dotix enable command disables the 802 1x function Command mode Global configuration mode and Port Mode Default 802 1x function is not enabled in global configuration mode by default if 802 1x is enabled under global configuration mode 802 1x is not enabled for the ports by default Usage guide To perform the 802 1x authentication for the ports first enable the 802 1x function globally and then enable the 802 1x function on the corresponding port If the port is enabled with the MAC binding or it is the Trunk port the member of the port aggregation group you should disable the MAC binding or change the port to Access port cancel adding into the port aggregation group Otherwise the 802 1x function cannot be enabled on the port Example Enabling the 802 1x function of the switch and enable 802 1x for port0 0 12 Switch Config dot1x enable Switch Config interface Ethernet 0 0 12 Switch Config Ethernet0 0 12 dot1x enable dot1x guest vlan Command dotix guest vlan vlanid no dot1x guest vlan Function Set the guest vlan of the specified port the no dotix guest vlan command is used to delete the guest vlan Parameters vlanid the specified VLAN id ranging from 1 to 4094 Maipu Confidential amp Proprietary Information Page 288 of 472 MyPower S3026G POE AC Switch
378. nable Trap use snmp server enable traps command And remember to properly configure the target host IP address and community string for Trap use snmp server host command to ensure Trap message can be sent to the specified host If RMON function is required RMON must be enabled first use rmon enable command Use show snmp command to view the sent and received SNMP packets Use the show snmp status command to view SNMP configuration information Use debug snmp packet to enable SNMP debugging function and view the debug information Switch Upgrade MyPower S3026G POE AC provides the switch upgrade in two modes for users that is BootROM mode and TFTP upgrade and FTP upgrade in Shell mode BootROM Upgrade There are two methods for BootROM upgrade TFTP and FTP which can be selected at BootROM command settings Maipu Confidential amp Proprietary Information Page 99 of 472 MyPower S3026G POE AC Switch User Manual V1 0 cable connection Consol cable connection Typical topology for switch upgrade in BootROM mode The upgrade steps are listed below Step 1 As shown in the figure a PC is used as the console for the switch A console cable is used to connect PC to the management port on the switch The PC should have FTP TFTP server software installed and has the image file required for the upgrade Step 2 Press ctrl b on switch boot up until the switch enters BootROM monitor mo
379. naging a switch via telnet users should set the uplink port as a Super Trust port before enabling anti ARP scan function preventing the port from being shutdown because of receiving too many ARP messages After the anti ARP scan function is disabled this port will be reset to its default attribute that is Untrust port Monitoring and Debugging Information show anti arpscan trust ip port supertrust port prohibited lt ip port gt Command show anti arpscan trust lt jp port supertrust port gt prohibited ip port Maipu Confidential amp Proprietary Information Page 411 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Display the operation information of anti ARPscan function Parameters None Default Display whether all ports are trusted ports and whether they are closed If the port is closed display how long it has been closed Display all the trusted IP and disabled IP Command Mode Global Mode Usage guide Use show anti arpscan trust port if users only want to check trusted ports Example Check the operating state of anti ARPscan function after enabling it Switch Config show anti arpscan Total port 28 Name Port property beShut shutTime seconds Ethernet0 0 1 untrust 0 Ethernet0 0 2 untrust 0 Ethernet0 0 3 untrust 0 Ethernet0 0 4 untrust 132 Ethernet0 0 5 untrust Ethernet0 0 6 untrust Ethernet0 0 7 untrust Ethernet0 0 8 untrust Ethernet0 0 9 untrust
380. name of 21 24 ports is assigned with Server because they are connected to the server In this way the port distribution state is clear Example Specify the name of 0 0 1 8 port as financial Switch Config interface ethernet 0 0 1 8 Switch Config Port Range name financial shutdown Command shutdown no shutdown Function Shut down the specified Ethernet port the no shutdown command opens the port Command mode Port Mode Default status Ethernet port is open by default Usage guide When Ethernet port is shut down no data frames are sent in the port and the port status displayed when the user types the show interface command is down Example Open ports0 0 1 8 Switch Config interface ethernet 0 0 1 8 Switch Config Port Range no shutdown virtual cable test Command virtual cable test Function Test the link of the twisted pair cable connected to the Ethernet port The returned information may include well short open fail If the test information is not well the location of the error will be displayed the distance in meters away from the port Command mode Port Mode Default status No link test Maipu Confidential amp Proprietary Information Page 157 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide The RJ 45 port connected with the twisted pair under test should be in accordance with the wiring sequence rules of IEEE802 3 Otherwise the wire pairs in the test
381. named extended MAC access list exit Exit the configuration mode of the named extended MAC access list H Configure one numbered extended MAC IP access list Command Explanation Global mode access list lt num gt deny permit any source mac host source mac lt host_smac gt smac smac mask any destination mac 4host destination mac host dmac 4 lt dmac gt lt dmac mask gt icmp 4 source source wilacard any source host source source host ip destination destination wildcard gt any destination host destination lt destination host ip gt lt icmp type gt lt icmp code gt precedence precedence tos lt tos gt time range lt time range name gt Create one mac icmp numbered extended mac ip access rule If the numbered extended access list does not exist create the access list Maipu Confidential amp Proprietary Information Page 317 of 472 MyPower S3026G POE AC Switch User Manual V1 0 access list lt num gt deny permit any source mac host source mac lt host_smac gt smac smac mask any destination mac 4host destination mac host dmac lt dmac gt lt dmac mask gt igmp 4 source source wilacard any source host source lt source host ip gt destination destination wildcard gt any destination host destination lt destination host ip gt igmp
382. nction Switch Config logging on Related command logging host logging buffered logging console logging monitor show logging buffered logging source Command logging source anti attack default m shell sys event channel console logbuff loghost monitor level critical debugging notifications warnings state on off no logging source anti_attackldefaultlm_shelllsys_event channel consolellogbuffl loghostlmonitor Function This command is used to add delete filtering records to log output channel Parameter anti_attack means to permit the anti attack event to output log message m_shell means to allow shell module to output log information Maipu Confidential amp Proprietary Information Page 123 of 472 MyPower S3026G POE AC Switch User Manual V1 0 sys event means to allow system important events to output log information including port up down and topology change default means to allow all modules to output log information channel console logbuff loghost monitor is the output channel name to be set that is console monitor logbuff amd loghost level critical debugging notifications warnings is the critical level threshold of log information The information with a lower level cannot be output state on off The status of the filtering item is open close Critical level information of log information is as follows critical critical information debugging information ge
383. nction Enable the function of loopback detection control on a port the no operation of this command disables the function Parameters shutdown set the control method as shutdown which means to close down the port if a port loopback is found block set the control method as block which means to block a port by allowing bpdu and loopback detection packets only if a port loopback is found learning disable the control method of learning MAC addresses on the port not forwarding traffic and delete the MAC address of the port Trap The port only sends the trap information Default Disable the function of loopback detection control Command Mode Port Mode Usage guide If there is any loopback and after enabling control operation on the port the port cancels the operation after some time Usually the time is first 2s before sending next detection packet Therefore when enabling the loopback detection control function on one port try to configure the detection interval long so as to prevent the port from performing the control operation repeatedly If the control method is block the corresponding relationship between instance and vlan id should be set manually by users Example Enable the function of loopback detection control under port0 0 2 mode Switch Config interface ethernet 0 0 2 Switch Config Ethernet0 0 2 loopback detection control shutdown Switch Config Ethernet0 0 2 no loopback detection control Maipu Confidential
384. nd no am mac ip pool mac address deletes the configured MAC IP address on the ip address interface 4 Delete all address pools Command Explanation Global Mode Delete all MAC IP address pools or IP address ho small tippeol mas Ip peets pools configured by the user AM Configuration Commands am enable Command am enable no am enable Function Enable the access control function When executing the am enable command the AM function of the port is enabled and the AM Maipu Confidential amp Proprietary Information Page 345 of 472 MyPower S3026G POE AC Switch User Manual V1 0 module denies all IP packets to pass The no format of the command disables the AM function and clears the IP address pool and MAC IP address pool Parameter none Command mode Global mode Default status By default the AM function is disabled Usage guide After the AM function is enabled on the port or globally all IP packets prohibited by the switch need the user to configure the IP address or MAC IP address on the port manually so that the users can intercommunicate with each other When AM is disabled delete all addresses configured by the user Example Enable AM Switch Config am enable am port Command am port no am port Function Enable or disable the AM function on the physical port Parameter none Command mode Port mode Default status The AM function is disabled on the port
385. nds the packet to the RADIUS server If authentication information is missing from the authentication server AAA authentication request will need to be re transmitted to the authentication server If AAA request retransmission count reaches the retransmission time threshold without the server responding the server will be considered to as not work the switch sets the server as invalid Example Setting the RADIUS authentication packet retransmission time to five times Switch Config radius server retransmit 5 radius server timeout Command radius server timeout seconds no radius server timeout Function Configures the timeout timer for RADIUS server the no radius server timeout command restores the default setting Maipu Confidential amp Proprietary Information Page 299 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters seconds is the timer value second for RADIUS server timeout and the valid range is 1 to 1000 Command mode Global configuration mode Default The default value is 3 seconds Usage guide This command specifies the interval for the switch to wait for the RADIUS server response The switch waits for corresponding response packets after sending RADIUS Server request packets If RADIUS server response is not received in the specified waiting time the switch resends the request packet or sets the server as invalid according to the current conditions Example Set the RADIUS aut
386. nected to 20 1 1 1 login 123 password Switch Example 2 The switch configures the host name of the remote Switch with IP address 20 1 1 1 as aa and telnets the remote host via the host name Switch config Switch Config ip host aa 20 1 1 1 Switch Config exit Maipu Confidential amp Proprietary Information Page 64 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch telnet aa 23 Trying 20 1 1 1 Service port is 23 Connected to 20 1 1 1 login 123 password Switch Related command ip host 4 telnet server enable Command telnet server enable no telnet server enable Function Enable the Telnet server function in the switch the no telnet server enable command disables the Telnet server function of the switch Default status Telnet server function is enabled by default Command mode Global Configuration Mode Usage guide This command can be used in Console only The administrator can use this command to permit or forbid the Telnet client to login to the switch Example Disable the Telnet server function of the switch Switch Config no telnet server enable 5 telnet server securityip Command telnet server securityip ip addr no telnet server securityip ip addr Function Configure the secure IP address of Telnet client that the switch as Telnet server can log into The no format of the command is used to delete the secure IP address of the specified Telnet client Para
387. nel Switch show logging buffered 20 eese se sese Logbuff Channel 7 He k k k k k k kk LLLI Channel ID 3 channel name logbuff State On Allowed max messages 100 Dropped messages 0 Current messages 0 Filter Items Module State Servirity Driver On debugging Maipu Confidential amp Proprietary Information Page 126 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Msgs 1 IFNET 5 UPDOWN Line protocol on interface GigabitEthernet0 1 1 changed state to UP 2 EXEC 5 LOGIN Console login from ConsoleO Related command logging on show channel logbuff show logging lastFailureInfo Command show logging lastFailureInfo Function Display the abnormal information recorded in the flash Command mode admin mode Example Switch show logging lastFailureInfo Related command erase logging lastFailureInfo erase logging lastFailureInfo Command erase logging lastFailureInfo Function Erase the abnormal information recorded in the flash Command mode admin mode Example Switch erase logging lastFailureInfo Related command show logging lastFailureInfo System Log troubleshooting Check the following causes if any problem happens when using the system log Check if the global log switch is on Use the show channel command in the privileged mode to check the state of each channel and the state of the modules in filter items Maipu Confidential amp Proprietary Information Page 127 of 472 MyPower S3026G
388. nerated during debugging notifications normal but important information warnings warning information Command mode Global mode Default status By default add filtering records to log output channel and the critical level threshold is debugging Usage guide This command can be used to configure the filtering information of log output channel for modules For example output the log information of Driver module to any output direction The log information of Driver module whose level is higher than warning can be output to log host the log information whose level is higher than international can be output to log buffer At the same time you can set the alarm information of Driver module to be sent to specified alarm host You only need to perform the filtering settings in the above corresponding channel Besides you can delete a filtering item through the corresponding no command Note that at present source has only two modules for choosing One is m shell that is monitor all configuration commands and the log level is notifications The other is sys event that is monitor all system events including port up down stp topology change and aggregation port status change The log level is warnings Example Set the log information of shell module in loghost channel to be opened and allow the highest level of output information to be notifications Set the log information of shell module in logbuff channel to be opened and allow
389. net0 0 1 switchport port security convert switchport port security lock Command switchport port security lock no switchport port security lock Function Lock the port After the port is locked the MAC address learning function is disabled the no operation of this command resets the MAC address learning function Command mode Port Configuration Mode Default status Ports are unlocked Usage guide Ports can only be locked after the MAC address binding function is enabled When a port becomes locked its MAC learning function is disabled Example Lock port 1 Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport port security lock switchport port security timeout Command switchport port security timeout va lue no switchport port security timeout Function Set the timer for port locking the no switchport port security timeout command restores the default setting Maipu Confidential amp Proprietary Information Page 180 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter value is the timeout value and the valid range is O to 300s Command mode Port configuration mode Default status Port locking timer is not enabled by default Usage guide The port locking timer function is a dynamic MAC address locking function MAC address locking and conversion of dynamic MAC entries to secure address entries are performed on locking timer timeout The MAC address binding fun
390. network for the user whose unique ID is 00 10 5a 60 af 12 Switch dhcp 1 config client name network default router Command default router address1 address2 address8 no default router b Function Configure default gateway s for DHCP clients the default router command deletes the default gateway no Parameters lt addressi gt lt address8 gt are IP addresses in dotted decimal format Default No default gateway is configured for DHCP clients by default Command Mode DHCP Address Pool Mode Usage guide The IP address of default gateway s should be in the same subnet segment as the DHCP client IP the switch supports up to 8 gateway addresses The gateway address assigned first has the highest priority and therefore address1 has the highest priority and address2 has the second and so on Example Configuring the default gateway for DHCP clients to be 10 1 128 2 and 10 1 128 100 Switch dhcp 1 config default router 10 1 128 2 10 1 128 100 dns server Command dns server address1 address2 address8 no dns server Function Configure DNS servers for DHCP clients the no dns server command deletes the DNS server Parameters lt addressi gt lt address8 gt are IP addresses in dotted decimal format Default No DNS server is configured for DHCP clients by default Maipu Confidential amp Proprietary Information Page 368 of 472 MyPower S3026G POE AC Switch User M
391. new RSA host key for SSH server Parameter modulus is the modulus which is used to compute the host key valid range is 768 to 2048 The default value is 1024 Command mode Global Configuration Mode Default status The system uses the key generated when the ssh server is started at the first time Usage guide This command is used to generate the new host key When SSH client logs on the server the new host key is used for authentication After the new host key is generated and write command is used to save the configuration the system uses this key for authentication all the time Because it takes quite a long time to compute the new key and some clients are not compatible with the key generated by the modulus 2048 it is recommended to use the key which is generated by the default modulus 1024 Example Generate new host key Switch Config ssh server host key create rsa gt monitor Command monitor no monitor Maipu Confidential amp Proprietary Information Page 69 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable the debug information of the SSH client and disable the function of displaying the debug information on the console The no format of the command is used to disable the debug information of the SSH client and enable the function of displaying the debug information on the console Command mode Admin Mode Usage guide If enabling the debug information when SSH client accesses the switc
392. new group the no form of this command deletes this group Command mode Global Configuration Mode Parameter lt group string gt group name which includes 1 32 characters NoauthNopriv Applies the non authentication and non encryption safety level AuthNopriv Applies the authentication but non encryption safety level AuthPriv Applies the authentication and encryption safety level read string Name of readable view which includes 1 32 characters Maipu Confidential amp Proprietary Information Page 90 of 472 MyPower S3026G POE AC Switch User Manual V1 0 write string Name of writable view which includes 1 32 characters notify string Name of trappable view which includes 1 32 characters Usage guide There is a default view videfaultviewname in the system It is recommended to use this view as the view name of the notification If the read or write view name is empty corresponding operation will be disabled Example Create a group CompanyGroup with the safety level of authentication and encryption the read viewname is readview and the writing is disabled Switch Config snmp server group TestGroup AuthPriv read readview Delete the group Switch Config no snmp server group TestGroup AuthPriv snmp server view Command snmp server view view string gt lt oid string gt include exclude no snmp server view lt view string gt Function This command is used to create or update the view information the no form
393. nfigured upon switch shipment Command mode VLAN Interface Mode Usage guide A VLAN interface must be created first before the user can assign an IP address to the switch Example Set 10 1 128 1 24 as the IP address of VLAN1 interface Switch Config interface vlan 1 Switch Config If Vlan1 ip address 10 1 128 1 255 255 255 0 Switch Config If Vlan1 no shut Switch Config If Vlan 1 exit Switch Config Related command ip bootp client enable ip dhcp client enable ip bootp client enable Command ip bootp client enable no ip bootp client enable Function Enable the switch to be a DHCP client and obtain IP address and gateway address through DHCP negotiation the no ip dhcp client enable command disables the DHCP client function and releases the IP address and gateway address obtained in DHCP Default status the DHCP client function is disabled by default Command mode VLAN Interface Mode Usage guide Obtaining IP address by DHCP Manual configuration and BootP are mutually exclusive enabling any 2 methods for obtaining an IP address is not allowed To get the IP address there should be DHCP Server on the network Besides if the cluster network management Maipu Confidential amp Proprietary Information Page 81 of 472 MyPower S3026G POE AC Switch User Manual V1 0 function is enable in VLAN and the switch enters the cluster the BootP Client function cannot be enabled on the L3 interface of the VLAN Example
394. ng the user name and password return to the menu of configuring the Telnet server Select 1 in the Telnet server configuration menu press Enter and the following screen appears Enable switch telnet server or no y n y To enable the Telnet service input y or press Enter If the user does not need to enable Telnet service input n and press Enter And then return to the menu of configuring the Telnet server If selecting 2 in the Telnet server configuration menu return to the Setup main menu Maipu Confidential amp Proprietary Information Page 29 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Configure Web Server Select 3 in the Setup main menu press Enter to start configuring the Web server and the follow appears Configure web server 0 Add webuser 1 Config web server status 2 Exit Selection number Select 0 in the Web server configuration menu press Enter and the following screen appears Please input the new web user name Note the valid username length is 1 to 16 characters When the user enters a valid username and presses Enter the following screen appears Please input the new web user password Note The valid password length is 1 to 8 characters After configuring the username and password return to the Web server configuration menu Select 1 in the Web server configuration menu press Enter and the following screen appears Enable switch web server or no y
395. ng table according to the listening result and can then decide the forwarding of the multicast packets according to the forwarding table The switch realizes IGMP Snooping and supports IGMP v3 so that the user can adopt the switch to realize the IP multicast IGMP Snooping Configuration IGMP Snooping Confgiuration Task List 1 Enabke the IGMP Snooping function 2 Configure IGMP Snooping 1 Enable the IGMP Snooping function Command Explanation Global Mode ip igmp snooping Enable IGMP Snooping The no Maipu Confidential amp Proprietary Information Page 235 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no ip igmp snooping operation disables the IGMP Snooping function 2 Configure IGMP Snooping Command Explanation Global Mode ip igmp snooping vlan v an d no ip igmp snooping vlan lt V an id gt Enable IGMP Snooping for specified VLAN The no operation disables IGMP Snooping for specified VLAN ip igmp snooping vlan lt v an d limit group g imit source s imit no ip igmp snooping vlan lt v an d gt limit Set the maximum number of the groups to which IGMP snooping can be added and the maximum number of the sources in each group The no format of the command restores the default value ip igmp snooping vlan lt v an d 2 general querier no ip igmp snooping vlan lt vlan id gt 2 general querier Set the vlan to L2 gener
396. nline max lt max wattage gt no power inline max Set the max output power on specified ports 7 Set the power priority on specified ports Maipu Confidential amp Proprietary Information Page 463 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Port Mode jeu inline priority critical high Set the power priority on specified ports POE Configuration Commands power inline enable Global Command power inline enable no power inline enable Function Enable disable global PoE Parameters None Command Mode Global Mode Default Global PoE is enabled Usage guide With PoE globally disabled there would be no power output no matter what the power state of a specified port is Example Globally disable PoE Switch Config no power inline enable power inline max Global Command power inline max lt max wattage gt no power inline max Function Set the global max output power of PoE Parameters max wattage value of the max output power in the unit of W the granularity is 1W Any integer from 37 to 180 is valid Command Global Mode Default The global max output power is 180W Usage guide Setting a global max output power can guarantee a secure power supply and an effective method to control the power consumed by connected subordinate devices Example Set the global max output power to 50W Switch Config power inline max
397. no ip dhcp excluded address lt low address gt high address Function Specifies addresses excluding from dynamic assignment the no ip dhcp excluded address ow address high address command cancels the setting Parameters lt ow address gt is the starting IP address lt high address gt is the ending IP address Default Only individual address is excluded by default Command mode Global Configuration Mode Usage guide This command can be used to exclude one or several consecutive addresses in the pool so that those addresses can be used by the administrator for other purposes Example Reserving addresses from 10 1 128 1 to 10 1 128 10 They will not be dynamically assigned Switch Config ip dhcp excluded address 10 1 128 1 10 1 128 10 ip dhcp pool Command ip dhcp pool lt name gt no ip dhcp pool lt name gt Function Configure a DHCP address pool and enter the pool mode the no ip dhcp pool name command deletes the specified address pool Maipu Confidential amp Proprietary Information Page 371 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters lt name gt is the address pool name up to 32 characters are allowed Command mode Global Configuration Mode Usage guide This command is used to configure a DHCP address pool under Global Configuration Mode and enter the DHCP address configuration mode Example Defining an address pool named 1 Switch Config ip dhc
398. not only distributing IP addresses dynamically but also binding IP addresses manually that is specify a fixed long term IP address to a network device with the specified hardware address or specified device ID The difference and relation between distributing IP addresses dynamically and binding IP address manually are 1 IP address obtained dynamically can be unfixed IP address bound manually must be fixed 2 The lease period of IP address obtained dynamically is the same as the lease period of the address pool and is limited the lease period of the IP address bound manually is theoretically endless 3 The address distributed dynamically cannot be bound manually 4 Manual DHCP address pool can inherit the network configuration parameters of the dynamic DHCP address pool of the related segment Configure DHCP Server DHCP Server Configuration Task List 1 Enable Disable DHCP server 2 Configure DHCP address pool A Create Delete DHCP address pool B Configure dynamic DHCP address pool parameters C Configure manual DHCP address pool parameters 3 Enable the logging function for recording address conflicts 4 Configure the number of the sent ping packets and timeout Maipu Confidential amp Proprietary Information Page 364 of 472 MyPower S3026G POE AC Switch User Manual V1 0 1 Enable Disable DHCP service Command Explanation Global Mode service dhcp Enable the DHCP server function no service dhcp
399. noticeable that after enabling source control globally all multicast packets are discarded by default All source control configuration can not be processed until source control is enabled globally while source control can not be disabled until all configured rules are disabled no ip multicast source control mandatory The next is to configure the rule of source control It is configured in the same manner as ACL and uses ACL number of 5000 5099 Each rule number can be used to configure 10 rules It is noticeable that these rules are ordered the front one is the one which is configured the earliest Once the configured rules are matched the following rules do not take effect so the rules of globally allow must be put at the end The commands are as follows Command Explanation Global Configuration Mode no access list 5000 5099 deny permit ip source lt source wildcard gt host source source host ip any source destination lt destination wildcard gt host destination lt destination host ip gt any destination The rule used to configure source control This rule does not take effect until it is applied to specified port The NO form of the command can delete specified rule The last is to configure the configured rule to the specified port Note If the configured rules occupy the entries of the hardware configuring too many rules results in configur
400. nt Add more technical information Include images Make it less technical Add more detail Improve index If you wish to be contacted complete the following Name Company Postcode Address Telephone E mail Maipu Confidential amp Proprietary Information Page 3 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Contents Production Introduction 1 eeeeee eiie ee esee nan naa anna nana nan 12 eI ee es 12 About the PrOdUCt ieccceisccsdeececwtersueceanee cee stanececccentcnecsanbeedeiseececsccunssecsentsnccsentsecrineecnectennstedeenes 12 FeatUleS aeisi resans E K MS 12 Main FeatUreS iiipin sinipa ie TEA ianacges rnin RAE NES ieee aE Eine EES aA ASi Gaiei 15 Technical Specifications tre iniii iiidid iiidid iiini 16 Physical Specifications unen pna a t ni Fen He FREE HERE FEERYRR IAEA ERE SAFRRRER IAEA FR PG 17 Product Appearance iine oRx koX a eaa rk aduer deese dedere dee d dene ra de adel 17 Front Panel inae prinia oti inre penu hup kn RR REX RRERRR RRRRRRRYERYRRRRYYRARRRRR Y RXR E RRR KRARRRRN X RR RR RR RRXRR R3 YR YR AE 17 Back Panel eruere ipe nhat caus Rn RR YR tees aan sna ands snes YRRRRRXRRR YR RYRRRRR RE nes RYE cade A YR YR Rad S 17 lpRH H U UBEEMRUER RAAEETWWMWWIMIEEIUUUIMARMEMET 18 Hardware Installation 2 eeeeeee senes ee nana nan nan nan nau nana nan 19 RI cWbiuucc
401. o another combo port it is recommended for both parties to use copper forced or fiber forced mode 2 This command cannot be used in 100M fiber cable port mode speed duplex force100 fx 3 Run the show interface command under Admin Mode to check the active port of a combo port The following result indicates that the active port for a combo port is the fiber cable port It indicates that the active port of the combo port is fiber or copper Example Set ports 0 0 25 0 0 26 to fiber forced Page 154 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config interface ethernet 0 0 51 0 0 52 Switch Config Port Range combo forced mode sfp forced flow control Command flow control no flow control Function Enable the flow control function for the port the no flow control command disables the flow control function for the port Command mode Port Mode Default status Port flow control is disabled by default Usage guide After the flow control function is enabled the port notifies the sending device to slow down the sending speed to prevent packet loss when traffic received exceeds the capacity of port cache Ports support back pressure based IEEE802 3X flow control the ports work in half duplex mode supporting back pressure flow control Note When enable the port flow control function speed and duplex mode of both ends should be the same Example Enable the flow control function in portsO 0 1 8
402. o command deletes the limited resources 2 Configure the attributes of the access control unit A Configure port authorization status Maipu Confidential amp Proprietary Information Page 282 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Port Mode dotix port control auto force authorized force unauthorized no dotix port control Set the 802 1x authorization status of the port the no command restores the default setting B Configure the access control mode of the port Command Explanation Port Mode dotix port method macbased portbased userbased standard advanced no dotix port method Set the access control mode of the port the no command restores the user based advanced access control mode dotix max user macbased number no dotix max user macbased Set the maximum users that can be connected to the specified port when the port access control mode is macbased The no format of the command restores the default value 1 dotix max user userbased number no dotix max user userbased Set the maximum users that can be connected to the specified port when the port access control mode is userbased The no format of the command restores the default value 10 dotix guest vlan lt v anID gt no dotix guest vlan vlan Set the guest vlan of the specified port The no format of the command deletes guest C
403. o secure the switch security and prevent malicious actions from unauthorized users the time is counted from the last configuration the admin had made and the system exits the admin mode at due time It is required to enter admin code and password to enter the admin mode again The timeout timer is disabled when the timeout is set to 0 Example Set the admin mode timeout value to 6 minutes Switch config exec timeout 6 exit Command exit Function Quit current mode and return to its previous mode Use the command in the global configuration mode to return to the admin mode or use the command in the admin mode to return to the user mode Command mode All Modes Example Switch exit Switch gt Maipu Confidential amp Proprietary Information Page 53 of 472 MyPower S3026G POE AC Switch User Manual V1 0 help Command help Function Output brief description of the command interpreter help system Command mode All configuration modes Usage guide The switch provides instant online help Help command displays information about the whole help system including complete help and partial help The user can type in any time to get online help Example Switch gt help enable Enable Privileged mode exit Exit telnet session help help show Show running system information ip host Command ip host hostname ip addr no ip host hostname Function Set the mapping relationship between the host an
404. o such login user the user login ID and password may be wrong and should be verified and input again When the access control mode of one port is userbased advanced and the static user is configured on the RADIUS server but not delivered to the switch use the ip user helper address command to check whether the RADIUS server is configured correctly then check whether the static user is configured on the port in the RADIUS server and at last use the show dotix interface command to check the delivering of the static user Maipu Confidential amp Proprietary Information Page 310 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ACL Configuration Introduction to ACL ACL Access Control List is an IP packet filtering mechanism employed in switches providing network traffic control by permitting or denying the access for the switches and effectively ensuring the security of networks The user can lay down a set of rules according to the specified information in the packet Each rule describes the action for a packet with certain information matched permit or deny The user can apply such rules to the incoming direction of switch ports so that data flow at the ingress direction of the specified switch ports must enter the switch according to the specified ACL rules Access list Access list is a sequential sentence set and each sentence corresponds to a specific rule Each rule consists of filtering information and
405. o the default VLAN1 PC3 and PC4 on port 12 receive the message sent by PC1 but PC4 does not reply as the destination MAC address is 00 01 33 33 33 33 only PC3 replies to PC1 When port 12 receives the message sent by PC3 a mapping entry for MAC address 00 01 33 33 33 33 and port 12 is added to the MAC table Now the MAC table has two dynamic entries MAC address 00 01 11 11 11 11 port 5 and 00 01 33 33 33 33 port 12 After the communication between PC1 and PC3 the switch does not receive any message sent from PC1 and PC3 And the MAC address mapping entries in the MAC table are deleted after 300 seconds The 300 Maipu Confidential amp Proprietary Information Page 171 of 472 MyPower S3026G POE AC Switch User Manual V1 0 seconds here is the default aging time for MAC address entry in switch Aging time can be modified in switch Forward or Filter The switch forwards or filters received data frames according to the MAC table Take the above figure as an example assuming the switch has learnt the MAC address of PC1 and PC3 and the user has manually configured the mapping relationship for PC2 and PC4 to ports The MAC table of switch is MAC Address Port number Entry added by 00 01 11 11 11 11 5 Dynamic 00 01 22 22 22 22 5 Static 00 01 33 33 33 33 12 Dynamic 00 01 44 44 44 44 12 Static 1 Forward data according to the MAC table If PC1 sends a message to PC3 the switch forwards the data
406. ocols including ICMP TCP AND UDP list source host ip source No of source network or source host of packet delivery Numbers of 32 bit binary system with dotted decimal notation expression host means the address is the IP address of source host otherwise the IP address of network source wildcard reverse of the source IP the number of 32 bit binary system expressed by decimal s numbers with four point separated reverse mask destination host ip destination No of destination network or host to which packets are delivered Numbers of 32 bit binary system with dotted decimal notation expression host means the address is the destination host address otherwise the network IP address destination wildcard mask of destination I Numbers of 32 bit binary system expressed by decimal s numbers with four point separated reverse mask s port optional means the need to match TCP UDP source port porti optional value of TCP UDP source interface No Interface No is an integer from 0 65535 d port optional means need to match TCP UDP destination interface port3 optional value of TCP UDP destination interface No Interface No is an integer from 0 65535 ack fin psh rst urg syn optional only for TCP protocol multi choices of tag positions are available and when TCP data reports the configuration of corresponding position then initialization of TCP data report is enabled to form a match when in connection precedence option
407. ode h node m node p node lt type number gt no netbios node type Function Sets the node type for the DHCP client the no netbios node type command cancels the setting Parameters b node stands for broadcasting node h node for hybrid node that broadcasts after point to point communication m node for Maipu Confidential amp Proprietary Information Page 374 of 472 MyPower S3026G POE AC Switch User Manual V1 0 hybrid node to communicate in point to point after broadcast p node for point to point node lt type number gt is the node type in Hex from O to FF Default No node type is specified for the client Command Mode DHCP Address Pool Mode Usage guide If client node type is to be specified it is recommended to set the client node type to h node that broadcasts after point to point communication Example Setting the node type for client of pool 1 to broadcasting node Switch dhcp 1 config ffnetbios node type b node network address Command network address network number lt mask gt prefix length no network address Function Set the range of the addresses that can be distributed in the pool the no network address command cancels the setting Parameters network number is the network number mask is the mask in the dotted decimal format prefix length stands for mask in prefix form For example mask 255 255 255 0 in prefix is 24 and mask 255 255 255 252 in prefix is 3
408. of 472 MyPower S3026G POE AC Switch User Manual V1 0 DHCP Snooping Configuration DHCP Snooping Configuration Task list 1 2 10 11 12 Enable DHCP Snooping Enable DHCP Snooping binding function Enable DHCP Snooping binding ARP function Configure helper server address Set trusted ports Enable DHCP Snooping binding DOT1X function Enable DHCP Snooping binding USER function Add static entry function Set defense actions Enable DHCP Snooping option82 function Enable debug Set log recording Enable DHCP Snooping Command Explanation Globe mode Ip dhcp snooping enable Enable or disable the DHCP snooping no Ip dhcp snooping enable function 2 Enable DHCP Snooping binding Command Explanation Globe mode Ip dhcp snooping binding enable Enable or disable the DHCP snooping no Ip dhcp snooping binding enable binding function 3i Set helper server address Command Explanation Globe mode ip user helper address A B C D port lt udpport gt source pAddr secondary Set or delete helper server address no Ip user helper address secondary Maipu Confidential amp Proprietary Information Page 385 of 472 MyPower S3026G POE AC Switch User Manual V1 0 4 Enable DHCP Snooping binding ARP function Command Explanation Globe mode Ip dhcp snooping binding arp no Ip dhcp snooping binding arp Enable or disabl
409. of MSTP 6 Configure the MSTP format 7 Configure MSTP to use the peer authentication key 8 Configure the refresh mode once MSTP topology changes 1 Enable MSTP and set the running mode Command Explanation Global Mode and Port Mode spanning tree no spanning tree Enable Disable MSTP Global mode spanning tree mode mstp stp no spanning tree mode Set the MSTP running mode Port Mode spanning tree mcheck Force the port to migrate to run under MSTP 2 Configure instance parameters Command Explanation Global Mode spanning tree mst lt instance id gt priority lt bridge priority gt no spanning tree mst nstance id priority Set the bridge priority for specified instance Port Mode spanning tree mst lt nstance id gt cost cost no spanning tree mst nstance id cost Set the port path cost for specified instance spanning tree mst lt nstance id gt port priority lt port priority gt no spanning tree mst lt nstance id gt port priority Set the port priority for specified instance spanning tree mst lt instance id gt rootguard no spanning tree mst lt instance id gt rootguard Configure whether the current port runs rootguard in specified instance and configure the rootguard port can t turn to root port 3 Configure MSTP domain parameters Command Explanation Global Mode spanning tre
410. of MSTP Command Explanation Port Mode spanning tree link type p2p auto force true force false no spanning tree link type Set the port link type spanning tree portfast default spanning tree portfast bpdufilter spanning tree portfast bpduguard no spanning tree portfast Set and cancel the port to be an boundary port bpdufilter means receiving the BPDU discarding bpduguard means receiving the BPDU disabling port no parameter means receiving the BPDU turns to a non boundary port 6 Configure the MSTP format Command Explanation Port Mode spanning tree format standard spanning tree format privacy spanning tree format auto no spanning tree format Configure the port format the standard format is provided by IEEE privacy is the private format and auto means the format is determined by identifying the peer format automatically which is the default format Before receiving the peer format use the default format 7 Configure the snooping attribute of the authentication key Command Explanation Port Mode Maipu Confidential amp Proprietary Information Page 211 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Set the port to use the authentication string of the peer port Because Some manufacturers do not use the standard key to intercommunicate with the devices of the manufacturers in the domain we record the peer authentication word
411. of this command deletes the view information Command mode Global Configuration Mode Parameter lt view string gt view name containing 1 32 characters lt oid string gt is OID number or corresponding node name containing 1 255 characters include exclude include exclude this OID Usage guide The command supports not only the input using the character string of the variable OID as parameter But also supports the input using the node name of the parameter Example Create a view with the name is readview It includes iso node but does not include the iso 3 node Switch Config snmp server view readview iso include Switch Config snmp server view readview iso 3 exclude Delete the view Switch Config no snmp server view readview snmp server host Maipu Confidential amp Proprietary Information Page 91 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command snmp server host host address v1 v2c v3 NoauthNopriv AuthNopriv AuthPriv lt user string gt no snmp server host lt host address gt v1lv2cl v3 NoauthNoprivlAuthNopriv AuthPriv lt user string gt Function As for the vi v2c versions this command configures the IP address and Trap community character string of the network manage station receiving the SNMP Trap message And for v3 version this command is used for receiving the network manage station IP address and the Trap user name and safety level the no form of this co
412. ol rule It is similar to source control except to use ACL No of 6000 7999 Command Explanation Global Configuration Mode no access list lt 6000 7999 gt deny permit ip lt source gt lt source wildcard gt host source lt source host ip gt any source lt destination gt Configure the rule used by the destination control This rule does not take effect until it is applied to source IP lt destination wildcard gt host destination lt destination host ip gt any destination or VLAN MAC and port The NO form of the command can delete specified rule The last is to configure the rule to specified source IP source VLAN MAC or specified port It is noticeable that due to the above situations these rules cannot be used globally until IGMP SNOOPING is enabled If IGMP SNOOPING is not enabled only the source IP rules can be used in IGMP protocol If the source IP VLAN MAC and specified port rules match the packets according to the order of VLAN MAC source IP and specified port The configuration commands are as follows Command Explanation Port Configuration Mode no ip multicast destination control access group 6000 7999 Configure the rules used by the destination control to the port The NO form of the command cancels the configuration Global Configuration Mode no ip multicast destination control 7 4094 lt macadadr gt access group 6000 7999
413. om 100 to 240 VAC 50 60Hz gt Make sure that the switch is safely grounded which can prevent electrostatic damage to the device and potential dangers to people Avoid direct exposure to sunlight and keep the switch away from heat sources and strong electromagnetic interference sources gt The switch must be stably mounted to a standard 19 rack or placed on a desktop Dust Free Environment Dust is harmful for the operation of the switch Dust causes electrostatic absorption which makes the poor contact of metal pieces Electrostatic absorption appears especially when the temperature and humidity are lower which affects the device life and causes communication fault The Maipu Confidential amp Proprietary Information Page 19 of 472 MyPower S3026G POE AC Switch User Manual V1 0 recommended values of dust content and particle diameter of the switch s working environment are listed below Maximum diameter um 0 5 1 3 5 Max Diameter particles 1 4x10 7x10 2 4x10 1 3x10 m Other than dust the content of salt acid and sulfide in the air should also be restricted to meet the requirements of switch s working environment Such harmful gases will aggravate metal corrosion and the aging of some parts The working environment should be free of harmful gases like SO2 H2S NO2 NH3 and Cl2 and etc The table below demonstrates the recommended threshold of those gases
414. ommand deletes the named extended MAC access rule no deny permit any source mac host source mac host smac smac smac mask any destination mac host destination mac host dmac dmac dmac mask Y untagged 802 3 Create one MAC access rule matching untagged 802 3 frame type The no format of the command deletes the named extended MAC access rule no deny permit any source mac host source mac iost smac lt smac gt lt smac mask gt any destination mac 4host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tagged eth2 cos lt cos val gt lt cos bitmask gt vlanId lt vid value gt lt vid mask gt ethertype protocol lt protocol mask gt Create one MAC access rule matching the tagged Ethernet 2 frame type The no format of the command deletes the named extended MAC access rule no deny permit any source mac host source mac host smac smac smac mask any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tagged 802 3 cos lt cos val gt lt cos bitmask gt vlanId lt vid value lt vid mask gt Create one MAC access rule matching tagged 802 3 frame type The no format of the command deletes the named extended MAC access rule c Exit the configuration mode o the MAC access list Command Explanation Configuration mode of the
415. ommand Explanation snmp server view view string lt oid string gt Configure the view information of the switch include exclude This command is used for SNMP v3 no snmp server view lt View string gt 8 Configuring TRAP Command Explanation snmp server enable traps no snmp server enable traps Enable the switch to send Trap message This command is used for SNMP v1 v2 v3 snmp server host lt host address gt v1 v2c v3 NoauthNopriv AuthNopriv AuthPriv user string no snmp server host lt ost address gt v1 v2c v3 NoauthNopriv AuthNopriv AuthPriv user string gt Set the host IPv4 IPv6 address which is used to receive SNMP Trap information For SNMP v1 v2 this command also configures Trap community string for SNMP v3 this command also configures Trap user name and security level 9 Enable Disable RMON Command Explanation no rmon enable rmon enable Enable disable RMON SNMP Configuration Commands snmp server enable Command snmp server enable no snmp server enable Maipu Confidential amp Proprietary Information Page 87 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Enable the SNMP proxy server function on the switch The no snmp server enable command disables the SNMP proxy server function Command mode Global Configuration Mode Default status SNMP proxy server function is disabled by default
416. on If the router does not have the DHCP relay function it is recommended to replace the router or update the new version to make it have the DHCP relay function The user often encounters the phenomenon The DHCP client is connected to the switch but cannot get the IP address In such case check whether there is the address pool that is in the same segment as the switch VLAN interface in DHCP server If not add the address pool of the segment Maipu Confidential amp Proprietary Information Page 382 of 472 MyPower S3026G POE AC Switch User Manual V1 0 In DHCP service the pools for the IP addresses distributed dynamically and the IP address distributed manually are mutually exclusive that is if the commands network address and host run on a pool only one of them can take effect furthermore in the manual address pool only one IP MAC binding can be configured in one pool If multiple bindings are required multiple manual pools can be created and set the IP MAC binding for each pool Otherwise the new configuration in the same pool overwrites the previous configuration Maipu Confidential amp Proprietary Information Page 383 of 472 MyPower S3026G POE AC Switch User Manual V1 0 DHCP Snooping Configuration Introduction to DHCP Snooping DHCP Snooping can prevent the network attack of the fake DHCP server Defense against Fake DHCP Server once the switch intercepts the DHCP Server reply packets including DHCPO
417. on Page 128 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter password is the login password of the corresponding identity Command mode Common user mode Default status By default log in with admin identity Usage guide The system is configured with password If the user does not input password during login enable the interactive mode to query the password Example Enter the admin mode with visitor identity and the password is admin Method 1 SWITCH enable level visitor admin SWITCH Method 2 SWITCH enable level visitor Password lt input admin SWITCH enable password level Command enable password level visitor admin Function This command is used to specify the password for logging in to configuration mode Command mode Global mode Default status No password the current password is null Usage guide When configuring the command enable the interactive mode to query the current password and new password and confirm the new password The password can be null When the new password and confirmed new password are null it means to cancel the password of the login identity Example Set the login password of the visitor identity as admin switch config enable password level visitor Current password New password lt input admin Confirm new password lt input admin no enable password level Command no enabl
418. on mode arp guard ip lt addr gt no arp guard ip addr Configure delete ARP GUARD address ARP Guard Configuration Command arp guard ip Command arp guard ip lt addr gt no arp guard ip lt addr gt Function Add an ARP GUARD address Parameters addr is the protected IP address in dotted decimal format Default There is no ARP GUARD address by default Command Mode Port configuration mode Usage guide After configuring the ARP GUARD address the ARP packets received from the ports configured ARP GUARD will be filtered If the source IP addresses of the ARP packets match the ARP GUARD address configured on this port these packets will be judged as ARP cheating packets which will be directly dropped instead of being sent to the CPU of the switch or being forwarded 16 ARP GUARD addresses can be configured on each port Example Configure the ARP GUARD address 100 1 1 1 on port ethernet0 0 1 Switch Config interface ethernet0 0 1 Maipu Confidential amp Proprietary Information Page 402 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config Ethernet 0 0 1 arp guard ip 100 1 1 1 Maipu Confidential amp Proprietary Information Page 403 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Anti ARP Scanning Introduction to Anti ARP scanning ARP scanning is a common method of network attack In order to detect all the active hosts in a network segment the attack sourc
419. onfig Port Range exit Switch2 Config interface port channel 2 Switch2 Config If Port Channel2 Configuration result Shell prompts that ports aggregate successfully after a while now ports 49 50 and 51 of Switch 1 form an aggregation port named Port Channeli ports 49 50 and 51 of Switch 2 form an aggregation port named Port Channel2 you can configure them in the aggregation interface configuration mode Scenario 2 Configuring Port Channel in ON mode S2 Configuring Port Channel in ON mode As shown in the above figure ports 49 50 and 51 on Switch1 are access ports and belong to VLAN 1 Add the three ports to group1 in on mode Ports 49 50 and 51 of Switch 2 are trunk ports and allow all Add the three ports to group 2 in on mode The configuration steps are listed below Switchlsconfig Switch1 Config interface eth 0 0 49 Switch Config Ethernet0 0 49 port group 1 mode on Switch1 Config Ethernet0 0 49 exit Maipu Confidential amp Proprietary Information Page 356 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config interface eth 0 0 50 Switch Config Ethernet0 0 50 port group 1 mode on Switch1 Config Ethernet0 0 50 exit Switch Config interface eth 0 0 51 Switch Config Ethernet0 0 5 1 port group 1 mode on Switch1 Config Ethernet0 0 5 1 exit Switch2 config Switch2 Config port group 2 Switch2 Config interface eth 0 0 49 Switch2 Config Etherne
420. onnection mode HW Version The hardware version of the PoE module SW Version The software version of the PoE module Mode Power supply mode Signal power supply over signal cables Alternative A spare power supply over spare cables Alternative B Example Display the current global PoE status Switch show power inline Power Inline Status On Maipu Confidential amp Proprietary Information Page 469 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Power Available 180 W Power Used 0 W Power Remaining 180 W Min Voltage 44 V Max Voltage 57 V Police Off Legacy Off Disconnect Ac Mode Signal HW Version 30 SW Version 05 0 5 show power inline interface ethernet Command show power inline interface ethernet lt jnterface number interface name Function Display the PoE configuration and status on specified ports Parameters interface list a list of specified ports specifying all ports by default Command Mode Admin Mode Default None Usage guide The meaning of each field is listed in the following table Field Description Interface Ethernet port number Status Power supply status Enable Power supply enabled disable Power supply disabled Oper Working status on PD is normally connected and powered off PD is not connected faulty PD detection failed deny not enough available power or the required power is over the limit Power The power used b
421. ooping Troubleshooting Monitoring and Debugging Information show ip dhcp snooping Command show ip dhcp snooping interface ethernet lt interfaceName gt Function Display the current cofiguration information of DHCP snooping or display the records of defense actions of a specific port Parameters lt interfaceName gt The name of the specific port Command Mode Admin Mode Default Settings None Usage guide If no port is specified display the current cofiguration information of dhcp snooping otherwise display the records of defense actions of the specific port Example Switch show ip dhcp snooping DHCP Snooping is enabled DHCP Snooping binding arp disabled DHCP Snooping maxnum of action info 10 DHCP Snooping limit rate 100 pps switch ID 0003 0F12 3456 DHCP Snooping droped packets 0 discarded packets 0 DHCP Snooping alarm count 0 binding count 0 expired binding 0 request binding 0 interface trust action recovery alarm num bind num Ethernet0 0 1 trust none Osecond 0 0 Ethernet0 0 2 untrust none Osecond Ethernet0 0 3 untrust none Osecond Ethernet0 0 4 untrust none Osecond Ethernet0 0 5 untrust none Osecond Ethernet0 06 untrust none Osecond Ethernet0 07 untrust none Osecond Ethernet0 O8 untrust none Osecond Ethernet0 09 untrust none Osecond Ethernet0 010 untrust none Osecond Ethernet0 011 untrust none Osecond Ethernet0 012 untrust none Osecond Ethernet0 013 untrust none Osecond cOococooco
422. oot file to be boot rom Configuration file including start up configuration file and running configuration file The distinction between start up configuration file and running configuration file can facilitate the backup and update of the configurations Startup configuration file refers to the configuration sequence used in MyPower S3026G POE AC start up The startup configuration file of MyPower S3026G POE AC is stored in FLASH only corresponding to the so called configuration save To prevent illicit file upload and easier configuration MyPower S3026G POE AC mandates the name of start up configuration file to be startup config Running configuration file refers to the running configuration sequence use in the switch In MyPower S3026G POE AC the running configuration file stores in the RAM In the current version the running configuration sequence running config can be saved from the RAM to FLASH by write command or copy running config startup config command so that the running configuration sequence becomes the start up configuration file which is called configuration save To prevent illicit file upload and easier configuration MyPower S3026G POE AC mandates the name of running configuration file to be running config Factory configuration file The configuration file shipped with MyPower S3026G POE AC in the name of factory config Run set default and write and restart the switch factory configuration file is loaded to overwr
423. opied file or directory ascii is ASCII used by the file transmission binary is the binary standard used by the file transmission When lt src url gt is the FTP address the format is ftp username password Q ipadress filename Here username is the FTP user name password is the FTP user password ipadress is the IP address of the FTP server filename is the name of the file downloaded by FTP When src url is the TFTP address the format is tftp ipadress filename Here ipadress is the IP address of the TFTP server and filename is the name of the file downloaded by TFTP Special keywords used in filename Keywords Source or destination address startup config Boot configuration file nos img system file Maipu Confidential amp Proprietary Information Page 140 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default status None Command mode Admin Mode Usage guide The commander distributes the remote upgrade command to members causing the member to implement the remote upgrade and reboot If running the command on non command switch return error Example Upgrade the member switch remotely on the command switch The mem id of the member switch is 10 src url is ftp admin admin 192 168 1 1 nos img dst url is nos img Switch cluster update member 10 ftp admin admin 192 168 1 1 nos img nos img cluster holdtime Command cluster
424. or further debugging reference whenever an error occurs The no command disables the debugging Example Enable PoE debugging Switch debug power inline POE Troubleshooting When the global value of Power Remaining is less than 15W due to the power source protection mechanism the power supply to new PDs is cut off in first come first serve mode while the existing low priority devices are also disconnected in priority policy mode If the Power Remaining is over 15W such as 16W any newly connected device with a power no more than 15W can get its power supply normally without affecting other devices Such a power supply buffer of 15W is designed for power source protection and calls for special attention Maipu Confidential amp Proprietary Information Page 471 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The displayed value of Power might be over the value of Max This involves the relationship between the displayed power and the actual power For instance The power set on the port A represents the actual output PoE power The displayed power B represents the total power of the port total current x total voltage The power loss set on the port C represents power loss of the internal Sensor ohmic resistance MosFet etc Then B A C If the power is set as A 500mW according to the following table the compensating current is I 2 44mA 500mW 50V 10mA assuming the current working voltage is 50V
425. ort Input the command Switch Config Configure the Use the exit interface ethernet ethernetxx duplex mode command to lt interface list gt in and rate of return to global mode Ethernet Port Global Mode provided by the switch port channel Input the command Switch Config if Configure the Use the exit interface port port channelx duplex mode command to channel lt port and rate of return to channel number gt port channel Global Mode in global mode 5 VLAN Mode Run the vlan lt vlan id gt command under Global Mode and you can enter the corresponding VLAN Mode Under VLAN Mode the user can configure the member ports of the corresponding VLAN Run the exit command and you can return to Global Mode from the VLAN Mode Maipu Confidential amp Proprietary Information Page 45 of 472 MyPower S3026G POE AC Switch User Manual V1 0 6 DHCP Address Pool Mode Type the ip dhcp pool name command under Global Mode and you can enter the DHCP Address Pool Mode Switch Config lt name gt dhcp Z DHCP address pool properties can be configured under DHCP Address Pool Mode Run the exit command and you can return to the Global Mode from the DHCP Address Pool Mode 7 ACL Mode ACL type Entering Prompt Operation Exiting Mode Mode Standard IP Type the ip Switch Config Std Nacl a Configure Use the exit ACL Mode access list the command to standard standard IP return to command ACL Mode Global Mo
426. ort into Guest VLAN if there is no supplicant getting authenticated successfully in a certain stretch of time because of lacking exclusive authentication supplicant system or the version of the supplicant system being too low Once the 802 1x feature is enabled and the Guest VLAN is configured properly a port is added into Guest VLAN just like Auto VLAN if there is no response message from the supplicant system after the device sends more authentication triggering messages than the upper limit EAP Request Identity from the port Here the users of the ports in Guest VLAN initiate authentication If the authentication fails the port is still in the Guest VLAN If authentication succeeds there are two cases The authentication server assigns an Auto VLAN and then the port leaves Guest VLAN and joins the assigned Auto VLAN When the user becomes offline the port is allocated to the specified Guest VLAN again The authentication server assigns an Auto VLAN and then the port leaves Guest VLAN and joins the specified VLAN When the user becomes offline the port is allocated to the specified Guest VLAN again Maipu Confidential amp Proprietary Information Page 281 of 472 MyPower S3026G POE AC Switch User Manual V1 0 802 1x Configuration 802 1x Configuration Task List 1 Enable IEEE 802 1x function of the switch 2 Configure the attributes of the access management unit A Configure port authorization status of the port B
427. os is enabled Displayed information Explanation Qos is enabled Qos function is enabled show mls qos aggregate policer Command show mls qos aggregate policer aggregate policer name gt Function Display aggregate policy configuration information for QoS Parameters lt aggregate policy name gt is the aggregate policy name Default none Command mode Admin Mode Usage guide Example Switch show mls qos aggregate policer policer1 aggregate policer policerl 8000000 8000 exceed action drop Not used by any policy map Displayed information Explanation aggregate policer policeri 8000000 8000 exceed Configuration for this aggregate policy action drop Not used by any policy map Times that the aggregate policy is cited show mls qos interface Command show mis qos interface interface id buffers policers queueing statistics Function Display QoS configuration information on a port Parameters interface id is the port ID buffers is the queue buffer setting on the port policers is the policy setting on the port queuing is the queue setting for the port statistics is the number of packets allowed to pass for in profile and out of profile traffic according to the policy bound to the port Default none Command mode Admin mode Usage guide Statistics are available only when ingress policy is configured Example Switch show mls qos interface ethernet 0
428. outer port interface Command ip igmp snooping vlan lt v an id gt mrouter port interface lt ethernet gt ifname lt port channel gt no ip igmp snooping vlan vlan id mrouter port interface ethernet lt ifname gt lt port channel gt Function Configure static mrouter port of vlan The no form of the command cancels this configuration Parameter v an id ranging from 1 to 4094 ethernet Name of Ethernet port ifname Name of interface port channel Port aggregation Maipu Confidential amp Proprietary Information Page 240 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Mode Global Configuration Mode Default No static mrouter port on vlan by default Usage guide When a port becomes the static mrouter port and the dynamic mrouter port at the same time it should be taken as a static mrouter port Deleting static mrouter port can only be realized by the no command Example Switch config ip igmp snooping vlan 2 mrouter port interface ethernet0 0 13 ip igmp snooping vlan mrpt Command ip igmp snooping vlan v an id mrpt value no ip igmp snooping vlan vlan id mrpt Function Configure the life time of mrouter port Parameter v an id vlan ID ranging from 1 to 4094 value mrouter port survive period ranging from 1 to 65535 seconds Command Mode Global Configuration Mode Default status 255s Usage guide This command is valid on dynamic mrouter ports but not on mro
429. p multicast policy source lt source wildcard gt lt destination gt lt destination wildcard gt cos lt priority gt no ip multicast policy lt source gt lt source wildcard gt lt destination gt lt destination wildcard gt cos Function Configure multicast policy the no form of the command deletes the configuration Parameter lt source gt source address lt source wildcard gt source wildcard lt destination gt destination address lt destination wildcard gt destination wildcard priority specified priority ranging from 0 to 7 Default status None Maipu Confidential amp Proprietary Information Page 262 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Mode Global Configuration Mode Usage guide The command is used to modify the priority of the specified packets matched by the switch to the specified value and specify TOS to the same value Note that the priority of the UNTAG packet is not modified Example Switch Config ip multicast policy 10 1 1 0 0 0 0 255 225 1 1 0 0 0 0 255 cos T Typical DCSCM Instance 1 Source control To prevent an Edge Switch from sending multicast data at will we configure on the edge switch that only the switch at port Ethernet0 0 5 is allowed to transmit multicast data and the data group must be 225 1 2 3 The uplink port Ethernet0 0 25 can transmit multicast data without any limit and we can make the following configuration Switch Confi
430. p Proprietary Information Page 169 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MAC Address Table Introduction to MAC Address Table MAC table is a table identifying the mapping relationship between destination MAC addresses and switch ports MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses Static MAC addresses are manually configured by the user have the highest priority and are permanently effective are not overwritten by dynamic MAC addresses The dynamic MAC addresses are learned by the switch during data frame forwarding and are effective for a limited period When the switch receives a data frame to be forwarded it stores the source MAC address of the data frame and creates a mapping to the destination port Then the MAC table is queried for the destination MAC address if hit the data frame is forwarded in the associated port otherwise the switch forwards the data frame to its broadcast domain If a dynamic MAC address is not learnt from the data frames to be forwarded for a long time the entry is deleted from the switch MAC table There are two steps for the operation on the MAC table Obtain a MAC address Forward or filter data frame according to the MAC table Obtain MAC Table The MAC table can be built up statically and dynamically Static configuration is to set up a mapping between the MAC addresses and the ports dynamic learning is the process in which the swit
431. p address is the IP address in decimal dotted format mask is the subnet mask in decimal dotted format secondary means that the configured IP address is the secondary IP address Command mode VLAN interface mode Default status By default the system does not configure IP address Usage guide The command is used to configure the IP address of the VLAN interface manually If secondary is not configured it means that the configured IP address is the master IP address of the VLAN interface If Maipu Confidential amp Proprietary Information Page 159 of 472 MyPower S3026G POE AC Switch User Manual V1 0 secondary is configured it means that the IP address is the secondary IP address of the VLAN interface The switch can have only one master IP address but can have multiple secondary IP addresses The master IP address and the secondary IP adderss both can be used for the SNMP Web Telnet management Besides MyPower S3026G POE AC supports getting IP address via BOOTP DHCP Example Set the IP address of the switch as 192 168 1 10 24 Switch Config If Vlan1 ip address 192 168 1 10 255 255 255 0 shutdown Command shutdown no shutdown Function Disable the VLAN interface of the switch The no format of the command enables the VLAN interface Command mode VLAN interface mode Default status By default the VLAN interface is enabled Usage guide When the VLAN interface of the switch is disabled the VLAN interface does
432. p pool 1 Switch dhcp 1 config ip dhcp ping packets Command ip dhcp ping packets lt count gt no ip dhcp ping packets Function Set the number of the sent ping packets of the addresses to be distributed in the address pool the no format of this command restores the default value Parameters lt count gt is the number of the sent packets ranging from 0 10 Default status The default value is 2 Command Mode Global Configuration Mode Usage guide Configure the number of the sent ping packets The default value is 2 Example Modify the number of the sent ping packets to 5 Switch Config ip dhcp ping packets 5 Related command ip dhcp ping timeout ip dhcp ping timeout Command ip dhcp ping timeout lt milliseconds gt no ip dhcp ping timeout Function Set the timeout of waiting for the response after sending the ping packets The no format of this command restores the default value Parameters milliseconds is the timeout of waiting for the response after sending the ping packets in the unit of ms and the value range is 100 10000 Maipu Confidential amp Proprietary Information Page 372 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default Settings The timeout period is 500ms by default Command Mode Global Configuration Mode Usage guide Configure the timeout of receiving the response of the ping packet If the DHCP server does not receive the ping response within the specified tim
433. piatbeas seatacnacaaubeswonshitecuagh ieeisean acaacnsnaetbenceieeceaenceeieeenee 72 ip 79 Configure Switch IP Address iier aaae ii Xx4 UP Ci dx PPP cde 79 Switch IP Address Configuration Task Listcicsiccsccssessscctscccesaeesccnccntaeccccenascnccanaccnesesccenccnsaeecscnea 80 Commands for Configuring Switch IP Address eeeeeeeseeeeee enne 81 SNMP ConfiguratiOnhi ieiuna ien innen oko Ka SERRE KR RR RR AE KRRRXRARRRKRKRRRARKRKRRRARKRKASARRAXESKAKRA 83 lgyrgera recelphresc lure TERR 83 Introd uctionto MIB Er 84 Introduction t0 RMOWN E 85 SNMP COnfiQUIAtION EE M R 85 Typical SNMP Configuration INStanCesi cisasisecisassaessarssccscdassaedsanssaectdaveaessaneonedcdasaieceinineecaiees 94 SNMP ATOUBIESMOOUING T 95 Switch Upgrade ene enean dicen sis axcecessrescasassazcsassse case XAXRA MARKERS RARARKAE RAE ARESEANXS 99 seo sctonuldore r s pe LE 99 iU Apul ETPIMERMECPEEEPCEEMEPEEDOEUEREUDDEUEERMUUUEREURET 101 m adi 117 Introd ctiom to SystenT Fore PEERS TELE TOTETITTETODIECTLILICLLLIDODLL DELIBERA 117 Systemi Log COMMGUPAUO Mees RD 119 System Log Configuration Instance iius iic rna casas cctecesadenacenaconccetectaeatesconscceecenteasecnes 125 Maipu Confidential amp Proprietary Information Page 5 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Systemilbo
434. ports Here 24 are the fixed 10 100Base TX Ethernet interfaces two are 1000Base TX 1000Base FX single mode multi mode interfaces and two are 1000Base TX stacking interfaces On the panel of MyPower S3026G POE AC each port is marked with a port ID The relationship between the port IDs and the port IDs provided by the MyPower S3026G POE AC operation system software port IDs is listed as follows Physical port ID Software port ID 24 10 100Base T ethernet 0 0 1 24 Two 1000Base TX 1000Base FX ethernet 0 0 25 26 Two 1000Base TX ethernet 0 0 27 28 If users want to configure some ports they can use the command interface Ethernet lt interface list gt to enter corresponding Ethernet port configuration mode The parameter interface list can be 0 0 1 28 When lt interface list gt contains more than one port use special character including and to connect them In the Ethernet port configuration mode the port rate duplex mode and the traffic control can all be configured In response the performance of corresponding ports change accordingly Maipu Confidential amp Proprietary Information Page 149 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Configuration Ethernet Port Configuration Ethernet Port Configuration Task List 1 Enter the Ethernet port configuration mode 2 Configure the properties for the Ethernet ports Enable Disable ports c Configure port names c A Configu
435. pplication debug of the cluster The no format of the command disables the application debug of the cluster Parameter none Default status none Command mode admin mode Usage guide After executing the command enable the cluster application debug After enabling the switch the brief information of the configuration packet and the SNMP WEB RCOMMAND access running on the cluster is printed Example Enable the cluster application debug Switch debug cluster application debug cluster packets Command debug cluster packets register build heartbeat in out detail no debug cluster packets register build heartbeat in out detail Function Enable the cluster group debug The no format of the command disables the cluster group debug of the cluster Parameter register is the cluster register packet build is the cluster construction packet heartbeat is the cluster heartbeat packet in is the received packet out is the sent packet Detail means to print the detailed information Default status none Command mode admin mode Usage guide After executing the command enable the cluster group debug After the grouping switch is enabled the detailed information and the brief information of the keep alive packet register packet and the construction packet is printed Example Enable the receiving debug of the cluster register packet Switch debug cluster packets register in Cluster Troubleshooting When setting the
436. program 1 The host connected to port 12 plays program 2 IGMP Snooping listening result The multicast table built by IGMP Snooping in VLAN 100 indicates ports 1 2 6 10 in Group1 and ports 1 12 in Group2 All the four hosts can receive the programs they are interested in ports 2 6 10 do not receive the traffic of program 2 and port 12 donot receive the traffic of program 1 Scenario 2 L2 general querier Maipu Confidential amp Proprietary Information Page 245 of 472 MyPower S3026G POE AC Switch User Manual V1 0 L2 general querier Multicast port EEUU Switch B su Igmp snooping Group 1 Group 1 Group 1 Gopa The switch serving as IGMP Querier The configuration of SwitchB is the same as the switch in scenario 1 Switch A takes the place of Multicast Router in scenario 1 Let s assume that VLAN 60 is configured in Switch A including ports 1 2 10 and 12 Port 1 connects to the multicast server and port 2 connects to Switch B To send Query at regular interval IGMP Snooping should be enabled in global mode Meanwhile execute the IGMP Snooping vlan 60 12 general querier command to set VLAN 60 as the L2 general querier The configuration steps are listed below switchA config switchA config ip igmp snooping switchA config ip igmp snooping vlan 60 switchA config ip igmp snooping vlan 60 12 general querier switchB config switchB config ip igmp snooping switchB config ip igmp snooping vlan 100 s
437. public When a valid read only access community string is entered press Enter and return to the SNMP configuration menu Select 2 in the SNMP configuration menu press Enter and the following screen appears Please input traps host IP address A B C D When the user enters a valid IP address for Traps host presses Enter and the following appears Please input traps community string public Note The valid length for a traps community string is 1 to 255 characters and the default value is public When a valid communication community string is entered press Enter and return to the SNMP configuration menu Select 3 in the SNMP configuration menu press Enter and the following screen appears Enable SNMP server y n y To enable the SNMP service input y and press Enter or directly press Enter If the user does not need to enable the SNMP service input n and press Enter And then return to the SNMP configuration menu Select 4 in the SNMP configuration menu press Enter and the following screen appears Maipu Confidential amp Proprietary Information Page 31 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Enable SNMP traps y n y If the user needs the switch to send messages to Traps input y and press Enter or directly press Enter If the user does not need to send input n and press Enter And then return to the SNMP configuration menu Select 5 in the SNMP configuration menu p
438. r lt aggregate policer name gt lt rate bps gt lt burst byte gt exceed action drop policed dscp transmit no mls qos aggregate policer lt aggregate policer name gt Function Define an aggregate policy that can be used in one policy map by several class maps the no command deletes the specified aggregate policy Parameters lt aggregate policy name gt is the name of the aggregate policy lt rate bps gt is the average baud rate in bits s of classified traffic ranging from 1000000 to 1000000000 lt burst byte gt is the burst value in bytes for classified traffic ranging from 1000 to 1000000 exceed action drop means to drop packets when specified speed is exceeded exceed action policed dscp transmit specifies to mark down packet DSCP value according to policed dscp mapping when specified speed is exceeded Default No aggregate policy is configured by default Command mode Global configuration mode Usage guide If an aggregate policy is used by a policy map it cannot be deleted unless the reference to the aggregate policy is cleared in the appropriate policy map via the no police aggregate lt aggregate policer name gt command The deletion should be performed in global configuration mode with the no mis qos aggregate policer lt aggregate policer name gt command If selecting policed dscp transmit add the reference of policed dscp Example Create an aggregate policy named aggi the aggregate policy defines
439. r S3026G POE AC Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config If Vlan 1 exit Switch Config ftp server enable Switch Config ip ftp server username admin password 0 admin PC configuration Login to MyPower S3026G POE AC with any FTP client software with the username admin and password admin use the command get nos img 12 25 nos img to download nos img file from MyPower S3026G POE AC to the computer Scenario 3 MyPower S3026G POE AC is used as TFTP server MyPower 3026G POE AC operates as the TFTP server The PC is a TFTP client Transmit the nos img file in the switch to the PC The configuration steps of the switch are listed below MyPower S3026G POE AC Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config If Vlan 1 exit Switch Config tftp server enable PC configuration Log into MyPower S3026G POE AC with any TFTP client software use the tftp command to download nos img file from MyPower S3026G POE AC to the computer Maipu Confidential amp Proprietary Information Page 112 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Scenario 4 MyPower S3026G POE AC acts as FTP server for the client to view file list The MyPower S3026G POE AC acts as a FTP server and the PC acts as FTP Client Transmit the file list
440. r state is could query or suppressed Igmp snooping query interval Query interval of the vlan Max response time of the vlan IGMP Snooping robustness configured on the vlan alive time The timeput of the VLAN in the suppression state as 2 time general querier Group membership of this vlan namely the Membership correspondence between ports and S G mrouter port of the vian including both static and dynamic Maipu Confidential amp Proprietary Information Page 248 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show mac address table multicast Command show mac address table multicast Function Display the multicast MAC address table information Parameter none Command mode admin mode Default status By default the system does not display the mapping of the multicast MAC address and port Usage guide The command is used to display the multicast MAC address table information of the current switch Example Display the multicast mapping in VLAN100 Vlan Mac Address Type Creator Ports 1 01 00 5e 01 01 01 MULTI IGMP Ethernet0 0 20 IGMP Snooping Troubleshooting When configuring and using the IGMP Snooping function IGMP Snooping cannot run properly because of physical connection or configuration mistakes So the users should note that Make sure correct physical connection Enable IGMP Snooping in global configuration mode use ip igmp snooping Configure IGMP Snooping on VLAN in global configuration mode
441. r the policy map mode In the policy map mode you can classify the packet flow and configure policy according to the class map You can configure multiple class maps in one policy map Example Enter a policy class mode Switch config policy map pl Switch config PolicyMap class cl Switch config Policy Class exit Maipu Confidential amp Proprietary Information Page 438 of 472 MyPower S3026G POE AC Switch User Manual V1 0 set Command set ip dscp lt new dscp gt ip precedence lt new precedence cos lt new cos gt no set ip dscplip precedencelcos Function Assign a new DSCP IP Precedence for the classified traffic the no form of this command cancels assigning the new values Parameter ip dscp lt new dscp gt new ODSCP value lt new precedence new IP Precedence new cos new COS value Default Not assigned by default Command Mode Policy Class map Mode Usage guide Only the classified traffic which matches the matching standard are assigned with the new values Example Set the IP DSCP of the packets matching the c1 class rule to 3 Switch config policy map pl Switch config PolicyMap class cl Switch config Policy Class set ip precedence 3 Switch config Policy Class exit Switch config PolicyMap exit police Command police rate bps lt burst byte gt exceed action drop policed dscp transmit no police lt rate bps gt lt burst byte gt exceed action droplpoliced dscp tr
442. rdware resource limit If an access list contains the rule with the same filtering information but conflicting action it cannot be bound to the port and there is an error message For instance configuring permit tcp any any destination and deny tcp any any destination at the same time is not permitted The virus attack such as shock wave can be blocked by configuring ACL to block specific ICMP packets Currently the ACL can only be bound to the ingress of the port but cannot be bound to the egress of the port Maipu Confidential amp Proprietary Information Page 343 of 472 MyPower S3026G POE AC Switch User Manual V1 0 AM Configuration Introduction to AM AM is short for Access Management It uses the information of the received packet source IP address or source IP source MAC to compare with the configured hardware address pool If there is an entry in the address pool matching the information source IP address or source MAC IP address the packet is forwarded Otherwise the packet is dropped AM Pool AM pool is one address list and each address entry corresponds to one user Each address entry includes the address information and the correspond port The address infotmation includes the following two kinds IP address ip pool specifying the source IP address information of the user on the port MAC IP address mac ip pool specifying the source MAC address and source IP address information of the
443. re cannot be blank among the characters and the character string length is 1 30 Default status By default 5 ICMP echo request packets are sent the packet size is 56 bytes and the timeout is 2 seconds Command mode Admin mode Usage guide After the user inputs the ping command directly press Enter and the system provides one interacting configuration mode for the user The user can define the ping parameters as desired Example 1 Use the default parameter of the ping program Switch ping 10 1 128 160 Type c to abort Sending 5 56 byte ICMP Echos to 10 1 128 160 timeout is 2 seconds wale Success rate is 40 percent 2 5 round trip min avg max 0 0 0 ms In the example above the switch is made to ping the device at 10 1 128 160 The ICMP reply packets for the first three ICMP echo request packets are not received within default 2 seconds timeout that is the ping fails However the last two ping succeed So the success rate is Maipu Confidential amp Proprietary Information Page 60 of 472 MyPower S3026G POE AC Switch User Manual V1 0 40 It is denoted on the switch for ping failure which means unreachable link while for ping success which means reachable link Example 2 Use the ping command with source address configuration and leave other fields to default Switch ping src 10 1 128 161 10 1 128 160 Type c to abort Sending 5 56 byte ICMP Echos to 10 1 128 160 using source address 10 1 128 161
444. re port cable types c Configure port rate Configure port duplex mode Configure bandwidth control c Configure traffic control Enable Disable port loopback function Configure working mode of Combo port 3 Setthe packet suppression function 1 Enter Ethernet port configuration mode Command Description Global mode interface ethernet lt nterface list gt Enter Ethernet port configuration mode 2 Configure the properties of Ethernet port Maipu Confidential amp Proprietary Information Page 150 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Description Port configuration mode shutdown no shutdown Disable or enable the specified port name lt string gt no name Set or cancel the name of the specified port mdi auto across normal no mdi Set the cable type of the specified port The no format of the command restores the default cable type speed duplex auto force10 half force10 full force100 half force100 full force100 fx forceig half forceig full nonegotiate master slave Set the rate and duplex mode of the port bandwidth control bandwidth both receive transmit no bandwidth control Set the bandwidth occupied by receiving and sending data of the specified port flow control no flow control Enable or disable the traffic control function of the specified port loopback no loopback
445. re time range function A Create time range name Command Explanation Global mode time range time range name Create one time range name time range name no time range time range name Disable the time range function of time range name B Configure periodical time range Command Explanation Time range mode absolute periodic Monday Tuesday Wednesday Thursday Frid ay Saturday Sunday start time to Monday Tuesday Wednesday Thursday Friday Satur day Sunday end time periodic Monday Tuesday Wednesday Thursday Friday Saturday Sunday daily weekdays weekend lt start_time gt to lt end_time gt Configure the time range of different requests within one week and every week runs by the time range Maipu Confidential amp Proprietary Information Page 320 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no absolute periodic Monday Tuesday Wednesday Thursday Frid ay Saturday Sunday start time to Monday Tuesda y Wednesday Thursday Friday Saturday Sunday lt end_time gt Stop the time range configuration within one week no periodic Monday Tuesday Wednesday Thursd ay Friday Saturday Sunday daily weekdays weekend start time to lt end_time gt C Configure absolute time range Command Explanation Global mode absolute start start time start data end end time Cr
446. reach the authentication server through complicated networks In general EAP relay requires the RADIUS server to support EAP attributes EAP Message and Message Authenticator Maipu Confidential amp Proprietary Information Page 274 of 472 MyPower S3026G POE AC Switch User Manual V1 0 EAP is a widely used authentication frame to transmit the actual authentication protocol rather than a special authentication mechanism EAP provides some common function and allows the authentication mechanisms expected in the negotiation which are called EAP Method The advantage of EAP lies in that EAP mechanism working as a base needs no adjustment when a new authentication protocol appears The following figure illustrates the protocol stack of EAP authentication method The Protocol Stack of EAP Authentication Method By now there are more than 50 EAP authentication methods developed the differences among which are those in the authentication mechanism and the management of keys The f most common EAP authentication methods are listed as follows gt EAP MD5 EAP TLS Transport Layer Security EAP TTLS Tunneled Transport Layer Security PEAP Protected Extensible Authentication Protocol They are described in detail in the following part Attention The switch as the access controlling unit of Pass through does not check the content of a particular EAP method so can support all the EAP methods above and all the EAP authenti
447. rent trust status of the port mls qos cos lt default cos gt Y no mls qos cos Configure the default CoS value of the port the no mls qos cos command restores the default setting service policy input lt policy map name output lt policy map name gt no service policy input po icy map name output lt policy map name gt Apply one policy map to the port the no format of the command deletes the specified policy map applied to the port mls qos dscp mutation no mls qos dscp mutation Apply a DSCP transform mapping to the specified port the no format of the command restores the default value of the DSCP transform mapping 5 Configure egress queue working mode and weight Command Explanation Global Mode wrr queue bandwidth weight1 weight2 weight3 weight4 gt Set the WRR weight of the egress queue no wrr queue bandwidth of all ports The no format of the Maipu Confidential amp Proprietary Information Page 435 of 472 MyPower S3026G POE AC Switch User Manual V1 0 command restores the default value priority queue out no priority queue out Configure the working mode of the egress queue configure the queue as the pq egress working mode the no format of the command restores the wrr egress working mode wrr queue cos map lt queue id gt lt cos1 cos8 gt no wrr queue cos map lt queue id gt Set the mapping o
448. ress Enter and the following screen appears Please input the new NMS IP address A B C D When a valid secure IP address for SNMP management workstation is entered press Enter and return to the SNMP configuration menu Select 6 in the SNMP configuration menu and return to the Setup main menu Exit Setup Configuration Mode Select 5 in the Setup main menu to exit the Setup configuration mode without saving the configurations Select 6 in the Setup main menu to exit the Setup configuration mode and save the configurations For instance if the user sets the IP address and enables the web service under the Setup configuration mode the user can use the terminal to manage and configure the switch via the Telnet service after selecting 6 to exit the Setup main menu When the user exits the Setup configuration mode the CLI configuration interface appears Configuration commands and syntaxes are described in detail in later chapters Maipu Confidential amp Proprietary Information Page 32 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Management Management Modes After purchasing the switch the user needs to configure the switch for network management MyPower S3026G POE AC provides two management modes in band management and outband management Out band Management Out band management is to manage the switch via the Console interface Generally the user adopts out band management for the initial sw
449. result may not be the actual ones On a 100M port only two pairs are used 1 2 and 3 6 whose results are the only effective ones If a 1000M port is connected to a 100M port the results of 4 5 and 7 8 will be of no meaning The result may have deviations according to the type of the twisted pair the temperature working voltage and other conditions When the temperature is 20 degree Celsius and the voltage is stable without interference and the length of the twisted pair is no longer than 100 meters a deviation of 2 meters is allowed Notice the test procedure blocks all data flow on the line for 5 10 seconds and then restore the original status 568A wiring sequence 1 green white 2 green 3 orange white 6 orange 4 blue 5 blue white 7 brown white 8 brown 568B wiring sequence 1 orange white 2 orange 3 green white 6 green 4 blue 5 blue white 7 brown white 8 brown Example Test the link status of the twisted pair connected to the 1000M port 0 0 25 Switch Config interface ethernet 0 0 25 Switch Config Ethernet0 0 25 virtual cable test Interface Ethernet0 0 25 Cable pairs Cable status Error lenth meters 1 2 open 5 3 6 open 5 4 5 open 5 7 8 short 5 VLAN Interface Configuration VLAN Interface Configuration Task List 1 Enter the VLAN interface configuration mode 2 Configure IP address of VLAN interface and enable the VLAN interface 1 Enter VLAN interface con
450. ries is lower than the static ARP list entries set by administrator so can be overwritten by static ARP list entries but when static ARP list entries are deleted the binding ARP list entries can not be recovered untill the DHCP SNOOPING recapture the biding inforamtion Adding binding ARP list entries is used to prevent these list entried from being attacked by ARP cheating At the same time these static list entries need no reauthenticaiton which can prenvent the switch from the failing to reauthenticate ARP when it is being attacked by ARP scanning Only after the DHCP SNOOPING binding function is enabled the binding ARP function can be set Maipu Confidential amp Proprietary Information Page 389 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Enable the DHCP Snooping binding ARP funciton Switch Config ip dhcp snooping binding arp Related command ip dhcp snooping binding enable ip dhcp snooping binding dot1x Command ip dhcp snooping binding dotix no ip dhcp snooping binding dot1x Function Enable the DHCP Snooping binding DOT1X funciton Parameters None Command Mode Port configuration mode Default Settings By default the binding DOT1X funciton is disabled on all ports Usage guide When this function is enabled DHCP SNOOPING will notify the DOT1X module about the captured bindng information as a DOT1X controlled user This command is mutually exclusive with the ip dhcp snooping binding user cont
451. rietary Information Page 315 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Configuration mode of the named extended IP access list exit Exit the configuration mode of the named extended IP access list E Configure one numbered standard MAC access list Command Explanation Global mode access list num deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt no access list num Create one numbered standard MAC access list If the access list exists add one rule entry The no format of the command deletes one numbered standard MAC access list F Configure the numbered extended MAC access list Command Explanation Global mode access list lt num gt deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac 4host destination mac host dmac lt dmac gt lt dmac mask gt untagged eth2 tagged eth2 untagged 802 3 tagged 802 3 offset1 length1 valuel offset2 length2 value2 offset3 length3 value3 lt offset4 gt length4 value4 11 no access list num Create one numbered extended MAC access list If the access list exists add one rule entry The no format of the command deletes one numbered extended MAC access list G Configure one nam
452. rmally and extra debugging is not required 3 The switch will implement self testing when powered on Note The input voltage must comply with the power specification of the switch Otherwise the switch may be damaged or work improperly If the power indicator is off or the self check is abnormal after the switch is powered on contact Maipu customer service center Do not disassemble the switch Maipu Confidential amp Proprietary Information Page 26 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Setup Configuration Setup configuration refers to the initial operation to the switch after the user purchases the switch For first time users of the MyPower S3026G POE AC switch this chapter provides a very practical instruction When using the Command Line Interface CLI the user can type setup under admin mode to enter the Setup configuration interface Setup configuration is done via menu selections in which switch hostname Vlani interface Telnet service Web service and SNMP can be configured Setup Configuration Setup is configured via the menu In Setup configuration mode you can configure the host name interface VLan1 Telnet service Web service and SNMP of the switch Setup Main Menu Before entry into the main menu the following screen is displayed to prompt the user to select a preferred interface language English users should choose 0 to enter the English interface while Chinese users can choo
453. rmit any source macl host source mac lt host_smac gt lt smac gt lt smac mask gt any destination macl host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt eigrplgreligrpliplipiniplospfl lt protocol num gt source source wildcard gt lany sourcel host source lt source host ip gt destination destination wildcard Jany destinationl host destination destination host ip precedence lt precedence gt tos lt tos gt time range lt time range name gt Function Define an extended numeric MAC IP ACL rule the no format of the command deletes an extended numeric MAC IP ACL access list rule Parameters access list number the access list number a decimal number from 3100 3199 deny if rules are matching deny to access permit if rules are matching permit to access any source mac any source MAC address any destination mac any destination MAC address host_smac smac source MAC address smac mask mask reverse mask of source MAC address host_dmac dmas destination MAC address dmac mask mask reverse mask of destination MAC address protocol No of name or IP protocol It can be a key word eigrp Maipu Confidential amp Proprietary Information Page 331 of 472 MyPower S3026G POE AC Switch User Manual V1 0 gre icmp igmp igrp ip ipinip ospf tcp or udp or an integer from 0 255 of list No of IP address Use key word ip to match all Internet prot
454. rol command Only after the DHCP SNOOPING binding function is enabled the binding DOT1X function can be set Example Enable the binding DOT1X funciton on port ethernet0 0 1 Switch Config interface ethernet 0 0 1 Switch Config Ethernet 0 0 1 ip dhcp snooping binding dot1x Related command ip dhcp snooping binding enable ip dhcp snooping binding user control ip dhcp snooping binding user control Command ip dhcp snooping binding user control no ip dhcp snooping binding user control Function Enable the DHCP snooping binding user funtion Parameters None Command Mode Port Configuration Mode Default Settings By default the binding user funciton is disabled on all ports Maipu Confidential amp Proprietary Information Page 390 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide When this function is enabled DHCP SNOOPING will treat the captured binding information as trusted users allowed to access all resources This command is mutually exclusive with the ip dhcp snooping binding dotix command Only after the DHCP SNOOPING binding function is enabled the binding ARP function can be set Example Enable the binding USER funciton on port ethernet0 0 1 Switch Config interface ethernet 0 0 1 Switch Config Ethernet 0 0 1 ip dhcp snooping binding user control Related command ip dhcp snooping binding enable ip dhcp snooping binding dot1x ip dhcp snooping trust Command ip dhcp snooping
455. rom one spanning tree branch to another rapidly the disable mode is not recommended Example Switch Config interface ethernet 0 0 2 Switch Config Ethernet 0 0 2 spanning tree tcflush disable Switch Config Ethernet 0 0 2 MSTP Instances The following is a typical MSTP application instance Maipu Confidential amp Proprietary Information Page 225 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Typical MSTP configuration instance The connections among SW1 SW4 are shown in the above figure All the switches run in the MSTP mode by default and their bridge priority port priority and port route cost are all in the default values equal The default configurations for the switches are listed below Bridge Name SW1 SW2 SW3 SW4 Bridge MAC 00 00 01 00 00 02 00 00 03 00 00 04 Address Bridge Priority 32768 32768 32768 32768 Port 1 128 128 128 Port 2 128 128 128 Port 3 128 128 Pot4 128 128 E Port 5 128 128 e Port 6 128 128 amp Port7 128 128 Port 1 200000 200000 200000 Port 2 200000 200000 200000 Port 3 200000 200000 w Port 4 200000 200000 O Port 5 200000 200000 2 Port 6 200000 200000 Q Port7 200000 200000 By default the MSTP establishes a tree topology in blue lines rooted with SW1 The ports marked with x are in the discarding status and the other ports are in the forwarding status Maipu Confiden
456. roprietary Information Page 23 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ESD wrist strap Antistatic glove Console cable and commutator Connecting cable Standard Twisted pair RJ 45 pin Hardware Installation Mount Switch to Rack MyPower S3026G POE AC can be mounted onto a standard 19 rack Perform the following steps to install the switch D2 CALI am ZI ee EER GENES UCM v AMA 7 eger oe exe tre e en a red imul T Seu erry FVF vee ASG RAGE GD GA id e eau 110 RESREEUE REE Reps Pee Mount MyPower S3026G POE AC to the rack 1 Attach the brackets on both sides of the switch with screws provided in the accessory kit 2 Put the bracket mounted switch onto a standard 19 rack Fasten it at a proper location with the screws provided leaving enough space around the switch for good air circulation Note The brackets are used to fix the switch on the rack rather than bearing its weight so it is recommended to place a rack shelf under the switch Do not place anything on top of the switch or block the vents to prevent device damages and abnormal operation Maipu Confidential amp Proprietary Information Page 24 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Console Cable Connection MyPower S3026G POE AC provides a DB9 asynchronous serial console port Perform the following steps to connect the Console port Rr Ade p A oe NV f P
457. rspt 18 ip igmp snooping vlan query robustness Command ip igmp snooping vlan lt v an id gt query robustness value no ip igmp snooping vlan vlan id query robustness Function Configure the query robustness The no ip igmp snooping vlan vlan id query robustness command restores to the default value Parameter v an id vlan id ranging from 1 to 4094 value ranging from 2 to10 Command Mode Global Configuration Mode Default status 2 Usage guide It is recommended to use the Default Please keep this configuration in accordance with IGMP configuration if layer 3 IGMP is running Maipu Confidential amp Proprietary Information Page 242 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Switch config ip igmp snooping vlan 2 query robustness 3 ip igmp snooping vlan suppression query time Command ip igmp snooping vlan vlan id suppression query time value no ip igmp snooping vlan vlan id suppression query time Function Configure the suppression query time The no form of the command restores to the default value Parameter v an id vlan id ranging from 1 to 4094 value ranging from 1 to 65535 seconds Command Mode Global Configuration Mode Default status 255s Usage guide This command can only be configured on L2 general querier The Suppression query time refers to the period of entering the suppression state maintaining when receiving the query from the layer 3 IGMP i
458. rt If no ports and MAC are specified all dynamic MAC in all locked secure ports are cleared if only port but no MAC address is specified all MAC addresses in the specified port are cleared Example Delete all dynamic MAC in port1 Switch clear port security dynamic interface Ethernet 0 0 1 switchport port security maximum Command switchport port security maximum value no switchport port security maximum Function Sets the maximum number of secure MAC addresses for a port the no switchport port security maximum command restores the maximum secure address number 1 Command mode Port configuration mode Parameter value is the upper limit for static secure MAC addresses and the valid range is 1 to 128 Default status The default maximum port secure MAC address number is 1 Usage guide The MAC address binding function must be enabled before maximum secure MAC address number can be set If secure static MAC address number of the port is larger than the maximum secure MAC address number set the setting fails extra secure static MAC addresses must be deleted so that the secure static MAC address number is no larger than the maximum secure MAC address number for the setting to be successful Example Set the maximum secure MAC address number for port 1 as 4 Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport port security maximum 4 switchport port security violation Command switchpo
459. rt address of the desired information in the memory and output word number The displayed information consists of three parts address Hex view of the information and character view Example Switch show memory start address 0x2100 number of words 64 002100 0000 0000 0000 0000 0000 0000 0000 0000 T 002110 0000 0000 0000 0000 0000 0000 0000 0000 002120 0000 0000 0000 0000 0000 0000 0000 0000 d Maipu Confidential amp Proprietary Information Page 74 of 472 MyPower S3026G POE AC Switch User Manual V1 0 002130 0000 0000 0000 0000 0000 0000 0000 0000 002140 0000 0000 0000 0000 0000 0000 0000 0000 002150 0000 0000 0000 0000 0000 0000 0000 0000 002160 0000 0000 0000 0000 0000 0000 0000 0000 002170 0000 0000 0000 0000 0000 0000 0000 0000 Xo X X X Xo X X X X show rom Command show rom Function Display the boot files and the size Command mode Admin mode Example View the boot file information Switch show rom miniRom Infomation file name mini rom file size 273200 bytes version 1 6 101 BootRom Infomation file name nos rom file size 1597360 bytes version 1 6 101 show running config Command show running config Function Display the current active configuration parameters for the Switch Default status If the active configuration parameters are the same as the default operating parameters nothing is displayed Comm
460. rt channel displays port aggregation information Maipu Confidential amp Proprietary Information Page 357 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command mode Admin Mode Usage guide If port group number is not specified then information for all port groups will be displayed Example Add port 0 0 49 and 0 0 50 to port group 1 1 Display summary information for port group 1 Switch show port group 1 brief Port group number 1 Number of ports in port group 2 Maxports in port channel 8 Number of port channels 0 Max port channels 1 Displayed information Explanation 1 Number of ports in port group The number of the ports in port group Maxports in port channel The maximum number of the ports allowed in the group Number of port channels Whether aggregated to port channel or not Max port channels The maximum number of the aggregation ports that can be formed by Port group 2 Display detailed information for port group 1 Switch show port group 1 detail Sorted by the ports in the group 1 port Ethernet0 0 49 both of the port and the agg attributes are not equal the reason is 2 the general information of the port are as follows portnumber 49 actor_port_agg_id 0 partner oper sys 0x000000000000 partner oper key 0x0001 actor oper port key 0x0101 mode of the port ACTIVE lacp aware enable begin FALSE port enabled FALSE lacp ena FALSE ready n TRUE the attrib
461. rt port security violation protect shutdown no switchport port security violation Function Configure the port violation mode The no switchport port security violation restores the violation mode to protect Command mode Port configuration mode Parameter protect refers to protection mode shutdown refers to the shutdown mode Maipu Confidential amp Proprietary Information Page 182 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default status The port violation mode is protect by default Usage guide The port violation mode configuration is only available after the MAC address binding function is enabled when the port secure MAC address exceeds the security MAC limit if the violation mode is protect the port only disable the dynamic MAC address learning function while the port will be shut if at shutdown mode Users can manually open the port with no shutdown command Example Set the violation mode of port 1 to shutdown Switch Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport port security violation shutdown Binding MAC Address Binding Troubleshooting 1 Monitoring and Debugging Commands of MAC Address Binding show port security Command show port security Function Display the global security port configuration Command mode Admin Mode Default status The switch does not display security port configuration Usage guide This command displays the security port information of t
462. rt value Command mode Admin mode Usage guide The command is used to display the VLAN information and Trunk port information pf the switch port Example Show VLAN information of port 0 0 1 Switch show switchport interface ethernet 0 0 1 Ethernet0 0 1 Type Universal Mac addr num No limit Mode Access Port VID 1 Trunk allowed Vlan ALL Displayed Information Description Ethernet0 0 1 Corresponding interface number of the Ethernet Type Current interface type Mac addr num The number of interfaces with MAC address learning ability Mode Access Current interface VLAN mode Port VID 1 Current VLAN number the interface belongs Trunk allowed Vian ALL VLAN permitted by Trunk Maipu Confidential amp Proprietary Information Page 76 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show tcp Command show tcp Function Display the current TCP connection status established to the switch Command mode Admin Mode Usage guide The command is used to view the TCP connection with the switch Example Switch show tcp LocalAddress LocalPort ForeignAddress ForeignPort State 0 0 0 0 23 0 0 0 0 0 LISTEN 0 0 0 0 80 0 0 0 0 0 LISTEN Displayed information Description LocalAddress Local address of the TCP connection LocalPort Local pot number of the TCP connection ForeignAddress Remote address of the TCP connection ForeignPort Remote por
463. rts 6 Configure QoS mapping Configure the mapping from CoS to DSCP DSCP to CoS dscp mutation and policed dscp 1 Enable the QoS function Command Explanation Global mode mls qos Enable and disable the QoS function no mls qos 2 Configure classmap Command Explanation Global mode class map class map name no class map class map name Create a class map and enter class map mode the no class map c ass map name command deletes the specified class map match access group lt ac index or name gt lip dscp lt dscp list gt ip precedence p precedence list gt vlan lt vian list gt cos lt cos list gt no match access group ip dscp ip precedence vlan cos Set the matching criterion in the classification table the no format of the command deletes specified matching criterion 3 Configure a policy map Maipu Confidential amp Proprietary Information Page 434 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Explanation Global mode policy map lt policy map name gt no policy map lt policy map name gt Create a policy map and enter policy map mode the no policy map lt policy map name gt command deletes the specified policy map class c ass map name no class lt class map name gt Set up one class and enter the class mode The no format of the command deletes the specifie
464. rval of loopback detection 2 Enable the port loopback detection function Command Explanation Port Mode loopback detection specified vlan lt v an list gt Enable and disable the function of port no loopback detection specified vlan loopback detection function vlan list 3 Configure the port loopback detection control mode Command Explanation Port Mode loopback detection control shutdown block learning trap no loopback detection control Enable and disable the function of port loopback detection control 4 Display and debug the relevant information of port loopback detection Command Explanation Admin Mode Enable the debug information of the function debug loopback detection module of port loopback detection The no no debug loopback detection format of the command disables the debug information Maipu Confidential amp Proprietary Information Page 417 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Display the state and result of the loopback show loopback detection interface detection of all ports if no parameter is lt interface list gt provided otherwise display the state and result of the corresponding ports Commands for Configuring Port Loopback Detection Function loopback detection control Command loopback detection control shutdown block learning trap no loopback detection control Fu
465. s 2 Setinterval 3 Set time difference 1 Set server address Command Explanation Global mode sntp server server address version version no no sntp server server address Set cancel SNTP NTP server address and server version 2 Setinterval Command Explanation Global mode sntp polltime lt nterval gt no sntp polltime Set the interval of the SNTP client sending request to the NTP SNTP server 3 Settime difference Command Explanation Global mode sntp timezone lt name gt add subtract lt time_difference gt no sntp timezone Set the tiemzone of the SNTP client and the time difference with UTC SNTP Configuration Commands sntp server Command sntp server lt server_address gt version lt version_no gt no sntp server lt server_address gt Maipu Confidential amp Proprietary Information Page 424 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Function Set the SNTP NTP server address and server version the no format of the command cancels the set SNTP NTP server address Parameter server address is the IP unicast address of SNTP NTP server version no is the SNTP version number of the current client ranging from 1 to 4 The default version is 1 Default The SNTP NTP server address and server version are not configured by default Command Mode Global Mode Usage guide None E
466. s ARP can also be configured statically ARP Configuration ARP Configuration Task List Configure static ARP Command Explanation arp p address mac address no arp ip address Configure a static ARP entry the no command deletes a static ARP entry ARP Forwarding Configuration Command arp Command arp ip address lt interfacelist gt Maipu Confidential amp Proprietary Information lt mac_address gt ethernet Page 459 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no arp ip address Function Configures a static ARP entry the no arp ipaddress command deletes a static ARP entry Default No static ARP entry is set by default Command mode VLAN Interface Mode Usage guide Static ARP entries can be configured on the switch Example Configure static ARP for interface VLAN1 switch Config If Vlan1 arp 1 1 1 1 00 03 0f f0 12 34 ethernet 0 0 1 ARP Forwarding Troubleshooting Monitoring and Debugging Commands show arp Command show arp lt ip addr gt lt vlan id gt lt hw addr gt type Kstatic dynamic count Function Display the ARP mapping table Parameters lt ipaddress gt is a specified IP address lt vlan id gt stands for the entry for the identifier of specified VLAN lt hw addr gt for entry of specified MAC address static for static ARP entry dynamic for dynamic ARP entry count displays number of ARP entries Command mode Admin
467. s Note whether the instances of the configuration parameters are correct during configuration The MSTP function of the switch port is mutually exlusive with the port MAC binding and 802 1x functions When the port is configured with the MAC binding and 802 1x functions the MSTP function cannot be enabled on the port Maipu Confidential amp Proprietary Information Page 234 of 472 MyPower S3026G POE AC Switch User Manual V1 0 IGMP Snooping Configuration Introduction to IGMP Snooping IGMP Internet Group Management Protocol is used to realize IP multicast IGMP is used by the network devices that support multicast such as router for host membership query and by hosts that want to add to one multicast group to inform the router to accept packets of a certain multicast address All those operations are done via the exchanging of the IGMP packets The router uses a multicast address 224 0 0 1 that can address to all hosts to send an IGMP host membership query packet If a host wants to join a multicast group it uses the group address of the multicast group to reply one IGMP host membership report packet IGMP Snooping is also referred to as IGMP listening The switch prevents multicast traffic from flooding through IGMP Snooping The multicast traffic is only forwarded to the ports associated to multicast devices The switch listens to the IGMP messages between the multicast router and hosts and maintains multicast group forwardi
468. s the status of the port is changed from blocking to forwarding This delay is called the forward delay The forward delay is relevant with hello time and max aging time Maipu Confidential amp Proprietary Information Page 215 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The parameters should meet the following conditions Otherwise the MSTP may work incorrectly 2 x Bridge Forward Delay 1 0 seconds gt Bridge Max Age Bridge Max Age 22x Bridge Hello Time 1 0 seconds Example In global mode set MSTP forward delay time to 20 seconds Switch Config spanning tree forward time 20 spanning tree hello time Command spanning tree hello time lt time gt no spanning tree hello time Function Set switch Hello time The command no spanning tree hello time restores the default setting Parameter lt time gt is Hello time in seconds The valid range is from 1 to 10 Command mode Global configuration mode Default Hello Time is 2 seconds by default Usage guide Hello time is the interval that the switch sends BPDUs Hello time is co working with forward delay and max age The parameters should meet the following conditions Otherwise the MSTP may work incorrectly 2 x Bridge_Forward_Delay 1 0 seconds gt Bridge_Max_Age Bridge_Max_Age gt 2 x Bridge_Hello_Time 1 0 seconds Example Set MSTP hello time to 5 seconds in global mode Switch Config spanning tree hello time 5 spanning tree l
469. s indicates that only crossover cable is supported normal indicates straight through cable supported only Command mode Port Mode Default status Port cable type is set to auto by default Usage guide The command is used only by the fixed ports By default the fixed ports negotiate the Ethernet cable type automatically The user does not need to concern the Ethernet cable is crossover or straight through the peer device is host or switch As long as the Ethernet cable and the adapter of the peer device are available MyPower S3026G POE AC can be connected correctly Example Set the cable type of Ethernet ports 0 0 1 8 to straight through cable Switch Config interface ethernet 0 0 1 8 Switch Config Port Range mdi across name Command name lt string gt no name Function Set the name for specified port the no name command cancels this configuration Maipu Confidential amp Proprietary Information Page 156 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter string is a character string which should not exceed 200 characters Command mode Port Mode Default status No port name by default Usage guide This command is for helping the user manage switches For example the user sets names according to the port application e g financial as the name of 1 8 ports which is used by financial department engineering as the name of 9 20 ports which belongs to the engineering department while the
470. s of logical abstraction to abstract a set of ports port sequence with the same properties to a logical port Port Channel is a collection of physical ports and used logically as one physical port Port Channel can be used as a normal port by the user and can not only add network s bandwidth but also provide link backup Port aggregation is usually used when the switch is connected to routers hosts or other switches S2 Port aggregation As shown in the above ports 1 4 of Switch 1 is aggregated to a Port Channel the bandwidth of this Port Channel is the total of all the four ports If traffic from Switch 1 needs to be transferred to Switch 2 through the Port Channel traffic allocation calculation is performed based on the source MAC address and the lowest bit of target MAC address The calculation result decides which port to convey the traffic If a port in Port Channel fails the other ports undertake traffic of that port through a traffic allocation algorithm This algorithm is carried out by the hardware Maipu Confidential amp Proprietary Information Page 351 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The switch offers two methods for configuring port aggregation manual Port Channel creation and LACP Link Aggregation Control Protocol dynamic Port Channel creation Port aggregation can only be performed on ports in full duplex mode To make Port Channel work properly the member ports of the Port
471. s standard name no ip access standard name Function Create a named standard access list The no prefix will remove the named standard access list including all the rules in the list Maipu Confidential amp Proprietary Information Page 324 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters name is the name of the access list The name can be formed by non all digit characters of length of 1 to 16 Command Mode Global configuration mode Default No access list is configured by default Usage guide When this command is issued for the first time an empty access list is created not including any entry Example Create a standard IP access list name ipFlow Switch Config ip access list standard ipFlow ip mac mac ip access group Command ip mac mac ip access group lt name gt in out no iplmaclmac ip access group lt name gt inlout Function Apply an access list on some direction of port and determine if ACL rule is added with statistic counter or not by options the no command deletes access list binding on the port Parameter lt name gt is the name for access list and the character string length is from 1 16 Command Mode Physical Port Mode Default The port is not bound with ACL Usage guide One port can be bound to one group of ingress rules and a group of egress rules When ACL is bound to the egress it can only contain the deny rules Currently ACL can only be bound to
472. sIpAddr gt no denylpermit lt sIpAddr gt lt sMask gt lany sourcel host source lt sIpAddr gt Function Create a named standard IP access rule and no deny permit lt sIpAddr gt lt sMask gt any source host source lt sIpAddr gt action of this command deletes the named standard IP access rule Parameters lt sIpAddr gt is the source IP address and the format is dotted decimal notation lt sMask gt is the reverse mask of source IP and the format is dotted decimal notation Command Mode The named standard IP access list configuration mode Default No access list is configured Example Permit packets with source address 10 1 1 0 24 to pass and deny other packets with source address 10 1 1 0 16 Switch Config ip access list standard ipFlow Switch Config Std Nacl ipFlow permit 10 1 1 0 0 0 0 255 Switch Config Std Nacl ipFlow deny 10 1 1 0 0 0 255 255 access list mac standard Command access list lt access list number gt deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt no access list lt access list number gt Function Define a standard numeric MAC ACL rule the no access list lt num gt command deletes a standard numeric MAC ACL access list rule Parameters lt num gt is the access list No which is a decimal s No from 700 799 deny if rules are matching deny access permit if rules are matching permit access l
473. same to other ACLs and use wildcard character to configure address range and also specify a host address or all addresses Note that all addresses is 224 0 0 0 4 for group IP address not 0 0 0 0 0 in other access list Example Switch Config access list 5000 permit ip 10 1 1 0 0 0 0 255 232 0 0 0 0 0 0 255 access list Multicast Destination Control Command access list 6000 7999 lt deny permit ip lt source gt lt source wildcard gt host source lt source host ip gt any source 4 destination destination wildcard host destination lt destination host ip gt any destination no access list lt 6000 7999 gt denylpermit ip lt source gt source wildcard jl host source lt source host ip gt lany source destination destination wildcard gt host destination lt destination host ip gt any destination Function Configure destination control multicast access list the no form of the command deletes the access list Parameter lt 6000 7999 gt destination control access list number deny permit deny or permit lt source gt multicast source address lt source wildcard gt multicast source address wildcard character lt source host ip gt multicast source host address lt destination gt multicast destination address lt destination wildcard gt multicast destination address wildcard character lt destination host ip gt multicast destination host address Defau
474. se 1 to view the interface in Chinese Please select language 0 English 1 Chinese Selection 0l1 0 The main Setup configuration menu is listed below Configure menu 0 Config hostname 1 Config interface Vlan1 2 Config telenet server 3 Config web server 4 Config SNMP 5 Exit setup configuration without saving Maipu Confidential amp Proprietary Information Page 27 of 472 MyPower S3026G POE AC Switch User Manual V1 0 6 Exit setup configuration after saving Selection number oetup Sub Menu Configuring Switch Hostname Select 0 in the Setup main menu and press Enter and the following screen appears Please input the host name switch Note the hostname entered should be less than 30 characters If the user presses Enter without input the hostname is switch by default Configure Vlan1 Interface Select 1 in the Setup main menu and press Enter to start configuring the Vlani interface Config Interface Vlan1 0 Config interface Vlan1 IP address 1 Config interface Vlan1 status 2 Exit Selection number Select O in the Vlani interface configuration menu and press Enter the following screen appears Please input interface Vlanl IP address A B C D When the user enters valid IP address for Vlani interface and presses Enter the following screen appears Please input interface Vlanl mask 255 255 255 0 By default the system sets the mask of VLAN1 interface as
475. server securityip lt ip address gt Function Configure the security IP address allowed to access the switch NMS administration station the no form of the command deletes configured security IP address Command mode Global Configuration Mode Maipu Confidential amp Proprietary Information Page 92 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter ip address is the security IP address of the NMS in dotted decimal format Usage guide Only when the NMS administration station IP address and security IP address configured by the command are consistent the sent SNMP packets could be processed by the switch the command only applies to SNMP vi and SNMP v2c Example Configure security IP address of NMS management station Switch config snmp server securityip 1 1 1 5 Delete security IP address Switch config no snmp server securityip 1 1 1 5 snmp server SecurityIP Command snmp server SecurityIP enable snmp server SecurityIP disable Function Enable disable the security IP address authentication of the NMS station Command mode Global Configuration Mode Default status Enable the security IP address authentication function Example Disable the security IP address authentication function Switch config snmp server securityip disable rmon enable Command rmon enable no rmon enable Function Enable RMON the no rmon enable command disables RMON Command mode Global Configuration Mode Defa
476. should be met 1 The switch is configured with the IP addresses Maipu Confidential amp Proprietary Information Page 42 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 The IP address of the host as LinkManager and that of the VLAN interface on the switch it subordinates to should be in the same segment 3 If item 2 is not met the client can reach an IP address of the switch via devices such as routers The host with LinkManager should be able to ping the IP address of the switch so that when running LinkManager can find MyPower S3026G POE AC and implement read write operation on it The details about how to manage switches via SNMP network management software is not described in this manual Please refer to LinkManager User Manual Management Interfaces MyPower S3026G POE AC provides three kinds of management interfaces that is CLI Web and LinkManager The following describes the CLI and Web interfaces in details For LinkManager refer to LinkManager User Manual CLI The CLI interface is familiar to most users As aforementioned Console management and Telnet login are all performed via the CLI interface to manage the switch The CLI Interface is supported by the Shell program which consists of a series of the configuration commands Those commands are classified according to their functions in switch configuration and management Each class corresponds to a different configuration mode The features of
477. show snmp mib Command show snmp mib Function Display all MIBs supported by the switch Command mode Admin Mode Usage guide Enable the SNMP proxy before using the function Example Switch show snmp mib debug snmp packet Command debug snmp packet no debug snmp packet Function Enable the SNMP debug The no format of the command disables the debug Command mode admin mode Usage guide If there is some problem when using SNMP enable the SNMP debug to search the problem reason Example Switch debug snmp packet Maipu Confidential amp Proprietary Information Page 98 of 472 MyPower S3026G POE AC Switch User Manual V1 0 SNMP Troubleshooting When users configure the SNMP the SNMP server may fail to run properly due to physical connection failure and wrong configuration etc Users can troubleshoot the problems by following the guide below Ensure that the physical connection is correct Interface and link protocol are Up use the show interface command and the connection between the switch and host can be verified by ping use ping command The switch enables the SNMP Agent server function use snmp server enable command Secure IP for NMS use snmp server securityip command and community string use snmp server community command are correctly configured as any of them fails SNMP will not be able to communicate with NMS properly e If Trap function is required remember to e
478. sk gt igmp lt source gt lt source wildcard gt any source host source lt source host ip gt lt destination gt lt destination wildcard gt any destination host destination lt destination host ip gt lt igmp type gt precedence precedence tos tos time range time range name access list num deny permit 4any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt lt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tcp lt source gt lt source wildcard gt any source host source lt source host ip gt s port lt port1 gt lt destination gt lt destination wildcard gt any destination 4host destination lt destination host ip gt d port lt port3 gt ack fin psh rst urg syn precedence lt precedence gt tos tos time range time range name access list num deny permit 4any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt lt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt udp lt source gt lt source wildcard gt any source host source lt source host ip gt s port lt port1 gt lt destination gt lt destination wildcard gt any destination host destination lt destination host ip gt d port lt port3 gt precedence lt precedence gt tos lt tos gt time range lt time range name gt access list lt num gt denylpe
479. smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tagged 802 3 cos lt cos val gt lt cos bitmask gt vlanId lt vid value gt lt vid mask gt Functions Create a name extended IP access rule to match specific IP protocol or all IP protocol Parameters lt any source mac gt any source MAC address lt any destination mac gt any destination MAC address lt host_smac gt lt smac gt source MAC address lt smac mask gt mask reverse mask of source MAC address lt host_dmac gt lt dmac gt destination MAC address lt dmac mask gt mask reverse mask of destination MAC address untagged eth2 format of untagged ethernet II packet tagged eth2 format of tagged ethernet II packet untagged 802 3 format of untagged ethernet 802 3 packet tagged 802 3 format of tagged ethernet 802 3 packet cos val the cos value ranging from 0 7 cos bitmask cos mask 0 7 reverse mask and mask bits consecutive vid value vlan ID ranging from 1 4 94 vid bitmask vlan mask ranging from 0 4095 and reverse mask and mask bits consecutive protocol specified Ethernet protocol number ranging from 1536 65535 protocol bitmask protocol mask ranging from 0 65535 reverse mask and mask bits consecutive Note mask bits consecutive means that the valid bits of the mask must be valid consecutively from the left first bit and invalid bits cannot be inserted For example the revers
480. sses web service and etc Example Switch setup Setup Configuration System Configuration Dialog At any point you may enter Ctrl C to exit Default settings are in square brackets If you don t want to change the default settings you can input enter Continue with configuration dialog y n y Please select language 0 English 1 Chinese Selection 0l1 0 0 Configure menu Maipu Confidential amp Proprietary Information Page 56 of 472 MyPower S3026G POE AC Switch User Manual V1 0 0 Config hostname 1 Config interface Vlan1 2 Config telnet server 3 Config web server 4 Config SNMP 5 Exit setup configuration without saving 6 Exit setup configuration after saving Selection number language Command language chinese english Function Set the language for displaying the help information Parameter chinese for Chinese display english for English display Command mode Admin Configuration Mode Default status The default setting is English display Usage guide Switch provides help information in two languages the user can select the language according to their preference After the system restart the help information display will revert to English web user Command web user lt username gt password 0 7 lt password gt no web user lt username gt Function Set the user name and password of the web client The no format of the command deletes the web client Parameter us
481. switch To access the user VLAN in the customer mode enable it on the access port To access the service provider network in the uplink mode enable it on the trunk port For the packets without a VLAN tag received from the customer port add one for them for others add another layer of tag for them using the VLAN ID of this port as that of the tag When data is sent out from an uplink port the TPID is the configured value The packets with 2 layers of tags will be Maipu Confidential amp Proprietary Information Page 199 of 472 MyPower S3026G POE AC Switch User Manual V1 0 forwarded according to its MAC address and the outer layer of tag until the customer port remove the outer layer of tag when sending it out Example Set the port 1 of VLAN in the customer mode and connected with user VLAN and the port 25 in the uplink mode and connected with the service provider network Switch Config vlan 3 Switch Config Vlan3 switchport interface ethernet 0 0 1 Switch Config Vlan3 exit Switch Config dot1q tunnel enable Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 switchport dotlq tunnel mode customer Switch Config Ethernet0 0 1 exit Switch Config interface ethernet 0 0 25 Switch Config Ethernet0 0 25 switchport mode trunk Switch Config Ethernet0 0 25 switchport dotlq tunnel mode uplink Switch Config Ethernet0 0 25 exit Switch Config show dotiq tunnel Command show dotiq tunnel Function
482. switch to prevent short circuit and device damages Do not touch the power plug and power socket to prevent electric shock Do not place the tinder near the switch to prevent fire Do not debug the switch alone in a dangerous situation to prevent accidents Use standard power sockets which have overload and leakage protection to prevent accidents Check the circuits installation and the working environment for potential dangers and maintain them regularly for the sake of security Place the emergency power switch in the working site so that the power can be cut off immediately if any accident occurs Note The potential dangers include electric leakage in the power the ignition of the power broken electric cables or lines bad grounding electric overload short circuit and etc In cases of accidents like electric shock fire or short circuit please cut off the power immediately and call the police Please help the victims after confirming the security and provide first aid according to their situations Call professional medical organizations for help in time Installation Preparations Check Packing List Open the package and check whether the device and the accessories are complete according to the packing list Tools amp Utilities Cross screwdrivers The required tools Flat blade screwdriver and utilities wire clamp Antistatic uniform Maipu Confidential amp P
483. switch as one device used in the network needs to have one network address as the unique ID for the network administrator to recognize and manage The IP address of MyPower S3026G POE AC is set on the VLAN interface The VLAN that is set with IP address is called management VLAN The inband management of the switch is performed via the management VLAN MyPower S3026G POE AC permits setting up only one VLAN interface To change the ID of the management VLAN delete the original VLAN interface first and then create new VLAN interface as desired MyPower S3026G POE AC provides three methods of configuring the IP address e Manual e BOOTP DHCP Configuring IP address manually means that the user specifies an IP address for the switch Maipu Confidential amp Proprietary Information Page 79 of 472 MyPower S3026G POE AC Switch User Manual V1 0 In BOOTP DHCP mode the switch serves as a BOOTP DHCP client send broadcast packets of BOOTPRequest to the BOOTP DHCP servers and the BOOTP DHCP servers assign the address on receiving the request Besides MyPower S3026G POE AC can act as a DHCP server and dynamically assign network parameters such as IP addresses gateway addresses and DNS server addresses to DHCP clients For the details about DHCP Server configuration refer to the later chapters Switch IP Address Configuration Task List 1 Manual configuration mode 2 BOOTP mode 3 DHCP mode 1 Manual configuration mode Comm
484. t password lt pass gt no cluster member lt mem id gt Function On a commander switch add candidate switches into the cluster created by it The no format of the command deletes one member from the cluster Parameters lt mem id gt is the member ID and the value range is 1 2 cand sn is the number of the switch in the candidate switch list and the value range is 0 127 and and are permitted lt mac add gt is the MAC address of the member switch and the format is XX XX XX XX XX XX pass is the privilege password of the member switch Default status None Command mode Global Mode Usage guide After the command switch executes the command add the switches with mac add and lt cand sn gt to the cluster of the command switch If running the command on the non command switch return error Example Add the candidate switch on the command switch to the cluster the number of the candidate switch in the candidate list is 17 and pass is mypassword Switch config cluster member candidate sn 17 mypassword cluser auto add enable Command cluster auto add enable no cluster auto add enable Function After enabling the command on the command switch the newly discovered candidate switches are added to the cluster as a member switch automatically the no cluster auto add command disables this function Parameter None Default status This function is disabled by default That means that the candidate
485. t gateway is meaningful For the L2 switch only the gateway address of the 0 0 segment can be configured Maipu Confidential amp Proprietary Information Page 455 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example The IP address of the L3 interface is 2 2 2 2 and the subnet mask is 255 255 255 0 Set the IP address of the default gateway as 2 2 2 1 Switch Config ip route 0 0 0 0 0 0 0 0 2 2 2 1 L3 Interface Monitoring and Debugging Commands show ip traffic Command show ip traffic Function Display statistics of IP packets Command mode Admin Mode Usage guide Display statistics for IP and ICMP packets received sent Example Switch show ip traffic IP statistics Rcvd 896 total 0 local destination O header errors O address errors 0 unknown protocol 0 discards Frags 0 reassembled 0 timeouts 0 fragment rcvd 0 fragment dropped 0 fragmented 0 couldn t fragment 0 fragment sent Sent 1277 generated 0 forwarded 0 dropped 0 no route ICMP statistics Revd 0 total O errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mask replies 0 quench parameter 0 timestamp 0 timestamp replies Sent O total O errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies TCP statistics TcpActiveOpens 2 TcpAttemptFails 0 TcpCurrEstab 1 TcpEstabResets 0 TcpInErrs 0 T
486. t writeimg Programming Program OK Step 8 After successful upgrade execute the run command in BootROM mode to return to the CLI configuration interface Boot run or reboot FIP TFTP Upgrade Introduction to FTP TFTP FTP File Transfer Protocol TFTP Trivial File Transfer Protocol are both file transmission protocols that belong to fourth layer application layer of the TCP IP protocol stack used for transmitting files between hosts hosts Maipu Confidential amp Proprietary Information Page 101 of 472 MyPower S3026G POE AC Switch User Manual V1 0 and switches Both of them transmit files in a client server mode Their differences are listed below FTP builds upon TCP to provide reliable connection oriented data stream transfer service However it does not provide file access authorization and uses simple authentication mechanism transfers username and password in plain text for authentication When using FTP to transmit files two connections need to be established between the client and the server a management connection and a data connection A transfer request should be sent by the FTP client to establish management connection on port 21 in the server and negotiate a data connection through the management connection There are two types of data connections active connection and passive connection In active connection the client transmits its address and port number for data transmission to the ser
487. t server With the command the user can set the authorized Telnet client If the authorized Telnet client is not set any Telnet client cannot configure the switch via Telnet When the switch serves as Telnet server up to five Telnet clients are permitted to set up the TCP connection Example Set Telnet client user named as admin and the password as admin Switch Config telnet user admin password 0 admin SSH Introduction to SSH SSH Secure Shell is a protocol which ensures a secure remote access connection to network devices It is based on the reliable TCP IP protocol By conducting the mechanism such as key distribution authentication and encryption between SSH server and SSH client a secure connection is established The information transferred on this connection is protected from being intercepted and decrypted The switch meets the requirements of SSH2 0 It supports SSH2 0 terminal software such as SSH Secure Client and putty Users can run the above software to manage the switch remotely Maipu Confidential amp Proprietary Information Page 66 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The SSH server presently supports the RSA authentication 3DES cryptography protocol and SSH user password authentication etc SSH Server Configuration Task List SSH server configuration Command Explanation Global mode ssh server enable no ssh server enable Enable the SSH server function on the switch
488. t as 0 0 7 Switch Config monitor session 1 destination interface ethernet 0 0 7 Port Mirroring Instance Refer to the port configuration instance Port Mirroring Troubleshooting show monitor Command show monitor Function Display the source and destination port information of the mirroring Command mode privilege configuration mode Usage guide This command is used to display the mirroring source and destination ports Maipu Confidential amp Proprietary Information Page 162 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Switch show monitor session number 1 Source ports Ethernet0 0 8 Ethernet0 0 9 RX No TX No Both Yes Destination port Ethernet0 0 24 Displayed Information Explanation session number The session number of mirroring Source ports The source port of the mirroring RX The mirroring at the receiving direction of the port TX The mirroring at the sending direction of the port Both The mirroring at the sending and receiving directions of the port Destination port The destination port of the mirroring debug mirror Command debug mirror no debug mirror Function Enable the debug information of the mirror the no format of the command is used to disable the debug information of the mirror Command mode admin mode Port Mirroring Troubleshooting If problems occur on configuring port mirroring check the following first for causes
489. t host_smac gt lt sumac gt source MAC address lt sumac mask gt mask reverse mask of source MAC address Maipu Confidential amp Proprietary Information Page 327 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Mode Global configuration mode Default Configuration No access list configured Usage guide When the user assigns specific num for the first time ACL of the serial number is created and then the lists are added into this ACL Example Permit the passage of packets with source MAC address 00 00 XX XX 00 01 and deny passage of packets with source MAC address 00 00 00 XX 00 ab Switch Config access list 700 permit 00 00 00 00 00 01 00 00 FF FF 00 00 Switch Config access list 700 deny 00 00 00 00 00 ab 00 00 00 FF 00 00 access list mac extended Command access list lt access list number gt denylpermit any source mac host source mac lt host_smac gt l lt smac gt lt smac mask gt any destination mac host destination mac Aost dmac M dmac dmac mask untagged eth2ltagged eth2l untagged 802 3 ltagged 802 3 lt offsetl gt lt lengthI gt valuelI lt offset2 gt lt length2 gt lt value2 gt lt offset3 gt lt length3 gt lt value3 gt lt offset4 gt lt length4 gt lt value4 gt no access list lt access list number gt Function Define an extended numeric MAC ACL rule no access list lt num gt command deletes an extended numeri
490. t is dotted decimal notation lt sMask gt is the reverse mask of source IP and the format is dotted decimal notation lt dIpAddr gt is the destination IP address and the format is dotted decimal notation lt dMask gt is the reverse mask of destination IP and the format is dotted decimal notation attentive position o ignored positionl lt igmp type gt the type of igmp icmp type gt the type of icmp lt icmp code gt protocol No of icmp lt prec gt IP priority 0 7 tos to value 0 15 lt sPort gt source port No 0 65535 lt dPort gt destination port No 0 65535 lt time range name gt the name of time range Command Mode Global configuration mode Default No access list is configured Usage guide When the user assign specific num for the first time the ACL of the serial number is created and then the lists are added into this ACL Example Create the numeric extended access list whose serial No is 110 deny icmp packet to pass and permit udp packet with destination address 192 168 0 1 and destination port 32 to pass Switch Config access list 110 deny icmp any source any destination Switch Config access list 110 permit udp any source host destination 192 168 0 1 d port 32 Maipu Confidential amp Proprietary Information Page 322 of 472 MyPower S3026G POE AC Switch User Manual V1 0 access list ip standard Command access list lt num gt deny permit lt sIpAddr gt lt sMask gt
491. t number of the TCP connection State Current status of the TCP connection show udp Command show udp Function Display the current UDP connection status established to the switch Command mode Admin Mode Usage guide The command is used to display the information about adopting UDP to communicate with the switch Example Switch show udp LocalAddress LocalPort ForeignAddress ForeignPort State 0 0 0 0 161 0 0 0 0 0 CLOSED 0 0 0 0 123 0 0 0 0 0 CLOSED 0 0 0 0 1985 0 0 0 0 0 CLOSED Displayed information Description LocalAddress Local address of the UDP connection LocalPort Local pot number of the UDP connection ForeignAddress Remote address of the UDP connection ForeignPort Remote port number of the UDP connection State Current status of the UDP connection Maipu Confidential amp Proprietary Information Page 77 of 472 MyPower S3026G POE AC Switch User Manual V1 0 show telnet login Command show telnet login Function Display the information of currently available telnet clients which are connected to the switch Command mode Admin Mode and Configuration Mode Usage guide This command is used to list the information of currently available telnet clients which are connected to the switch Example Switch show telnet login Authenticate login by local Login user admin Switch show telnet user Command show telnet user Function Display the information of all a
492. t priority gt sets port priority The valid range is from 0 to 240 The value should be the multiples of 16 such as 0 16 32 240 Command mode Port Mode Default The default port priority is 128 Usage guide By setting the port priority users can control the port ID of the instance in order to control the root port and designated port of the instance The lower the value of the port priority is the higher the priority is Example Set the port priority as 32 on the port 0 0 2 for the instance 1 Switch Config interface ethernet 0 0 2 Switch Config Ethernet0 0 2 spanning tree mst port priority 32 spanning tree mst priority Command spanning tree mst lt instance id gt priority lt bridge priority gt Maipu Confidential amp Proprietary Information Page 220 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no spanning tree mst lt instance id gt priority Function Set the bridge priority for the specified instance the command no spanning tree mst instance id priority restores the default setting Parameter lt instance id gt sets instance ID The valid range is from 0 to 4 lt bridge priority gt sets the switch priority The valid range is from 0 to 61440 The value should be the multiples of 4096 such as 0 4096 8192 61440 Command mode Global configuration mode Default The default bridge priority is 32768 Usage guide By setting the bridge priority users can change the bridge ID for the sp
493. t to forward common packets and queue sends some important control packets BPDU When QoS is disabled select queue according to the CoS value of the port When QoS is enabled in Global Mode QoS is enabled on all ports and 4 sending queues are set The default CoS value of the port is O and CoS Override is disabled the port is in not Trusted state by default By default the weights of the four priority queues are 1 2 4 8 all QoS Map adopts the default value By default the CoS value 7 is mapped to queue 4 with the highest priority which is reserved for some protocol packets to use It is recommended that the user does not change the mapping from CoS value 7 to queue 4 at random Usually the default CoS value of the port is not set as 7 Policy map can only be bound to ingress and egress is not supported Limited by the hardware resource if the configuration fails because the policy is too complicated the system prompts the related information Maipu Confidential amp Proprietary Information Page 453 of 472 MyPower S3026G POE AC Switch User Manual V1 0 L3 Configuration MyPower S3026G POE AC switch only supports L2 forwarding function but a L3 management port can be configured for various IP based management protocol communication on which the IP address can be configured L3 Interface Introduction to L3 Interface Only one L3 interface can be created on MyPower S3026G POE AC switch The L3 interface is not a
494. t0 0 49 port group 2 mode on Switch2 Config Ethernet0 0 49 exit Switch2 Config interface eth 0 0 50 51 Switch2 Config Port Range port group 2 mode on Switch2 Config Port Range exit Configuration result Add ports 49 50 and 51 of Switch 1 to port group 1 in order and we can see that adding the ports to a group in on mode is completely forced the switches of the two ends do not exchange LACP BPDU to complete aggregation Aggregation finishes immediately when the command to add port 50 to port group 1 is entered port 49 and port 50 aggregate to be port channel 1 when port 51 is added to port group 1 port channel 1 of port 49 and 50 are ungrouped and re aggregate with port 51 to form port channel 1 It should be noted that whenever a new port is added to an aggregated port group the group is ungrouped first and then re aggregated to form a new group Now three ports on both Switch 1 and Switch 2 are aggregated in on mode and become an aggregated port respectively Port Channel Troubleshooting Monitoring and Debugging Commands show port group Command show port group lt port group number gt brief detail load balance port port channel Parameters lt port group number gt is the group number of port channel to be displayed from 1 to 15 brief displays summary information detail displays detailed information load balance displays load balance information port displays member port information po
495. tch User Manual V1 0 SNMP Configuration Introduction to SNMP SNMP Simple Network Management Protocol is a standard network management protocol widely used in TCP IP based computer network management SNMP is an evolving protocol SNMP v1 is adapted by vast numbers of manufacturers for its simplicity and easy implementation SNMP v2c is an enhanced version of SNMP vi which supports hierarchical network management SNMP v3 strengthens the security by adding USM User based Security Mode and VACM View based Access Control Model SNMP protocol provides a simple way of exchanging the network management information between two points in the network SNMP employs a polling mechanism of message query and transmits messages through UDP a connectionless transport layer protocol Therefore it is well supported by the existing computer networks The SNMP protocol employs a station agent mode There are two parts in this structure NMS Network Management Station and Agent NMS is the workstation on which SNMP client program is running It is the core on the SNMP network management Agent is the server software runs on the devices which need to be managed NMS manages all the managed objects through Agents The switch supports Agent function The communication between NMS and Agent functions in Client Server mode by exchanging standard messages NMS sends request and the Agent responds There are seven types of SNMP message Get Request
496. tch can manage multiple member switches As soon as a Public IP address is configured in the command switch all the member switches which are configured with private IP addresses can be managed remotely This feature economizes public IP addresses which are short of supply Cluster network management can dynamically discover cluster feature enabled switches candidate switches Network administrators can statically or dynamically add the candidate switches to the cluster which is already established Accordingly they can configure and manage the member switches through the command switch When the member switches are distributed in various physical locations such as on the different floors of the same building cluster network management has obvious advantages Moreover cluster network management is an in band management The command switch can communicate with member switches in existing network There is no need to build a specific network for network management Cluster network management has the following features Save IP addresses Simplify configuration tasks Indifference to network topology and distance limitation Auto detecting and auto establishing c With factory default settings multiple switches can be managed through cluster network management gt The command switch can upgrade and configure any member switch in the cluster Maipu Confidential amp Proprietary Information Page 133 of 472 MyPower S3026G POE AC S
497. tch dhcp B config network address 10 16 2 0 24 Switch dhcp B config lease 1 Switch dhcp B config default router 10 16 2 200 10 16 2 201 Switch dhcp B config dns server 10 16 2 202 Maipu Confidential amp Proprietary Information Page 377 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch dhcp B config option 72 ip 10 16 2 209 Switch dhcp config exit Switch Config ip dhcp excluded address 10 16 2 200 10 16 2 210 Switch Config ip dhcp pool Al Switch dhcp A I config thost 10 16 1 210 Switch dhcp A1 config hardware address 0003 2223 dcab Switch dhcp Al config client name management Switch dhcp A1 config exit Usage guide When a DHCP BOOTP client is connected to a VLAN1 port of the switch the client can only get its address from 10 16 1 0 24 instead of 10 16 2 0 24 This is because the broadcast packet from the client requests the IP address in the same segment of the VLAN interface after VLAN interface forwarding and the IP address of the VLAN interface is 10 16 1 2 24 Therefore the IP address assigned to the client belongs to 10 16 1 0 24 If the DHCP BOOTP client wants to have an address in 10 16 2 0 24 the gateway forwarding broadcast packets of the client must belong to 10 16 2 0 24 The connectivity between the client gateway and the switch must be ensured for the client to get an IP address from the 10 16 2 0 24 address pool DHCP Troubleshooting Monitoring and Debugging Commands clear ip dhcp binding
498. tchB Config Ethernet0 0 1 exit Maipu Confidential amp Proprietary Information Page 415 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Loopback Detection Function Introduction to Port Loopback Detection Function With the development of switches more and more users begin to access the network through Ethernet switches In enterprise network users access the network through L2 switches which means urgent demands for both internet and the internal L2 intercommunication When L2 intercommunication is required the messages are forwarded through MAC addressing the accuracy of which is the key to a correct intercommunication between users In L2 switching the messages are forwarded through MAC addressing L2 devices learn MAC addresses via learning source MAC address that is when the port receives a message from an unknown source MAC address it adds this MAC to the receive port so that the following messages with a destination of this MAC can be forwarded directly which also means learn the MAC address once and for all to forward messages When a new source MAC is already learnt by the layer 2 device only with a different source port the original source port is modified to the new one which means to correspond the original MAC address with the new port As a result if there is any loopback existing in the link all MAC addresses within the whole L2 network are corresponded with the port where the loopback appears us
499. tching one rule and the rest of the rules are not matched any more Global default action is valid only for the data flow at the ingress direction of the port Global default action applies only when packet flirter is enabled on a port and no ACL is bound to that port or no binding ACL matches ACL Configuration ACL Configuration Task List 1 Configure access list A Configure a numbered extended IP access list B Configure a named standard IP access list a Create one named standard IP access list b Specify multiple permit or deny rule entries C Exit access list configuration mode C Configure one named extended IP access list a Create one named extended IP access list b Specify multiple permit or deny rule entries C Exit access list configuration mode D Configure one numbered standard MAC access list Maipu Confidential amp Proprietary Information Page 312 of 472 MyPower S3026G POE AC Switch User Manual V1 0 E Configure one numbered extended MAC access list F Configure one named extended MAC access list a Create one named extended MAC access list b Specify multiple permit or deny rule entries C Exit MAC access list configuration mode G Configure one numbered extended MAC IP access list H Configure one named extended MAC IP access list a Create one named extended MAC IP access list b Specify multiple permit or deny rule entries C Exit MAC IP access list configuration mode 2 Configure
500. tchport mode Command switchport mode trunk access Function Set the port to access mode or trunk mode Parameter trunk means the port allows traffic of multiple VLANs access indicates the port belongs to one VLAN only Command mode Port mode Default The port is in Access mode by default Usage guide Ports in trunk mode is called Trunk ports Trunk ports can allow traffic of multiple VLANs to pass through VLAN in different switches can be interconnected with the Trunk ports Ports under access mode are called Access ports An access port can be assigned to only one VLAN at a time Note that Trunk port does not permit 802 1X authentication Example Set port 5 to trunk mode and port 8 to access mode Switch Config interface ethernet 0 0 5 Switch Config ethernet0 0 5 switchport mode trunk Switch Config ethernet0 0 5 exit Switch Config interface ethernet 0 0 8 Switch Config ethernet0 0 8 switchport mode access Switch Config ethernet0 0 8 exit switchport trunk allowed vlan Command switchport trunk allowed vlan lt vi an list gt all no switchport trunk allowed vlan Function Set Trunk port to allow VLAN traffic the no switchport trunk allowed vlan command restores the default setting Maipu Confidential amp Proprietary Information Page 191 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter lt vian list gt is the list of VLANs that are permit to pass the Trunk port All means to permit the Tr
501. te a redundant backup for the link Port mirroring MyPower S3026G POE AC supports port mirroring which can mirror the inbound outbound traffic of one or more ports to another one in order to detect related data information This function can be used to debug network faults and monitor the network traffic DHCP Server and Client Maipu Confidential amp Proprietary Information Page 14 of 472 MyPower S3026G POE AC Switch User Manual V1 0 MyPower S3026G POE AC supports DHCP server which can dynamically allocate IP addresses for hosts and bind MAC with IP by designating a specified IP for a specified MAC RADIUS MyPower S3026G POE AC supports RADIUS Remote Authentication Dial in User Service authentication negotiation RADIUS allows users to authenticate identification via IEEE802 1x protocol Complete Network Management MyPower S3026G POE AC supports out of band and in band management via Console Telnet Web and SNMP The Console and Telnet management supports standard CLI Command Line Interface which makes the operation easier and faster it also provides bilingual instructions in Chinese and English Web management provides a remote GUI management interface making management more direct and convenient while enabling immediate check of working state and real time configuration management SNMP management is in accordance with V1 V2C and V3 standard versions It supports Ether Like MIB Bridge MIB and MIB
502. te via automatic recovery function To improve the effect of the switch users can configure trusted ports and IP the ARP messages from which will not be checked by the switch Thus the load of the switch can be effectively decreased Maipu Confidential amp Proprietary Information Page 404 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Anti ARP Scanning Configuration Anti ARP Scanning Configuration Task List 1 Enable the anti ARP scanning function 2 Configure the threshold of the port based scanning 3 Configure trust ports 4 Configure trust IP 5 Configure automatic recovery time and IP based anti ARP 6 Display and debug the anti ARP scanning information 1 Enable the anti ARP scanning function Command Explanation Global configuration mode anti arpscan enable no anti arpscan enable Enable or disable the anti ARP scanning function globally 2 Configure the threshold of the port based Scanning and IP based anti ARP Command Explanation Global configuration mode anti arpscan port based threshold lt threshold value gt no anti arpscan port based threshold Set the threshold of the port based anti ARP scanning anti arpscan ip based threshold lt threshold value gt no anti arpscan ip based threshold Set the threshold of the IP based anti ARP scanning 3 Configure trust ports Command Explanation Port configuration mod
503. teway L3 Interface Configuration Commands interface vlan Command interface vlan v lan id no interface vlan lt vlan id gt Function Create a VLAN interface that is create one L3 interface of the switch the no interface vlan vlan id command deletes the specified L3 interface of the switch Parameters vlan id is the VLAN ID of the established VLAN Default No Layer 3 interface is configured upon switch shipment Command mode Global Configuration Mode Usage guide When creating a VLAN interface L3 interface VLANs should be configured first When using the command to create VLAN interface L3 interface enter the VLAN interface L3 interface configuration mode After creating the VLAN interface L3 interface the interface vlan command can still be used to enter L3 interface mode Example Create a VLAN interface L3 interface Switch Config interface vlan 1 ip route Command ip route 0 0 0 0 0 0 0 0 gateway no ip route 0 0 0 0 0 0 0 0 gateway Function Set the default gateway address of the switch The no format of the command deletes the default gateway address Parameter gateway is the IP address of the default gateway in decimal dotted format Command mode Global mode Default status By default the IP address of the gateway is not set Usage guide The IP address of the default gateway should be in the same IP segment as the IP address of the L3 port so that the defaul
504. that is restore the default global refresh mode MSTP Configuration Commands abort Command abort Function Abort the current configuration for the MSTP domain and exit the MSTP configuration mode and return to global configuration mode Command mode MSTP domain configuration mode Usage guide When this command is to exit the MSTP configuration mode the current configuration for the MSTP domain does not take effect The previous MSTP domain configuration is valid Ctrl z is equivament to the absort command that is exit directly without saving the configuration Maipu Confidential amp Proprietary Information Page 212 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Quit MSTP configuration mode without saving the current configuration Switch Config Mstp Region abort Switch Config exit Command exit Function Save current configuration for the MSTP domain quit MSTP domain configuration mode and return to global configuration mode Command mode MSTP domain configuration mode Usage guide when this command is used to exit the MSTP configuration mode the configuration made for the MSTP domain takes effect immediately Example Exit the MSTP configuration mode and the current configuration is saved Switch Config Mstp Region exit Switch Config instance vian Command instance lt instance id gt vlan lt vlan list gt no instance lt instance id gt vlan lt vlan list
505. the EAPOL data packets including EAP Packet whose value is 0x00 the authentication information frame used to carry EAP messages This kind of frame can pass through the authenticator system to transmit EAP messages between the supplicant system and the authentication server system EAPOL Start whose value is 0x01 the frame to start authentication c EAPOL Logoff whose value is 0x02 the frame requesting to quit EAPOL Key whose value is 0x03 the key information frame EAPOL Encapsulated ASF Alert whose value is 0x04 used to support the Alerting messages of ASF Alert Standard Forum This kind of frame is used to encapsulate the relative information of network management such as all kinds of alerting information terminated by terminal devices Length represents the length of the data that is the length of the Packet Body in byte There is no following data domain when its value is 0 Packet Body represents the content of the data which is in different formats according to different types 2 The Format of EAP Packet When the value of Type domain in EAPOL packet is EAP Packet the Packet Body is in EAP format illustrated in the next figure Maipu Confidential amp Proprietary Information Page 272 of 472 MyPower S3026G POE AC Switch User Manual V1 0 0 7 15 Length 4 The Format of EAP Packet Code specifies the type of the EAP packet There are four of them in total Request 1 Respons
506. the action when the rule is matched The information included in a rule is the effective combination of conditions such as source MAC destination MAC source IP destination IP IP protocol number and TCP port UDP port Access lists can be categorized by the following criteria According to the filter information ip access list ipv6 access list layer 3 or higher information mac access list layer 2 information and mac ip access list layer 2 or higher A According to the configuration complexity standard and extended the extended mode allows more specific filtering information According to the naming mode numbered and named The description of an ACL should cover the above three aspects Access group When a set of access lists are created they can be applied to the ingress direction of different ports Access group is the description to the binding Maipu Confidential amp Proprietary Information Page 311 of 472 MyPower S3026G POE AC Switch User Manual V1 0 of an access list and the specified port When an access group is created all packets from the ingress direction through the port try to match specified access list rule to decide whether the switching action is permit or deny Access list Action and Global Default Action There are two access list actions and default actions permit or deny There can be several rules in one access list The filtering for packets starts from the first rule until ma
507. the bandwidth for packets of up to 20 M bits s with a burst value of 20K bytes All packets that exceed this bandwidth setting are dropped Switch config mls qos aggregate policer agg1 20000000 20000 exceed action drop Maipu Confidential amp Proprietary Information Page 440 of 472 MyPower S3026G POE AC Switch User Manual V1 0 police aggregate Command police aggregate aggregate policer name no police aggregate lt aggregate policer name gt Function Apply a policy set to classified traffic the no policy aggregate aggregate policy name command deletes the specified policy set Parameters lt aggregate policy name gt is the policy set name Default No policy set is configured by default Command mode Policy class map configuration mode Usage guide Use the same aggregate policy in different policy class maps Example Apply the aggregate policy aggi for packets satisfying c1 class rule Switch config policy map pl Switch config PolicyMap class cl Switch config Policy Class police aggregate agg 1 Switch config Policy Class exit Switch config PolicyMap exit mls gos trust Command mls qos trust cos dscp port priority lt priority gt no mls qos trust Function Configure port trust status of the switch port the no mls qos trust command disables the current trust status of the port Parameters cos configures the port to trust CoS value dscp configures the port to trust CoS value port pr
508. the ingress but cannot be bound to the egress You can bind the standard extended and named ACL to the physical ports of the L3 switch but cannot bind the ACL to the L3 interface or aggregation interface When binding ACL to the port there are the following limitations 1 The ingress of each port can be bound to one MAC IP ACL or one IP ACL or one MAC ACL 2 The egress of each port can be bound to one MAC IP ACL or one IP ACL or one MAC ACL 3 When binding ACLs to both the egress and ingress of the port and the packets match multiple rules in the two ACLs the priority of the egress rules is higher than that of the ingress rules In one group of ACLs the rules configured earlier have higher priority 4 The egress ACL can only specify the deny action Maipu Confidential amp Proprietary Information Page 325 of 472 MyPower S3026G POE AC Switch User Manual V1 0 When matching TCP or UDP port number you can only set one port but cannot configure the operators such as lt and gt When the software forwards and the switch sends data itself the egress rules do not take effect Example Bind the ACL named aaa to the ingress of the port Switch Config Ethernet0 0 1 ip access group aaa in permit deny ip extended Command no deny permit icmp lt sIpAddr gt sMask any source host source lt sIpAddr gt lt dIpAddr gt lt dMask gt any destination 4host destination lt dIpAddr gt icmp
509. the server each time Select Tools gt Internet or right click the IE browser and select Property to display reads the configuration interface as follows Internet 1 78 ea amp e m me ue eF las Em FUEREN Hatt R about blank PAAR C TSFHERUA E QD i Internet IERIE E i Y VEU Internet WfFHSILIFE AI EXC ATL demum PUPAE ee mo UE MN ARR History MARPRSA CMA MAE AAP d MEUS IS ROTER ARRTEDHERPAZAO po aeae pne 0 T BS sanos n Click Delete File and then click Set to display the configuration interface as follows Maipu Confidential amp Proprietary Information Internet property configuration 2 xl Page 50 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Enter the setting configuration interface Select Check every time accessing the page Maipu Confidential amp Proprietary Information Page 51 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Basic Configuration of Switch Basic Configuration Commands Basic configuration of the switch includes commands for entering and exiting the admin mode commands for entering and exiting interface mode configuring and displaying the switch clock displaying the version information of the switch system etc Caution By default the host name and CLI prompts of the switch are consistent with the
510. ther as a virtual bridge to be connected with the neighboring domain or 802 1D bridge The MSTI is only valid within its MST domain An MST instance in one domain has nothing to do with MSTIs in other MST domains The bridges in a MST domain receive the MST BPDU from another domain via edge Ports They only process the CIST related information and abandon the MSTI information Port Roles The MSTP bridge assigns a port role to each port which runs MSTP CIST port roles Root Port Designated Port Alternate Port and Backup Port On top of those roles each MSTI port has one new role Master Port The port roles in the CIST Root Port Designated Port Alternate Port and Backup Port are defined in the same ways as those in the RSTP MSTP Load Balance In a MSTP domain VLANs can be mapped to various instances forming various topologies Each instance is independent from each other and each distance can have its own attributes such as bridge priority and port cost etc Consequently the VLANs in different instances have their own paths The traffic of the VLANs is load balanced MSTP Configuration MSTP Configuration Task List 1 Enable the MSTP and set the running mode 2 Configure instance parameters 3 Configure MSTP domain parameters Maipu Confidential amp Proprietary Information Page 209 of 472 MyPower S3026G POE AC Switch User Manual V1 0 4 Configure MSTP time parameters 5 Configure the fast migrate feature
511. ti arpscan port ip switch of anti ARP scanning Anti ARP Scanning Configuration Commands anti arpscan enable Command anti arpscan enable no anti arpscan enable Function Globally enable anti ARP scan function no anti arpscan enable command globally disables anti ARP scan function Parameters None Default Settings Disable anti ARP scan function Command Mode Global configuration mode Usage guide When remotely managing a switch with a method like telnet users should set the uplink port as a Super Trust port before enabling anti ARP scan function preventing the port from being shutdown because of receiving too many ARP messages After the anti ARP scan function is disabled this port will be reset to its default attribute that is Untrust port Maipu Confidential amp Proprietary Information Page 406 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Enable the anti ARP scan function of the switch Switch Config anti arpscan enable anti arpscan port based threshold threshold value Command anti arpscan port based threshold lt threshold value gt no anti arpscan port based threshold Function Set the threshold of received packets of the port based anti ARPscan If the rate of received ARP messages exceeds the threshold the port will be closed The unit is packet second The no anti arpscan port based threshold command restores the default value 10 packets second Para
512. tial amp Proprietary Information Page 226 of 472 MyPower S3026G POE AC Switch User Manual V1 0 The configuration steps Step 1 Configure the mapping from the port to VLAN Create VLAN 20 30 40 50 in SW2 SW3 and SW4 gt Set ports 1 7 as trunk ports in SW2 SW3 and SW4 Step 2 Set SW2 SW3 and SW4 in the same MSTP c Set Switch2 Switch3 and Switch4 to have the same region name as mstp Map VLAN 20 and VLAN 30 on SW2 SW3 and SW4 to Instance 3 Map VLAN 40 and VLAN 50 to Instance 4 Step 3 Set SW3 as the root bridge of Instance 3 Set SW4 as the root bridge of Instance 4 Set the bridge priority of Instance 3 in SW3 as 0 Set the bridge priority of Instance 4 in SW4 as 0 The configuration steps are listed below SW2 SW2 Config vlan 20 SW2 Config Vlan20 exit SW2 Config vlan 30 SW2 Config Vlan30 exit SW2 Config vlan 40 SW2 Config Vlan40 exit SW2 Config vlan 50 SW2 Config Vlan50 exit SW2 Config spanning tree mst configuration SW2 Config Mstp Region name mstp SW2 Config Mstp Region instance 3 vlan 20 30 SW2 Config Mstp Region instance 4 vlan 40 50 SW2 Config Mstp Region exit SW2 Config interface e 0 0 1 7 SW2 Config Port Range switchport mode trunk SW2 Config Port Range exit SW2 Config spanning tree SW3 SW3 Config vlan 20 Maipu Confidential amp Proprietary Information Page 227 of 472 MyPower S3026G POE AC Switch User Manual V1 0 SW3 Config Vlan20 exit SW3 Config vla
513. timeout Aggregation 1 1 Synchronization Collecting Distributing i Defaulted 1 1 Expired Maipu Confidential amp Proprietary Information Page 359 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Partner part Administrative Operational system 000000 000000 000000 000000 system priority 0x8000 0x8000 key 0x0001 0x0001 port number 50 1 port priority 0x8000 0x8000 port state LACP activety LACP timeout 1 1 Aggregation 1 1 Synchronization Collecting Distributing j Defaulted 1 1 Expired Selected Unselected System Priori System Priority LACP activety Whether port is added to the group in active mode 1 for yes LACP timeout Port timeout mode 1 for short timeout Aggregation Whether aggregation is possible for the port 0 for independent port that does not allow aggregation Whether port is synchronized with the peer end Collecting Whether status of port bound status machine is collecting or not Whether status of port bound status machine is distributing or not Whether the local port is using default partner end parameter Expired Whether status of port receiving status machine is expire Selected Whether the port is selected 5 Display aggregation port information for port group1i Switch show port group 1 port channel Port channels in the group 1 Port Channel port channel1 Number of port 2 Standby port NULL Port in the port channel Maipu Confidentia
514. tion control ip multicast destination control is enabled ip multicast destination control 11 0 0 0 0 255 255 255 access group 6003 ip multicast destination control 1 00 03 05 07 09 11 access group 6001 multicast destination control access group 6000 used on interface Ethernet 0 0 1 DCSCM Troubleshooting The effect of DCSCM module itself is similar to ACL and the problems occurred are usually related to improper configuration Please read the descriptions above carefully If you still can not determine the cause of the problem please send your configurations and the effects you expect to the after sale service staff of Maipu Maipu Confidential amp Proprietary Information Page 267 of 472 MyPower S3026G POE AC Switch User Manual V1 0 802 1x Configuration Introduction to 802 1x The 802 1x protocol originates from the 802 11 protocol the wireless LAN protocol of IEEE which is designed to provide a solution to doing authentication when users access a wireless LAN The LAN defined in IEEE 802 LAN protocol does not provide access authentication which means as long as the users can access a LAN controlling device such as a LAN Switch they can get all the devices or resources in the LAN There is no obvious danger in the environment of LAN in those primary enterprise networks However along with the boom of applications like mobile office and service operating networks the service providers should control and configure the acc
515. tion enable Maipu Confidential amp Proprietary Information Page 393 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Typical Application of DHCP Snooping DHCP Client IP 1 1 1 5 Mac AA DCHP Server IP 1 1 1 6 DCN Mac BB SWITCH Etherneti E d wy Io Ethemeiina1 AS TE ET Brhemes 12 12063 HJ DHCPACK Q Gate Way Typical application of DHCP Snooping As shown in the above chart Mac AA device is the normal user connected to the non trusted port 0 0 1 of the switch and gets IP 1 1 1 5 via DHCP Client DHCP Server and GateWay are connected to the trusted ports 0 0 11 and 0 0 12 of the switch the malicious user Mac BB is connected to the non trusted port 0 0 10 trying to fake a DHCP Server by sending DHCPACK Setting DHCP Snooping on the switch effectively detects and blocks this kind of network attack The configuration is Switch config Switch Config ip dhcp snooping Switch Config interface ethernet 0 0 11 Switch Config Ethernet0 0 11 ip dhcp snooping trust Switch Config Ethernet0 0 1 1 exit Switch Config interface ethernet 0 0 12 Switch Config Ethernet0 0 12 ip dhcp snooping trust Switch Config Ethernet0 0 12 exit Switch Config interface ethernet 0 0 1 10 Switch Config Port Range ip dhcp snooping action shutdown Switch Config Port Range Maipu Confidential amp Proprietary Information Page 394 of 472 MyPower S3026G POE AC Switch User Manual V1 0 DHCP Sn
516. tions which means the port will act as a regular Ethernet data port without affecting data transmission When it is globally disabled no power supply will be output regardless of the power supply is enabled or disabled on ports Example Disable power supply on portsi 3 4 5 6 Switch Config interface ethernet 0 0 1 3 6 Switch Config Port Range no power inline enable power inline max Port Command power inline max max wattage no power inline max Function Set the max output power of a specified port Parameters max wattage the value of the max output power in the unit of mW ranging from 1 to 15400mW with a granularity of 100mW Any value less than 100mW is taken as 100mW that is 17100 equals to 100 15301 15400 equals to 15400 But the value set by users is maintained without being rounded up Maipu Confidential amp Proprietary Information Page 466 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Mode Port Mode Default The max output power of a port is 15400mW Usage guide This configuration effectively controls the output power of each port in cooperation with the global max power Example Set the max output power of Port 1 to 0 8W Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 power inline max 800 power inline priority Command power inline priority critical high low Function Set power supply priority of a port Parameters critical the highest le
517. tions of specific ports When disabling the firewall all ACL tied to ports will be deleted Example Enable firewall Switch Config firewall enable Maipu Confidential amp Proprietary Information Page 323 of 472 MyPower S3026G POE AC Switch User Manual V1 0 firewall default Command firewall default permit deny Function Configure default actions of firewall Parameters permit means to permit data packets to pass denymeans to deny ipv4 packets to pass Command Mode Global configuration mode Default Default action is permit Usage guide This command only influences IPv4 packets from the port entrance Example Configure firewall default action as permitting packets to pass Switch Config firewall default permit ip access extended Command ip access extended name no ip access extended name Function Create a named extended IP access list The no format of the command deletes the named extended IP access list including all the rules Parameters name is the name of the access list formed by non all digit characters of length of 1 to 16 Command Mode Global configuration mode Default No access list is configured by default Usage guide When this command is issued for the first time an empty access list is created not including any entry Example Create an extended IP access list named tcpFlow Switch Config ip access list extended tcpFlow ip access standard Command ip acces
518. to 16 characters Default status By default the system uses the password username Switchname domain Here username is the current user name Switchname is the switch name domain is the domain name of Switch Command mode Global mode Example Configure the user name as admin and password as admin Switch config Switch Config ip ftp server username admin password 0 admin copy TFTP Command copy lt source url gt lt destination url gt ascii binary Function Download upload files on the TFTP client Parameter lt source url gt is the location of the source files or the destination directories lt destination url gt is the destination address to which the files or directories to be copied forms of lt source url gt and lt destination url gt vary with different locations of the files or directories ascii indicates the ASCII standard will be adopted binary indicates that the binary system is adopted in the file transmission default transmission method When URL represents an TFTP address its form should be tftp ipaddress filename amongst ipaddress is the IP address of the TFTP server client filename is the name of the TFTP upload download file Special keyword of the filename Keywords Source or destination addresses running config Running configuration files startup config Startup configuration files nos img System files nos rom System startup files Command mod
519. to auto Maipu Confidential amp Proprietary Information Page 291 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Setting port0 0 1 to require 802 1x authorization statue Switch Config interface e 0 0 1 Switch Config Ethernet0 0 1 dot1x port control auto dot1x port method Command dotix port method macbased portbased userbased advanced no dotix port method Function Set the access control mode of the specified port The no form command restores the default access control mode Parameter macbased means the access control mode based on MAC address portbased means the access contro mode based on port userbased means the access control mode based on user advanced means the advanced control mode Command mode Port Configuration Mode Default Advanced access control mode based on user is used by default Usage guide This command is used to configure the authentication mode for the specified port When port based authentication is applied only one used of the port can be authenticated After authentication the user is connected to the network and can access all the resources When MAC based authentication is applied multiple users of the port can be authenticated After authentication the users are connected to the network and can access all the network resources When either of the above two kinds of access control modes is applied un authenticated users cannot access any resources in the network
520. to pass per second Switch Config Port Range packet suppression 1000 broadcast speed duplex Command speed duplex auto force10 half force10 full force100 half force100 full force100 fx 4Xforceig half forceig full nonegotiate master slave Function Sets the speed and duplex mode of ports Maipu Confidential amp Proprietary Information Page 152 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter auto for auto speed negotiation force10 half for forced 10Mbps at half duplex forceiO0 full for forced 10Mbps at full duplex mode forceiO00 half for forced 100Mbps at half duplex mode force100 full for forced 100Mbps at full duplex mode force100 fx for forced 100Mbps at full duplex mode nonegotiate for disable auto negotiation for 1000 Mb port master to force the 1000Mb port to be master mode slave to force the 1000Mb port to be slave mode Command mode Port Mode Default status Auto negotiation for speed and duplex mode is set by default Usage guide When configuring port speed and duplex mode the speed and duplex mode must be the same as the setting of the remote end i e if the remote device is set to auto negotiation then auto negotiation should be set at the local port If the remote end is in forced mode the same should be set in the local end In forced 100Mbit s fiber port mode auto negotiation is not supported and do not use with combo cable port at the same time 1000M ports are by
521. tric network interference for power system The switch working place had better not be used with the grounding settings of power devices or anti lightening grounding settings and the distance between them had better be as long as possible Be away from the strong power radio transmitters radar transmitter and high frequency high current equipments Take electromagnetic shielding methods when necessary Maipu Confidential amp Proprietary Information Page 21 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Rack Configuration The switch size fits the standard 19 rack Pay attention to the following instructions to ensure a good ventilation and air circulation All devices on the rack generate heat during their operation Therefore vents and fans are required for an enclosed rack Keep devices at a certain distance from each other to ensure a good ventilation and air circulation lt On the open rack do not block the vents on both sides of the switch After the switch is installed check the state of the switch Note Put the switch on a stable and clean desktop as a substitute of a standard 19 rack leaving a proper space around the switch for ventilation And don t place anything on top of it Installation Instructions c Read related chapters in this manual carefully or participate in concerning technology training before the installation Make sure all materials tools and other items required by the inst
522. trust no ip dhcp snooping trust Function Set or delete the DHCP Snooping trust attributes of a port Parameters None Command Mode Port configuration mode Default Settings By default all ports are non trusted ports Usage guide Only when DHCP Snooping is globally enabled can this command be set When a port turns into a trusted port from a non trusted port the original defense action of the port will be automatically deleted all the security history records are cleared except the information in system log Example Set port ethernet0 0 1 as a DHCP Snooping trusted port Switch Config interface ethernet 0 0 1 Switch Config Ethernet 0 0 1 ip dhcp snooping trust ip dhcp snooping action Command ip dhcp snooping action shutdown blackhole recovery lt second gt no ip dhcp snooping action Function Set or delete the automatic defense action of a port Parameters Maipu Confidential amp Proprietary Information Page 391 of 472 MyPower S3026G POE AC Switch User Manual V1 0 shutdown When the port detects a pseudo DHCP Server it will be shutdown blackhole When the port detects a pseudo DHCP Server the vid and source MAC of the pseudo packet will be used to block the traffic from this MAC recovery Users can set to recover after the automatic defense action being executed no shut ports or delete correponding blackhole second Users can set the time to restore the defense action The unit is second and val
523. trust ip ip address lt netmask gt gt no anti arpscan trust ip ip address netmask Function Configure trusted IP no anti arpscan trust ip lt ip address lt netmask gt command restores the IP to non trustful IP Maipu Confidential amp Proprietary Information Page 408 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameters the subnet mask of IP Default By default all the IP are non trustful Default mask is 255 255 255 255 Command Mode Global configuration mode Usage guide If one IP is configured as a trusted IP the Anti ARPscan function does not deal with this IP even if the rate of received ARP packets exceeds the set threshold Example Set 192 168 1 100 24 as trusted IP that is all IP in 192 168 1 100 24 are configured as the trust IP Switch Config anti arpscan trust ip 192 168 1 0 255 255 255 0 anti arpscan recovery enable Command anti arpscan recovery enable no anti arpscan recovery enable Function Enable the automatic recovery function no anti arpscan recovery enable command disables the function Parameters None Default Enable the automatic recovery function Command Mode Global configuration mode Usage guide If the users want the normal state to be recovered after a while the port is closed or the IP is disabled they can configure this function Example Enable the automatic recovery function of the switch Switch Config anti arpscan recovery enable
524. tunnel mode the no dotiq tunnel enable command restores to the default value Parameter None Command Mode Global configuration mode Maipu Confidential amp Proprietary Information Page 198 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Default Dot1q tunnel function is disabled on the port by default Usage guide This command is the precondition of enabling switch dotiq tunnel Example Enable dotiq tunnel function Switch Config dot1q tunnel enable dotiq tunnel tpid Command dotiq tunnel tpid 8100 9100 9200 Function Configure the protocol type of the switch TPID Parameter None Command Mode Global configuration mode Default the default value is 8100 Usage guide This function is to facilitate internetworking with equipments of other manufacturers If the equipment connected with the switch uplink port sends data packet with a TPID of 9100 the port TPID will be set to 9100 Then the switch will receive and process data packets normally Example Set the switch TPID to 9100 Switch Config dot1lq tunnel tpid 9100 switchport dot1q tunnel Command switchport dotiq tunnel mode customer uplink no switchport dotlq tunnel Function Set the dotiq tunnel type of the switch port Parameter None Command Mode Port Configuration Mode Default The port is not in dotiq tunnel mode by default Usage guide Implement this command on the port after the dotiq tunnel is globally enabled on the
525. type lt icmp code gt precedence lt prec gt tos lt tos gt time range time range name no denylpermit igmp lt sIpAddr gt lt sMask gt lany sourcel host source lt sIpAddr gt dlpAddr lt dMask gt lany destinationl host destination lt dIpAddr gt igmp type precedence lt prec gt tos lt tos gt time range lt time range name gt no denylpermit tcp lt s pAddr gt lt sMask gt lany sourcel host source sIpAddr s port lt sPort gt lt dIpAddr gt lt dMask gt lany destination host destination lt dIpAddr gt d port lt dPort gt ack fin psh rst urg syn precedence lt prec gt tos lt tos gt time range lt time range name gt no denylpermit udp lt s pAddr gt lt sMask gt lany sourcel host source sIpAddr s port lt sPort gt dIpAddr lt dMask gt lany destination host destination lt dIpAddr gt d port lt dPort gt precedence lt prec gt tos tos time range lt time range name gt no denylpermit eigrplgreligrplipinipliplospfl lt int gt lt sIpAddr gt lt sMask gt any sourcel host source lt sIpAddr gt dlpAddr lt dMask gt lany destination host destination lt dIpAddr gt precedence lt prec gt tos lt tos gt time range lt time range name gt Function Create a name extended IP access rule to match specific IP protocol or all IP protocols Parameters lt sIpAddr gt is the source
526. ually the MAC address is frequently shifted from one port to another causing the L2 network collapsed That is why it is a necessity to check port loopbacks in the network When a loopback is detected the detecting device should send alarms to the network management system ensuring the network manager is able to discover locate and solve the problem in the network and protect users from a long lasting disconnected network Since detecting loopbacks can make dynamic judgment of the existence of loopbacks in the link and tell whether it has gone the devices supporting port control such as port isolation and port MAC address learning control can maintain that automatically which reduces not only the burden of network managers but also the responses time minimizing the effect caused by loopbacks to the network Maipu Confidential amp Proprietary Information Page 416 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Port Loopback Detection Function Configuration Configuration Task List of Port Loopback Detection Function 1 Enable the function of port loopback detection 2 Configure the control method of port loopback 3 Configure the interavl of the loopback detection 4 Display and debug the relevant information of port loopback detection 1 Configure the interval of loopback detection Command Explanation Global Mode loopback detection interval time lt oo pback lt no loopback gt Configure the inte
527. ult The port is in the MSTP mode by default Usage guide If a network which is attached to the current port is running IEEE 802 1D STP the port converts itself to run in STP mode The command is used to force the port to run in the MSTP mode But once the port receives STP messages it changes to work in the STP mode again This command can only be used when the switch is running in IEEE802 1s MSTP mode If the switch is running in IEEE802 1D STP mode this command is invalid Example Force the port 0 0 2 to run in the MSTP mode Switch Config Ethernet0 0 2 spanning tree mcheck spanning tree mode Command spanning tree mode mstp stp no spanning tree mode Function Set the spanning tree mode in the switch the command no spanning tree mode restores the default setting Parameter mstp sets the switch to run IEEE802 1s MSTP mode stp sets the switch to run IEEE802 1D STP mode rstp sets the switch to run IEEE802 1D RSTP mode Command mode Global configuration mode Default The switch is in the MSTP mode by default Usage guide When the switch is in IEEE802 1D STP mode it only sends standard IEEE802 1D BPDU and TCN BPDU It drops any MSTP BPDUs Example Set the switch to run the STP mode Maipu Confidential amp Proprietary Information Page 218 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch Config spanning tree mode stp spanning tree mst configuration Command spanning tree mst configuration no
528. ult status RMON is disabled by default Example Enable RMON Switch config rmon enable Disable RMON Switch config no rmon enable Maipu Confidential amp Proprietary Information Page 93 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Typical SNMP Configuration Instance The IP address of the NMS is 1 1 1 5 the IP address of the switch Agent is 1 1 1 9 Scenario 1 The NMS network management software uses the SNMP protocol to obtain data from the switch The configuration steps are listed below Switch Config snmp server enable Switch Config snmp server community rw private Switch Config snmp server community ro public Switch Config snmp server securityip 1 1 1 5 The NMS can use private as the community string to access the switch with read write permission or use public as the community string to access the switch with read only permission Scenario 2 NMS receives v1 Trap messages from the switch Note NMS may have community string verification for the Trap messages In this scenario the NMS uses a Trap verification community string of testtrap The configuration steps are listed below Switch Config snmp server enable Switch Config snmp server host 1 1 1 5 v1 testtrap Switch Config snmp server enable traps Scenario 3 NMS uses SNMP v3 to obtain information from the switch The configuration steps are listed below Switch Config snmp server enable Switch Config snmp server user tester TestGro
529. ulticast source control without configuring source control access list on every interface After configuring the command multicast data received from every interface does not have matching multicast source control list item and then they will be thrown away by switches namely only multicast data matching to PERMIT can be received and forwarded Example Switch Config ip multicast source control ip multicast source control access group Command ip multicast source control access group lt 5000 5099 gt no ip multicast source control access group lt 5000 5099 gt Function Configure multicast source control access list used on interface the no ip multicast source control access group lt 5000 5099 gt command deletes the configuration Parameter lt 5000 5099 gt Source control access list number Default status None Command Mode Port Configuration Mode Maipu Confidential amp Proprietary Information Page 259 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide The command configures with only enabling global multicast source control After that it matches multicast packet imported from the interface according to configured access list such as matching permit the packet is received and forwarded otherwise the packet is dropped Example Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 ip multicast source control access group 5000 ip multicast destination control access group
530. unk port to pass all VLAN traffic Command mode Port mode Default Trunk port allows all VLAN traffic by default Usage guide The user can use this command to set the VLAN traffic allowed to pass through the Trunk port the traffic of VLANs not included is prohibited Example Set Trunk port to allow traffic of VLAN1 3 5 20 Switch Config interface ethernet 0 0 5 Switch Config ethernet0 0 5 switchport mode trunk Switch Config ethernet0 0 5 switchport trunk allowed vlan 1 3 5 20 Switch Config ethernet0 0 5 exit switchport trunk native vlan Command switchport trunk native vlan lt vlan id gt no switchport trunk native vlan Function Set the PVID for Trunk port the no switchport trunk native vlan command restores the default setting Parameter vlan id is the PVID for Trunk port Command mode Port mode Default The default PVID of Trunk port is 1 Usage guide PVID concept is defined in 802 1Q PVID in Trunk port is used to tag untagged frames When an untagged frame enters a Trunk port the port will tag the untagged frame with the native PVID set with this commands for VLAN forwarding Example Set the native VLAN for a Trunk port to 100 Switch Config interface ethernet 0 0 5 Switch Config ethernet0 0 5 switchport mode trunk Switch Config ethernet0 0 5 switchport trunk native vlan 100 Switch Config ethernet0 0 5 exit vlan ingress enable Command vlan ingress enable no vlan ingress enable Fun
531. up encrypted auth md5 hellohello Switch Config snmp server group TestGroup AuthPriv read max write max notify max Switch Config snmp server view max 1 include Scenario 4 NMS receives the v3Trap messages sent by the switch The configuration steps are listed below Switch Config snmp server enable Switch Config snmp server host 10 1 1 2 v3 AuthPriv tester Switch Config snmp server enable traps Maipu Confidential amp Proprietary Information Page 94 of 472 MyPower S3026G POE AC Switch User Manual V1 0 SNMP Troubleshooting Monitoring and Debugging Commands show snmp Command show snmp Function Display all SNMP counter information Command mode Admin Mode Example Switch show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors Max packet size 1500 0 No such name errors 0 Bad values errors 0 General errors 0 Get response PDUs 0 SNMP trap PDUs Displayed information Explanation 1 O The total number of the input snmp packets packets packets packets of the community name packets Number of requested variables The number of variables requested by NMS number of altered variables The number of variables set by NMS The number of packets received
532. uration Mode Maipu Confidential amp Proprietary Information Page 89 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Parameter lt user string gt is the user name containing 1 32 characters lt group string gt is the name of the group the user belongs to containing 1 32 characters encrypted use DES to encrypt packets auth perform packet authentication md5 packet authentication using HMAC MD5 algorithm sha packet authentication using HMAC SHA algorithm lt password string gt user password containing 8 32 character Usage guide If the encryption and authentication is not selected the default settings will be no encryption and no authentication If the encryption is selected the authentication must be done When deleting a user if correct username and incorrect group name are input the user can still be deleted Example Add a new user tester in the UserGroup with an encryption safety level and HMAC md5 for authentication the password is hello Switch Config snmp server user tester TestGroup encrypted auth md5 hellohello Delete one user Switch Config no snmp server user tester TestGroup snmp server group Command snmp server group lt group string gt NoauthNopriv AuthNopriv AuthPriv read lt read string gt write lt write string notify lt notify string gt no snmp server group lt group string gt NoauthNoprivlAuthNoprivlAuthPriv Function This command is used to configure a
533. urse switch can also upload current configuration files or system files to the remote FTP TFTP servers can be hosts or other switches When MyPower S3026G POE AC operates as a FTP TFTP server it can provide file upload and download service for authorized FTP TFTP clients as file list service as FTP server Here are some terms frequently used in FTP TFTP ROM Short for EPROM erasable read only memory EPROM is repalced by FLASH memory in MyPower S3026G POE AC Maipu Confidential amp Proprietary Information Page 102 of 472 MyPower S3026G POE AC Switch User Manual V1 0 SDRAM RAM memory in the switch used for system software operation and configuration sequence storage FLASH Flash memory used to save system file and configuration file System file including system image file and boot file System image file refers to the compressed file for switch hardware driver and software support program usually refer to as IMAGE upgrade file In MyPower S3026G POE AC the system image file is allowed to save in FLASH only MyPower S3026G POE AC mandates the name of system image file to be uploaded via FTP under Global Mode to be nos img other IMAGE system files are rejected Boot file refers to the file initializes the switch also referred to as the ROM upgrade file Large size file can be compressed as IMAGE file In MyPower S3026G POE AC the boot file is allowed to save in ROM only MyPower S3026G POE AC mandates the name of the b
534. user on the port The default action of AM is deny When AM is enabled the AM module denies all IP packets to pass only permit the member source address in the IP address pool to pass when AM is disabled AM deletes all address pools AM Configuration AM Configuration Task List 1 Enable AM 2 Configure IP address on one interface 3 Configure MAC IP address on one interface Maipu Confidential amp Proprietary Information Page 344 of 472 MyPower S3026G POE AC Switch User Manual V1 0 4 Delete all address pools 1 Enable AM Command Explanation Global Mode Enable the AM function After enabling AM you am enable can configure the address pool The no format no am enable of the command disables AM and deletes all addresses in the address pool 2 Configure IP Address Pool on One Interface Command Explanation Physical port mode am port Enable or disable the AM function on the no am port physical interface am ip pool lt start_ip_address gt Configure the IP address on one physical lt num gt interface The no format of the command no am ip pool lt start_ip_address gt deletes the configured IP address on the lt num gt interface 3 Configure MAC IP address pool on one interface Command Explanation Physical port mode am mac ip pool lt mac_address gt Configure the MAC IP address on one physical ip address interface The no format of the comma
535. uter port To use this command IGMP Snooping of this vlan should be enabled previously Example Switch config ip igmp snooping vlan 2 mrpt 100 ip igmp snooping vlan query interval Command ip igmp snooping vlan lt v an id gt query interval value no ip igmp snooping vlan vlan id query interval Function Configure this query interval Parameter v an id vlan id ranging from 1 to 4094 value query interval ranging from 1 to 65535 seconds Command Mode Global Configuration Mode Default status 125s Maipu Confidential amp Proprietary Information Page 241 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Usage guide It is recommended to use the Default Please keep this configuration in accordance with IGMP configuration Example Switch config ip igmp snooping vlan 2 query interval 130 ip igmp snooping vlan query mrspt Command ip igmp snooping vlan v an id query mrspt value no ip igmp snooping vlan vlan id query mrspt Function Configure the maximum query response period The no form of the command restores to the default value Parameter v an id vlan id ranging from 1 to 4094 value ranging from 1 to 25 seconds Command Mode Global Configuration Mode Default status 10s Usage guide It is recommended to use the Default Please keep this configuration in accordance with IGMP configuration if layer 3 IGMP is running Example Switch config ip igmp snooping vlan 2 query m
536. utes of the port are as follows mac type ETH TYPE speed type ETH SPEED 10M duplex type FULL port type ACCESS port Ethernet0 0 50 both of the port and the agg attributes are not equal the reason is 2 the general information of the port are as follows portnumber 50 actor port agg id O partner oper sys 0x000000000000 partner oper key 0x0002 actor oper port key 0x0102 mode of the port ACTIVE lacp aware enable begin FALSE port enabled FALSE lacp ena TRUE ready n TRUE the attributes of the port are as follows Maipu Confidential amp Proprietary Information Page 358 of 472 MyPower S3026G POE AC Switch User Manual V1 0 mac_type ETH_TYPE speed_type ETH_SPEED_100M duplex type FULL port type ACCESS actor port agg id The number of the channel to which the port is added If the port cannot be added to the channel due to inconsistent parameters between the port and the channel 0 will be displayed distributed data interface 3 Display load balance information for port group 1 Switch show port group load balance The loadbalance of the group 1 based on src MAC address 4 Display member port information for port group 1 Switch show port group 1 port Sorted by the ports in the group 1 the portnum is 49 port Ethernet0 0 49 related information Actor part Administrative Operational port number 49 port priority 0x8000 aggregator id 0 port key 0x0100 0x0101 port state LACP activety 1 LACP
537. uthenticator system It can also send authentication request and off line request to authenticator Maipu Confidential amp Proprietary Information Page 269 of 472 server system Authentication server MyPower S3026G POE AC Switch User Manual V1 0 2 The PAE of the authenticator system authenticates the supplicant systems needing to access the LAN via the authentication server system and deal with the authenticated unauthenticated state of the controlled port according to the result of the authentication The authenticated state means the user is allowed to access the network resources the unauthenticated state means only the EAPOL messages are allowed to be received and sent while the user is forbidden to access network resources controlled uncontrolled ports The authenticator system provides ports to access the LAN for the supplicant systems These ports can be divided into two kinds of logical ports controlled ports and uncontrolled ports c 3i The uncontrolled port is always in bi directionally connected status and mainly used to transmit EAPOL protocol frames to guarantee that the supplicant systems can always send or receive authentication messages The controlled port is in connected status authenticated to transmit service messages When unauthenticated no message from supplicant systems is allowed to be received The controlled and uncontrolled ports are two parts of one port which means each frame reac
538. uthorized Telnet clients that access the switch via Telnet Command mode Admin mode Usage guide The command is used to view the information about all authorized Telnet clients of the system Example Switch show telnet user admin Related command telnet user password show version Command show version Function Display the switch version Command mode Admin Mode Usage guide Use this command to view the version information for the switch including hardware version and software version Example Maipu Confidential amp Proprietary Information Page 78 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Switch show version S3026G POE Device Compiled Dec 29 2008 15 31 02 SoftWare Package Version 3026G POE_1 6 113 0 BootRom Version S3026G POE 1 6 101 MiniRom Version 3026G POE_1 6 101 HardWare Version 1 0 Copyright C 2008 Maipu Sichuan Communication Technology Co Ltd All rights reserved System up time 0 days 16 hours 27 minutes 19 seconds Debug Each protocol supported by MyPower 3S3026G POE AC has the corresponding debug command The user can view the displayed information of the debug command to diagnose the network fault The later chapters describe the debug commands of the corresponding protocols Configure Switch IP Address In theory MyPower S3026G POE AC switch is the Data Link Layer device and should not have the IP address because the IP address belongs to Network Layer However the
539. vel priority high high level priority low low level priority Command Mode Port Mode Default Port priority is low Usage guide This command takes effect in the mode of power inline police enable Without enough available power for newly connected PD ports with higher priority get power supply first Example Set the priority of Port 1 to high and that of Port 2 to critical Switch Config interface ethernet 0 0 1 Switch Config Ethernet0 0 1 power inline priority high Switch Config interface ethernet 0 0 2 Switch Config Ethernet0 0 2 power inline priority critical POE Typical Application Requirements of Network Deployment Set the max output power of MyPower S3026G POE AC to 50W assuming that the default max power can satisfy the requirements Ethernet interface 0 0 2 is connected to an IP phone Ethernet interface 0 0 4 is connected to a wireless AP Ethernet interface 0 0 6 is connected to a Bluetooth AP Maipu Confidential amp Proprietary Information Page 467 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Ethernet interface 0 0 8 is connected to a network camera The IP phone connected to Ethernet interface 0 0 2 has the highest level power supply priority critical which requires the power supply to the newly connected PD being cut off if it causes PSE power overload i e adopting the priority policy of PD power management Power of subordinate AP devices connected to Ethernet interface 0 0 6 shou
540. ver the management connection maintains until data transfer is complete Then using the address and port number provided by the client the server establishes data connection on port 20 if not engaged to transfer data if port 20 is engaged the server automatically generates some other port number to establish data connection In passive connection the client through management connection notify the server to establish a passive connection The server then creates its own data listening port and informs the client about the port and the client establishes data connection to the specified port As data connection is established through the specified address and port there is a third party to provide data connection service TFTP builds upon UDP providing unreliable data stream transfer service with no user authentication or permission based file access authorization It ensures correct data transmission by sending and acknowledging mechanism and retransmission of time out packets The advantage of TFTP over FTP is that it is a simple and low overhead file transfer service MyPower S3026G POE AC can operate as either FTP TFTP client or server When MyPower S3026G POE AC operates as a FIP TFTP client configuration files or system files can be downloaded from the remote FTP TFTP servers can be hosts or other switches without affecting its normal operation And file list can also be retrieved from the server in ftp client mode Of co
541. ver s PKI certificate to establish a safe TLS tunnel in order to protect user authentication The following figure illustrates the basic operation flow of PEAP authentication method EAP Request PEAP Star RADIUS Access Request EAP Response ldentity RADIUS Access Challenge EAP Request PEAP Star TLS Channe Established RADIUS Access Request EAP Response Empt EAP Response Empt RADIUS Access Challenge EAP Request MD5 Challenge EAP Request MD5 Challenge RADIUS Access Request EAP Response MD5 Password EAP Response MD5 Password RADIUS Access Acceot EAP Success Authentication Flow of 802 1x PEAP EAP Termination Mode In this mode EAP messages are terminated in the access control unit and mapped into RADIUS messages which is used to implement the authentication authorization and fee counting The basic operation flow is illustrated in the next figure In EAP termination mode the access control unit and the RADIUS server can use PAP or CHAP authentication method The following figure demonstrates the basic operation flow using CHAP authentication method Maipu Confidential amp Proprietary Information Page 278 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Supplicant Authenticator PAE toss system PAE RADIUS Access Request EAP Success foin Handshake request packet EM EAP Request Identi Handshake response packet EAP Response Identi EAPOL pe
542. via HTTP To manage the switch via HTTP the following conditions should be met 1 Switch has an IP address configured 2 The host IP address HTTP client and the switch s VLAN interface IP address are in the same network segment 3 If item 2 is not met HTTP client should connect to an IP address of the switch via other devices such as a router Similar to manage the switch via Telnet as soon as the host can ping the IP address of the switch and the right login password is input it can access the switch via HTTP The procedure is as follows Step 1 Configure the IP addresses for the switch and start the HTTP server function on the switch For configuring the IP address on the switch via outband management refer to the chapter of managing the switch via telnet Use the command ip http server in the global mode of Console to enable the HTTP Server function and the WEB configuration as follows Switch gt en Switch config Switch Config ip http server Step 2 Run the HTTP protocol on the host Maipu Confidential amp Proprietary Information Page 40 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Open the Web browser on the host and type the IP address of the switch or directly run the HTTP protocol on the Windows For example the IP address of the switch is 10 1 128 251 Type the name of a program Folder document or Internet resource and Windows will open it For you ttp 10 1 128 251 v
543. w Switch config Switch config access list 1 permit 192 168 1 0 0 0 0 255 Switch config mls qos Switch config class map cl Switch config ClassMap match access group 1 Switch config ClassMap exit Switch config policy map pl Switch config PolicyMap class cl Switch config Policy Class police 10000000 4000 exceed action drop Switch config Policy Class exit Switch config PolicyMap exit Switch config interface ethernet 0 0 2 Switch Config Ethernet0 0 2 service policy input p1 Maipu Confidential amp Proprietary Information Page 446 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Configuration result An ACL named 1 is set to match segment 192 168 1 0 Enable QoS globally create a class map named ci matching ACL1 in class map create another policy map named pil and reference ci in pl set appropriate policies to limit bandwidth and burst value Apply this policy map on port ethernet0 0 2 After the above settings done the bandwidth for the packets from segment 192 168 1 0 on port ethernet 0 0 2 is set to 10 Mb s with a burst value of 4 MB and all packets that exceed this bandwidth setting in that segment are dropped Example 3 QoS domain Server Switch 3 Switch 2 Switch 1 As shown in the figure inside the block is a QoS domain Switch1 classifies different traffics and assigns different CoS priroities For example set CoS priroity of the packets from segment 192 168 1 0 as 5 on port et
544. wildcard gt any destination host destination lt destination host ip gt lt igmp type gt precedence lt precedence gt tos lt tos gt time range lt time range name gt no denylpermit any source macl host source mac lt host_smac gt jl lt smac gt lt smac mask gt any destination macl host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt tcp lt source gt lt source wildcard gt lany sourcel host source lt source host ip gt s port port17 destination lt destination wildcard gt lany destinationl host destination destination host ip d port lt port3 gt ack t fin psh 4 rst urg syn precedence lt precedence gt tos tos time range time range name Maipu Confidential amp Proprietary Information Page 333 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no deny permit any source mac host source mac lt host_smac gt lt smac gt lt smac mask gt any destination mac host destination mac lt host_dmac gt lt dmac gt lt dmac mask gt udp lt source gt lt source wildcard gt any source host source lt source host ip gt s port lt port1 gt lt destination gt destination wildcard gt any destination host destination lt destination host ip gt d port lt port3 gt precedence precedence tos lt tos gt time range time range name no 4deny permit 4any source mac 4host source mac lt host_smac gt
545. witch User Manual V1 0 Basic Configuration of Cluster Network Management Cluster Network Management Configuration Task List 1 Enable or disable cluster function 2 Create cluster Create or delete cluster c Configure private IP address pool for member switches of the cluster c Add or remove a member switch 3 Configure the attributes of the cluster on the command switch Enable or disable automatically adding cluster members c Set the heartbeat hold time of the cluster c Set the interval of the switches in the cluster sending heartbeat packets Clear the list of candidate switches maintained by the command switch 4 Configure the parameters of the cluster on the candidate switch Set the interval of sending the cluster register packets 5 Remote cluster network management Remote configuration management gt Reboot member switch Remotely upgrade member switch 1 Enable or disable cluster function Command Explanation Global Mode cluster run Enable or disable cluster function on no cluster run the switch Maipu Confidential amp Proprietary Information Page 134 of 472 MyPower S3026G POE AC Switch User Manual V1 0 2 Create a cluster Command Explanation Global Mode cluster commander c uster name vlan lt vlan id gt no cluster commander Create or delete a cluster cluster ip pool commander ip no cluster ip pool Configure the private I
546. witch as follows Switch Config ip multicast policy 210 1 1 1 0 0 0 0 239 1 2 3 0 0 0 0 cos 4 In this way the multicast flow has a priority of value 4 Usually this is pretty high the possible higher one is protocol data if higher priority is set when there is too much multicast data it might cause the abnormality of the switch protocol when it gets to other switches via the TRUNK port of the switch DCSCM Troubleshooting DCSCM Monitoring and Debugging Commands show ip multicast source control access list Command show ip multicast source control access list show ip multicast source control access list 5000 5099 Function Display source control multicast access list of configuration Parameter 5000 5099 access list number Default status None Command mode Admin Mode Usage guide The command displays source control multicast access list of configuration Example Switch sh ip multicast source control access list Maipu Confidential amp Proprietary Information Page 264 of 472 MyPower S3026G POE AC Switch User Manual V1 0 access list 5000 permit ip 10 1 1 0 0 0 0 255 232 0 0 0 0 0 0 255 access list 5000 deny ip 10 1 1 0 0 0 0 255 233 0 0 0 0 255 255 255 show ip multicast destination control access list Command show ip multicast destination control access list show ip multicast destination control access list 6000 7999 Function Display the configured destination control multicast access list P
547. witchB config ip igmp snooping vlan 100 mrouter interface ethernet 0 0 1 Multicast Configuration The same as scenario 1 Maipu Confidential amp Proprietary Information Page 246 of 472 MyPower S3026G POE AC Switch User Manual V1 0 IGMP Snooping listening result Similar to scenario 1 IGMP Snooping Troubleshooting IGMP Snooping Monitoring and Debuging Commands debug igmp snooping Command debug igmp snooping all packet event timer mfc no debug igmp snooping all packet event timer mfc Function Enable the IGMP Snooping debugging of the switch the no form of the command disables the debugging Command mode Admin Mode Default IGMP Snooping debugging is disabled on the switch by default Usage guide The command is used to enable the IGMP Snooping debugging of the switch The switch IGMP packet message can be shown with the packet parameter event message with event timer message with time delivering hardware entries message with mfc and all debugging messages with all show ip igmp snooping Command show ip igmp snooping vlan lt vlan id gt Parameter v an id is the vlan number specified for displaying IGMP Snooping messages Command mode Admin Mode Usage guide If no VLAN number is specified it shows whether global IGMP Snooping is enabled which VLAN is configured with 2 general querier function and if a VLAN number is specified detailed IGMP messages for this VLAN is sho
548. wn Example Maipu Confidential amp Proprietary Information Page 247 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Show IGMP Snooping summary messages of the switch Switch show ip igmp snooping Global igmp snooping status Enabled Igmp snooping is turned on for vlan 1 querier Igmp snooping is turned on for vlan 2 Displayed Information Explanation y Global igmp snooping status Whether the global IGMP Snooping is enabled on the switch Igmp snooping is turned on for Which VLANs are enabled with the IGMP Snooping vlan 1 querier function on the switch and whether it is 12 general querier Display the IGMP Snooping details of vlan1 Switch show ip igmp snooping vlan 1 Igmp snooping information for vlan 1 Igmp snooping L2 general querier Yes COULD QUERY Igmp snooping query interval 125 s Igmp snooping max reponse time 10 s Igmp snooping robustness 2 Igmp snooping mrouter port keep alive time 255 s Igmp snooping query suppression time 255 s IGMP Snooping Connect Group Membership Note All Source S Include Source S Exclude Source Groups Sources Ports Exptime System Level 238 1 1 1 192 168 0 1 Ethernet0 0 8 00 04 14 V2 192 168 0 2 Ethernet0 0 8 00 04 14 V2 Igmp snooping vlan mrouter port Note static mrouter port Ethernet0 0 2 Igmp snooping L2 general querier Whether the vlan enables I2 general querier function and show whether the querie
549. work assault we allow the network administrator to configure FLUSH mode by the command Note For the complicated network especially need to switch from one spanning tree branch to another rapidly the disable mode is not recommended The global configuration takes effect at the port that is not respectively configured Example Switch Config spanning tree tcflush disable Switch Config spanning tree tcflush Port Mode Command spanning tree tcflush enable disable protect Maipu Confidential amp Proprietary Information Page 224 of 472 MyPower S3026G POE AC Switch User Manual V1 0 no spanning tree tcflush Function Configure the spanning tree flush mode for port once the topology changes no spanning tree tcflush restores to default setting Parameter enable The spanning tree flush once the topology changes disable The spanning tree don t flush when the topology changes protect the spanning tree flush not more than one time every ten seconds Command mode Port configuration mode Default Global configuration mode Usage guide According to MSTP when topology changes the port that send change message clears MAC ARP table FLUSH In fact it is not needed for some network environment to do FLUSH with every topology change At the same time as a method to avoid network assault we allow the network administrator to configure FLUSH mode by the command Note For the complicated network especially need to switch f
550. x ipaddress paddress no option lt code gt Configure the network parameter specified by the option code lease days hours minutes infinite no lease Configure the lease period allocated to addresses in the address pool Global mode Maipu Confidential amp Proprietary Information Page 365 of 472 MyPower S3026G POE AC Switch User Manual V1 0 ip dhcp excluded address lt ow address lt high address gt no ip dhcp excluded address ow address lt high address gt Exclude the addresses in the address pool that are not for dynamic allocation C Configure the parameters of the manual DHCP address pool Command Explanation DHCP Address Pool Mode hardware address lt hardware address Ethernet IEEE802 lt type number gt no hardware address Specify the hardware address when assigning address manually host address mask lt prefix length no host Specify the IP address to be assigned to the specified client when binding address manually client identifier lt unique identifier gt no client identifier Specify the unique ID of the user when binding address manually client name lt name gt no client name Configure a client name when binding address manually 3 Enable the logging function for recording address conflicts Command Explanation Global Mode ip dhcp conflict
551. x Set the number of the defense actions ae E igit valid on the port at the same time The default value is 10 10 Enable DHCP Snooping option 82 function Command Explanation Global mode ip dhcp snooping information enable Enable or disable the DHCP Snooping no ip dhcp snooping information enable option82 function 11 Enable the debug Command Explanation Admin mode Debug ip dhcp snooping packet Debug ip dhcp snooping event Please refer to the chapter on system Debug ip dhcp snooping update troubleshooting Debug ip dhcp snooping binding 12 Set log record Command Explanation Admin mode Log on logging source default m shell sys event anti attack channel console logbuff loghost monitor level critical debugging notifications warnings state on off Refer to the chapter of the system log DHCP Snooping Configuration Commands ip dhcp snooping Command ip dhcp snooping enable no ip dhcp snooping enable Function Enable the DHCP Snooping function Parameters None Maipu Confidential amp Proprietary Information Page 387 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Command Mode Global configuration mode Default Settings DHCP Snooping is disabled by default Usage guide When this function is enabled it will monitor all the DHCP Server packets of non trusted ports Example Enable the DHCP Snoopin
552. xample Configure one SNTP NTP server address Switch Config sntp server 10 1 1 1 version 4 sntp polltime Command sntp polltime interval no sntp polltime Function Sets the interval for SNTP clients to send requests to NTP SNTP the no sntp polltime command cancels the set polltime and restores the default value 64s Parameters interval is the interval value from 16 to 16284 Default The default polltime is 64 seconds Command Mode Global Mode Example Set the client to send request to the server every 128 seconds Switch config Switch Config sntp polltime 128 sntp timezone Command sntp timezone lt name gt add subtract lt time_difference gt no sntp timezone Function Set the time difference between the timezone of the SNTP client and UTC The no operation of this command cancels the set timezone and restores the default value Parameter lt name gt is the set timezone name consisting of up to 16 characters add means the timezone equals the UTC time plus lt time_difference gt Subtract means the timezone equals the UTC time Maipu Confidential amp Proprietary Information Page 425 of 472 MyPower S3026G POE AC Switch User Manual V1 0 minus time difference time difference is the time difference to be set range from 0 to 12 Default Add 8 is default timezone Command Mode Global Mode Example Set the timezone as beijing Switch config Switch Config sntp timezone beijing ad
553. y different bandwidths for voice data video to provide different QoS ACL MyPower S3026G POE AC switch supports the complete ACL policy ACL is a mechanism realized by switches to filter IP data By allowing or denying specific data packets entering leaving the network a switch can control the network access and effectively guarantee the secure operation of the network The switch supports IP based MAC based and MAC IP based ingress filtering it can also filter data based on the information of source destination IP addresses source destination MAC addresses IP protocol type TCP UDP port IP precedence time range and ToS IEEESO02 1x access authentication MyPower S3026G POE AC switch supports both port based IEEE802 1x authentication mode and MAC based IEEE802 1x authentication mode It can set the upper threshold of authenticated access users per port realize dynamic secure authentication mode based on MAC address and bind the MAC address of an authenticated device to a port With the IEEE802 1x authentication modes cooperating with the authenticating amp accounting products a complete set of IEEE802 1x AAA solutions can be provided meeting the requirements of access authenticating and accounting and ensuring the network security and operatability Bandwidth Control Port Speed Limit MyPower S3026G POE AC switch can control the upstream downstream bandwidth and provide different access bandwidth for users at different
554. y the port currently Max The max power allowed to be distributed to the port Current The present current of the port Volt The present voltage of the port Priority The Power supply priority critica the highest level priority high the high level priority low the low level priority Class Class Usage PD Input Power W Default 0 44 12 95 Optional 0 44 3 84 Optional 3 84 6 49 Optional 6 49 12 95 Reserved treated as class 0 and reserved for future use t is impossible for a compatible PD to provide a class 4 signal RWNF O Maipu Confidential amp Proprietary Information Page 470 of 472 MyPower S3026G POE AC Switch User Manual V1 0 Example Display the current PoE status on port 1 to port 6 Switch show power inline interface ethernet 0 0 1 6 Interface Status Oper Power mW Max mW Current mA Volt V Priority Class Ethernet0 0 1 enable off 0 15400 0 0 high 0 Ethernet0 0 2 enable off 0 15400 0 0 low 0 Ethernet0 0 3 enable off 0 15400 0 0 low 0 Ethernet0 0 4 enable off 0 15400 0 0 low 0 Ethernet0 0 5 enable off 0 15400 0 0 low 0 Ethernet0 0 6 enable off 0 15400 0 0 low 0 debug power inline Command debug power inline no debug power inline Function Enable or disable the PoE debugging Parameters None Command Mode Admin Mode Default None Usage guide With debugging enabled relative information will be printed in the key processes while implementing commands f
Download Pdf Manuals
Related Search