Scribd Logo
Upload

Welcome to Scribd!

  • 03-Commands For VLAN and MAC Address Configuration - Word

    Uploaded by

    Daniel Mateo
    12 views19 pages

    Original Title

    03-Commands for VLAN and MAC Address Configuration.word

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views19 pages

    03-Commands For VLAN and MAC Address Configuration - Word

    Uploaded by

    Daniel Mateo

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    Commands for VLAN and MAC Address Configuration

    Content

    Content
    CHAPTER 1 VLAN CONFIGURATION 1

    1.1 Commands for VLAN Configuration.......................................................................1 1 1 1 de!ug g"r# 1 1 1 $ g"r# 1 1 1 % gar# timer &o'd 1 1 1 ( gar# timer )oin $ 1 1 * gar# timer 'ea"e $ 1 1 + gar# timer 'ea"ea'' % 1 1 , name % 1 1 - #ri"ate."'an % 1 1 / #ri"ate."'an asso0iation ( 1 1 11 s&o2 gar# * 1 1 11 s&o2 g"r# * 1 1 1$ s&o2 "'an * 1 1 1% s2it0&#ort a00ess "'an + 1 1 1( s2it0&#ort interfa0e , 1 1 1* s2it0&#ort mode , 1 1 1+ s2it0&#ort trun3 a''o2ed "'an , 1 1 1, s2it0&#ort trun3 nati"e "'an 1 1 1- "'an 1 1 1/ "'an ingress ena!'e /

    CHAPTER $ COMMAN45 FOR MAC A44RE55 TA6LE CONFIGURATION 1

    2.1 Commands for MAC Address Table Configuration................................................1 $ 1 1 ma0.address.ta!'e aging.time 1 $ 1 $ ma0.address.ta!'e stati07!'a03&o'e 1 $ 1 % s&o2 ma0.address.ta!'e $ 2.2 Commands for Mac Address Binding configuration...............................................2 $ $ 1 0'ear #ort.se0urit8 d8nami0 $ $ $ $ ma0.address.ta!'e #eriodi0.monitor.time % $ $ % ma0.address.ta!'e s8n0&roni9ing ena!'e % $ $ ( s&o2 #ort.se0urit8 % $ $ * s&o2 #ort.se0urit8 address ( $ $ + s&o2 #ort.se0urit8 interfa0e * $ $ , s2it0&#ort #ort.se0urit8 * 1

    Commands for VLAN and MAC Address Configuration $ $ - s2it0&#ort #ort.se0urit8 0on"ert $ $ / s2it0&#ort #ort.se0urit8 'o03 $ $ 11 s2it0&#ort #ort.se0urit8 ma0.address $ $ 11 s2it0&#ort #ort.se0urit8 ma:imum $ $ 1$ s2it0&#ort #ort.se0urit8 timeout $ $ 1% s2it0&#ort #ort.se0urit8 "io'ation

    Content + + , , , -

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    C&a#ter 1 VLAN Configuration


    1 1 Commands for VLAN Configuration 1 1 1 de!ug g"r#
    Command; de!ug g"r# no de!ug g"r# Fun0tion; Enable the GV ! debugging function" the #no debug g$r%& command disables the function. Command mode; Admin Mode. 4efau't; GV ! debug information is disabled b' default. Usage Guide; (se this command to enable GV ! debugging) GV ! %ac*et %rocessing information can be dis%la'ed. E:am#'e; Enable GV ! debugging. +,itch-debug g$r%

    1 1 $ g"r#
    Command; g"r# no g"r# Fun0tion; Enable the GV ! function for the s,itch or the current Trun* %ort. the # no g"r#& command disables the GV ! function globall' or for the %ort. Command mode; !ort Mode and Global Mode. 4efau't; GV ! is disabled b' default. Usage Guide; !ort GV ! can onl' be enabled after global GV ! is enabled. /hen global GV ! is disabled) the GV ! configurations in the %orts are also disabled. Note" GV ! can onl' be enabled on Trun* %orts. E:am#'e; Enable the GV ! function globall' and for Trun* %ort 10. +,itch1config2-g$r% +,itch1config2-interface ethernet 1310 +,itch1Config45f4Ethernet13102-g$r% +,itch1config2-e6it

    1 1 % gar# timer &o'd


    Command; gar# timer &o'd <timer-value> no gar# timer &o'd Fun0tion; +et the hold timer for GA !. the # no gar# timer &o'd& command restores the default timer setting. 1

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    Parameter; <timer-value> is the $alue for GA ! hold timer) the $alid range is 100 to 7289:0 ms. Command mode; !ort Mode. 4efau't; The default $alue for hold timer is 100 ms. Usage Guide; /hen GA ! a%%lication entities recei$e a ;oin message) ;oin message ,ill not be sent immediatel'. 5nstead) hold timer is started. After hold timer timeout) all ;oin messages recei$ed ,ith the hold time ,ill be sent in one GV ! frame) thus effecti$el' reducing %rotocol message traffic. E:am#'e; +et the GA ! hold timer $alue of %ort 1310 to :00 ms. +,itch1Config45f4Ethernet13102-gar% timer hold :00

    1 1 ( gar# timer )oin


    Command; gar# timer )oin <timer-value> no gar# timer )oin Fun0tion; +et the ;oin timer for GA !. the # no gar# timer )oin& command restores the default timer setting. Parameter; <timer-value> is the $alue for ;oin timer) the $alid range is 100 to 7289:0 ms. Command mode; !ort Mode. 4efau't; The default $alue for ;oin timer is 200 ms. Usage Guide; GA ! a%%lication entit' sends a ;oin message after ;oin timer o$er) other GA ! a%%lication entities recei$ed the ;oin message ,ill register this message. E:am#'e; +et the GA ! ;oin timer $alue of %ort 10 to 1000 ms. +,itch1Config45f4Ethernet13102-gar% timer ;oin 1000

    1 1 * gar# timer 'ea"e


    Command; gar# timer 'ea"e <timer-value> no gar# timer 'ea"e Fun0tion; +et the lea$e timer for GA !. the # no gar# timer 'ea"e& command restores the default timer setting. Parameter; <timer-value>is the $alue for lea$e timer) the $alid range is 100 to 7289:0 ms. Command mode; !ort Mode. 4efau't; The default $alue for lea$e timer is 900 ms. Usage Guide; /hen GA ! a%%lication entit' ,ants to cancel a certain %ro%ert' information) it sends a lea$e message. GA ! a%%lication entities recei$ing this message ,ill start the lea$e timer) if no ;oin message is recei$ed before lea$e timer timeout) the %ro%ert' information ,ill be canceled. Besides) the $alue of lea$e timer must be t,ice larger than the ;oin timer. <ther,ise) an error message ,ill be dis%la'ed. E:am#'e; +et the GA ! lea$e timer $alue of %ort 1310 to 7000 ms. +,itch1Config45f4Ethernet13102-gar% timer lea$e 7000

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    1 1 + gar# timer 'ea"ea''


    Command; gar# timer 'ea"ea'' <timer-value> no gar# timer 'ea"ea'' Fun0tion; +et the lea$eall timer for GA !. the #no gar# timer 'ea"ea''& command restores the default timer setting. Parameter; <timer-value> is the $alue for GA ! lea$eall timer) the $alid range is 100 to 7289:0 ms. Command mode; Global Mode. 4efau't; The default $alue for lea$eall timer is 10000 ms. Usage Guide; /hen a GA ! a%%lication entit' starts) the lea$eall timer is started at the same time. /hen the lea$eall timer is o$er) the GA ! a%%lication entit' ,ill send a lea$eall message. <ther a%%lication entities ,ill cancel all %ro%ert' information for that a%%lication entit') and the lea$eall timer is cleared for a ne, c'cle. E:am#'e; +et the GA ! lea$eall timer $alue to :0000 ms. +,itch1config2-gar% timer lea$eall :0000

    1 1 , name
    Command; name <vlan-name> no name Fun0tion; +%ecif' a name) a descri%ti$e string) for the VLAN. the no o%eration of the command ,ill delete the name of the VLAN. Parameters; <"'an.name= is the s%ecified name string. Command Mode; VLAN Configuration Mode. 4efau't; The default VLAN name is $lan===) ,here 666 is V5>. Usage Guide; The s,itch can s%ecif' names for different VLANs) ma*ing it easier for users to identif' and manage VLANs. E:am#'es; +%ecif' the name of VLAN100 as TestVlan. +,itch1Config4Vlan1002-name TestVlan

    1 1 - #ri"ate."'an
    Command; #ri"ate."'an >#rimar8 7 iso'ated 7 0ommunit8? no #ri"ate."'an Fun0tion; Configure current VLAN to !ri$ate VLAN. The #no #ri"ate."'an& command cancels the !ri$ate VLAN configuration. Parameter; #rimar8 set current VLAN to !rimar' VLAN) iso'ated set current VLAN to 5solated VLAN) 0ommunit8 set current VLAN to Communit' VLAN. Command Mode; VLAN mode 4efau't; !ri$ate VLAN is not configured b' default. Usage Guide; There are three !ri$ate VLANs" Primar8 VLAN) Iso'ated VLAN and Communit8 VLAN. !orts in !rimar' there are three !ri$ate VLANs" !rimar' VLAN) %

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    5solated VLAN and Communit' VLAN can communicate ,ith %orts of 5solated VLAN and Communit' VLAN related to this !rimar' VLAN. !orts in 5solated VLAN are isolated bet,een each other and onl' communicate ,ith %orts in !rimar' VLAN the' related to. %orts in Communit' VLAN can communicate both ,ith each other and ,ith !rimar' VLAN %orts the' related to. there is no communication bet,een %orts in Communit' VLAN and %ort in 5solated VLAN. <nl' VLANs containing em%t' Ethernet %orts can be set to !ri$ate VLAN) and onl' the !ri$ate VLANs configured ,ith associated %ri$ate relationshi%s can set the Access Ethernet %orts their member %orts. Normal VLAN ,ill clear its Ethernet %orts ,hen set to !ri$ate VLAN. 5t is to be noted !ri$ate VLAN messages ,ill not be transmitted b' GV !. E:am#'e; +et VLAN100) 200) 700 to %ri$ate $lans) ,ith res%ecti$el' %rimar') 5solated) Communit' t'%es. +,itch1config2-$lan 100 +,itch1Config4Vlan1002-%ri$ate4$lan %rimar' Note"This ,ill remo$e all the %orts from $lan 100 +,itch1Config4Vlan1002-e6it +,itch1config2-$lan 200 +,itch1Config4Vlan2002-%ri$ate4$lan isolated Note"This ,ill remo$e all the %orts from $lan 200 +,itch1Config4Vlan2002-e6it +,itch1config2-$lan 700 +,itch1Config4Vlan7002-%ri$ate4$lan communit' Note"This ,ill remo$e all the %orts from $lan 700 +,itch1Config4Vlan7002-e6it

    1 1 / #ri"ate."'an asso0iation
    Command; #ri"ate."'an asso0iation <secondary-vlan-list> no #ri"ate."'an asso0iation Fun0tion; +et !ri$ate VLAN association. the #no #ri"ate."'an asso0iation& command cancels !ri$ate VLAN association. Parameter; <secondary-vlan-list> +ets +econdar' VLAN list ,hich is associated to !rimar' VLAN. There are t,o t'%es of +econdar' VLAN" 5solated VLAN and Communit' VLAN. (sers can set multi%le +econdar' VLANs b' #.&. Command mode; VLAN Mode. 4efau't; There is no !ri$ate VLAN association b' default. Usage Guide; This command can onl' used for !ri$ate VLAN. The %orts in +econdar' VLANs ,hich are associated to !rimar' VLAN can communicate to the %orts in !rimar' VLAN. Before setting !ri$ate VLAN association) three t'%es of !ri$ate VLANs should ha$e no member %orts. the !ri$ate VLAN ,ith !ri$ate VLAN association can?t be deleted. /hen users delete !ri$ate VLAN association) all the member %orts in the !ri$ate VLANs ,hose

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    association is deleted are remo$ed from the !ri$ate VLANs. E:am#'e; Associate 5solated VLAN200 and Communit' VLAN700 to !rimar' VLAN100. +,itch1Config4Vlan1002-%ri$ate4$lan association 200.700

    1 1 11 s&o2 gar#
    Command; s&o2 gar# @<interface-name>A Fun0tion; >is%la' the global and %ort information for GA !. Parameter; <interface-name> stands for the name of the Trun* %ort to be dis%la'ed. Command mode; Admin Mode and other configuration Mode. Usage Guide; N3A. E:am#'e; >is%la' global GA ! information. +,itch -sho, gar%

    1 1 11 s&o2 g"r#
    Command; s&o2 g"r# @<interface-name>A Fun0tion; >is%la' the global and %ort information for GV !. Parameter; <interface-name> stands for the name of the Trun* %ort to be dis%la'ed. Command mode; Admin Mode and other configuration Mode. Usage Guide; N3A. E:am#'e; >is%la' global GV ! information. +,itch-sho, g$r% configuration 4444444444444444 G$r% 5nformation 444444444444444444 G$r% status " enable G$r% Timers1milliseconds2 Lea$eAll " 10000

    1 1 1$ s&o2 "'an
    Command; s&o2 "'an @!rief 7 summar8A @id <vlan-id>A @name <vlan-name=A @interna' usage @id <vlan-id> 7 name <vlan-name>AA Fun0tion; >is%la' detailed information for all VLANs or s%ecified VLAN. Parameter; !rief stands for brief information. summar8 for VLAN statistics. <vlan-id> for VLAN 5> of the VLAN to dis%la' status information) the $alid range is 1 to @0A@. <vlan-name> is the VLAN name for the VLAN to dis%la' status information) $alid length is 1 to 11 characters. Command mode; Admin Mode and configuration Mode. Usage Guide; 5f no <vlan-id> or <vlan-name> is s%ecified) then information for all VLANs in the s,itch ,ill be dis%la'ed. E:am#'e; >is%la' the status for the current VLAN. dis%la' statistics for the current VLAN. +,itch-sho, $lan VLAN Name T'%e Media !orts

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    4444 444444444444 4444444444 444444444 4444444444444444444444444444444444444444 1 default +tatic ENET Ethernet131 Ethernet132 Ethernet137 Ethernet13@ Ethernet13A Ethernet1310 Ethernet1311 Ethernet1312 2 VLAN0002 +tatic ENET Ethernet13: Ethernet139 Ethernet138 Ethernet13B +,itch-sho, $lan summar' The ma6. $lan entr's" @0A@ E6isting Vlans" (ni$ersal Vlan" 1 12 17 1: 19 22 Total E6isting Vlans is"9 >is%la'ed information VLAN Name T'%e Media !orts E6%lanation VLAN number VLAN name VLAN t'%e) staticall' d'namicall' learned. Access %ort ,ithin a VLAN configured or

    VLAN interface t'%e" Ethernet

    1 1 1% s2it0&#ort a00ess "'an


    Command; s2it0&#ort a00ess "'an <vlan-id> no s2it0&#ort a00ess "'an Fun0tion; Add the current Access %ort to the s%ecified VLAN. The # no s2it0&#ort a00ess "'an& command deletes the current %ort from the s%ecified VLAN) and the %ort ,ill be %artitioned to VLAN1. Parameter; <vlan-id> is the V5> for the VLAN to be added the current %ort) $alid range is 1 to @0A@. Command mode; !ort Mode. 4efau't; All %orts belong to VLAN1 b' default. Usage Guide; <nl' %orts in Access mode can ;oin s%ecified VLANs) and an Access %ort can onl' ;oin one VLAN at a time. E:am#'e; Add some Access %ort to VLAN100. +,itch1config2-interface ethernet 13B +,itch1Config45f4Ethernet13B2-s,itch%ort mode access +,itch1Config45f4Ethernet13B2-s,itch%ort access $lan 100 +,itch1Config45f4Ethernet13B2-e6it

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    1 1 1( s2it0&#ort interfa0e
    Command; s2it0&#ort interfa0e @et&ernet 7 #ort0&anne'A @interfa0e.name 7 interfa0e. 'istA no s2it0&#ort interfa0e @et&ernet 7 #ort0&anne'A @interfa0e.name 7 interfa0e.'istA Fun0tion; +%ecif' Ethernet %ort to VLAN. the # no s2it0&#ort interfa0e @et&ernet 7 #ort0&anne'A @<interface-name | interface-list>A& command deletes one or one set of %orts from the s%ecified VLAN. Parameter; et&ernet is the Ethernet %ort to be added. #ort0&anne' means that the %ort to be added is a lin*4aggregation %ort. interfa0e.name %ort name) such as e131. 5f this o%tion is selected) ethernet or %ortchannel should not be. interfa0e.'ist is the %ort list to be added or deleted) #.& and #4& are su%%orted) for e:am#'e; ethernet131.7.@48.B. Command mode; VLAN Mode. 4efau't; A ne,l' created VLAN contains no %ort b' default. Usage Guide; Access %orts are normal %orts and can ;oin a VLAN) but a %ort can onl' ;oin one VLAN for a time. E:am#'e; Assign Ethernet %ort 1) 7) @48) B of VLAN100. +,itch1Config4Vlan1002-s,itch%ort interface ethernet 131.7.@48.B

    1 1 1* s2it0&#ort mode
    Command; s2it0&#ort mode >trun3 7 a00ess? Fun0tion; +et the %ort in access mode or trun* mode. Parameter; trun3 means the %ort allo,s traffic of multi%le VLAN. a00ess indicates the %ort belongs to one VLAN onl'. Command mode; !ort Mode. 4efau't; The %ort is in Access mode b' default. Usage Guide; !orts in trun* mode is called Trun* %orts. Trun* %orts can allo, traffic of multi%le VLANs to %ass through. VLAN in different s,itches can be interconnected ,ith the Trun* %orts. !orts under access mode are called Access %orts. An access %ort can be assigned to one and onl' one VLAN at a time. E:am#'e; +et %ort : to trun* mode and %ort B to access mode. +,itch1config2-interface ethernet 13: +,itch1Config45f4Ethernet13:2-s,itch%ort mode trun* +,itch1Config45f4Ethernet13:2-e6it +,itch1config2-interface ethernet 13B +,itch1Config45f4Ethernet13B2-s,itch%ort mode access +,itch1Config45f4Ethernet13B2-e6it

    1 1 1+ s2it0&#ort trun3 a''o2ed "'an


    ,

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    Command; s2it0&#ort trun3 a''o2ed "'an >BOR4 7 a'' 7 add BOR4 7 e:0e#t BOR4 7 remo"e BOR4? no s2it0&#ort trun3 a''o2ed "'an Fun0tion; +et trun* %ort to allo, VLAN traffic. the # no s2it0&#ort trun3 a''o2ed "'an& command restores the default setting. Parameter; BOR4; s%ecified V5>s. *e',ord. a''; all V5>s) the range from 1 to @0A@. add; add assigned V5>s behind a''o2 "'an. e:0e#t; all V5> add to a''o2 "'an e6ce%t assigned V5>s. remo"e; delete assigned a''o2 "'an from a''o2 "'an list. Command mode; !ort Mode. 4efau't; Trun* %ort allo,s all VLAN traffic b' default. Usage Guide; The user can use this command to set the VLAN traffic allo,ed to %assthrough the Trun* %ort. traffic of VLANs not included are %rohibited. E:am#'e; +et Trun* %ort to allo, traffic of VLAN1) 7) :420. +,itch1config2-interface ethernet 13: +,itch1Config45f4Ethernet13:2-s,itch%ort mode trun* +,itch1Config45f4Ethernet13:2-s,itch%ort trun* allo,ed $lan 1.7.:420 +,itch1Config45f4Ethernet13:2-e6it

    1 1 1, s2it0&#ort trun3 nati"e "'an


    Command; s2it0&#ort trun3 nati"e "'an <vlan-id> no s2it0&#ort trun3 nati"e "'an Fun0tion; +et the !V5> for Trun* %ort. the #no s2it0&#ort trun3 nati"e "'an& command restores the default setting. Parameter; <vlan-id> is the !V5> for Trun* %ort. Command mode; !ort Mode. 4efau't; The default !V5> of Trun* %ort is 1. Usage Guide; !V5> conce%t is defined in B02.1C. !V5> in Trun* %ort is used to tag untagged frames. /hen a untagged frame enters a Trun* %ort) the %ort ,ill tag the untagged frame ,ith the nati$e !V5> set ,ith this commands for VLAN for,arding. E:am#'e; +et the nati$e VLAN for a Trun* %ort to 100. +,itch1config2-interface ethernet 13: +,itch1Config45f4Ethernet13:2-s,itch%ort mode trun* +,itch1Config45f4Ethernet13:2-s,itch%ort trun* nati$e $lan 100 +,itch1Config45f4Ethernet13:2-e6it

    1 1 1- "'an
    Command; "'an BOR4 no "'an BOR4 Fun0tion; Create VLANs and enter VLAN configuration mode. 5f using D.D and D4D connect

    Commands for VLAN and MAC Address Configuration

    C&a#ter 1 VLAN Configuration

    ,ith multi4VLANs) then onl' create these VLANs. 5f onl' e6isting VLAN) then enter VLAN configuration mode. if the VLAN is not e6ist) then create VLAN and enter VLAN configuration mode. 5n VLAN Mode) the user can set VLAN name and assign the s,itch %orts to the VLAN. The no command deletes s%ecified VLANs. Parameter; /< > is the VLAN 5> to be created3deleted) $alid range is 1 to @0A@) connect ,ith D.D and D4D. Command mode; Global Mode. 4efau't; <nl' VLAN1 is set b' default. Usage Guide; VLAN1 is the default VLAN and cannot be configured or deleted b' the user. The ma6imal VLAN number is @0A@. 5t should be noted that d'namic VLANs learnt b' GV ! cannot be deleted b' this command. E:am#'e; Create VLAN100 and enter the configuration mode for VLAN 100. +,itch1config2-$lan 100 +,itch1Config4Vlan1002-

    1 1 1/ "'an ingress ena!'e


    Command; "'an ingress ena!'e no "'an ingress ena!'e Fun0tion; Enable the VLAN ingress rule for a %ort. the # no "'an ingress ena!'e& command disables the ingress rule. Command mode; Global Mode. 4efau't; VLAN ingress rules are enabled b' default. Usage Guide; /hen VLAN ingress rules are enabled on the %ort) ,hen the s'stem recei$es data it ,ill chec* source %ort first) and for,ards the data to the destination %ort if it is a VLAN member %ort. E:am#'e; >isable VLAN ingress rules on the %ort. +,itch1Config45f4Ethernet1312- no $lan ingress enable

    Commands for VLAN and MAC Address Configuration

    C&a#ter $ Commands for MAC Address Ta!'e Configuration

    C&a#ter $ Commands for MAC Address Ta!'e Configuration


    $ 1 Commands for MAC Address Ta!'e Configuration $ 1 1 ma0.address.ta!'e aging.time
    Command; ma0.address.ta!'e aging.time <0 | aging-time= no ma0.address.ta!'e aging.time Fun0tion; +ets the aging4time for the d'namic entries of MAC address table. Parameter; <aging-time> is the aging4time seconds) range form 10 to 1000000. 0 to disable aging. Command Mode; Global Mode. 4efau't; >efault aging4time is 700 seconds. Usage Guide; The user had better set the aging4time according to the net,or* condition. A too small aging4time ,ill affect the %erformance of the s,itch b' causing too much broadcast) ,hile a too large aging4time ,ill ma*e the unused entries sta' too long in the address table. The d'namic address does aging ,hen the aging4time is set to 0. E:am#'e; +et the aging4time to 900 seconds. +,itch 1config2-mac4address4table aging4time 900

    $ 1 $ ma0.address.ta!'e stati07!'a03&o'e
    Command; ma0.address.ta!'e >stati0 7 !'a03&o'e? address <mac-addr> "'an <vlanid> @interfa0e et&ernet <interface-name>A 7 @sour0e 7 destination 7 !ot&A no ma0.address.ta!'e >stati0 7 !'a03&o'e 7 d8nami0? @address <macaddr>A @"'an <vlan-id>A @interfa0e ethernet <interface-name>A Fun0tion; Add or modif' static address entries and filter address entries. The no command deletes the t,o entries. Parameter; stati0 is the static entries. !'a03&o'e is filter entries) ,hich is for discarding frames from s%ecific MAC address) it can filter source address) destination address or the both. /hen choose the filter entries) blac*hole address can?t based on %ort) and not configure to interface. d8nami0 is d'namic address entries. <mac-addr> MAC address to be added or deleted.<interface-name> name of the %ort transmitting the MAC data %ac*et.<vlan-id> is the $lan number. sour0e is based on source address filter. destination is based on destination address filter. !ot& is based on source address and destination address filter) the default is both. Command Mode; Global Mode 1

    Commands for VLAN and MAC Address Configuration

    C&a#ter $ Commands for MAC Address Ta!'e Configuration

    4efau't; /hen VLAN interface is configured and is u%) the s'stem ,ill generate an static address ma%%ing entr' of ,hich the inherent MAC address corres%onds to the VLAN number. Usage Guide; 5n certain s%ecial a%%lications or ,hen the s,itch is unable to d'namicall' learn the MAC address) users can use this command to manuall' establish ma%%ing relation bet,een the MAC address and %ort and VLAN. no ma0.address.ta!'e command is for deleting all d'namic) static) filter MAC address entries e6isting in the s,itch MAC address list) e6ce%t for the ma%%ing entries retained in the s'stem default. E:am#'e; !ort 131 belongs to VLAN200) and establishes address ma%%ing ,ith MAC address 0040740f4f040041B. +,itch1config2-mac4address4table static address 0040740f4f040041B $lan 200 interface ethernet 131

    $ 1 % s&o2 ma0.address.ta!'e
    Command; s&o2 ma0.address.ta!'e @stati0 7 !'a03&o'e 7 mu'ti0ast 7 aging.time <aging-time= 7 0ountA @address <mac-addr=A @"'an <"'an.id=A @0ountA @interfa0e <interfa0e.name=A Fun0tion; +ho, the current MAC table. Parameter; stati0 static entries. !'a03&o'e filter entries. aging.time <aging-time= address aging time. 0ount entr'?s number) mu'ti0ast multicast entries. <mac-addr> entr'?s MAC address. <vlan-id> entr'?s VLAN number. <interface-name> entr'?s interface name. Command mode; Admin Mode and Configuration Mode. 4efau't; MAC address table is not dis%la'ed b' default. Usage guide; This command can dis%la' $arious sorts of MAC address entries. (sers can also use s&o2 ma0.address.ta!'e to dis%la' all the MAC address entries. E:am#'e; >is%la' all the filter MAC address entries. +,itch-sho, mac4address4table blac*hole

    $ $ Commands for Ma0 Address 6inding 0onfiguration $ $ 1 0'ear #ort.se0urit8 d8nami0


    Command; 0'ear #ort.se0urit8 d8nami0 @address <mac-addr> 7 interfa0e <interfaceid>A Fun0tion; Clear the >'namic MAC addresses of the s%ecified %ort. Command mode; Admin Mode. Parameter; <mac-addr> stands MAC address. <interface-id> for s%ecified %ort number. Usage Guide; The secure %ort must be loc*ed before d'namic MAC clearing o%eration can be %erform in s%ecified %ort. 5f no %orts and MAC are s%ecified) then all d'namic

    Commands for VLAN and MAC Address Configuration

    C&a#ter $ Commands for MAC Address Ta!'e Configuration

    MAC in all loc*ed secure %orts ,ill be cleared. if onl' %ort but no MAC address is s%ecified) then all MAC addresses in the s%ecified %ort ,ill be cleared. E:am#'e; >elete all d'namic MAC in %ort1. +,itch-clear %ort4securit' d'namic interface Ethernet 131

    $ $ $ ma0.address.ta!'e #eriodi0.monitor.time
    Command; ma0.address.ta!'e #eriodi0.monitor.time <*.-+(11= Fun0tion; +et the MAC monitor inter$al to count the added and deleted MAC in time) and send out them ,ith tra% message. Parameter; <*.-+(11=; the inter$al is : to B9@00 seconds. Command mode; Global Mode. 4efau't; 90 seconds. Usage Guide; Associate this command ,ith mac4address4table s'nchroniEing enable command to use. E:am#'e; +et the MAC monitor inter$al as 120 seconds. +,itch1Config2-mac4address4table %eriodic4monitor4time 120

    $ $ % ma0.address.ta!'e s8n0&roni9ing ena!'e


    Command; ma0.address.ta!'e s8n0&roni9ing ena!'e no ma0.address.ta!'e s8n0&roni9ing ena!'e Fun0tion; Enable the monitor function for MAC) if a MAC is added or deleted) the s'stem ,ill re%ort this monitored e$ent. the no command ,ill cancel this function. Parameter; None. Command mode; Global Mode. 4efau't; >isable. Usage Guide; The user enables this function to obtain the status of the MAC changing or the accessed user. E:am#'e; Enable the monitor function for MAC. +,itch1Config2-mac4address4table s'nchroniEing enable

    $ $ ( s&o2 #ort.se0urit8
    Command; s&o2 #ort.se0urit8 Fun0tion; >is%la' the secure MAC addresses of the %ort. Command mode; Admin Mode and other configuration Mode. 4efau't; The s,itch is not dis%la' %ort4securit' configuration. Usage Guide; This command dis%la's the secure %ort MAC address information. E:am#'e; +,itch-sho, %ort4securit'

    Commands for VLAN and MAC Address Configuration +ecurit' !ort

    C&a#ter $ Commands for MAC Address Ta!'e Configuration

    Ma6+ecurit' Addr CurrentAddr +ecurit' Action 1count2 1count2 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 Ethernet131 1 1 !rotect Ethernet137 10 1 !rotect Ethernet13: 1 0 !rotect 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 Ma6 Addresses limit in +'stem "12B Total Addresses in +'stem "2 >is%la'ed information +ecurit' !ort Ma6+ecurit'Addr CurrentAddr +ecurit' Action Total Addresses in +'stem Ma6 Addresses +'stem limit in E6%lanation 5s %ort enabled as a secure %ort. The ma6imum secure MAC address number set for the securit' %ort. The current secure MAC address number of the securit' %ort. The $iolation mode of the %ort configuration. The current secure MAC address number of the s'stem. The ma6imum secure MAC address number of the s'stem.

    $ $ * s&o2 #ort.se0urit8 address


    Command; s&o2 #ort.se0urit8 address @interfa0e <interface-id>A Fun0tion; >is%la' the secure MAC addresses of the %ort. Command mode; Admin Mode and other configuration Mode. Parameter; <interface-id > stands for the %ort to be dis%la'ed. Usage Guide; This command dis%la's the secure %ort MAC address information) if no %ort is s%ecified) secure MAC addresses of all %orts are dis%la'ed. The follo,ing is an e6am%le" +,itch-sho, %ort4securit' address interface ethernet 137 +ecurit' Mac Address Table 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 Vlan Mac Address T'%e !orts 1 0000.0000.1111 +ecureConfigured Ethernet131 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 Total Addresses " 1 >is%la'ed information Vlan Mac Address T'%e ( E6%lanation The VLAN 5> for the secure MAC Address. +ecure MAC address. +ecure MAC address t'%e.

    Commands for VLAN and MAC Address Configuration !orts Total Addresses

    C&a#ter $ Commands for MAC Address Ta!'e Configuration The %ort that the secure MAC address belongs to. Current secure MAC address number in the s'stem.

    $ $ + s&o2 #ort.se0urit8 interfa0e


    Command; s&o2 #ort.se0urit8 interfa0e <interface-id> Fun0tion; >is%la' the configuration of secure %ort. Command mode; Admin Mode and other configuration Mode. Parameter; <interface-id > stands for the %ort to be dis%la'ed. 4efau't; Configuration of secure %orts is not dis%la'ed b' default. Usage Guide; This command dis%la's the detailed configuration information for the secure %ort. E:am#'e; +,itch-sho, %ort4securit' interface ethernet 131 !ort +ecurit' " Enabled !ort status " +ecurit' (% Violation mode " !rotect Ma6imum MAC Addresses " 1 Total MAC Addresses " 1 Configured MAC Addresses " 1 Loc* Timer is +hut>o,n Mac4Learning function is " <%ened >is%la'ed information !ort +ecurit' !ort status Violation mode Ma6imum MAC Addresses Total MAC Addresses Configured MAC Addresses Loc* Timer Mac4Learning function E6%lanation 5s %ort enabled as a secure %ort. !ort secure status. Violation mode set for the %ort. The ma6imum secure number set for the %ort. MAC address

    Current secure MAC address number for the %ort. Current secure static MAC address number for the %ort. /hether loc*ing timer 1timer timeout2 is enabled for the %ort. 5s the MAC address learning function enabled.

    $ $ , s2it0&#ort #ort.se0urit8
    *

    Commands for VLAN and MAC Address Configuration

    C&a#ter $ Commands for MAC Address Ta!'e Configuration

    Command; s2it0&#ort #ort se0urit8 no s2it0&#ort #ort se0urit8 Fun0tion; Enable MAC address binding function for the %ort. the # no s2it0&#ort #ort. se0urit8& command disables the MAC address binding function for the %ort. Command mode; !ort Mode. 4efau't; MAC address binding is not enabled b' default. Usage Guide; The MAC address binding function and !ort Aggregation functions are mutuall' e6clusi$e. Therefore) if MAC binding function for a %ort is to be enabled) the !ort Aggregation functions must be disabled) and the %ort enabling MAC address binding must not be a Trun* %ort. E:am#'e; Enable MAC address binding function for %ort 1and. +,itch1config2-interface Ethernet 131 +,itch1Config45f4Ethernet1312- s,itch%ort %ort securit'

    $ $ - s2it0&#ort #ort.se0urit8 0on"ert


    Command; s2it0&#ort #ort.se0urit8 0on"ert Fun0tion; Con$erts d'namic secure MAC addresses learned b' the %ort to static secure MAC addresses) and disables the MAC address learning function for the %ort. Command mode; !ort Mode. Usage Guide; The %ort d'namic MAC con$ert command can onl' be e6ecuted after the secure %ort is loc*ed. After this command has been e6ecuted) d'namic secure MAC addresses learned b' the %ort ,ill be con$erted to static secure MAC addresses. The command does not reser$e configuration. E:am#'e; Con$erting MAC addresses in %ort 1 to static secure MAC addresses. +,itch1config2-interface Ethernet 131 +,itch1Config45f4Ethernet1312- s,itch%ort %ort4securit' con$ert

    $ $ / s2it0&#ort #ort.se0urit8 'o03


    Command; s2it0&#ort #ort.se0urit8 'o03 no s2it0&#ort #ort.se0urit8 'o03 Fun0tion; Loc* the %ort. After the %ort is loc*ed) the MAC4address learning function ,ill be shut do,n. the no o%eration of this command ,ill reset the MAC4address learning function. Command Mode; !ort Configuration Mode. 4efau't; !orts are unloc*ed. Usage Guide; !orts can onl' be loc*ed after the MAC4address binding function is enabled. /hen a %ort becomes loc*ed) its MAC learning function ,ill be disabled. E:am#'es; Loc* %ort 1. +,itch1config2-interface Ethernet 131

    Commands for VLAN and MAC Address Configuration

    C&a#ter $ Commands for MAC Address Ta!'e Configuration

    +,itch1Config45f4Ethernet1312-s,itch%ort %ort4securit' loc*

    $ $ 11 s2it0&#ort #ort.se0urit8 ma0.address


    Command; s2it0&#ort #ort.se0urit8 ma0.address <mac-address> no s2it0&#ort #ort.se0urit8 ma0.address <mac-address> Fun0tion; Add a static secure MAC address. the # no s2it0&#ort #ort.se0urit8 ma0. address& command deletes a static secure MAC address. Command mode; !ort Mode. Parameters; <mac-address> stands for the MAC address to be added or deleted. Usage Guide; The MAC address binding function must be enabled before static secure MAC address can be added. E:am#'e; Adding MAC 0040740F4FE42E4>7 to %ort1. +,itch1config2-interface Ethernet 131 +,itch1Config45f4Ethernet1312-s,itch%ort %ort4securit' mac4address 0040740F4FE42E4>7

    $ $ 11 s2it0&#ort #ort.se0urit8 ma:imum


    Command; s2it0&#ort #ort.se0urit8 ma:imum <value> no s2it0&#ort #ort.se0urit8 ma:imum Fun0tion; +ets the ma6imum number of secure MAC addresses for a %ort. the # no s2it0&#ort #ort.se0urit8 ma:imum& command restores the ma6imum secure address number of 1. Command mode; !ort Mode. Parameter; < value> is the u% limit for static secure MAC address) the $alid range is 1 to 12B. 4efau't; The default ma6imum %ort secure MAC address number is 1. Usage Guide; The MAC address binding function must be enabled before ma6imum secure MAC address number can be set. 5f secure static MAC address number of the %ort is larger than the ma6imum secure MAC address number set) the setting fails. e6tra secure static MAC addresses must be deleted) so that the secure static MAC address number is no larger than the ma6imum secure MAC address number for the setting to be successful. E:am#'e; +et the ma6imum secure MAC address number for %ort 1. +,itch1config2-interface Ethernet 131 +,itch1Config45f4Ethernet1312- s,itch%ort %ort4securit' ma6imum @

    $ $ 1$ s2it0&#ort #ort.se0urit8 timeout


    Command; s2it0&#ort #ort.se0urit8 timeout <value>

    Commands for VLAN and MAC Address Configuration

    C&a#ter $ Commands for MAC Address Ta!'e Configuration

    no s2it0&#ort #ort.se0urit8 timeout Fun0tion; +et the timer for %ort loc*ing. the # no s2it0&#ort #ort.se0urit8 timeout& command restores the default setting. Parameter; < value> is the timeout $alue) the $alid range is 0 to 700s. Command mode; !ort Mode. 4efau't; !ort loc*ing timer is not enabled b' default. Usage Guide; The %ort loc*ing timer function is a d'namic MAC address loc*ing function. MAC address loc*ing and con$ersion of d'namic MAC entries to secure address entries ,ill be %erformed on loc*ing timer timeout. The MAC address binding function must be enabled %rior to running this command. E:am#'e; +et %ort1 loc*ing timer to 70 seconds. +,itch1config2-interface Ethernet 131 +,itch1Config45f4Ethernet1312- s,itch%ort %ort4securit' timeout 70

    $ $ 1% s2it0&#ort #ort.se0urit8 "io'ation


    Command; s2it0&#ort #ort.se0urit8 "io'ation >#rote0t 7 s&utdo2n? no s2it0&#ort #ort.se0urit8 "io'ation Fun0tion; Configure the %ort $iolation mode. The # no s2it0&#ort #ort.se0urit8 "io'ation& restore the $iolation mode to %rotect. Command Mode; !ort mode. Parameter; #rote0t refers to %rotect mode. s&utdo2n refers to shutdo,n mode. 4efau't; The %ort $iolation mode is #rote0t b' default. Usage Guide; The %ort $iolation mode configuration is onl' a$ailable after the MAC address binding function is enabled. ,hen the %ort secure MAC address e6ceeds the securit' MAC limit) if the $iolation mode is #rote0t) the %ort onl' disable the d'namic MAC address learning function. ,hile the %ort ,ill be shut if at s&utdo2n mode. (sers can manuall' o%en the %ort ,ith no s&utdo2n command. E:am#'e +et the $iolation mode of %ort 1 to shutdo,n. +,itch1config2-interface Ethernet 131 +,itch1Config45f4Ethernet1312- s,itch%ort %ort4securit' $iolation shutdo,n

    You might also like