- Various Configs
- Firmware
- Information
- Passwords Security
- Console Timeouts
- DHCP- Snooping
- Loop-Protect
- Client Tracker
- Drop IPv6 Traffic
- Port Mirroring
| Command | Description |
|---|---|
hostname NAME |
Sets the switch hostname |
logging IP |
Sends syslogs to the IP address |
logging command |
Enables local command logging |
timesync sntp
sntp unicast
sntp server priority 1 IP
time daylight-time-rule western-europe
time timezone 60
snmpv3 enable
snmpv3 user SNMP_USER auth sha PASSWD priv aes PASSWD
snmpv3 group operatorauth user "SNMP_USER" sec-model ver3
no snmpv3 user initial
snmpv3 only
no snmp-server community public
snmp-server response-source dst-ip-of-request
snmp-server contact "EMAIL" location "LOCATION"
ip authorized-managers 10.1.0.0 255.255.0.0 access manager
copy usb flash WC_16_08_0001.swi primary
boot system flash primary
| Command | Description |
|---|---|
chassislocate |
Turns on/off locator led |
chassislocate vsf member ID <on/off> |
Turns locator led for the stack member |
sh version |
Shows software version |
| Command | Description |
|---|---|
include-credentials |
Includes the credentials on the config file |
encrypt-credentials |
Encrypts the included credentials |
password non-plaintext-sha2 |
Credentils are encrypted using SHA256 |
| Command | Description |
|---|---|
console idle-timeout SECS |
Disconects iddle session after SECS seconds |
console idle-timeout serial-usb SECS |
| Command | Description |
|---|---|
dhcp-snooping |
Enables DHCP Snooping |
dhcp-snooping vlan VLAN |
Applies DHCP snooping on VLAN |
dhcp-snooping trust PORT |
Trusts all DHCP from the PORT |
sh dhcp-snooping stats |
Shows dhcp snooping statistics |
sh dhcp-snooping binding |
Shows dhcp snooping bindings information |
sh dhcp-snooping server-details |
DHCP snooping server details |
| Command | Description |
|---|---|
loop-protect PORTS |
Enables loop protection in the especified ports |
loop-protect PORTS receiver-action send-recv-dis |
|
loop-protect disable-timer TIME |
Disables ports for TIME seconds when a loop detected |
loop-protect trap loop-detected |
Sends a Trap when loop detected |
sh loop-protect [PORT] |
Shows loop protction info [for the port] |
| Command | Description |
|---|---|
ip client-tracker |
|
ip client-tracker probe-delay SEC |
Delays ARP probes by SEC seconds |
1- Create access list to DROP IPv6:
ipv6 access-list "DROP-ALL-V6"
10 deny ipv6 ::/0 ::/0
exit
2- Apply ACL to interfaces
ipv6 access-group "DROP-ALL-V6" in
- Create the mirror and assign the local mirroring port:
(Switch)# mirror SESSION_ID port PORT [name NAME]
Where SESSION_ID stands for ID for the session, value 1-4, and PORT stands for Switch port to send mirrored traffic
-
Assign the monitored ports, vlans or mac addresses to the created mirroring session. This will send the traffic to the PORT assigned in previous step:
- By port: The traffic from a switch port sent to the mirror session
- By VLAN: Traffic from a VLAN sent to the mirror session
- By mac-address: All traffic from the mac address sent to the session
(Switch)# interface {port | trunk | mesh} monitor all {in | out | both} mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] | [{session-# | name-str}] [no-tag-added]
(switch) vlan vid-# monitor all {in | out | both} mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] [{session-# | name-str}]
(switch)# monitor mac mac-addr [src | dest | both] mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] [{session-# | name-str}]
- Source Switch
- Create the session, assign the source ip address and source udp port used in the source switch and assign the destination ip address of the remote switch
- Assign the monitored ports, vlans or mac addresses to any of the created remote port mirroring sessions
mirror SESSION_ID [name name-str] remote ip src-ip src-udp-port dst-ip [truncation]
interface {port | trunk | mesh} monitor all {in | out | both} mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] | [{session-# | name-str}] [no-tag-added]
vlan vid-# monitor all {in | out | both} mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] [{session-# | name-str}]
monitor mac mac-addr [src | dest | both] mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] [{session-# | name-str}]
- Destination Switch
- Use the same parameters (source ip address, source udp port, destination ip address) employed in the source switch configuration, and assign the mirroring port:
mirror endpoint ip src-ip src-udp-port dst-ip port exit-port-#
(config) [no] vlan VLAN_ID ip igmp
By default, enables IGMP Querier
[no] vlan <vid> ip igmp querier
vlan <vid> ip igmp [ auto <port-list> | blocked <port-list> | forward <port-list> ]
show ip igmp [vlan VLAN_ID]
show ip igmp config
show ip igmp vlan VLANID config
show ip igmp statistics
show ip igmp statistics
show ip igmp groups
To view for specific VLAN with specified address:
show ip igmp vlan VLAN_ID group IP_ADDR
igmp lookup-mode ip
(config) vlan VLANID ip igmp version 3
debug destination buffer
debug ip igmp
show debug
show debug buffer | include TXT
Configure one switch with VSF and a second, factory default switch that is connected will join and form a VSF automatically
Configure Member 1 – configure one switch with VSF and reboot
vsf member 1 link 1 b1
vsf enable domain 2
Connnect Member 2 – connect a factory default switch to the VSF port configured on Member 1. After a few brief moments, the VSF will detect the new device, reboot the new switch and join the VSF.
Configure both VSF members manually
Assign VSF ports to VSF link Enable VSF domain ID and reboot
vsf member 1 link 1 b1
vsf enable domain 2
vsf member 2 link 1 b1
vsf enable domain 2
Connect VSF switches –connect member 1 and 2 configured VFS ports before member 2 finish its boot cycle and validate VSF status after reboot
Chassis type; called loose provision Chassis type and mac-address; called strict provisioning Connect a second member matching the provisioning
vsf enable domain 1
switch(config)# vsf member 1 link 1 1/49,1/50
switch(config)# vsf member 1 link 2 1/51,1/52
On Member 1, provision Member 2 – after Member 1 reboots, provision Member 2 for either:
Loose provision – This scenario is will allow ANY device with matching J# to join the VSF domain for this you will need to get the device J# (you can find it when you execute show running-config)
switch(config)# vsf member 2 type jl256a
switch(config)# vsf member 2 link 1 2/49,2/50
switch(config)# vsf member 2 link 2 2/51,2/52
Strict provision - This scenario is will only devices with matching J# + MAC to join the VSF domain for this you will need to get the device J# and MAC address (you can find them when you executing show running-config, and show system)
switch(config)# vsf member 2 type jl256a mac-address e0071b-000002
switch(config)# vsf member 2 link 1 2/49,2/50
switch(config)# vsf member 2 link 2 2/51,2/52
For Member 2 to join the stack it can either be default configuration or pre-provisioned as well
To avoid broadcast storms or loops in your network while configuring a VSF, it is recommended to first disconnect or disable all ports you want to add to or remove from the VSF. After you finish configuring the VSF, enable or re-connect the ports.
show vsf
show vsf detail
show vsf link
show vsf link detail
vsf member x priority xxx -> If all members have the same priority, the member with the lowest MAC address is selected as Commander
show running-config
#Removing and shutting down a VSF member
vsf member <x> remove
#Shutting down a member
vsf member <x> shutdown
#Commander failover to the Standby
redundancy switchover
Shutdown or power down the affected member
vsf member <x> shutdown
Physically disconnect all VSF links
From the Commander, remove VSF related port/link configuration for the old member in the stack
no vsf member 2 link 1 2/b5
From the Commander, remove the module (via software) that the VSF link was configured for the old member
no module 2/b
From the Commander, loose (or strict, adding mac-address) provision the new member in the stack
vsf member 2 type J9850A <optional mac-address>
Connect the new, factory default member, to the port where previous old member was connected
New VSF member will reboot and join the VSF stack through plug-n-play
If the member is to be replaced with a different model, the member must first be removed from the configuration
vsf member <x> remove
Once the switch has been shut down, disconnected, or removed from the VSF configuration (if required), use the following command to replace it in the VSF configuration and re-add VSF link port assignments (replace the type and MAC address with your desired values):
switch(config)# vsf member 6 type jl256a mac-address e0071b-000001
switch(config)# vsf member 6 link 1 6/49,6/50
switch(config)# vsf member 6 link 2 6/51,6/52
erase startup-config - restore the factory default configuration using the console
copy tftp startup-config 10.1.0.12 xxxxx.cfg
show config files
startup-default primary config xxxxx.cfg
boot system flash primary