Manual 4500

3Com Switch 4500G Family Configuration Guide

4500G 24-Port (3CR17761-91)4500G 48-Port (3CR17762-91)4500G 24-Port PWR (3CR17771-91)4500G 48-Port PWR (3CR17772-91)www.3Com.com Part Number: 10014900 Rev. ACPublished: February 2008

3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064

Copyright 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Coms standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation.

Cisco is a registered trademark of Cisco Systems, Inc.

Funk RADIUS is a registered trademark of Funk Software, Inc.

Aegis is a registered trademark of Aegis Group PLC.

Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.

IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.

All other company and product names may be trademarks of the respective companies with which they are associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

CONTENTS

ABOUT THIS GUIDEOrganization of the Manual 15Intended Readership 16Conventions 16Related Documentation 17

1 LOGGING INTO AN ETHERNET SWITCHLogging into an Ethernet Switch 19Introduction to the User Interface 19

2 LOGGING IN THROUGH THE CONSOLE PORTIntroduction 23Setting up the Connection to the Console Port 23Console Port Login Configuration 26Console Port Login Configuration with Authentication Mode Being None 28Console Port Login Configuration with Authentication Mode Being Password 31Console Port Login Configuration with Authentication Mode Being Scheme 34

3 LOGGING IN THROUGH TELNETIntroduction 39Telnet Configuration with Authentication Mode Being None 41Telnet Configuration with Authentication Mode Being Password 44Telnet Configuration with Authentication Mode Being Scheme 47Telnet Connection Establishment 51

4 LOGGING IN USING MODEMIntroduction 55Configuration on the Administrator Side 55Configuration on the Switch Side 55Modem Connection Establishment 56

5 LOGGING IN THROUGH WEB-BASED NETWORK MANAGEMENT SYSTEMIntroduction 59

HTTP Connection Establishment 59Web Server Shutdown/Startup 61

4 CONTENTS

6 LOGGING IN THROUGH NMSIntroduction 63Connection Establishment Using NMS 63

7 CONTROLLING LOGIN USERSIntroduction 65Controlling Telnet Users 65Controlling Network Management Users by Source IP Addresses 68Controlling Web Users by Source IP Address 70

8 BASIC SYSTEM CONFIGURATION AND MAINTENANCECommand Line Feature 73Basic System Configuration 80Displaying the System Status 85

9 SYSTEM MAINTENANCE AND DEBUGGINGSystem Maintenance and Debugging Overview 87System Maintenance and Debugging Configuration 89System Maintenance Example 90

10 DEVICE MANAGEMENTIntroduction to Device Management 91BootROM and Host Software Loading 91Device Management Configuration 104Displaying the Device Management Configuration 106Remote Switch Update Configuration Example 106

11 FILE SYSTEM MANAGEMENTFile System Management 109Configuration File Management 111FTP Configuration 116TFTP Configuration 122

12 VLAN CONFIGURATIONVLAN Overview 125Basic VLAN Configuration 126Basic VLAN Interface Configuration 127Port-Based VLAN Configuration 127Displaying VLAN Configuration 131VLAN Configuration Example 132

13 VOICE VLAN CONFIGURATION

Voice VLAN Overview 133

CONTENTS 5

Voice VLAN Configuration 135Displaying and Maintaining Voice VLAN 137Voice VLAN Configuration Example 138

14 GVRP CONFIGURATIONIntroduction to GARP 141Configuring GVRP 144Displaying and Maintaining GVRP 145GVRP Configuration Example 145

15 ETHERNET INTERFACE CONFIGURATIONGeneral Ethernet Interface Configuration 151Maintaining and Displaying an Ethernet Interface 159

16 LINK AGGREGATION CONFIGURATIONLink Aggregation Overview 161Approaches to Link Aggregation 163Configuring Link Aggregation 166Displaying and Maintaining Link Aggregation 168Link Aggregation Configuration Example 169

17 PORT ISOLATION CONFIGURATIONPort Isolation Overview 171Port Isolation Configuration 171Displaying Port Isolation Configuration 171Port Isolation Configuration Example 172

18 MAC ADDRESS TABLE MANAGEMENTIntroduction to Managing MAC Address Table 173Configuring the MAC Address Table 174Displaying and Maintaining the MAC Address Table 176MAC Address Table Management Configuration Example 176

19 MSTP CONFIGURATIONMSTP Overview 179Configuring the Root Bridge 192Configuring Leaf Nodes 204Performing mCheck 208MSTP Configuration Example 212

20 IP ADDRESSING CONFIGURATIONConfiguring IP Addresses 219

Displaying IP Addressing 220

6 CONTENTS

21 IP PERFORMANCE CONFIGURATIONIntroduction to IP performance 221Configuring TCP attributes 221Configuring sending ICMP error packets 222Permitting Receiving and Forwarding of Directed Broadcast Packets 224Displaying and maintaining IP performance 226

22 IPV4 ROUTING OVERVIEWIP Routing and Routing Table 227Routing Protocol Overview 229Displaying and Maintaining a Routing Table 231

23 CONFIGURING IPV6IPv6 Overview 233Configuring Basic IPv6 Functions 242Configuring IPv6 NDP 243Configuring PMTU Discovery 246Configuring IPv6 TCP Properties 247Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time 248Configuring IPv6 DNS 248Displaying and Maintaining IPv6 249IPv6 Configuration Example 250

24 CONFIGURING IPV6 APPLICATIONSIntroduction to IPv6 Application 255Ping IPv6 255Traceroute IPv6 255FTP Configuration 256TFTP Configuration 256IPv6 Telnet 257Examples of Typical IPv6 Application Configurations 258Troubleshooting IPv6 Application 260

25 STATIC ROUTING CONFIGURATIONIntroduction 263Configuring Static Route 264Displaying and Maintaining Static Routes 265Example of Static Routes Configuration 265

26 RIP CONFIGURATIONRIP Overview 269RIP Basic Configuration 273RIP Route Control 275

RIP Configuration Optimization 278

CONTENTS 7

Displaying and Maintaining RIP 280RIP Configuration Example 281Troubleshooting RIP Configuration 282

27 ROUTING POLICY CONFIGURATIONIntroduction to Routing Policy 285Defining Filtering Lists 287Configuring a Routing Policy 287Displaying and Maintaining the Routing Policy 290Routing Policy Configuration Example 290Troubleshooting Routing Policy Configuration 292

28 802.1X CONFIGURATION802.1x Overview 293Configuring 802.1x 302Configuring GuestVlan 304Displaying and Maintaining 802.1x 304802.1x Configuration Example 305Typical GuestVlan Configuration Example 307

29 HABP CONFIGURATIONIntroduction to HABP 311HABP Server Configuration 311HABP Client Configuration 312Displaying HABP 312

30 MAC AUTHENTICATION CONFIGURATIONMAC Authentication Overview 313Configuring MAC Authentication 313Displaying and Maintaining MAC Authentication 314MAC Authentication Configuration Example 315

31 AAA, RADIUS, AND TACACS+ CONFIGURATIONOverview 317Configuration Tasks 326AAA Configuration 328RADIUS Configuration 335TACACS+ Configuration 342Displaying and Maintaining AAA & RADIUS & TACACS+ Information 346AAA & RADIUS & TACACS+ Configuration Example 347Troubleshooting AAA & RADIUS & TACACS+ Configuration 353

32 IGMP SNOOPING CONFIGURATION

IGMP Snooping Overview 355

8 CONTENTS

IGMP Snooping Configuration Tasks 358Configuring Basic Functions of IGMP Snooping 359Configuring Port Functions 361Configuring IGMP-Related Functions 364Configuring a Multicast Group Policy 367Displaying and Maintaining IGMP Snooping 370IGMP Snooping Configuration Examples 371Troubleshooting IGMP Snooping Configuration 374

33 MULTICAST VLAN CONFIGURATIONMulticast VLAN 377

34 ARP CONFIGURATIONARP Overview 381Configuring ARP 382Configuring Gratuitous ARP 384Displaying and Maintaining ARP 385

35 PROXY ARP CONFIGURATIONProxy ARP Overview 387Enabling Proxy ARP 387Displaying and Maintaining Proxy ARP 388

36 DHCP OVERVIEWIntroduction to DHCP 389DHCP Address Allocation 389DHCP Message Format 391Protocols and Standards 392

37 DHCP RELAY AGENT CONFIGURATIONIntroduction to DHCP Relay Agent 393Configuring the DHCP Relay Agent 394Displaying and Maintaining the DHCP Relay Agent Configuration 400DHCP Relay Agent Configuration Example 401Troubleshooting DHCP Relay Agent Configuration 402

38 DHCP CLIENT CONFIGURATIONIntroduction to DHCP Client 403Enabling the DHCP Client on an Interface 403Displaying the DHCP Client 404DHCP Client Configuration Example 404

CONTENTS 9

39 DHCP SNOOPING CONFIGURATIONDHCP Snooping Overview 405Configuring DHCP Snooping 406Displaying DHCP Snooping 406DHCP Snooping Configuration Example 406

40 BOOTP CLIENT CONFIGURATIONIntroduction to BOOTP Client 409Configuring an Interface to Dynamically Obtain an IP Address through BOOTP 410Displaying BOOTP Client Configuration 410

41 ACL OVERVIEWACL Overview 411Time-Based ACL 411IPv4 ACL 411

42 IPV4 ACL CONFIGURATIONCreating a Time Range 415Configuring a Basic IPv4 ACL 417Configuring an Advanced IPv4 ACL 418Configuring an Ethernet Frame Header ACL 420Displaying and Maintaining IPv4 ACLs 422IPv4 ACL Configuration Example 422

43 QOS OVERVIEWIntroduction 425Traditional Packet Delivery Service 425New Requirements Brought forth by New Services 425Occurrence and Influence of Congestion and the Countermeasures 426Major Traffic Management Techniques 427LR Configuration 432

44 QOS POLICY CONFIGURATIONOverview 435Configuring QoS Policy 435Introducing Each QoS Policy 436Configuring QoS Policy 436Displaying QoS Policy 441

45 CONGESTION MANAGEMENTOverview 443Congestion Management Policy 443

Configuring SP Queue Scheduling 445

10 CONTENTS

Configuring WRR Queue Scheduling 446Configuring SP+WRR Queue Scheduling 447

46 PRIORITY MAPPINGOverview 449Configuring Port Priority 450Displaying Priority Mapping Table 451

47 VLAN POLICY CONFIGURATIONOverview 453Applying VLAN Policies 453Displaying and Maintaining VLAN Policy 454VLAN Policy Configuration Example 454

48 TRAFFIC MIRRORING CONFIGURATIONOverview 455Configuring Traffic Mirroring to Port 455Displaying Traffic Mirroring Configuration 456Traffic Mirroring Configuration Example 456

49 PORT MIRRORING CONFIGURATIONIntroduction to Port Mirroring 459Configuring Local Port Mirroring 460Displaying Port Mirroring 460Examples of Typical Port Mirroring Configuration 461

50 GMP V2 CONFIGURATIONIntroduction to GMP V2 463GMP V2 Configuration Task Overview 468Management Device Configuration 469Configuring Member Devices 476Displaying and Maintaining a Cluster 477GMP V2 Configuration Example 478

51 SNMP CONFIGURATIONSNMP Overview 481Configuring Basic SNMP Functions 483Trap Configuration 485Displaying and Maintaining SNMP 486SNMP Configuration Example 486

52 RMON CONFIGURATIONRMON Overview 489

CONTENTS 11

Configuring RMON 492Displaying and Maintaining RMON 493RMON Configuration 493

53 NTP CONFIGURATIONNTP Overview 495Configuring the Operation Modes of NTP 499Configuring Optional Parameters of NTP 502Configuring Access-Control Rights 503Configuring NTP Authentication 504Displaying and Maintaining NTP 506NTP Configuration Examples 506

54 DNS CONFIGURATIONDNS Overview 519Configuring Static Domain Name Resolution 521Configuring Dynamic Domain Name Resolution 521Displaying and Maintaining DNS 522Troubleshooting DNS Configuration 522

55 INFORMATION CENTERInformation Center Overview 523Configuring Information Center 524Displaying and Maintaining Information Center 530Information Center Configuration Example 531

56 NQA CONFIGURATIONNQA Overview 537Configuring NQA Tests 538Configuring Optional Parameters for NQA Tests 555Displaying and Maintaining NQA 558

57 SSH TERMINAL SERVICESSH Overview 559Configuring the SSH Server 562Configuring the SSH Client 567Configuring the Device as an SSH Client 572Displaying and Maintaining the SSH Protocol 573SSH Configuration Example 573SSH Client Configuration Example 576

58 SFTP SERVICESFTP Overview 579

Configuring the SFTP Server 579

12 CONTENTS

Configuring the SFTP Client 580SFTP Configuration Example 584

59 UDP HELPER CONFIGURATIONIntroduction to UDP Helper 587Configuring UDP Helper 588Displaying and Maintaining UDP Helper 588UDP Helper Configuration Example 589

60 SSL CONFIGURATIONSSL Overview 591Configuring an SSL Server Policy 592Configuring an SSL Client Policy 594Displaying and Maintaining SSL 594Troubleshooting SSL Configuration 595

61 HTTPS SERVER CONFIGURATIONHTTPS Server Overview 597Enabling the Functions of HTTPS Server 598Associating HTTPS Server with Certificate Access Control Policy 599Associating HTTPS Server with ACL 599Displaying and Maintaining HTTPS Server 599Configuration Examples for HTTPS Server 600

62 PKI CONFIGURATIONIntroduction to PKI 603Introduction to PKI Configuration Task 605Configuring PKI Certificate Request 605Configuring PKI Certificate Validation 612Configuring a Certificate Attribute Access Control Policy 613Displaying and Maintaining PKI 614Typical Configuration Examples 614Troubleshooting 617

63 POE CONFIGURATIONPoE Overview 619PoE Configuration Tasks 620Configuring the PoE Interface 620Configuring PD Power Management 623Configuring a Power Alarm Threshold for the PSE 624Upgrading PSE Processing Software Online 624Configuring a PD Disconnection Detection Mode 625Enabling the PSE to Detect Nonstandard PDs 625Displaying and Maintaining PoE 626

PoE Configuration Example 626

CONTENTS 13

Troubleshooting PoE 628

14 CONTENTS

DHCPDetails dynamic host configuration protocol. ACL ConfigurationDetails ACL configuration.

QoSDetails quality of service configuration.

Port MirroringDetails local and remote port mirroring configuration.

ClusteringDetails clustering configuration.

SNMPDetails simple network management protocol configuration.

RMONDetails remote monitoring configuration.ABOUT THIS GUIDE

This guide provides information about configuring your network using the commands supported on the 3Com Switch 4500G Family.

The descriptions in this guide applies to the Switch 4500G.

Organization of the Manual

The Switch 4500G Family Configuration Guide consists of the following chapters:

Logging InProvides information on the different ways to log into the switch.

Basic System Configuration and Maintenance OperationDetails the basic configuration and maintenance of a switch.

File System ManagementDetails how to manage storage devices.

VLAN OperationDetails VLAN, including Voice VLANS and GVRP configuration.

Port Correlation ConfigurationDetails Ethernet interface, link aggregation and port isolation configuration.

MAC Address Table ManagementDetails MAC address table configuration.

MSTPDetails multiple spanning tree protocol configuration.

IP Address and Performance OperationDetails how to assign IP addresses to interfaces and to adjust the parameters for the best IP performance.

IPV4 Routing OperationDetails IPV4 routing operation, static routing and policy configuration and RIP configuration

802.1x HABP MAC Authorization OperationDetails HABP, 802.1x and MAC Authentication Configuration.

AAA &RADIUSDetails AAA and RADIUS configuration.

Multicast ProtocolDetails multicast protocol configuration.

ARPDetails address resolution protocol table configuration. NTPDetails network time protocol configuration.

16 ABOUT THIS GUIDE

DNSDetails domain name system configuration.

Information CenterDetails information center configuration.

NQADetails network quality analyzer configuration.

SSHDetails secure shell authentication.

UDPDetails UDP helper configuration.

SSLDetails secure socket layer configuration.

PKIDetails public key infrastructure configuration.

PoEDetails power over Ethernet configuration.

Intended Readership The manual is intended for the following readers:

Network administrators

Network engineers

Users who are familiar with the basics of networking

Conventions This manual uses the following conventions:

Table 1 Icons

Icon Notice Type Description

Information note Information that describes important features or instructions.

Caution Information that alerts you to potential loss of data or potential damage to an application, system, or device.

Warning Information that alerts you to potential personal injury.

Table 2 Text conventions

Convention Description

Screen displays

This typeface represents text as it appears on the screen.

Keyboard key names

If you must press two or more keys simultaneously, the key names are linked with a plus sign (+), for example:

Press Ctrl+Alt+Del

The words enter and type

When you see the word enter in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says type.

Fixed command text

This typeface indicates the fixed part of a command text. You must type the command, or this part of the command, exactly as shown, and press Return or Enter when you are ready to enter the command.

Example: The command display history-command must be entered exactly as shown.

Variable command text

This typeface indicates the variable part of a command text. You must type a value here, and press Return or Enter when you are ready to enter the command.

Example: in the command super level, a value in the range 0 to 3 must

be entered in the position indicated by level.

Related Documentation 17

Related Documentation

In addition to this guide, the Switch 4500G documentation set includes the following:

3Com Switch 4500G Family Quick Reference Guide

This guide contains:

a list of the features supported by the switch.

a summary of the command line interface commands for the switch. This guide is also available under the Help button on the web interface.

3Com Switch 4500G Family Command Reference Guide

This guide provides detailed information about the web interface and command line interface that enable you to manage the switch. It is supplied in PDF format on the CD-ROM that accompanies the switch.

3Com Switch 4500G Family Getting Started Guide

This guide provides preliminary information about hardware installation and communication interfaces.

Release notes

These notes provide information about the current software release, including new features, modifications, and known problems. The release notes are supplied in hard copy with the switch.

{ x | y | } Alternative items, one of which must be entered, are grouped in braces and separated by vertical bars. You must select and enter one of the items.

Example: in the command flow-control { hardware | none | software }, the braces and the vertical bars combined indicate that you must enter one of the parameters. Enter either hardware, or none, or software.

[ ] Items shown in square brackets [ ] are optional.

Example 1: in the command display users [ all ], the square brackets indicate that the parameter all is optional. You can enter the command with or without this parameter.

Example 2: in the command user-interface [ type ] first-number [ last-number ] the square brackets indicate that the parameters [ type] and [ last-number ] are both optional. You can enter a value in place of one, both or neither of these parameters.

Alternative items, one of which can optionally be entered, are grouped in square brackets and separated by vertical bars.

Example 3: in the command header [ shell | incoming | login ] text, the square brackets indicate that the parameters shell, incoming and login are all optional. The vertical bars indicate that only one of the parameters is allowed.

Table 2 Text conventions (Continued)

Convention Description

18 ABOUT THIS GUIDE

2 A relative user interface index can be obtained by appending a number to the identifier of a user interface type. It is generated by user interface type. The relative user interface indexes are as follows:

AUX user interface: AUX 0

VTY user interfaces: VTY 0, VTY 1, VTY 2, and so on.1 LOGGING INTO AN ETHERNET SWITCH

Logging into an Ethernet Switch

You can log into a Switch 4500G Ethernet switch in one of the following ways:

Log in locally through the Console port

Telnet locally or remotely to an Ethernet port

Telnet to the Console port using a modem

Log into the Web-based network management system

Log in through NMS (network management station)

Introduction to the User Interface

Supported User Interfaces

Switch 4500G Family Ethernet switch supports two types of user interfaces: AUX and VTY.

As the AUX port and the Console port of a 3Com Switch 4500G Family series switch are the same one, you will be in the AUX user interface if you log in through this port.

User Interface Number

Two kinds of user interface index exist: absolute user interface index and relative user interface index.

1 The absolute user interface indexes are as follows:

AUX user interface: 0

VTY user interfaces: Numbered after AUX user interfaces and increases in the step of 1

Table 3 Description on user interface

User interface Applicable user Port used Description

AUX Users logging in through the Console port

Console port Each switch can accommodate one AUX user.

VTY Telnet users and SSH users

Ethernet port Each switch can accommodate up to five VTY users.

20 CHAPTER 1: LOGGING INTO AN ETHERNET SWITCHCommon User Interface

Configuration

Table 4 Common User Interface Configuration

To do Use the command Remarks

Lock the current user interface

lock OptionalExecute this command in user view.

A user interface is not locked by default.

Specify to send messages to all user interfaces/a specified user interface

send { all | number | type number }

Optional

Execute this command in user view.

Disconnect a specified user interface

free user-interface [ type ] number

Optional

Execute this command in user view.

Enter system view system-view Set the banner header { incoming |

legal | login | shell | motd } text

Optional

Set a system name for the switch

sysname string Optional

Enter user interface view user-interface [ type ] first-number [ last-number ]

Define a shortcut key for aborting tasks

escape-key { default | character }

Optional

The default shortcut key combination for aborting tasks is < Ctrl+C >.

Set the history command buffer size

history-command max-size value

Optional

The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default.

Set the timeout time for the user interface

idle-timeout minutes [ seconds ]

Optional

The default timeout time of a user interface is 10 minutes.

With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.

You can use the idle-timeout 0 command to disable the timeout function.

Set the maximum number of lines the screen can contain

screen-length screen-length

Optional

By default, the screen can contain up to 24 lines.

You can use the screen-length 0 command to disable the function to display information in pages.

Make terminal services available

shell OptionalBy default, terminal services are available in all user interfaces.

Introduction to the User Interface 21Set the display type of a terminal

terminal type { ansi | vt100 }

Optional

By default, the terminal display type is ANSI. The device must use the same type of display as the terminal. If the terminal uses VT 100, the device should also use VT 100.

Display the information about the current user interface/all user interfaces

display users [ all ] You can execute this command in any view.

Display the physical attributes and configuration of the current/a specified user interface

display user-interface [ type number | number ] [ summary ]

You can execute this command in any view.

Display the information about the current web users

display web users You can execute this command in any view.

Table 4 Common User Interface Configuration (continued)

To do Use the command Remarks

22 CHAPTER 1: LOGGING INTO AN ETHERNET SWITCH

If you use a PC to connect to the Console port, launch a terminal emulation utility (such as Terminal in Windows 3.X or HyperTerminal in Windows 9X/Windows 2000/Windows XP) and perform the configuration shown in Figure 2 through Figure 4 for the connection to be created. Normally, the parameters of a terminal are configured as those listed in Table 5.2 LOGGING IN THROUGH THE CONSOLE PORT

Introduction To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods. By default, you can log into a Switch 4500G Family Ethernet switch through its Console port only.

To log into an Ethernet switch through its Console port, the related configuration of the user terminal must be in accordance with that of the Console port.

Table 5 lists the default settings of a Console port.

After logging into a switch, you can perform configuration for AUX users. Refer to Console Port Login Configuration for more.

Setting up the Connection to the Console Port

Connect the serial port of your PC/terminal to the Console port of the switch, as shown in Figure 1.

Figure 1 Diagram for setting the connection to the Console port

Table 5 The default settings of a Console port

Setting Default

Baud rate 19,200 bps

Flow control Off

Check mode No check bit

Stop bits 1

Data bits 8

Console port

RS-232 port

Configuration cable

Console port

RS-232 port

Configuration cableConsole cable

24 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTFigure 2 Create a connection

Figure 3 Specify the port used to establish the connection

Setting up the Connection to the Console Port 25Figure 4 Set port parameters terminal window

Turn on the switch. The user will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as ) appears after the user presses the Enter key, as shown in Figure 5.

Figure 5 The terminal window

You can then configure the switch or check the information about the switch by executing commands. You can also acquire help by type the ? character. Refer to the following chapters for information about the commands.

26 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConsole Port Login Configuration

Common Configuration

Table 6 lists the common configuration of Console port login.

CAUTION: Changing of Console port configuration terminates the connection to the Console port. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly. Refer to Setting up the Connection to the Console Port for more information.

Table 6 Common configuration of Console port login

Configuration Description

Console port configuration

Baud rate Optional

The default baud rate is 19200 bps.

Check mode Optional

By default, the check mode of the Console port is set to none, which means no check bit.

Stop bits Optional

The default stop bits of a Console port is 1.

Data bits Optional

The default data bits of a Console port is 8.

AUX user interface configuration

Define a shortcut key for starting terminal sessions

Optional

By default, pressing Enter key starts the terminal session.

Configure the command level available to the users logging into the AUX user interface

Optional

By default, commands of level 3 are available to the users logging into the AUX user interface.

Terminal configuration


Optional



Optional

By default, terminal services are available in all user interfaces


Optional


Set history command buffer size

Optional

By default, the history command buffer can contain up to 10 commands.

Set the timeout time of a user interface

Optional

The default timeout time is 10 minutes.

Console Port Login Configuration 27Console Port Login Configurations for

Different Authentication

Modes

Table 7 lists Console port login configurations for different authentication modes.

Changes of the authentication mode of Console port login will not take effect unless you exit and enter again the CLI.

Table 7 Console port login configurations for different authentication modes

Authentication mode Console port login configuration Description

None Perform common configuration

Perform common configuration for Console port login

Optional

Refer to Common Configuration for more.

Password Configure the password

Configure the password for local authentication

Required

Perform common configuration


Optional


Scheme Specify to perform local authentication or RADIUS authentication

AAA configuration specifies whether to perform local authentication or RADIUS authentication

Optional

Local authentication is performed by default.

Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more.

Configure user name and password

Configure user names and passwords for local/remote users

Required

The user name and password of a local user are configured on the switch.

The user name and password of a remote user are configured on the DADIUS server. Refer to user manual of RADIUS server for more.

Manage AUX users

Set service type for AUX users

Required



Optional


28 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConsole Port Login Configuration with Authentication Mode Being None

Configuration Procedure Table 8 Configuration Procedure

To Use the command Remarks

Enter system view system-view Enter AUX user interface view user-interface aux

0

Configure not to authenticate users

authentication-mode none

Required

By default, users logging in through the Console port are not authenticated.

Configure the Console port

Set the baud rate

speed speed-value OptionalThe default baud rate of an AUX port (also the Console port) is 9,600 bps.

Set the check mode

parity { even | mark | none | odd | space }

Optional

By default, the check mode of a Console port is set to none, that is, no check bit.

Set the stop bits stopbits { 1 | 1.5 | 2 } OptionalThe stop bits of a Console port is 1.

Set the data bits databits { 5 | 6 | 7 | 8 } OptionalThe default data bits of a Console port is 8.

Configure the command level available to users logging into the user interface

user privilege level level

Optional

By default, commands of level 3 are available to users logging into the AUX user interface.


activation-key character

Optional




Optional


Make terminal services available shell OptionalBy default, terminal services are available in all user interfaces.

Console Port Login Configuration with Authentication Mode Being None 29Note that the command level available to users logging into a switch depends on both the authentication-mode none command and the user privilege level level command, as listed in the following table.

Configuration Example

Network requirements

Perform the following configuration for users logging in through the Console port:

Do not authenticate users logging in through the Console port.

Commands of level 2 are available to users logging into the AUX user interface.

The baud rate of the Console port is 19,200 bps.

The screen can contain up to 30 lines.

The history command buffer can contain up to 20 commands.

The timeout time of the AUX user interface is 6 minutes.



Optional





Optional




Optional




Table 9 Determine the command level (A)

Scenario

Command levelAuthentication mode User type Command

None (authentication- mode none)

Users logging in through Console ports

The user privilege level level command not executed

Level 3

The user privilege level level command already executed

Determined by the level argument

Table 8 Configuration Procedure (continued)


30 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTNetwork diagram

Figure 6 Network diagram for AUX user interface configuration (with the authentication mode being none)

Configuration procedure

1 Enter system view.

system-view2 Enter AUX user interface view.

[3Com] user-interface aux 03 Specify not to authenticate users logging in through the Console port.

[3Com-ui-aux0] authentication-mode none4 Specify commands of level 2 are available to users logging into the AUX user interface.

[3Com-ui-aux0] user privilege level 25 Set the baud rate of the Console port to 19,200 bps.

[3Com-ui-aux0] speed 192006 Set the maximum number of lines the screen can contain to 30.

[3Com-ui-aux0] screen-length 307 Set the maximum number of commands the history command buffer can store to 20.

[3Com-ui-aux0] history-command max-size 208 Set the timeout time of the AUX user interface to 6 minutes.

[3Com-ui-aux0] idle-timeout 6

Console port

Console cable

RS-232

Console port

Console cable

RS-232

Console Port Login Configuration with Authentication Mode Being Password 31Console Port Login Configuration with Authentication Mode Being Password

Table 10 Configuration Procedure


Enter system view system-view Enter AUX user interface view

user-interface aux 0

Configure to authenticate users using the local password

authentication-mode password

Required

By default, users logging in through the Console port are not authenticated.

Set the local password set authentication password { cipher | simple } password

Required


Set the baud rate

speed speed-value OptionalThe default baud rate of an AUX port (also the Console port) is 9,600 bps.

Set the check mode


Optional


Set the stop bits

stopbits { 1 | 1.5 | 2 }

Optional

The default stop bits of a Console port is 1.

Set the data bits

databits { 5 | 6 | 7 | 8 }

Optional




Optional




Optional




Optional


Make terminal services available to the user interface


32 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConfiguration Procedure

Note that the level the commands of which are available to users logging into a switch depends on both the authentication-mode password and the user privilege level level command, as listed in the following table.




Authenticate users logging in through the Console port using the local password.

Set the local password to 123456 (in plain text).

The commands of level 2 are available to users logging into the AUX user interface.



The history command buffer can store up to 20 commands.




Optional





Optional




Optional






Table 11 Determine the command level (B)

Scenario


Local authentication (authentication-mode password)

Users logging into the AUX user interface

The user privilege level level command not executed

Level 3



Console Port Login Configuration with Authentication Mode Being Password 33Network diagram

Figure 7 Network diagram for AUX user interface configuration (with the authentication mode being password)



system-view2 Enter AUX user interface view.

[3Com] user-interface aux 03 Specify to authenticate users logging in through the Console port using the local

password.

[3Com-ui-aux0] authentication-mode password4 Set the local password to 123456 (in plain text).

[3Com-ui-aux0] set authentication password simple 1234565 Specify commands of level 2 are available to users logging into the AUX user interface.

[3Com-ui-aux0] user privilege level 26 Set the baud rate of the Console port to 19,200 bps.





Console port

Console cable

RS-232

Console port

Console cable

RS-232

34 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConsole Port Login Configuration with Authentication Mode Being Scheme



Enter system view system-view Configure the authentication mode

Enter the default ISP domain view

domain Domain name OptionalBy default, the local AAA scheme is applied. If you specify to apply the local AAA scheme, you need to perform the configuration concerning local user as well.

If you specify to apply an existing scheme by providing the radius-scheme-name argument, you need to perform the following configuration as well:

Perform AAA & RADIUS configuration on the switch. (Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more.)

Configure the user name and password accordingly on the AAA server. (Refer to the user manual of AAA server.)

Specify the AAA scheme to be applied to the domain

authentication default { hwtacacs- scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] }

Quit to system view

quit

Create a local user (Enter local user view.)

local-user user-name

Required

No local user exists by default.

Set the authentication password for the local user

password { simple | cipher } password

Required

Specify the service type for AUX users

service-type terminal [ level level ]

Required

Quit to system view quit Enter AUX user interface view

user-interface aux 0

Configure to authenticate users locally or remotely

authentication-mode scheme [ command- authorization ]

Required

The specified AAA scheme determines whether to authenticate users locally or remotely.

Users are authenticated locally by default.

Console Port Login Configuration with Authentication Mode Being Scheme 35Note that the level the commands of which are available to users logging into a switch depends on the authentication-mode scheme [ command-authorization ] command, the user privilege level level command, and the service-type terminal [ level level ] command, as listed in Table 13.


Set the baud rate

speed speed-value OptionalThe default baud rate of the AUX port (also the Console port) is 9,600 bps.

Set the check mode


Optional


Set the stop bits

stopbits { 1 | 1.5 | 2 } OptionalThe default stop bits of a Console port is 1.

Set the data bits

databits { 5 | 6 | 7 | 8 }

Optional




Optional




Optional




Optional


Make terminal services available to the user interface




Optional





Optional




Optional






36 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORTConfiguration Example



Configure the name of the local user to be guest.

Set the authentication password of the local user to 123456 (in plain text).

Set the service type of the local user to Terminal.

Configure to authenticate users logging in through the Console port in the scheme mode.

The commands of level 2 are available to users logging into the AUX user interface.





Table 13 Determine the command level

Scenario


authentication-mode scheme [ command- authorization ]

Users logging into the Console port and pass AAA&RADIUS or local authentication

The user privilege level level command is not executed, and the service-type terminal [ level level ] command does not specify the available command level.

Level 0

The user privilege level level command is not executed, and the service-type terminal [ level level ] command specifies the available command level.

Determined by the service-type terminal [ level level ] command

The user privilege level level command is executed, and the service-type terminal [ level level ] command does not specify the available command level.

Level 0

The user privilege level level command is executed, and the service-type terminal [ level level ] command specifies the available command level.

Determined by the service-type terminal [ level level ] command

Console Port Login Configuration with Authentication Mode Being Scheme 37Network diagram

Figure 8 Network diagram for AUX user interface configuration (with the authentication mode being scheme)



system-view2 Create a local user named guest and enter local user view.

[3Com] local-user guest3 Set the authentication password to 123456 (in plain text).

[3Com-luser-guest] password simple 1234564 Set the service type to Terminal, Specify commands of level 2 are available to users

logging into the AUX user interface.

[3Com-luser-guest] service-type terminal level 2[3Com-luser-guest] quit

5 Enter AUX user interface view.

[3Com] user-interface aux 06 Configure to authenticate users logging in through the Console port in the scheme

mode.

[3Com-ui-aux0] authentication-mode scheme7 Set the baud rate of the Console port to 19,200 bps.





Console port

Console cable

RS-232

Console port

Console cable

RS-232

38 CHAPTER 2: LOGGING IN THROUGH THE CONSOLE PORT

user interfaces


Optional


Set history command buffer size Optional

By default, the history command buffer can contain up to 10 commands.

Set the timeout time of a user Optional3 LOGGING IN THROUGH TELNET

Introduction You can telnet to a remote switch to manage and maintain the switch. To achieve this, you need to configure both the switch and the Telnet terminal properly.

Common Configuration

Table 15 lists the common Telnet configuration.

Table 14 Requirements for Telnet to a switch

Item Requirement

Switch The management VLAN of the switch is created and the route between the switch and the Telnet terminal is available. (Refer to the VLAN module for more.)

The authentication mode and other settings are configured. Refer to Table 15 and Table 16.

Telnet terminal Telnet is running.

The IP address of the management VLAN of the switch is available.

Table 15 Common Telnet configuration

Configuration Description

VTY user interface configuration

Configure the command level available to users logging into the VTY user interface

Optional

By default, commands of level 0 is available to users logging into a VTY user interface.

Configure the protocols the user interface supports

Optional

By default, Telnet and SSH protocol are supported.

Set the command that is automatically executed when a user logs into the user interface

Optional

By default, no command is automatically executed when a user logs into a user interface.

VTY terminal configuration


Optional


Make terminal services available Optional

By default, terminal services are available in all interface The default timeout time is 10 minutes.

40 CHAPTER 3: LOGGING IN THROUGH TELNETCAUTION:

The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution.

Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.

Telnet Configurations for Different

Authentication Modes

Table 16 lists Telnet configurations for different authentication modes.

Table 16 Telnet configurations for different authentication modes

Authentication mode Telnet configuration Description

None Perform common configuration

Perform common Telnet configuration

Optional

Refer to Table 15.

Password Configure the password

Configure the password for local authentication

Required



Optional

Refer to Table 15.

Scheme Specify to perform local authentication or RADIUS authentication

AAA configuration specifies whether to perform local authentication or RADIUS authentication

Optional

Local authentication is performed by default.

Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more information.

Configure user name and password

Configure user names and passwords for local/remote users

Required

z The user name and password of a local user are configured on the switch.

z The user name and password of a remote user are configured on the DADIUS server. Refer to user manual of RADIUS server for more.

Manage VTY users Set service type for VTY users

Required



Optional

Refer to Table 15.

Telnet Configuration with Authentication Mode Being None 41Telnet Configuration with Authentication Mode Being None



Enter system view system-view Enter one or more VTY user interface views

user-interface vty first-number [ last-number ]

Configure not to authenticate users logging into VTY user interfaces

authentication-mode none

Required

By default, VTY users are authenticated after logging in.

Configure the command level available to users logging into VTY user interface


Optional

By default, commands of level 0 are available to users logging into VTY user interfaces.

Configure the protocols to be supported by the VTY user interface

protocol inbound { all | ssh | telnet }

Optional

By default, both Telnet protocol and SSH protocol are supported.


auto-execute command text

Optional




Optional






Optional





Optional


42 CHAPTER 3: LOGGING IN THROUGH TELNETNote that if you configure not to authenticate the users, the command level available to users logging into a switch depends on both the authentication-mode none command and the user privilege level level command, as listed in Table 18.



Perform the following configuration for Telnet users logging into VTY 0:

Do not authenticate users logging into VTY 0.

Commands of level 2 are available to users logging into VTY 0.

Telnet protocol is supported.



The timeout time of VTY 0 is 6 minutes.

Set the timeout time of the VTY user interface


Optional




Table 18 Determine the command level when users logging into switches are not authenticated

Scenario


None (authentica-tion-mode none)

VTY users The user privilege level level command not executed

Level 0





Telnet Configuration with Authentication Mode Being None 43Network diagram

Figure 9 Network diagram for Telnet configuration (with the authentication mode being none)



system-view2 Enter VTY 0 user interface view.

[3Com] user-interface vty 03 Configure not to authenticate Telnet users logging into VTY 0.

[3Com-ui-vty0] authentication-mode none4 Specify commands of level 2 are available to users logging into VTY 0.

[3Com-ui-vty0] user privilege level 25 Configure Telnet protocol is supported.

[3Com-ui-vty0] protocol inbound telnet6 Set the maximum number of lines the screen can contain to 30.

[3Com-ui-vty0] screen-length 307 Set the maximum number of commands the history command buffer can store to 20.

[3Com-ui-vty0] history-command max-size 208 Set the timeout time to 6 minutes.

[3Com-ui-vty0] idle-timeout 6

User PC running Telnet

Ethernet


GigabitEthernet1/0/1Ethernet


Ethernet



44 CHAPTER 3: LOGGING IN THROUGH TELNETTelnet Configuration with Authentication Mode Being Password



Enter system view system-view Enter one or more VTY user interface views


Configure to authenticate users logging into VTY user interfaces using the local password

authentication-mode password

Required

Set the local password set authentication password { cipher | simple } password

Required



Optional

By default, commands of level 0 are available to users logging into VTY user interface.

Configure the protocol to be supported by the user interface


Optional

By default, both Telnet protocol and SSH protocol are supported.



Optional




Optional




Telnet Configuration with Authentication Mode Being Password 45Note that if you configure to authenticate the users in the password mode, the command level available to users logging into a switch depends on both the authentication-mode password command and the user privilege level level command, as listed in Table 20.




Authenticate users logging into VTY 0 using the local password.

Set the local password to 123456 (in plain text).

Commands of level 2 are available to users logging into VTY 0.

Telnet protocol is supported.






Optional





Optional


Set the timeout time of the user interface


Optional




Table 20 Determine the command level when users logging into switches are authenticated in the password mode

Scenario


Password (authentica-tion-mode password)

VTY users The user privilege level level command not executed

Level 0





46 CHAPTER 3: LOGGING IN THROUGH TELNETNetwork diagram

Figure 10 Network diagram for Telnet configuration (with the authentication mode being password)



system-view2 Enter VTY 0 user interface view.

[3Com] user-interface vty 03 Configure to authenticate users logging into VTY 0 using the local password.

[3Com-ui-vty0] authentication-mode password4 Set the local password to 123456 (in plain text).

[3Com-ui-vty0] set authentication password simple 1234565 Specify commands of level 2 are available to users logging into VTY 0.

[3Com-ui-vty0] user privilege level 26 Configure Telnet protocol is supported.






Ethernet




Ethernet



Telnet Configuration with Authentication Mode Being Scheme 47Telnet Configuration with Authentication Mode Being Scheme



Enter system view system-view Configure the authentication scheme

Enter the default ISP domain view

domain Domain name OptionalBy default, the local AAA scheme is applied. If you specify to apply the local AAA scheme, you need to perform the configuration concerning local user as well.

If you specify to apply an existing scheme by providing the radius-scheme-name argument, you need to perform the following configuration as well:

Perform AAA & RADIUS configuration on the switch. (Refer to the AAA, RADIUS, and TACACS+ Configuration chapter for more information.

Configure the user name and password accordingly on the AAA server. (Refer to the user manual of the AAA server.)

Configure the AAA scheme to be applied to the domain

authentication default { hwtacacs-scheme hwtacacs-scheme- name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] }

Quit to system view

quit

Create a local user and enter local user view

local-user user-name

The admin, manager, and monitor users exist by default.

Set the authentication password for the local user

password { simple | cipher } password

Required

Specify the service type for VTY users

service-type telnet [ level level ]

Required

Quit to system view quit Enter one or more VTY user interface views


Configure to authenticate users locally or remotely

authentication-mode scheme

Required

The specified AAA scheme determines whether to authenticate users locally or remotely.

Users are authenticated locally by default.



Optional

By default, commands of level 0 are available to users logging into the VTY user interfaces.

Configure the supported protocol


Optional

Both Telnet protocol and SSH protocol are supported by default.

48 CHAPTER 3: LOGGING IN THROUGH TELNETNote that if you configure to authenticate the users in the scheme mode, the command level available to users logging into a switch depends on the authentication-mode scheme [ command-authorization ] command, the user privilege level level command, and the service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] } command, as listed in Table 22.



Optional




Optional



shell OptionalTerminal services are available in all use interfaces by default.



Optional





Optional




Optional






Telnet Configuration with Authentication Mode Being Scheme 49Refer to the corresponding chapters in this guide for information about AAA, RADIUS, TACACS+, and SSH.

Table 22 Determine the command level when users logging into switches are authenticated in the scheme mode

Scenario


Scheme (authentication-mode scheme [ command-authorization ])

VTY users that are AAA&RADIUS authenticated or locally authenticated

The user privilege level level command is not executed, and the service-type command does not specify the available command level.

Level 0

The user privilege level level command is not executed, and the service-type command specifies the available command level.

Determined by the service-type command

The user privilege level level command is executed, and the service-type command does not specify the available command level.

Level 0

The user privilege level level command is executed, and the service-type command specifies the available command level.


VTY users that are authenticated in the RSA mode of SSH


Level 0



Determined by the user privilege level level commandThe user privilege level level

command is executed, and the service-type command specifies the available command level.

VTY users that are authenticated in the password mode of SSH


Level 0




Level 0

The user privilege level level command is executed, and the service-type command specifies the available command level.


50 CHAPTER 3: LOGGING IN THROUGH TELNETConfiguration Example



Configure the name of the local user to be guest.

Set the authentication password of the local user to 123456 (in plain text).

Set the service type of VTY users to Telnet.

Configure to authenticate users logging into VTY 0 in scheme mode.

The commands of level 2 are available to users logging into VTY 0.

Telnet protocol is supported in VTY 0.




Network diagram

Figure 11 Network diagram for Telnet configuration (with the authentication mode being scheme)



system-view2 Create a local user named guest and enter local user view.

[3Com] local-user guest3 Set the authentication password of the local user to 123456 (in plain text).

[3Com-luser-guest] password simple 1234564 Set the service type to Telnet, Specify commands of level 2 are available to users logging

into VTY 0.

[3Com-luser-guest] service-type telnet level 25 Enter VTY 0 user interface view.

[3Com] user-interface vty 06 Configure to authenticate users logging into VTY 0 in the scheme mode.

[3Com-ui-vty0] authentication-mode scheme


Ethernet




Ethernet



Telnet Connection Establishment 517 Configure Telnet protocol is supported.





Telnet Connection Establishment

Telneting to a Switch from a Terminal

In order to Telnet to the switch, you need to configure an IP address on a VLAN interface. Use the following procedure to establish a Telnet connection to a switch through the management VLAN:

1 Log into the switch through the Console port and assign an IP address to the management VLAN interface of the switch.

Connect to the Console port. Refer to the chapter Setting up the Connection to the Console Port.

Execute the following commands in the terminal window to assign an IP address to the management VLAN interface of the switch.

systema Enter management VLAN interface view.

[3Com] interface Vlan-interface 1b Remove the existing IP address of the management VLAN interface.

[3Com-Vlan-interface1] undo ip addressc Configure the IP address of the management VLAN interface to be 202.38.160.92.

[3Com-Vlan-interface1] ip address 202.38.160.92 255.255.255.02 Configure the user name and password for Telnet on the switch. See the sections entitled

Telnet Configuration with Authentication Mode Being None,Telnet Configuration with Authentication Mode Being Password, and Telnet Configuration with Authentication Mode Being Scheme for additional information.

3 Connect your PC to the Switch, as shown in Figure 12. Make sure the Ethernet port to which your PC is connected belongs to the management VLAN of the switch and the route between your PC and the switch is available.

52 CHAPTER 3: LOGGING IN THROUGH TELNETFigure 12 Network diagram for Telnet connection establishment

4 Launch Telnet on your PC, with the IP address of the management VLAN interface of the switch as the parameter, as shown in the following figure.

Figure 13 Launch Telnet

5 Enter the password when the Telnet window displays Login authentication and prompts for login password. The CLI prompt (such as ) appears if the password is correct. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says All user interfaces are used, please try later!. A 3Com Switch 4500G Family Ethernet switch can accommodate up to five Telnet connections at same time.

6 After successfully Telneting to a switch, you can configure the switch or display the information about the switch by executing corresponding commands. You can also type ? at any time for help. Refer to the following chapters for the information about the commands.

A Telnet connection will be terminated if you delete or modify the IP address of the VLAN interface in the Telnet session.

By default, commands of level 0 are available to Telnet users authenticated by password. Refer to the Basic System Configuration and Maintenance module for information about command hierarchy.

Workstation

WorkstationServer PC w ith Telnet running on it (used to configure the switch)

Ethernet portEthernet

Workstation

WorkstationServer PC w ith Telnet running on it (used to configure the switch)

Ethernet portEthernet

Telnet Connection Establishment 53Telneting to Another Switch from the Current Switch

You can Telnet to another switch from the current switch. In this case, the current switch operates as the client, and the other operates as the server. If the interconnected Ethernet ports of the two switches are in the same LAN segment, make sure the IP addresses of the two management VLAN interfaces to which the two Ethernet ports belong to are of the same network segment, or the route between the two VLAN interfaces is available.

As shown in Figure 14, after Telneting to a switch (labeled as Telnet client), you can Telnet to another switch (labeled as Telnet server) by executing the telnet command and then to configure the later.

Figure 14 Network diagram for Telneting to another switch from the current switch

1 Configure the user name and password for Telnet on the switch operating as the Telnet server. Refer to the sections entitled Telnet Configuration with Authentication Mode Being None, Telnet Configuration with Authentication Mode Being Password, and Telnet Configuration with Authentication Mode Being Scheme for more information.

2 Telnet to the switch operating as the Telnet client.

3 Execute the following command on the switch operating as the Telnet client:

telnet xxxx

Where xxxx is the IP address or the host name of the switch operating as the Telnet server. You can use the ip host to assign a host name to a switch.

4 Enter the password. If the password is correct, the CLI prompt (such as ) appears. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says All user interfaces are used, please try later!.

5 After successfully Telneting to the switch, you can configure the switch or display the information about the switch by executing corresponding commands. You can also type ? at any time for help. Refer to the following chapters for the information about the commands.

Telnet clientPC Telnet serverTelnet clientPC Telnet server

54 CHAPTER 3: LOGGING IN THROUGH TELNET

Configuration AT&F ----------------------- Restore the factory settingsATS0=1-----------------------Configure to answer automatically after the first ringAT&D ----------------------- Ignore DTR signalAT&K0 ----------------------- Disable flow controlAT&R1 ----------------------- Ignore RTS signalAT&S0 ----------------------- Set DSR to high level by forceATEQ1&W----------------------- Disable the modem from returning command 4 LOGGING IN USING MODEM

Introduction The administrator can log into the Console port of a remote switch using a modem through PSTN (public switched telephone network) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely. When a network operates improperly or is inaccessible, you can log into the switches in the network in this way to configure these switches, to query logs and warning messages, and to locate problems.

To log into a switch in this way, you need to configure the terminal and the switch properly, as listed in the following table.

Configuration on the Administrator Side

The PC can communicate with the modem connected to it. The modem is properly connected to PSTN. And the telephone number of the switch side is available.

Configuration on the Switch Side

Modem Perform the following configuration on the modem directly connected to the switch:

Table 23 Requirements for logging into a switch using a modem

Item Requirement

Administrator side The PC can communicate with the modem connected to it.

The modem is properly connected to PSTN.

The telephone number of the switch side is available.

Switch side The modem is connected to the Console port of the switch properly.

The modem is properly configured.

The modem is properly connected to PSTN and a telephone set.

The authentication mode and other related settings are configured on the switch. Refer to Table 7.response and the result, save the changes

56 CHAPTER 4: LOGGING IN USING MODEMYou can verify your configuration by executing the AT&V command.

The above configuration is unnecessary to the modem on the administrator side.

The configuration commands and the output of different modems may differ. Refer to the user manual of the modem when performing the above configuration.

Switch Configuration

After logging into a switch through its Console port by using a modem, you will enter the AUX user interface. The corresponding configuration on the switch is the same as those when logging into the switch locally through its Console port except that:

When you log in through the Console port using a modem, the baud rate of the Console port is usually set to a value lower than the transmission speed of the modem. Otherwise, packets may get lost.

Other settings of the Console port, such as the check mode, the stop bits, and the data bits, remain the default.

The configuration on the switch depends on the authentication mode the user is in. Refer to Table 7 for the information about authentication mode configuration.

Configuration on switch when the authentication mode is noneRefer to Console Port Login Configuration with Authentication Mode Being None.

Configuration on switch when the authentication mode is password

Refer to Console Port Login Configuration with Authentication Mode Being Password.

Configuration on switch when the authentication mode is scheme

Refer to Console Port Login Configuration with Authentication Mode Being Scheme.

Modem Connection Establishment

1 Configure the user name and password on the switch. Refer to Console Port Login Configuration with Authentication Mode Being None, Console Port Login Configuration with Authentication Mode Being Password, and Console Port Login Configuration with Authentication Mode Being Scheme for more information.

2 Perform the following configuration on the modem directly connected to the switch.

AT&F ----------------------- Restore the factory settingsATS0=1------------------- Configure to answer automatically after the first ringAT&D ----------------------- Ignore DTR signalAT&K0 ----------------------- Disable flow controlAT&R1 ----------------------- Ignore RTS signalAT&S0 ----------------------- Set DSR to high level by forceATEQ1&W----------------------- Disable the modem from returning command response and the result, save the changes

You can verify your configuration by executing the AT&V command.

Modem Connection Establishment 57 The configuration commands and the output of different modems may differ. Refer to the user manual of the modem when performing the above configuration.

Set the baud rate of the AUX port (also the Console port) to a value lower than the transmission speed of the modem. Otherwise, packets may get lost.

3 Connect your PC, the modems, and the switch, as shown in the following figure.

Figure 15 Establish the connection by using modems

4 Launch a terminal emulation utility on the PC and set the telephone number to call the modem directly connected to the switch, as shown in Figure 16 and Figure 17. Note that you need to set the telephone number to that of the modem directly connected to the switch.

Figure 16 Set the telephone number

Modem

Telephone lineModem

Serial cable

Telephone number: 82882285Console port

PSTN

PC

Modem

Telephone lineModem

Serial cable

Telephone number: 82882285Console port

PSTN

PC

58 CHAPTER 4: LOGGING IN USING MODEMFigure 17 Call the modem

5 Provide the password when prompted. If the password is correct, the prompt (such as ) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help. Refer to the following chapters for information about the configuration commands.

If you perform no AUX user-related configuration on the switch, the commands of level 3 are available to modem users. Refer to the Basic System Configuration and Maintenance module for information about command level.

[3Com] interface Vlan-interface 1b Remove the existing IP address of the management VLAN interface.

[3Com-Vlan-interface1] undo ip addressc Configure the IP address of the management VLAN interface to be 10.153.17.82.

[3Com-Vlan-interface1] ip address 10.153.17.82 255.255.255.05 LOGGING IN THROUGH WEB-BASED NETWORK MANAGEMENT SYSTEM

Introduction A Switch 4500G Series switch has a Web server built in. You can log into a Switch 4500G series switch through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server.

To log into an Switch 4500G through the built-in Web-based network management system, you need to perform the related configuration on both the switch and the PC operating as the network manag

Documents

Manual 4500