Page 1 Command Guide Gigabit Ethernet L3 Stackable Managed Switch with 10GbE Uplink SGS-6341 Series www.PLANET.com.tw...
Page 2: Table Of Contents
SGS-6341 Series Command Guide Contents CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFIGURATION ......1-49 1.1 C .................... 1-49 OMMANDS FOR ASIC ONFIGURATION 1.1.1 Authentication line login ........................1-49 1.1.2 banner ..............................1-50 1.1.3 boot img ..............................1-50 1.1.4 boot startup-config ..........................1-51 1.1.5 clock set ..............................
Page 3 SGS-6341 Series Command Guide 1.1.35 show version ............................1-66 1.1.36 username ............................1-66 1.1.37 web language ............................1-67 1.1.38 write ..............................1-68 1.2 C ........................1-68 OMMANDS FOR ELNET 1.2.1 authentication ip access-class ......................1-68 1.2.2 authentication ipv6 access-class ......................1-69 1.2.3 authentication line login ........................
Page 4 SGS-6341 Series Command Guide 1.4.9 show snmp status ..........................1-86 1.4.10 show snmp user ..........................1-87 1.4.11 show snmp view ..........................1-88 1.4.12 snmp-server community ........................1-88 1.4.13 snmp-server enable ..........................1-89 1.4.14 snmp-server enable traps ........................1-90 1.4.15 snmp-server engineid ......................... 1-91 1.4.16 snmp-server group ..........................
Page 5 SGS-6341 Series Command Guide ......................... 3-111 CLUSTER AUTO ........................3-112 CLUSTER COMMANDER ..........................3-112 CLUSTER IP POOL ......................3-113 CLUSTER KEEPALIVE INTERVAL ....................3-114 CLUSTER KEEPALIVE LOSS COUNT ........................... 3-115 CLUSTER MEMBER ....................3-115 CLUSTER MEMBER AUTO USER ......................... 3-116 CLUSTER RESET MEMBER 3.10...
Page 6 SGS-6341 Series Command Guide ........................5-141 ISOLATE PORT GROUP ................5-141 ISOLATE PORT GROUP SWITCHPORT INTERFACE ........................5-142 ISOLATE PORT APPLY ......................5-143 SHOW ISOLATE PORT GROUP CHAPTER 6 COMMANDS FOR PORT LOOPBACK DETECTION FUNCTION ..6-144 ......................6-144 DEBUG LOOPBACK DETECTION .....................
Page 7 SGS-6341 Series Command Guide 8.12 ......................8-7 LLDP TRANSMIT OPTIONAL TLV 8.13 ............................8-8 LLDP TRAP 8.14 ..........................8-8 LLDP TX INTERVAL 8.15 ........................8-9 SHOW DEBUGGING LLDP 8.16 ............................. 8-10 SHOW LLDP 8.17 ....................8-10 SHOW LLDP INTERFACE ETHERNET 8.18...
Page 8 SGS-6341 Series Command Guide 11.17 ............11-32 ETHERNET OAM ERRORED SYMBOL PERIOD THRESHOLD LOW 11.18 ..............11-32 ETHERNET OAM ERRORED SYMBOL PERIOD WINDOW 11.19 ..................... 11-33 ETHERNET OAM LINK MONITOR 11.20 ........................11-33 ETHERNET OAM MODE 11.21 ....................... 11-34 ETHERNET OAM PERIOD 11.22...
Page 9 SGS-6341 Series Command Guide 12.1.25 switchport access vlan ........................12-63 12.1.26 switchport forbidden vlan ........................ 12-63 12.1.27 switchport hybrid allowed vlan ......................12-64 12.1.28 switchport hybrid native vlan ......................12-65 12.1.29 switchport interface ......................... 12-66 12.1.30 switchport mode ..........................12-66 12.1.31 switchport mode trunk allow-null .....................
Page 10 SGS-6341 Series Command Guide 13.1.3 mac-address-table static | static-multicast | blackhole............... 13-87 13.1.4 show mac-address-table ........................13-88 13.2 C .............. 13-89 OMMANDS FOR DDRESS INDING CONFIGURATION 13.2.1 clear port-security dynamic ....................... 13-89 13.2.2 mac-address-table periodic-monitor-time ..................13-90 13.2.3 show port-security ..........................13-90 13.2.4 show port-security address .......................
Page 11 SGS-6341 Series Command Guide 14.1.23 spanning-tree mst priority ......................14-112 14.1.24 spanning-tree mst rootguard ......................14-113 14.1.25 spanning-tree portfast ........................14-114 14.1.26 spanning-tree port-priority ......................14-115 14.1.27 spanning-tree priority ........................14-115 14.1.28 spanning-tree rootguard ........................ 14-116 14.1.29 spanning-tree tcflush (Global mode) ..................... 14-116 14.1.30 spanning-tree tcflush (Port mode) ....................
Page 12 SGS-6341 Series Command Guide 15.25 ........................ 15-145 SHOW MLS QOS MAPS 15.26 ......................... 15-149 SHOW MLS QOS VLAN 15.27 ..................15-149 SHOW MLS QOS AGGREGATE POLICY 15.28 ..........................15-150 TRANSMIT CHAPTER 16 COMMANDS FOR FOR FLOW-BASED REDIRECTION ....16-151 16.1 ..............
Page 13 SGS-6341 Series Command Guide 19.2.3 debug ip icmp ..........................19-172 19.2.4 debug ip packet ..........................19-173 19.2.5 debug ipv6 packet ........................... 19-173 19.2.6 debug ipv6 icmp ..........................19-174 19.2.7 debug ipv6 nd ..........................19-175 19.2.8 debug ipv6 tunnel packet ........................ 19-176 19.2.9 description ............................
Page 14 SGS-6341 Series Command Guide 19.3 C IP R ................... 19-201 OMMANDS FOR OUTE GGREGATION 19.3.1 ip fib optimize ..........................19-201 19.4 C URPF ....................... 19-201 OMMANDS FOR 19.4.1 show urpf ............................19-201 19.4.2 urpf enable ............................19-202 19.5 C ARP C ..................
Page 15 SGS-6341 Series Command Guide 22.1 ..........................22-14 GUARD IP CHAPTER 23 COMMAND FOR ARP LOCAL PROXY ..........23-15 23.1 ........................23-15 IP LOCAL PROXY CHAPTER 24 COMMANDS FOR GRATUITOUS ARP CONFIGURATION ....24-16 24.1 ........................24-16 IP GRATUITOUS 24.2 ......................24-17 SHOW IP GRATUITOUS CHAPTER 25 COMMANDS FOR KEEPALIVE GATEWAY .........25-18...
Page 16 SGS-6341 Series Command Guide 26.1.26 service dhcp ............................ 26-35 26.1.27 show ip dhcp binding ........................26-35 26.1.28 show ip dhcp conflict ........................26-36 26.1.29 show ip dhcp relay information option ..................... 26-36 26.1.30 show ip dhcp server statistics ......................26-37 26.2 C...
Page 17 SGS-6341 Series Command Guide 27.29 ......................27-58 SHOW IPV DHCP STATISTICS 27.30 ....................... 27-61 SHOW IPV GENERAL PREFIX 27.31 ......................27-61 SHOW IPV LOCAL POOL CHAPTER 28 COMMANDS FOR DHCP OPTION 82 ..........28-62 28.1 ....................... 28-62 DEBUG IP DHCP RELAY PACKET 28.2...
Page 18 SGS-6341 Series Command Guide 29.1.19 ipv6 dhcp use class ......................... 29-83 29.1.20 remote-id subscriber-id ........................29-84 29.2 C ................29-84 OMMANDS FOR ONITORING AND EBUGGING 29.2.1 debug ipv6 dhcp detail ........................29-84 29.2.2 debug ipv6 dhcp relay packet ......................29-85 29.2.3 debug ipv6 dhcp snooping packet .....................
Page 19 SGS-6341 Series Command Guide 30.31 ..................30-110 SHOW IP DHCP SNOOPING BINDING ALL 30.32 ......................30-111 SHOW TRUSTVIEW STATUS CHAPTER 31 COMMANDS FOR ROUTING POLICY ..........31-112 31.1 ......................31-112 IP PREFIX LIST DESCRIPTION 31.2 ........................31-113 IP PREFIX LIST SEQ 31.3...
Page 20 SGS-6341 Series Command Guide 32.2 ..........................32-135 IP ROUTE VRF 32.3 ........................... 32-136 SHOW IP ROUTE 32.4 ........................32-137 SHOW IP ROUTE VRF CHAPTER 33 COMMANDS FOR RIP................ 33-139 33.1 ......................... 33-139 ACCEPT LIFETIME 33.2 4 ........................33-140 ADDRESS FAMILY IPV 33.3...
Page 21 SGS-6341 Series Command Guide 33.36 ......................33-161 SHOW IP PROTOCOLS RIP 33.37 ..........................33-163 SHOW IP RIP 33.38 ......................33-163 SHOW IP RIP DATABASE 33.39 ......................33-164 SHOW IP RIP INTERFACE 33.40 ......................33-165 SHOW IP RIP AGGREGATE 33.41 ..........................33-165 TIMERS BASIC 33.42...
Page 22 SGS-6341 Series Command Guide 35.3 ........................35-187 AREA FILTER LIST 35.4 ..........................35-188 AREA NSSA 35.5 ..........................35-189 AREA RANGE 35.6 ..........................35-190 AREA STUB 35.7 ........................35-190 AREA VIRTUAL LINK 35.8 .................... 35-192 AUTO COST REFERENCE BANDWIDTH 35.9 1583 ......................... 35-192 COMPATIBLE RFC 35.10...
Page 23 SGS-6341 Series Command Guide 35.42 .................... 35-212 ADJACENCY CHANGES DETAIL 35.43 ....................... 35-213 CONCURRENT 35.44 ..........................35-213 NEIGHBOR 35.45 ......................... 35-214 NETWORK AREA 35.46 ......................... 35-215 OSPF ABR TYPE 35.47 ........................35-216 OSPF ROUTER 35.48 ....................... 35-216 OVERFLOW DATABASE 35.49 ....................
Page 24 SGS-6341 Series Command Guide 36.15 ......................36-239 DEBUG IPV OSPF ROUTE 36.16 ........................36-240 OSPF COST 36.17 ......................36-240 OSPF DEAD INTERVAL 36.18 ..................36-241 OSPF DISPLAY ROUTE SINGLE LINE 36.19 ....................... 36-242 OSPF HELLO INTERVAL 36.20 ........................36-243 OSPF PRIORITY 36.21...
Page 25 SGS-6341 Series Command Guide 37.14 ........................37-268 BGP DAMPENING 37.15 ..........................37-268 BGP DEFAULT 37.16 ......................37-269 BGP DETERMINISTIC 37.17 ......................37-270 BGP ENFORCE FIRST 37.18 ....................37-270 BGP FAST EXTERNAL FAILOVER 37.19 ...................... 37-271 BGP INBOUND ROUTE FILTER 37.20 ....................
Page 26 SGS-6341 Series Command Guide 37.53 ..................37-292 NEIGHBOR DONT CAPABILITY NEGOTIATE 37.54 ......................37-293 NEIGHBOR EBGP MULTIHOP 37.55 ....................37-294 NEIGHBOR ENFORCE MULTIHOP 37.56 ....................... 37-294 NEIGHBOR FILTER LIST 37.57 ........................ 37-295 NEIGHBOR INTERFACE 37.58 ...................... 37-296 NEIGHBOR MAXIMUM PREFIX 37.59...
Page 27 SGS-6341 Series Command Guide 37.92 ....................37-320 SHOW IP BGP COMMUNITY LIST 37.93 ......................37-320 SHOW IP BGP DAMPENING 37.94 ......................37-322 SHOW IP BGP FILTER LIST 37.95 ....................37-323 SHOW IP BGP INCONSISTENT 37.96 ......................37-323 SHOW IP BGP NEIGHBORS 37.97...
Page 28 SGS-6341 Series Command Guide 40.1 ..........................40-11 LOAD BALANCE 40.2 ..........................40-11 MAXIMUM PATHS CHAPTER 41 COMMANDS FOR BFD ................41-1 41.1 ........................ 41-1 BFD AUTHENTICATION KEY 41.2 5 ......................41-1 BFD AUTHENTICATION KEY MD 41.3 ....................... 41-2 BFD AUTHENTICATION KEY TEXT 41.4...
Page 29 SGS-6341 Series Command Guide 43.7 ....................43-4 SHOW IP OSPF GRACEFUL RESTART CHAPTER 44 IPV4 MULTICAST PROTOCOL ..............44-6 44.1 P ....................44-6 UBLIC OMMANDS FOR ULTICAST 44.1.1 show ip mroute ............................ 44-6 44.2 C PIM-DM ........................ 44-7 OMMANDS FOR 44.2.1 debug pim timer sat ..........................44-7 44.2.2 debug pim timer srt ..........................
Page 30 SGS-6341 Series Command Guide 44.3.17 ip pim exclude-genid ........................44-28 44.3.18 ip pim hello-holdtime ........................44-29 44.3.19 ip pim hello-interval ......................... 44-30 44.3.20 ip pim ignore-rp-set-priority ......................44-30 44.3.21 ip pim jp-timer ..........................44-31 44.3.22 ip pim multicast-routing ........................44-32 44.3.23 ip pim neighbor-filter ........................
Page 31 SGS-6341 Series Command Guide 44.4.16 debug msdp timer ........................... 44-52 44.4.17 default-rpf-peer ..........................44-53 44.4.18 description ............................44-53 44.4.19 exit-peer-mode ..........................44-54 44.4.20 mesh-group ............................. 44-54 44.4.21 originating-rp ........................... 44-55 44.4.22 peer ..............................44-56 44.4.23 redistribute ............................44-56 44.4.24 remote-as ............................44-57 44.4.25 router msdp .............................
Page 32 SGS-6341 Series Command Guide 44.7.5 ip dvmrp output-report-delay ......................44-78 44.7.6 ip dvmrp reject-non-pruners ......................44-79 44.7.7 ip dvmrp tunnel ..........................44-80 44.7.8 show ip dvmrp ........................... 44-80 44.7.9 show ip dvmrp interface ........................44-81 44.7.10 show ip dvmrp neighbor ........................44-82 44.7.11 show ip dvmrp prune ........................
Page 33 SGS-6341 Series Command Guide 44.9.16 show ip igmp interface ........................44-104 44.10 C IGMP S ..................... 44-105 OMMANDS FOR NOOPING 44.10.1 clear ip igmp snooping vlan ......................44-105 44.10.2 clear ip igmp snooping vlan <1-4094> mrouter-port ..............44-105 44.10.3 debug igmp snooping all/packet/event/timer/mfc ................44-106 44.10.4 ip igmp snooping ...........................
Page 34 SGS-6341 Series Command Guide 44.11.15 ip multicast ssm ........................... 44-126 44.11.16 ip pim bsr-border ......................... 44-127 44.11.17 show debugging igmp proxy ......................44-127 44.11.18 show ip igmp proxy ........................44-128 44.11.19 show ip igmp proxy mroute ......................44-129 44.11.20 show ip igmp proxy upstream groups ..................44-130 CHAPTER 45 IPV6 MULTICAST PROTOCOL ..............45-1...
Page 35 SGS-6341 Series Command Guide 45.3.12 ipv6 pim accept-register ........................45-20 45.3.13 ipv6 pim bsr-border ......................... 45-21 45.3.14 ipv6 pim bsr-candidate ........................45-21 45.3.15 ipv6 pim cisco-register-checksum ....................45-22 45.3.16 ipv6 pim dr-priority .......................... 45-23 45.3.17 ipv6 pim exclude-genid ........................45-23 45.3.18 ipv6 pim hello-holdtime ........................
Page 36 SGS-6341 Series Command Guide 45.5.1 ipv6 pim ssm ............................. 45-46 45.6 C 6 DCSCM...................... 45-47 OMMANDS FOR 45.6.1 ipv6 access-list(ipv6 multicast source control) .................. 45-47 45.6.2 ipv6 access-list(multicast destination control) ................... 45-48 45.6.3 ipv6 multicast destination-control access-group ................45-48 45.6.4 ipv6 multicast destination-control access-group (sip) ................ 45-49 45.6.5 ipv6 multicast destination-control access-group (vmac) ..............
Page 37 SGS-6341 Series Command Guide 45.8.5 ipv6 mld snooping vlan........................45-69 45.8.6 ipv6 mld snooping vlan immediate-leave ..................45-70 45.8.7 ipv6 mld snooping vlan l2-general-querier ..................45-71 45.8.8 ipv6 mld snooping vlan limit ......................45-71 45.8.9 ipv6 mld snooping vlan mrouter-port interface .................. 45-72 45.8.10 ipv6 mld snooping vlan mrouter-port learnpim6 ................
Page 38 SGS-6341 Series Command Guide 47.22 ) ....................47-22 PERMIT DENY MAC EXTENDED 47.23 ) ....................47-24 PERMIT DENY IP EXTENDED 47.24 ........................47-26 SHOW ACCESS LISTS 47.25 ......................... 47-27 SHOW ACCESS GROUP 47.26 .......................... 47-28 SHOW FIREWALL 47.27 ......................47-28...
Page 39 SGS-6341 Series Command Guide 49.2 ........................49-1 DEBUG IPV ND COUNT 49.3 ...................... 49-2 DEBUG SWITCHPORT ARP COUNT 49.4 ..................... 49-2 DEBUG SWITCHPORT MAC COUNT 49.5 ......................49-3 DEBUG SWITCHPORT ND COUNT 49.6 ......................... 49-4 DEBUG VLAN MAC COUNT 49.7 ........................
Page 40 SGS-6341 Series Command Guide 52.8 .......................... 52-5 DEBUG AAA ERROR 52.9 4 ..........................52-5 RADIUS NAS 52.10 6 ........................... 52-6 RADIUS NAS 52.11 ....................52-7 RADIUS SERVER ACCOUNTING HOST 52.12 ..................52-8 RADIUS SERVER AUTHENTICATION HOST 52.13 ......................52-9 RADIUS...
Page 41 SGS-6341 Series Command Guide 56.3 ..................... 56-2 DEBUG MAC AUTHENTICATION BYPASS 56.4 ................... 56-2 AUTHENTICATION BYPASS BINDING LIMIT 56.5 .................... 56-3 AUTHENTICATION BYPASS ENABLE 56.6 ..................56-3 AUTHENTICATION BYPASS GUEST VLAN 56.7 ..............56-4 AUTHENTICATION BYPASS SPOOFING GARP CHECK 56.8 ..............
Page 42 SGS-6341 Series Command Guide 58.1.11 savi ipv6 mac-binding-limit ........................ 58-7 58.1.12 savi max-dad-dalay ........................... 58-8 58.1.13 savi max-dad-prepare-delay ......................58-8 58.1.14 savi max-slaac-life ..........................58-9 58.1.15 savi timeout bind-protect ........................58-9 58.2 C ..................58-10 OMMANDS FOR ONITOR AND EBUG 58.2.1 Monitor and Debugg .........................
Page 43 SGS-6341 Series Command Guide 61.4 ............................61-3 DISABLE 61.5 ............................61-3 ENABLE 61.6 ..........................61-4 PREEMPT MODE 61.7 ............................61-5 PRIORITY 61.8 .......................... 61-5 ROUTER IPV VRRP 61.9 ..........................61-6 SHOW IPV VRRP 61.10 ....................... 61-7 VIRTUAL INTERFACE CHAPTER 62 COMMANDS FOR MRPP ...............62-1 62.1...
Page 44 SGS-6341 Series Command Guide 63.16 ....................63-9 SHOW ULPP FLUSH RECEIVE PORT 63.17 ........................63-9 SHOW ULPP GROUP 63.18 ........................63-10 ULPP CONTROL VLAN 63.19 ......................63-11 ULPP FLUSH DISABLE ARP 63.20 ......................63-11 ULPP FLUSH DISABLE MAC 63.21 ......................63-12 ULPP FLUSH ENABLE ARP 63.22...
Page 45 SGS-6341 Series Command Guide 68.2 ............................ 68-8 DEBUG SNTP 68.3 ..........................68-9 SNTP POLLTIME 68.4 ..........................68-9 SNTP SERVER 68.5 ........................... 68-10 SHOW SNTP CHAPTER 69 COMMANDS FOR NTP ................69-1 69.1 ..........................69-1 CLOCK TIMEZONE 69.2 ......................... 69-1 DEBUG NTP ADJUST 69.3...
Page 46 SGS-6341 Series Command Guide 70.14 ..................... 70-8 IP DNS SERVER QUEUE TIMEOUT CHAPTER 71 COMMANDS FOR SUMMER TIME ............71-1 71.1 ...................... 71-1 CLOCK SUMMER TIME ABSOLUTE 71.2 ....................71-2 CLOCK SUMMER TIME RECURRING 71.3 ....................71-2 CLOCK SUMMER TIME RECURRING CHAPTER 72 COMMANDS FOR SHOW ..............72-3...
Page 47 SGS-6341 Series Command Guide 73.2 ..........................73-1 RELOAD CANCEL 73.3 ..........................73-2 SHOW RELOAD CHAPTER 74 COMMANDS FOR DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY CPU ..................74-1 74.1 ....................... 74-1 CLEAR CPU STAT PROTOCOL 74.2 ......................74-1 RATELIMIT PROTOCOL 74.3...
Page 48 SGS-6341 Series Command Guide 77.7 ..............77-5 SHOW VSF CPU DATABASE MEMBER BASIC INFORMATION 77.8 .............. 77-7 SHOW VSF CPU DATABASE MEMBER RUNNING INFORMATION 77.9 ..............77-8 SHOW VSF CPU DATABASE MEMBER PORT INFORMATION 77.10 ............77-8 SHOW VSF CPU...
Page 49: Chapter 1 Commands For Basic Switch Configuration
SGS-6341 Series Command Guide Chapter 1 Commands for Basic Switch Configuration 1.1 Commands for Basic Configuration 1.1.1 Authentication line login Command: authentication line {console | sty | web} login {local | radius | tacacs} No authentication line {console | sty | web} login...
Page 50: Banner
SGS-6341 Series Command Guide Switch(config)# authentication line vty login local radius Relative Command: aaa enable, radius-server authentication host, tacacs-server authentication host, tacacs-server key 1.1.2 banner Command: banner motd <LINE> no banner motd Function: This command is used to configure the information displayed when the login authentication of a telnet or console user is successful, the no command configures that the information is not displayed when the authentication is successful.
Page 51: Boot Startup-Config
SGS-6341 Series Command Guide Command Mode: Admin Mode. Default: The factory original configuration only specifies the first booting IMG file, the nos.img file in the FLASH, without the second one. Example: Set flash:/nos.img as the second booting IMG file used in the next booting of the system.
Page 52: Clock Set
SGS-6341 Series Command Guide 1.1.5 clock set Command: clock set <HH:MM:SS> <YYYY.MM.DD> Function: Set system date and time. Parameter: <HH:MM:SS>is the current time, and the valid scope for HH is 0 to 23, MM and SS 0 to 59; <YYYY.MM.DD> is the current year, month and date, and the valid scope for YYYY is 1970~2038, MON meaning month, and DD between 1 to 31.
Page 53: Debug Ssh-Server
SGS-6341 Series Command Guide 1.1.7 debug ssh-server Command: debug ssh-server no debug ssh-server Function: Display SSH server debugging information; the “no debug ssh-server” command stops displaying SSH server debugging information. Default: This function is disabled by default. Command mode: Admin Mode.
Page 54: Enable Password
SGS-6341 Series Command Guide Example: Switch>enable Switch# 1.1.10 enable password Command: enable password [0|7] <password> no enable password Function: Configure the password used for enter Admin Mode from the User Mode, The “no enable password” command deletes this password. Parameter: password is the password for the user.
Page 55: Exec-Timeout
SGS-6341 Series Command Guide 1.1.12 exec-timeout Command: exec-timeout <minutes> [<seconds>] no exec-timeout Function: Configure the timeout of exiting admin mode. The “no exec-timeout” command restores the default value. Parameters: <minute> is the time value shown in minute and ranges between 0~35791.
Page 56: Help
SGS-6341 Series Command Guide Switch# 1.1.14 help Command: help Function: Output brief description of the command interpreter help system. Command mode: All configuration modes. Usage Guide: An instant online help provided by the switch. Help command displays information about the whole help system, including complete help and partial help.
Page 57: Ip Host
SGS-6341 Series Command Guide Usage Guide: With this command, the user can set the CLI prompt of the switch according to their own requirements. Example: Set the prompt to “Test”. Switch(config)#hostname Test Test(config)# 1.1.16 ip host Command: ip host <hostname> <ip_addr>...
Page 58: Ip Http Server
SGS-6341 Series Command Guide <hostname> is the name of the host, containing max 15 characters; <ipv6_addr> is the IPv6 address corresponding to the host name. <all> is all the host address. Command Mode: Global Mode Usage Guide: Configure a fixed corresponding relationship between the host and the IPv6 address, applicable in commands such as “traceroute6 <host>”, etc.
Page 59: Login
SGS-6341 Series Command Guide Parameter: chinese for Chinese display; english for English display. Command mode: Admin and Config Mode. Default: The default setting is English display. Usage Guide: Switch provides help information in two languages, the user can select the language according to their preference.
Page 60: Reload
SGS-6341 Series Command Guide Parameter: password is the configured code. Encryption will be performed by entering 8. Command mode: Global mode Default: This password is empty by system default Usage guide: When both this password and login command are configured, users have to enter the password set by password command to enter normal user mode on console.
Page 61: Service Terminal-Length
SGS-6341 Series Command Guide function however encrypted passwords remain unchanged. Example: Encrypt system passwords Switch(config)#service password-encryption 1.1.24 service terminal-length Command: service terminal-length <0-512> no service terminal-length Function: Configure the columns of characters displayed in each screen on terminal (vty). The “no service terminal-length”...
Page 62: Syslocation
SGS-6341 Series Command Guide Usage guide: The user can set the factory contact mode bases the fact instance. Example: Set the factory contact mode to test. Switch(config)#sysContact test 1.1.26 sysLocation Command: sysLocation <LINE> no sysLocation Function: Set the factory address, the “no sysLocation” command reset the switch to factory settings.
Page 63: Setup
SGS-6341 Series Command Guide Note: After the command, “write” command must be executed to save the operation. The switch will reset to factory settings after restart. Example: Switch#set default Are you sure? [Y/N] = y Switch#write Switch#reload 1.1.28 setup Command:...
Page 64: Show Cpu Usage
SGS-6341 Series Command Guide 1.1.30 show cpu usage Command: show cpu usage [<slotno>] Function: Show CPU usage rate. Command mode: Admin and Configuration Mode. Usage Guide: Check the current usage of CPU resource by show cpu usage command. Only the chassis switch uses slotno parameter which is used to show the CPU usage rate of the card on specified slot, if there is no parameter, the default is current card.
Page 65: Show Privilege
SGS-6341 Series Command Guide 1.1.32 show privilege Command: show privilege Function: Show privilege of the current users. Command mode: All configuration modes Example: Show privilege of the current user. Switch(Config)#show privilege Current privilege level is 15 1.1.33 show temperature Command:...
Page 66: Show Version
SGS-6341 Series Command Guide “more”. Command mode: Admin and Configuration Mode. Usage Guide: This command is used to collect the relative information when the switch operation is malfunctioned. Example: Switch#show tech-support 1.1.35 show version Command: show version Function: Display the version information of the switch.
Page 67: Web Language
SGS-6341 Series Command Guide Usage Guide: There are two available choices for the preferences of the registered commands in the switch. They are 1 and 15. Preference of 1 is for the commands of the normal user configuration mode. Preference of 15 is for the commands registered in modes other than the normal user configuration modes.
Page 68: Write
SGS-6341 Series Command Guide The user can select the language according to their preference. 1.1.38 write Command: write Function: Save the currently configured parameters to the Flash memory. Command mode: Admin Mode. Usage Guide: After a set of configuration with desired functions, the setting should be saved to the Flash memory, so that the system can revert to the saved configuration automatically in the case of accidentally powered off or power failure.
Page 69: Authentication Ipv6 Access-Class
SGS-6341 Series Command Guide 1.2.2 authentication ipv6 access-class Command: authentication ipv6 access-class {<num-std>|<name>} no authentication ipv6 access-class Function: Binding standard IPv6 ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL. Parameters: <num-std> is the access-class number for standard numeric ACL, ranging between 500-599;...
Page 70: Authentication Securityip
SGS-6341 Series Command Guide method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used. The authentication line console login command is exclusive with the “login” command. The authentication line console login command configures the switch to use the Console login method.
Page 71: Authentication Securityipv6
SGS-6341 Series Command Guide 1.2.5 authentication securityipv6 Command: authentication securityipv6 <ipv6-addr> no authentication securityipv6 <ipv6-addr> Function: To configure the trusted IPv6 address for Telnet and HTTP login method. The no form of this command will remove the specified configuration. Parameters: <ipv6-addr>...
Page 72: Terminal Length
SGS-6341 Series Command Guide lower preferences will be ignored. To be mentioned, if the user receives corresponding protocol’s answer whether refuse or incept, it will not attempt the next authorization method; it will attempt the next authorization method if it receives nothing.
Page 73: Telnet
SGS-6341 Series Command Guide Function: Copy debugging messages to current display terminal; the “terminal no monitor” command restores to the default value. Command mode: Admin Mode. Usage guide: Configures whether the current debugging messages is displayed on this terminal. If this command is configured on telnet or SSH clients, debug messages will be sent to that client.
Page 74: Telnet Server Enable
SGS-6341 Series Command Guide login:123 password:*** XGS3> 1.2.10 telnet server enable Command: telnet server enable no telnet server enable Function: Enable the Telnet server function in the switch: the “no telnet server enable” command disables the Telnet function in the switch.
Page 75: Ssh-Server Authentication-Retries
SGS-6341 Series Command Guide None. Example: Set the max connection number supported by the Telnet service as 10. Switch(config)#telnet-server max-connection 10 1.2.12 ssh-server authentication-retries Command: ssh-server authentication-retries <authentication-retries> no ssh-server authentication-retries Function: Configure the number of times for retrying SSH authentication; the “no ssh-server authentication-retries”...
Page 76: Ssh-Server Host-Key Create Rsa
SGS-6341 Series Command Guide Example: Enable SSH function on the switch. Switch(config)#ssh-server enable 1.2.14 ssh-server host-key create rsa Command: ssh-server host-key create rsa [modulus < modulus >] Function: Generate new RSA host key. Parameter: modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The default value is 1024.
Page 77: Ssh-Server Timeout
SGS-6341 Series Command Guide Default: The system default value of the max connection number is 5. Command Mode: Global Mode Usage Guide: None. Example: Set the max connection number supported by the SSH service as 10. Switch(config)#ssh-server max-connection 10 1.2.16 ssh-server timeout Command: ssh-server timeout <timeout>...
Page 78: Show Telnet Login
SGS-6341 Series Command Guide Example: Switch#show ssh-server ssh server is enabled ssh-server timeout 180s ssh-server authentication-retries 3 ssh-server max-connection number 6 ssh-server login user number 2 1.2.18 show telnet login Command: show telnet login Function: Display the information of the Telnet client which currently establishes a Telnet connection with the switch.
Page 79: Commands For Configuring Switch Ip
SGS-6341 Series Command Guide 1.3 Commands for Configuring Switch IP 1.3.1 interface vlan Command: interface vlan <vlan-id> no interface vlan <vlan-id> Function: Enter the VLAN interface configuration mode; the no operation of this command will delete the existing VLAN interface.
Page 80: Ipv6 Address
SGS-6341 Series Command Guide Usage Guide: A VLAN interface must be created first before the user can assign an IP address to the switch. Example: Set 10.1.128.1/24 as the IP address of VLAN1 interface. Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 10.1.128.1 255.255.255.0...
Page 81: Ip Bootp-Client Enable
SGS-6341 Series Command Guide 1.3.4 ip bootp-client enable Command: ip bootp-client enable no ip bootp-client enable Function: Enable the switch to be a BootP Client and obtain IP address and gateway address through BootP negotiation; the “no ip bootp-client enable” command disables the BootP Client function and releases the IP address obtained in BootP.
Page 82: Commands For Snmp
SGS-6341 Series Command Guide Command mode: VLAN Interface Mode Usage Guide: Obtaining IP address by DHCP, Manual configuration and BootP are mutually exclusive, enabling any 2 methods for obtaining an IP address is not allowed. Example: Getting an IP address through DHCP.
Page 83: Rmon Enable
SGS-6341 Series Command Guide Usage Guide: When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes. Example: Switch#debug snmp kernel 1.4.3 rmon enable Command: rmon enable no rmon enable Function: Enable RMON; the “no rmon enable” command disables RMON.
Page 84: Show Snmp
SGS-6341 Series Command Guide 1.4.5 show snmp Command: show snmp Function: Display all SNMP counter information. Command mode: Admin and Configuration Mode. Example: Switch#show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied...
Page 85: Show Snmp Engineid
SGS-6341 Series Command Guide number of requested variable Number of variables requested by NMS. number of altered variables Number of variables set by NMS. get-request PDUs Number of packets received by “get” requests. get-next PDUs Number of packets received by “getnext”...
Page 86: Show Snmp Group
SGS-6341 Series Command Guide 1.4.7 show snmp group Command: show snmp group Function: Display the group information commands. Command Mode: Admin and Configuration Mode. Example: Switch#show snmp group Group Name:initial Security Level:noAuthnoPriv Read View:one Write View:<no writeview specified> Notify View:one...
Page 87: Show Snmp User
SGS-6341 Series Command Guide Function: Display SNMP configuration information. Command mode: Admin and Configuration Mode. Example: Switch#show snmp status Trap enable RMON enable Community Information: V1/V2c Trap Host Information: V3 Trap Host Information: Security IP Information: Displayed information Description Community string...
Page 88: Show Snmp View
SGS-6341 Series Command Guide Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 1.4.11 show snmp view Command: show snmp view Function: Display the view information commands. Command Mode: Admin and Configuration Mode.
Page 89: Snmp-Server Enable
SGS-6341 Series Command Guide Parameter: <string> is the community string set; ro | rw is the specified access mode to MIB, ro for read-only and rw for read-write. <num-std> is the access-class number for standard numeric ACL, ranging between 1-99;...
Page 90: Snmp-Server Enable Traps
SGS-6341 Series Command Guide Command mode: Global mode Default: SNMP proxy server function is disabled by system default. Usage guide: To perform configuration management on the switch with network manage software, the SNMP proxy server function has to be enabled with this command.
Page 91: Snmp-Server Engineid
SGS-6341 Series Command Guide 1.4.15 snmp-server engineid Command: snmp-server engineid <engine-string> no snmp-server engineid Function: Configure the engine ID; the “no" form of this command restores to the default engine ID. Command Mode: Global mode Parameter: <engine-string> is the engine ID shown in 1-32 digit hex characters.
Page 92: Snmp-Server Host
SGS-6341 Series Command Guide read-string Name of readable view which includes 1-32 characters write-string Name of writable view which includes 1-32 characters notify-string Name of trappable view which includes 1-32 characters <num-std> is the access-class number for standard numeric ACL, ranging between 1-99;...
Page 93: Snmp-Server Securityip
SGS-6341 Series Command Guide user name at v3. Usage Guide: The Community character string configured in this command is the default community string of the RMON event group. If the RMON event group has no community character string configured, the community character string configured in this command will be applied when sending the Trap of RMON, and if the community character string is configured, its configuration will be applied when sending the RMON trap.
Page 94: Snmp-Server Trap-Source
SGS-6341 Series Command Guide 1.4.19 snmp-server securityip Command: snmp-server securityip {enable | disable} Function: Enable/disable the safety IP address authentication on NMS manage station. Command Mode: Global Mode Default: Enable the safety IP address authentication function. Example: Disable the safety IP address authentication function.
Page 95: Snmp-Server User
SGS-6341 Series Command Guide 1.4.21 snmp-server user Command: snmp-server user <use-string> <group-string> [{authPriv | authNoPriv} auth {md5 | sha} <word>] [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}] no snmp-server user <user-string> [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}] Function: Add a new user to an SNMP group; the "no” form of this command deletes this user.
Page 96: Snmp-Server View
SGS-6341 Series Command Guide 1.4.22 snmp-server view Command: snmp-server view <view-string> <oid-string> {include | exclude} no snmp-server view <view-string> [ <oid-string> ] Function: This command is used to create or renew the view information; the “no" form of this command deletes the view information.
Page 97 SGS-6341 Series Command Guide <destination-url> vary depending on different locations of the files or directories. ascii indicates the ASCII standard will be adopted; binary indicates that the binary system will be adopted in the file transmission（default transmission method）.When URL represents an FTP address, its form should be: ftp://<username>:<password>@{<ipaddress>|<ipv6address>|<hostname>...
Page 98: Copy（Tftp
SGS-6341 Series Command Guide Relevant Command: Write 1.5.2 copy（TFTP） Command: copy <source-url> <destination-url> [ascii | binary] Function: Download files to the TFTP client. Parameter: <source-url> is the location of the source files or directories to be copied; <destination-url> is the destination address to which the files or directories to be copied; forms of <source-url> and <destination-url>...
Page 99: Ftp-Dir
SGS-6341 Series Command Guide Switch#copy tftp://10.1.1.1/nos.img nos.img (3) Save images in the FLASH to the TFTP server of 2004:1:2:3::6 Switch#copy nos.img tftp:// 2004:1:2:3::6/ nos.img (4) Obtain system file nos.img from the TFTP server 2004:1:2:3::6 Switch#copy tftp:// 2004:1:2:3::6/nos.img nos.img (5) Save the running configuration files...
Page 100: Ftp-Server Timeout
SGS-6341 Series Command Guide Default: FTP server is not started by default. Command mode: Global Mode Usage Guide: When FTP server function is enabled, the switch can still perform ftp client functions. FTP server is not started by default. Example: enable FTP server service.
Page 101: Ip Ftp
SGS-6341 Series Command Guide 1.5.6 ip ftp Command: ip ftp username <username> password [type {0 | 7}] <password> no ip ftp username <username> Function: Configure the username and password for logging in to the FTP; the no operation of this command will delete the configured username and password simultaneously.
Page 102: Show Tftp
SGS-6341 Series Command Guide 1.5.8 show tftp Command: show tftp Function: Display the parameter settings for the TFTP server. Default: No display by default. Command mode: Admin and Configuration Mode. Example: Switch#show tftp timeout : 60 Retry Times : 10...
Page 103: Tftp-Server Retransmission-Number
SGS-6341 Series Command Guide Switch#config Switch(config)#tftp-server enable Relative Command: tftp-server timeout 1.5.10 tftp-server retransmission-number Command: tftp-server retransmission-number <number> Function: Set the retransmission time for TFTP server. Parameter: <number> is the time to re-transfer, the valid range is 1 to 20.
Page 104 SGS-6341 Series Command Guide Switch(config)#tftp-server transmission-timeout 60 1-104...
Page 105: Chapter 2 File System Commands
SGS-6341 Series Command Guide Chapter 2 File System Commands 2.1 cd Command: cd <directory> Function: Change the working directory for the storage device. Parameters: <directory> is the sub-directory name, a sequence of consecutive characters whose length ranges from 1 to 80.
Page 106: Delete
SGS-6341 Series Command Guide “ftp://username:pass@server-ip/file-name” “tftp://server-ip/file-name” 2. The prefix of the destination file URL should be in one of the following forms: starting with “flash:/” “ftp://username:pass@server-ip/file-name” “tftp://server-ip/file-name” Command Mode: Admin Mode. Usage Guide: 1. In this command, when the prefix of the source file URL is ftp:// or tftp://, that of the destination file URL should not be either of them.
Page 107: Dir
SGS-6341 Series Command Guide Switch#delete flash:/nos5.img Delete file flash:/nos5.img?[Y:N]y Deleted file flash:/nos.img. 2.4 dir Command: dir [WORD] Function: Display the information of the designated directory on the storage device. Parameters: <WORD> is the name of the shown directory. There may be the following formats: directory name, slot-xx#directory name, flash:/directory name, cf:/directory name.
Page 108: Mkdir
SGS-6341 Series Command Guide Parameters: <device> is the name of the device to be formatted. Command Mode: Admin Mode. Default Settings: None. Usage Guide: 1. After formatting, all files on the storage device will be irrecoverably lost. 2. The only acceptable file system type of Format is FAT 32, without exception.
Page 109: Rename
SGS-6341 Series Command Guide Example: Display the current working directory. Switch#pwd flash:/ Switch# 2.8 rename Command: ename <source-file-url> <new-filename > Function: Rename a designated file on the switch. Parameters: <source-file-url>is the source file, in which whether specifying or not its path are both acceptable;...
Page 110 SGS-6341 Series Command Guide Default Settings: None. Usage Guide: The directory to be deleted should exist and be empty, that is, all files in the directory should be deleted before deleting it, or an error prompt will be displayed. 2-110...
Page 111: Chapter 3 Commands For Cluster
SGS-6341 Series Command Guide Chapter 3 Commands for Cluster 3.1 clear cluster nodes Command: clear cluster nodes [nodes-sn <candidate-sn-list> | mac-address <mac-addr>] Function: Clear the nodes in the candidate list found by the commander switch. Parameters: c andidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be specified.
Page 112: Cluster Commander
SGS-6341 Series Command Guide Usage Guide： After enabling this command on a commander switch, candidate switches will be automatically added as members. Example: Enable the auto adding function in the commander switch. Switch(config)#cluster auto-add 3.3 cluster commander Command: cluster commander [<cluster-name>]...
Page 113: Cluster Keepalive Interval
SGS-6341 Series Command Guide commander-ip: cluster IP address pool for allocating internal IP addresses of the cluster commander-ip is the head address of the address pool, of which the valid format is 10.x.x.x, in dotted-decimal notation; the address pool should be big enough to hold 128 members, which requires the last byte of addresses to be less than 126 （254 –...
Page 114: Cluster Keepalive Loss-Count
SGS-6341 Series Command Guide received DP messages with DR messages. The no operation of this command will restore the keepalive interval in the cluster back to its default value. Example: Set the keepalive interval in the cluster to 10 seconds.
Page 115: Cluster Member
SGS-6341 Series Command Guide 3.7 cluster member Command: cluster member {nodes-sn <candidate-sn-list> | mac-address <mac-addr> [id <member-id>]} no cluster member {id <member-id> | mac-address <mac-addr>} Function: On a commander switch, manually add candidate switches into the cluster created by it.
Page 116: Cluster Reset Member
SGS-6341 Series Command Guide members to manually added ones to keep them. Command Mode: Global Mode. Usage Guide: Execute this command on a switch to change automatically added members to manually added ones. Example: change automatically added members to manually added ones.
Page 117: Cluster Update Member
SGS-6341 Series Command Guide Parameter: key：all keys in one cluster should be the same, no longer than 16 characters. vid：vlan id of the cluster, whose range is 1-4094. Command mode: Global Mode Default: Cluster function is disabled by default, key: NULL(\0) vid：1.
Page 118: Debug Cluster
SGS-6341 Series Command Guide Command mode: Admin Mode Usage Guide: The commander distributes the remote upgrade command to members via the TCP connections between them, causing the number to implement the remote upgrade and reboot. Trying to execute this command on a non-commander switch will return errors.
Page 119: Show Cluster
SGS-6341 Series Command Guide Enable the debug information; the no command disables the debug switch. Parameters: DP: discovery messages. DR: responsive messages. CP: command messages. receive: receive messages. send: send messages. Command Mode: Admin Mode. Usage Guide: Enable the debug information of cluster messages. After enabling classification, all DP, DR and CP messages sent or received in the cluster will be printed.
Page 120: Show Cluster Members
SGS-6341 Series Command Guide Number of Candidates: 3 ----in a member ---------------------------- Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Member Commander Ip Address: 10.254.254.1 Internal Ip Address: 10.254.254.2 Commamder Mac Address: 00-12-cf-39-1d-90 ---- a candidate ---------------------------- Switch#show cluster Status: Enabled...
Page 121: Show Cluster Candidates
SGS-6341 Series Command Guide Switch#show cluster members Member From : User config(U); Auto member (A) ID From Status Hostname Description Internal IP --- - ----------- ----------------- ------------ ------------ --------------- xxx x xxxxxxxxxx12 xx-xx-xx-xx-xx-xx xxxxxxxxxx12 xxxxxxxxxx12 xxx.xxx.xxx.xxx 1 U Inactive 00-01-02-03-04-05 MIS_zebra SGS-6341-24T4X 10.254.254.2...
Page 122: Show Cluster Topology
SGS-6341 Series Command Guide Description Hostname --- ----------------- ------------------------ ------------------------ xxx xx-xx-xx-xx-xx-xx xxxxxxxxxxxxxxxxxxxxxx24 xxxxxxxxxxxxxxxxxxxxxx24 1 00-01-02-03-04-06 SGS-6341-24T4X 2 01-01-02-03-04-05 SGS-6341-24T4X MIS_zebra 3.17 show cluster topology Command: show cluster topology [root-sn <starting-node-sn> | nodes-sn <node-sn-list> | mac-address <mac-addr>] Function: Display cluster topology information. This command only applies to commander switches.
Page 123 SGS-6341 Series Command Guide 6 SGS-6341-24T4X LAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1 eth 1/3 ---------------------------------------------------------- Switch#show cluster topology root-sn 2 Role: commander(CM);Member(M);Candidate(CA);Other commander(OC);Other member(OM) SN Description Hostname Role MAC_ADDRESS Upstream Upstream leaf local-port remote-port node == ============ ============ == ================= ============ ============ =...
Page 124: Rcommand Commander
SGS-6341 Series Command Guide 3.18 rcommand commander Command: rcommand commander Function: In the member switch, use this command to configure the commander switch. Command mode: Admin Mode. Instructions: This command is used to configure the commander switch remotely. Users have to telnet the commander switch by passing the authentication.
Page 125: Chapter 4 Commands For Network Port Configuration
SGS-6341 Series Command Guide Chapter 4 Commands for Network Port Configuration 4.1 Commands for Ethernet Port Configuration 4.1.1 bandwidth Command: bandwidth control <bandwidth> {transmit | receive | both} no bandwidth control Function: Enable the bandwidth limit function on the port; the no command disables this function.
Page 126: Combo-Forced-Mode
SGS-6341 Series Command Guide 4.1.2 combo-forced-mode Command: combo-forced-mode { copper-forced | sfp-forced } Function: Sets to combo port mode (combo ports only). Parameters: copper-forced forces use of copper cable port; sfp-forced forces use of fiber cable port. Command mode: Port Mode.
Page 127: Clear Counters Interface
SGS-6341 Series Command Guide 4.1.3 clear counters interface Command: clear counters interface [{ethernet <interface-list> | vlan <vlan-id> | port-channel <port-channel-number> | <interface-name>}] Function: Clears the statistics of the specified port. Parameters: <interface-list> stands for the Ethernet port number; <vlan-id> stands for the VLAN interface number;...
Page 128: Interface Ethernet
SGS-6341 Series Command Guide switch will automatically start HOL control (discarding some packets in the COS queue that may result in HOL) to prevent drastic degradation of network performance. Note: Port flow control function is not recommended unless the users need a slow speed, low performance network with low packet loss.
Page 129: Mdi
SGS-6341 Series Command Guide Command mode: Port Mode. Default: Loopback test is disabled in Ethernet port by default. Usage Guide: Loopback test can be used to verify the Ethernet ports are working normally. After loopback has been enabled, the port will assume a connection established to itself, and all traffic sent from the port will be received at the very same port.
Page 130: Name
SGS-6341 Series Command Guide 4.1.8 name Command: name <string> no name Function: Set name for specified port; the “no name” command cancels this configuration. Parameter: <string> is a character string, which should not exceeds 200 characters. Command Mode: Port Mode.
Page 131: Port-Rate-Statistics Interval
SGS-6341 Series Command Guide Usage Guide: This command applies to 1000Base-FX interface only. The negotiation command is not available for 1000Base-TX or 100Base-TX interface. For combo port, this command applies to the 1000Base-FX port only but has no effect on the 1000Base-TX port.
Page 132: Rate-Suppression
SGS-6341 Series Command Guide Parameters: interrupt: the interrupt mode; poll: the poll mode. Command mode: Global Mode. Default: Poll mode. Usage Guide: There are two modes that can respond up/down event of the port. The interrupt mode means that interrupt hardware to announce the up/down change, the poll mode means that software poll can obtain the port event, the first mode is rapid.
Page 133: Rate-Violation
SGS-6341 Series Command Guide Usage Guide: All ports in the switch belong to a same broadcast domain if no VLAN has been set. The switch will send the above mentioned three traffics to all ports in the broadcast domain, which may result in broadcast storm and so may greatly degrade the switch performance.
Page 134: Show Interface
SGS-6341 Series Command Guide Example: Set the rate-violation of port 8-10 (GB ports) of the switch as 10000pps and the port recovery time as 1200 seconds. Switch(config)#interface ethernet 1/0/8-10 Switch(Config-Port-Range)#rate-violation 10000 recovery 1200 4.1.14 show interface Command: show interface [ethernet <interface-number> | port-channel <port-channel-number> | loopback <loopback-id>...
Page 135 SGS-6341 Series Command Guide For ethernet port, using status to show important information of all the layer 2 ports by list format. each port is a row, the showing information include port number, Link, Protocl status, Speed, Duplex, Vlan, port type and port name;...
Page 136 SGS-6341 Series Command Guide Input queue 0/600, 0 drops 0 packets input, 0 bytes, 0 no buffer 0 input errors, 0 CRC, 0 frame alignment, 0 overrun 0 ignored, 0 abort, 0 length error Output packets statistics: 0 packets output, 0 bytes, 0 underruns...
Page 137 SGS-6341 Series Command Guide The last 5 second input rate 0 bytes/sec, 0 packets/sec The last 5 second output rate 0 bytes/sec, 0 packets/sec Input packets statistics: 0 input packets, 0 bytes, 0 no buffer 0 unicast packets, 0 multicast packets, 0 broadcast packets...
Page 138: Shutdown
SGS-6341 Series Command Guide 1/0/2 1/0/3 5m 0 1/0/4 5m 0 … 4.1.15 shutdown Command: shutdown no shutdown Function: Shuts down the specified Ethernet port; the “no shutdown” command opens the port. Command mode: Port Mode. Default: Ethernet port is open by default.
Page 139: Virtual-Cable-Test
SGS-6341 Series Command Guide Parameters: auto is the auto speed and duplex negotiation, 10 is 10Mbps speed, 100 is 100Mbps speed, 1000 is 1000Mbps speed, auto is duplex negotiation, full is full-duplex, half is half-duplex; force10-half is the forced 10Mbps at half-duplex mode;...
Page 140 SGS-6341 Series Command Guide Function: Test the link of the twisted pair cable connected to the Ethernet port. The response may include: well, short, open, fail. If the test information is not well, the location of the error will be displayed (how many meters it is away from the port).
Page 141: Isolate-Port Group
SGS-6341 Series Command Guide Chapter 5 Commands for Port Isolation Function 5.1 isolate-port group Command: isolate-port group <WORD> no isolate-port group <WORD> Function: Set a port isolation group, which is the scope of isolating ports; the no operation of this command will delete a port isolation group and remove all ports out of it.
Page 142: Isolate-Port Apply
SGS-6341 Series Command Guide another port isolation group, they will remain isolated from the ports in that group. If an Ethernet port is a member of a convergence group, it should not be added into a port isolation group, and vice versa, a member of a port isolation group should not be added into an aggregation group.
Page 143: Show Isolate-Port Group
SGS-6341 Series Command Guide Only apply port isolation to layer-2 flows on the switch. Switch(config)#isolate-port apply l2 5.4 show isolate-port group Command: show isolate-port group [<WORD>] Function: Display the configuration of port isolation, including all configured port isolation groups and Ethernet ports in each group.
Page 144: Debug Loopback-Detection
SGS-6341 Series Command Guide Chapter 6 Commands for Port Loopback Detection Function 6.1 debug loopback-detection Command: debug loopback-detection Function: After enabling the loopback detection debug on a port, BEBUG information will be generated when sending, receiving messages and changing states.
Page 145: Loopback-Detection Control-Recovery Timeout
SGS-6341 Series Command Guide MAC address of the port. Default: Disable the function of loopback diction control. Command Mode: Port Mode. Usage Guide: If there is any loopback, the port will not recovery the state of be controlled after enabling control operation on the port.
Page 146: Loopback-Detection Interval-Time
SGS-6341 Series Command Guide Enable automatic recovery of the loopback-detection control mode after 30s. Switch(config)# loopback-detection control-recovery timeout 30 6.4 loopback-detection interval-time Command: loopback-detection interval-time <loopback> <no-loopback> no loopback-detection interval-time Function: Set the loopback detection interval. The no operate closes the loopback detection interval function.
Page 147: Show Loopback-Detection
SGS-6341 Series Command Guide Disable the function of detecting the loopbacks through the port. Command Mode: Port Mode. Usage Guide: If a port can be a TRUNK port of multiple Vlans, the detection of loopbacks can be implemented on the basis of port+Vlan, which means the objects of the detection can be the specified Vlans on a port.
Page 148: Chapter 7 Commands For Uldp
SGS-6341 Series Command Guide Chapter 7 Commands for ULDP 7.1 debug uldp Command: debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME no debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME Function: Enable the debugging for receiving and sending the specified packets or all ULDP packets on port.
Page 149: Debug Uldp Event
SGS-6341 Series Command Guide Usage Guide: Use this command to display the error message. Example: Display the error message. Switch#debug uldp error 7.3 debug uldp event Command: debug uldp event no debug uldp event Function: Enable the message debug function to display the event; the no form command disables this function.
Page 150: Debug Uldp Interface Ethernet
SGS-6341 Series Command Guide Default: Disabled by default. Usage Guide: This command can be used to display the information about state transitions of the specified interfaces. Example: Print the information about state transitions of interface ethernet 1/0/1. Switch#debug uldp fsm interface ethernet 1/0/1 7.5 debug uldp interface ethernet...
Page 151: Uldp Aggressive-Mode
SGS-6341 Series Command Guide Default: Disabled. Usage Guide: Use this command to display the packet that receiving on each interface. Switch# debug uldp packet receive 7.7 uldp aggressive-mode Command: uldp aggressive-mode no uldp aggressive-mode Function: To configure ULDP to work in aggressive mode. The no form of this command will restore the normal mode.
Page 152: Uldp Disable
SGS-6341 Series Command Guide Usage Guide: ULDP can be configured for the ports only if ULDP is enabled globally. If ULDP is enabled globally, it will be effect for all the existing fiber ports. For copper ports and fiber ports which are available after ULDP is enabled, this command should be issued in the port configuration mode to make ULDP be effect.
Page 153: Uldp Manual-Shutdown
SGS-6341 Series Command Guide Parameters: <integer>: The interval for the Hello messages, with its value limited between 5 and 100 seconds, 10 seconds by default. Command Mode: Global Configuration Mode. Default: 10 seconds by default. Usage Guide: Interval for hello messages can be configured only if ULDP is enabled globally, its value limited between 5 and 100 seconds.
Page 154: Show Uldp
SGS-6341 Series Command Guide Function: To reset the port when ULDP is shutdown. Command Mode: Globally Configuration Mode and Port Configuration Mode. Usage Guide: This command can only be effect only if the specified interface is disabled by ULDP. Example: To reset all the port which are disabled by ULDP.
Page 155: Chapter 8 Commands For Lldp Function
Chapter 8 Commands for LLDP Function 8.1 clear lldp remote-table Command: clear lldp remote-table Function: Clear the Remote-table on the port. Default: Do not clear the entries. Command Mode: Port Configuration Mode. Usage Guide: Clear the Remote table entries on this port. Example: Clear the Remote table entries on this port.
Page 156: Debug Lldp Packets
Example: Enable the debug switch of LLDP function on the switch. Switch(config)#debug lldp 8.3 debug lldp packets Command: debug lldp packets interface ethernet <IFNAME> no debug lldp packets interface ethernet <IFNAME> Function: Display the message-receiving and message-sending information of LLDP on the port; the no operation of this command will disable the debug information switch.
Page 157: Lldp Enable (Port)
Usage Guide: If LLDP function is globally enabled, it will be enabled on every port. Example: Enable LLDP function on the switch. Switch(config)# lldp enable 8.5 lldp enable (Port) Command: lldp enable lldp disable Function: Enable the LLDP function module of ports in port configuration mode; disable command will disable the LLDP function module of port.
Page 158: Lldp Msgtxhold
both: Configure the LLDP function as being able to both send and receive messages. disable: Configure the LLDP function as not being able to send or receive messages. Default: The operating state of the port is “both”. Command Mode: Port Configuration Mode. Usage Guide: Choose the operating state of the lldp Agent on the port.
Page 159: Lldp Neighbors Max-Num
8.8 lldp neighbors max-num Command: lldp neighbors max-num < value > no lldp neighbors max-num Function: Set the maximum number of entries can be stored in Remote MIB. Parameters: <value> is the configured number of entries, ranging from 5 to 500. Default: The maximum number of entries can be stored in Remote MIB is 100.
Page 160: Lldp Toomanyneighbors
interval whenever the Remote Table changes. Example: Set the time interval of sending Trap messages as 20 seconds. Switch(config)# lldp notification interval 20 8.10 lldp tooManyNeighbors Command: lldp tooManyNeighbors {discard|delete} Function: Set which operation will be done when the Remote Table is full. Parameters: discard: discard the current message.
Page 161: Lldp Transmit Optional Tlv
When transmit delay is the default value and tx-interval is configured via some commands, transmit delay will become one fourth of the latter, instead of the default 2. Parameters: <seconds>is the time interval, ranging from 1 to 8192 seconds. Default: The interval is 2 seconds by default.
Page 162: Lldp Trap
Switch(config)#in ethernet 1/0/5 Switch(Config-if-ethernet 1/0/5)# lldp transmit optional tlv portDesc sysCap 8.13 lldp trap Command: lldp trap <enable|disable> Function: enable: configure to enable the Trap function on the specified port; disable: configure to disable the Trap function on the specified port. Default: The Trap function is disabled on the specified port by default.
Page 163: Show Debugging Lldp
Usage Guide: After configuring the interval of sending messages, LLDP messages can only be received after a period as long as configured. The interval should be less than or equal with half of aging time, for a too long interval will cause the state of being aged and reconstruction happen too often; while a too short interval will increase the flow of the network and decrease the bandwidth of the port.
Page 164: Show Lldp
8.16 show lldp Command: show lldp Function: Display the configuration information of global LLDP, such as the list of all the ports with LLDP enabled, the interval of sending update messages, the configuration of aging time, the interval needed by the sending module to wait for re-initialization, the interval of sending TRAP, the limitation of the number of the entries in the Remote Table.
Page 165: Show Lldp Neighbors Interface Ethernet
Default: Do not display the configuration information of LLDP on the port. Command Mode: Admin Mode, Global Mode. Usage Guide: Users can check the configuration information of LLDP on the port by using “show lldp interface ethernet XXX”. Example: Check the configuration information of LLDP on the port after LLDP is enabled on the switch. Switch(config)#show lldp interface ethernet 1/0/1 Port name: ethernet 1/0/1...
Page 166: Show Lldp Traffic
8.19 show lldp traffic Command: show lldp traffic Function: Display the statistics of LLDP data packets. Default: Do not display the statistics of LLDP data packets. Command Mode: Admin Mode, Global Mode. Usage Guide: Users can check the statistics of LLDP data packets by using “show lldp traffic”. Example: Check the statistics of LLDP data packets after LLDP is enabled on the switch.
Page 167: Chapter 9 Commands For Port Channel
Chapter 9 Commands for Port Channel 9.1 debug port-channel Command: debug port-channel <port-group-number> {all | event | fsm | packet | timer} no debug port-channel [<port-group-number>] Function: Open the debug switch of port-channel. Parameters: <port-group-number> is the group number of port channel, ranging from 1 to 128 all: all debug information event: debug event information fsm: debug the state machine...
Page 168: Interface Port-Channel
9.2 interface port-channel Command: interface port-channel <port-channel-number> Function: Enters the port channel configuration mode Command mode: Global Mode Usage Guide: On entering aggregated port mode, configuration to GVRP or spanning tree modules will apply to aggregated ports; if the aggregated port does not exist (i.e., ports have not been aggregated), an error message will be displayed and configuration will be saved and will be restored until the ports are aggregated.
Page 169: Lacp System-Priority
Usage Guide: Use this command to modify the port priority of LACP protocol, the no command restores the default value. Example: Set the port priority of LACP protocol. Switch(Config-If-Ethernet1/0/1)# lacp port-priority 30000 9.4 lacp system-priority Command: lacp system-priority <system-priority> no lacp system-priority Function: Set the system priority of LACP protocol.
Page 170: Load-Balance
Command mode: Port Mode Default: Long. Usage Guide: Set the timeout mode of LACP protocol. Example: Set the timeout mode as short in LACP protocol. Switch(Config-If-Ethernet1/0/1)#lacp timeout short 9.6 load-balance Command: load-balance {dst-src-mac | dst-src-ip | dst-src-mac-ip} Function: Set load-balance mode for switch, it takes effect for port-group and ECMP at the same time. Parameter: dst-src-mac performs load-balance according to the source and destination MAC dst-src-ip performs load-balance according to the destination and source IP...
Page 171: Port-Group
9.7 port-group Command: port-group <port-group-number> no port-group <port-group-number> Function: Creates a port group. The no command deletes that group. Parameters: <port-group-number> is the group number of a port channel from 1 to 128. Default: There is no port-group. Command mode: Global Mode Example: Creating a port group.
Page 172: Show Port-Group
Usage Guide: If the specified port group does not exist, then print a error message. All ports in a port group must be added in the same mode, i.e., all ports use the mode used by the first port added. Adding a port in “on”...
Page 173 the third is unselected ports number. ID Mode Partner ID Ports Load-balance ------------------------------------------------------------------------------------- active 0x8000,00-12-cf-4d-e1-a1 8,1,1 dst-src-mac 10 passive 0x8000,00-12-cf-4d-e1-b2 8,2,0 dst-src-ip 20 on 8,0,0 src-ip 2. Display the detailed information of port-group 1. Switch#show port-group 1 detail Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Port-group number: 1, Mode: active,...
Page 174 Ethernet1/0/5 32768 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/6 32768 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/7 32768 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/8 32768 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/23 32768 0x8000, ,A8-F7-E0-01-02-04 Switch# 9-20...
Page 175: Chapter 10 Commands For Jumbo
Chapter 10 Commands for Jumbo 10.1 jumbo enable Command: jumbo enable [<mtu-value>] no jumbo enable Function: Enable the Jumbo receiving function. The no command restores to the normal frame range of 64--1518。 Parameter: mtu-value: the MTU value of jumbo frame that can be received, in byte, ranging from <1500-9000>. The corresponding frame size is <1518/1522-9018/9022>.
Page 176: Chapter 11 Commands For Efm Oam
Chapter 11 Commands for EFM OAM 11.1 clear ethernet-oam Command: clear ethernet-oam [interface {ethernet |} <IFNAME>] Function: Clear the statistic information of packets and link event on specific or all ports for OAM. Parameter: <IFNAME>, the name of the port needs to clear OAM statistic information Command Mode: Admin mode Example:...
Page 177: Debug Ethernet-Oam Fsm
11.3 debug ethernet-oam fsm Command: debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} <IFNAME>] no debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} <IFNAME>] Function: Enable the debugging of OAM state machine, no command disables it. Parameter: <IFNAME>: name of the port that the debugging will be enabled or disabled Command Mode:...
Page 178: Debug Ethernet-Oam Timer
11.5 debug ethernet-oam timer Command: debug ethernet-oam timer {all | pdu_timer | local_lost_link_timer} [interface {ethernet |} <IFNAME>] no debug ethernet-oam timer {all | pdu_timer | local_lost_link_timer} [interface {ethernet | } <IFNAME>] Function: Enable the debugging of refreshing information for specific or all timers, no this command disables the debugging.
Page 179: Ethernet-Oam Errored-Frame Threshold High
11.7 ethernet-oam errored-frame threshold high Command: ethernet-oam errored-frame threshold high {<high-frames> | none} no ethernet-oam errored-frame threshold high Function: Configure the high threshold of errored frame event, no command restores the default value. Parameter: <high-frames>, the high detection threshold of errored frame event, ranging from 2 to 4294967295. none, cancel the high threshold configuration.
Page 180: Ethernet-Oam Errored-Frame Window
Usage Guide: During the specific detection period, errored frame event is induced if the number of errored frame is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU. Note that the low threshold can not be larger than the high threshold. Example: Configure the low threshold of errored frame event on Ethernet 1/0/4 to 100.
Page 181: Ethernet Oam Errored Frame Period Threshold Low
no ethernet-oam errored-frame-period threshold high Function: Configure the high threshold of errored frame period event, no command restores the default value. Parameter: <high-frames>, the high detection threshold of errored frame period event, ranging from 2 to 4294967295. none, cancel the high threshold configuration. Default: none Command Mode:...
Page 182: Ethernet-Oam Errored-Frame-Period Window
Usage Guide: During the specific detection period, errored frame period event is induced if the number of errored frame is larger than or equal to the low threshold and the device notifies the peer by event notification OAMPDU. Note that the low threshold should not be larger than the high threshold. Example: Configure the low threshold of errored frame period event on port 1/0/4 to 100.
Page 183: Ethernet - Oam Errored - Frame - Seconds Threshold High
11.13 ethernet-oam errored-frame-seconds threshold high Command: ethernet-oam errored-frame-seconds threshold high {<high-seconds> | none} no ethernet-oam errored-frame-seconds threshold high Function: Configure the high threshold of errored frame seconds event, no command restores the default value. Parameter: <high-seconds>, the high detection threshold of errored frame seconds event, ranging from 2 to 65535 seconds.
Page 184: Ethernet-Oam Errored-Frame-Seconds Window
Function: Configure the low threshold of errored frame seconds event, no command restores the default value. Parameter: <low-seconds>, the low detection threshold of errored frame seconds event, ranging from 1 to 65535 seconds. Default: Command Mode: Port mode Usage Guide: During the specific detection period, errored frame seconds event is induced if the number of errored frame seconds is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU.
Page 185: Ethernet - Oam Errored - Symbol - Period Threshold High
Usage Guide: Detect errored frame seconds of the port after the time of specific detection period. If the number of errored frame seconds is larger than or equal to the threshold, corresponding event is induced and the device notified the peer through OAMPDU. Example: Configure the detection period of errored frame seconds event on port 1/0/4 to 120s.
Page 186: Ethernet Oam Errored Symbol Period Threshold Low
11.17 ethernet-oam errored-symbol-period threshold Command: ethernet-oam errored-symbol-period threshold low <low-symbols> no ethernet-oam errored-symbol-period threshold low Function: Configure the low threshold of errored symbol event, no command restores the default value. Parameter: <low-symbols>, the low threshold of errored symbol event, ranging from 1 to 18446744073709551615 symbols.
Page 187: Ethernet-Oam Link-Monitor
Default: Command Mode: Port mode Usage Guide: Detect errored symbols of the port after the time of specific detection period. If the number of errored symbols is larger than or equal to the threshold, corresponding event is induced and the device notified the peer through OAMPDU.
Page 188: Ethernet-Oam Period
no ethernet-oam mode Function: Configure the mode of OAM function, no command restores the default value. Parameter: active, active mode passive, passive mode Default: active mode. Command Mode: Port mode Usage Guide: At least one of the two connected OAM entities should be configured to active mode. Once OAM is enabled, the working mode of OAM cannot be changed and you need to disable OAM function if you have to change the working mode.
Page 189: Ethernet-Oam Remote-Failure
Example: Set the transmission interval of Information OAMPDU for ethernet 1/0/4 to be 2s. Switch(Config-If-Ethernet1/0/4)# ethernet-oam period 2 11.22 ethernet-oam remote-failure Command: ethernet-oam remote-failure no ethernet-oam remote-failure Function: Enable remote failure indication of OAM, no command disables the function. Default: Enable.
Page 190: Ethernet-Oam Remote-Loopback Supported
Command Mode: Port mode Usage Guide: Only OAM entities working in active mode can launch remote loopback request but the ones in passive mode cannot. When remote OAM entities work in loopback mode, all packets except OAMPDU return to the local port according to the original paths (note that normal communication cannot be performed in OAM loopback mode.) and network administrators can detect link delay, jitter and throughput through remote loopback.
Page 191: Ethernet-Oam Timeout
Normal forwarding will be suspended during the remote-loopback, are you sure to support remote-loopback? [Y/N] 11.25 ethernet-oam timeout Command: ethernet-oam timeout <seconds> no ethernet-oam timeout Function: Configure the timeout of OAM connection, no command restores the default value. Parameter: <seconds>, the timeout ranging from 5 to 10 seconds. Default: Command Mode: Port mode...
Page 192 Example: Show overview information of Ethernet OAM connection. Switch#show ethernet-oam Remote-Capability codes: L - Link Monitor, R - Remote Loopback U - Unidirection, V - Variable Retrieval ----------------------------------------------------------------------------------------------------------------- Interface Local-Mode Local-Capability Remote-MAC-Addr Remote-Mode Remote-Capability 1/0/1 active 0030.4f02.2e5d active 1/0/2 active 0030.4f19.3a3e avtive 1/0/4...
Page 193 local_par_action=DISCARD Max_OAMPDU_Size=1518 ------------------------------------------------------------------------ OAM_local_flags_field： Link Fault=0 Dying Gasp=0 Critical Events=0 ------------------------------------------------------------------------ Packet statistic： Packets Send Receive OAMPDU Information Event Notification Loopback Control ------------------------------------------------------------------------ Field Description Status of Ethernet OAM: oam_status enable, OAM is enabled; disable, OAM is not enabled. Working mode of Ethernet OAM: local _mode active, the port is set as active mode;...
Page 194 packets except OAMPDU packets received are returned to their sources along the ways they come. Loopback Supported Whether support remote loopback: YES for support and NO for not. Whether support unidirectional transmission: YES for support and NO Unidirectional Support for not. Link Events Whether support general link events: YES for support and NO for not.
Page 195 Link Fault=0 Dying Gasp=0 Critical Event=0 Field Description Remote_Mac_Address MAC address of remote OAM entity Working mode of Ethernet OAM: local _mode active, the port is set as active mode; passive, the port is set as passive mode. The way in which the local end processes Ethernet OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs.
Page 196: Show Ethernet Oam Events
11.27 show ethernet-oam events Command: show ethernet-oam events {local | remote} [interface {ethernet |} <IFNAME>] Function: Shows the statistic information of link events on specified or all ports with OAM enabled, including general link events and severe link events. Parameter: local, show the detailed information of the local events;...
Page 197 event running total：75 OAM_local_errored-frame-seconds-summary-events: ------------------------------------------------------------------------------------------------------ event time stamp：3520 errored frame window：60s errored frame low threshold：1 errored frame high threshold：none errored frame：1200120 errored running total：2302512542 event running total：232 OAM_local_link-fault：0 OAM_local_dying gasp：0 OAM_local_critical event：0 Field Description Statistic information of the local errored OAM_local_errored-symbol-period-events symbol events Statistic information of the local errored frame...
Page 198: Show Ethernet-Oam Link-Events Configuration
11.28 show ethernet-oam link-events configuration Command: show ethernet-oam link-events configuration [interface {ethernet | } <IFNAME>] Function: Show configuration of link events on specified or all ports with OAM enabled, including detection period and threshold of the events and so on. Parameter: <IFNAME>, the port that the statistic information of OAM link events needs to be shown, the statistic information of OAM link events for all ports will be shown if this parameter is not specified.
Page 199: Show Ethernet Oam Loopback Status
11.29 show ethernet-oam loopback status Command: show ethernet-oam loopback status [interface {ethernet |} <IFNAME>] Function: Show OAM loopback status of specified or all ports. Parameter: <IFNAME>, the port that OAM loopback status needs to be shown, OAM loopback status for all ports will be shown if this parameter is not specified.
Page 200: Chapter 12 Vlan Configuration
Chapter 12 VLAN Configuration 12.1 Commands for VLAN Configuration 12.1.1 debug gvrp event Command: debug gvrp event interface (ethernet | port-channel |) IFNAME no debug gvrp event interface (ethernet | port-channel |) IFNAME Function: Enable/disable GVRP event debugging including the transfer of state machine and the expiration of timer.
Page 201: Dot1Q-Tunnel Enable
Parameter: receive, enabling the debugging of receiving GVRP packet send, enabling the debugging of sending GVRP packet ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: GVRP packet debugging is disabled. Usage Guide: Use this command to enable the debugging of GVRP packet. Example: Show information of sending and receiving GVRP packet.
Page 202: Dot1Q-Tunnel Tpid
Usage Guide: After enabling dot1q-tunnel on the port, data packets without VLAN tag (referred to as tag) will be packed with a tag when entering through the port; those with tag will be packed with an external tag. The TPID in the tag is 8100 and the VLAN ID is the VLAN ID the port belongs to. Data packets with double tags will be forwarded according to MAC address and external tag, till the external tag is removed when transmitted outside from the access port.
Page 203: Garp Timer Join
Switch(config)#interface ethernet 1/0/10 Switch(Config-If-Ethernet1/0/10)#switchport mode trunk Switch(Config-If-Ethernet1/0/10)#dot1q-tunnel tpid 0x9100 Switch(Config-If-Ethernet1/0/10)#exit Switch(config)# 12.1.5 garp timer join Command: garp timer join <200-500> Function: Set the value of garp join timer, note that the value of join timer must be less than half leave timer. Parameter: <200-500>, the value of timer in millisecond Command mode:...
Page 204: Garp Timer Leaveall
Default: 600 ms. Usage Guide: Check whether the value satisfy the range. If so, modify the value of garp timer to the specified value, otherwise return a configuration error. Example: Set the value of garp leave timer as 600ms. Switch(config)#garp timer leave 600 12.1.7 garp timer leaveall Command: garp timer leaveall <5000-60000>...
Page 205: Gvrp (Port)
Command mode: Global mode Default: Disabled. Usage Guide: Enable GVRP function globally and only in this way GVRP module can work normally. Example: Enable GVRP function globally. Switch(config)#gvrp 12.1.9 gvrp (Port) Command: gvrp no gvrp Function: Enable/disable GVRP function on port. Notice: although GVRP can be enabled on port when GVRP is not enabled globally, it will not take effect until global GVRP is enabled.
Page 206: Name
Parameter: join, join timer leave, leave timer leaveAll, leaveAll timer Command mode: Global mode Default: 200 | 600 | 10000 milliseconds for join | leave | leaveall timer respectively. Usage Guide: Check whether the default value satisfy the range. If so, modify the value of garp join | leave | leaveAll timer to the default value, otherwise return a configuration error.
Page 207: Private-Vlan
12.1.12 private-vlan Command: private-vlan {primary | isolated | community} no private-vlan Function: Configure current VLAN to Private VLAN. The no command cancels the Private VLAN configuration. Parameter: primary set current VLAN to Primary VLAN, isolated set current VLAN to Isolated VLAN, community set current VLAN to Community VLAN.
Page 208: Private-Vlan Association
Note:This will remove all the ports from vlan 200 Switch(Config-Vlan200)#exit Switch(config)#vlan 300 Switch(Config-Vlan300)#private-vlan community Note:This will remove all the ports from vlan 300 Switch(Config-Vlan300)#exit 12.1.13 private-vlan association Command: private-vlan association <secondary-vlan-list> no private-vlan association Function: Set Private VLAN association; the no command cancels Private VLAN association. Parameter: <secondary-vlan-list>...
Page 209: Show Dot1Q-Tunnel
12.1.14 show dot1q-tunnel Command: show dot1q-tunnel Function: Display the information of all the ports at dot1q-tunnel state. Command Mode: Admin Mode and other configuration Mode. Usage Guide: This command is used for displaying the information of the ports at dot1q-tunnel state. Example: Display current dot1q-tunnel state.
Page 210: Show Gvrp Fsm Information
Switch#show garp timer join Garp join timer’s value is 200(ms) 12.1.16 show gvrp fsm information Command: show gvrp fsm information interface (ethernet | port-channel) IFNAME Function: Show the current state of all registered machines and request state machines on specified or all ports.
Page 211: Show Gvrp Leaveall Fsm Information
12.1.17 show gvrp leaveAll fsm information Command: show gvrp leaveall fsm information interface (ethernet | port-channel) IFNAME Function: Show the state of leaveAll state machine on specified or all ports. Parameter: ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode.
Page 212: Show Gvrp Port-Member
Default: leavetimer is disabled. Usage Guide: Show running state and expiration time of each leave timer. Example: Show running state and expiration time of each leave timer on current port. Switch#show gvrp leavetimer running information interface ethernet 1/0/1 VLANID running state expired time ------------ ----------...
Page 213: Show Gvrp Port Registerd Vlan
12.1.20 show gvrp port registerd vlan Command: show gvrp port (dynamic | static |) registerd vlan interface (Ethernet | port-channel |) IFNAME Function: Show the dynamic or static registration VLANs on current port. Parameter: dynamic, dynamic registration static, static registration Ethernet, physical port port-channel, aggregate port IFNAME, port name...
Page 214: Show Gvrp Vlan Registerd Port
leaveall, leaveAll timer ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: Join timer is disabled and leaveAll timer is enabled. Usage Guide: Check running state of join|leaveAll timer on port. Example: Show running state and expiration time of each timer. Switch(config)#show gvrp timer join running information interface ethernet 1/0/1 Current port’s jointimer running state is: UP Current port’s jointimer expired time is: 0.2 s...
Page 215: Show Vlan
12.1.23 show vlan Command: show vlan [brief | summary] [id <vlan-id>] [name <vlan-name>] [internal usage [id <vlan-id> | name <vlan-name>]] [private-vlan [id <vlan-id> | name <vlan-name> ]] Function: Display detailed information for all VLANs or specified VLAN. Parameter: brief stands for brief information; summary for VLAN statistics; <vlan-id> for VLAN ID of the VLAN to display status information, the valid range is 1 to 4094;...
Page 216: Show Vlan-Translation
VLAN VLAN number Name VLAN name Type VLAN type, statically configured or dynamically learned. Media VLAN interface type: Ethernet Ports Access port within a VLAN Switch(config)#show vlan private-vlan VLAN Name Type Asso VLAN Ports ---- ------------ ---------- --------- ---------------------------------------- 100 VLAN0100 Primary 101 Ethernet1/0/9 Ethernet1/0/10 Ethernet1/0/11...
Page 217: Switchport Access Vlan
12.1.25 switchport access vlan Command: switchport access vlan <vlan-id> no switchport access vlan Function: Add the current Access port to the specified VLAN. The “no switchport access vlan” command deletes the current port from the specified VLAN, and the port will be partitioned to VLAN1. Parameter: <vlan-id>...
Page 218: Switchport Hybrid Allowed Vlan
remove WORD: Delete the specific VLAN of vlanList from the existent allow vlanList; Command mode: Port Mode. Default: Forbidden vlanList is empty Usage Guide: Tag the corresponding position for forbidden vlanList and clear allow vlanList flags in ports. A port leaves these VLANs if it joins them statically, and it sends message to GVRP module to enable corresponding registered machine of the port to enter forbidden mode.
Page 219: Switchport Hybrid Native Vlan
port, traffic of VLANs not included are prohibited. The difference between tag and untag mode by setting allowed vlan: set VLAN to untag mode, the frame sent via hybrid port without VLAN tag; set VLAN to tag mode, the frame sent via hybrid port with corresponding VLAN tag. The same VLAN can not be allowed with tag and untag mode by a Hybrid port at the same time.
Page 220: Switchport Interface
12.1.29 switchport interface Command: switchport interface [ethernet | portchannel] [interface-name | interface-list] no switchport interface [ethernet | portchannel] [interface-name | interface-list] Function: Specify Ethernet port to VLAN; the no command deletes one or one set of ports from the specified VLAN.
Page 221: Switchport Mode Trunk Allow-Null
Default: The port is in Access mode by default. Usage Guide: Ports in trunk mode is called Trunk ports. Trunk ports can allow traffic of multiple VLANs to pass through. VLAN in different switches can be interconnected with the Trunk ports. Ports under access mode are called Access ports.
Page 222: Switchport Trunk Allowed Vlan
Command mode: Port Mode. Default: access mode. Usage Guide: Configure the port as trunk, enable it to leave all VLANs and clear allow-list. Example: Switch(config-if-ethernet1/0/1)#switchport mode trunk allow-null 12.1.32 switchport trunk allowed vlan Command: switchport trunk allowed vlan {WORD | all | add WORD | except WORD | remove WORD} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic;...
Page 223: Switchport Trunk Native Vlan
12.1.33 switchport trunk native vlan Command: switchport trunk native vlan <vlan-id> no switchport trunk native vlan Function: Set the PVID for Trunk port; the “no switchport trunk native vlan” command restores the default setting. Parameter: <vlan-id> is the PVID for Trunk port. Command mode: Port Mode.
Page 224: Vlan Internal
VLANs. Parameter: WORD is the VLAN ID to be created/deleted, valid range is 1 to 4094, connect with ';' and '-'. Command mode: Global Mode. Default: Only VLAN1 is set by default. Usage Guide: VLAN1 is the default VLAN and cannot be configured or deleted by the user. The maximal VLAN number is 4094.
Page 225: Vlan Ingress Enable
Switch(config)#vlan 100 internal 12.1.36 vlan ingress enable Command: vlan ingress enable no vlan ingress enable Function: Enable the VLAN ingress rule for a port; the “no vlan ingress enable” command disables the ingress rule. Command mode: Port Mode. Default: Enable VLAN ingress filtering function. Usage Guide: After VLAN ingress filtering is enabled on the port, when the system receives data it will check source port first, and forwards the data to the destination port if it is the VLAN member port, or else...
Page 226: Vlan-Translation Enable
Default: There is no VLAN translation relation. Usage Guide: The command is for configuring the in and out translation relation of the VLAN translation function. The data packets will be matched according to the configured translation relations, and its VLAN ID will be changed to the one in the configured item once matched, while the vlan-translation miss drop command will determine the next forwarding if not match.
Page 227: Vlan-Translation Miss Drop
12.1.39 vlan-translation miss drop Command: vlan-translation miss drop in no vlan-translation miss drop in Function: Set packet dropping when checking vlan-translation is failing; the no command restores to the default value. Parameter: In refers to ingress.. Command Mode: Port Mode. Default: Do not drop the packets when checking vlan-translation is failing.
Page 228: Commands For Dynamic Vlan Configuration
12.2 Commands for Dynamic VLAN Configuration 12.2.1 dynamic-vlan mac-vlan prefer Command: dynamic-vlan mac-vlan prefer Function: Set the MAC-based VLAN preferred. Command Mode: Global Mode. Default: MAC-based VLAN is preferred by default. Usage Guide: Configure the preference of dynamic-vlan on switch. The default priority sequence is MAC-based VLAN、IP-subnet-based VLAN、Protocol-based VLAN, namely the preferred order when several dynamic VLAN is available.
Page 229: Mac-Vlan
dynamic VLAN is available. This command is used to set to preferring the IP-subnet-based VLAN. Example: Set the IP-subnet-based VLAN preferred. Switch#config Switch(config)#dynamic-vlan subnet-vlan prefer 12.2.3 mac-vlan Command: mac-vlan mac <mac-addrss> vlan <vlan-id> priority <priority-id> no mac-vlan {mac <mac-addrss>|all} Function: Add the correspondence between MAC address and VLAN, namely specify certain MAC address to join specified VLAN.
Page 230: Mac-Vlan Vlan
12.2.4 mac-vlan vlan Command: mac-vlan vlan <vlan-id> no mac-vlan vlan <vlan-id> Function: Configure the specified VLAN to MAC VLAN; the “no mac-vlan vlan <vlan-id>” command cancels the MAC VLAN configuration of this VLAN. Parameter: <vlan-id> is the number of the specified VLAN. Command Mode: Global Mode.
Page 231: Show Dynamic-Vlan Prefer
ssap-id is the access point of the source service with a valid range of 0~255; snap is SNAP encapsulate format; etype-id is the type of the packet protocol, the valid range is 1536~65535; vlan-id is the ID of VLAN, the valid range is 1~4094; priority is the priority, the range is 0~7;...
Page 232: Show Mac-Vlan
12.2.7 show mac-vlan Command: show mac-vlan Function: Display the configuration of MAC-based VLAN on the switch. Command Mode: Admin Mode and other configuration Mode. Usage Guide: Display the configuration of MAC-based VLAN on the switch. Example: Display the configuration of the current MAC-based VLAN. Switch#show mac-vlan MAC-Address VLAN_ID...
Page 233: Show Protocol-Vlan
Ethernet1/0/5(H) Ethernet1/0/6(T) 12.2.9 show protocol-vlan Command: show portocol-vlan Function: Display the configuration of Protocol-based VLAN on the switch. Command Mode: Admin Mode and Configuration Mode Usage Guide: Display the configuration of Protocol-based VLAN on the switch. Example: Display the configuration of the current Protocol-based VLAN. Switch#show protocol-vlan Protocol_Type VLAN_ID...
Page 234: Show Subnet-Vlan Interface
------------------ ----------------- ------- 192.168.1.165 255.255.255.0 202.200.121.21 255.255.0.0 10.0.0.1 255.248.0.0 12.2.11 show subnet-vlan interface Command: show subnet-vlan interface Function: Display the port at IP-subnet-based VLAN. Command Mode: Admin Mode and other Configuration Mode. Usage Guide: Display the port of enabling IP-subnet-based VLAN, the character in the bracket indicate the ports mode, A means Access port, T means Trunk port, H means Hybrid port.
Page 235: Switchport Mac-Vlan Enable
vlan-id is the VLAN ID with a valid range of 1~4094;all indicates all the subnets. Command Mode: Global Mode. Default: No IP subnet joined the VLAN by default. Usage Guide: This command is used for adding specified IP subnet to specified VLAN. When packet without VLAN label and from the specified IP subnet enters through the switch port, it will be matched with specified VLAN id and enters specified VLAN.
Page 236: Switchport Subnet-Vlan Enable
12.2.14 switchport subnet-vlan enable Command: switchport subnet-vlan enable no switchport subnet-vlan enable Function: Enable the IP-subnet-based VLAN on the port; the “no” form of this command disables the IP-subnet-based VLAN function on the port. Command Mode: Port Mode. Default: The IP-subnet-based VLAN is enabled on the port by default. Usage Guide: After adding the IP subnet to specified VLAN, the IP-subnet-based VLAN function will be globally enabled.
Page 237: Switchport Voice-Vlan Enable
Example: Display the Current Voice VLAN Configuration. Switch#show voice-vlan Voice VLAN ID:2 Ports:ethernet1/0/1;ethernet1/0/3 Voice name MAC-Address Mask Priority ------------ ----- ---------------------- ----- -------- financePhone 00-e0-4c-77-ab-9d 0xff manager 00-0a-eb-26-8d-f3 0xfe Mr_Lee 00-30-4f-11-22-33 0x80 NULL 00-30-4f-11-22-33 12.3.2 switchport voice-vlan enable Command: switchport voice-vlan enable no switchport voice-vlan enable Function: Enable the Voice VLAN function on the port;...
Page 238: Voice-Vlan
12.3.3 voice-vlan Command: voice-vlan mac <mac-address> mask <mac-mask> priority <priority-id> [name <voice-name>] no voice-vlan {mac <mac-address> mask <mac-mask>|name <voice-name> |all} Function: Specify certain voice equipment to join in Voice VLAN; the "no" form of this command will let the equipment leave the Voice VLAN. Parameter: Mac-address is the voice equipment MAC address, shown in ”xx-xx-xx-xx-xx-xx”...
Page 239 Parameter: Vlan id is the number of the specified VLAN. Command Mode: Global Mode. Default: No Voice VLAN is configured by default. Usage Guide: Set specified VLAN for Voice VLAN, There can be only one Voice VLAN at the same time. The voice VLAN can not be applied concurrently with MAC-based VLAN.
Page 240: Chapter 13 Commands For Mac Address Table Configuration
Chapter 13 Commands for MAC Address Table Configuration 13.1 Commands for MAC Address Table Configuration 13.1.1 clear mac-address-table dynamic Command: clear mac-address-table dynamic [address <mac-addr>] [vlan <vlan-id>] [interface [ethernet | portchannel] <interface-name>] Function: Clear the dynamic address table. Parameter: <mac-addr>: MAC address will be deleted; <interface-name>...
Page 241: Mac-Address-Table Static | Static-Multicast | Blackhole
<aging-time> is the aging-time seconds, range from 10 to 1000000; 0 to disable aging. Command Mode: Global Mode. Default: Default aging-time is 300 seconds. Usage Guide: If no destination address of the packets is same with the address entry in aging-time, the address entry will get aged.
Page 242: Show Mac-Address-Table
When VLAN interface is configured and is up, the system will generate a static address mapping entry of which the inherent MAC address corresponds to the VLAN number. Usage Guide: In certain special applications or when the switch is unable to dynamically learn the MAC address, users can use this command to manually establish mapping relation between the MAC address and port and VLAN.
Page 243: Commands For Mac Address Binding Configuration
VLAN number; <interface-name> entry’s interface name. Command Mode: Admin and Configuration Mode. Default: MAC address table is not displayed by default. Usage Guide: This command can display various classes of MAC address entries. Users can also use show mac-address-table to display all the MAC address entries. Example: Display all the filter MAC address entries.
Page 244: Mac-Address-Table Periodic-Monitor-Time
13.2.2 mac-address-table periodic-monitor-time Command: mac-address-table periodic-monitor-time <5-86400> Function: Set the MAC monitor interval to count the added and deleted MAC in time, and send out them with trap message. Command mode: Global Mode. Parameter: <5-86400>: the interval is 5 to 86400 seconds. Default: 60 seconds.
Page 245: Show Port-Security Address
----------------------------------------------------------------------------------------------------- Max Addresses limit in System:128 Total Addresses in System:2 Displayed information Explanation Security Port Is port enabled as a secure port. MaxSecurityAddr The maximum secure MAC address number set for the security port. CurrentAddr The current secure MAC address number of the security port. Security Action The violation mode of the port configuration.
Page 246: Show Port-Security Interface
Vlan The VLAN ID for the secure MAC Address. Mac Address Secure MAC address. Type Secure MAC address type. Ports The port that the secure MAC address belongs to. Total Addresses Current secure MAC address number in the system. 13.2.5 show port-security interface Command: show port-security interface <interface-id>...
Page 247: Switchport Port-Security
for the port. Total MAC Addresses Current secure MAC address number for the port. Configured MAC Addresses Current secure static MAC address number for the port. Lock Timer Whether locking timer (timer timeout) is enabled for the port. Mac-Learning function Whether the MAC address learning function is enabled.
Page 248: Switchport Port-Security Convert
13.2.7 switchport port-security convert Command: switchport port-security convert Function: Converts dynamic secure MAC addresses learned by the port to static secure MAC addresses, and disables the MAC address learning function for the port. Command mode: Port Mode. Usage Guide: The port dynamic MAC convert command can only be executed after the secure port is locked. After this command has been executed, dynamic secure MAC addresses learned by the port will be converted to static secure MAC addresses.
Page 249: Switchport Port-Security Mac-Address
13.2.9 switchport port-security mac-address Command: switchport port-security mac-address <mac-address> no switchport port-security mac-address <mac-address> Function: Add a static secure MAC address; the “no switchport port-security mac-address” command deletes a static secure MAC address. Command mode: Port Mode. Parameters: <mac-address> stands for the MAC address to be added or deleted. Usage Guide: The MAC address binding function must be enabled before static secure MAC address can be added.
Page 250: Switchport Port-Security Timeout
Usage Guide: The MAC address binding function must be enabled before maximum secure MAC address number can be set. If secure static MAC address number of the port is larger than the maximum secure MAC address number set, the setting fails; extra secure static MAC addresses must be deleted, so that the secure static MAC address number is no larger than the maximum secure MAC address number for the setting to be successful.
Page 251: Switchport Port-Security Violation
13.2.12 switchport port-security violation Command: switchport port-security violation {protect | shutdown} [recovery <30-3600>] no switchport port-security violation Function: Configure the port violation mode. The no restores the violation mode to protect. Command Mode: Port mode. Parameter: protect refers to protect mode shutdown refers to shutdown mode recovery: configure the border port can be recovered automatically after implement shutdown violation operation...
Page 252: Chapter 14 Commands For Mstp
Chapter 14 ommands for MSTP 14.1 Commands for MSTP 14.1.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode. Usage Guide: This command is to quit MSTP region mode without saving the current configuration. The previous MSTP region configuration is valid.
Page 253: Instance Vlan
14.1.3 instance vlan Command: instance <instance-id> vlan <vlan-list> no instance <instance-id> [vlan <vlan-list>] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances; the command “no instance <instance-id> [vlan <vlan-list>]” removes the specified instance and the specified mappings between the VLANs and instances.
Page 254 setting. Parameter: <name> is the MSTP region name. The length of the name should be less than 32 characters. Command mode: MSTP Region Mode Default: Default MSTP region name is the MAC address of this bridge. Usage Guide: This command is to set MSTP region name. The bridges with same MSTP region name and same other attributes are considered in the same MSTP region.
Page 255: Revision-Level
14.1.6 revision-level Command: revision-level <level> no revision-level Function: In MSTP region mode, this command is to set revision level for MSTP configuration; the command “no revision-level” restores the default setting to 0. Parameter: <level> is revision level. The valid range is from 0 to 65535. Command mode: MSTP Region Mode Default:...
Page 256: Spanning-Tree
14.1.8 spanning-tree Command: spanning-tree no spanning-tree Function: Enable MSTP in global mode and in Port Mode; The command “no spanning-tree” is to disable MSTP. Command mode: Global Mode and Port Mode Default: MSTP is not enabled by default. Usage Guide: If the MSTP is enabled in global mode, the MSTP is enabled in all the ports except for the ports which are set to disable the MSTP explicitly.
Page 257: Spanning-Tree Digest-Snooping
100Mbps 200000 200000~2000000 1Gbps 20000 20000~200000 10Gbps 2000 2000~20000 For the aggregation ports, the default costs are as below: Port Type Allowed Number Of Aggregation Default Port Cost Ports 10Mbps 2000000/N 100Mbps 200000/N 1Gbps 20000/N 10Gbps 2000/N Usage Guide: By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of port and the designated port of the instance.
Page 258: Spanning-Tree Format
all the equipment. If there are more than one equipment connected, all the connected ports should execute this command. Example: Configure the authentication string of partner port. Switch(config)#interface ethernet 1/0/2 Switch(Config-If-Ethernet1/0/2)#spanning-tree digest-snooping Switch(Config-If-Ethernet1/0/2)# 14.1.11 spanning-tree format Command: spanning-tree format {standard | privacy | auto} no spanning-tree format Function: Configure the format of the port packet so to be interactive with products of other companies.
Page 259: Spanning-Tree Forward-Time
When the AUTO format is set, and over one equipment which is not compatible with each other are connected on the port (e.g. a equipment running through a HUB or Transparent Transmission BPDU is connected with several equipments running MSTP), the format alter counts will be recorded and the port will be disabled at certain count threshold.
Page 260: Spanning-Tree Hello-Time
14.1.13 spanning-tree hello-time Command: spanning-tree hello-time <time> no spanning-tree hello-time Function: Set switch Hello time; The command “no spanning-tree hello-time” restores the default setting. Parameter: <time> is Hello time in seconds. The valid range is from 1 to 10. Command mode: Global Mode Default: Hello Time is 2 seconds by default.
Page 261: Spanning-Tree Maxage
Default: The link type is auto by default, The MSTP detects the link type automatically. Usage Guide: When the port is full-duplex, MSTP sets the port link type as point-to-point; When the port is half-duplex, MSTP sets the port link type as shared. Example: Force the port 1/0/7-8 as point-to-point type.
Page 262: Spanning-Tree Max-Hop
14.1.16 spanning-tree max-hop Command: spanning-tree max-hop <hop-count> no spanning-tree max-hop Function: Set maximum hops of BPDU in the MSTP region; the command “no spanning-tree max-hop” restores the default setting. Parameter: <hop-count> sets maximum hops. The valid range is from 1 to 40. Command mode: Global Mode Default:...
Page 263: Spanning-Tree Mode
port receives STP messages, it changes to work in the STP mode again. This command can only be used when the switch is running in IEEE802.1s MSTP mode. If the switch is running in IEEE802.1D STP mode, this command is invalid. Example: Force the port 1/0/2 to run in the MSTP mode.
Page 264: Spanning-Tree Mst Cost
spanning-tree mst configuration” restores the attributes of the MSTP to their default values. Command mode: Global Mode Default: The default values of the attributes of the MSTP region are listed as below: Attribute of MSTP Default Value Instance There is only the instance 0. All the VLANs (1~4094) are mapped to the instance 0.
Page 265: Spanning-Tree Mst Loopguard
Port Type Default Path Cost Suggested Range 10Mbps 2000000 2000000~20000000 100Mbps 200000 200000~2000000 1Gbps 20000 20000~200000 10Gbps 2000 2000~20000 For the aggregation ports, the default costs are as below: Port Type Allowed Number Of Aggregation Default Port Cost Ports 10Mbps 2000000/N 100Mbps 200000/N...
Page 266: Spanning-Tree Mst Port-Priority
Example: Configure port 1/0/2 as loopguard mode for instance 0. Switch(Config)#interface ethernet 1/0/2 Switch(Config-Ethernet-1/0/2)#spanning-tree mst 0 loopguard Switch(Config-Ethernet-1/0/2)# 14.1.22 spanning-tree mst port-priority Command: spanning-tree mst <instance-id> port-priority <port-priority> no spanning-tree mst <instance-id> port-priority Function: Set the current port priority for the specified instance; the command “no spanning-tree mst <instance-id>...
Page 267: Spanning-Tree Mst Rootguard
<instance-id> priority” restores the default setting. Parameter: <instance-id> sets instance ID. The valid range is from 0 to 48; <bridge-priority> sets the switch priority. The valid range is from 0 to 61440. The value should be the multiples of 4096, such as 0, 4096, 8192…61440.
Page 268: Spanning-Tree Portfast
Example: Enable rootguard function for port 1/0/2 in instance 0. Switch(config)#interface ethernet 1/0/2 Switch(Config-If-Ethernet1/0/2)#spanning-tree mst 0 rootguard Switch(Config-If-Ethernet1/0/2)# 14.1.25 spanning-tree portfast Command: spanning-tree portfast [bpdufilter | bpduguard] [recovery <30-3600>] no spanning-tree portfast Function: Set the current port as boundary port, and BPDU filter、BPDU guard as specified mode or default mode ;...
Page 269: Spanning-Tree Port-Priority
14.1.26 spanning-tree port-priority Command: spanning-tree port-priority <port-priority> no spanning-tree port-priority Function: Set the port priority; the command “no spanning-tree port-priority” restores the default setting. Parameter: <port-priority> sets port priority. The valid range is from 0 to 240. The value should be the multiples of 16, such as 0, 16, 32, 48…240.
Page 270: Spanning-Tree Rootguard
The bridge ID can be altered by changing the priority of the switch. Further, the priority information can also be used for voting of the root bridge and the specified ports. The bridge priority value of the switch is smaller, however the priority is higher. Example: Configure the priority is 4096.
Page 271: Spanning-Tree Tcflush (Port Mode)
restores to default setting. Parameter: enable: The spanning-tree flush once the topology changes. disable: The spanning tree don’t flush when the topology changes. protect: the spanning-tree flush not more than one time every ten seconds. Command mode: Global mode Default: Enable Usage Guide: According to MSTP, when topology changes, the port that send change message clears MAC/ARP...
Page 272: Spanning-Tree Transmit-Hold-Count
Usage Guide: According to MSTP, when topology changes, the port that send change message clears MAC/ARP table (FLUSH). In fact it is not needed for some network environment to do FLUSH with every topology change. At the same time, as a method to avoid network assault, we allow the network administrator to configure FLUSH mode by the command Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended.
Page 273: Commands For Monitor And Debug
14.2 Commands for Monitor and Debug 14.2.1 debug spanning-tree Command: debug spanning-tree no debug spanning-tree Function: Enable the MSTP debugging information; the command “no debug spanning-tree” disables the MSTP debugging information. Command mode: Admin Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, then they can use this command to display the relevant debugging information.
Page 274: Show Spanning-Tree
Switch(config)#spanning-tree mst configuration Switch(Config-Mstp-Region)#show mst-pending Name switch Revision Instance Vlans Mapped ---------------------------------- 1-29, 31-39, 41-4093 4094 ---------------------------------- Switch(Config-Mstp-Region)# 14.2.3 show spanning-tree Command: show spanning-tree [mst [<instance-id>]] [interface <interface-list>] [detail] Function: Display the MSTP Information. Parameter: <interface-list> sets interface list; <instance-id> sets the instance ID. The valid range is from 0 to 64;...
Page 275 ########################### Instance 0 ########################### Self Bridge Id : 32768 - 00: 03: 0f: 01: 0e: 30 Root Id : 16384.00: 03: 0f: 01: 0f: 52 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet1/0/1 Ethernet1/0/2 (Total 2)
Page 276 -------------- ------- --------- --- ---- ------------------ ------- Ethernet1/0/1 128.001 0 FWD MSTR 32768.00030f010e30 128.001 Ethernet1/0/2 128.002 0 BLK ALTR 32768.00030f010e30 128.002 Displayed Information Description Bridge Information Standard STP version Bridge MAC Bridge MAC address Bridge Times Max Age, Hello Time and Forward Delay of the bridge Force Version Version of STP Instance Information...
Page 277: Show Spanning-Tree Mst Config
14.2.4 show spanning-tree mst config Command: show spanning-tree mst config Function: Display the configuration of the MSTP in the Admin mode. Command mode: Admin Mode Usage Guide: In the Admin mode, this command can show the parameters of the MSTP configuration such as MSTP name, revision, VLAN and instance mapping.
Page 278: Chapter 15 Commands For Qos And Pbr
Chapter 15 Commands for QoS and 15.1 accounting Command: accounting Function: Set statistic function for the classified traffic. Default: Do not set statistic function. Command mode: Policy map configuration mode Usage Guide: After enable this function, add statistic function to the traffic of the policy class map. In single bucket mode, the messages can only red or green when passing policy and printing the information.
Page 279: Class-Map
Parameters: <class-map-name> is the class map name used by the class. insert-before <class-map-name> insert a new configured class to the front of a existent class to improve the priority of the new class. Default: No policy class is configured by default. Command mode: Policy map configuration Mode Usage Guide:...
Page 280: Clear Mls Qos Statistics
Example: Creating and then deleting a class map named “c1”. Switch(config)#class-map c1 Switch(Config-ClassMap-c1)#exit Switch(config)#no class-map c1 15.4 clear mls qos statistics Command: clear mls qos statistics [interface <interface-name> | vlan <vlan-id>] Function: Clear accounting data of the specified ports or VLAN Policy Map. If there are no parameters, clear accounting data of all policy map.
Page 281: Match
Default: Do not set the action. Command mode: Policy class map configuration mode Usage Guide: Drop the specified packet after configure this command. Example: Drop the packet which satisfy c1. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-p1-Class-c1)#drop Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#exit 15.6 match Command: match {access-group <acl-index-or-name>...
Page 282: Mls Qos Aggregate-Policy
maximum 8 VLAN IDs, the ranging is 1~4094; cos <cos-list> match specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS, the ranging is 0~7. Default: No match standard by default Command Mode: Class-map Mode Usage Guide: Only one match standard can be configured in a class map.
Page 283 Parameters: policer_name: the name of aggregation policy; bits_per_second: the committed information rate - CIR , in Kbps, ranging from 1 to 10000000; normal_burst_bytes: the committed burst size – CBS, in kb, ranging from 1 to 1000000. When the configured CBS value exceeds the max limit of the chip, configure the hardware with max number supported by the chip without any CLI prompt;...
Page 284: Mls Qos Cos
policied-intp-transmit 15.8 mls qos cos Command: mls qos cos {<default-cos> } no mls qos cos Function: Configures the default CoS value of the port; the “no mls qos cos” command restores the default setting. Parameters: <default-cos> is the default CoS value for the port, the valid range is 0 to 7. Default: The default CoS value is 0.
Page 285: Mls Qos Map
Default: The default intp value is 0. Command mode: Port Mode. Usage Guide: Configure the default internal priority of the port. If there is no dscp and cos fields of the trust packets, the ingress packet of the port will obtain a default internal priority. The packet's internal priority may be reset according to the configured QoS policy.
Page 286 the dscp output value, ranging from 0 to 63; intp-intp defines the mapping from intp of the ingress to intp of the egress, <color> is the color(yellow or red) of the packet; <intp list> stand for int-prio values, up to 8 values are supported, each value is delimited with space, ranging from 0 to 119, <intp>...
Page 287: Mls Qos Internal-Priority
INTP Value 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63 QUEUE Value 0 INTP Value 64-71 72-79 80-87 88-95 96-103 104-111 112-119 QUEUE Value Command mode: Global Mode. Usage Guide: INTP means the chip internal priority setting. The ingress packets from the port obtain a internal priority through the mapping, reset the internal priority according to intp-intp or set action in after QoS policy, and process the egress packets according to the mapping from intp to cos, dscp, queue, Example:...
Page 288: Mls Qos Queue Weight
15.12 mls qos queue weight Command: mls qos queue weight <weight0..weight7> no mls qos queue weight Function: After configure this command, the queue weight is set. Parameters: <weight0..weight7> defines the queue weight, for WDRR algorithm, this configuration is valid, for SP algorithm, this configuration is invalid, weight ranging from 0 to 255.
Page 289: Pass-Through-Cos
Command mode: Port Configuration Mode. Usage Guide: trust cos mode: can set the intp value based cos-to-intp mapping. trust dscp mode: can set the intp field based dscp-to-intp mapping, it is valid for IPv4, IPv6 packets. trust cos and trust dscp can be set at the same time, trust dscp priority is higher than trust cos priority.
Page 290: Pass-Through-Dscp
15.15 pass-through-dscp Command: pass-through-dscp no pass-through-dscp Function: Forbid the egress packets rewriting DSCP value. Default: The egress packets rewrite DSCP value. Command mode: Port Mode. Usage Guide: The egress packets can not rewrite DSCP value when configuring pass-through-dscp on the ingress. This command may associate with other commands of QoS, such as mls qos trust command.
Page 291 set the corresponding action to the different color packets. The no command will delete the mode configuration. Parameters: bits_per_second: The committed information rate – CIR (Committed Information Rate), in Kbps, ranging from 1 to 10000000; normal_burst_bytes: The committed burst size – CBS (Committed Burst Size), in byte, ranging from 1 to 1000000.
Page 292: Policy Aggregate
Example: In the policy class table configuration mode, set the CIR as 1000, CBS as 2000 and the action when CIR is exceeded as transmitting the messages after changing intp to 40. Switch(config)#class-map cm Switch(config-classmap-cm)#match cos 0 Switch(config-classmap-cm)#exit Switch(config)#policy-map 1 Switch(config-policymap-1)#class cm Switch(config-policymap-1-class-cm)#policy 1000 2000 exceed-action set-internal-priority 40 15.17 policy aggregate...
Page 293: Policy-Map
15.18 policy-map Command: policy-map <policy-map-name> no policy-map <policy-map-name> Function: Creates a policy map and enters the policy map mode; the “no policy-map <policy-map-name>” command deletes the specified policy map. Parameters: < policy-map-name> is the policy map name. Default: No policy map is configured by default. Command mode: Global Mode Usage Guide:...
Page 294: Service-Policy Input Vlan
Usage Guide: Only one policy map can be applied to each direction of each port. Egress policy map is not supported yet. Example: Bind policy p1 to ingress Ethernet port1/0/1. Switch(config)#interface ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#service-policy input p1 Bind policy p1 to ingress redirection of v1 interface. Switch(config)#interface vlan 1 Switch(Config-If-vlan1)#service-policy input p1 15.20 service-policy input vlan...
Page 295: Set Internal Priority
15.21 set internal priority Command: set internal priority <new-intp> no set internal priority Function: Assign a new internal priority for the classified traffic, the no command cancels the new value assigned. Parameters: <new-intp> Set a new internal priority for the traffic that accord the matching standard. Default: Do not assign the internal priority.
Page 296: Show Policy-Map
Example: Switch # show class-map Class map name:c1, used by 1 times match acl name:1 Displayed information Explanation Class map name:c1 Name of the Class map used by 1 times Used times match acl name:1 Classifying rule for the class map. 15.23 show policy-map Command: show policy-map [<policy-map-name>]...
Page 297: Show Mls Qos Interface
Class map name:c1 Name of the class map referred to policy CIR: 1000 CBS: 1000 PIR: 200 PBS: 3000 Policy implemented conform-action: transmit exceed-action: drop violate-action: drop 15.24 show mls qos interface Command: show mls qos interface [<interface-id>] [policy | queuing] Function: Displays QoS configuration information on a port.
Page 298 Ethernet1/0/1 Port name default cos: 0 Default CoS value of the port Default int-Prio: 0 Default internal priority value of the port Trust: COS DSCP The trust state of the port Pass-through-cos: NONE Whether forbid the modification of cos value Pass-through-dscp: NONE Whether forbid the modification of dscp value...
Page 299 Display Information Explanation Ethernet1/0/1 Port name Attached Policy Map for Ingress: p1 Policy name bound to port ClassMap ClassMap name classified Total data packets match this ClassMap. Green Total green data packets match this ClassMap. Yellow Total yellow data packets match this ClassMap.
Page 300 Example: Display configuration information of the mapping table. Switch#show mls qos maps Ingress COS-TO-Internal-Priority map: COS: 0 ----------------------------------------- INTP: 0 16 24 32 40 48 56 Ingress DSCP-TO-Internal-Priority map: d1 : d2 0 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49...
Page 301 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79...
Page 302 Egress Internal-Priority-TO-DSCP map: d1 : d2 0 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63...
Page 303: Show Mls Qos Vlan
15.26 show mls qos vlan Command: show mls qos vlan <v-id> Parameters: v-id: the ranging from 1 to 4094. Default: None. Examples: Switch#show mls qos vlan 1 Vlan 1: Attached Policy Map for Ingress: 1 Classmap classified in-profile out-profile (in packets) Switch(config)#show mls qos vlan 7 Vlan 7: Attached Policy Map for Ingress: 7...
Page 304 Not used by any Policy Map Display Information Explanation aggregate policy a2 10 10 10 exceed-action drop aggregate-policy configuration Not used by any Policy Map The time for using aggregate-policy 15.28 transmit Command: Transmit no transmit Function: Transmit data package that match the class, the no command cancels the assigned action. Parameters: <aggregate-policy-name>...
Page 305 Chapter 16 Commands for for Flow-based Redirection 16.1 access-group redirect to interface ethernet Command: access-group <aclname> redirect to interface [ethernet <IFNAME> | <IFNAME>] no access-group <aclname> redirect Function: Specify flow-based redirection; “no access-group <aclname> redirect” command is used to delete flow-based redirection.
Page 306 Parameters: 1. No specified port, display the information of all the flow-based redirection in the system. 2. Specify ports in <IFNAME>, display the information of the flow-based redirection configured in the ports listed in the interface-list. Command Mode: Admin Mode and Configuration Mode. Usage Guide: This command is used to display the information of current flow-based redirection in the system/port.
Page 307 Chapter 17 Commands for Egress QoS 17.1 mls qos egress green remark Command: [no] mls qos egress green remark Function: Set Egress QoS remarking to take effect for green packets, no command does not take effect to green packets. Default: Do not modify green packets.
Page 308 <dscp>： dscp value, its range from 0 to 63 <dscp list>：1 to 8 dscp values Default: default mapping: COS-TO-COS-GREEN map: COS: 0 ----------------------------------------- COS: 0 COS-TO-COS-YELLOW map: COS: 0 ----------------------------------------- COS: 0 COS-TO-COS-RED map: COS: 0 ----------------------------------------- COS: 0 COS-TO-DSCP-GREEN map: COS: 0 ----------------------------------------- DSCP: 0...
Page 309 DSCP-TO-COS-YELLOW map: d1 : d2 0 DSCP-TO-COS-RED map: d1 : d2 0 DSCP-TO-DSCP-GREEN map: d1 : d2 0 0 10 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59...
Page 310 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 DSCP-TO-DSCP-RED map:...
Page 311 No policy map is bound to port. Command Mode: Port Mode. Usage Guide: Only a policy map can be applied to each direction of each port. Policy may not be bound to the port if it uses the rule or action which is not supported by EFP. Example: Bind policy-map p1 to egress Ethernet 1/0/1.
Page 312 <new-c-vid> | s-vid <new-s-vid> | s-tpid <new-s-tpid>} no set {ip dscp | ip precedence | cos | c-vid | s-vid | s-tpid} Function: Assign a new DSCP, IP Precedence for the classified traffic; no command deletes the new value. Parameters: ip dscp <new-dscp>...
Page 313 Example: Show whether Egress remarking mapping takes effect for green packets. Switch(config)#show mls qos egress green remark Green remarking: Disable. 17.7 show mls qos maps Command: show mls qos maps (cos-cos | cos-dscp | dscp-cos | dscp-dscp) <color> Function: Show Egress remarking mapping. Parameters: cos-cos：Set mapping from cos to cos for Egress remark cos table cos-dscp：Set mapping from cos to dscp for Egress remark cos table...
Page 314 Chapter 18 Commands for Flexible QinQ 18.1 add Command: add s-vid <new-vid> no add s-vid Function: Add a specified external tag or inner tag for the packet which match the class map, no command cancels the operation. Parameters: s-vid <new-vid> specifies VID of an external VLAN Tag. Default: Do not add the tag.
Page 315 standard. Parameters: access-group <acl-index-or-name> match the specified IP ACL or MAC ACL, the parameters are the number or name of ACL ip dscp <dscp-list> and ipv6 dscp <dscp-list> match the specified DSCP value, the parameter is a list of DSCP consisting of maximum 8 DSCP values, the ranging is 0 to 63 ip precedence <ip-precedence-list>...
Page 316 18.3 service-policy Command: service-policy <policy-map-name> in no service-policy <policy-map-name> in Function: Bind the specified policy of flexible QinQ to the ingress of the port, the no command cancels the binding. Parameters: service-policy <policy-map-name>: The specified policy-map name of flexible QinQ. Default: No policy map is bound to port.
Page 317 Usage Guide: Only assign the new value again for the classified flow that correspond the match standard. Example: Set an external VLAN Tag' VID as 3 for the packet which satisfy c2 class rule. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c2 Switch(Config-PolicyMap-p1-Class-c2)#set s-vid 3 Switch(Config-PolicyMap-p1-Class-c2)#exit 18-163...
Page 318 Chapter 19 Commands for Layer 3 Forwarding 19.1 Commands for Layer 3 Interface 19.1.1 bandwidth Command: bandwidth <bandwidth> no bandwidth Function: Configure the bandwidth for Interface vlan. The “no bandwidth” command recovery the default value. The bandwidth of interface vlan is used to protocol account but not control the bandwidth of port.
Page 319 Function: Configure the description information of VLAN interface. The no command will cancel the description information of VLAN interface. Parameters: <text> is the description information of VLAN interface, the length should not exceed 256 characters. Command mode: VLAN Interface Mode Default: Do not configure.
Page 320: Interface Loopback
Switch(config)#ip vrf VRF-A Switch(config-vrf)#description associate with VRF-B VRF-C 19.1.4 interface loopback Command: interface loopback <loopback-id> no interface loopback <loopback-id> Function: Create a Loopback interface; the no operation of this command will delete the specified Loopback interface. Parameters: <loopback-id> is the ID of the new created Loopback interface. Default: There is no Loopback interface in factory defaults.
Page 321 Default: No Layer 3 interface is configured upon switch shipment. Command mode: Global Mode Usage Guide: When creating a VLAN interface (Layer 3 interface), VLANs should be configured first, for details, see the VLAN chapters. When VLAN interface (Layer 3 interface) is created with this command, the VLAN interface (Layer 3 interface) configuration mode will be entered.
Page 322 19.1.7 ip vrf forwarding vrfName Command: ip vrf forwarding <vrfName> no ip vrf forwarding <vrfName> Function: Relate the interface to the specific VRF. Parameters: <vrf-name>: Configure the name of VPN instance, the length is less than 32 characters. Default: Bind the interface to the master VRF. Command mode: Interface configuration mode.
Page 323 Example: Switch (config)#ip vrf VRF-A Switch (config-vrf)# rd 300:3 Switch (config-vrf)# 19.1.9 route-target Command: route-target {import | export | both} <rt-value> no route-target {import | export | both} <rt-value> Function: Configure the Route-Target of the specific VRF, the no command will delete this configuration. Parameters: import: Filter the route to judge whether VPN route join in this VRF.
Page 324 19.1.10 show ip route vrf Command: show ip route vrf <vrf-name> [bgp | datebase] Parameters: <vrf-name>: VRF name is created by if vrf <vrf-name>. bgp: Import the route through BGP. database: The database of IP route table. Command mode: Any modes. Usage Guide: Show the specific route protocol.
Page 325 Switch# show ip vrf IPI VRF IPI, FIB ID 1 Router ID: 11.1.1.1 (automatic) Interfaces: Vlan1 VRF IPI; (id=1); RIP enabled Interfaces: Ethernet1/0/8 Name Interfaces Vlan1 Name Default RD Interfaces Vlan1 19.1.12 shutdown Command: shutdown no shutdown Function: Shut down the specified VLAN interface of the switch. The no operation of the command will enable the VLAN interface.
Page 326: Clear Ip Traffic
19.2 Commands for IPv4/v6 configuration 19.2.1 clear ip traffic Command: clear ip traffic Function: Clear the statistic information of IP protocol. Command Mode: Admin Mode Usage Guide: Clear the statistic information of receiving and sending packets for IP kernel protocol, including the statistic of receiving packets, sending packets and dropping packets and the error information of receiving and sending packets for IP protocol, ICMP protocol, TCP protocol and UDP protocol.
Page 327: Debug Ip Packet
Command Mode: Admin Mode Example: Switch#debug ip icmp IP ICMP: sent, type 8, src 0.0.0.0, dst 20.1.1.1 Display Description IP ICMP: sent Send ICMP packets type 8 Type is 8（PING request） src 0.0.0.0 Source IPv4 address dst 20.1.1.1 Destination IPv4 address 19.2.4 debug ip packet Command: debug ip packet...
Page 328 no debug ipv6 packet Function: IPv6 data packets receive/send debug message. Command Mode: Admin Mode Example: Switch#debug ipv6 packet IPv6 PACKET: rcvd, src <fe80::203:fff:fe01:2786>, dst <fe80::1>, size <64>, proto <58>, from Vlan1 Displayed information Explanation IPv6 PACKET: rcvd Receive IPv6 data report Src <fe80::203:fff:fe01:2786>...
Page 329 Dst <2003::20a:ebff:fe26:8a49> Destination IPv6 address from Vlan1 Layer 3 port being sent 19.2.7 debug ipv6 nd Command: debug ipv6 nd [ ns | na | rs | ra | redirect ] no debug ipv6 nd [ ns | na | rs | ra | redirect ] Function: Enable the debug of receiving and sending operations for specified types of IPv6 ND messages.
Page 330 19.2.8 debug ipv6 tunnel packet Command: debug ipv6 tunnel packet no debug ipv6 tunnel packet Function: tunnel data packets receive/send debug message. Parameter: None Default: None Command Mode: Admin Mode Example: Switch#debug ipv6 tunnel packet IPv6 tunnel: rcvd, type <136>, src <fe80::203:fff:fe01:2786>, dst <fe80::203:fff:fe01:59ba> IPv6 tunnel packet : rcvd src 178.1.1.1 dst 179.2.2.2 size 128 from tunnel1 Displayed information Explanation...
Page 331 There is no tunnel description by default. Usage Guide: When there is more than one tunnel in the system, configuring description will help user with identifying the purposes of different tunnels. Examples: Set the tunnel description as toCernet2. Switch(Config-if-Tunnel1)#description toCernet2 19.2.10 ipv6 proxy enable Command: ipv6 proxy enable...
Page 332 19.2.11 ip address Command: ip address <ip-address> <mask> [secondary] no ip address [<ip-address> <mask>] [secondary] Function: Set IP address and net mask of switch; the “no ip address [<ip-address> <mask>] [secondary]” command deletes the IP address configuration. Parameter: <ip-address> is IP address, dotted decimal notation; <mask>...
Page 333 length of IPv6 address, which is between 3-128, eui-64 means IPv6 address is generated automatically based on eui64 interface identifier of the interface. Command Mode: Interface Configuration Mode. Usage Guide: IPv6 address prefix can not be multicast address or any other specific IPv6 address, and different layer 3 interfaces can not configure the same address prefix.
Page 334 the next hop IPv6 address is global aggregatable unicast address and site-local address, if no interface name of the exit is specified, it must be assured that the IP address of the next hop and the address of some interface of the switch must be in the same network segment. As for tunnel route, interface name can be directly specified.
Page 335: Ipv6 Nd Dad Attempts
19.2.15 ipv6 nd dad attempts Command: ipv6 nd dad attempts <value> no ipv6 nd dad attempts Function: Set Neighbor Solicitation Message number sent in succession by interface when setting Duplicate Address Detection. Parameter: <value> is the Neighbor Solicitation Message number sent in succession by Duplicate Address Detection, and the value of <value>...
Page 336 The default Request Message time interval is 1 second. Default: The value to be set will include the situation in all routing announcement on the interface. Generally, very short time interval is not recommended. Example: Set Vlan1 interface to send out Neighbor Solicitation Message time interval to be 8 seconds. Switch(Config-if-Vlan1)#ipv6 nd ns-interval 8 19.2.17 ipv6 nd suppress-ra Command:...
Page 337 Interface Configuration Mode Default: The number of seconds of router default announcement lifetime is 1800. Usage Guide: This command is used to configure the lifetime of the router on Layer 3 interface, seconds being 0 means this interface can not be used for default router, otherwise the value should not be smaller than the maximum time interval of sending router announcement.
Page 338: Ipv6 Nd Prefix
19.2.20 ipv6 nd max-ra-interval Command: ipv6 nd max-ra-interval <seconds> no ipv6 nd max-ra-interval Function: Set the maximum time interval of sending routing message. Parameter: Parameter <seconds> is number of seconds of the time interval of sending routing announcement, <seconds> must be between 4-1800 seconds. Command Mode: Interface Configuration Mode Default:...
Page 339 link-local as unreachable. Command Mode: Interface Configuration Mode Default: The default value of valid-lifetime is 2592000 seconds (30 days), the default value of preferred-lifetime is 604800 seconds (7 days). off-link is off by default, no-autoconfig is off by default. Usage Guide: This command allows controlling the router announcement parameters of every IPv6 prefix.
Page 340 19.2.23 ipv6 nd ra-mtu Command: ipv6 nd ra-mtu <value> Function: Set the mtu of sending router advertisement. Parameters: <value> is the mtu of sending router advertisement, ranging from 0 to 1500. Command Mode： Interface Configuration Mode. Default: The default mtu of sending router advertisement is 1500. Example: Set the mtu of sending router advertisement in interface vlan 1 as 500.
Page 341 19.2.25 ipv6 nd retrans-timer Command: ipv6 nd retrans-timer <seconds> Function: Set the retrans-timer of sending router advertisement. Parameters: <value> is the retrans-timer of sending router advertisement, ranging from 0 to 4294967295 milliseconds. Command Mode: Interface Configuration Mode. Default: The default retrans-timer of sending router advertisement is 1000 milliseconds. Example: Set the reachable-time of sending router advertisement in interface vlan 1 as 10000 milliseconds.
Page 342: Ipv6 Neighbor
19.2.27 ipv6 nd managed-config-flag Command: ipv6 nd managed-config-flag Function: Set the flag representing whether the address information will be obtained via DHCPv6. Command Mode： Interface Configuration Mode. Default: The address information won’t be obtained via DHCPv6. Examples: Set IPv6 address information in interface vlan 1 will be obtained via DHCPv6. Switch#(Config-if-Vlan1)#ipv6 nd managed-config-flag 19.2.28 ipv6 neighbor Command:...
Page 343: Interface Tunnel
Switch(Config-if-Vlan1)#ipv6 neighbor 2001:1:2::4 00-30-4f-89-44-bc interface Ethernet 1/0/1 19.2.29 interface tunnel Command: interface tunnel <tnl-id> no interface tunnel <tnl-id> Function: Create/Delete tunnel. Parameter: Parameter <tnl-id> is tunnel No. Command Mode: Interface Configuration Mode. Usage Guide: This command creates a virtual tunnel interface. Since there is not information such as specific tunnel mode and tunnel source, show ipv6 tunnel does not show the tunnel, enter tunnel mode after creating, under that model information such as tunnel source and destination can be specified.
Page 344: Show Ip Traffic
Example: Restarter#show ip interface vlan1 brief Index Interface IP-Address Protocol 3001 Vlan1 192.168.2.11 19.2.31 show ip traffic Command: show ip traffic Function: Display statistics for IP packets. Command mode: Admin Mode Usage Guide: Display statistics for IP, ICMP, TCP, UDP packets received/sent. Example: Switch#show ip traffic IP statistics:...
Page 345 TcpCurrEstab 0, TcpEstabResets TcpInErrs 0, TcpInSegs 3180 TcpMaxConn 0, TcpOutRsts TcpOutSegs 0, TcpPassiveOpens TcpRetransSegs 0, TcpRtoAlgorithm TcpRtoMax 0, TcpRtoMin UDP statics: UdpInDatagrams 0, UdpInErrors UdpNoPorts 0, UdpOutDatagrams Displayed information Explanation IP statistics： IP packet statistics. Rcvd: 3249810 total, 3180 local destination Statistics total packets...
Page 346: Show Ipv6 Interface
0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TCP packet statistics. UDP statistics: UDP packet statistics. 19.2.32 show ipv6 interface Command: show ipv6 interface {brief|<interface-name>} Function: Show interface IPv6 parameters. Parameter: Parameter brief is the brief summarization of IPv6 status and configuration, and parameter interface-name is Layer 3 interface name.
Page 347: Show Ipv6 Route
MTU is 1500 bytes ND DAD is enabled, number of DAD attempts is 1 ND managed_config_flag is unset ND other_config_flag is unset ND NS interval is 1 second(s) ND router advertisements is disabled ND RA min-interval is 200 second(s) ND RA max-interval is 600 second(s) ND RA hoplimit is 64 ND RA lifetime is 1800 second(s) ND RA MTU is 0...
Page 348 show ipv6 route only shows IPv6 kernal routing table (routing table in tcpip), database shows all routers except the local router, fib local shows the local router, statistics shows router statistics information. Example: Switch#show ipv6 route Codes: C - connected, L - Local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP ::/0 via ::,...
Page 349: Show Ipv6 Neighbors
fe80::250:baff:fef2:a4f4, Vlan1 network segment is 2002::/64, via means passing 1024 fe80::250:baff:fef2:a4f4 is the next hop, VLAN1 is the exit interface name, 1024 is router weight. 19.2.34 show ipv6 neighbors Command: show ipv6 neighbors [{vlan|ethernet|tunnel} interface-number | interface-name | address <ipv6address>] Function: Display neighbor table entry information.
Page 350: Show Ipv6 Traffic
fe80::203:fff:fefe:3045 00-30-4f-fe-30-45 Vlan2 Ethernet1/0/17 reachable fe80::20c:ceff:fe13:eac1 00-0c-ce-13-ea-c1 Vlan12 Ethernet1/0/20 reachable fe80::250:baff:fef2:a4f4 00-50-ba-f2-a4-f4 Vlan1 Ethernet1/0/6 reachable IPv6 neighbour table: 11 entries Displayed information Explanation IPv6 Addres Neighbor IPv6 address Hardware Addr Neighbor MAC address Interface Exit interface name Port Exit interface name Neighbor status (reachable、statle、delay、probe、...
Page 351: Show Ipv6 Tunnel
Rcvd: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies Displayed information Explanation IP statistics IPv6 data report statistics Rcvd: 90 total, 17 local destination0 IPv6 received packets statistics header errors, 0 address errors0 unknown protocol, 13 discards Frags: 0 reassembled, 0 timeouts IPv6 fragmenting statistics...
Page 352 Parameter <tnl-id> is tunnel No. Command Mode: Admin Mode. Usage Guide: If there is not tunnel number, then information of all tunnels are shown. If there is tunnel number, then the detailed information of specified tunnel is shown. Example: Switch#show ipv6 tunnel name mode source...
Page 353 Example: Configure tunnel source IPv4 address 202.89.176.6. Switch(Config-if-Tunnel1)#tunnel source 202.89.176.6 19.2.39 tunnel destination Command: . tunnel destination <ipaddress | ipv6address> no tunnel destination Function: Configure the IPv4/IPv6 address of the tunnel destination. Parameter: <ipaddress> is the IPv4 address of tunnel destination, <ipv6address> is the IPv6 address of tunnel destination.
Page 354: Tunnel Mode
There is no IPv4 address of tunnel nexthop. Usage Guide: This command is for ISATAP tunnel, other tunnels won’t check the configuration of nexthop. Notice: IPv4 address of ISATAP tunnel nexthop and IPv4 address of tunnel source should be in same segment.
Page 355: Ip Fib Optimize
19.3 Commands for IP Route Aggregation 19.3.1 ip fib optimize Command: ip fib optimize no ip fib optimize Function: Enables the switch to use optimized IP route aggregation algorithm; the “no ip fib optimize” disables the optimized IP route aggregation algorithm. Default: Optimized IP route aggregation algorithm is disabled by default.
Page 356 Switch#show urpf 19.4.2 urpf enable Command: urpf enable no urpf enable Function: Enable the global URPF function. Command mode: Global Mode Default: The URPF protocol module is disabled by default. Example: Switch(config)#urpf enable 19.5 Commands for ARP Configuration 19.5.1 arp Command: arp <ip_address>...
Page 357: Debug Arp
Static ARP entries can be configured in the switch. Example: Configuring static ARP for interface VLAN1. Switch(Config-if-Vlan1)#arp 1.1.1.1 ,A8-F7-E0-f0-12-34 interface eth 1/0/2 19.5.2 clear arp-cache Command: clear arp-cache Function: Clears ARP table. Command mode: Admin Mode Example: Switch#clear arp-cache 19.5.3 clear arp traffic Command: clear arp traffic Function:...
Page 358 Enables the ARP debugging function; the “no debug arp {receive|send|state}” command disables this debugging function. Parameter: receive the debugging-switch of receiving ARP packets of the switch; send the debugging-switch of sending ARP packets of the switch; state the debugging-switch of APR state changing of the switch. Default: ARP debug is disabled by default.
Page 359: Show Arp
segment of the interface but not the same physical network, and the proxy ARP interface has been enabled, the interface will reply to the ARP with its own MAC address and forward the actual packets received. Enabling this function allows machines to physically be separated but in the same IP segment and communicate via the proxy ARP interface as if in the same physical network.
Page 360 Valid ARP entry number matching the filter conditions and attributing the legality states. Matched ARP entry number matching the filter conditions. Verifying ARP entry number at verifying again validity for ARP. InCompleted ARP entry number have ARP request sent without ARP reply.
Page 361 hardware tunnel-capacity <size> no hardware tunnel-capacity Function: Configure the maximum value of hardware tunnel-capacity, the no command restores the default value. Parameters: <size> is the value of hardware tunnel-capacity, its range from 0 to 1024. Default: Command mode: Global mode Usage Guide: This command is used to configured the maximum number of tunnel and MPLS forwarded by hardware.
Page 362 Chapter 20 Commands for ARP Scanning Prevention 20.1 anti-arpscan enable Command: anti-arpscan enable no anti-arpscan enable Function: Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally disables ARP scanning prevention function. Default Settings: Disable ARP scanning prevention function. Command Mode: Global configuration mode User Guide:...
Page 363 Parameters: rate threshold, ranging from 2 to 200. Default Settings: 10 packets /second. Command Mode: Global Configuration Mode. User Guide: the threshold of port-based ARP scanning prevention should be larger than the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning prevention will fail. Example: Set the threshold of port-based ARP scanning prevention as 10 packets /second.
Page 364 20.4 anti-arpscan trust Command: anti-arpscan trust [port | supertrust-port] no anti-arpscan trust [port | supertrust-port] Function: Configure a port as a trusted port or a super trusted port;” no anti-arpscan trust <port | supertrust-port>”command will reset the port as an untrusted port. Default Settings: By default all the ports are non- trustful.
Page 365 <ip-address>: Configure trusted IP address; <netmask>: Net mask of the IP. Default Settings: By default all the IP are non-trustful. Default mask is 255.255.255.255 Command Mode: Global configuration mode User Guide: If a port is configured as a trusted port, then the ARP scanning prevention function will not deal with this port, even if the rate of received ARP messages exceeds the set threshold, this port will not be closed.
Page 366 20.7 anti-arpscan recovery time Command: anti-arpscan recovery time <seconds> no anti-arpscan recovery time Function: Configure automatic recovery time; “no anti-arpscan recovery time” command resets the automatic recovery time to default value. Parameters: Automatic recovery time, in second ranging from 5 to 86400. Default Settings: 300 seconds.
Page 367 Example: Enable ARP scanning prevention log function of the switch. Switch(config)#anti-arpscan log enable 20.9 anti-arpscan trap enable Command: anti-arpscan trap enable no anti-arpscan trap enable Function: Enable ARP scanning prevention SNMP Trap function; ”no anti-arpscan trap enable” command disable ARP scanning prevention SNMP Trap function. Default Settings: Disable ARP scanning prevention SNMP Trap function.
Page 368 User Guide: Use “show anti-arpscan trust port” if users only want to check trusted ports. The reset follow the same rule. Example: Check the operating state of ARP scanning prevention function after enabling it. Switch(config)#show anti-arpscan Total port: 28 Name Port-property beShut shutTime(seconds) Ethernet1/0/1 untrust...
Page 369 shutTime(seconds) 1.1.1.2 Trust IP: 192.168.99.5 255.255.255.255 192.168.99.6 255.255.255.255 20.11 debug anti-arpscan Command: debug anti-arpscan [port | ip] no debug anti-arpscan [port | ip] Function: Enable the debug switch of ARP scanning prevention; ”no debug anti-arpscan [port | ip]” command disables the switch. Default Settings: Disable the debug switch of ARP scanning prevention Command Mode:...
Page 370 Chapter 21 Commands for Preventing ARP, ND Spoofing 21.1 ip arp-security updateprotect Command: ip arp-security updateprotect no ip arp-security updateprotect Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect” command re-enables ARP table automatic update. Default: ARP table automatic update. Command Mode: Global Mode/ Interface configuration.
Page 371 Default: ND update normally. Command Mode: Global Mode/ Interface configuration User Guide: Forbid ND table automatic update, the ND packets conflicting with current ND item (e.g. with same IP but different MAC or port) will be droped, the others will be received to update aging timer or create a new item;...
Page 372 21.4 ipv6 nd-security learnprotect Command: ipv6 nd-security learnprotect no ipv6 nd-security learnprotect Function: Forbid ND learning function of IPv6 Version, the no command re-enables ND learning function. Default: ND learning enabled. Command Mode: Global Mode/ Interface Configuration. Usage Guide: This command is for preventing the automatic learning and updating of ND. Unlike ip nd-security updateprotect, once this command implemented, there will still be timeout even if the switch keeps sending Request/Reply messages.
Page 373: Clear Ip Arp Dynamic
21.6 ipv6 nd-security convert Command: ipv6 nd-security convert Function: Change all of dynamic ND to static ND. Command Mode: Global Mode/ Interface Configuration Usage Guide: This command will convert the dynamic ND entries to static ones, which, in combination with disabling automatic learning, can prevent ND binding.
Page 374: Clear Ipv6 Nd Dynamic
21.8 clear ipv6 nd dynamic Command: clear ipv6 nd dynamic Function: Clear all of dynamic ND on interface. Parameter: None Command mode: Interface Configuration Usage Guide: This command will clear dynamic entries before binding ND. Once implemented, this command will lose its effect.
Page 375 Chapter 22 Command for ARP GUARD 22.1 arp-guard ip Command: arp-guard ip <addr> no arp-guard ip <addr> Function: Add a ARP GUARD address, the no command deletes ARP GUARD address. Parameters: <addr> is the protected IP address, in dotted decimal notation. Default: There is no ARP GUARD address by default.
Page 376 Chapter 23 Command for ARP Local Proxy 23.1 ip local proxy-arp Command: ip local proxy-arp no ip local proxy-arp Function: Enable/disable the local ARP Proxy function of a specified interface. Default Settings: This function is disabled on all interfaces by default. Command Mode: Interface VLAN Mode.
Page 377: Arp Configuration
Chapter 24 Commands for Gratuitous ARP Configuration 24.1 ip gratuitous-arp Command: ip gratuitous-arp [<interval-time>] no ip gratuitous-arp Function: To enabled gratuitous ARP, and specify update interval for gratuitous ARP. The no form of this command will disable the gratuitous ARP configuration. Parameters: <interval-time>...
Page 378 24.2 show ip gratuitous-arp Command: show ip gratuitous-arp [interface vlan <vlan-id>] Function: To display configuration information about gratuitous ARP. Parameters: <vlan-id> is the VLAN ID. The valid range for <vlan-id> is between 1 and 4094. Command Mode: All the Configuration Modes. Usage Guide: In all the configuration modes, the command show ip gratuitous arp will display information about the gratuitous ARP configuration in global and interface configuration mode.
Page 379 Chapter 25 Commands for Keepalive Gateway 25.1 keepalive gateway Command: keepalive gateway <ip-address> [{<interval-seconds> | msec <interval-millisecond>} [retry-count]] no keepalive gateway Function: Enable keepalive gateway, configure the interval that ARP request packet is sent and the retry-count after detection is failing, the no command disables the function. Parameters: ip-address: IP address of the gateway interval-seconds: The interval (unit is second) that ARP request packet is sent, ranging between 1...
Page 380 Function: Show IPv4 running status of the specified interface. Parameters: interface-name is the specified interface name. If there is no parameter, show IPv4 running status of all interfaces. Command Mode: Policy-class-map Mode. Usage Guide: Show IPv4 running status of the interface. Example: Switch(config)#show ip interface brief Index...
Page 381: Commands For Dhcp Server Configuration
Chapter 26 Commands for DHCP 26.1 Commands for DHCP Server Configuration 26.1.1 bootfile Command: bootfile <filename> no bootfile Function: Sets the file name for DHCP client to import on boot up; the “no bootfile “command deletes this setting. Parameters: <filename> is the name of the file to be imported, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Usage Guide:...
Page 382: Clear Ip Dhcp Conflict
Command mode: Admin Mode. Usage Guide: “show ip dhcp binding” command can be used to view binding information for IP addresses and corresponding DHCP client hardware addresses. If the DHCP server is informed that a DHCP client is not using the assigned IP address for some reason before the lease period expires, the DHCP server would not remove the binding information automatically.
Page 383: Clear Ip Dhcp Server Statistics
Related Command: ip dhcp conflict logging, show ip dhcp conflict 26.1.4 clear ip dhcp server statistics Command: clear ip dhcp server statistics Function: Deletes the statistics for DHCP server, clears the DHCP server count. Command mode: Admin Mode. Usage Guide: DHCP count statistics can be viewed with “show ip dhcp server statistics”...
Page 384: Debug Ip Dhcp Client
Example: Specifying the IP address 10.1.128.160 to be bound to user with the unique id of 00-10-5a-60-af-12 in manual address binding. Switch(dhcp-1-config)#client-identifier 00-10-5a-60-af-12 Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command: Host 26.1.6 debug ip dhcp client Command: debug ip dhcp client {event | packet} no debug ip dhcp server {event | packet} Function: Enable the debugging of DHCP client, no command disables the debugging of DHCP client.
Page 385 no debug ip dhcp server {events | linkage | packets} Function: Enables DHCP server debug information: the “no debug ip dhcp server {events | linkage | packets}” command disables the debug information for DHCP server. Command Mode: Admin Mode. Default: Debug information is disabled by default.
Page 386 Function: Configure DNS servers for DHCP clients; the “no dns-server” command deletes the default gateway. Parameters: <address1>…<address8> are IP addresses, in decimal format. Default: No DNS server is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: Up to 8 DNS server addresses can be configured.
Page 387 26.1.12 hardware-address Command: hardware-address <hardware-address> [{Ethernet | IEEE802|<type-number>}] no hardware-address Function: Specifies the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting. Parameters: <hardware-address> is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, <type-number>...
Page 388: Ip Dhcp Conflict Logging
<address> is the IP address in decimal format; <mask> is the subnet mask in decimal format; <prefix-length> means mask is indicated by prefix. For example, mask 255.255.255.0 in prefix is “24”, and mask 255.255.255.252 in prefix is “30”. Command Mode: DHCP Address Pool Mode Usage Guide: If no mask or prefix is configured when configuring the IP address, and no information in the IP...
Page 389: Ip Dhcp Pool
by the DHCP server until the conflicting records are deleted. Example: Disable logging for DHCP server. Switch(config)#no ip dhcp conflict logging Related Command: clear ip dhcp conflict 26.1.15 ip dhcp excluded-address Command: ip dhcp excluded-address <low-address> [<high-address>] no ip dhcp excluded-address <low-address> [<high-address>] Function: Specifies addresses excluding from dynamic assignment;...
Page 390 <name>“command deletes the specified address pool. Parameters: <name> is the address pool name, up to 32 characters are allowed. Command mode: Global Mode Usage Guide: This command is used to configure a DHCP address pool under Global Mode and enter the DHCP address configuration mode.
Page 391: Ip Dhcp Ping Packets
26.1.18 ip dhcp ping packets Command: ip dhcp ping packets <request-num> no ip dhcp ping packets Function: Set the max number of Ping request (Echo Request) message to be sent in Ping-detection of conflict on DHCP server, whose default value is 2; the no operation of this command will restore the default value.
Page 392 Global Configuration Mode. Examples: Set the timeout period (in ms) of waiting for each reply message (Echo Request) in Ping-detection of conflict on DHCP server as 600ms. Switch(config)#ip dhcp conflict timeout 600 Related Command: ip dhcp conflict ping-detection enable, ip dhcp ping packets 26.1.20 lease Command: lease { [<days>] [<hours>][<minutes>] | infinite }...
Page 393 Command: netbios-name-server <address1>[<address2>[…<address8>]] no netbios-name-server Function: Configures WINS servers’ address; the “no netbios-name-server” command deletes the WINS server. Parameters: <address1>…<address8> are IP addresses, in decimal format. Default: No WINS server is configured by default. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used to specify WINS server for the client, up to 8 WINS server addresses can be configured.
Page 394 DHCP Address Pool Mode Usage Guide: If client node type is to be specified, it is recommended to set the client node type to h-node that broadcasts after point-to-point communication. Example: Setting the node type for client of pool 1 to broadcasting node. Switch(dhcp-1-config)#netbios-node-type b-node 26.1.23 network-address Command:...
Page 395 Command: next-server <address1>[<address2>[…<address8>]] no next-server Function: Sets the server address for storing the client import file; the “no next-server” command cancels the setting. Parameters: <address1>…<address8> are IP addresses, in the decimal format. Command Mode: DHCP Address Pool Mode Usage Guide: This command configures the address for the server hosting client import file.
Page 396: Service Dhcp
Example: Setting the WWW server address as 10.1.128.240. Switch(dhcp-1-config)#option 72 ip 10.1.128.240 26.1.26 service dhcp Command: service dhcp no service dhcp Function: Enables DHCP server; the “no service dhcp” command disables the DHCP service. Default: DHCP service is disabled by default. Command mode: Global Mode Usage Guide:...
Page 397: Show Ip Dhcp Conflict
Example: Switch# show ip dhcp binding IP address Hardware address Lease expiration Type 10.1.1.233 00-00-E2-3A-26-04 Infinite Manual 10.1.1.254 00-00-E2-3A-5C-D3 Automatic Displayed information Explanation IP address IP address assigned to a DHCP client Hardware address MAC address of a DHCP client Lease expiration Valid time for the DHCP client to hold the IP address Type...
Page 398: Show Ip Dhcp Server Statistics
Show the relative configuration for DHCP relay option82. Command mode: Admin and Configuration Mode. Example: Set the admin mode timeout value to 6 minutes. Switch#show ip dhcp relay information option ip dhcp server relay information option(i.e. option 82) is enabled ip dhcp relay information option(i.e.
Page 399: Commands For Dhcp Relay Configuration
DHCPOFFER DHCPACK DHCPNAK DHCPRELAY 1907 DHCPFORWARD Switch# Displayed information Explanation Address pools Number of DHCP address pools configured. Database agents Number of database agents. Automatic bindings Number of addresses assigned automatically Manual bindings Number of addresses bound manually Conflict bindings Number of conflicting addresses Expired bindings Number of addresses whose leases are expired...
Page 400 no ip forward-protocol udp bootps Function: Sets DHCP relay to forward UPD broadcast packets on the port; the “no ip forward-protocol udp bootps”command cancels the service. Parameter: bootps forwarding UDP port as 67 DHCP broadcast packets. Default: Not forward UPD broadcast packets by default. Command mode: Global Mode Usage Guide:...
Page 401 26.2.3 show ip forward-protocol Command: show ip forward-protocol Function: Show the configured port ID of the protocol which support the forwarding of broadcast packets, it means the port ID for forwarding DHCP packets. Command mode: Admin and configuration mode Example: Switch#show ip forward-protocol Forward protocol(UDP port): 67(active) 26.2.4 show ip helper-address...
Page 402: Clear Ipv6 Dhcp Binding
Chapter 27 Commands for DHCPv6 27.1 clear ipv6 dhcp binding Command: clear ipv6 dhcp binding [<ipv6-address>] [pd <ipv6-prefix | prefix-length>] Function: To clear one specified DHCPv6 assigned address binding record or all the IPv6 address binding records. Parameter: <ipv6-address> is the specified IPv6 address with binding record; <ipv6-prefix| prefix-length> is the specified IPv6 prefix with binding record;...
Page 403: Clear Ipv6 Dhcp Statistics
<address> is the specified address with the conflict record, no specified address will clear all conflict records. Command Mode: Admin Mode Usage Guide: With show ipv6 dhcp conflict command, the user can check the conflict in which IP addresses. With this command, the user can clears the conflict record of an address. If no specified address will clear the conflict record of all addresses in log.
Page 404 Function: To enable the debugging messages for protocol packets of DHCPv6 prefix delegation client, the no form of this command will disable the debugging information. Default: Disabled. Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp client packet 27.5 debug ipv6 dhcp detail Command: debug ipv6 dhcp detail no debug ipv6 dhcp detail...
Page 405 Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp relay packet 27.7 debug ipv6 dhcp server Command: debug ipv6 dhcp server { event | packet } no debug ipv6 dhcp server { event | packet } Function: To enable the debugging information of DHCPv6 server, the no form of this command will disable the debugging.
Page 406 Command Mode: DHCPv6 Address Pool Configuration Mode. Usage Guide: For each address pool, at most three DNS server can be configured, and the addresses of the DNS server must be valid IPv6 addresses. Example: To configure the DNS Server address of DHCPv6 client as 2001:da8::1. Switch(dhcp-1-config)#dns-server 2001:da8::1 27.9 domain-name Command:...
Page 407 To configure the specified IPv6 address to be excluded from the address pool, the excluded address will not be allocated to any hosts; the no form of this command will remove the configuration. Parameter: <ipv6-address> is the IPv6 address to be excluded from being allocated to hosts in the address pool.
Page 408: Ipv6 Dhcp Client Pd
disabled. Only one <ipv6-prefix/prefix-length> can be configured for one prefix name. Example: If the prefix name my-prefix designates 2001:da8:221::/48, then the following command will add the address 2001:da8:221:2008::2008 to interface VLAN1. Switch(Config-if-Vlan1)# ipv6 address my-prefix 0:0:0:2008::2008/64 27.12 ipv6 dhcp client pd Command: ipv6 dhcp client pd <prefix-name>...
Page 409: Ipv6 Dhcp Pool
27.13 ipv6 dhcp client pd hint Command: ipv6 dhcp client pd hint <prefix|prefix-length> no ipv6 dhcp client pd hint <prefix|prefix-length> Function: Designate the prefix demanded by the client and its length. The no operation of this command will delete that prefix and its length from the specified interface. Parameters: <prefix|prefix-length>...
Page 410: Ipv6 Dhcp Relay Destination
Default: Any DHCPv6 address pool are not configured by default. Command Mode: Global Mode. Usage Guide: This command should be launched in global configuration mode, and falls in DHCPv6 address pool configuration mode if launched successfully. To remove a configured address pool, interface bindings related to the address pool, as well as the related address bindings will be removed.
Page 411: Ipv6 Dhcp Server
should be the address of another DHCPv6 relay or the address DHCPv6 server. At most three relay addresses can be configured for an interface. To be mentioned, the DHCPv6 relay stops working only if all the relay destination address configurations have been removed. This command is mutually exclusive to “ipv6 dhcp server”...
Page 412 27.17 ipv6 general-prefix Command: ipv6 general-prefix <prefix-name> <ipv6-prefix/prefix-length> no ipv6 general-prefix <prefix-name> Function: To define an IPv6 general prefix. The no form of this command will delete the configuration. Parameter: <prefix-name> is a character string less than 32 characters, to use as IPv6 general prefix name. <ipv6-prefix/prefix-length>...
Page 413 <poolname> is the name for the IPv6 address pool of the prefix delegation, the length name string should be less than 32. <prefix/prefix-length> is the address prefix and its length of the prefix delegation. <assigned-length> is the length of the prefix in the address pool which can be retrieved by the client, the assigned prefix length should be no less than the value of <prefix-length>...
Page 414 27.20 network-address Command: network-address <ipv6-pool-start-address> {<ipv6-pool-end-address> | <prefix-length>} [eui-64] no network-address Function: To configure the DHCPv6 address pool; the no form of this command will remove the address pool configuration. Parameters: <ipv6-pool-start-adderss> is the start of the address pool; <ipv6-pool-end-address> is the end of the address pool;...
Page 415 27.21 prefix-delegation Command: prefix-delegation <ipv6-prefix/prefix-length> <client-DUID> [iaid <iaid>] [lifetime {<valid-time> | infinity} {<preferred-time> | infinity}] no prefix-delegation <ipv6-prefix/prefix-length> <client-DUID> [iaid <iaid>] Function: To configure dedicated prefix delegation for the specified user. The no form of this command will remove the dedicated prefix delegation. Parameters: <ipv6-prefix/prefix-length>...
Page 416 prefix-delegation pool <poolname> [lifetime {<valid-time> | infinity} {<preferred-time> | infinity}] no prefix-delegation pool <poolname> Function: o configure prefix delegation name used by DHCPv6 address pool. The no form of this command deletes the configuration. Parameters: <poolname> is the name of the address prefix pool, the length name string should be less than 32. <valid-time>...
Page 417: Show Ipv6 Dhcp
Global Mode. Usage Guide: The DHCPv6 services include DHCPv6 server function, DHCPv6 relay function, DHCPv6 prefix delegation function. All of the above services are configured on ports. Only when DHCPv6 server function is enabled, the IP address assignment of DHCPv6 client, DHCPv6 relay and DHCPv6 prefix delegation functions enabled can be configured on ports.
Page 418: Show Ipv6 Dhcp Conflict
<ipv6-address> is the specified IPv6 address; count show the number of DHCPv6 address bindings. Command Mode: Admin and Configuration Mode. Usage Guide: To show all the address and prefix binding information of DHCPv6, include type, DUID, IAID, prefix, valid time and so on. Example: Switch#show ipv6 dhcp binding Client: iatype IANA, iaid 0x0e001d92...
Page 419: Show Ipv6 Dhcp Pool
<interface-name> is the name and number of interface, if the<interface-name> parameter is not provided, then all the DHCPv6 interface information will be shown. Command Mode: Admin and Configuration Mode. Usage Guide: To show the information for DHCPv6 interface, include Port Mode (Prefix delegation client、 DHCPv6 server、...
Page 420 Command Mode: Admin and Configuration Mode. Example: Switch#show ipv6 dhcp server statistics Address pools Active bindings Expiried bindings Malformed message Message Recieved DHCP6SOLICIT DHCP6ADVERTISE DHCP6REQUEST DHCP6REPLY DHCP6RENEW DHCP6REBIND DHCP6RELEASE DHCP6DECLINE DHCP6CONFIRM DHCP6RECONFIGURE DHCP6INFORMREQ DHCP6RELAYFORW DHCP6RELAYREPLY Message Send DHCP6SOLICIT DHCP6ADVERTISE DHCP6REQUEST DHCP6REPLY DHCP6RENEW DHCP6REBIND...
Page 421 Show information Explanation Address pools To configure the number of DHCPv6 address pools; Active bindings The number of auto assign addresses; Expiried bindings The number of expiried bindings; Malformed message The number of malformed messages; Message Recieved The statistic of received DHCPv6 packets. DHCP6SOLICIT The number of DHCPv6 SOLICIT packets.
Page 422 27.30 show ipv6 general-prefix Command: show ipv6 general-prefix Function: To show the IPv6 general prefix pool information. Command Mode: Admin and Configuration Mode. Usage Guide: To show the IPv6 general prefix pool information, include the prefix number in general prefix pool, the name of every prefix, the interface of prefix obtained, and the prefix value.
Page 423: Ip Dhcp Relay Information Option
Chapter 28 Commands for DHCP Option 82 28.1 debug ip dhcp relay packet Command: debug ip dhcp relay packet Function: This command is used to display the information of data packets processing in DHCP Relay Agent, including the “add” and “peel” action of option 82. Command Mode: Admin Mode.
Page 424 message, and let the server to process it. Before enabling this function, users should make sure that the DHCP service is enabled and the Relay Agent will transmit the udp broadcast messages whose destination port is 67. Example: Enable the option82 function of the Relay Agent. Switch(config)#service dhcp Switch(config)# ip forward-protocol udp bootps Switch(config)# ip dhcp relay information option...
Page 425 are received by the interface). The no command sets the additive suboption2 (remote ID option) format of option 82 as standard. Parameters: standard means the default VLAN MAC format. <remote-id> means the remote-id content of option 82 specified by users, its length can not exceed 64 characters. Command Mode: Global Mode Default Settings:...
Page 426 MAC means VLAN MAC address. The compatible remote-id format with HP manufacturer defined as below: Remote option Length type 4 byte 1 byte 1 byte IP means the primary IP address of layer 3 interface where DHCP packets from. Example: Set remote-id of Relay Agent option82 as the compatible format with HP manufacturer.
Page 427 respectively for option82. Switch(config)#ip dhcp relay information option self-defined remote-id hostname string abc 28.7 ip dhcp relay information option self-defined remote-id format Command: ip dhcp relay information option self-defined remote-id format [ascii | hex] Function: Set self-defined format of remote-id for relay option82. Command Mode: Global Mode User Guide:...
Page 428 Using standard method. User Guide: After configure this command, if users do not configure circuit-id on interface, it will create circuit-id suboption for option82 according to self-defined method. Self-defined format of circuit-id: if self-defined format is ascii, the filled format of vlan such as “Vlan2”, the format of port such as “Ethernet1/0/1”, the format of mac and remote-mac such as “00-02-d1-2e-3a-0d”.
Page 429 28.10 ip dhcp relay information option subscriber-id Command: ip dhcp relay information option subscriber-id {standard | <circuit-id>} no ip dhcp relay information option subscriber-id Function: This command is used to set the format of option82 sub-option1(Circuit ID option) added to the DHCP request messages from interface, standard means the standard vlan name and physical port name format, like”Vlan2+Ethernet1/0/12”,<circuit-id>...
Page 430: Ip Dhcp Relay Information Policy
Command Mode: Global Mode Default: ascii. User Guide: VLAN and port information with ASCII format, such as “Vlan1+Ethernet1/0/11”, VLAN and port information with hexadecimal format defined as below: Suboption Circuit Length Length type ID type VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte...
Page 431 the system will replace the option 82 segment in the existing message with its own option 82, and forward the message to the server to process. The “no ip dhcp relay information policy” will set the retransmitting policy of the option 82 DCHP message as “replace”. Command Mode: Interface configuration mode.
Page 432 28.14 show ip dhcp relay information option Command: show ip dhcp relay information option Function: This command will display the state information of the DHCP option 82 in the system, including option82 enabling switch, the interface retransmitting policy, the circuit ID mode and the switch DHCP server option82 enabling switch.
Page 433: Address Range
Chapter 29 Commands for DHCPv6 option37, 38 29.1 Commands for DHCPv6 option37, 38 29.1.1 address range Command: address range <start-ip> <end-ip> no address range <start-ip> <end-ip> Function: This command is used to set address range for a DHCPv6 class in DHCPv6 address pool configuration mode, the no command is used to remove the address range.
Page 434 Command: class <class-name> no class <class-name> Function: This command associates class to address pool in DHCPv6 address pool configuration mode and enters class configuration mode in address pool. Use the no command to remove the link. Parameters: class-name, the name of DHCPv6 class. Command Mode: DHCPv6 address pool configuration mode Usage Guide:...
Page 435 29.1.4 ipv6 dhcp relay remote-id Command: ipv6 dhcp relay remote-id <remote-id> no ipv6 dhcp relay remote-id Function: This command is used to set the form of adding option 37 in received DHCPv6 request packets, of which <remote-id> is the remote-id in user-defined option 37 and it is a string with a length of less than 128.
Page 436 Usage Guide: Only after this command is configured, DHCPv6 relay agent can add option 37 in DHCPv6 request packets before sending it to server or next relay agent. Make sure that DHCPv6 service has been enabled before execute this command. Example: Enable the switch relay to support option 37.
Page 437 Command: ipv6 dhcp relay subscriber-id option no ipv6 dhcp relay subscriber-id option Function: This command enables switch relay to support the option 38, the no form of this command disables Default: Disable the relay option 38. Command Mode: Global configuration mode Usage Guide: Only after this command is configured, DHCPv6 relay agent can add option 38 in DHCPv6 request packets before sending it to server or next relay agent.
Page 438 The command has no effect on ports with self-defined subscriber-id. If user redefines the subscriber-id of the port after using the command, the user-defined one prevails. This configuration is null by default. Example: Switch(config)# ipv6 dhcp relay subscriber-id select sp delimiter # 29.1.9 ipv6 dhcp server remote-id option Command: ipv6 dhcp server remote-id option...
Page 439 Selecting option 37 and option 38 of the original packets. Command Mode: Interface configuration mode Usage Guide: Make sure that the server has been enabled to support option 37 and option 38 before use this command. The system selects option 37 and option 38 of the original packets by default. Example: Configure that the vlan1 interface of DHCPv6 server selects option 37 and option 38 of relay-forw in the innermost layer.
Page 440 This command is used to set the form of adding option 37 in received DHCPv6 request packets, of which <remote-id> is the content of remote-id in user-defined option 37 and it is a string with a length of less than 128. The no form of this command restores remote-id in option 37 to enterprise-number together with vlan MAC address.
Page 441 Switch(Config)#ipv6 dhcp snooping enable Switch(Config)#ipv6 dhcp snooping remote-id option 29.1.14 ipv6 dhcp snooping remote-id policy Command: ipv6 dhcp snooping remote-id policy {drop | keep | replace} no ipv6 dhcp snooping remote-id policy Function: This command is used to configure the reforward policy of the system when receiving DHCPv6 packets with option 37, among which the drop mode means that the system simply discards it with option 37, keep mode means that the system keeps option 37 unchanged and forwards the packets to the server and replace mode means that the system replaces option 37 of current packets with...
Page 442 a length of less than 128. The no operation of this command restores subscriber-id in option 38 to vlan name together with port name such as "Vlan2+Ethernet1/0/2". Parameters: subscriber-id, user-defined content of option 38 Default: Set subscriber-id in option 38 to vlan name together with port name. Command Mode: Port mode Usage Guide:...
Page 443 29.1.17 ipv6 dhcp snooping subscriber-id policy Command: ipv6 dhcp snooping subscriber-id policy {drop | keep | replace} no ipv6 dhcp snooping subscriber-id policy Function: This command is used to set the reforward policy of the system when receiving DHCPv6 packets with option 38, among which the drop mode means that the system simply discards it with option 38, keep mode means that the system keeps option 38 unchanged and forwards the packets to the server and replace mode means that the system replaces option 38 of current packets with its own...
Page 444 (sp | sv | pv | spv), a selection from combinations of slot, port and vlan, among which sp represents slot and port, sv represents slot and vlan, pv represents port and vlan, and spv represents slot, port and vlan. WORD, the delimiter between slot, port and vlan which ranges among (#|.|,|;|:|/|space).
Page 445 29.1.20 remote-id subscriber-id Command: {remote-id [*] <remote-id> [*] | subscriber-id [*] <subscriber-id> [*]} no {remote-id [*] <remote-id> [*] | subscriber-id [*] < subscriber-id> [*]} Function: This command configures option 37 and option 38 that match the class in IPv6 DHCP class configuration mode.
Page 446 server side as well as the relay side. Command Mode: Admin mode Usage Guide: Enable/disable the display of detailed debug about packets sent and received by DHCPv6. Example: Switch# debug ipv6 dhcp detail %Jan 01 01:38:45 2006 DHCPv6 DETAILS: contents of SOLICIT packet %Jan 01 01:38:45 2006 transaction-ID: 0x00b2d47c %Jan 01 01:38:45 2006...
Page 447 Example: Switch# debug ip dhcpv6 relay packet %May 16:45:34 2010 DHCPv6 RELAY PACKET: received msg0 from <fe80::211:22ff:fe33:4455> on <Vlan8> %May 16:45:34 2010 DHCPv6 RELAY PACKET: subscriber-id option “Vlan8+Ethernet1/0/12” 29.2.3 debug ipv6 dhcp snooping packet Command: debug ipv6 dhcp snooping packet Function: Debug the packets of DHCPv6 SNOOPING.
Page 448 29.2.4 show ipv6 dhcp relay option Command: show ipv6 dhcp relay option Function: Display the configuration of system relay agent, including the enable switch for option 37 and option Command Mode: Admin mode Usage Guide: Use this command to check relay agents’ configuration status for option 37 and option 38. Example: Switch#show ipv6 dhcp relay option remote-id option enable...
Page 449: Debug Ip Dhcp Snooping Event
Chapter 30 Commands for DHCP Snooping 30.1 debug ip dhcp snooping binding Command: debug ip dhcp snooping binding no debug ip dhcp snooping binding Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of binding data of DHCP SNOOPING.
Page 450: Debug Ip Dhcp Snooping Packet
30.3 debug ip dhcp snooping packet Command: debug ip dhcp snooping packet no debug ip dhcp snooping packet Function: This command is used to enable the DHCP SNOOPING debug switch to debug the message-processing procedure of DHCP SNOOPING. Command Mode: Admin Mode.
Page 451 Function: This command is use to enable the DHCP snooping debug switch to debug the communication information between DHCP snooping and helper server. Command Mode: Admin Mode. Usage Guide: Debug the information of communication messages received and sent by DHCP snooping and helper server.
Page 452: Ip Dhcp Snooping
30.7 ip dhcp snooping Command: ip dhcp snooping enable no ip dhcp snooping enable Function: Enable the DHCP Snooping function. Command Mode: Globe mode. Default Settings: DHCP Snooping is disabled by default. Usage Guide: When this function is enabled, it will monitor all the DHCP Server packets of non-trusted ports. Example: Enable the DHCP Snooping function.
Page 453 Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set. Trusted port will not detect fake DHCP Server, so, will never trigger the corresponding defense action. When a port turns into a trusted port from a non-trusted port, the original defense action of the port will be automatically deleted.
Page 454: Ip Dhcp Snooping Binding
30.10 ip dhcp snooping binding Command: ip dhcp snooping binding enable no ip dhcp snooping binding enable Function: Enable the DHCP Snooping binding funciton Command Mode: Globe mode Default Settings: DHCP Snooping binding is disabled by default. Usage Guide: When the function is enabled, it will record the binding information allocated by DHCP Server of all trusted ports.
Page 455 added to the NEIGHBOUR list directly. The priority of binding ARP list entries is lower than the static ARP list entries set by administrator, so can be overwritten by static ARP list entries; but, when static ARP list entries are deleted, the binding ARP list entries can not be recovered untill the DHCP SNOOPING recapture the biding inforamtion.
Page 456 ip dhcp snooping binding user-control 30.13 ip dhcp snooping binding user Command: ip dhcp snooping binding user <mac> address <ipaddress> <mask> vlan <vid> interface [Ethernet] <ifname> no ip dhcp snooping binding user <mac> interface [Ethernet] <ifname> Function: Configure the information of static binding users Parameters: <mac>: The MAC address of the static binding user, whic is the only index of the binding user.
Page 457 no ip dhcp snooping binding user-control Function: Enable the binding user funtion. Command Mode: Port Mode. Default Settings: By default, the binding user funciton is disabled on all ports. Usage Guide: When this function is enabled, DHCP SNOOPING will treat the captured binding information as trusted users allowed to access all resources.
Page 458 Considering the limited hardware resources of the switch, the actual number of trust users distributed depends on the resource amount. If a bigger max number of users is set using this command, DHCP Snooping will distribute the binding informaiton of untrust users to hardware to be trust users as long as there is enough available resources.
Page 459 Switch(config)#ip dhcp snooping enable Switch(config)# ip dhcp snooping binding enable Switch(config)# ip dhcp snooping information enable 30.17 ip dhcp snooping information option allow-untrusted Command: ip dhcp snooping information option allow-untrusted no ip dhcp snooping information option allow-untrusted Function: This command is used to set that allow untrusted ports of DHCP snooping to receive DHCP packets with option82 option.
Page 460 slash (“/”). Command Mode: Global mode Usage Guide: Divide parameters with the configured delimiters after users have defined them which are used to create suboption (remote-id, circuit-id) of option82 in global mode. Example: Set the parameter delimiters as dot (“.”) for suboption of option82. Switch(config)# ip dhcp snooping information option delimiter dot 30.19 ip dhcp snooping information option remote-id Command:...
Page 461 30.20 ip dhcp snooping information option self-defined remote-id Command: ip dhcp snooping information option self-defined remote-id {hostname | mac | string WORD} no ip dhcp snooping information option self-defined remote-id Function: Set creation method for option82, users can define the parameters of remote-id suboption by themselves.
Page 462 Global Mode Default: ascii. Usage Guide: self-defined format use ip dhcp snooping information option type self-defined remote-id to create remote-id format. Example: Set self-defined format of remote-id as hex for snooping option82. Switch(config)# ip dhcp snooping information option self-defined remote-id format hex 30.22 ip dhcp snooping information option self-defined subscriber-id Command:...
Page 463 with delimiter (delimiter is ip dhcp snooping information option delimiter configuration). Example: Set self-defined method of circuit-id suboption as vlan, port, mac and remote-mac for option82. Switch(config)#ip dhcp snooping information option self-defined subscriber-id vlan port id remote-mac 30.23 ip dhcp snooping information option self-defined subscriber-id format Command: ip dhcp snooping information option self-defined subscriber-id format [ascii | hex]...
Page 464 Parameters: standard means the standard format of VLAN name and physical port name, such as Vlan2+Ethernet1/0/12. <circuit-id> means the circuit-id content of option 82 specified by users, its length can not exceed 64 characters. Command Mode: Port Mode Default: Use standard format to set circuit-id. Usage Guide: The additive option 82 needs to associate with third-party DHCP server, it is used to specify the circuit-id content by user when the standard circuit-id format can not satisfy server’s request.
Page 465 Suboption Circuit Length Length type ID type VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte VLAN field fill in VLAN ID. For chassis switch, Slot means slot number, for box switch, Slot is 1; default Module is 0;...
Page 466: Ip Dhcp Snooping Trust
SGS-6341 Series switch message rate limit is 100pps. Example: Set the message transmission rate as 50pps. switch(config)#ip dhcp snooping limit-rate 50 30.27 ip dhcp snooping trust Command: ip dhcp snooping trust no ip dhcp snooping trust Function: Set or delete the DHCP Snooping trust attributes of a port.
Page 467 value is 9119. src_addr: The local management IP address of the switch, in dotted-decimal notation. sencondary: Whether it is a secondary SERVER address. Command Mode: Global mode Default Settings: There is no HELPER SERVER address by default. Usage Guide: DHCP SNOOPING will send the monitored binding information to HELPER SERVER to save it. If the switch starts abnormally, it can recover the binding data from HELPER SERVER.
Page 468: Show Ip Dhcp Snooping
Default: The switch choose private packet version one to communicate with DCBI. Usage Guide: If the DCBI access control system is applied, the switch should be configured to use private protocol of version one to communicate with the DCBI server. However, if TrustView is applied, version two should be applied.
Page 469 interface trust action recovery alarm num bind num --------------- --------- --------- ---------- --------- ---------- Ethernet1/0/1 trust none 0second Ethernet1/0/2 untrust none 0second Ethernet1/0/3 untrust none 0second Ethernet1/0/4 untrust none 0second Ethernet1/0/5 untrust none 0second Ethernet1/0/6 untrust none 0second Ethernet1/0/7 untrust none 0second Ethernet1/0/8...
Page 470 communication failure within the system. If the CPU of the switch is too busy to schedule the DHCP SNOOPING task and thus can not handle the received DHCP messages, such situation might happen. DHCP Snooping alarm count: The number of alarm information. binding count The number of binding information.
Page 471 interface The name of port trust attribute The truest attributes of the port action The automatic defense action of the port recovery interval The automatic recovery time of the port maxnum of alarm info The max number of automatic defense actions that can be recorded by the port binding dot1x Whether the binding dot1x function is enabled...
Page 472 00-00-00-00-00-13 192.168.40.13 Ethernet1/0/4 00-00-00-00-00-14 192.168.40.14 Ethernet1/0/4 00-00-00-00-00-15 192.168.40.15 Ethernet1/0/5 00-00-00-00-00-16 192.168.40.16 Ethernet1/0/5 -------------------------------------------------------------------------- The flag explanation of the binding state: S The static binding is configured by shell command D The dynamic binding type U The binding is uploaded to the server R The static binding is configured by the server O DHCP response with the option82 L The hardware drive is announced by the binding...
Page 473 TrustView inform user binding data successed TrustView version2 message encrypt/digest enabled Key: 08:02:33:34:35:36:37:38 Rcvd 106 encrypted messages, in which MD5-error 0 messages, DES-error 0 messages Sent 106 encrypted messages Free resource is 200.101.0.9/255.255.255.255 Web redirect address for unauthencated users is <http://200.101.0.9:8080> Rcvd 0 force log-off packets Rcvd 19 force accounting update packets Using version two private packet...
Page 474 31.2 ip prefix-list seq Command: ip prefix-list <list_name> [seq <sequence_number>] <deny | permit> < any | ip_addr/mask_length [ge <min_prefix_len>] [le <max_prefix_len>]> no ip prefix-list <list_name> [seq <sequence_number>] [<deny | permit> < any | ip_addr/mask_length [ge <min_prefix_len>] [le <max_prefix_len>]>] Function: Configure the prefix-list. The “no ip prefix-list <list_name> [seq <sequence_number>] [<deny | permit>...
Page 475 31.3 ip prefix-list sequence-number Command: ip prefix-list sequence-number no ip prefix-list sequence-number Function: Enable the sequence-number auto-creation function, the “no ip prefix-list sequence-number” command close the prefix-list sequence-number. Default: Sequence-number auto-creation enabled. Command Mode: Global Mode Usage Guide: The command can be used to close the prefix-list sequence-number. Example: Switch(config)#no ip prefix-list sequence-number 31.4 match as-path...
Page 476: Match Community
Switch(config-route-map)#match as-path 60 31.5 match community Command: match community <community-list-name | community-list-num> [exact-match] no match community [<community-list-name | community-list-num> [exact-match]] Function: Configure the community attributes of BGP routing messages. The “no match community [<community-list-name | community-list-num > [exact-match]]” command deletes this configuration.
Page 477 Parameter: “<interface-name >“is the name of the interface. Command Mode: route-map mode Usage Guide: This command matches according to the next-hop messages in the route. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed. This command is only used in RIP and OSPF protocols.
Page 478: Match Ipv6 Address
31.8 match ipv6 address Command: match ipv6 address <ipv6-acl-name | prefix-list list-name> no match ipv6 address [<ipv6-acl-name | prefix-list list-name>] Function: Configure the prefix for ipv6 routing. If the no form command is enaled, the configuration will be removed. Parameters: address is the routing prefix to be matched.
Page 479: Match Metric
Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)# match ipv6 next-hop 2000::1 31.10 match metric Command: match metric <metric-val > no match metric [<metric-val >] Function: Match the metric value in the routing message. The “no match metric [<metric-val >]” deletes the configuration.
Page 480 from the internal gateway protocols, incomplete means the route origin is uncertain. Command Mode: route-map mode Usage Guide: This command matches according to origin message in the BGP route. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed. Example: Switch#config terminal Switch(config)#route-map r1 permit 5...
Page 481: Match Tag
31.13 match tag Command: match tag <tag-val > no match tag [<tag-val >] Function: Configure to matching with the tag domain of the OSPF routing message. The “no match tag [<tag-val >]” deletes this configuration. Parameter: <tag-val > is the tag value, ranging between 0～4294967295. Command Mode: route-map mode Usage Guide:...
Page 482: Set Aggregator
among nodes is identified by sequence-number. “permit” means the node filter will be passed if all match subs are obtained by current route and then further all the set sub of this node will be executed without entering the check in the next node; if the match subs can not be met, the proceed to the check in next node.
Page 483 31.16 set as-path Command: set as-path prepend <as-num> no set as-path prepend [<as-num>] Function: Add AS numbers in the AS path domain of the BGP routing message. The “no set as-path prepend [<as-num>]” command deletes this configuration. Parameter: <as-num > is the AS number, circulating inputting several numbers is available. Command Mode: route-map mode Usage Guide:...
Page 484: Set Community
Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set atomic-aggregate 31.18 set comm-list Command: set comm-list <community-list-name | community-list-num > delete no set comm-list <community-list-name | community-list-num > delete Function: Configure to delete the community attributes from the inbound or outbound routing messages. The “no set comm-list <community-list-name | community-list-num >...
Page 485: Set Extcommunity
route do not announce outside the local AS (but can announce among the sub AS within the confederation), [no-advertise] means this route do not send to any neighbor, [no-export] means this route do not send to EBGP neighbors, [none] means delete the community attributes from the prefix of this route, [additive] means add following existing community attributes.
Page 486 Switch(config)#route-map r1 permit 10 Switch(config-route-map)#set extcommunity soo 200.200:10 31.21 set ip next-hop Command: set ip next-hop <ip_addr> no set ip next-hop [<ip_addr>] Function: Configure the next-hop of the route. The “no set ip next-hop [<ip_addr>]” command deletes the configuration. Parameter: <ip_addr >...
Page 487: Set Metric
local priority validates only within this AS and will not be transported to EBGP neighbors. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set local-preference 60 31.23 set metric Command: set metric <...
Page 488: Set Origin
Function: Configure the metric type of the OSPF routing message. The “no set metric-type [<type-1 | type-2>]” command deletes this configuration. Parameter: type-1 means matches the OSPF type 1 external route, type-2 means matches the OSPF type 2 external route. Command Mode: route-map mode Usage Guide:...
Page 489: Set Tag
31.26 set originator-id Command: set originator-id <ip_addr> no set originator-id [<ip_addr>] Function: Configure the origin ip address of the BGP routing message. The “no set originator-id [<ip_addr>]” command deletes the configuration. Parameter: <ip_addr> is the ip address of the route source shown by dotted decimal notation. Command Mode: route-map mode Usage Guide:...
Page 490: Set Weight
Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set tag 60 31.28 set vpnv4 next-hop Command: set vpnv4 next-hop <ip_addr> no set vpnv4 next-hop [<ip_addr>] Function: Configure the next-hop of BGP VPNv4 routing message. The “no set vpnv4 next-hop [<ip_addr>]” command deletes the configuration. Parameter: <ip_addr>...
Page 491 Weight value is adopted to facilitate the best path option and validates only within the local switch. While there are several route to the same destination the one with higher priority is more preferred. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5...
Page 492 seq 5 deny 1.1.1.1/8 (hit count: 0, recount: 0) Show the prefix-list contents sequence numbered 5. hit count: 0 means being hit 0 time, recount: 0 means referred 0 time. 31.31 show ip prefix-list<detail|summary> Command: show ip prefix-list [<detail | summary> [<list-name>] ] Function: Display the contents of the prefix list.
Page 493 count:0 means the rule has been matched for zero times. And refcount:0 means the rule is referenced for zero times. 31.32 show route-map Command: show route-map Function: Show the content of route-map. Command Mode: Admin mode Example: Switch# show route-map route-map a, deny, sequence 10 Match clauses: as-path 60...
Page 494 Command Mode: Admin and Configuration Mode Example: 1: Switch#show router-id Router ID: 20.1.1.1 (automatic) 2: Switch#show router-id Router ID: 20.1.1.2 (config) 31-133...
Page 495 Chapter 32 Commands for Static Route 32.1 ip route Command: ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} {<gateway-address> | <gateway-interface>} [<distance>] no ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} [<gateway-address> | <gateway-interface>] [<distance>] Function: Configure the static route. The “no ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} [<gateway-address>...
Page 496 Example 1. Add a static route Switch(config)#ip route 1.1.1.0 255.255.255.0 2.1.1.1 Example 2. Add default route Switch(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.1 32.2 ip route vrf Command: ip route vrf <vrf-name> {<ip-prefix> <mask>|<ip-prefix/prefix-length>} {<gateway-address>|null0} [<1-255>] no ip route vrf <vrf-name> {<ip-prefix> <mask>|<ip-prefix/prefix-length>} {<gateway-address>|null0} [<1-255>] Function: Configure the static route for the specific VRF.
Page 497: Show Ip Route
32.3 show ip route Command: show ip route [<destination>|<destination >|<length>|connected | static | rip| ospf | bgp | isis| kernel| statistics| database [connected | static | rip| ospf | bgp | isis| kernel] |fib[statistics]] Function: Show the route table. Parameter: <destination>...
Page 498 connected with the layer 3 switch S –static Static route, the route manually configured by users R - RIP derived RIP route, acquired by layer 3 switch through the RIP protocol. O - OSPF derived OSPF route, acquired by layer 3 switch through the OSPF protocol A- OSPF ASE Route introduced by OSPF...
Page 499 32-138...
Page 500 Chapter 33 Commands for RIP 33.1 accept-lifetime Command: accept-lifetime <start-time> {<end-time>| duration<seconds>| infinite} no accept-lifetime Function: Use this command to specify a key accept on the key chain as a valid time period. The “no accept-lifetime” command deletes this configuration. Parameter: <start-time>...
Page 501: Clear Ip Rip Route
Related Command: key-string key chain send-lifetime 33.2 address-family ipv4 Command: address-family ipv4 vrf <vrf-name> no address-family ipv4 vrf <vrf-name> Function: Configure this command to enable the routing message switching among VRF and enter the address-family mode. The “no address-family ipv4 vrf <vrf-name>” command deletes the RIP instances related to this VPN routing/forwarding instance.
Page 502: Debug Rip
<A.B.C.D/M> Clear the routes which match the destination address from the RIP route table. specifies the IP address prefix and its length of the destination address kernel delete kernel routes from the RIP route table static delete static routes from the RIP route table connected delete direct routes from the RIP route table rip only delete RIP routes from the RIP route table ospf only delete OSPF routes from the RIP route table...
Page 503 detail shows the messages of received or sent data packets Default: Debug switch closed. Command Mode: Admin mode and global mode Example: Switch# debug rip packet Switch#1970/01/01 01:01:43 IMI: SEND[Vlan1]: Send to 224.0.0.9:520 1970/01/01 01:01:43 IMI: SEND[Vlan1]: Send to 224.0.0.9:520 1970/01/01 01:01:47 IMI: RECV[Vlan1]: Receive from 20.1.1.2:520 33.5 debug rip redistribute message send Command:...
Page 504 Default: Close the debug by default. Command Mode: Admin Mode. Example: Switch#debug rip redistribute route receive Switch#no debug rip redistribute route receive 33.7 default-information originate Command: default-information originate no default-information originate Function: Allow the network 0.0.0.0 to be redistributed into the RIP. The “no default-information originate” disable this function.
Page 505 Default: Default route metric value is 1. Command Mode: Router mode and address-family mode Usage Guide: default-metric command is used for setting the default route metric value of the routes from other routing protocols when distributed into the RIP routes. When using the redistribute commands for introducing routes from other protocols, the default route metric value specified by default-metric will be adopted if no specific route metric value is set.
Page 506 Switch# config terminal Switch(config)# router rip Switch(config-router)# distance 8 10.0.0.0/8 mylist 33.10 distribute-list Command: distribute-list {<access-list-number | access-list-name> |prefix<prefix-list-name>} {in|out} [<ifname>] no distribute-list {<access-list-numbe r| access-list-name> |prefix<prefix-list-name>} {in|out} [<ifname>] Function: This command uses access-list or prefix-list to filter the route update packets sent and received. The “no distribute-list {<access-list-number| access-list-name>...
Page 507 Exit address-family mode Command Mode: address-family mode Example: Switch(config)# router rip Switch(config-router)# address-family ipv4 vrf IPI Switch(config-router-af)# exit-address-family Switch(config-router)# 33.12 ip rip aggregate-address Command: ip rip aggregate-address A.B.C.D/M no ip rip aggregate-address A.B.C.D/M Function: To configure RIP aggregation route. The no form of this command will delete this configuration. Parameter: A.B.C.D/M:IPv4 address and mask length.
Page 508: Ip Rip Authentication Mode
no ip rip authentication key-chain Function: Use this command to enable RIPV2 authentication on an interface and further configures the adopted key chain. The “no ip rip authentication key-chain” command cancels the authentication. Parameter: <name-of-chain> is the name of the adopted key chain. There may be spaces in the string. The input ends with an enter and the string should not be longer than 256 bytes.
Page 509: Ip Rip Authentication String
RIP-I do not support authentication which the RIP-II supports two authentication modes: text authentication (i.e. Simple authentication) and data packet authentication (i.e. MD5 authentication). This command should be used associating the ip rip authentication key or ip rip authentication string. Independently configuration will not lead to authentication process.
Page 510 ip rip authentication mode 33.16 ip rip authentication cisco-compatible Command: ip rip authentication cisco-compatible no ip rip authentication cisco-compatible Function: After configured this command, the cisco RIP packets will be receivable by configuring the plaintext authentication or MD5 authentication. Default: Not configured Command Mode: Interface mode...
Page 511: Ip Rip Receive Version
Interface Configuration Mode. Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip receive-packet Related Command: ip rip send-packet 33.18 ip rip receive version Command: ip rip receive version { 1 | 2|1 2 } no ip rip receive version Function: Set the version information of the RIP packets the interface receives.
Page 512: Ip Rip Send Version
Function: Set the Interface to be able to receive the RIP packets; the “no ip rip send-packet” set the interface to be unable to receive the RIP packets. Default: Interface sends RIP packets. Command Mode: Interface Configuration Mode. Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip send-packet Related Command:...
Page 513 33.21 ip rip split-horizon Command: ip rip split-horizon [poisoned] no ip rip split-horizon Function: Enable split horizon. The “no ip rip split-horizon” disables the split horizon. Parameter: [poisoned] means configure the split horizon with poison reverse. Default: Split Horizon with poison reverse by default. Command Mode: Interface Configuration Mode.
Page 514 keys. Example: Switch# config terminal Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# Relevant Commands: key chain, key-string, accept-lifetime, send-lifetime 33.23 key chain Command: key chain <name-of-chain> no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The “no key chain <...
Page 515 Parameter: <text> is a character string without length limit. However when referred by RIP authentication only the first 16 characters will be used. Command Mode: Keychain-key mode Usage Guide: This command is for configure different passwords for keys with different ID. Example: Switch# config terminal Switch(config)# key chain mychain...
Page 516 Switch# config terminal Switch(config)# router rip Switch(config-router)# maximum-prefix 150 33.26 neighbor Command: neighbor <A.B.C.D> no neighbor <A.B.C.D> Function: Specify destination address requires targeted-peer sending. “no neighbor <A.B.C.D>“command cancels the specified address and restores all gateways to trustable. Parameter: <A.B.C.D> is the specified destination address for the sending, shown in dotted decimal notation. Default: Not sending to any targeted-peer destination address.
Page 517 Parameter: <A.B.C.C/M|> is the IP address prefix and its length in the network. <ifname> is the name of a interface. Default: Not running RIP protocol Command Mode: Router mode and address-family mode Usage Guide: Use this command to configure the network for sending or receiving RIP update packets. If the network is not configured, all interfaces of the network will not be able to send or receive data packets.
Page 518 Switch# config terminal Switch(config)# router rip Switch(config-router)# offset-list 1 in 5 vlan 1 Related Command: access-list 33.29 passive-interface Command: passive-interface <ifname> no passive-interface <ifname> Function: Set the RIP layer 3 switch blocks RIP broadcast on specified interface, on which the RIP data packets will only be sent to layer 3 switches configured with neighbor.
Page 519 Parameter: <size> is the buffer zone size in bytes, ranging between 8192-2147483647. Default: 8192 bytes. Command Mode: Router mode Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# recv-buffer-size 23456789 33.31 redistribute Command: redistribute {kernel |connected| static| ospf [<process-id>] | isis| bgp} [metric<value>] [route-map<word>] no redistribute {kernel |connected| static| ospf [<process-id>] | isis| bgp} [metric<value>] [route-map<word>]...
Page 520: Router Rip
Switch# config terminal Switch(config)# router rip Switch(config-router)# redistribute kernel route-map ipi To redistribute OSPFv2 routing information to RIP. Switch(config)# router rip Switch(config-router)# redistribute ospf 2 33.32 route Command: route <A.B.C.D/M> no route <A.B.C.D/M> Function: This command configures a static RIP route. The “no route <A.B.C.D/M>“command deletes this route.
Page 521 RIP routing protocol. Default: Not running RIP route. Command Mode: Global mode Usage Guide: This command is the switch for starting the RIP routing protocol which is required to be open before configuring other RIP protocol commands. Example: Enable the RIP protocol mode Switch(config)#router rip Switch(config-router)# 33.34 send-lifetime...
Page 522: Show Debugging Rip
Command Mode: Keychain-key mode Example: The example below shows the send-lifetime configuration on the keychain named mychain for key Switch# config terminal Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# send-lifetime 03:03:01 Dec 3 2004 04:04:02 Oct 6 2006 Related Command: key, key-string, key chain, accept-lifetime 33.35 show debugging rip Command:...
Page 523 Example: show ip protocols rip Routing Protocol is "rip" Sending updates every 30 seconds with +/-50%, next due in 8 seconds Timeout after 180 seconds, garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Redistributing: static...
Page 524: Show Ip Rip
Routing for Networks: The segment running RIP is the Vlan1 Vlan 1 and Vlan 2 Vlan2 Routing Information Sources: Routing information sources Gateway Distance Last Update Bad Packets Bad Routes The badpacketand bad routes from 20.1.1.1 120 00:00:31 the gateway 20.1.1.1 are all 0. 31 seconds have passed since the last route update.
Page 525: Show Ip Rip Interface
Show the routes in the RIP route database. Command Mode: Admin mode Example: Switch# show ip rip database Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B –BGP Network Next Hop Metric From Time...
Page 526 33.40 show ip rip aggregate Command: show ip rip aggregate Function: To display the information of IPv4 aggregation route. Command Mode: Admin and Configuration Mode. Usage Guide: This command is used to display which interface the aggregation route be configured, Metric, Count, Suppress and so on.
Page 527 Function: Adjust the RIP timer update, timeout, and garbage collecting time. The “no timers basic” command restores each parameters to their default values. Parameter: <update> time interval of sending update packet, shown in seconds and ranging between 5-2147483647; <invalid> time period after which the RIP route is advertised dead, shown in seconds and ranging between 5-2147483647;...
Page 528 Sent and received data packet is version 2 by default. Command Mode: Router mode and address-family mode Usage Guide: 1. refers to that each interface of the layer 3 switch only sends/receives the RIP-I data packets. 2. refers to that each interface of the layer 3 switch only sends/receives the RIP-II data packets. The RIP-II data packet is the default version.
Page 529: Clear Ipv6 Route
Chapter 34 Commands for RIPng 34.1 clear ipv6 route Command: clear ipv6 rip route {<ipv6-address >| kernel |static | connected |rip |ospf |isis | bgp |all } Function: Clear specific route from the RIPng route table. Parameter: Clears the route exactly match with the destination address from the RIP route table. <ipv6-address >...
Page 530 Permit redistributing the network 0:: into RIPng. The “no default-information originate” disables this function. Default: Disabled Command Mode: Router mode Example: Switch#config terminal Switch(config)#router ipv6 rip Switch(config-router)#default-information originate 34.3 default-metric Command: default-metric <value> no default-metric Function: Set the default metric route value of the introduced route; the “no default-metric” restores the default value.
Page 531 34.4 distance Command: distance <number> [<ipv6-address>] [<access-list-name | access-list-number>] no distance [<ipv6-address>] Function: Set the managing distance with this command. The “no distance [<A.B.C.D/M> ]” command restores the default value to 120. Parameter: <number> specifies the distance value, ranging between 1-255. <ipv6-address>...
Page 532: Debug Ipv6 Rip
Parameter: <access-list-name> is the name or access-list number to be applied. <prefix-list-name> is the name of the prefix-list to be applied. <ifname> specifies the name of interface to be applied with route filtering. Default: Function disabled by RIPng by default. Command Mode: Router mode Usage Guide:...
Page 533 Switch#debug ipv6 rip packet Switch#1970/01/01 21:15:08 IMI: SEND[Ethernet1/0/10]: Send to [ff02::9]:521 1970/01/01 21:15:08 IMI: SEND[Ethernet1/0/2]: Send to [ff02::9]:521 1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: Receive from [fe80::20b:46ff:fe57:8e60]:521 1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: 3000:1:1::/64 is filtered by access-list dclist 1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: 3ffe:1:1::/64 is filtered by access-list dclist 1970/01/01 21:15:15 IMI: RECV[Ethernet1/0/2]: Receive from [fe80::203:fff:fe01:257c]:521 34.7 debug ipv6 rip redistribute message send Command:...
Page 534 Close the debug by default. Command Mode: Admin Mode. Example: Switch#debug ipv6 rip redistribute route receive Switch# no debug ipv6 rip redistribute route receive 34.9 ipv6 rip aggregate-address Command: ipv6 rip aggregate-address X:X::X:X/M no ipv6 rip aggregate-address X:X::X:X/M Function: To configure IPv6 aggregation route. The no form of this command deletes the IPv6 aggregation route.
Page 535: Ipv6 Router Rip
Function: Permit the split horizon. The “no ipv6 rip split-horizon” disables the split horizon. Parameter: [poisoned] configures split horizon with poison reverse. Default: Split horizon with poison reverse. Command Mode: Interface Configuration Mode. Usage Guide: The split horizon is for preventing the routing loops, namely preventing the layer 3 switch from broadcasting a route at the interface from which the very route is learnt.
Page 536 34.12 neighbor Command: neighbor <ipv6-address> {<ifname> vlan <vlan-id>} no neighbor <ipv6-address> {<ifname> vlan <vlan-id>} Function: Specify the destination address for fixed sending. The “no neighbor <ipv6-address> <ifname> vlan <vlan-id> “cancels the specified address defined and restores all trusted gateways. Parameter: <ipv6-address>...
Page 537 command disables this function. Parameter: <access-list-number |access-list-name> is the access-list or name to be applied. <number> is the additional offset value, ranging between 0-16; <ifname> is the name of specific interface. Default: The default offset value is the metric value of the interface defined by the system. Command Mode: Router mode Example:...
Page 538 34.15 redistribute Command: redistribute {kernel |connected| static| ospf| isis| bgp} [metric<value>] [route-map<word>] no redistribute {kernel |connected| static| ospf| isis| bgp} [metric<value>] [route-map<word>] Function: Introduce the routes learnt from other routing protocols into RIPng. Parameter: kernel introduce from kernel routes connected introduce from direct routes static introduce from static routes ospf introduce from IPv6 OSPF routes isis introduce from IPv6 ISIS routes...
Page 539: Router Ipv6 Rip
route-map<word> is the pointer to the introduced routing map. Default: Not redistributed by default. Command Mode: RIPng Configuration Mode. Example: To redistribute OSPFv3 ABC routing ro RIPng. Switch(config)#router ipv6 rip Switch (config-router)#redistribute ospf abc 34.17 route Command: route <ipv6-address> no route <ipv6-address> Function: This command configures a static RIPng route.
Page 540: Show Ipv6 Rip Interface
no router ipv6 rip Function: Enable RIPng routing process and entering RIPng mode; the “no router ipv6 rip” of this command disables the RIPng routing protocol. Default: RIPng routing not running. Command Mode: Global mode Usage Guide: This command is for enabling the RIPng routing protocol, this command should be enabled before performing other global configuration of the RIPng protocol.
Page 541 Function: Make sure the interface and line protocols is up. Command Mode: Admin mode Example: Switch(config)#show ipv6 rip interface Loopback is up, line protocol is up RIPng is not enabled on this interface Vlan1 is up, line protocol is up Routing Protocol: RIPng Passive interface: Disabled Split horizon: Enabled with Poisoned Reversed...
Page 542: Show Ipv6 Protocols Rip
Example: Switch#show ipv6 rip redistribute 34.22 show ipv6 protocols rip Command: show ipv6 protocols rip Function: Show the RIPng process parameters and statistic messages. Command Mode: Admin mode Example: Switch(config)#show ipv6 protocols rip Routing Protocol is "RIPng" Sending updates every 30 seconds with +/-50%, next due in 1 second Timeout after 180 seconds, garbage collect after 120 seconds Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set...
Page 543: Show Ipv6 Rip
interface is not set Default redistribution metric is 1 Default redistribution metric is 1 Redistributing: static Redistricting the static route into the RIP routes Interface The interfaces running RIP is Vlan Vlan10 10 and Vlan 2 Vlan2 34.23 show ipv6 rip Command: show ipv6 rip Function:...
Page 544 show ipv6 rip database Function: Show messages related to RIPng database. Command Mode: Admin mode Example: Switch#show ipv6 rip database Equal Command: show ipv6 rip 34.25 show ipv6 rip aggregate Command: show ipv6 rip aggregate Function: To display the information of IPv6 aggregation route. Command Mode: Admin and Configuration Mode.
Page 545 Aggregated To configure the interface name of the aggregation route. If the route Ifname aggregated globally, then display “---”. Metric Metric of aggregation route. Count The number of learned aggregation routes. Suppress The times of aggregated for aggregation route. 34.26 show ipv6 rip redistribute Command: show ipv6 rip redistribute Function:...
Page 546 <update> defaulted at 30; <invalid> defaulted at 180; <garbage> defaulted at120 Command Mode: Router mode Usage Guide: The system is defaulted broadcasting RIPng update packets every 30 seconds; and the route is considered invalid after 180 seconds but still exists for another 120 seconds before it is deleted from the routing table.
Page 547: Area Authentication
Chapter 35 Commands for OSPF 35.1 area authentication Command: area <id> authentication [message-digest] no area <id> authentication Function: Configure the authentication mode of the OSPF area; the “no area <id> authentication” command restores the default value. Parameter: <id> is the area number which could be shown in digit, ranging between 0 to 4294967295, or in IP address.
Page 548 Configure the cost of sending to the default summary route in stub or NSSA area; the “no area <id> default-cost” command restores the default value. Parameter: <id> is the area number which could be shown as digits 0～4294967295, or as an IP address; <cost>...
Page 549: Area Nssa
Switch(config)#access-list 1 deny 172.22.0.0 0.0.0.255 Switch(config)#access-list 1 permit any Switch(config)#router ospf 100 Switch(config-router)#area 1 filter-list access 1 in 35.4 area nssa Command: area <id> nssa [TRANSLATOR| no-redistribution |DEFAULT-ORIGINATE | no-summary] no area <id> nssa [TRANSLATOR| no-redistribution | DEFAULT-ORIGINATE | no-summary] Function: Set the area to Not-So-Stubby-Area (NSSA) area.
Page 550 Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#area 0.0.0.51 nssa Switch(config-router)#area 3 nssa default-information-originate metric 34 metric-type 2 translator-role candidate no-redistribution 35.5 area range Command: area <id> range <address> [advertise| not-advertise| substitute] no area <id> range <address> Function: Aggregate OSPF route on the area border. The “no area <id> range <address>“cancels this function.
Page 551 35.6 area stub Command: area <id> stub [no-summary] no area <id> stub [no-summary] Function: Define a area to a stub area. The “no area <id> stub [no-summary]” command cancels this function. Parameter: <id> is the area number which could be digits ranging between 0～4294967295, and also as an IP address.
Page 552 removes this virtual-link. Parameter: <id> is the area number which could be digits ranging between 0～4294967295, and also as an IP address. AUTHENTICATION = authentication [message-digest[message-digest-key <1-255> md5 <LINE>] |null|AUTH_KEY]. authentication : Enable authentication on this virtual link. message-digest: Authentication with MD-5. null : Overwrite password or packet summary with null authentication.
Page 553: Compatible Rfc
35.8 auto-cost reference-bandwidth Command: auto-cost reference-bandwidth <bandwith> no auto-cost reference-bandwidth Function: This command sets the way in which OSPF calculate the default metric value. The “no auto-cost reference-bandwidth” command only configures the cost to the interface by types. Parameter: <bandwith> reference bandwidth in Mbps, ranging between 1~4294967. Default: Default bandwidth is 100Mbps.
Page 554: Clear Ip Ospf Process
OSPF protocol mode Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#compatible rfc1583 35.10 clear ip ospf process Command: clear ip ospf [<process-id>] process Function: Use this command to clear and restart OSPF routing processes. One certain OSPF process will be cleared by specifying the process ID, or else all OSPF processes will be cleared. Default: No default configuration.
Page 555: Debug Ospf Ifsm
35.12 debug ospf ifsm Command: debug ospf ifsm [status|events|timers] no debug ospf ifsm [status|events|timers] Function: Open debugging switches showing the OSPF interface states; the “no debug ospf ifsm [status|events|timers]” command closes this debugging switches. Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf ifsm events 35.13 debug ospf lsa...
Page 556: Debug Ospf Nsm
no debug ospf nfsm [status|events|timers] Function: Open debugging switches showing OSPF neighbor state machine; the “no debug ospf nfsm [status|events|timers]”command closes this debugging switch. Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf nfsm events 35.15 debug ospf nsm Command: debug ospf nsm [interface|redistribute] no debug ospf nsm [interface|redistribute]...
Page 557: Debug Ospf Route
Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf packet hello 35.17 debug ospf route Command: debug ospf route [ase|ia|install|spf] no debug ospf route [ase|ia|install|spf] Function: Open debugging switches showing OSPF related routes; the “no debug ospf route [ase|ia|install|spf]”...
Page 558 Example: To enable debugging of sending command from OSPF process redistributed to other OSPF process routing. Switch#debug ospf redistribute message send 35.19 debug ospf redistribute route receive Command: debug ospf redistribute route receive no debug ospf redistribute route receive Function: To enable/disable debugging switch of received routing message from NSM for OSPF process.
Page 559 between 0~16777214, default metric value is 0. METRICTYPE = metric-type {1|2} set the OSPF external link type of default route. 1 Set the OSPF external type 1 metric value. 2 Set the OSPF external type 2 metric value. ROUTEMAP = route-map <WORD>. <WORD>...
Page 560 goes through. If the metric value can not be translated, the default value provides alternative option to carry the route introducing on. This command will result in that all introduced route will use the same metric value. This command should be used associating redistribute. Example: Switch#config terminal Switch(config)#router ospf 100...
Page 561 Switch(config-router)#distance ospf inter-area 20 intra-area 10 external 40 35.23 distribute-list Command: distribute-list <access-list-name> out {kernel |connected| static| rip| isis| bgp} no distribute-list out {kernel |connected| static| rip| isis| bgp} Function: Filter network in the routing update. The “no distribute-list out {kernel |connected| static| rip| isis| bgp}”...
Page 562: Host Area
35.24 filter-policy Command: filter-policy <access-list-name> no filter-policy Function: Use access list to filter the route obtained by OSPF, the no command cancels the route filtering. Parameter: <access-list-name>: Access list name will be applied, it can use numeric standard IP access list and naming standard IP access list to configure.
Page 563: Ip Ospf Authentication
<area-id> area ID shown in dotted decimal notation or integer ranging between 0~4294967295. <cost> specifies the entire cost, which is a integer ranging between 0~65535 and defaulted at 0. Default: No entire set. Command Mode: OSPF protocol mode Usage Guide: With this command you can advertise certain specific host route out as stub link.
Page 564: Ip Ospf Cost
35.27 ip ospf authentication-key Command: ip ospf [<ip-address>] authentication-key <LINE> no ip ospf [<ip-address>] authentication Function: Specify the authentication key required in sending and receiving OSPF packet on the interface; the “no ip ospf [<ip-address>] authentication” cancels the authentication key. Parameter: <ip-address>...
Page 565 Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf cost 3 35.29 ip ospf database-filter Command: ip ospf [<ip-address>] database-filter all out no ip ospf [<ip-address>] database-filter Function: The command opens LSA database filter switch on specific interface; the “no ip ospf [<ip-address>] database-filter”...
Page 566: Ip Ospf Disable All
<ip-address> is the interface IP address shown in dotted decimal notation; <time > is the dead interval length of the neighboring layer 3 switches, shown in seconds and ranging between 1~65535. Default: The default dead interval is 40 seconds (normally 4 times of the hellow-interval). Command Mode: Interface Configuration Mode.
Page 567 35.32 ip ospf hello-interval Command: ip ospf [<ip-address>] hello-interval <time> no ip ospf [<ip-address>] hello-interval Function: Specify the hello-interval on the interface; the “no ip ospf [<ip-address>] hello-interval” restores the default value. Parameter: <ip-address> is the interface IP address shown in dotted decimal notation; <time>...
Page 568: Ip Ospf Mtu
message-digest-key <key_id>“restores the default value. Parameter: <ip-address> is the interface IP address show in dotted decimal notation; <key_id> ranges between 1-255; <LINE> is the OSPF key. Default: MD5 key not configured. Command Mode: Interface Configuration Mode. Usage Guide: MD5 key encrypted authentication is used for ensure the safety between the OSPF routers on the network.
Page 569: Ip Ospf Network
Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf mtu 1480 35.35 ip ospf mtu-ignore Command: ip ospf <ip-address> mtu-ignore no ip ospf <ip-address> mtu-ignore Function: Use this command so that the mtu size is not checked when switching DD; the “no ip ospf <ip-address>...
Page 570: Ip Ospf Priority
point-to-multipoint: Set the OSPF network type to point-to-multipoint. Default: The default OSPF network type is broadcast. Command Mode: Interface Configuration Mode. Example: The configuration below set the OSPF network type of the interface vlan 1 to point-to-point. Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf network point-to-point 35.37 ip ospf priority Command:...
Page 571 Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf priority 0 35.38 ip ospf retransmit-interval Command: ip ospf [<ip-address>] retransmit-interval <time> no ip ospf [<ip-address>] retransmit-interval Function: Specify the retransmit interval of link state announcements between the interface and adjacent layer 3 switches. The “no ip ospf [<ip-address>] retransmit-interval” command restores the default value.
Page 572 no ip ospf [<ip-address>] transmit-delay Function: Set the transmit delay value of LSA transmitting; the “no ip ospf [<ip-address>] transmit-delay” restores the default value. Parameter: <ip-address> is the interface IP address show in dotted decimal notation. <time> is the transmit delay value of link state announcements between the interface and adjacent layer 3 switches, shown in seconds ang raning between 1～65535.
Page 573 Switch#config terminal Switch(config)#key chain mychain Switch(config-keychain)#key 1 Switch(config-keychain-key)# Relevant Commands: key chain, key-string, accept-lifetime, send-lifetime 35.41 key chain Command: key chain <name-of-chain> no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The “no key chain <...
Page 574 Usage Guide: When this command is configured, the OSPF adjacency changes information will be recorded into a log. Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#log-adjacency-changes detail 35.43 max-concurrent-dd Command: max-concurrent-dd <value> no max-concurrent-dd Function: This command set the maximum concurrent number of dd in the OSPF process; the “no max-concurrent-dd”...
Page 575: Network Area
no neighbor A.B.C.D [<cost>| priority <value> | poll-interval <value>] Function: This command configures the OSPF router connecting NBMA network. The “no neighbor A.B.C.D [<cost>| priority <value> | poll-interval <value>]” command removes this configuration. Parameter: <cost>, OSPF neighbor cost value ranging between 1-65535; priority <value>, neighbor priority defaulted at 0 and ranges between 0-255;...
Page 576 demcial integer, it ranges between 0~4294967295. Default: No default. Command Mode: OSPF protocol mode Usage Guide: When certain segment belongs to certain area, interface the segment belongs will be in this area, starting hello and database interaction with the connected neighbor. Example: Switch#config terminal Switch(config)#router ospf 100...
Page 577: Overflow Database
Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#ospf abr-type standard 35.47 ospf router-id Command: ospf router-id <address> no ospf router-id Function: Specify a router ID for the OSPF process. The “no ospf router-id” command cancels the ID number. Parameter: <address>, IPv4 address format of router-id. Default: No default configuration.
Page 578: Overflow Database External
Not configured. Parameter: < maxdbsize >Max LSA numbers, ranging between 0~4294967294. soft: Soft limit, warns when border exceeded. hard: Hard limit, directly close ospf instance when border exceeded. If there is not soft or hard configured, the configuration is taken as hard limit. Command Mode: OSPF Protocol Mode.
Page 579 35.50 passive-interface Command: passive-interface <ifname> [<ip-address>] no passive-interface <ifname>[<ip-address>] Function: Configure that the hello group not sent on specific interfaces. The “no passive-interface <ifname> [<ip-address>]“command cancels this function. Parameter: <ifname> is the specific name of interface. <ip-address> IP address of the interface in dotted decimal format. Default: Not configured.
Page 580 metric <value> is the introduced metric value, ranging between 0-16777214. metric-type {1|2} is the metric value type of the introduced external route, which can be 1 or 2, and it is 2 by default. route-map <word> point to the probe of the route map for introducing route. tag<tag-value>...
Page 581: Router Ospf
Switch(config-router)#redistribute ospf 35.53 router ospf Command: router ospf <process_id> <vrf-name> no router ospf <process_id> <vrf-name> Function: This command is for relating the OSPF process and one VPN, after the configuration succeeded, all configuration conmmands of this OSPF are relating with the VPN. The no command deletes the OSPF instance with VPN routing/ forward instance.
Page 582 Admin and configuration mode Example: Switch#show ip ospf Routing Process "ospf 0" with ID 192.168.1.1 Process bound to VRF default Process uptime is 2 days 0 hour 30 minutes Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs...
Page 583: Show Ip Ospf Database
Number of LSA received 0 Number of areas attached to this router: 1 Area 0 (BACKBONE) (Inactive) Number of interfaces in this area is 0(0) Number of fully adjacent neighbors in this area is 0 Area has no authentication SPF algorithm executed 0 times Number of LSA 0.
Page 584 [{<linkstate_id>| self-originate |adv-router <advertiser_router>}] | opaque-area [{<linkstate_id>| self-originate |adv-router <advertiser_router>}] opaque-as [{<linkstate_id>| self-originate |adv-router <advertiser_router>}]|opaque-link [{<linkstate_id>| self-originate |adv-router <advertiser_router>}] | router [{<linkstate_id>| self-originate |adv-router <advertiser_router>}]| summary [{<linkstate_id>| self-originate |adv-router <advertiser_router>}] |self-originate | max-age }] Function: Display the OSPF link state data base messages. Parameter: <process-id>...
Page 585: Show Ip Ospf Interface
22.1.1.0 192.168.1.2 308 0x8000000c 0xc8f0 22.1.1.0/24 ASBR-Summary Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# CkSum 192.168.1.1 192.168.1.2 1702 0x8000002a 0x89c7 AS External Link States Link ID ADV Router Age Seq# CkSum Route 2.2.2.0 192.168.1.1 1499 0x80000056 0x3a63 E2 2.2.2.0/24 [0x0] 2.2.3.0 192.168.1.1 1103 0x8000002b 0x0ec3 E2 2.2.3.0/24 [0x0]...
Page 586: Show Ip Ospf Neighbor
Hello due in 00:00:16 Neighbor Count is 0, Adjacent neighbor count is 0 35.58 show ip ospf neighbor Command: show ip ospf [<process-id>] neighbor [{<neighbor_id> |all |detail [all] |interface <ifaddress>}] Function: Display the OSPF adjacent point messages. Parameter: <process-id> is the process ID ranging between 0~65535 <neighbor_id>...
Page 587: Show Ip Ospf Route
35.59 show ip ospf redistribute Command: show ip ospf [<process-id>] redistribute Function: To display the routing message redistributed from external process of OSPF. Parameter: <process-id> is the process ID ranging between 0~65535. Command Mode: Admin Mode and Configuration Mode. Example: Switch#show ip ospf redistribute ospf process 1 redistribute information：...
Page 588 Parameter: . <process-id> is the process ID ranging between 0~65535 Default: Not displayed Command Mode: Admin and configuration mode Example: Switch#show ip ospf route O 10.1.1.0/24 [10] is directly connected, Vlan1, Area 0.0.0.0 O 10.1.1.4/32 [10] via 10.1.1.4, Vlan1, Area 0.0.0.0 IA 11.1.1.0/24 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 11.1.1.2/32 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 12.1.1.0/24 [20] via 10.1.1.2, Vlan1, Area 0.0.0.0...
Page 589 Virtual Link VLINK0 to router 10.10.0.9 is up Transit area 0.0.0.1 via interface Vlan1 Transmit Delay is 1 sec, State Point-To-Point, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Adjacency state Full Virtual Link VLINK1 to router 10.10.0.123 is down Transit area 0.0.0.1 via interface Vlan1 Transmit Delay is 1 sec, State Down, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5...
Page 590: Show Ip Protocols
*> 127.0.0.0/8 is directly connected, Loopback 192.168.2.0/24 [110/10] is directly connected, Vlan2, 00:06:13, process 12 *> 192.168.2.0/24 is directly connected, Vlan2 35.63 show ip protocols Command: show ip protocols Function: Display the running routing protocol messages. Command Mode: Admin and configuration mode Example: Switch#show ip protocols Use “show ip protocols”...
Page 591 Neighbor(s): Address FiltIn FiltOut DistIn DistOut Weight RouteMap Incoming Route Filter: 35.64 summary-address Command: summary-address <A.B.C.D/M> [{not-advertise|tag<tag-value>}] Function: Summarize or restrain external route with specific address scope. Parameter: <A.B.C.D/M> address scope, shown in dotted decimal notation IPv4 address plus mask length. not-advertised restrain the external routes.
Page 592 Parameter: <spf-delay> 5 seconds by default. <spf-holdtime> 10 seconds by default. Command Mode: OSPF protocol mode. Usage Guide: This command configures the delay time between receiving topology change and SPF calculation, further configured the hold item between two discontinuous SPF calculation. Example: Switch#config terminal Switch(config)#router ospf...
Page 593: Area Default Cost
Chapter 36 Commands for OSPFv3 36.1 area default cost Command: area <id> default-cost <cost> no area <id> default-cost Function: Configure the cost of sending to the default summary route in stub or NSSA area; the “no area <id> default-cost” command restores the default value. Parameter: <id>...
Page 594 advertise: Advertise this area not-advertise : Not advertise this area If both are not set, this area is defaulted for advertising Default: Function not configured. Command Mode: OSPFv3 protocol mode Usage Guide: Use this command to aggregate routes inside an area. If the network IDs in this area are not configured continuously, a summary route can be advertised by configuring this command on ABR.
Page 595 introducing cost is defined with area default-cost command. Example: Switch # config terminal Switch (config)# router ipv6 ospf Switch (config-router)# area 1 stub Relevant Commands: area default-cost 36.4 area virtual-link Command: area <id> virtual-link A.B.C.D [instance-id <instance-id> | INTERVAL <value>] no area <id>...
Page 596 any two backbone areas routers connected with the public non-backbone area. The protocol treat routers connected by virtual links as a point-to-point network. Example: Switch#config terminal Switch(config) #router ipv6 ospf Switch(config-router) #area 1 virtual-link 10.10.11.50 hello 5 dead 20 Switch(config-router) #area 1 virtual-link 10.10.11.50 instance-id 1 36.5 abr-type Command: abr-type {cisco|ibm| standard}...
Page 597 no default-metric Function: The command set the default metric value of OSPF routing protocol; the “no default-metric” returns to the default state. Parameter: <value>, metric value, ranging between 1~16777214. Default: Built-in, metric value auto translating. Command Mode: OSPF protocol mode Usage Guide: When the default metric value makes the metric value not compatible, the route introducing still goes through.
Page 598 36.8 debug ipv6 ospf ifsm Command: [no] debug ipv6 ospf ifsm [status|events|timers] Function: Open debugging switches showing the OSPF interface states; the “[no] debug ospf ifsm [status|events|timers]” command closes this debugging switches. Default: Closed. Command Mode: Admin mode Example: Switch#debug ipv6 ospf ifsm 1970/01/01 01:11:44 IMI: IFSM[Vlan1]: Hello timer expire 1970/01/01 01:11:44 IMI: IFSM[Vlan2]: Hello timer expire 36.9 debug ipv6 ospf lsa...
Page 599 Default: Closed. Command Mode: Admin mode Example: Switch#debug ipv6 ospf nfsm 1970/01/01 01:14:07 IMI: NFSM[192.168.2.3-000007d4]: LS update timer expire 1970/01/01 01:14:07 IMI: NFSM[192.168.2.1-000007d3]: LS update timer expire 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: Full (HelloReceived) 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: nfsm_ignore called 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: Full (2-WayReceived) 36.11 debug ipv6 ospf nsm Command: [no] debug ipv6 ospf nsm [interface|redistribute]...
Page 600 36.13 debug ipv6 ospf redistribute message send Command: debug ipv6 ospf redistribute message send no debug ipv6 ospf redistribute message send Function: To enable/disable debugging of sending command from IPv6 OSPF process redistributed to other IPv6 OSPF process routing. Default: Disabled.
Page 601: Ipv6 Ospf Cost
Function: Open debugging switches showing OSPF related routes; the “[no]debug ipv6 ospf route [ase|ia|install|spf]” command closes this debugging switch. Default: Closed. Command Mode: Admin mode 36.16 ipv6 ospf cost Command: ipv6 ospf cost <cost> [instance-id <id>] no ipv6 ospf <cost> [instance-id <id>] Function: Specify the cost required in running OSPF protocol on the interface;...
Page 602 Specify the dead interval for neighboring layer 3 switch; the “no ipv6 ospf dead-interval [instance-id <id>]” command restores the default value. Parameter: <id> is the interface instance ID, ranging between 0~255, defaulted at 0 <time > is the length of the adjacent layer 3 switch, in seconds, ranging between 1～65535 Default: The default dead interval is 40 seconds (normally 4 times of the hello-interval).
Page 603 Switch#config terminal Switch(config)#ipv6 ospf display route single-line 36.19 ipv6 ospf hello-interval Command: ipv6 ospf hello-interval <time> [instance-id <id>] no ipv6 ospf hello-interval [instance-id <id>] Function: Specify the hello-interval on the interface; the “no ipv6 ospf hello-interval [instance-id <id>]” restores the default value. Parameter: <id>...
Page 604: Ipv6 Ospf Priority
36.20 ipv6 ospf priority Command: ipv6 ospf priority <priority> [instance-id <id>] no ipv6 ospf priority[instance-id <id>] Function: Configure the priority when electing “Defined layer 3 switch” at the interface. The “no ipv6 ospf [<ip-address>] priority” command restores the default value. Parameter: <id>...
Page 605 Specify the retransmit interval of link state announcements between the interface and adjacent layer 3 switches. The “no ipv6 ospf retransmit-interval [instance-id <id>]” command restores the default value. Parameter: <id> is the interface instance ID, ranging between 0~255, defaulted at 0 <time>...
Page 606: Ipv6 Router Ospf
Command Mode: Interface Configuration Mode. Usage Guide: The LSA ages by time in the layer 3 switches but not in the transmission process. So by increasing the transmit-delay before sending LSA so that it will be sent out. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully.
Page 607 configuration to only configure tunnel carefully. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 router ospf area 1 tag IPI instance-id 1 36.24 max-concurrent-dd Command: max-concurrent-dd <value> no max-concurrent-dd Function: Configure with this command the current dd max concurrent number in the OSPF processing. The “no max-concurrent-dd”...
Page 608 Parameter: <ifname> is the specific name of interface. Default: Not configured Command Mode: OSPFv3 protocol mode Example: Switch#config terminal Switch(config)#router ipv6 ospf Switch(config-router)#passive-interface vlan1 36.26 redistribute Command: [no] redistribute {kernel |connected| static| rip| isis| bgp} [metric<value>] [metric-type {1|2}][route-map<word>] Function: Introduce route learnt from other routing protocols into OSPFv3. Parameter: kernel Introduct from kernel route connected Introduce from direct route...
Page 609 Switch(config-router)#redistribute bgp metric 12 metric-type 1 36.27 redistribute ospf Command: redistribute ospf [<process-tag>] [metric<value>] [metric-type {1|2}] [route-map<word>] no redistribute ospf [<process-tag>] [metric<value>] [metric-type {1|2}][route-map<word>] Function: To redistribute routing information form process-tag to this command. The no form of command cancels the redistribution of process-tag routing to this process. When input the optional parameters of metric, metric type and routermap, then restores default configuration.
Page 610: Router Ipv6 Ospf
Configure router ID for ospfv3 process. The “no router-id”restores ID to 0.0.0.0. Parameter: <router-id>> is the router ID shown in IPv4 format. Default: 0.0.0.0 by default. Usage Guide: If the router-id is 0.0.0.0, the ospfv3 process can not be normally enabled. It is required to configure a router-id for ospfv3.
Page 611: Show Ipv6 Ospf
36.30 show ipv6 ospf Command: show ipv6 ospf [<tag>] Function: Display OSPF global and area messages. Parameter: <tag> is the process tag which is a character string. Default: Not displayed. Command Mode: All modes Example: Switch#show ipv6 ospf Routing Process "OSPFv3 (*null*)" with ID 192.168.2.2 SPF schedule delay 5 secs, Hold time between SPFs 10 secs Minimum LSA interval 5 secs, Minimum LSA arrival 1 secs Number of external LSA 0.
Page 612 Display the OSPF link state data base message. Parameter: <tag> is the process tag which is a character string. <advertiser_router> is the ID of Advertising router, shown in IPv4 address format Default: Not displayed Command Mode: All modes Usage Guide: According to the output messages of this command, we can view the OSPF link state database messages.
Page 613: Show Ipv6 Ospf Interface
Displayed information’s Explanations Link-LSA (Interface Vlan1) Link LSA messages of interface Vlan1 Router-LSA (Area 0.0.0.0) Router LSA messages in Area 0 Network-LSA (Area 0.0.0.0) Network LSA in Area 0 Intra-Area-Prefix-LSA (Area 0.0.0.0) Intra-domain Prefix LSA in Area 0 36.32 show ipv6 ospf interface Command: show ipv6 ospf interface <ifname>|vlan <vlan-id>...
Page 614 Interface Address fe80::203:fff:fe01:d28 Timer interval configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:10 Neighbor Count is 1, Adjacent neighbor count is 1 Vlan2 is up, line protocol is up Interface ID 2004 IPv6 Prefixes fe80::203:fff:fe01:257c/64 (Link-Local Address) 2000:1:1::1/64 OSPFv3 Process (*null*), Area 0.0.0.0, Instance ID 0 Router ID 192.168.2.2, Network Type BROADCAST, Cost: 10...
Page 615: Show Ipv6 Ospf Neighbor
Hello due in 00:00:10 retransmission. Neighbor Count is 1, Adjacent neighbor count is 1 Numbers of the adjacent layer 3 switch; number of the layer 3 switches established with neighbor relation 36.33 show ipv6 ospf neighbor Command: show ipv6 ospf [<tag>] neighbor [<neighbor_id> | <ifname> detail | detail ] Function: Show OSPF adjacent point messages.
Page 616: Show Ipv6 Ospf Route
36.34 show ipv6 ospf route Command: show ipv6 ospf [<tag>] route Function: Show the OSPF route table messages. Parameter: <tag> is the processes tag, which is a character string. Default: Not displayed Command Mode: All modes Example: Destination Metric Next-hop O 2000:1:1::/64 directly connected, Vlan2 O 2001:1:1::/64...
Page 617 Switch#show ipv6 ospf redistribute ospf process abc redistribute information： ospf process def ospf process def redistribute information： ospf process abc Switch#show ipv6 ospf abc redistribute ospf process abc redistribute information： ospf process def 36.36 show ipv6 ospf topology Command: show ipv6 ospf [<tag>] topology [area <area-id>] Function: Show messages of OSPF topology.
Page 618 36.37 show ipv6 ospf virtual-links Command: show ipv6 ospf [<tag>] virtual-links Function: Show OSPF virtual link messages. Parameter: <tag> is the processes tag, which is a character string. Default: Not displayed. Command Mode: All modes Example: Switch#show ipv6 ospf virtual-links Virtual Link VLINK1 to router 5.6.7.8 is up Transit area 0.0.0.1 via interface Vlan1, instance ID 0 Local address 3ffe:1234:1::1/128...
Page 619 IPv6 Routing Table Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP > - selected route, * - FIB route, p - stale info Timers: Uptime C*>...
Page 620 Chapter 37 Commands for BGP and MBGP4+ 37.1 address-family Command: address-family <AFI> <SAFI> Function: Enter address-family mode. Parameter: <AFI> address-family, such as IPv4、IPv6、VPNv4, etc ; <SAFI>: sub address-family, such as unicast、multicast Command Mode: BGP routing mode Usage Guide: Since the BGP-4 supports multi-protocol, it is available to get different configuration for each address-family.
Page 621 Switch(config-vrf)#exit Switch(config)#router bgp 100 Switch(config-router)#address-family ipv4 vrf DC1 Switch(config-router-af)# 3) Enter BGP VPNv4 address-family mode. Switch(config)#router bgp 100 Switch(config-router)#address-family vpnv4 Switch(config-router-af)# 37.2 aggregate-address Command: aggregate-address <ip-address/M> [summary-only] [as-set] no aggregate-address <ip-address/M> [summary-only] [as-set] Function: Configure the aggregate-address. The “no aggregate-address <ip-address/M> [summary-only] [as-set]”...
Page 622 37.3 bgp aggregate-nexthop-check Command: bgp aggregate-nexthop-check no bgp aggregate-nexthop-check Function: Configures whether BGP checks all the route next-hop in aggregating. The “no bgp aggregate-nexthop-check” command cancels this configuration, namely not check the next-hop accordance of aggregate route. Default: No nexthop checked during aggregating. Command Mode: Global mode Usage Guide:...
Page 623 MED of routes from different AS source will also be compared. Example: The AS (200) receives the same route prefix form the two AS (100 and 300) carrying different MED, configure the MED comparison is always performed. Switch(config-router)#bgp always-compare-med 37.5 bgp asnotation asdot Command: bgp asnotation asdot no bgp asnotation asdot...
Page 624 Not set. Command Mode: BGP route mode Usage Guide: Length of AS-PATH will be compared in BGP pathing, and its length can be ignored by using this configuration. Example: Set to ignore the AS-PATH length: Switch(config)#router bgp 200 Switch(config-router)#bgp bestpath as-path ignore Related Command: bgp bestpath compare-confed-aspath, bgp bestpath compare-routerid, bgp bestpath med, no bgp bestpath compare-confed-aspath, no bgp bestpath compare-routerid, no bgp bestpath...
Page 625: Bgp Bestpath Med
37.8 bgp bestpath compare-routerid Command: bgp bestpath compare-routerid no bgp bestpath compare-routerid Function: Compare route ID; the “no bgp bestpath compare-routerid” command cancels this configuration. Default: Not configured. Command Mode: BGP route mode Usage Guide: Normally the first arrived route from the same AS (with other conditions equal) will be chosen as the best route.
Page 626 Not configured. Command Mode: BGP route mode Usage Guide: Choose whether MED is compared among confederations by this command. If MED is missing, it is considered max when missing-is-worst or else 0. Example: Configure to compare the MED attributes in the confederation path and to consider the value is the largest when MED is unavailable.
Page 627: Bgp Confederation Identifier
37.11 bgp cluster-id Command: bgp cluster-id {<ip-address>|<01-4294967295>} no bgp cluster-id {[<ip-address>]|<0-4294967295>} Function: Configure the route reflection ID during the route reflection. The “no bgp cluster-id {[<ip-address>]|<0-4294967295>}” command cancels this configuration. Parameter: <ip-address>|<1-4294967295>: cluster-id which is shown in dotted decimal notation or a 32 digit number.
Page 628: Bgp Confederation Peers
decimal notation (such as 6553700) or delimiter method (such as 100.100). Default: No confederation. Command Mode: BGP route mode Usage Guide: Confederation is for divide large AS into several smaller AS, while still identified as the large AS. Create large AS number with this command. Example: Switch(config-router)# bgp confederation identifier 600 Related Command:...
Page 629: Bgp Dampening
37.14 bgp dampening Command: bgp dampening [<1-45>] [<1-20000> <1-20000> <1-255>] [<1-45>] no bgp dampening Function: Configure the route dampening.The “no bgp dampening” command cancels the route dampening function. Parameter: <1-45>: Respectively the penalty half-lives of accessible and inaccessible route, namely the penalty value is reduced to half of the previous value, in minutes.
Page 630 command cancels this configuration. Parameter: ipv4-unicast: Configure the default using IPv4-unicast to set up neighbor connection. local-preference<0-4294967295>: Configure the default local priority. Default: The IPv4 unicast is default enabled when BGP is enabled. The default priority is 100. Command Mode: BGP route mode.
Page 631 Switch(config-router)#bgp deterministic-med 37.17 bgp enforce-first-as Command: bgp enforce-first-as no bgp enforce-first-as Function: Enforces the first AS position of the route AS-PATH contain the neighbor AS number or else disconnect this peer when the BGP is reviving the external routes. The “no bgp enforce-first-as” command cancels this configuration.
Page 632 Example: Switch(config-router)# bgp fast-external-failover 37.19 bgp inbound-route-filter Command: bgp inbound-route-filter no bgp inbound-route-filter Function: The bgp do not install the RD routing message which does not exist locally. The no command means the RD will be installed with no regard to the local existence of the RD. Command Mode: BGP mode.
Page 633 Limit the number of routers learnt by the bgp process from its neighbors with this command. Example: The following configuration will limit max number of routers that the bgp process receives from its neighbors as 20000. Switch(config-router)# bgp inbound-max-route-num 20000 37.21 bgp log-neighbor-changes Command: bgp log-neighbor-changes...
Page 634 Usage Guide: Checking the IGP accessibility of the route advertised by BGP is to check the existence of next-hop and its IGP accessibility. Example: Set to check the IGP accessibility of BGP network route. Switch(config-router)# bgp network import-check 37.23 bgp rfc1771-path-select Command: bgp rfc1771-path-select no bgp rfc1771-path-select...
Page 635 Not following rfc 1771 restrictions. Command Mode: Global mode Usage Guide: With this attribute set, generation types of routes from protocols such as RIP, OSPF, ISIS, etc will be regarded as IGP (internal generated), or else as incomplete. Example: Configure to stricly follow the rfc1771 restrictions. Switch(config)#bgp rfc1771-strict 37.25 bgp router-id Command:...
Page 636: Clear Ip Bgp
Set the time interval of the periodical next-hop validation; the “no bgp scan-time [<0-60>]” command restores to the default value. Parameter: <0-60>: Validation time interval. Default: Default interval is 60s. Command Mode: BGP route mode Usage Guide: Validate the next-hop of BGP route, this command is for configuring the interval of this check. Set the parameter to 0 if you don’t want to check.
Page 637: Clear Ip Bgp Dampening
37.28 clear ip bgp dampening Command: clear ip bgp [<address-family>] dampening [<ip-address>|<ip-address/M>] Function: Used for resetting BGP routing dampening. Parameter: <address-family>: address-family, such as “ipv4 unicast”. <ip-address>: IP address. <ip-address/M>: IP address and mask. Command Mode: Admin mode Usage Guide: It is possible to clear BGP routing dampening messages and state by different parameters (such as address-family or IPv4 address).
Page 638: Debug Bgp
Example: Clear the BGP dampening statistic messages of IPv4 unicast cluster. Switch#clear ip bgp ipv4 unicast flap-statistics 37.30 debug bgp Command: debug bgp [<MODULE>|all] no debug bgp [<MODULE>|all] Function: For BGP debugging. The “no debug bgp [<MODULE>|all]” command closes the BGP debugging messages Parameter: <MODULE>: BGP module names, including dampening、events、filters、fsm、keepalives、nsm、...
Page 639 Admin Mode. Example: Switch# debug bgp redistribute message send Switch# no debug bgp redistribute message send 37.32 debug bgp redistribute route receive Command: debug bgp redistribute route receive no debug bgp redistribute route receive Function: To enable debugging switch of received messages from NSM for BGP. The no form of this command will disable debugging switch of received messages from NSM for BGP.
Page 640 Example: Switch# debug ipv6 bgp redistribute message send 37.34 debug ipv6 bgp redistribute route receive Command: debug ipv6 bgp redistribute route receive no debug ipv6 bgp redistribute route receive Function: To enable debugging switch of received messages from NSM for MBGP4+. The no form of this command will disable debugging switch of received messages from NSM for MBGP4+.
Page 641: Distance Bgp
Usage Guide: Set the manage distance for specified BGP route as the path selecting basis. Example: Set the manage distance for route 90 10.1.1.64/32 to be 90. Switch(config-router)# distance 90 10.1.1.64/32 37.36 distance bgp Command: distance bgp <1-255> <1-255> <1-255> no distance bgp [<1-255>...
Page 642: Import Map
Usage Guide: Use this command to exit the mode so to end the address-family configuration when configuring address-family under BGP. Example: Switch(config)#router bgp 100 Switch(config-router)#address-family ipv4 unicast Switch(config-router-af)# exit-address-family Switch(config-router)# Related Command: address-family 37.38 import map Command: import map <map-name> no import map <map-name>...
Page 643 Switch(config-af)#import map map1 Switch#show ip bgp vpn all Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:10 (Default for VRF DC1) *> 11.1.1.0/24 11.1.1.64 0 200 ? *>i15.1.1.0/24 10.1.1.68 655 300 ? *> 20.1.1.0/24 11.1.1.64 0 200 ? *>i100.1.1.0/24 10.1.1.68 655 300 ? Route Distinguisher: 100:10...
Page 644 37.40 ip community-list Command: ip community-list {<LISTNAME> | <1-199> | [expanded <WORD>] | [standard <WORD>]} {deny | permit} <.COMMUNITY> no ip community-list {<LISTNAME> | <1-199> | [expanded <WORD>] | [standard <WORD>]} [{deny | permit} <.COMMUNITY>] Function: Configure the community-list. The “no ip community-list {<LISTNAME>|<1-199>|[expanded <WORD>]|[standard <WORD>]} [{deny|permit} <.COMMUNITY>]”...
Page 645: Neighbor Activate
{<LISTNAME>|<1-199>|[expanded <WORD>]|[standard <WORD>]} {deny|permit} <.COMMUNITY>“ command is for deleting the extended community list. Parameter: <LISTNAME>: name of community-list. <1-199>: Standard or extended community number. <WORD>: Standard or extended community number. <.COMMUNITY >: Members of the community list, which may be the combination of aa:nn, or internet, local-AS, no-advertise, and no-export.
Page 646 enabled, the address-family route will not be acquired by the partner even if the corresponding address family routes acquired before will be cancelled after this option is disabled. Example: Configure to exchange the unicast route with neighbor 2002::2. Switch(config-router)#neighbor 2002::2 activate Switch(config-router)#address-family ipv4 Switch(config-router-af)#no neighbor 2002::2 activate Switch(config-router-af)#...
Page 647 no neighbor {<ip-address>|<TAG>} allowas-in Function: Configure the counts same AS is allowed to appear in the neighbor route AS table. The “no neighbor {<ip-address>|<TAG>} allowas-in” restores to not allow any repeat. Parameter: <ip-address>: IP address of the neighbor. <TAG>: Name of the peer group. <1-10>: Allowed count of same AS number.
Page 648 Usage Guide: After configure this command, the route from the neighbor will cover the existed AS number. Example: Switch (config)#router bgp 100 Switch (config-router)#address-family ipv4 vrf VRF-A Switch(config-router-af)#neighbor 3.0.0.1 remote-as 65001 Switch(config-router-af)# neighbor 3.0.0.1 as-override Switch(config-router-af)# 37.46 neighbor attribute-unchanged Command: neighbor {<ip-address>|<TAG>} attribute-unchanged [as-path] [med] [next-hop] no neighbor {<ip-address>|<TAG>} attribute-unchanged [as-path] [med] [next-hop] Function:...
Page 649 37.47 neighbor capability Command: neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} no neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} Function: Configure dynamic update between neighbors and the route refresh capability negotiation. The “no neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh}” command do not enable the specific capability negotiation.
Page 650 {<ip-address>|<TAG>} capability orf prefix-list {<both>|<send>|<receive>}” command set to not perform the negotiation. Parameter: <ip-address>: Neighbor IP address. <TAG>: Name of peer group. Default: ORF capability not configured. Command Mode: BGP route mode and address-family mode Usage Guide: This is an extended BGP capability. With this configuration supported capabilities by both side will be negotiated in the OPEN messages, and the partner will respond if this capability is supported by the partner and send NOTIFICATION if not.
Page 651 route mode and address family mode Usage Guide: This command is for settling the problem that multi-connection among peers due to TCP connection collision. Connections created with this option on will always be check even at established state. And it will be checked if local side IP is larger than partner IP when collides. If yes, the original connection will be deleted, and if not the option will be configured to only checks when the connection originated from local side at open sent and open confirm state.
Page 652: Neighbor Description
Switch(config-router)# Then the default route from BGP will appear in partner route list. Relevant Commands: route-map 37.51 neighbor description Command: neighbor {<ip-address>|<TAG>} description <.LINE> no neighbor {<ip-address>|<TAG>} description Function: Configure description string peer peer group. “no neighbor {<ip-address>|<TAG>} description” command deletes the configurations of this string. Parameter: <ip-address>: Neighbor IP address.
Page 653 Configure the policy applied in partner route update transmission. The “no neighbor {<ip-address>|<TAG>} distribute-list {<1-199>|<1300-2699>|<WORD>} {in|out}” command cancels the policy configuration. Parameter: <ip-address>: Neighbor IP address. <TAG>: Name of peer group. <1-199>|<1300-2699>|<WORD>: Number or name of the access-list. Default: Policy not applied. Command Mode: BGP route mode and address-family mode Usage Guide:...
Page 654 Command Mode: BGP route mode and address-family mode Usage Guide: As the negotiation is the default, it can be disabled with this configuration when it is known that the partner BGP version is old which don’t support capability negotiation. Example: Last addition capability negotiation will not be realized in the connection by configuring as follows.
Page 655 Switch(config-router)#neighbor 11.1.1.120 ebgp-multihop on 11.1.1.120 Switch(config-router)#neighbor 10.1.1.64 ebgp-multihop After this, switches in different segments will be able to create BGP neighbor relationship. 37.55 neighbor enforce-multihop Command: neighbor {<ip-address>|<TAG>} enforce-multihop no neighbor {<ip-address>|<TAG>} enforce-multihop Function: Enforce the multihop connection to the neighbor. The “no neighbor {<ip-address>|<TAG>} enforce-multihop”...
Page 656: Neighbor Interface
Function: Access-list control for AS-PATH. The “no neighbor {<ip-address>|<TAG>} filter-list <.LINE> {<in>|<out>}” cancels the AS-PATH access-list control. Parameter: <ip-address>: Neighbor IP address. <TAG>: Name of peer group. <LINE>: AS-PATH access-list name configured through ip as-pathaccess-list<.LINE><permit|deny><LINE>. Default: Not configured. Command Mode: BGP route mode and address list mode.
Page 657 Default: Not configured. Command Mode: BGP route mode and address-family mode Usage Guide: Specifies the exit interface to the neighbor with this command. Interface destination accessibility should be ensured. Example: Set the interface to neighbor 10.1.1.64 as interface vlan 2。 Switch(config-router)# neighbor 10.1.1.64 interface Vlan2 37.58 neighbor maximum-prefix Command:...
Page 658 Configure the maximum number of route prefix from neighbor 10.1.1.64 is 12, and it warns when the number of route prefix reaches 6, and the connection will be cut when the number hit 13. Switch(config-router)#neighbor 10.1.1.64 maximum-prefix 12 50 37.59 neighbor next-hop-self Command: neighbor {<ip-address>|<TAG>} next-hop-self no neighbor {<ip-address>|<TAG>} next-hop-self...
Page 659: Neighbor Passive
Parameter: <ip-address>: Neighbor IP address. <TAG>: Name of the peer group. Default: Disabled. Command Mode: BGP route mode Usage Guide: With this attribute, error notify due to unsupported capability negotiation the neighbors required will not be sent. Example: Switch(config-router)#neighbor 10.1.1.64 override-capability Related Command: neighbor capability 37.61 neighbor passive...
Page 660 Switch(config-router)#neighbor 10.1.1.64 passive After configured with this attribute and reestablishing the connection , the local side do not attempt to create connection but stays in ACTIVE state waiting for the TCP connection request from the partner. 37.62 neighbor peer-group (Creating) Command: neighbor <...
Page 661: Neighbor Port
no neighbor <ip-address> peer-group <TAG> Function: Assign/delete peers in the group. The “no neighbor <ip-address> peer-group <TAG>“command deletes the peers from the peer group. Parameter: <ip-address>: Neighbor IP address. <TAG>: Name of peer group. Default: No peer group. Command Mode: BGP route mode and address-family mode Usage Guide: By configuring the peer group, a group of peers with the same attributes will be configured at the...
Page 662 Switch(config-router)#neighbor 10.1.1.64 port 1023 37.65 neighbor prefix-list Command: neighbor {<ip-address>|<TAG>} prefix-list <LISTNAME|number> {<in|out>} no neighbor {<ip-address>|<TAG>} prefix-list <LISTNAME|number> {<in>|<out>} Function: Configure the prefix restrictions applied in sending or receiving routes from specified neighbors.The “no neighbor {<ip-address>|<TAG>} prefix-list <LISTNAME|number> {<in>|<out>}” command cancels this configuration.
Page 663 Configure the BGP neighbor. The no command is used for deleting BGP neighbors. Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group <as-id>: Neighbor AS number, ranging from 1 to 4294967295, it can be shown in decimal notation (such as 6553700) or delimiter method (such as 100.100). Default: No neighbors Command Mode:...
Page 664 Configure this attribute to avoid assigning the internal AS number to the external AS sometimes. The internal AS number ranges between 64512-65535, which the AS number could not be sent to the INTERNET since it is not a valid external AS number. What removed here is private AS numbers of the totally private AS routes.
Page 665 37.69 neighbor route-reflector-client Command: neighbor {<ip-address>|<TAG>} route-reflector-client no neighbor {<ip-address>|<TAG>} route-reflector-client Function: Configure the route reflector client. The “no neighbor {<ip-address>|<TAG>} route-reflector-client” command cancels this configuration Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: Not configured. Command Mode: BGP route mode and address-family mode Usage Guide: The route reflection is used for reducing the peers when the internal IBGP routers inside AS are too...
Page 666 Function: Configure the route server client. The “no neighbor {<ip-address>|<TAG>} route-server-client” command cancels this configuration. Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: Not configured Command Mode: BGP route mode and address-family mode Usage Guide: The route service is for reducing the peers when the router between AS is too much under EBGP environment.
Page 667: Neighbor Shutdown
Sending the community attributes. Command Mode: BGP route mode and address-family mode Usage Guide: The community attributes can be sent to the outside or not. By default of our company we set to sending while the default in standard protocol is not sending. By configuring this attribute community attributes will be carried when sending routing information’s to the neighbors, or else not.
Page 668: Neighbor Soo
neighbor {<ip-address>|<TAG>} soft-reconfiguration inbound no neighbor {<ip-address>|<TAG>} soft-reconfiguration inbound Function: Configures whether perform inbound soft reconfiguration; the “no neighbor {<ip-address>|<TAG>} soft-reconfiguration inbound” command set to not perform the inbound soft reconfiguration. Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: Not perform inbound soft reconfiguration.
Page 669 Switch (config)#router bgp 100 Switch(config-router)#address-family ipv4 vrf DC1 Switch(config-router-af)# neighbor 11.1.1.64 remote 200 Switch(config-router-af)# neighbor 11.1.1.64 soo 100.100:10 After this attribute set, the switch will no longer spreads the route with 100.100:10 rt attribute to 11.1.1.64. (what have to be mentioned here is that the soo attribute will be judged together with other rt attributes, which means if the rt is configured with the same attribute, it will be regarded as the origin neighbor even if it’s not the real origin source.
Page 670: Neighbor Timers
37.76 neighbor timers Command: neighbor {<ip-address>|<TAG>} timers <0-65535> <0-65535> no neighbor {<ip-address>|<TAG>} timers <0-65535> <0-65535> Function: Configure the KEEPALIVE interval and hold time; the “no neighbor {<ip-address>|<TAG>} timers <0-65535> <0-65535>” command restores the defaults. Parameter: <ip-address>Neighbor IP address <TAG>: Name of peer group <0-65535>: Respectively the KEEPALIVE and HOLD TIME Default: Default KEEPALIVE time is 60s, while HOLD TIME is 240s.
Page 671 <0-65535>: Retry interval Default: 120s. Command Mode: BGP route mode and address-family mode Usage Guide: Configure the connecting time interval when connecting a peer. The NO form restores the default value. Example: Switch(config-router)#neighbor 10.1.1.64 timers connect 100 Related Command: neighbor timers 37.78 neighbor unsuppress-map Command: neighbor {<ip-address>|<TAG>} unsuppress-map <WORD>...
Page 672: Neighbor Version
Switch(config-route-map)#match ip next-hop 10 Route with nexthop as 10.1.1.100 will not be restrained. 37.79 neighbor update-source Command: neighbor {<ip-address>|<TAG>} update-source <IFNAME> no neighbor {<ip-address>|<TAG>} update-source <IFNAME> Function: Configure the update source. The “no neighbor {<ip-address>|<TAG>} update-source <IFNAME>“cancels this configuration Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group <IFNAME>: Name or IP of the interface...
Page 673: Neighbor Weight
Parameter: <ip-address>: Neighbor IP address <TAG>: Name of the peer group 4: Allowed BGP version, 4 only Default: Command Mode: BGP route mode Usage Guide: Only version 4 is supported so far, so whatever the configuration is the version remains at 4. Example: Switch(config-router)#neighbor 10.1.1.66 version 4 Switch(config-router)#...
Page 674 Example: Switch(config-router)#neighbor 10.1.1.66 weight 500 37.82 network (BGP) Command: network <ip-address/M> [route-map <WORD>] [backdoor] no network <ip-address/M> [route-map <WORD>] [backdoor] Function: Configure the BGP managed network, the route map specified in network application, or set the “back door” for the network. The “no network <ip-address/M> [route-map <WORD>] [backdoor]” command cancels this configuration.
Page 675 <ROUTES>: Route source or protocol, including: connected, ISIS, kernel, OSPF, RIP, static, etc. <WORD>: Name of route map. Command Mode: BGP Route Mode. Usage Guide: Route from other ways will be distributed into the BGP route table with this command and transmitted to the neighbors.
Page 676: Router Bgp
37.85 redistribute ospf (MBGP4+) Command: redistribute ospf [<process-tag>] [route-map<word>] no redistribute ospf [<process-tag>] Function: To redistribute routing information form OSPFv3 to MBGP4+. The no form of this command will remove the configuration. Parameters: process-id is the process character string of the OSPFv3, the length is less than 15. If no process id is specified, the default process will be used.
Page 677 Global mode Usage Guide: Enable BGP by specified AS, and then enter the config-router state, the protocol can be configured at this prompt. Example: Enable BGP, AS number is 4294967295 in decimal notation. Switch(config)#router bgp 4294967295 Switch(config-router)#exit Enable BGP, AS number is 4294967295 in delimiter method. Switch(config)#router bgp 65535.65535 Switch(config-router)#exit 37.87 set vpnv4 next-hop...
Page 678: Show Ip Bgp
Switch(config-router)#neighbor 10.1.1.68 route-map map1 in Switch(config-router)#address-family vpnv4 unicast Switch(config-router-af)#neighbor 10.1.1.68 activate Switch(config-router-af)#exit-address-family View the route message after refresh: Switch#show ip bgp vpnv4 all Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:10 (Default for VRF DC1) *> 11.1.1.0/24 11.1.1.64 0 200 ? *>i15.1.1.0/24 10.1.1.250...
Page 679: Show Ip Bgp Community
Example: Switch#show ip bgp BGP table version is 147, local router ID is 10.1.1.64 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path...
Page 680 show ip bgp [<ADDRESS-FAMILY>] community <TYPE> [exact-match] Function: For displaying route permitted by BGP with community information. Parameter: <ADDRESS-FAMILY>: Address-family, such as “ipv4 unicast” <TYPE>: Community attributes number show in AA:NN form or combination of local-AS, no-advertise, and no-export. Command Mode: Admin and configuration mode Usage Guide: We can choose several communities at a time, exact-match shows only the perfect match entries...
Page 681: Show Ip Bgp Dampening
Address Refcnt Community [0x3312558] (3) 100:50 37.92 show ip bgp community-list Command: show ip bgp [<ADDRESS-FAMILY>] community-list <NAME> [exact-match] Function: For displaying the routes containing the community list messages and permitted by BGP Parameter: <ADDRESS-FAMILY>: Address-family such as “ipv4 unicast” <NAME>: Community list Command Mode: Admin and configuration mode...
Page 682 {<dampened-paths>|<flap-statistics>|<parameters>} Function: Display the routes permitted by BGP and relevant to the route dampening. Parameter: <ADDRESS-FAMILY>: Address-family, such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: Only the surged routes will be displayed. The Parameters shows the display configuration other than specific routes.
Page 683 Un-reach ability Half-Life time : 15 min Max penalty (ceil) : 11999 Min penalty (floor) : 375 Total number of prefixes 1 Related Command: bgp dampening 37.94 show ip bgp filter-list Command: show ip bgp [<ADDRESS-FAMILY>] filter-list [<WORD >] Function: For displaying the routes in BGP meeting the specific AS filter list.
Page 684: Show Ip Bgp Neighbors
37.95 show ip bgp inconsistent-as Command: show ip bgp [<ADDRESS-FAMILY>] inconsistent-as Function: For displaying routes with inconsistent BGP AS. Parameter: <ADDRESS-FAMILY>: address family such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: If same prefix comes from different origin AS, the AS will be regarded as inconsistent. This command is for displaying this kind of routes.
Page 685: Show Ip Bgp Paths
Admin and configuration mode Usage Guide: Display detailed messages of all neighbors by this command without parameters. Specifying IP address will show the detailed information of the neighbors with specified IP address. The advertised-routes 、received prefix-filter、received routes、routes parameters will respectively displays the routes broadcast on local side, the received prefix filter, received routes (soft reconfiguration enabled) and the routing message from specific neighbor.
Page 686 <ADDRESS-FAMILY>: Address-family such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: Display the BGP path message includes the utilization state. Example: Switch#sh ip bgp paths Address Refcnt Path [0x331dad0:0] (1) [0x331d850:93] (1) 600 [0x331d8d8:249] (2) 200 300 37.98 show ip bgp prefix-list Command: show ip bgp [<ADDRESS-FAMILY>] prefix-list [<NAME>]...
Page 687 *> 10.1.1.100 32768 ? Total number of prefixes 1 37.99 show ip bgp quote-regexp Command: show ip bgp [<ADDRESS-FAMILY>] quote-regexp [<WORD>] Function: For displaying the BGP route meets the specific AS related regular expression. Parameter: <ADDRESS-FAMILY>: >: address-family such as “ipv4 unicast” <WORD>: Regular expression Command Mode: Admin and configuration mode...
Page 688: Show Ip Bgp Regexp
37.100 show ip bgp regexp Command: show ip bgp [<ADDRESS-FAMILY>] regexp [<LINE>] Function: For displaying the BGP routes meets specific AS related normal expressions. Parameter: <ADDRESS-FAMILY>: >: address-family such as “ipv4 unicast” <LINE>: Regular expression Command Mode: Admin and configuration mode Usage Guide: We can select BGP route of the required AS with normal expression.
Page 689: Show Ip Bgp Scan
process routes with route map. The command will display the routes meet specific route map. Example: Switch#sh ip bgp route-map rmp BGP table version is 2, local router ID is 11.1.1.100 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network...
Page 690 show ip bgp [<ADDRESS-FAMILY>] summary Function: For displaying the BGP summary information. Parameter: <ADDRESS-FAMILY>: Address-family such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: Display some basic summary information of BGP. Example: Switch#show ip bgp summary BGP router identifier 10.1.1.66, local AS number 200 BGP table version is 1 1 BGP AS-PATH entries 0 BGP community entries...
Page 691: Show Ip Bgp View
37.104 show ip bgp view Command: show ip bgp view [<NAME>] [<ip-address> | <ip-address/M> | [<ADDRESS-FAMILY>] summary] Function: For displaying the messages of specified BGP instance. Parameter: <NAME>: Name of BGP instance <ip-address>: IP address <ip-address/M>: IP address and mask <ADDRESS-FAMILY>: Address-family such as “ipv4 unicast”...
Page 692: Show Ip Bgp Vrf
37.106 show ip bgp vrf Command: show ip bgp vrf [NAME] {summary | A.B.C.D | A.B.C.D/M} Function: For displaying the routing messages and the neighbors permitted by BGP. Parameter: <NAME>: The name of the VRF instance summary: Display the summary information of the BGP neighbor A.B.C.D: IP address A.B.C.D/M: IP address and the mask Command Mode:...
Page 693 Neighbor runs BGP Neighbor belongs to AS MsgRcvd The information number received from the neighbor MsgSent The information number is sent to the neighbor TblVer Route table version Up/Down If the state is established with the neighbor, display the dialog time, or display the current state State/PfxRcd If the state is established with the neighbor, display the prefix number of...
Page 694 Origin incomplete, metric 6, localpref 100, valid, external, best Last update: 00:41:47 37.107 show ip bgp vpnv4 Command: show ip bgp vpnv4 {all | rd <rd-val> | vrf <vrf-name>} Function: Display all VRF route messages or the specific VRF route message. Parameter: all: All VPNv4 peers;...
Page 695: Timers Bgp
Example: Switch#show ipv6 bgp redistribute 37.109 timers bgp Command: timers bgp <0-65535> <0-65535> no timers bgp [<0-65535> <0-65535>] Function: Configure all neighbor time in BGP. The “no timers bgp [<0-65535> <0-65535>]” command restores these times to default value. Parameter: <0-65535> Respectively the KEEPALIVE interval and the hold time. Default: KEEPALIVE is 60s, HOLD TIME is 240s.
Page 696 Chapter 38 Commands for Black Hole Routing 38.1 ip route null0 Command: ip route {<ip-prefix> <mask>|<ip-prefix>|<prefix-length>} null0 [<distance>] no ip route {<ip-prefix> <mask>|<ip-prefix>|<prefix-length>} null0 Function: To configure routing destined to the specified network to the interface of null0. Parameters: <ip-prefix> and <mask> are the IP address and network address mask of the destination, in dotted decimal format: <ip-prefix>...
Page 697 output interface for the black hole routing. <precedence> is the route weight, ranging between 1 to 255 and 1 by default. Command Mode: Global Configuration Mode. Usage Guide: When configuring IPv6 Black Hole Routing, it is much like configuring normal static routing, but using null0 as the output interface.
Page 698 GRE Tunnel PACKET: recv, src <1.1.1.2>, dst <1.1.1.1>, size <140>, proto <0x0800>, from <tunnel1> 39.2 ip address Command: ip address <ipv4-address> <mask> no ip address <ipv4-address> <mask> Function: Configure the IPv4 address of GRE tunnel interface. Parameter: <ipv4-address> is IPv4 address, <mask> is the sub-net mask. Command mode: Tunnel interface configuration mode.
Page 699 Command mode: Global mode. Usage Guide: Configure the output interface of IPv4 static route as GRE tunnel. Example: Configure the output interface of IPv4 static route as GRE tunnel. Switch(config)# interface tunnel 1 Switch(config)#ip route 101.0.0.0/24 tunnel 1 39.4 ipv6 address Command: ipv6 address <ipv6-address/prefix>...
Page 700 ipv6 route <ipv6-address/prefix> tunnel <ID> no ipv6 route <ipv6-address/prefix> tunnel <ID> Function: Configure the output interface of IPv6 static route as GRE tunnel. Parameter: <ipv6-address > is the IPv6 address, <prefix> is the prefix length, <ID> is the GRE tunnel ID. Command mode: Global mode.
Page 701 loopback-group <id> no loopback-group <id> Function: Join layer 2 Ethernet port in the specified loopback-group. Parameter: <id> is the loopback-group ID, the ranging from 1 to 128. Command mode: Port Mode. Usage Guide: There is no configuration for a specified port before join it in a loopback-group. Example: Join port 1/0/1 in loopback-group 1.
Page 702: Show Interface Tunnel
39.9 show gre tunnel Command: show gre tunnel {<1-50 |>} Function: Display the configuration information of GRE tunnel. Parameter: <1-50>: The tunnel ID. Command mode: Admin mode and configuration mode. Example: Display the configuration information of GRE tunnel. Switch# show gre tunnel name mode source...
Page 703 Switch# show interface tunnel 1 Tunnel1 is up, line protocol is up, dev index is 8001 Device flag 0x81(UP NOARP) IPv4 address is: (NULL) VRF Bind: Not Bind 39.11 tunnel destination Command: tunnel destination {<ipv6-address> | <ipv4-address>} no tunnel destination Function: Configure the destination address (IPv6 or IPv4 address) for GRE tunnel.
Page 704 Usage Guide: Configure the GREv4 tunnel mode, the data packets are encapsulated with GREv4 to be forwarded. Example: Configure the data packets to process the encapsulation of the GREv4 to be forwarded. Switch(config)# interface tunnel 1 Switch(config-if-tunnel1)# tunnel mode gre ip 39.13 tunnel mode gre ipv6 Command: tunnel mode gre ipv6...
Page 705 Usage Guide: Configure the source address (IPv6 or IPv4 address) for GRE tunnel. Example: Configure the source IPv6 address for GRE tunnel. Switch(config)# interface tunnel 1 Switch(config-if-tunnel1)#tunnel source 2010::1 39-10...
Page 706 Chapter 40 Commands for ECMP 40.1 load-balance Command: load-balance {dst-src-mac | dst-src-ip | dst-src-mac-ip} Function: Set load-balance mode for switch, it takes effect for port-group and ECMP at the same time. Parameter: dst-src-mac performs load-balance according to the source and destination MAC dst-src-ip performs load-balance according to the destination and source IP dst-src-mac-ip performs load-balance according to the destination and source MAC, the destination and source IP...
Page 707 equal to disable ECMP function. Command mode: Global Mode. Default: The default number is 4. Example: Configure the maximum-paths of the equivalence multi-paths as 8. Switch(config)# maximum-paths 8 40-12...
Page 708 Chapter 41 Commands for BFD 41.1 bfd authentication key Command: bfd authentication key <1-255> no bfd authentication key Function: Enable BFD authentication and configure key for interface, no command disables BFD authentication. Parameter: <1-255>- key ID. Default: Do not enable BFD authentication for interface. Command Mode: interface configuration mode Usage Guide:...
Page 709 Command Mode: Global configuration mode Usage Guide: Configure md5 mode and authentication character string for BFD authentication, BFD authentication will be processed by optional fields of packets after this command is configured. BFD will establish neighbor in case that keys in two peers are same. Example: Use md5 to encrypt, key ID is 1, authentication character string is 123456.
Page 710 41.4 bfd echo Command: bfd echo no bfd echo Function: Enable bfd echo, no command deletes bfd echo. Default: echo is disabled on interface. Command Mode: Interface configuration mode Usage Guide: Enable bfd echo, session in up mode sends echo packets to reduce frequency of control packets. Example: Enable echo on interface.
Page 711 destination address of packets is an interface address to ensure that packets can be returned along the original paths. There is no special request for UDP data. Example: Configure source address of bfd echo packets to 192.168.1.1. s5(config)#bfd echo-source-ip 192.168.1.1 41.6 bfd echo-source-ipv6 Command: bfd echo-source-ipv6 <ipv6-address>...
Page 712 Function: Enable BFD for VRRP(v3) protocol and enable BFD detection on the group, no command disables BFD for VRRP(v3) protocol. Default: BFD is not enabled for VRRP(v3). Command Mode: VRRP(v3) group configuration mode Usage Guide: After enable BFD detection on the group, if the group receives hello packets when processing backup, it will inform BFD to establish the relevant session.
Page 713 <value2>-minimum receiving interval, unit is ms, range from 200 to 1000, it may be different for different devices. <value3>- multiplier of session detection, range from 3 to 50. Default: minimum transmission interval is 400ms, minimum receiving interval is 400ms, detection multiplier is 5.
Page 714 Configure the minimum receiving interval is 800ms for bfd echo packets. s5(config)#in vlan 50 s5(config-if-vlan50)#bfd min-echo-recv-interval 800 41.10 bfd mode Command: bfd mode {active | passive} no bfd mode Function: Configure BFD working mode before the session is established, the default mode is active mode. No command restores active mode.
Page 715 fsm：Enable the display of state machine for BFD error: Enable the display of error events for BFD timer: Enable the display of timeout events for BFD Command Mode: Admin mode Usage Guide: Enable the relevant debugging of BFD. Example: Enable the debugging of BFD. s5#debug bfd all 41.12 ip ospf bfd enable Command:...
Page 716 Function: Configure BFD for the static route, no command cancels the configuration. Parameter: <name> is vrf name, <ipv4-address> is destination address, mask is the subnet mask, nexthop is nexthop address Command Mode: Global mode Default: BFD is not configured for the static route. Usage Guide: Configure BFD for the route and specify the detection mode.
Page 717 41.15 ipv6 ospf bfd enable instance-id Command: ipv6 ospf bfd enable instance-id <0-255> no ipv6 ospf bfd enable Function: Configure BFD for OSPFv3 instance on the specific interface, no command cancels the configuration. Default: BFD is no enabled for OSPFv3 instance. Command Mode: Interface configuration mode Usage Guide:...
Page 718 41.17 ipv6 route bfd Command: ipv6 route {vrf <name> <ipv6-address> | <ipv6-address>} prefix <nexthop> bfd no ipv6 route {vrf <name> <ipv6-address>|<ipv6-address>} prefix <nexthop> bfd Function: Configure BFD for the static IPv6 route, no command cancels the configuration. Parameter: <name> is vrf name, <ipv6-address> is destination address, prefix is prefix length, vlanid is output interface, nexthop is nexthop address.
Page 719 Usage Guide: Enable link detection offered by BFD on the peer neighbor of BGP(4+), BFD will inform BGP(4+) protocol after detect the neighbor’s link fault. Example: Enable link detection offered by BFD on the peer neighbor of BGP. s5(config)#router bgp 1 s5(config-router)#neighbor 1.1.1.1 bfd Enable link detection offered by BFD on the peer neighbor of BGP4+.
Page 720 show bfd neighbor [[<ipv6-address>|<ipv4-address] [details]] Function: Show BFD neighbor in switch. Parameter: <ipv6-address> specifies the shown neighbor shown of IPv6 addres, <ipv4-address> specifies the shown neighbor of IPv4 address, IP address refers to remote IP address, details shows the detail information of neighbor.
Page 721 Commands for Routing Protocol Chapter 12 Commands for BGP GR Chapter 42 Commands for BGP GR 42.1 bgp graceful-restart Command: bgp graceful-restart no bgp graceful-restart Function: Enable BGP to support GR and set restart-time and stale-path-time as the default value, no command disables GR.
Page 722 Commands for Routing Protocol Chapter 12 Commands for BGP GR Example: Configure restart-time as 60s for BGP GR Switch(config-router)# bgp graceful-restart restart-time 60 42.3 bgp graceful-restart stale-path-time Command: bgp graceful-restart stale-path-time <1-3600> no bgp graceful-restart stale-path-time <1-3600> Function: Configure stale-path-time for BGP GR. Specify the longest waiting time that delete stale route from the received OPEN messages to the received EOR for Receiving Speaker.
Page 723 Commands for Routing Protocol Chapter 12 Commands for BGP GR Command Mode: BGP route configuration mode Default: selection-deferral-time uses the default value of 120s. Example: Configure selection-deferral-time as 240s for BGP GR. Switch(config-router)# bgp selection-deferral-time 240 42.5 neighbor capability graceful-restart Command: neighbor (A.B.C.D | X:X::X:X | WORD) capability graceful-restart no neighbor (A.B.C.D | X:X::X:X | WORD) capability graceful-restart...
Page 724 Commands for Routing Protocol Chapter 12 Commands for BGP GR Command Mode: BGP protocol unicast address family mode and VRF address family mode. Default: The default restart-time is 120s for neighbor. Example: Configure restart-time as 60s for neighbor 1.1.1.1. Switch(config-router)# neighbor restart-time 60 42-4...
Page 725 Chapter 43 Commands for OSPF GR 43.1 capability restart graceful Command: capability restart graceful no capability restart Function: Enable GR of specified OSPF process, no command disables this function. Command mode: OSPF protocol configuration mode Default: Enable OSRF GR function. Usage Guide: When a switch is using OSPF GR, it will quit GR directly if disable GR.
Page 726 43.3 ospf graceful-restart grace-period Command: ospf graceful-restart grace-period <integer> no ospf restart grace-period Function: Configure grace period of GR restarter, no command restores grace period to default value. Parameter: <integer>: value of grace period, unit is second and ranging from 1 to 1800. Command mode: Global configuration mode Default:...
Page 727 Usage Guide: If grace period set by GR restarter is bigger than max-grace period configured by helper, helper will not help restarter to complete GR. The no command deletes all helper policies. Example: Configure the maximum grace period allowed by GR helper to 100s. Switch(config)#ospf graceful-restart helper max-grace-period 100 43.5 ospf graceful-restart helper never Command:...
Page 728 all processes when there is no parameter configured. Command Mode: Admin mode Example: Show main OSPF information of all processes. Switch#show ip ospf Routing Process "ospf 0" with ID 192.168.40.69 Process bound to VRF default Process uptime is 52 minutes Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA...
Page 729 Parameter: <process-id>: Process ID, ranging from 0 to 65535. It means that GR state of all processes shown when there is no parameter configured. Command Mode: Admin mode Example: Show GR state of all processes on GR restarter. Switch#show ip ospf graceful-restart OSPF process 0 graceful-restart information：...
Page 730: Show Ip Mroute
Chapter 44 IPv4 Multicast Protocol 44.1 Public Commands for Multicast 44.1.1 show ip mroute Command: show ip mroute [<GroupAddr> [<SourceAddr>]] Function: show IPv4 software multicast route table. Parameter: GroupAddr: show the multicast entries relative to this Group address. SourceAddr: show the multicast route entries relative to this source address. Command Mode: Admin mode and global mode Example:...
Page 731 ingress interface of the entries Wrong packets received from the wrong interface egress interface of the entries the value of TTL 44.2 Commands for PIM-DM 44.2.1 debug pim timer sat Command: debug pim timer sat no debug pim timer sat Function: Enable debug switch of PIM-DM source activity timer information in detail;...
Page 732 Default: Disabled. Command Mode: Admin Mode. Usage Guide: Enable the switch, and display PIM-DM state-refresh timer information in detail. Example: Switch #debug ip pim timer srt Remark: Other debug switches in PIM-DM are common in PIM-SM, including debug pim event, debug pim packet, debug pim nexthop, debug pim nsm, debug pim mfc, debug pim timer, debug pim state, refer to PIM-SM manual section.
Page 733 44.2.4 ip pim bsr-border Command: ip pim bsr-border no ip pim bsr-border Function: To configure or delete PIM BSR-BORDER interface. Default: Non-BSR-BORDER. Command Mode: Interface Configuration Mode. Usage Guide: To configure the interface as the BSR-BORDER. If configured, BSR related messages will not receive from or sent to the specified interface.
Page 734 Enable PIM-DM protocol on interface vlan1. Switch (config)#ip pim multicast-routing Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ip pim dense-mode 44.2.6 ip pim dr-priority Command: ip pim dr-priority <priority> no ip pim dr-priority Function: Configure, disable or change the interface’s DR priority. The neighboring nodes in the same net segment select the DR in their net segment according to hello packets.
Page 735 Default: The Hello packets include GenId option. Command Mode: Interface Configuration Mode Usage Guide: This command is used to interact with older Cisco IOS version. Example: Configure the Hello packets sent by the switch do not include GenId option. Switch (Config-if-Vlan1)#ip pim exclude-genid Switch (Config-if-Vlan1)# 44.2.8 ip pim hello-holdtime Command:...
Page 736 Switch (Config -if-Vlan1)#ip pim hello-holdtime 10 Switch (Config -if-Vlan1)# 44.2.9 ip pim hello-interval Command: ip pim hello-interval < interval> no ip pim hello-interval Function: Configure interface PIM-DM hello message interval; the “no ip pim hello-interval” restores default value. Parameter: < interval> is interval of periodically transmitted PIM-DM hello message, value range from 1s to 18724s.
Page 737 Disabled PIM-SM Command Mode: Global Mode Usage Guide: Enable PIM-SM globally. The interface must enable PIM-SM to have PIM-SM work Example: Enable PIM-SM globally. Switch (config)#ip pim multicast-routing 44.2.11 ip pim neighbor-filter Command: ip pim neighbor-filter <list-number> no ip pim neighbor-filter <list-number> Function: Configure the neighbore access-list.
Page 738 Switch (config)#show ip pim neighbor Switch (config)# 44.2.12 ip pim scope-border Command: ip pim scope-border [<1-99 >|<acl_name>] no ip pim scope-border Function: To configure or delete management border of PIM. Parameters: <1-99 >: is the ACL number for the management border. <acl_name>: is the ACL name for the management border.
Page 739 Global Mode Usage Guide: The first-hop router periodically transmits stat-refresh messages to maintain PIM-DM list items of all the downstream routers. The command can modify origination interval of state-refresh messages. Usually do not modify relevant timer interval. Example: Configure transmission interval of state-refresh message to 90s. Switch (config)#ip pim state-refresh origination-interval 90 44.2.14 show ip pim interface Command:...
Page 740 Command: show ip pim mroute dense-mode [group <A.B.C.D>] [source <A.B.C.D>] Function: Display PIM-DM message forwarding items. Parameter: group <A.B.C.D>: displays forwarding items relevant to this multicast address. source <A.B.C.D>: displays forwarding items relevant to this source. Default: Do not display (Off). Command Mode: Admin Mode Usage Guide:...
Page 741 (*,226.0.0.1) (*,G) Forwaridng item (192.168.1.12, 226.0.0.1) (S,G) Forwarding item RPF nbr Backward path neighbor, upstream neighbor of source direction in DM, 0.0.0.0 expresses the switch is the first hop. RPF idx Interface located in RPF neighbor Upstream State Upstream direction, including FORWARDING(forwarding upstream...
Page 742 Address Priority/Mode 10.1.6.1 Vlan1 00:00:10/00:01:35 v2 10.1.6.2 Vlan1 00:00:13/00:01:32 v2 10.1.4.2 Vlan3 00:00:18/00:01:30 v2 10.1.4.3 Vlan3 00:00:17/00:01:29 v2 Displayed Information Explanations Neighbor Address Neighbor address Interface Neighbor interface Uptime/Expires Running time /overtime Pim version ,v2 usually DR Priority/Mode DR priority in the hello messages from the neighbor and if the neighbor is the interface’s DP.
Page 743 Nexthop Num Nexthop number Nexthop Addr Nexthop address Nexthop Ifindex Nexthop interface index Nexthop Name Nexthop name Metric Metric Metric to nexthop Pref Preference Route preference Refcnt Reference count 44.3 Commands for PIM-SM 44.3.1 clear ip pim bsr rp-set Command: clear ip pim bsr rp-set * Function: Clear all RP.
Page 744 Admin Mode. Usage Guide: Enable pim event debug switch and display events information about pim operation. Example: Switch# debug ip pim event Switch# 44.3.3 debug pim mfc Command: debug pim mfc no debug pim mfc Function: Enable or Disable pim mfc debug switch Default: Disabled Command Mode:...
Page 745 extension. Example: Switch# debug ip pim mib 44.3.5 debug pim nexthop Command: debug pim nexthop no debug pim nexthop Function: Enable or Disable pim nexthop debug switch Default: Disabled Command Mode: Admin Mode. Usage Guide: Inspect PIM NEXTHOP changing information by the pim nexthop switch. Example: Switch# debug ip pim nexthop 44.3.6 debug pim nsm...
Page 746 44.3.7 debug pim packet Command: debug pim packet debug pim packet in debug pim packet out no debug pim packet no debug pim packet in no debug pim packet out Function: Enable or Disable pim debug switch Parameter: in display only received pim packets out display only transmitted pim packets none display both Default:...
Page 747 Example: Switch# debug ip pim state 44.3.9 debug pim timer Command: debug pim timer debug pim timer assert debug pim timer assert at debug pim timer bsr bst debug pim timer bsr crp debug pim timer bsr debug pim timer hello ht debug pim timer hello nlt debug pim timer hello tht debug pim timer hello...
Page 748 no debug pim timer joinprune jt no debug pim timer joinprune kat no debug pim timer joinprune ot no debug pim timer joinprune plt no debug pim timer joinprune ppt no debug pim timer joinprune pt no debug pim timer joinprune no debug pim timer register rst no debug pim timer register Function:...
Page 749 The <ifname> should be valid VLAN interfaces. The multicast data flow will not be forwarded unless PIM is configured on the egress interface and the interface is UP. If the state of the interface is not UP, or PIM is not configured, or RPF is not valid, the multicast data flow will not be fordwarded. To removed the specified multicast routing entry.
Page 750 Default: Permit the multicast registers from any sources to any groups. Command Mode: Global Mode Usage Guide: This command is used to configure the access-list filtering the PIM REGISTER packets.The addresses of the access-list respectively indicate the filtered multicast sources and multicast groups’...
Page 751 ip pim bsr-candidate {vlan <vlan-id>| <ifname>} [hash-mask-length] [priority] no ip pim bsr-candidate Function: This command is the candidate BSR configure command in global mode and is used to configure PIM-SM information about candidate BSR in order to compete with other candidate BSRs for the BSR router.
Page 752 Global Mode Usage Guide: This command is used to interact with older Cisco IOS version. Example: Configure the register packet’s checksum of the group specified by myfilter to use the whole packet’s length. Switch (config)#ip pim cisco-register-checksum group-list 23 44.3.16 ip pim dr-priority Command: ip pim dr-priority <priority>...
Page 753 Function: This command makes the Hello packets sent by PIM SM do not include GenId option. The “no ipv6 pim exclude-genid” command restores the default value Default: The Hello packets include GenId option. Command Mode: Interface Configuration Mode Usage Guide: This command is used to interact with older Cisco IOS version.
Page 754 Example: Configure vlan1’s Hello Holdtime Switch (config)# interface vlan1 Switch (Config -if-Vlan1)#ip pim hello-holdtime 10 Switch (Config -if-Vlan1)# 44.3.19 ip pim hello-interval Command: ip pim hello-interval <interval> no ip pim hello-interval Function: Configure the interface’s hello_interval of pim hello packets. The “no ip pim hello-interval” command restores the default value.
Page 755 ip pim ignore-rp-set-priority no ip pim ignore-rp-set-priority Function: When RP selection is carried out, this command configures the switch to enable Hashing regulation and ignore RP priority. This command is used to interact with older Cisco IOS versions. Default: Disabled Command Mode: Global Mode Usage Guide:...
Page 756 44.3.22 ip pim multicast-routing Command: ip pim multicast-routing no ip pim multicast-routing Function: Enable PIM-SM globally. The “no ip pim multicast-routing” command disables PIM-SM globally. Default: Disabled PIM-SM Command Mode: Global Mode Usage Guide: Enable PIM-SM globally. The interface must enable PIM-SM to have PIM-SM work Example: Enable PIM-SM globally.
Page 757 Configure VLAN’s filtering rules of pim neighbors. Switch #show ip pim neighbor Neighbor Interface Uptime/Expires Address Priority/Mode 10.1.4.10 Vlan1 02:30:30/00:01:41 v2 4294967294 / DR Switch (Config-if-Vlan1)#ip pim neighbor-filter 2 Switch (config)#access-list 2 deny 10.1.4.10 0.0.0.255 Switch (config)#access-list 2 permit any Switch (config)#show ip pim neighbor 44.3.24 ip pim register-rate-limit Command:...
Page 758 ip pim register-rp-reachability no ip pim register-rp-reachability Function: This command makes DR check the RP reachability in the process of registration. Default: Do not check Command Mode: Global Mode Usage Guide: This command configures DR whether or not to check the RP reachability. Example: Configure DR to check the RP reachability.
Page 759 Configure the source address sent by DR. Switch (config)#ip pim register-source 10.1.1.1 44.3.27 ip pim register-suppression Command: ip pim register-suppression <value> no ip pim register-suppression Function: This command is to configure the value of register suppression timer, the unit is second. The “no ip pim register-suppression”...
Page 760 <A.B.C.D> is the RP address <A.B.C.D/M> the scope of the specified RP address <all> is all the range Default: This switch is not a RP static router. Command Mode: Global Mode Usage Guide: This command is to configure static RP globally or in a multicast address range and configure PIM-SM static RP information.
Page 761 candidate RP information in order to compete RP router with other candidate RPs.Only this command is configured, this switch is the RP candidate router. Example: Configure vlan1 as the sending interface of candidate RP announcing sending messages Switch (config)# ip pim rp-candidate vlan1 100 44.3.30 ip pim rp-register-kat Command: ip pim rp-register-kat <vaule>...
Page 762 Parameters: <1-99 >: is the ACL number for the management border. <acl_name>: is the ACL name for the management border. Default: Not management border. If no ACL is specified, the default management border will be used. Command Mode: Interface Configuration Mode. Usage Guide: To configure the management border and the ACL for the PIM protocol.
Page 763 44.3.33 show ip pim bsr-router Command: show ip pim bsr-router Function: Display BSR address Command Mode: Admin Mode. Usage Guide: Display the BSR information maintained by the PIM. Example: Switch# show ip pim bsr-router PIMv2 Bootstrap information This system is the Bootstrap Router (BSR) BSR address: 10.1.4.3 (?) Uptime: 00:06:07, BSR Priority: 0, Hash mask length: 10...
Page 764 Usage Guide: Display PIM interface information Example: testS2(config)#show ip pim interface Address Interface VIFindex Ver/ Mode Count Prior 10.1.4.3 Vlan1 v2/S 10.1.4.3 10.1.7.1 Vlan2 v2/S 10.1.7.1 Displayed Information Explanations Address Interface address Interface Interface name VIF index Interface index Ver/Mode Pim version and mode,usually v2,sparse mode displays S,dense mode displays D Nbr Count...
Page 765 (*,G) Entries: 1 (S,G) Entries: 0 (S,G,rpt) Entries: 0 (*, 239.192.1.10) RP: 10.1.6.1 RPF nbr: 10.1.4.10 RPF idx: Vlan1 Upstream State: JOINED Local ..l......Joined ........ Asserted ........ Outgoing ..o......Displayed Information Explanations Entries The counts of each item Share tree’s RP address RPF nbr RP direction or upneighbor of source direction.
Page 766 Command: show ip pim neighbor Function: Display router neighbors Command Mode: Admin Mode and Global Mode Usage Guide: Display multicast router neighbors maintained by the PIM Example: Switch (config)#show ip pim neighbor Neighbor Interface Uptime/Expires Address Priority/Mode 10.1.6.1 Vlan1 00:00:10/00:01:35 v2 10.1.6.2 Vlan1 00:00:13/00:01:32 v2...
Page 767 Switch(config)#show ip pim nexthop Flags: N = New, R = RP, S = Source, U = Unreachable Destination Type Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Addr Ifindex Name ____ 192.168.1.1 N... 0.0.0.0 2006 192.168.1.9 ..S. 0.0.0.0 2006 Displayed Information Explanations Destination Destination of next item...
Page 768: Show Ip Pim Rp Mapping
Info source: 10.1.6.1, via bootstrap Displayed Information Explanations Queried group’sRP Info source The source of Bootstrap information 44.3.39 show ip pim rp mapping Command: show ip pim rp mapping Function: Display Group-to-RP Mapping and RP. Command Mode: Admin Mode and Global Mode Usage Guide: Display the current RP and mapping relationship.
Page 769 no cache-sa-holdtime Function: To configure the longest holdtime of SA table within MSDP Cache. Parameter: seconds: the units are seconds, range between 150 to 3600. Command Mode: MSDP Configuration Mode. Default: 150 seconds by default. Usage Guide: To configure the aging time of (S, G) table for MSDP cache as requirement. Example: Switch(config)#router msdp Switch(router-msdp)#cache-sa-holdtime 350...
Page 770 Switch(router-msdp)#cache-sa-maximum50000 Switch(router-msdp)#peer 20.1.1.1 Switch(router-msdp-peer)# cache-sa-maximum 22000 44.4.3 cache-sa-state Command: cache-sa-state no cache-sa-state Function: To configure the SA cache state of route. Command Mode: MSDP Configuration Mode and MSDP Peer Configuration Mode. Default: Enabled. Usage Guide: To configure the SA cache state. If configured, the new groups will be able to get information about all the active sources from the SA cache and join the related source tree without having to wait for new SA messages.
Page 771 Usage Guide: If this command is issued with peer-address, the TCP connection to the specified MSDP Peer will be removed. And all the statistics about the peer will be cleared. If no peer-address is appended, all the MSDP connections as long as relative statistics about peers will be removed. Example: Switch#clear msdp peer * 44.4.5 clear msdp sa-cache...
Page 772 Example: Switch#clear msdp statistics * 44.4.7 connect-source Command: connect-source <interface-type <interface-number> no connect-source <interface-type> <interface-number> Function: To configure the interface address, which used for all the MSDP Peers to set up correspond connection between MSDP Peer and MSDP. Parameter: <interface-type> <interface-number>: Interface type and interface number. Command Mode: MSDP Configuration Mode and MSDP Peer Configuration Mode.
Page 773 To enable all the debugging information about MSDP; the no command disable all the debugging information. Command Mode: Admin Configuration Mode. Default: Disabled. Usage Guide: Enable the debugging switch of MSDP, display the protocol packet send/receive information of MSDP Peer---packet, keepalive packet send/receive...
Page 774 Function: Enable/disable debug switch of MSDP filter policy information. Default: Close the switch. Command Mode: Admin Mode. Usage Guide: The filter information of MSDP receiving/sending message can be monitored after enable this switch. Example: Switch#debug msdp filter 44.4.11 debug msdp fsm Command: debug msdp fsm no debug msdp fsm...
Page 775 close the switch. Command Mode: Admin Mode. Usage Guide: The information of receiving/sending keepalive message for MSDP protocol can be monitored after enables this switch. Example: Switch#debug msdp keepalive 44.4.13 debug msdp nsm Command: debug msdp nsm no debug msdp nsm Function: Enable/disable the switch of msdp nsm debug.
Page 776 Admin Mode. Usage Guide: The receiving/sending messages of MSDP protocol can be monitored after enable this switch. Example: Switch#debug msdp packet send 44.4.15 debug msdp peer Command: debug msdp peer A.B.C.D no debug msdp peer Function: Enable/disable all the debug information switch of specified MSDP Peer. Default: Close the switch.
Page 777 Enable dubug information for the specified timer as requirement. Example: Switch#debug msdp timer 44.4.17 default-rpf-peer Command: default-rpf-peer <peer-address> [rp-policy <acl-list-number>|<word>] no default-rpf-peer Function: To configure static RPF peer. Parameter: <peer-address>: the IP address of the MSDP peer. <acl-list-number>: the ACL number, only support standard ACL from 1 to 99. <word>: the standard ACL name.
Page 778 To add description for the specified MSDP Peer in order to identify the different MSDP configuration. The no form of this command will remove the description. Example: Switch(config)#router msdp Switch(router-msdp)#peer 20.1.1.1 Switch(router-msdp-peer)# description PLANET-20 44.4.19 exit-peer-mode Command: exit-peer-mode Function: Quit MSDP Peer configuration mode, and enter MSDP configuration mode.
Page 779 MSDP Peer doesn’t belong to any mesh group by default. Usage Guide: Mesh group can reduce SA message flooding and predigest Peer-RPF checking. Example: Switch(config)#router msdp Switch(router-msdp)#peer 20.1.1.1 Switch(router-msdp-peer)# mesh-group PLANET-1 44.4.21 originating-rp Command: originating-rp <interface-type> <interface-number> no originating-rp Function: Configure Originating RP address that to configure the IP address of the specified interface as the IP address of the RP in the SA messages.
Page 780 messages for other RP will not be advertised either. Hence, it is required that the interface should be working when being configured. Example: Switch(config)#router msdp Switch(router-msdp)#originating-rp vlan 20 44.4.22 peer Command: peer <A.B.C.D> no peer <A.B.C.D> Function: To configure MSDP Peer, enter MSDP Peer mode; the no form command delete the configured MSDP Peer.
Page 781 no redistribute Function: To configure the redistribute of SA messages. Parameter: acl-number: specified advanced ACL number (100-199). acl-name: specified ACL name. Command Mode: MSDP Configuration Mode. Default: When set up SA message, announce all the source within fired, but not confine the (S, G) item. Usage Guide: If ACL list number is specified, only the (S, G) entries which have passed the ACL check will be advertised in the SA messages.
Page 782 Switch(router-msdp-peer)# remote-as 20 44.4.25 router msdp Command: router msdp no router msdp Function: Enable the MSDP protocol of the switch, enter MSDP mode; the no form command disable MSDP protocol. Command Mode: Global Mode. Default: Disabled. Usage Guide: Enable MSDP on global mode, but even configured PIM SM at the same time, then the MSDP can be work.
Page 783 If the parameter isn’t specified, the entire SA messages which include (S, G) item will be filtered. Command Mode: MSDP Configuration Mode and MSDP Peer Configuration Mode. Default: All the SA messages receiving or transmitting will not be filtered. Usage Guide: Configuration in the peer mode will override that in the MSDP configuration mode.
Page 784 Switch(config)#router msdp Switch(router-msdp)#peer 20.1.1.1 Switch(router-msdp-peer)# sa-request 44.4.28 sa-request-filter Command: sa-request-filter [list <access-list-number | access-list-name>] no sa-request-filter [list <access-list-number | access-list-name>] Function: All the SA request messages from MSDP Peer will be filtered. Parameter: access-list-number: The ACL number, it only supported standard ACL from 1 to 99. access-list-name: ACL name.
Page 785 Redistribute_filter: Not set SA-filter: [IN]: RP-list: None, SG-list: None [OUT]: Not Configured SA-Request-Filter: Not Configured Default Peer: Not Configured Mesh Group: PLANET-1 The introduction of showed items: Field Explaination SA-Cached MSDP SA-Cached state. Originator The RP interface of MSDP originated.
Page 786 show msdp local-sa-cache Function: Display the information for local-sa-cache. Command Mode: Admin Mode and Configuration Mode. Usage Guide: Display the information for local-sa-cache. Example: Switch#show msdp local-sa-cache MSDP Flags: E - set MRIB E flag, L - domain local source is active, EA - externally active source, PI - PIM is interested in the group, DE - SAs have been denied.
Page 787 Connection status: State: Established, Resets: 0, Connection Source: Not set, Connect address: 31.1.1.1 Uptime (Downtime): 00h:07m:53s, SA messages received: 16 TLV messages sent/received: 8/24 SA messages incoming Rrjected: SA messages outgoing Rrjected: SA Filtering: Input filter Not Configured Output filter Not Configured SA-Requests: Input filter Not Configured Sending SA-Requests to peer: Disabled...
Page 788 Function: Display the configuration information for cache-exterior source under MSDP. Parameter: source-address: Source address; group-address: Group address; as-number: autonomous-system-number autonomous system number; peer-address: Peer address; rp-address: RP address. Command Mode: Admin and Configuration Mode. Usage Guide: Show the configuration information for cache-exterior source under MSDP. Example: Switch#show msdp sa-cache 30.30.30.1 MSDP Flags:...
Page 789 44.4.33 show msdp sa-cache summary Command: show msdp sa-cache summary Function: Show the summary of MSDP Cache. Command Mode: Admin and Configuration Mode. Usage Guide: Show the summary of MSDP Cache. Example: Switch#show msdp sa-cache summary MSDP Flags: E - set MRIB E flag, L - domain local source is active, EA - externally active source, PI - PIM is interested in the group, DE - SAs have been denied.
Page 790 Total number of RPs Total number of different RP in the cache. Originator-RP Originated RP address. SA total Total number of received SA message from RP. RPF peer The RPF Peer address of corresponding RP. AS-num Autonomous system number. 44.4.34 show msdp statistics Command: show msdp statistics peer [Peer-address] Function:...
Page 791 44.4.35 show msdp summary Command: show msdp summary Function: Show the summary of MSDP. Command Mode: Admin and Configuration Mode. Usage Guide: Show the summary of MSDP. Example: Switch#show msdp summary Maximum External SA's Global : 20000 MSDP Peer Status Summary Peer Address AS State Uptime/ Reset Peer Active...
Page 792 Command Mode: MSDP Peer Configuration Mode. Default: Enabled. Usage Guide: When configuring a MSDP Peer with multiple commands, sometimes it is required that these commands should be effect together but not one by one. The shutdown command can be used to disable the peer before configuration and the no shutdown used after configuration in order to make the peer configuration effect together.
Page 793 44.5 Commands for ANYCAST RP v4 44.5.1 debug pim anycast-rp Command: debug pim anycast-rp no debug pim anycast-rp Function: Enable the debug switch of ANYCAST RP function; the no operation of this command will disable this debug switch. Command Mode: Admin Mode.
Page 794 Enable ANYCAST RP in global configuration mode. Switch(config)#ip pim anycast-rp 44.5.3 ip pim anycast-rp Command: ip pim anycast-rp <anycast-rp-addr> <other-rp-addr> no ip pim anycast-rp <anycast-rp-addr> <other-rp-addr> Function: Configure ANYCAST RP address (ARA) and the unicast addresses of other RP communicating with this router (as a RP).
Page 795 44.5.4 ip pim anycast-rp self-rp-address Command: ip pim anycast-rp self-rp-address <self-rp-addr> no ip pim anycast-rp self-rp-address Function: Configure the self-rp-address of this router (as a RP). This address will be used to exclusively identify this router from other RP, and to communicate with other RP. The no operation of this command will cancel the configured unicast address used by this router (as a RP) to communicate with other RP.
Page 796 Add a Loopback interface as a RP candidate interface based on the original PIM-SM command; the no operation of this command is to cancel the Loopback interface as a RP candidate interface. Parameters: index: Loopback interface index, whose range is <1-1024>. vlan-id: the VLAN ID.
Page 797 44.5.7 show ip pim anycast-rp first-hop Command: show ip pim anycast-rp first-hop Command Mode: Admin and Configuration Mode. Usage Guide: Display the state information of ANYCAST RP, and display the mrt node information generated in the first hop RP which is currently maintained by the protocol. Example: Switch(config)#show ip pim anycast-rp first-hop IP Multicast Routing Table...
Page 798 Switch(config)#show ip pim anycast-rp non-first-hop IP Multicast Routing Table (*,G) Entries: 0 (S,G) Entries: 1 (E,G) Entries: 0 INCLUDE (192.168.10.120, 225.1.1.1) Local .l......Display Explanation Entries The number of all kinds of entries. INCLUDE The mrt information created in the first hop RP. 44.5.9 show ip pim anycast-rp status Command: show ip pim anycast-rp status...
Page 799 other rp unicast rp address: 192.168.2.1 -------------------------------- Display Explanation anycast-rp: Whether the ANYCAST RP switch is globally enabled. self-rp-address: The configured self-rp-address. anycast-rp address: The configured anycast-rp-address. configured other communication addresses other rp unicast rp address: accordance with the above anycast-rp-address. configured other communication...
Page 800 work with DVMRP. 3. Access-list can’t used the lists created by ip access-list, but the lists created by access-list. 4. Users can execute this command first and then configure the corresponding acl; or delete corresponding acl in the bondage. After the bondage, only command no ip pim ssm can release the bondage.
Page 801: Ip Dvmrp Enable
Admin Mode Usage Guide: Enable this switch, and display DVMRP protocol executed relevant messages. 44.7.2 ip dvmrp enable Command: ip dvmrp enable no ip dvmrp Function: Configure to enable DVMRP protocol on interface; the “no ip dvmrp” command disenables DVMRP protocol.
Page 802 Interface Configuration Mode Usage Guide: The routing information in DVMRP report messages includes a groupsource network and metric list. After configuring interface DVMRP report message metric value, it makes all received routing entriy from the interface adding configured interface metric value as new metric value of the routing. The metric value applies to calculate posion reverse, namely ensuring up-downstream relations.
Page 803 no ip dvmrp output-report-delay Function: Configure the delay of DVMRP report message transmitted on interface and transmitted message quantity every time, the “no ip dvmrp output-report-delay” command restores default value. Parameter: <delay_val> is the delay of periodically transmitted DVMRP report message, value range from 1s to 5s.
Page 804: Ip Dvmrp Tunnel
44.7.7 ip dvmrp tunnel Command: ip dvmrp tunnel <index> <src-ip> <dst-ip> no ip dvmrp tunnel {<index> |<src-ip> <dst-ip>} Function: Configure a DVMRP tunnel; the “no ip dvmrp tunnel {<index> |<src-ip> <dst-ip>}” command deletes a DVMRP tunnel. Parameter: <src-ip> is source IP address, <dst-ip>...
Page 805: Show Ip Dvmrp Interface
Usage Guide: The command applies to display some total statistic information of DVMRP protocol Example: Switch#show ip dvmrp DVMRP Daemon Start Time: MON JAN 01 00:00:09 2001 DVMRP Daemon Uptime: 17:37:03 DVMRP Number of Route Entries: 2 DVMRP Number of Reachable Route Entries: 2 DVMRP Number of Prune Entries: 1 DVMRP Route Report Timer: Running DVMRP Route Report Timer Last Update: 00:00:56...
Page 806: Show Ip Dvmrp Neighbor
Interface Interface corresponding physical interface name Vif Index Virtual interface index Interface supporting version Nbr Cnt Neighbor count Type Interface type Remote Address Remote address 44.7.10 show ip dvmrp neighbor Command: show ip dvmrp neighbor [{<ifname> <A.B.C.D> [detail]}| { <ifname>[detail]}|detail] Function: Display DVMRP neighbor.
Page 807: Show Ip Dvmrp Route
Command: show ip dvmrp prune [{group <A.B.C.D> [detail]}|{source <A.B.C.D/M> group <A.B.C.D> [detail]}|{source <A.B.C.D/M> [detail] }|detail] Function: Display DVMRP message forwarding item. Default: Do not display Command Mode: Any Configuration Mode Usage Guide: This command applies to display DVMRP multicast forwarding item, namely multicast forwarding table calculated by dvmrp protocol.
Page 808 Any Configuration Mode Usage Guide: The command applies to display DVMRP routing table item; DVMRP maintains individual unicast routing table to check RPF. Example: Display DVMRP routiing. Switch #show ip dvmrp route Flags: N = New, D = DirectlyConnected, H = Holddown Network Flags Nexthop Nexthop...
Page 809 <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination}” command deletes the access-list. Parameter: <6000-7999>: destination control access-list number. {deny|permit}: deny or permit. <source>: multicast source address. <source-wildcard>: multicast source address wildcard character.. <source-host-ip>: multicast source host address. <destination>: multicast destination address. <destination-wildcard>: multicast destination address wildcard character. <destination-host-ip>: multicast destination host address Command Mode: Global Mode...
Page 810 deletes the access-list. Parameter: <5000-5099>: source control access-list number. {deny|permit}: deny or permit. <source>: multicast source address.. <source-wildcard>: multicast source address wildcard character. <source-host-ip>: multicast source host address. <destination>: multicast destination address. <destination-wildcard>: multicast destination address wildcard character. <destination-host-ip>: multicast destination host address. Command Mode: Global Mode Usage Guide:...
Page 811 match configured access-list, such as matching: permit, the interface can be added, otherwise do not be added. Example: Switch(config)#intere Switch(Config-If-Ethernet)#ip multicast destination-control access-group 6000 Switch (Config-If-Ethernet )# 44.8.4 ip multicast destination-control access-group (sip) Command: ip multicast destination-control <IPADDRESS/M> access-group <6000-7999> no ip multicast destination-control <IPADDRESS/M>...
Page 812 44.8.5 ip multicast destination-control access-group (vmac) Command: ip multicast destination-control <1-4094> <macaddr >access-group <6000-7999> no ip multicast destination-control <1-4094> <macaddr >access-group <6000-7999> Function: Configure multicast destination-control access-list used on specified vlan-mac, the “no ip multicast destination-control <1-4094> <macaddr >access-group <6000-7999>”command deletes this configuration.
Page 813 <priority>: specified priority, range from 0 to 7 Command Mode: Global Mode Usage Guide: The command configuration modifies to a specified value through the switch matching priority of specified range multicast data packet, and the TOS is specified to the same value simultaneously.Carefully, the packet transmitted in UNTAG mode does not modify its priority.
Page 814 Function: Configure multicast source control access-list used on interface, the “no ip multicast source-control access-group <5000-5099>” command deletes the configuration. Parameter: <5000-5099>: Source control access-list number. Command Mode: Interface Configuration Mode Usage Guide: The command configures with only enabling global multicast source control. After that, it will match multicast data message imported from the interface according to configured access-list, such as matching: permit, the message will be received and forwarded;...
Page 815 Example: switch(config)# multicast destination-control 44.8.10 show ip multicast destination-control Command: show ip multicast destination-control [detail] show ip multicast destination-control interface <Interfacename> [detail] show ip multicast destination-control host-address <ipaddress> [detail] show ip multicast destination-control <vlan-id> <mac-address> [detail] Function: Display multicast destination control Parameter: detail: expresses if it display information in detail or not..
Page 816 Function: Display destination control multicast access-list of configuration. Parameter: <6000-7999>: access-list number. Command Mode: Admin Mode and Global Mode Usage Guide: The command displays destination control multicast access-list of configuration. Example: Example: Switch# sh ip multicast destination-control acc access-list 6000 deny ip any any-destination access-list 6000 deny ip any host-destination 224.1.1.1 access-list 6000 deny ip host 2.1.1.1 any-destination access-list 6001 deny ip host 2.1.1.1 225.0.0.0 0.255.255.255...
Page 817 show ip multicast source-control interface <Interfacename> [detail] Function: Display multicast source control configuration Parameter: detail: expresses if it displays information in detail. <Interfacename>: interface name, such as Ethernet or ethernet . Command Mode: Admin Mode and Global Mode Usage Guide: The command displays multicast source control rules of configuration, including detail option, and access-list information applied in detail.
Page 818: Clear Ip Igmp Group
44.9 Commands for IGMP 44.9.1 clear ip igmp group Command: clear ip igmp group [A.B.C.D | IFNAME] Function: Delete the group record of the specific group or interface. Parameters: A.B.C.D the specific group address; IFNAME the specific interface. Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record.
Page 819 igmp event debug is on Switch# 01:04:30:56: IGMP: Group 224.1.1.1 on interface vlan1 timed out 44.9.3 debug igmp packet Command: debug igmp packet no debug igmp packet Function: Enable debugging switch of IGMP message information; the “no debug igmp packet” command disenables the debugging switch Default: Disabled...
Page 820 {<acl_num | acl_name>} is SN or name of access-list, value range of acl_num is from 1 to 99. Default: Default no filter condition Command Mode: Interface Configuration Mode Usage Guide: Configure interface to filter groups, permit or deny some group joining. Example: Configure interface vlan1 to permit group 224.1.1.1, deny group 224.1.1.2.
Page 821 44.9.6 ip igmp join-group Command: ip igmp join-group <A.B.C.D > no ip igmp join-group <A.B.C.D > Function: Configure interface to join some IGMP group; the “no ip igmp join-group” command cancels this join Parameter: <A.B.C.D>: is group address Default: Do not join Command Mode: Interface Configuration Mode Usage Guide:...
Page 822: Ip Igmp Limit
1000ms Command Mode: Interface Configuration Mode Example: Configure interface vlan1 IGMP last-member-query-interval to 2000. Switch (config)#int vlan 1 Switch (Config-if-vlan1)#ip igmp last-member-query-interval 2000 44.9.8 ip igmp limit Command: ip igmp limit <state-count> no ip igmp limit Function: Configure limit IGMP state-count on interface; the “no ip igmp limit” command cancels the value of user manual configuration, and restores default value.
Page 823 Command: ip igmp query-interval <time_val> no ip igmp query-interval Function: Configure interval of periodically transmitted IGMP query information; the “no ip igmp query-interval” command restores default value. Parameter: <time_val> is interval of periodically transmitted IGMP query information, value range from 1s to 65535s.
Page 824 multicast group, the value of timer is selected random from 0 to maximum response time, the host will transmit member report message of the multicast group. Reasonable configuring maximum response time, it can make host quickly response query message. The router can also quickly grasp the status of multicast group member.
Page 825 ip igmp robust-variable <value> no ip igmp robust-variable Function: Configure the robust variable value，the “no ip igmp robust-variable” command restores default value. Parameter: value: range from 2 to 7. Command Mode: Interface Configuration Mode Default: Usage Guide: It is recommended using the default value. Example: Switch (config-if-vlan1)#ip igmp robust-variable 3 44.9.13 ip igmp static-group...
Page 826: Ip Igmp Version
Example: Configure static-group 224.1.1.1 on interface vlan1. Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ip igmp static-group 224.1.1.1 44.9.14 ip igmp version Command: ip igmp version <version> no ip igmp version Function: Configure IGMP version on interface; the “no ip igmp version” command restores default value. Parameter: <version>...
Page 827 <group_addr> is group address, namely querying specified group information; Detail expresses group information in detail Default: Do not display Command Mode: Admin Mode Example: Switch (config)#show ip igmp groups IGMP Connected Group Membership (2 group(s) joined) Group Address Interface Uptime Expires Last Reporter 226.0.0.1...
Page 828: Show Ip Igmp Interface
Displayed Information Explanations Group Mutlicast group IP address Interface Interface affiliated with Mutlicast group Flags Group property flag Uptime Mutlicast group uptime Group Mode Group mode, including INCLUDE and EXCLUDE. Group V3 will be available, group V1 and group V2 are regards as EXCLUDE mode.
Page 829 IGMP max query response time is 10 seconds Last member query response interval is 1000 ms Group Membership interval is 260 seconds IGMP is enabled on interface 44.10 Commands for IGMP Snooping 44.10.1 clear ip igmp snooping vlan Command: clear ip igmp snooping vlan <1-4094> groups [A.B.C.D] Function: Delete the group record of the specific VLAN.
Page 830: Debug Igmp Snooping
Admin Configuration Mode Usage Guide: Use show command to check the deleted mrouter port of the specific VLAN. Example: Delete mrouter port in vlan 1. Switch# clear ip igmp snooping vlan 1 mrouter-port Relative Command: show ip igmp snooping mrouter-port 44.10.3 debug igmp snooping all/packet/event/timer/mfc Command:...
Page 831 Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: Use this command to enable IGMP Snooping, that is permission every VLAN config the function of IGMP snooping. The “no ip igmp snooping” command disables this function. Example: Enable IGMP Snooping. Switch(config)#ip igmp snooping 44.10.5 ip igmp snooping proxy Command:...
Page 832 Default: IGMP Snooping is disabled by default. Usage Guide: To configure IGMP Snooping on specified VLAN, the global IGMP Snooping should be first enabled. Disable IGMP Snooping on specified VLAN with the “no ip igmp snooping vlan <vlan-id>” command. Example: Enable IGMP Snooping for VLAN 100 in Global Mode.
Page 833 Function: Set this VLAN to layer 2 general querier. Parameter: vlan-id: is ID number of the VLAN, ranging is <1-4094>. Command Mode: Global mode Default: VLAN is not as the IGMP Snooping layer 2 general querier. Usage Guide: It is recommended to configure a layer 2 general querier on a segment. IGMP Snooping function will be enabled by this command if not enabled on this VLAN before configuring this command, IGMP Snooping function will not be disabled when disabling the layer 2 general querier function.
Page 834: Ip Igmp Snooping Vlan Limit
query source address configuration does not function. The client will stop sending requesting datagrams after one is sent. And after a while, it can not receive multicast datagrams. Example: Switch(config)#ip igmp snooping vlan 2 L2-general-query-source 192.168.1.2 44.10.10 ip igmp snooping vlan l2-general-querier-version Command: ip igmp snooping vlan <vlanid>...
Page 835 g_limit：<1-65535>, max number of groups joined. s_limit：<1-65535>, max number of source entries in each group, consisting of include source and exclude source. Command mode: Global Mode. Default: Maximum 50 groups by default, with each group capable with 40 source entries. Usage Guide: When number of joined group reaches the limit, new group requesting for joining in will be rejected for preventing hostile attacks.
Page 836: Ip Igmp Snooping Vlan Mrpt
mrouter port. Deleting static mrouter port can only be realized by the no command. Example: Switch(config)#ip igmp snooping vlan 2 mrouter-port interface ethernet1/0/13 44.10.13 ip igmp snooping vlan mrouter-port learnpim Command: ip igmp snooping vlan <vlan-id> mrouter-port learnpim no ip igmp snooping vlan <vlan-id> mrouter-port learnpim Function: Enable the function that the specified VLAN learns mrouter-port (according to pim packets), the no command will disable the function.
Page 837 Global mode Default: 255s Usage Guide: This command validates on dynamic mrouter ports but not on mrouter port. To use this command, IGMP Snooping of this VLAN should be enabled previously. Example: Switch(config)#ip igmp snooping vlan 2 mrpt 100 44.10.15 ip igmp snooping vlan query-interval Command: ip igmp snooping vlan <vlan-id>...
Page 838 query-mrsp” command restores to the default value. Parameter: vlan-id: VLAN ID, ranging between <1-4094> value: ranging between <1-25> seconds Command Mode: Global mode Default: Usage Guide: It is recommended to use the default settings. Please keep this configure in accordance with IGMP configuration as possible if layer 3 IGMP is running.
Page 839 44.10.18 ip igmp snooping vlan report source-address Command: ip igmp snooping vlan <vlan-id> report source-address <A.B.C.D> no ip igmp snooping vlan <vlan-id> report source-address Function: Configure forward report source-address for IGMP, the “no ip igmp snooping vlan <vlan-id> report source-address” command restores the default setting. Parameter: vlan-id: VLAN ID range<1-4094>;...
Page 840 Default: Enable the function. Usage Guide: After enable vlan snooping in global mode, input this command to configure the maximum query response time of the specific group. Example: Configure/cancel the specific-query-mrsp of vlan3 as 2s. Swith(config)#ip igmp snooping vlan 3 specific-query-mrsp 2 Swith(config)#no ip igmp snooping vlan 3 specific-query-mrspt 44.10.20 ip igmp snooping vlan static-group Command:...
Page 841: Show Ip Igmp Snooping
44.10.21 ip igmp snooping vlan suppression-query-time Command: ip igmp snooping vlan <vlan-id> suppression-query-time <value> no ip igmp snooping vlan <vlan-id> suppression-query-time Function: Configure the suppression query time. The “no ip igmp snooping vlan <vlan-id> suppression-query-time” command restores to the default value. Parameter: vlan-id: VLAN ID, ranging between <1-4094>...
Page 842 Show IGMP Snooping summary messages of the switch Switch(config)#show ip igmp snooping Global igmp snooping status: Enabled L3 multicasting: running Igmp snooping is turned on for vlan 1(querier) Igmp snooping is turned on for vlan 2 -------------------------------- Displayed Information Explanation Global igmp snooping status Whether the global igmp snooping switch on the switch is on L3 multicasting...
Page 843 whether the querier state is could-query or suppressed Igmp snooping query-interval Query interval of the VLAN Igmp snooping max reponse time Max response time of the VLAN Igmp snooping robustness IGMP Snooping robustness configured on the VLAN Igmp snooping mrouter port keep-alive time of dynamic mrouter of the VLAN keep-alive time...
Page 844 Enable all the debugging switches of IGMP Proxy; the “no debug igmp proxy all” command disenables all the debugging switches. Command Mode: Admin Mode. Default: Disabled. Usage Guide: Use to enable debugging switches of IGMP Proxy, it can display IGMP packet, event, timer, mfc, which disposed in the switch.
Page 845 Disabled. Command Mode: Admin Mode and Global Mode. Usage Guide: Enable IGMP Proxy mfc debug switch and display multicast information created and distributed. Example: Switch# debug igmp proxy mfc 44.11.5 debug igmp proxy packet Command: debug igmp proxy packet no debug igmp proxy packet Function: Enable/Disable debug switch of IGMP Proxy.
Page 846 The command is used for enable the IGMP Proxy timer debugging switch which appointed. Example: Switch# debug ip igmp proxy timer 44.11.7 ip igmp proxy Command: ip igmp proxy no ip igmp proxy Function: Enable the IGMP Proxy function; the “no ip igmp proxy” command disables this function. Command Mode: Global Mode.
Page 847 the multicast dataflow. Example: Switch(config)#ip igmp proxy aggregate 44.11.9 ip igmp proxy downstream Command: ip igmp proxy downstream no ip igmp proxy downstream Function: Enable the appointed IGMP Proxy downstream port function; the “no ip igmp proxy upstream” disables this function. Command Mode: Interface Configuration Mode.
Page 848 s_limit: <1-500>, the source number limitation. Command Mode: Global Mode. Default: Most 50 groups in default, and most 40 sources in one group. Usage Guide: If the group number limitation is exceeded, new group membership request will be rejected. This command is used to prevent malicious group membership requests.
Page 849 Command: ip igmp proxy unsolicited-report interval <value> no ip igmp proxy unsolicited-report interval Function: To configure how often the upstream ports send out unsolicited report. Parameter: The interval is between 1 to 5 seconds for the upstream ports send out unsolicited report. Command Mode: Global Mode.
Page 850 Command: ip igmp proxy upstream no ip igmp proxy upstream Function: Enable the appointed IGMP Proxy upstream port function. The “no ip igmp proxy upstream” disables this function. Command Mode: Interface Configuration Mode. Default: Disabled. Usage Guide: To configure the interface to function as the upstream port of IGMP Proxy. In order to make IGMP Proxy work, at least one downstream interface should be configured.
Page 851 PROXY and PIM configuration. To be mentioned, this command cannot be applied with DVMRP configuration. Example: To enable SSM configuration on the switch, and specify the address in access-list 23 as the filter address for SSM. Switch(config)# access-list 23 permit host-source 224.1.1.1 Switch(config)#ip multicast ssm range 23 44.11.16 ip pim bsr-border Command:...
Page 852: Show Ip Igmp Proxy
Command Mode: Admin Mode. Usage Guide: The debuging switch status of IGMP Proxy. Example: Switch(config)#show debugging igmp proxy IGMP PROXY debugging status: IGMP PROXY event debugging is on IGMP PROXY packet debugging is on IGMP PROXY timer debugging is on IGMP PROXY mfc debugging is on 44.11.18 show ip igmp proxy Command:...
Page 853 Show Information Explanation IGMP PROXY MRT running Whether the protocol is running Total active interface number Number of active upstream and downstream ports Global igmp proxy configured Whether global igmp proxy is enabled Upstream Interface configured Whether upstream port is configured Upstream Interface Vlan The VLAN which the upstream port belongs to Upstream Interface configured...
Page 854 Show Information Explanation Entries The counts of each item Local_include_olist index for local include olist Local_exclude_olist index for local exclude olist Outgoing Final outgoing index of multicast data(S, G) 44.11.20 show ip igmp proxy upstream groups Command: show ip igmp proxy upstream groups {A.B.C.D} Command Mode: Admin Mode.
Page 855: Show Ipv6 Mroute
Chapter 45 IPv6 Multicast Protocol 45.1 Public Commands for Multicast 45.1.1 show ipv6 mroute Command: show ipv6 mroute [<GroupAddr> [<SourceAddr>]] Function: show IPv6 software multicast route table. Parameter: GroupAddr: show the multicast entries relative to this Group address. SourceAddr: show the multicast route entries relative to this source address. Command Mode: Admin mode and global mode Example:...
Page 856 （multicast forwarding cache） entries unresolved ipmr entries unresolved ip multicast route entries Group the destination address of the entries Origin the source address of the entries ingress interface of the entries Wrong packets received from the wrong interface 45.2 Commands for PIM-DM6 Explain: Part SHOW and DEBUG commands is same to PIM-SM, please reference the PIM-SM command.
Page 857 Function: Enable debug switch of PIM-DM state-refresh timer information in detail; the “no debug ipv6 pim timer srt” command disenables the debug switch. Default: Disabled Command Mode: Admin Mode Usage Guide: Enable the switch, and display PIM-DM state-refresh timer information in detail Example: Switch # debug ipv6 pim timer srt Remark:...
Page 858 45.2.4 ipv6 pim bsr-border Command: ipv6 pim bsr-border no ipv6 pim bsr-border Function: To configure or delete PIM6 BSR-BORDER interface. Default: Non-BSR-BORDER. Command Mode: Interface Configuration Mode. Usage Guide: To configure the interface as the BSR-BORDER. If configured, BSR related messages will not receive from or sent to the specified interface.
Page 859 Switch (config)#ipv6 pim multicast-routing Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 pim dense-mode 45.2.6 ipv6 pim dr-priority Command: ipv6 pim dr-priority <priority> no ipv6 pim dr-priority Function: Configure, cancel and change priority value of interface DR. The same net segment border nodes vote specified router DR in this net segment through hello messages, the “no ipv6 pim dr-priority”...
Page 860 Hello message includes Genid option Command Mode: Interface Configuration Mode Usage Guide: The command is used to interactive with old Cisco IOS Version.The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Configure hello messages transmitted by switch to exclude Genid option.
Page 861 Switch (Config -if-Vlan1)#ipv6 pim hello-holdtime 10 45.2.9 ipv6 pim hello-interval Command: ipv6 pim hello-interval < interval> no ipv6 pim hello-interval Function: Configure interface PIM-DM hello message interval; the “no ipv6 pim hello-interval” command restores default value. Parameter: <interval> is interval of periodically transmitted PIM-DM hello message, value range from 1s to 18724s.
Page 862 Default: Disable PIM-DM protocol Command Mode: Global Mode Usage Guide: Ipv6 pim can enable only after executing this command. Example: Globally enable PIM-DM protocol Switch (config)#ipv6 pim multicast-routing 45.2.11 ipv6 pim neighbor-filter Command: ipv6 pim neighbor-filter <acess-list-name> no ipv6 pim neighbor-filter <acess-list-name> Function: Configure neighbor access-list.
Page 863 45.2.12 ipv6 pim scope-border Command: ipv6 pim scope-border [<500-599>|<acl_name>] no ipv6 pim scope-border Function: To configure or delete management border of PIM6. Parameters: <500-599> is the ACL number for the management border. <acl_name> is the ACL name for the management border. Default: Not management border.
Page 864 Example: Configure transmission interval of state-refresh message on interface vlan1 to 90s. Example: Switch (Config-if-Vlan1)#ipv6 pim state-refresh origination-interval 90 45.2.14 show ipv6 pim interface Command: show ipv6 pim interface [detail] Function: Display PIM interface information. Command Mode: Any Mode Example: Switch#show ipv6 pim interface Interface VIFindex Ver/ Mode...
Page 865 45.2.15 show ipv6 pim mroute dense-mode Command: show ipv6 pim mroute dense-mode [group <X:X::X:X>] [source <X:X::X:X>] Function: Display PIM-DM message forwarding items. Parameter: group <X:X::X:X>: displays forwarding items relevant to this multicast address Source < X:X::X:X >: displays forwarding items relevant to this source. Default: Do not display Command Mode:...
Page 866 Displayed Information Explanations (*, ff1e::15) (*,G) Forwaridng item (2000:10:1:12::11, ff1e::15) (S,G) Forwarding item RPF nbr Backward path neighbor, upstream neighbor of source direction in DM, 0.0.0.0 expresses the switch is the first hop. RPF idx Interface located in RPF neighbor Upstream State Upstream direction,...
Page 867 Neighbor Interface Uptime/Expires Address Priority/Mode Fe80::203:fff:fee3:1244 Vlan1 00:00:10/00:01:35 v2 1 /DR fe80::20e:cff:fe01:facc Vlan1 00:00:13/00:01:32 v2 Displayed Information Explanations Neighbor Address Neighbor address Interface Neighbor interface Uptime/Expires Running time /overtime Pim version ,v2 usually DR Priority/Mode DR priority in the hello messages from the neighbor and if the neighbor is the interface’s DR 45.2.17 show ipv6 pim nexthop Command:...
Page 868 Nexthop Addr Nexthop address Nexthop Ifindex Nexthop interface index Nexthop Name Nexthop name Metric Metric Metric to nexthop Pref Preference Route preference Refcnt Reference count 45.3 Commands for PIM-SM6 45.3.1 clear ipv6 pim bsr rp-set Command: clear ipv6 pim bsr rp-set * Function: Clear all RP.
Page 869 Usage Guide: Enable “pim events debug” switch and display events information about pim operation. Example: Switch# debug ipv6 pim events 45.3.3 debug ipv6 pim mfc Command: debug ipv6 pim mfc（in|out|） no debug ipv6 pim mfc（in|out|） Function: Enable or Disable pim mfc debug switch. Default: Disabled Command Mode:...
Page 870 Switch# debug ipv6 pim mib 45.3.5 debug ipv6 pim nexthop Command: debug ipv6 pim nexthop no debug ipv6 pim nexthop Function: Enable or Disable pim nexthop debug switch. Default: Disabled Command Mode: Admin Mode. Usage Guide: Inspect PIM NEXTHOP changing information by the pim nexthop switch. Example: Switch# debug ipv6 pim nexthop 45.3.6 debug ipv6 pim nsm...
Page 871 45.3.7 debug ipv6 pim packet Command: debug ipv6 pim packet [in|out|] no debug ipv6 pim packet [in|out|] Function: Enable or Disable PIM debug switch. Parameter: in display only received PIM packets out display only transmitted PIM packets none display both Default: Disabled Command Mode:...
Page 872 45.3.9 debug ipv6 pim timer Command: debug ipv6 pim timer debug ipv6 pim timer assert debug ipv6 pim timer assert at debug ipv6 pim timer bsr bst debug ipv6 pim timer bsr crp debug ipv6 pim timer bsr debug ipv6 pim timer hello ht debug ipv6 pim timer hello nlt debug ipv6 pim timer hello tht debug ipv6 pim timer hello...
Page 873 no debug ipv6 pim timer joinprune ot no debug ipv6 pim timer joinprune plt no debug ipv6 pim timer joinprune ppt no debug ipv6 pim timer joinprune pt no debug ipv6 pim timer joinprune no debug ipv6 pim timer register rst no debug ipv6 pim timer register no debug ipv6 pim timer Function:...
Page 874 interfaces are specified, the specified multicast routing entry will be removed. Otherwise the multicast routing entry for the specified egress interface will be removed. Example: Switch(config)#ipv6 mroute 2001::1 ff1e::1 v10 v20 v30 45.3.11 ipv6 multicast unresolved-cache aging-time Command: ipv6 multicast unresolved-cache aging-time <value> no ipv6 multicast unresolved-cache aging-time Function: Configure the cache time of kernel multicast route, the no command restores the default value.
Page 875 Usage Guide: This command is used to configure the access-list filtering the PIM REGISTER packets. The addresses of the access-list respectively indicate the filtered multicast sources and multicast groups’ information. For the source-group combinations that match DENY, PIM sends REGISTER-STOP immediately and does not create group records when receiving REGISTER packets.
Page 876 [<hash-mask-length>] [<priority>] Function: This command is the candidate BSR configure command in global mode and is used to configure PIM-SM information about candidate BSR in order to compete the BSR router with other candidate BSRs. The command “no ipv6 pim bsr-candidate {vlan <vlan_id>| tunnel <tunnel-id>|<ifname>} [<hash-mask-length>] [<priority>]”...
Page 877 <access-list name> is the applying simple access-list. Command Mode: Global Mode Usage Guide: This command is used to interact with older Cisco IOS version. Example: Configure the register packet’s checksum of the group specified by myfilter to use the whole packet’s length.
Page 878 Command: ipv6 pim exclude-genid no ipv6 pim exclude-genid Function: This command makes the Hello packets sent by PIM SM do not include GenId option, the “no ipv6 pim exclude-genid” command restores the default value. Default: The Hello packets include GenId option. Command Mode: Interface Configuration Mode Usage Guide:...
Page 879 configured or hello_holdtime is configured but less than current hello_interval, hello_holdtime is modified to 3.5*hello_interval, otherwise the configured value is maintained. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Configure vlan1’s Hello Holdtime to 10s Switch (config)# interface vlan1 Switch (Config -if-Vlan1)#ipv6 pim hello-holdtime 10...
Page 880 45.3.20 ipv6 pim ignore-rp-set-priority Command: ipv6 pim ignore-rp-set-priority no ipv6 pim ignore-rp-set-priority Function: When RP selection is carried out, this command configures the switch to enable Hashing regulation and ignore RP priority. This command is used to interact with older Cisco IOS versions. Command Mode: Global Mode Usage Guide:...
Page 881 45.3.22 ipv6 pim multicast-routing Command: ipv6 pim multicast-routing no ipv6 pim multicast-routing Function: Enable PIM-SM globally. The “no ipv6 pim multicast-routing” command disables PIM-SM globally. Default: Disabled PIM-SM protocol Command Mode: Global Mode Usage Guide: Inspect the changing information about pim state by this switch.. Example: Enable PIM-SM globally.
Page 882 tunnel carefully. Example: Configure VLAN’s pim neighbor access-list. Switch (Config-if-Vlan1)#ipv6 pim neighbor-filter myfilter Switch(config)#ipv6 access-list standard myfilter Switch(config_IPv6_Std-Nacl-myfilter)#deny fe80:20e:cff:fe01:facc Switch(config)#ipv6 access-list standard myfilter Switch(config_IPv6_Std-Nacl-myfilter)#permit any 45.3.24 ipv6 pim register-rate-limit Command: ipv6 pim Register-rate-limit <limit> no ipv6 pim Register-rate-limit Function: This command is used to configure the speedrate of DR sending register packets, the unit is packet/second.
Page 883 This command makes DR check the RP reachability in the process of registration. Default: Do not check. Command Mode: Global Mode. Usage Guide: This command configures DR whether or not to check the RP reachability. Example: Configure the router to check the RP reachability before sending register packets. Switch(config)# ipv6 pim Register-rp-reachability 45.3.26 ipv6 pim register-source Command:...
Page 884 45.3.27 ipv6 pim register-suppression Command: ipv6 pim register-suppression <value> no ipv6 pim register-suppression Function: This command is to configure the value of register suppression timer, the unit is second. Parameter: <value> is the timer’s value, it ranges from 10 to 65535s. Default: Command Mode: Global Mode...
Page 885 Global Mode Usage Guide: This command is to configure static RP globally or in a multicast address range. Example: Configure 2000:112::8 as RP address globally. Switch (config)# ipv6 pim rp-address 2000:112::8 ff1e::/64 45.3.29 ipv6 pim rp-candidate Command: ipv6 rp-candidate{vlan<vlan-id> |loopback<index> |<ifname>}[<group range>] [<priority>]...
Page 886 45.3.30 ipv6 pim rp-register-kat Command: ipv6 pim rp-register-kat <vaule> no ipv6 pim rp-register-kat Function: This command is to configure the KAT (KeepAlive Timer) value of the RP (S, G) items, the unit is second. The “no ipv6 pim rp-register-kat” command restores the default value. Parameter: <vaule>...
Page 887 Switch(Config-if-Vlan2)#ipv6 pim scope-border 503 45.3.32 ipv6 pim sparse-mode Command: ipv6 pim sparse-mode [passive] no ipv6 pim sparse-mode [passive] Function: Enable PIM-SM on the interface. no ipv6 pim sparse-mode [passive] disables PIM-SM. Parameter: [passive] means to disable PIM-SM (that’s PIM-SM doesn’t receive any packets) and only enable MLD(reveice and transmit MLD packets).
Page 888 BSR address: 2000:1:111::100 (?) Uptime: 00:16:00, BSR Priority: 0, Hash mask length: 126 Next bootstrap message in 00:00:10 Role: Candidate BSR State: Elected BSR Next Cand_RP_advertisement in 00:00:10 RP: 2000:1:111::100(Vlan2) Displayed Information Explanations BSR address Bsr-router Address Priority Bsr-router Priority Hash mask length Bsr-router hash mask length State...
Page 889 Displayed Information Explanations Address Interface address Interface Interface name VIF index Interface index Ver/Mode Pim version and mode, usually v2,sparse mode displays S,dense mode displays D Nbr Count The interface’s neighbor count DR Prior Dr priority The interface’s DR address 45.3.35 show ipv6 pim mroute sparse-mode Command: show ipv6 pim mroute sparse-mode...
Page 890 (2000:1:111::11, ff1e::15) RPF nbr: :: RPF idx: None SPT bit: 1 Upstream State: JOINED Local ........ Joined ........ Asserted ........ Outgoing ..o......(2000:1:111::11, ff1e::15, rpt) RP: 2000:1:111::100 RPF nbr: :: RPF idx: None Upstream State: NOT PRUNED Pruned ........ Outgoing ..o......Displayed Information Explanations Entries...
Page 891 45.3.36 show ipv6 pim neighbor Command: show ipv6 pim neighbor [detail|] Function: Display router neighbors. Command Mode: Any Mode Usage Guide: Display multicast router neighbors maintained by the PIM. Example: Switch(config)#show ipv6 pim neighbor Neighbor Interface Uptime/Expires Address Priority/Mode Fe80::203:fff:fee3:1244 Vlan1 00:00:10/00:01:35 v2 1 /DR...
Page 892 Flags: N = New, R = RP, S = Source, U = Unreachable …. Destination Type Nexthop Nexthop ..Nexthop Nexthop Metric Pref Refcnt Addr Ifindex Name 2000:1:111::11 ..S. 2004 2000:1:111::100 .RS. 2004 Displayed Information Explanations Destination Destination of next item Type N: created nexthop,RP direction and S direction are not determined .
Page 893: Show Ipv6 Pim Rp Mapping
Displayed Information Explanations Queried group’sRP Info source The source of Bootstrap information 45.3.39 show ipv6 pim rp mapping Command: show ipv6 pim rp mapping Function: Display Group-to-RP Mapping and RP. Command Mode: Any Mode Usage Guide: Display the current RP and mapping relationship. Example: Switch#show ipv6 pim rp mapping PIM Group-to-RP Mappings...
Page 894 debug ipv6 pim anycast-rp no debug ipv6 pim anycast-rp Function: Enable the debug switch of ANYCAST RP function; the no operation of this command will disable this debug switch. Command Mode: Admin Mode. Default: The debug switch of ANYCAST RP is disabled by default. Usage Guide: This command is used to enable the debug switch of ANYCAST RP of the router, it can display the information of handling PIM register packet of the switch——packet, and the information of...
Page 895 Command: ipv6 pim anycast-rp <anycast-rp-addr> <other-rp-addr> no ipv6 pim anycast-rp <anycast-rp-addr> <other-rp-addr> Function: Configure ANYCAST RP address （ARA） and the unicast addresses of other RP communicating with this router(as a RP). The no operation of this command will cancel the unicast address of another RP in accordance with the configured RP address.
Page 896 Function: Configure the self-rp-address of this router (as a RP). This address will be used to exclusively identify this router from other RP, and to communicate with other RP. The no operation of this command will cancel the configured unicast address used by this router (as a RP) to communicate with other RP.
Page 897 ifname: the specified name of the interface. A:B::C:D/M: the ip prefix and mask. <priority>: the priority of RP election, ranging from 0 to 255, the default value is 192, the smaller the value is the higher the priority is. Command Mode: Global Configuration Mode.
Page 898 Admin and Configuration Mode. Usage Guide: Display the state information of ANYCAST RP, and display the mrt node information generated in the first hop RP which is currently maintained by the protocol. Example: Switch(config)#show ipv6 pim anycast-rp first-hop IP Multicast Routing Table (*,G) Entries: 0 (S,G) Entries: 1 (E,G) Entries: 0...
Page 899 (E,G) Entries: 0 INCLUDE (2002:1:111::2, ffle::2) Local .l......Display Explanation Entries The number of all kinds of entries. INCLUDE The mrt information created in the first hop RP. 45.4.9 show ipv6 pim anycast-rp status Command: show ipv6 pim anycast-rp status Command Mode: Admin and Configuration Mode.
Page 900: Ipv6 Pim Ssm
self-rp-address: The configured self-rp-address. anycast-rp address: The configured anycast-rp-address. other rp unicast rp address: configured other communication addresses accordance with the above anycast-rp-address. other rp unicast rp address: configured other communication addresses accordance with the above anycast-rp-address. anycast-rp address: The configured anycast-rp-address*. other rp unicast rp address: configured other...
Page 901 Example: Configure the switch to enable PIM-SSM, the group’s range is what is specified by access-list 23. Switch (config)#ipv6 pim ssm range 23 Switch(config)#ipv6 access-list standard myfilter Switch(config_IPv6_Std-Nacl-myfilter)#permit ff1e::/48 45.6 Commands for IPv6 DCSCM 45.6.1 ipv6 access-list(ipv6 multicast source control) Command: ipv6 access-list <8000-8099>...
Page 902 Switch(config)#ipv6 access-list 8000 permit fe80::203:228a/64 ff1e::1/64 45.6.2 ipv6 access-list(multicast destination control) Command: ipv6 access-list <9000-10999> {deny|permit} {{<source/M> }|{host-source <source-host-ip>}|any-source} {{<destination/M> }|{host-destination <destination-host-ip>}|any-destination} no ipv6 access-list <9000-10999> {deny|permit} {{<source/M> }|{host-source <source-host-ip>}|any-source} {{<destination/M> }|{host-destination <destination-host-ip>}|any-destination} Function: Configure IPv6 destination control multicast access list, the no operation of this command is used to delete the access list.
Page 903 ipv6 multicast destination-control access-group <9000-10999> no ipv6 multicast destination-control access-group <9000-10999> Function: Configure the IPv6 multicast destination control access list used by the port, the no operation of the command will delete this configuration. Parameters: <9000-10999>: The destination control access list number. Default: Not configured.
Page 904 Usage Guide: The command is only working under global IPv6 multicast destination-control enabled, after configuring the command, if MLD-SPOOPING or MLD is enabled, for adding the members to multicast group. If configuring multicast destination-control on specified net segment of transmitted MLD-REPORT, and match configured access-list, such as matching permit, the interface can be added, otherwise do not be added.
Page 905 45.6.6 ipv6 multicast policy Command: ipv6 multicast policy <IPADDRSRC/M> <IPADDRGRP/M> cos <priority> no ipv6 multicast policy <IPADDRSRC/M> <IPADDRGRP/M> cos Function: Configure IPv6 policy multicast, the no operation of this command is to cancel the policy multicast of IPv6. Parameters: <IPADDRSRC/M>: The source address and the length of the mask of IPv6 multicast. <IPADDRGRP/M>: The multicast address of IPv6 and the length of mask of multicast address <priority>: The specified priority, the range of which is <0-7>.
Page 906 Global Configuration Mode. Usage Guide: Only when the IPv6 multicast source control is enabled globally, the source control access list can be applied to ports. After configuring this command, the IPv6 multicast data received by all the ports will be dropped by the switch if there is no matched multicast source control entry, that it only the multicast data matched as PERMIT can be received and forwarded.
Page 907 multicast destination-control no multicast destination-control Function: Configure to globally enable IPv4 and IPv6 multicast destination control, after configuring this command, IPv4 and IPv6 multicast destination control will take effect at the same time. The no operation of this command is to recover and disable the IPv4 and IPv6 multicast destination control globally.
Page 908 Usage Guide: Use this command to display the configured multicast destination control rules, if including the detail option, it will also display the details of the access-list in use. Example: switch(config)#show ipv6 multicast destination-control ipv6 multicast destination-control is enabled ipv6 multicast destination-control 2003::1/64 access-group 9003 ipv6 multicast destination-control 1 00-03-05-07-09-11 access-group 9001 multicast destination-control access-group 6000 used on interface Ethernet1/0/13 switch(config)#...
Page 909 Command: show ipv6 multicast policy Function: Display the configured IPv6 multicast policy. Command Mode: Admin Mode. Usage Guide: Use this command to display the configured IPv6 multicast policy. Example: switch#show ipv6 multicast policy ipv6 multicast-policy 2003::2/64 ff1e::3/64 cos 5 45.6.13 show ipv6 multicast source-control Command: show ipv6 multicast source-control [detail] show ipv6 multicast source-control interface <Interfacename>...
Page 910: Clear Ipv6 Mld Group
Command: show ipv6 multicast source-control access-list show ipv6 multicast source-control access-list <8000-8099> Function: Display the configured IPv6 source control multicast access list. Parameters: <8000-8099>: Access list number. Command Mode: Admin Mode. Usage Guide: Use this command to display the configured source control multicast access list. Example: switch#sh ipv6 multicast source-control access-list ipv6 access-list 8000 permit 2003::2/64 ff1e::3/64...
Page 911: Debug Ipv6 Mld Packet
45.7.2 debug ipv6 mld events Command: debug ipv6 mld events no debug ipv6 mld events Function: Enable the debug switch that displays MLD events. The “no debug ipv6 mld events” command disables the debug switch. Default: Disabled. Command Mode: Admin Mode. Usage Guide: This switch can be enabled to get MLD events information.
Page 912 1970/01/01 07:33:12 IMI: Type: Listener Report (131) 1970/01/01 07:33:12 IMI: Code: 0 1970/01/01 07:33:12 IMI: Checksum: 3b7a 1970/01/01 07:33:12 IMI: Max Resp Delay: 0 1970/01/01 07:33:12 IMI: Reserved: 0 1970/01/01 07:33:12 IMI: Multicast Address: ff1e::1:3 1970/01/01 07:33:12 IMI: MLD Report recv: src fe80::203:fff:fe12:3457 for ff1e::1:3 1970/01/01 07:33:12 IMI: Processing Report comes from Vlan1, ifindex 2003 1970/01/01 07:33:12 IMI: MLD(Querier) ff1e::1:3 (Vlan1): Listeners Present -->...
Page 913 Command: ipv6 mld immediate-leave group-list {<acl-name>} no ipv6 mld immediate-leave Function: Configure MLD to work in the immediate leave mode, that’s when the host sends a membership qualification report that equals to leave a group, the router doesn’t send query and consider there is no this group’s member in the subnet.
Page 914 Example: Join the interface vlan2 in multicast group with multicast address of ff1e::1:3. Switch(config)#interface vlan 2 Switch(Config-if-Vlan2)#ipv6 mld join-group ff1e::1:3 45.7.7 ipv6 mld join-group mode source Command: ipv6 mld join-group <X:X::X:X> mode <include|exclude> source <.X:X::X:X> no ipv6 mld join-group <X:X::X:X> source <.X:X::X:X> Function: Configure the sources of certain multicast group which the interface join in.
Page 915: Ipv6 Mld Limit
Command: ipv6 mld last-member-query-interval <interval> no ipv6 mld last-member-query-interval Function: Configure the interface’s sending interval of querying specific group. The “no ipv6 mld last-member-query-interval” command cancels the manually configured value and restores the default value. Parameter: <interval> is the interval of querying specific group, it ranges from 1000 to 25500ms. It’s the integer times of 1000ms.
Page 916 report received will be ignored. If some MLD group state has already been saved before this command configured, the original states will be removed and the MLD general query will be sent to collect group member qualification reports no more than the max state-count. Example: Set the MLD state-count limit of the interface vlan2 to 4000.
Page 917 Configure the maximum of the response time of MLD queries; the “no ipv6 mld query- max-response-time” command restores the default value. Parameter: <time_val> is the maximum of the response time of MLD queries, it ranges from 1 to 25s. Default: 10s.
Page 918: Ipv6 Mld Version
Example: Configure the interface’s timeout of MLD queries to 100s. Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 mld query-timeout 100 45.7.13 ipv6 mld static-group Command: ipv6 mld static-group <group_address> [source <source_address>] no ipv6 mld static-group <group_address> [source <source_address>] Function: Configure certain static group or static source on the interface. The “no” form of this command cancels certain previously configured static group or static source.
Page 919: Show Ipv6 Mld Groups
Command: ipv6 mld version <version_no> no ipv6 mld version Function: Configure the version of the MLD protocol running on the interface; the “no ipv6 mld version” command restores the manually configured version to the default one. Parameter: <version_no> is the version number of the MLD protocol, with a valid range of 1-2. Default: 2 by default Command Mode:...
Page 920: Show Ipv6 Mld Interface
ff1e::1:3 Vlan1 00:00:16 00:03:14 Switch# Displayed Information Explanations Group Address Multicast group IP address Interface The interface of multicast group Uptime The existing time of the multicast group Expires The left time to overtime 45.7.16 show ipv6 mld interface Command: show ipv6 mld interface [<ifname>] Function: Display the relevant MLD information of an interface.
Page 921: Commands For Mld Snooping Configuration
Command: show ipv6 mld join-group show ipv6 mld join-group interface {vlan <vlan_id>|<ifname>} Function: Display the join-group messages on the interfaces. Parameters: <ifname> is the name of the interface, which means to display MLD information on the specified interface. Default: Do not display Command Mode: Admin and Configuration Mode.
Page 922 Usage Guide: Use show command to check the deleted group record. Example: Delete all groups. Switch#clear ipv6 mld snooping vlan 1 groups Relative Command: show ipv6 mld snooping vlan <1-4094> 45.8.2 clear ipv6 mld snooping vlan <1-4094> mrouter-port Command: clear ipv6 mld snooping vlan <1-4094> mrouter-port [ethernet IFNAME|IFNAME] Function: Delete the mrouter port of the specific VLAN.
Page 923: Ipv6 Mld Snooping
Command Mode: Admin Mode Default: The MLD Snooping Debugging of the switch is disabled by default Usage Guide: This command is used for enabling the switch MLD Snooping debugging, which displays the MLD data packet message processed by the switch——packet, event messages——event, timer messages——timer,messages of down streamed hardware entry——mfc,all debug messages——all.
Page 924 Enable MLD Snooping on specified VLAN; the “no” form of this command disables MLD Snooping on specified VLAN. Parameter: <vlan-id> is the id number of the VLAN, with a valid range of <1-4094>. Command Mode: Global Mode Default: MLD Snooping disabled on VLAN by default Usage Guide: To configure MLD snooping on certain VLAN, the global MLD snooping should be first enabled.
Page 925 45.8.7 ipv6 mld snooping vlan l2-general-querier Command: ipv6 mld snooping vlan < vlan-id > l2-general-querier no ipv6 mld snooping vlan < vlan-id > l2-general-querier Function: Set the VLAN to Level 2 general querier. Parameter: vlan-id: is the id number of the VLAN, with a valid range of <1-4094> Command Mode: Global Mode Default:...
Page 926 vlan-id: VLAN ID, the valid range is <1-4094> g_limit: <1-65535>, max number of groups joined s_limit: <1-65535>, max number of source entries in each group, consisting of include source and exclude source Command Mode: Global Mode Default: Maximum 50 groups by default, with each group capable with 40 source entries. Usage Guide: When number of joined group reaches the limit, new group requesting for joining in will be rejected for preventing hostile attacks.
Page 927 command. Example: Switch(config)#ipv6 mld snooping vlan 2 mrouter-port interface ethernet1/0/13 45.8.10 ipv6 mld snooping vlan mrouter-port learnpim6 Command: ipv6 mld snooping vlan <vlan-id> mrouter-port learnpim6 no ipv6 mld snooping vlan <vlan-id> mrouter-port learnpim6 Function: Enable the function that the specified VLAN learns mrouter-port (according to pimv6 packets), the no command will disable the function.
Page 928 Global Mode Default: 255s Usage Guide: This configuration is applicable on dynamic mrouter port, but not on static mrouter port. To use this command, MLD snooping must be enabled on the VLAN. Example: Switch(config)#ipv6 mld snooping vlan 2 mrpt 100 45.8.12 ipv6 mld snooping vlan query-interval Command: ipv6 mld snooping vlan <vlan-id>...
Page 929 value. Parameter: vlan-id: VLAN ID, the valid range is<1-4094> value: the valid range is <1-25> secs . Command Mode: Global Mode Default: Usage Guide: It is recommended to use default value and if layer 3 MLD is in operation, please make this configuration in accordance with the MLD configuration as possible.
Page 930 ipv6 mld snooping vlan<vlan-id> static-group <X:X::X:X> [source< X:X::X:X>] interface [ethernet | port-channel] <IFNAME> no ipv6 mld snooping vlan <vlan-id> static-group <X:X::X:X> [source< X:X::X:X>] interface [ethernet | port-channel] <IFNAME> Function: Configure static-group on specified port of the VLAN. The no form of the command cancels this configuration.
Page 931: Show Ipv6 Mld Snooping
Global Mode Default: 255s Usage Guide: This command can only be configured on L2 general querier. The Suppression-query-time represents the period the suppression state maintains when general querier receives queries from layer 3 MLD within the segment. To use this command, the query-intervals in different switches within the same segment must be in accordance.
Page 932 switch. Mld snooping is turned on for vlan On which VLAN of the switch is enabled MLD Snooping, if the 1(querier) VLAN are l2-general-querier. 2. Display the detailed MLD Snooping information of vlan1 Switch#show ipv6 mld snooping vlan 1 Mld snooping information for vlan 1 Mld snooping L2 general querier :Yes(COULD_QUERY) Mld snooping query-interval...
Page 933 Mld snooping vlan 1 mrouter port Mrouter port of the VLAN, including both static and dynamic. 45-79...
Page 934 Chapter 46 Commands for Multicast VLAN 46.1 multicast-vlan Command: multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN; the “no” form of this command disables the multicast VLAN function. Command Mode: VLAN Configuration Mode. Default: Multicast VLAN function not enabled by default. Usage Guide: The multicast VLAN function can not be enabled on Private VLAN.
Page 935 with one multicast VLAN and the association will only succeed when every VLAN listed in the VLAN ID table exists. Command Mode: VLAN Mode. Default: The multicast VLAN is not associated with any VLAN by default. Usage Guide: After a VLAN is associated with the multicast VLAN, when there comes the multicast order in the port of this VLAN, then the multicast data will be sent from the multicast VLAN to this port, so to reduce the data traffic.
Page 936: Absolute Start
（Saturday) Saturday （Sunday) Sunday （Thursday） Thursday （Tuesday) Tuesday Wednesday （Wednesday) （Every day of the week） daily weekdays （Monday thru Friday）（Saturday thru Sunday） weekend start_time start time ,HH:MM:SS (hour: minute: second) end_time end time,HH:MM:SS (hour: minute: second) Remark: time-range polling is one minute per time, so the time error shall be <= one minute. Command Mode: time-range mode Default:...
Page 937 Parameters: start_time : start time, HH:MM:SS (hour: minute: second) end_time : end time, HH:MM:SS (hour: minute: second) start_data : start data, the format is, YYYY.MM.DD（year.month.day） end_data : end data, the format is, YYYY.MM.DD（year.month.day） Remark: time-range is one minute per time, so the time error shall be <= one minute. Command Mode: Time-range mode Default:...
Page 938 <sIpAddr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> ] {{ <dIpAddr> <dMask> } | any-destination | {host-destination <dIpAddr> }} [d-port { <dPort> | range <dPortMin> <dPortMax> }] [precedence <prec> ] [tos <tos> ][time-range<time-range-name> ] access-list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf | <protocol-num> } {{ <sIpAddr>...
Page 939 20(0x14): PIM V1 packet Particular notice: The packet types included here are not the types excluding IP OPTION. Normally, IGMP packet contains OPTION fields, and such configuration is of no use for this type of packet. If you want to configure the packets containing OPTION, please directly use the manner where OFFSET is configured.
Page 940 47.5 access-list(mac extended) Command: access-list <num> {deny | permit} {any-source-mac | {host-source-mac <host_smac>} | {<smac> <smac-mask>}} {any-destination-mac | {host-destination-mac <host_dmac>} | {<dmac> <dmac-mask>}} {untagged-eth2 | tagged-eth2 | untagged-802-3 | tagged-802-3} [<offset1> <length1> <value1> [ <offset2> <length2> <value2> [ <offset3> <length3> <value3>...
Page 941 When the user assign specific <num> for the first time, ACL of the serial number is created, then the lists are added into this ACL. Examples: Permit tagged-eth2 with any source MAC addresses and any destination MAC addresses and the packets whose 17th and 18th byte is 0x08, 0x0 to pass.
Page 942 {{ <destination> <destination-wildcard> }|any-destination| {host-destination <destination-host-ip> }}[d-port{ <port3> | range <dPortMin> <dPortMax> }] [precedence <precedence> ] [tos <tos> ][time-range <time-range-name> ] access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac> <smac-mask> }} {any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }} {eigrp|gre|igrp|ip|ipinip|ospf|{ <protocol-num> }} {{ <source> <source-wildcard> }|any-source|{host-source <source-host-ip> }} {{ <destination>...
Page 943 enabled to form a match when in connection; precedence (optional) packets can be filtered by priority which is a number from 0-7; tos (optional) packets can be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP packets can be filtered by packet type which is a number from 0-255;...
Page 944 Default Configuration: No access-list configured. Usage Guide: When the user assign specific <num> for the first time, ACL of the serial number is created, then the lists are added into this ACL. Examples: Permit the passage of packets with source MAC address 00-00-XX-XX-00-01, and deny passage of packets with source MAC address 00-00-00-XX-00-ab.
Page 945: Ip Access Extended
It is no use if default is firewall. Command Mode: Global mode Usage Guide: Whether enabling or disabling firewall, access rules can be configured. But only when the firewall is enabled, the rules can be used in specific orientations of specific ports. When disabling the firewall, all ACL tied to ports will be deleted.
Page 946: Ip Access Standard
47.11 ip access standard Command: ip access standard <name> no ip access standard <name> Function: Create a named standard access list. The no prefix will remove the named standard access list including all the rules in the list. Parameters: <name> is the name of the access list. The name can be formed by non-all-digit characters of length of 1 to 32.
Page 947 {host-source <sIPv6Addr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }] {{ <dIPv6Prefix/<dPrefixlen> } | any-destination | {host-destination <dIPv6Addr> }} [dPort { <dPort> | range <dPortMin> <dPortMax> }] [dscp <dscp> ] [flow-label <flowlabel> ][time-range <time-range-name> ] ipv6 access-list <num-ext> {deny | permit} <next-header> { <sIPv6Prefix/sPrefixlen> | any-source | {host-source <sIPv6Addr>...
Page 948 Switch (config)#ipv6 access-list 520 permit 2003:1:2:3::1/64 Switch (config)#ipv6 access-list 520 deny 2003:1:2:::1/48 47.13 ipv6 access standard Command: ipv6 access-list standard <name> no ipv6 access-list standard <name> Function: Create name-based standard IPv6 access list; “no ipv6 access-list standard<name>”command deletes the name-based standard IPv6 access list (including all entries).
Page 949 Global Mode. Default: No IP address is configured by default. Usage Guide: When this command is run for the first time, only an empty access list with no entry will be created. Example: Create an extensive IPv6 access list named tcpFlow. Switch (config)#ipv6 access-list extended tcpFlow 47.15 {ip|ipv6|mac|mac-ip} access-group Command:...
Page 950 3. IP ACL that match flowlabel can not be bound There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when a data packet matches multi types of four ACLs.
Page 951 Examples: Create an MAC ACL named mac_acl. Switch(config)# mac-access-list extended mac_acl Switch(Config-Mac-Ext-Nacl-mac_acl)# 47.17 mac-ip access extended Command: mac-ip-access-list extended <name> no mac-ip-access-list extended <name> Functions: Define name-manner MAC-IP enter access-list configuration mode, “no mac-ip-access-list extended <name>” command deletes this ACL. Parameters: <name>: name of access-list excluding blank or quotation mark, and it must start with letter, and the length cannot exceed 32 (remark: sensitivity on capital or small letter).
Page 952 {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}} [<igmp-type>] [precedence <prec>] [tos <tos>][time-range<time-range-name>] [no] {deny | permit} tcp {{ <sIpAddr> <sMask> } | any-source | {host-source <sIpAddr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }] {{ <dIpAddr> <dMask> } | any-destination | {host-destination <dIpAddr>...
Page 953 47.19 permit | deny(ip standard) Command: {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} no {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} Functions: Create a name standard IP access rule, and “no {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}}”...
Page 954 [no] {deny | permit} udp { <sIPv6Prefix/sPrefixlen> | any-source | {host-source <sIPv6Addr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }] { <dIPv6Prefix/dPrefixlen> | any-destination | {host-destination <dIPv6Addr> }} [d-port { <dPort> | range <dPortMin> <dPortMax> }] [dscp <dscp> ] [flow-label <fl> ][time-range <time-range-name>...
Page 955 47.21 permit | deny(ipv6 standard) Command: [no] {deny | permit} {{<sIPv6Prefix/sPrefixlen>} | any-source | {host-source <sIPv6Addr>}} Function: Create a standard nomenclature IPv6 access control rule; the no form of this command deletes the nomenclature standard IPv6 access control rule. Parameter: <sIPv6Prefix>...
Page 956 <dmac-mask> }} [untagged-eth2 [ethertype <protocol> [protocol-mask]]] [no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }|{ <smac> <smac-mask> }} {any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }} [untagged-802-3] [no]{deny|permit} {any-source-mac|{host-source-mac <host_smac> }|{ <smac> <smac-mask> }} {any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }} [tagged-eth2 [cos <cos-val> [ <cos-bitmask> ]] [vlanId <vid-value> [ <vid-mask>...
Page 957 any-destination-mac untagged-802-3 Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff tagged-802 47.23 permit | deny(mac-ip extended) Command: [no] {deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} icmp{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [<icmp-type> [<icmp-code>]] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} igmp{{<source><source-wildcard>}|any-source| {host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] [no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }| { <smac> <smac-mask>...
Page 958 {{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [precedence <precedence>] [tos <tos>][time-range<time-range-name>] Functions: Define an extended name MAC-IP ACL rule, no form deletes one extended numeric MAC-IP ACL access-list rule. Parameters: num access-list serial No. this is a decimal’s No. from 3100-3199; deny if rules are matching, deny to access;...
Page 959 Command Mode: Name extended MAC-IP access-list configuration mode Default: No access-list configured. Examples: Deny the passage of UDP packets with any source MAC address and destination MAC address, any source IP address and destination IP address, and source port 100 and destination port 40000. Switch(config)# mac-ip-access-list extended macIpExt Switch(Config-MacIp-Ext-Nacl-macIpExt)# deny any-source-mac any-destination-mac udp any-source s-port 100 any-destination d-port 40000...
Page 960 access-list 3100 deny any-source-mac any-destination-mac udp any-source s-port 100 any-destination d-port 40000 Displayed information Explanation access-list 10(used 1 time(s)) Number ACL10, 0 time to be used access-list 10 deny any-source Deny any IP packets to pass access-list 100(used 1 time(s)) Nnumber ACL10, 1 time to be used access-list deny...
Page 961: Show Firewall
IP Ingress access-list used is 100, traffic-statistics Disable. interface name: Ethernet1/0/2 IP Ingress access-list used is 1, packet(s) number is 11110. Displayed information Explanation interface name: Ethernet 1/0/1 Tying situation on port Ethernet1/0/1 IP Ingress access-list used is 100 No. 100 numeric expansion ACL tied to entrance of port Ethernet1/0/1 packet(s) number is 11110 Number of packets matching this ACL rule...
Page 962 Command Mode: Admin and Configuration Mode. Usage Guide: When no access control list is specified, all the access control lists will be displayed; in used x time （s） is shown the times the ACL had been quoted. Example: Switch #show ipv6 access-lists ipv6 access-list 500(used 1 time(s)) ipv6 access-list 500 deny any-source ipv6 access-list 510(used 1 time(s))
Page 963 47.29 time-range Command: [no] time-range <time_range_name> Functions: Create the name of time-range as time range name, enter the time-range mode at the same time. Parameters: time_range_name, time range name must start with letter, and the length cannot exceed 16 characters long. Command Mode: Global mode Default:...
Page 964 Chapter 48 Commands for 802.1x 48.1 debug dot1x detail Command: debug dot1x detail {pkt-send | pkt-receive | internal | all | userbased | webbased} interface [ethernet] <interface-name> no debug dot1x detail { pkt-send | pkt-receive | internal | all | userbased | webbased} interface [ethernet] <interface-name>...
Page 965 Enable the debug information of dot1x about errors; the no operation of this command will disable that debug information. Command Mode: Admin Mode. Usage Guide: By enabling the debug information of dot1x about errors, users can check the information of errors that occur in the processes of the Radius protocol operation, which might help diagnose the cause of faults if there is any.
Page 966: Debug Dot1X Packet
48.4 debug dot1x packet Command: debug dot1x packet {all | receive | send} interface <interface-name> no debug dot1x packet {all | receive | send} interface <interface-name> Function: Enable the debug information of dot1x about messages; the no operation of this command will disable that debug information.
Page 967: Dot1X Eapor Enable
Global Mode. Usage Guide: The dot1x address filter function is implemented according to the MAC address filter table, dot1x address filter table is manually added or deleted by the user. When a port is specified in adding a dot1x address filter table entry, that entry applies to the port only; when no port is specified, the entry applies to all ports in the switch.
Page 968: Dot1X Enable
48.7 dot1x enable Command: dot1x enable no dot1x enable Function: Enables the 802.1x function in the switch and ports: the "no dot1x enable" command disables the 802.1x function. Command mode: Global Mode and Port Mode. Default: 802.1x function is not enabled in global mode by default; if 802.1x is enabled under Global Mode, 802.1x will not be enabled for the ports by default.
Page 969: Dot1X Macfilter Enable
Default Settings: There is no 802.1x guest-vlan function on the port. User Guide: The access device will add the port into Guest VLAN if there is no supplicant getting authenticated successfully in a certain stretch of time because of lacking exclusive authentication supplicant system or the version of the supplicant system being too low.
Page 970 Default: dot1x address filter is disabled by default. Usage Guide: When dot1x address filter function is enabled, the switch will filter the authentication user by the MAC address. Only the authentication request initialed by the users in the dot1x address filter table will be accepted.
Page 971 Function: To configure 802.1x free resource; the no form command closes this function. Parameter: <prefix> is the segment for limited resource, in dotted decimal format; <mask> is the mask for limited resource, in dotted decimal format. Command Mode: Global Mode. Default: There is no free resource by default.
Page 972 authenticated exceeds the number of allowed user, additional users will not be able to access the network. Example: Setting port 1/0/3 to allow 5 users. Switch(Config-If-Ethernet1/0/3)#dot1x max-user macbased 5 48.13 dot1x max-user userbased Command: dot1x max-user userbased <number> no dot1x max-user userbased Function: Set the upper limit of the number of users allowed access the specified port when using user-based access control mode;...
Page 973 setting. Parameters: auto enable 802.1x authentication, the port authorization status is determined by the authentication information between the switch and the supplicant; force-authorized sets port to authorized status, unauthenticated data is allowed to pass through the port; force-unauthorized will set the port to non-authorized mode, the switch will not provide authentication for the supplicant and prohibit data from passing through the port.
Page 974: Dot1X Privateclient Enable
This command is used to configure the dot1x authentication method for the specified port. When port based authentication is applied, only one host can authenticate itself through one port. And after authentication, the host will be able to access all the resources. When MAC based authentication is applied, multiple host which are connected to one port can access all the network resources after authentication.
Page 975 To force the authentication client to use private 802.1x authentication protocol. Switch(config)#dot1x privateclient enable 48.17 dot1x privateclient protect enable Command: dot1x privateclient protect enable no dot1x privateclient protect enable Function: Enable the privateclient protect function of the switch, the no command disables the protect function.
Page 976 authentication. Example: Enabling real-time re-authentication on port1/0/8. Switch(config)#dot1x re-authenticate interface ethernet 1/0/8 48.19 dot1x re-authentication Command: dot1x re-authentication no dot1x re-authentication Function: Enables periodical supplicant authentication; the “no dot1x re-authentication” command disables this function. Command mode: Global Mode. Default: Periodical re-authentication is disabled by default. Usage Guide: When periodical re-authentication for supplicant is enabled, the switch will re-authenticate the supplicant at regular interval.
Page 977 Global Mode. Default: The default value is 10 seconds. Usage Guide: Default value is recommended. Example: Setting the silent time to 120 seconds. Switch(config)#dot1x timeout quiet-period 120 48.21 dot1x timeout re-authperiod Command: dot1x timeout re-authperiod <seconds> no dot1x timeout re-authperiod Function: Sets the supplicant re-authentication interval;...
Page 978 no dot1x timeout tx-period Function: Sets the interval for the supplicant to re-transmit EAP request/identity frame; the “no dot1x timeout tx-period” command restores the default setting. Parameters: <seconds> is the interval for re-transmission of EAP request frames, in seconds; the valid range is 1 to 65535.
Page 979: Show Dot1X
Switch(config)#interface ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#dot1x enable 48.24 show dot1x Command: show dot1x [interface <interface-list>] Function: Displays dot1x parameter related information, if parameter information is added, corresponding dot1x status for corresponding port is displayed. Parameters: <interface-list> is the port list. If no parameter is specified, information for all ports is displayed. Command mode: Admin and Configuration Mode.
Page 980 Status Authorized Port-control Auto Supplicant ,A8-F7-E0-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Displayed information Explanation Global 802.1x Parameters Global 802.1x parameter information reauth-enabled Whether re-authentication is enabled or not reauth-period Re-authentication interval quiet-period Silent interval tx-period...
Page 981 Function: Set the global max number of IPv4 controlled/trusted users. Command Mode: Global Configuration Mode. Default Settings: The max IPv4 user number supported by the switch is 128. Usage Guide: This command is for setting the max IPv4 user number supported by the switch, ranging from 1 to 700.
Page 982 Chapter 49 Commands for the Number Limitation Function of MAC and IP in Port, VLAN 49.1 debug ip arp count Command: debug ip arp count no debug ip arp count Function: When the number limitation function debug of ARP in the VLAN, if the number of dynamic ARP and the number of ARP in the VLAN is larger than the max number allowed, users will see debug information.
Page 983 Command Mode: Admin Mode. Usage Guide: Display the debug information of the number of dynamic neighbor in the VLAN. Examples: Switch#debug vlan mac count %Jun 14 16:04:40 2007 Current neighbor count 21 is more than or equal to the maximum limit in vlan 1!! 49.3 debug switchport arp count Command:...
Page 984 When the number limitation function debug of MAC on the port, if the number of dynamic MAC and the number of MAC on the port is larger than the max number allowed, users will see debug information. ”no debug switchport mac count” command is used to disable the number limitation function debug of MAC on the port.
Page 985 49.6 debug vlan mac count Command: debug vlan mac count no debug vlan mac count Function: When the number limitation function debug of MAC in the VLAN, if the number of dynamic MAC and the number of MAC in the VLAN is larger than the max number allowed, users will see debug information.
Page 986 When configuring the max number of dynamic ARP allowed in the VLAN, if the number of dynamically learnt ARP in the VLAN is already larger than the max number to be set, the extra dynamic ARP will be deleted. Examples: Enable the number limitation function of dynamic ARP in VLAN 1, the max number to be set is 50.
Page 987 Switch(Config-if-Vlan1)#no ipv6 nd dynamic maximum 49.9 mac-address query timeout Command: mac-address query timeout <seconds> Function: Set the timeout value of querying dynamic MAC. Parameter: <seconds> is timeout value, in second, ranging from 30 to 300. Default Settings: Default value is 60 seconds. Command Mode: Global mode Usage Guide:...
Page 988 Examples: Display the number of dynamic ARP of the port and VLAN which are configured with number limitation function of ARP. Switch(config)# show arp-dynamic count interface ethernet 1/0/3 Port MaxCount CurrentCount ----------------------------------------------------------------------------------------------------- Ethernet1/0/3 ----------------------------------------------------------------------------------------------------- Switch(config)# show arp-dynamic count vlan 1 Vlan MaxCount CurrentCount...
Page 989 Vlan MaxCount CurrentCount ----------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------- 49.12 show nd-dynamic count Command: show nd-dynamic count {(vlan <1-4096>)| interface ethernet <portName>} Function: Display the number of dynamic ND of corresponding port and VLAN. Parameters: <vlan-id> is play the specified vlan ID. <portName> is the name of layer-2 port. Command Mode: Admin and Configuration Mode.
Page 990 no switchport arp dynamic maximum Function: Set the max number of dynamic ARP allowed by the port, and, at the same time, enable the number limitation function of dynamic ARP on the port; “no switchport arp dynamic maximum” command is used to disable the number limitation function of dynamic ARP on the port. Parameters: <value>...
Page 991 Command Mode: Port mode. Usage Guide: When configuring the max number of dynamic MAC address allowed by the port, if the number of dynamically learnt MAC address on the port is already larger than the max number of dynamic MAC address to be set, the extra dynamic MAC addresses will be deleted.
Page 992 shutdown, the port will be disabled when the MAC address number exceeds the upper limit of secure MAC, and the user can enable the port by configuring no shutdown command manually or the automatic recovery timeout. Example: Set the violation mode as shutdown, the recovery time as 60s for port1. Switch(config)#interface Ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#switchport mac-address violation shutdown recovery 60 49.16 switchport nd dynamic maximum...
Page 993 49.17 vlan mac-address dynamic maximum Command: vlan mac-address dynamic maximum <value> no vlan mac-address dynamic maximum Function: Set the max number of dynamic MAC address allowed in the VLAN, and, at the same time, enable the number limitation function of dynamic MAC address in the VLAN; “no ip mac-address dynamic maximum”...
Page 994 Chapter 50 Commands for AM Configuration 50.1 am enable Command: am enable no am enable Function: Globally enable/disable AM function. Default: AM function is disabled by default. Command Mode: Global Mode. Example: Switch(config)#am enable Disable AM function on the switch. Switch(config)#no am enable 50.2 am port Command:...
Page 995 Switch(Config-If-Ethernet 1/0/3)#no am port 50.3 am ip-pool Command: am ip-pool <ip-address> <num> no am ip-pool <ip-address> <num> Function: Set the AM IP segment of the interface, allow/deny the IP messages or APR messages from a source IP within that segment to be forwarded via the interface. Parameters: <ip-address>...
Page 996 Command Mode: Port Mode. Example: Configure that the interface 1/0/3 of the switch will allow data packets with a source MAC address of 11-22-22-11-11-11 and a source IP address of 10.10.10.1 to be forwarded. Switch(Config-If-Ethernet1/0/3)#am mac-ip-pool 11-22-22-11-11-11 10.10.10.1 50.5 no am all Command: no am all [ip-pool | mac-ip-pool] Function:...
Page 997 Example: Display all configured AM entries. Switch#show am AM is enabled Interface Ethernet1/0/3 am interface am ip-pool 30.10.10.1 20 Interface Ethernet1/0/5 am interface am ip-pool 50.10.10.1 30 am mac-ip-pool 00-02-04-06-08-09 20.10.10.5 am ip-pool 50.20.10.1 20 Interface Ethernet1/0/6 am interface Interface Ethernet1/0/1 am interface am ip-pool 10.10.10.1 20 am ip-pool 10.20.10.1 20...
Page 998 Chapter 51 Commands for TACACS+ 51.1 tacacs-server authentication host Command: tacacs-server authentication host <ip-address> [port <port-number>] [timeout <seconds>] [key <string>] [primary] no tacacs-server authentication host <ip-address> Function: Configure the IP address, listening port number, the value of timeout timer and the key string of the TACACS+ server;...
Page 999 51.2 tacacs-server key Command: tacacs-server key <string> no tacacs-server key Function: Configure the key of TACACS+ authentication server; the “no tacacs-server key” command deletes the TACACS+ server key. Parameter: <string> is the character string of the TACACS+ server key, containing maximum 16 characters. Command Mode: Global Mode Usage Guide:...
Page 1000 Global Mode Usage Guide: The source IP address must belongs to one of the IP interface of the switch, otherwise an failure message of binding IP address will be returned when the switch send TACACS+ packet. We suggest using the IP address of loopback interface as source IP address, it avoids that the packets from TACACS+ server are dropped when the interface link-down.

This manual is also suitable for:

Sgs-6341-24t4x

Planet SGS-6341 Series Command Manual

Chapter 1 Commands for Basic Switch Configuration

Commands for Basic Configuration

Commands for Telnet

Commands for Configuring Switch Ip

Commands for Snmp

Commands for Switch Upgrade

Chapter 2 File System Commands

Copy

Delete

Dir

Format

Mkdir

Pwd

Rename

Rmdir

Cluster Auto-Add

Chapter 3 Commands for Cluster

Clear Cluster Nodes

Cluster Commander

Cluster Ip-Pool

Cluster Keepalive Interval

Cluster Keepalive Loss-Count

Cluster Member

Cluster Member Auto-To-User

Cluster Reset Member

Cluster Run

Cluster Update Member

Debug Cluster

Debug Cluster Packets

Show Cluster

Show Cluster Members

Show Cluster Candidates

Show Cluster Topology

Rcommand Commander

Rcommand Member

Chapter 4 Commands for Network Port Configuration

Commands for Ethernet Port Configuration

Isolate-Port Group

Isolate-Port Group Switchport Interface

Isolate-Port Apply

Show Isolate-Port Group

Chapter 6 Commands for Port Loopback Detection Function

Debug Loopback-Detection

Loopback-Detection Control

Loopback-Detection Control-Recovery Timeout

Loopback-Detection Interval-Time

Loopback-Detection Specified-Vlan

Show Loopback-Detection

Chapter 7 Commands for Uldp

Debug Uldp

Debug Uldp Error

Debug Uldp Event

Debug Uldp Fsm Interface Ethernet

Debug Uldp Interface Ethernet

Debug Uldp Packet

Uldp Aggressive-Mode

Uldp Enable

Uldp Disable

Uldp Hello-Interval

Uldp Manual-Shutdown

Uldp Reset

Show Uldp

Chapter 8 Commands for Lldp Function

Clear Lldp Remote-Table

Debug Lldp

Debug Lldp Packets

Lldp Enable

Lldp Enable (Port)

Lldp Mode

Lldp Msgtxhold

Lldp Neighbors Max-Num

Lldp Notification Interval

Lldp Toomanyneighbors

Lldp Transmit Delay

Lldp Transmit Optional Tlv

Lldp Trap

Lldp Tx-Interval

Show Debugging Lldp

Show Lldp