Page 1: User Guide
Part No. 060202-10 , Rev. E August 2009 Alcatel OS-LS-6200 User Guide www.alcatel.com...
Page 2 Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals.
Page 3 This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions in this guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense.
Page 4: Table Of Contents
Static IP Address and Subnet Mask User Name SNMP Community Strings Advanced Configuration ..................21 Retrieving an IP Address From a DHCP Server Receiving an IP Address From a BOOTP Server Security Management and Password Configuration ...........23 Configuring Security Passwords Introduction...
Page 5 Contents Stacking Members and Unit ID Removing and Replacing Stacking Members Exchanging Stacking Members Switching between the Stacking Master and the Secondary Master Configuring Stacking Resetting the Stack Managing System Logs ..................42 Enabling System Logs Viewing Memory Logs Viewing the Device FLASH Logs Remote Log Configuration Configuring SNTP ....................
Page 6 Defining RMON History Control Viewing the RMON History Table Defining RMON Events Control Viewing the RMON Events Logs Defining RMON Alarms Alcatel Mapping Adjacency Protocol (AMAP) ...........126 Configuring AMAP Viewing Adjacent Devices Configuring LLDP .....................129 Defining LLDP Port Settings Defining Media Endpoint Discovery Network Policy...
Page 7 IP Source Guard ....................182 Configuring IP Source Guard Properties Defining IP Source Guard Interface Settings Adding Interfaces to the IP Source Guard Database Defining the Forwarding Database ..............186 Defining Static Forwarding Database Entries Defining Dynamic Forwarding Database Entries Configuring Spanning Tree ................
Page 8 Defining GARP Defining GVRP Viewing GVRP Statistics Multicast Filtering .....................222 Defining IGMP Snooping Specifying Static Interfaces for a Multicast Group Displaying Interfaces Attached to a Multicast Router Configuring Multicast TV Defining Multicast TV Membership Configuring Triple Play ..................230 Configuring Quality of Service ................231...
Page 9 Entering Commands ..................260 Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands Command Line Processing Command Groups .................... 266 802.1x Commands ...................
Page 10 LLDP Commands .....................338 lldp optional-tlv...
Page 11 (Interface) sntp unicast client enable sntp unicast client poll sntp server show clock show sntp configuration show sntp status Configuration and Image File Commands ............369 copy delete more rename boot system show running-config show startup-config show bootvar Ethernet Configuration Commands ..............
Page 12 IP Addressing Commands ................424...
Page 13 Loopback Detection Commands ..............451 loopback-detection enable loopback-detection enable loopback-detection mode loopback-detection interval show loopback-detection Management ACL Commands ................. 456 management access-list permit (Management) deny (Management)
Page 14 Port Monitor Commands ...................469 port monitor show ports monitor Power over Ethernet Commands ..............471 power inline power inline powered-device power inline priority power inline usage-threshold power inline traps enable show power inline QoS Commands ....................478...
Page 15 Contents show qos map RADIUS Commands ..................507 radius-server host radius-server key radius-server retransmit radius-server source-ip radius-server timeout radius-server deadtime show radius-servers RMON Commands ................... 515 show rmon statistics rmon collection history show rmon collection history show rmon history rmon alarm...
Page 16 Syslog Commands ....................602 logging on logging logging console...
Page 17 DHCP Snooping, IP Source Guard and ARP Inspection Commands ....642 ip dhcp snooping ip dhcp snooping vlan ip dhcp snooping trust...
Page 18 Contents ip dhcp information option ip dhcp snooping verify ip dhcp snooping database ip dhcp snooping database update-freq ip dhcp snooping binding clear ip dhcp snooping database show ip dhcp snooping show ip dhcp snooping binding ip source-guard (global) ip source-guard (interface)
Page 19 Appendix A. Configuration Examples Configuring QinQ ....................716 Configuring Customer VLANs using the CLI ............ 719...
Page 20 Contents Configuring Multicast TV ..................721 Configuring Customer VLANs ................728 Configuring Customer VLANs Using the Web Interface ........728 Appendix B. Software Specifications Software Features ....................732 Management Features ..................733 Standards ......................733 Management Information Bases ...............734 Appendix C. Troubleshooting Problems Accessing the Management Interface ..........736 Using System Logs ...................737...
Page 21 Figure 3-35. SNMP Groups Page Figure 3-36. SNMP Views Page Figure 3-37. SNMP Communities Page Figure 3-38. SNMP Trap Station Management Page Figure 3-39. SNMP Global Trap Settings Page Figure 3-40. Trap Filter Settings Page Figure 3-41. Local Users Page...
Page 22 Figure 3-81. VLAN Settings Page Figure 3-82. Trusted Interface Page Figure 3-83. Binding Database Page Figure 3-84. DHCP Option 82 Page Figure 3-85. ARP Inspection Properties Page Figure 3-86. ARP Inspection Trusted Interface Page Figure 3-87. ARP Inspection List Page xxii...
Page 23 Figure 3-88. VLAN Settings Page Figure 3-89. IP Source Guard Properties Page Figure 3-90. Interface Settings Page Figure 3-91. IP Source Guard Binding Database Page Figure 3-92. Address Tables Home Page Figure 3-93. Static Addresses Page Figure 3-94. Dynamic Addresses Page Figure 3-95.
Page 24 Figure 3-135. Policy Binding Page Figure 3-136. Loopback Detection Overview Page Figure 3-137. Loopback Detection Properties Page Figure 3-138. Loopback Detection Interface Settings Page Figure 3-139. Modify Loopback Detection Interface Settings Page Figure 1. VLAN Basic Information Page Figure 2.
Page 25: Chapter 1: Introduction
The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 26 Enables to add information for the DHCP server on request. IP Source Address Restricts IP traffic on non-routed, Layer 2 interfaces by filtering traffic. This feature Guard is based on the DHCP snooping binding database and on manually configured IP source bindings.
Page 27: Description Of Software Features
Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings. Authentication – This switch authenticates management access via the console port, Telnet or web browser.
Page 28 Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
Page 29 BPDU is utilized when Fast Link ports is enabled and/or if the Spanning Tree Protocol is disabled on ports. If a BPDU message is sent to a port on which STP is disabled, BPDU Guard shuts down the port, and generates a SNMP message.
Page 30 ARP Inspection List. Trusted packets are forward without ARP Inspection. • Untrusted — Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses. The packet is checked for: • Source MAC — Compares the packet’s source MAC address against the sender’s MAC address in the ARP request.
Page 31 GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: •...
Page 32 (Vlans) standard. 802.1p establishes eight levels of priority, similar to the IP Precedence IP Header bit-field. Quality of Service Basic Mode – In the Basic QoS mode, it is possible to activate a trust mode (to trust VPT, DSCP, TCP/UDP or none). In addition, a single Access Control List can be attached to an interface.
Page 33: System Defaults
Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). System Defaults The device is configured with default settings. To reset the device to the default settings, delete the startup configuration. The following table lists some of the basic system defaults.
Page 34 300 sec. Discovery Phase Timeout Interval 30 sec. Rate Limiting Input and output limits disabled Port Trunking Static Trunks up to 8 port in 8 trunks can be defined LACP system priority LACP Port-priority LACP long Broadcast Storm Status disabled...
Page 35 Quality of Service QoS Mode disabled CoS Mapping Cos 0 - queue 1; CoS 1 - queue 1; Cos 2 - queue 1 Cos 3 - queue 1; CoS 4 - queue 2; Cos 5 - queue 2 Cos 6 - queue 3; CoS 7 - queue 3;...
Page 36 Introduction Table 1-2. System Defaults Function Parameter Default Server enabled RADIUS RADIUS server none defined TACACS+ TACACS+ server none defined...
Page 37: Chapter 2: Initial Configuration
• Software Download and Reboot • Startup Menu Functions After completing all external connections, connect a terminal to the device to monitor the boot and other procedures. The order of installation and configuration procedures is illustrated in the following figure. For the initial configuration, the standard device configuration is performed.
Page 38: General Configuration Information
Initial Configuration Figure 2-1. Installation and Configuration General Configuration Information Your device has predefined features and setup configuration.
Page 39: Auto-Negotiation
Note: If the station on the other side of the link attempts to auto-negotiate with a port that is manually configured to full duplex, the auto-negotiation results in the station attempting to operate in half duplex. The resulting mismatch may lead to significant frame loss.
Page 40: Booting The Switch
Initial Configuration The following is an example for enabling flow control on port e1 using CLI commands: interface ethernet Console (config)# 4-380 flowcontrol Console (config-if)# 4-387 The following is an example for enabling back pressure on port e1 using CLI commands.
Page 41 If the system boot is not interrupted by pressing <Esc> or <Enter>, the system continues operation by decompressing and loading the code into RAM. The code starts running from RAM and the list of numbered system ports and their states (up or down) are displayed.
Page 42: Configuration Overview
To manage the switch from a remote network, a static route must be configured, which is an IP address to where packets are sent when no entries are found in the device tables. The configured IP address must belong to the same subnet as one of...
Page 43: User Name
Initial Configuration To configure a static route, enter the command at the system prompt as shown in the following configuration example where 101.1.1.2 is the specific management station: configure Console# interface vlan Console(config)# 4-676 ip address Console(config-if)# 100.1.1.1 255.255.255.0 4-424...
Page 44 • Access rights options: ro (read only), rw (read-and-write) or su (super). • An option to configure IP address or not: If an IP address is not configured, it means that all community members having the same community name are granted the same access rights.
Page 45: Advanced Configuration
DHCP client. To retrieve an IP address from a DHCP server, perform the following steps: Select and connect any port to a DHCP server or to a subnet that has a DHCP server on it, in order to retrieve the IP address.
Page 46: Receiving An Ip Address From A Bootp Server
4-668 console(config)# The interface receives the IP address automatically. To verify the IP address, enter the show ip interface command at the system prompt as shown in the following example. show ip interface Console# Gateway IP Address Activity status...
Page 47: Security Management And Password Configuration
(y/n)[n]? ****************************************************** /*the device reboots */ To verify the IP address, enter the show ip interface command. The device is now configured with an IP address. Security Management and Password Configuration System security is handled through the AAA (Authentication, Authorization, and Accounting) mechanism that manages user access rights, privileges, and management methods.
Page 48: Configuring An Initial Console Password
Initial Configuration a password, it is recommended to always assign a password. If there is no specified password, privileged users can access the Web interface with any password. Configuring an Initial Console Password To configure an initial console password, enter the following commands:...
Page 49: Configuring An Initial Http Password
Enter the following commands once when configuring to use a console, a Telnet, or an SSH session in order to use an HTTPS session. In the Web browser enable SSL 2.0 or greater for the content of the page to appear. rypto certificate generate key_generate...
Page 50: Software Download Through Tftp Server
The switch boots and runs when decompressing the system image from the flash memory area where a copy of the system image is stored. When a new image is downloaded, it is saved in the other area allocated for the additional system image copy.
Page 51: Boot Image Download
To download a boot file through the TFTP server: Ensure that an IP address is configured on one of the device ports and pings can be sent to a TFTP server. Ensure that the file to be downloaded (the .rfb file) is saved on the TFTP server.
Page 52: Startup Menu Functions
Additional configuration functions can be performed from the Startup menu. To display the Startup menu: During the boot process, after the first part of the POST is completed press <Esc> or <Enter> within two seconds after the following message is displayed: Autoboot in 2 seconds -press RETURN or Esc.to abort and enter prom.
Page 53: Figure 2-2. Send File Window
Startup Menu Functions The following sections describe the Startup menu options. If no selection is made within 25 seconds (default), the switch times out and the device continues to load normally. Only technical support personnel can operate the Diagnostics Mode. For this reason, the Enter Diagnostic Mode option of the Startup menu is not described in this guide.
Page 54 Write Flash file name (Up to 8 characters, Enter for none.):config File config (if present) will be erased after system initialization ========Press Enter To Continue ======== Enter config as the name of the flash file. The configuration is erased and the device reboots. Perform the switch’s initial configuration.
Page 55 Erasing flash blocks 1 -63: Done. Password Recovery If a password is lost, use the Password Recovery option on the Startup menu. The procedure enables the user to enter the device once without a password. To recover a lost password for the local terminal only: From the Startup menu, select “4”...
Page 56: Chapter 3: Configuring The Switch
(Internet Explorer 6.0 or above, or Netscape Navigator 6.2 or above). Note: You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Chapter 4: “Command Line Interface.”...
Page 57: Configuration Options
Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply” or “Apply Changes” button to confirm the new setting. The following table summarizes the web page configuration buttons: Table 3-1.
Page 58: Panel Display
Configuring the Switch Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex, or Flow Control (i.e., with or without flow control). Clicking on the image of a port opens the Interface Configuration Page as described on page 3-70.
Page 59: Managing Device Information
• System Location — Defines the location where the system is currently running. The field range is 0-160 characters. • System Contact — Defines the name of the contact person. The field range is 0-160 characters. • System Object ID — Displays the vendor’s authoritative identification of the network management subsystem contained in the entity.
Page 60: Managing Stacking
Stacking provides multiple switch management through a single point as if all stack members are a single unit. All stack members are accessed through a single IP address through which the stack is managed. The stack is managed from the following: •...
Page 61: Understanding The Stack Topology
The devices operate in a Ring topology. A stacked Ring topology is where all devices in the stack are connected to each other forming a circle. Each device in the stack accepts data and sends it to the device to which it is attached. The packet continues through the stack until it reaches its destination.
Page 62: Removing And Replacing Stacking Members
Once the user selects a different Unit ID, it is not erased, and remains valid, even if the unit is reset. Unit ID 1 and Unit ID 2 are reserved for Master enabled units. Unit IDs 3 to 8 can be defined for stack members.
Page 63: Exchanging Stacking Members
MAC addresses are not saved. Each port in the stack has a specific Unit ID, port type, and port number, which is part of both the configuration commands and the configuration files. Configuration files are managed only from the device Stacking Master, including: •...
Page 64: Configuring Stacking
The Stack Management Topology Page allows network managers to either reset the entire stack or a specific device. Device configuration changes that are not saved before the device is reset are not saved. If the Stacking Master is reset, the entire stack is reset.
Page 65: Resetting The Stack
Download the file Open the File Download Page. Select the Firmware Download field. Enter full path and file name of software to be downloaded to device. Select Download to all Units. Reset the stack. CLI – The following is an example of stack management commands:...
Page 66: Managing System Logs
System Log (syslog) server, and displays a list of recent event messages. The default for all logs is information, with the exception of logs in the Remote Log Server, which are errors.
Page 67: Figure 3-8. Logs Settings Page
• Error — Indicates that a device error has occurred, for example, if a single port is offline. • Warning — Indicates the lowest level of a device warning. The device is functioning, but an operational problem has occurred.
Page 68: Viewing Memory Logs
• Emergency — The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location. • Alert — The second highest warning level. An alert log is saved, if there is a serious device malfunction; for example, all device features are down.
Page 69: Figure 3-9. Memory Page
Managing System Logs Figure 3-9. Memory Page...
Page 70: Viewing The Device Flash Logs
Configuring the Switch CLI – The following is an example of the CLI commands used to view memory logs: Console# show logging 4-610 Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max.
Page 71: Remote Log Configuration
• Server — Specifies the IP address of the server to which logs can be sent. • UDP Port — Defines the UDP port to which the server logs are sent. The possible range is 1 - 65535. The default value is 514.
Page 72: Figure 3-11. Remote Log Page
Configuring the Switch is assigned, the first facility is overridden. All applications defined for a device utilize the same facility on a server. The field default is Local 7. The possible field values are Local 0 - Local 7. • Description— Displays the user-defined server description.
Page 73 Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications. File Messages: 0 Dropped (severity). Syslog server 192.180.2.27 logging: errors. Messages: 6 Dropped (severity).
Page 74: Configuring Sntp
You can also manually set the clock using the CLI. If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
Page 75: Polling For Broadcast Time Information
Broadcast server. Message Digest 5 (MD5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.
Page 76: Defining Sntp Authentication
Command Attributes • Enable SNTP Authentication — Indicates if authenticating an SNTP session between the device and an SNTP server is enabled on the device. The possible field values are: • Checked — Authenticates SNTP sessions between the device and SNTP server.
Page 77: Defining Sntp Servers
• SNTP Server — Displays user-defined SNTP server IP addresses. Up to eight SNTP servers can be defined. • Poll Interval — Indicates whether or not the device polls the selected SNTP server for system time information. • Encryption Key ID — Displays the encryption key identification used to communicate between the SNTP server and device.
Page 78: Defining Sntp Interface Settings
• Offset — Indicates the time difference between the device local clock and the acquired time from the SNTP server. • Delay — Indicates the amount of time it takes for a device request to reach the SNTP server. • Remove — Removes SNTP servers from the SNTP server list. The possible field values are: •...
Page 79: Configuring System Time
(SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock using the CLI. If the...
Page 80: Configuring Daylight Savings Time
Daylight Saving Time, Brazilian clocks go forward one hour in most of the Brazilian southeast. • Chile — In Easter Island, from March 9 until October 12. In the rest of the country, from the first Sunday in March or after 9th March.
Page 81 October. • Macedonia — From the last weekend of March until the last weekend of October. • Mexico — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00. • Moldova — From the last weekend of March until the last weekend of October.
Page 82 • United Kingdom — From the last weekend of March until the last weekend of October. • United States of America — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00. Command Attributes •...
Page 83 Mar/08 and 00:00. The possible field values are: • Date — The date on which DST ends. The possible field range is 1-31. • Month — The month of the year in which DST ends. The possible field range is Jan-Dec.
Page 84: Managing System Files
You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can set the switch to use new firmware without overwriting the previous version.
Page 85: Downloading System Files
(\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”).
Page 86: Figure 3-17. File Download Page
Configuring the Switch • Configuration TFTP Server IP Address — Specifies the TFTP Server IP Address from which the configuration files are downloaded. • Configuration Source File Name — Specifies the configuration files to be downloaded. • Configuration Destination File — Specifies the destination file to which to the configuration file is downloaded.
Page 87: Uploading System Files
Managing System Files Uploading System Files The File Upload Page contains fields for uploading the software from the device to the TFTP server. Command Attributes • Firmware Upload — Specifies that the software image file is uploaded. If Firmware Upload is selected, the Configuration Upload fields are grayed out.
Page 88: Copying Files
• Source — Select if the Starting Configuration file, the Running Configuration file, or the Backup file will be copied. • Destination — Specifies the usage for the source file after it is copied. It may be used as a Starting Configuration file, the Running Configuration file, the Backup file, or as a configuration file with a new name.
Page 89: Active Image
• Date – Version’s date • Status – Indicates Image status • Image After Reset – The Image file which is active on the unit after the device is reset. The possible field values are: • Image 1 — Activates Image file 1 after the device is reset.
Page 90: Tcam Resources
In contrast with binary CAM, TCAM allows a third matching state of “X” or “Don’t Care” bits in data searches ( the first two bit types are “0” and “1”), adding more flexibility to searches. However, the need to encode three possible states instead of two also adds greater resource costs.
Page 91 • Stack Unit – Indicates the stacking member for which TCAM resource usage is displayed. • TCAM Utilization – Percentage of the available TCAM resources which are used. For example, if more ACLs and policy maps are defined, the system will use more TCAM resources.
Page 92: Configuring Interfaces
Interfaces can also be designated as PVE ports. PVE ports bypass the Forwarding Database (FDB), and forward all Unicast, Multicast and Broadcast traffic to an uplink. A single uplink can be defined for a protected port.
Page 93 • Max Capability — Indicates that all port speeds and duplex mode settings are accepted. • 10 Half — Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting. • 10 Full — Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting.
Page 94: Figure 3-22. Interface Configuration Page
• LAG — Indicates the LAG of which the port is a member. • PVE — Enables a port to be a Private VLAN Edge (PVE) port. When a port is defined as PVE, it bypasses the Forwarding Database (FDB), and forwards all Unicast, Multicast and Broadcast traffic to an uplink (except MAC-to-me packets).
Page 95: Creating Trunks (Lags)
• All ports in the LAG have the same transceiver type. • The device supports up to eight LAGs, and eight ports in each LAG. • Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG.
Page 96: Configuring Lacp
Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed, set to full-duplex operations. LAG ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling Link Aggregation Control Protocol (LACP) on the relevant links.
Page 97 If the port channel admin key is not set (through the CLI) when a channel group is formed (i.e., it has a null value of 0), this key is set to the same value as the port admin key used by the interfaces that joined the group (lacp admin key).
Page 98: Displaying Port Statistics
Displaying Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.
Page 99 • Port — Defines the specific port for which interface statistics are displayed. • LAG — Defines the specific LAG for which interface statistics are displayed. • Refresh Rate — Defines the amount of time that passes before the interface statistics are refreshed. The possible field values are: •...
Page 100: Etherlike Statistics
Figure 3-25. Statistics Interface Page Etherlike Statistics Command Attributes • Unit No. — Displays the stacking member for which the Etherlike Statistics are displayed. • Interface — Indicates the device for which statistics are displayed. The possible field values are: •...
Page 101: Figure 3-26. Statistics Etherlike Page
Displaying Port Statistics • Late Collisions — Displays the number of late collision frames received on the selected interface. • Oversize Packets — Displays the number of oversized packet errors on the selected interface. • Received Pause Frames — Displays the number of received paused frames on the selected interface.
Page 102: Configuring Ip Information
This section describes how to configure an initial IP interface for management access over the network. The IP address for this switch is unassigned by default. To manually configure an address, you need to change the switch IP address and...
Page 103: Defining Ip Addresses
The IP Interface Page contains fields for assigning IP parameters to interfaces, and for assigning gateway devices. Packets are forwarded to the default IP when frames are sent to a remote network. The configured IP address must belong to the same IP address subnet of one of the IP interfaces.
Page 104: Defining Default Gateways
Configuring the Switch Figure 3-27. IP Interface Page CLI – The following is an example of the CLI commands for defining an IP interface: Console(config)# interface vlan 1 4-676 Console(config-if)# ip address 131.108.1.27 255.255.255.0 4-424 Defining Default Gateways Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway.
Page 105: Configuring Dhcp
DHCP ensures that network devices can have a different IP address every time the device connects to the network. DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch.
Page 106: Configuring Arp
• ARP Entry Age Out — Specifies the amount of time (in seconds) that passes between ARP Table entry requests. Following the ARP Entry Age period, the entry is deleted from the table. The range is 1 - 40000000. The default value is 60000 seconds.
Page 107: Configuring Domain Name Service
192.87.56.2. DNS servers maintain databases of domain names and their corresponding IP addresses. When a client device designates this switch as a DNS server, the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the switch, and waiting for a response.
Page 108 Configuring the Switch • If there is no domain list, the default domain name is used. If there is a domain list, the default domain name is not used. • When an incomplete host name is received by the DNS server on this switch and...
Page 109: Configuring General Dns Server Parameters
• Checked — Removes the selected DNS server • Unchecked — Maintains the current DNS server list. • DNS Server — Displays the DNS server IP address. DNS servers are added in the Add DNS Server Page. • Active Server— Specifies the DNS server that is currently active.
Page 110: Configuring Static Dns Host To Address Entries
IP addresses. If more than one IP address is associated with a host name in the static table or via information returned from a name server, a DNS client can try each address in succession, until it establishes a connection with the target device.
Page 111: Configuring Snmp
Managed devices supporting SNMP contain software, which runs locally on the device and is referred to as an agent. A defined set of variables, known as managed objects, is maintained by the SNMP agent and used to manage the device. These objects are defined in a Management Information Base (MIB) that provides a standard presentation of the information controlled by the agent.
Page 112: Enabling Snmp
A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users.
Page 113: Defining Snmp Users
Users must be configured with a specific security level and assigned to a group. Command Attributes • User Name — Contains a list of user-defined user names. The field range is up to 30 alphanumeric characters. • Group Name — Contains a list of user-defined SNMP groups. SNMP groups are defined in the SNMP Group Profile Page.
Page 114 Web – Click System, SNMP, Security, Users. Click Add to configure a user name. In the New User page, define a name and assign it to a group, then click Apply to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
Page 115: Defining Snmp Group Profiles
Command Attributes • Group Name — Displays the user-defined group to which access control rules are applied. The field range is up to 30 characters. • Security Model — Defines the SNMP version attached to the group. The possible field values are: •...
Page 116: Defining Snmp Views
Web – Click System, SNMP, Security, Groups. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
Page 117: Figure 3-36. Snmp Views Page
Web – Click System, SNMP, Security, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view. Click Back to save the new view and return to the SNMPv3 Views list.
Page 118: Defining Snmp Communities
• Read Write — Management access is read-write and changes can be made to the device configuration, but not to the community. • SNMP Admin — User has access to all device configuration options, as well as permissions to modify the community.
Page 119: Defining Snmp Notification Recipients
• Providing Access Control Checks Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as HP OpenView).
Page 120 • SNMP V2c — Indicates that SNMP Version 2 traps are sent. • UDP Port — Displays the UDP port used to send notifications. The default is 162. • Filter Name — Indicates if the SNMP filter for which the SNMP Notification filter is defined.
Page 121: Defining Snmp Notification Global Parameters
Configuring SNMP • Remove — Deletes the currently selected recipient. The possible field values are: • Checked — Removes the selected recipient from the list of recipients. • Unchecked — Maintains the list of recipients. Web – Click SNMP, Trap Management, Trap Station Management. Define the fields and click Add.
Page 122: Figure 3-39. Snmp Global Trap Settings Page
Configuring the Switch fields and click Apply. Figure 3-39. SNMP Global Trap Settings Page CLI – The following is an example of the SNMP commands for enabling traps: Console(config)# snmp server enable traps 4-364...
Page 123: Defining Snmp Notification Filters
• Object ID Subtree — Displays the OID for which notifications are sent or blocked. If a filter is attached to an OID, traps or informs are generated and sent to the trap recipients. OIDs are selected from either the Select from field or the Object ID field.
Page 124: Configuring User Authentication
• User Name — Displays the user name. • Access Level — Displays the user access level. The lowest user access level is 1 and the highest is 15. Users with access level 15 are Privileged Users, and only they can access and use the EWS.
Page 125: Defining Line Passwords
Configuring User Authentication Figure 3-41. Local Users Page CLI – The following is an example of the CLI commands used for configuring Local Users Passwords: Console(config)# username bob password lee level 15 4-302 Defining Line Passwords Network administrators can define line passwords in the Line Page. After the line password is defined, a management method is assigned to the password.
Page 126: Defining Enable Passwords
Configuring the Switch Apply. Figure 3-42. Line Page CLI – The following is an example of the CLI commands used for configuring Line Passwords. Console(config)# line console 4-443 Console(config-line)# password secret 4-301 Defining Enable Passwords The Enable Page sets a local password for a particular access level.
Page 127: Configuring Authentication Methods
Configuring Authentication Methods Figure 3-43. Enable Page CLI – The following is an example of the CLI commands used for configuring Enable Passwords: Console(config)# enable password level 15 secret 4-301 Configuring Authentication Methods This section provides information for configuring device authentication methods, and includes the following topics: •...
Page 128 For example, if you select (1) RADIUS, (2) TACACS+ and (3) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted using the TACACS+ server, and finally the local user name and password is checked.
Page 129 Configuring Authentication Methods • Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.
Page 130: Defining Profile Rules
• Access Profile Name — Displays the access profile to which the rule is attached. • Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The...
Page 131 SNMP meeting access profile criteria are permitted or denied access to the device. • Source IP Address — Defines the interface source IP address to which the rule applies. • Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address.
Page 132: Defining Authentication Profiles
Configuring the Switch Figure 3-45. Profiles Rules Page CLI – The following is an example of the CLI commands used for configuring Profile Rules: Console(config)# ip http server 4-703 Console(config)# ip https server 4-705 Defining Authentication Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication.
Page 133: Figure 3-46. Authentication Profiles Page
Web – Click System, WebViewMgmt, Authentication, Authentication Profiles, define the fields, and click Apply. Figure 3-46. Authentication Profiles Page CLI – The following is an example of the CLI commands used for configuring Authentication Profiles: Console(config)# aaa authentication login default radius local enable...
Page 134: Mapping Authentication Methods
If the RADIUS server cannot authenticate the management method, the session is permitted. • RADIUS, Local, None — Authentication first occurs at the RADIUS server. If authentication cannot be verified at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is permitted.
Page 135: Figure 3-47. Authentication Mapping Page
If the session cannot be authenticated locally, the session is permitted. Web – Click System, WebViewMgmt, Authentication, Authentication Mapping, define the fields, and click Apply. Figure 3-47. Authentication Mapping Page CLI – The following is an example of the CLI commands used for mapping...
Page 136: Defining Tacacs+ Methods
Default Parameters for the TACACS+ servers. Command Attributes • Source IP Address — Defines the default device source IP address used for the TACACS+ session between the device and the TACACS+ server. • Key String — Defines the default authentication and encryption key for TACACS+ communication between the device and the TACACS+ server.
Page 137: Defining Radius Settings
Configuring Authentication Methods • Status — Indicates the connection status between the device and the TACACS+ server. The possible field values are: • Connected — Indicates there is currently a connection between the device and the TACACS+ server. • Not Connected — Indicates there is not currently a connection between the device and the TACACS+ server.
Page 138 RADIUS server before a failure occurs. The possible field values are 1-10. Three is the default value. • Timeout for Reply — Defines the amount of time (in seconds) the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server.
Page 139: Figure 3-49. Radius Page
Web – Click System, WebViewMgmt, Authentication, RADIUS, define the fields, and click Apply. Figure 3-49. RADIUS Page CLI – The following is an example of the RADIUS CLI Commands: Console(config)# radius-server host 192.168.10.1 auth-port 20 timeout 20 4-507 Console(config)# radius-server key alcatel-server...
Page 140: Managing Rmon Statistics
• Multicast Packets Received — Displays the number of good Multicast packets received on the interface since the device was last refreshed. • CRC & Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed.
Page 141: Figure 3-50. Rmon Statistics Page
1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms.
Page 142: Defining Rmon History Control
For example, the samples may include interface definitions or polling periods. Command Attributes • History Entry No. — Displays the entry number for the History Control Table page. • Source Interface — Displays the interface from which the history samples were taken.
Page 143: Viewing The Rmon History Table
Managing RMON Statistics Figure 3-51. History Control Page CLI – The following is an example of the CLI commands used to view RMON History Control statistics: Console(config)# interface ethernet 1/e1 4-380 Console(config-if)# rmon collection history 1 interval 2400 4-518 Viewing the RMON History Table The History Table Page contains interface specific statistical network samplings.
Page 144: Figure 3-52. History Table Page
• Multicast Packets — Displays the number of good Multicast packets received on the interface since the device was last refreshed. • CRC Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed.
Page 145 Managing RMON Statistics CLI – The following is an example of the CLI commands used to view RMON History Table statistics: Console# show rmon history 1 throughput 4-519 Sample Set: 1 Owner: CLI Interface: 1/e1 Interval: 1800 Requested samples: 50...
Page 146: Defining Rmon Events Control
• Log — Indicates that the event is a log entry. • Trap — Indicates that the event is a trap. • Log and Trap — Indicates that the event is both a log entry and a trap. • None — Indicates that no event occurred.
Page 147: Viewing The Rmon Events Logs
Managing RMON Statistics Figure 3-53. Events Control Page CLI – The following is an example of the CLI commands used to view RMON events Control statistics: Console(config)# rmon event 10 log 4-526 Viewing the RMON Events Logs The Events Logs Page contains a list of RMON events.
Page 148: Defining Rmon Alarms
Configuring the Switch Figure 3-54. Events Logs Page CLI – The following is an example of the CLI commands used to view RMON events Logs: Console> show rmon events 4-526 Index Description Type Community Owner Last time sent ----- -----------...
Page 149 • Rising Event — Displays the mechanism in which the alarms are reported. The possible field values are: • LOG — Indicates there is not a saving mechanism for either the device or in the management system. If the device is not reset, the entry remains in the Log Table.
Page 150: Alcatel Mapping Adjacency Protocol (Amap)
Configuring the Switch Figure 3-55. Alarm Page CLI – The following is an example of the CLI commands used to set RMON alarms: Console(config)# rmon alarm 1000 1.3.6.1.2.1.10.7.2.1.3.51 1000000 1000000 10 20 1 4-522 Alcatel Mapping Adjacency Protocol (AMAP) The AMAP protocol enables a switch to discover the topology of other AMAP-aware devices in the network.
Page 151: Figure 3-56. Amap Settings Page
“Hello” packets to determine that it is still present. • Passive – A port enters this state if there is no response to a Discovery “hello” packet. This is a receive-only state and no “Hello” packets are transmitted. If a “Hello”...
Page 152: Viewing Adjacent Devices
The AMAP Adjacencies Page provides network configuration information about the systems connected to the device. The table displays the IP and MAC addresses of the local port, and the IP and MAC addresses, and VLAN ID of the connected devices.
Page 153: Configuring Lldp
The value represents a multiple of the Updates Interval. The possible field range is 2 - 10. The field default is 4. For example, if the Update Interval is 30 seconds and the Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds.
Page 154: Defining Lldp Port Settings
Figure 3-58. LLDP Properties Page Defining LLDP Port Settings The LLDP Port Settings Page allows network administrators to define LLDP port settings, including the port type, the LLDP port state, and the type of port information advertised. To define LLDP Port Properties: Command Attributes •...
Page 155: Defining Media Endpoint Discovery Network Policy
Detailed network topology information including which device are located on the network, and where these devices are located. For example, what IP phone is connect to what port, what software is running on what switch, and with port is connected to what PC.
Page 156: Defining Lldp Med Port Settings
Streaming Video — Indicates that the network policy is defined for a Streaming Video application. • VLAN ID — Indicates the VLAN ID for which the Network policy is assigned. • VLAN Type — Indicates the VLAN type for which the network policy is defined.
Page 157: Viewing The Lldp Neighbor Information
• Port Displays the port to which the network policy is attached. • LLDP MED Status — Indicates if LLDP is enabled on the device. The possible field values are: – Enable – Enables LLDP MED on the device. –...
Page 158: Viewing Neighbor Information Details
Apply Figure 3-62. LLDP Neighbor Information Page Viewing Neighbor Information Details In the LLDP Neighbor Information Page, click the Details button to open the The Details Neighbor Information Page. The Details Neighbor Information Page displays the information advertised by neighboring ports when advertising LLDP information.
Page 159 • Power Value — Indicates the total power in watts required by a PD device from a PSE device, or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration.
Page 160: Figure 3-63. Details Neighbor Information Page
Configuring the Switch Figure 3-63. Details Neighbor Information Page...
Page 161: Managing Power-Over-Ethernet Devices
Guard Band protects the device from exceeding the maximum power level. For example, if 400W is maximum power level, and the Guard Band is 20W, if the total system power consumption exceeds 380W no additional PoE components can be added.
Page 162: Defining Poe Interfaces
PoE operation status and the interface’s power consumption. Command Attributes • Port — Indicates the specific interface for which PoE parameters are defined and assigned to the powered interface connected the to selected port. • Admin Status — Indicates the device PoE mode. The possible field values are: •...
Page 163 Managing Power-over-Ethernet Devices to the device using the PoE module. • Oper. Status — Indicates if the port is enabled to work on PoE. The possible field values are: • On — Indicates the device is delivering power to the interface.
Page 164: Device Diagnostic Tests
Port mirroring also enables switch performance monitoring. You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.
Page 165 • All mirror sessions have to share the same destination port. • When mirroring port traffic, the target port must be included in the same VLAN as the source port. The Port Mirroring Page contains parameters for monitoring and mirroring of network traffic.
Page 166: Viewing Integrated Cable Tests
Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. Cables up to 120 meters long can be tested. Cables are tested when the ports are in the down state, with the exception of the Approximated Cable Length test.
Page 167: Viewing Optical Transceivers
Web – Click Physical, Diagnostics, Copper Cable, define the fields, and click Test. Figure 3-67. Copper Cable Page CLI – The following is an example of the CLI commands used to test copper cables: Console# show copper-ports cable-length 4-463...
Page 168: Figure 3-68. Optical Transceiver Page
• Unit No. — Indicates the stacking member for which the interface configuration information is displayed. • Port — Displays the IP address of the port on which the cable is tested. • Temperature — Displays the temperature (C) at which the cable is operating.
Page 169: Viewing Device Health
• Not Present —The power supply is currently not present. • Fan Status — The fan status. The number of fans on the boards is provided based on the device type (number of ports) and PoE chips availability. Each fan is denoted as fan plus the fan number in the interface.
Page 170: Figure 3-69. Health Page
Configuring the Switch Celsius Fahrenheit Web – Click Physical, Diagnostics, Health. Figure 3-69. Health Page CLI – The following is an example of the device Health CLI commands: Console# show system 4-629 Unit Type ---- ----------------- Alcatel Unit Main Power Supply...
Page 171: Configuring Traffic Control
Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports. Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
Page 172: Configuring Port Security
MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a packet is received on a locked port, and the packet source MAC address is not tied to that...
Page 173 Configuring Traffic Control port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either: • Forwarded •...
Page 174: Figure 3-71. Port Security Page
• Max Entries — Specifies the number of MAC address that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Set Port field. In addition, the Limited Dynamic Lock mode is selected. The default is 1.
Page 175: X Port-Based Authentication
The RADIUS server verifies the client identity and sends an access challenge back to the client. The EAP packet from the RADIUS server contains not only the challenge, but the authentication method to be used. The client can reject the authentication method and request another, depending on the configuration of the client software and the RADIUS server.
Page 176: Advanced Port-Based Authentication
• Single Host Mode — Only the authorized host can access the port. • Multiple Host Mode — Multiple hosts can be attached to a single port. Only one host must be authorized for all hosts to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are denied access to the network.
Page 177 Disables use of a Guest VLAN for unauthorized ports . This is the default. • Guest VLAN ID — Contains a list of VLANs. The Guest VLAN is selected from the VLAN list. • EAP Frames — Determines how EAP packets are managed when port based authentication is disabled on the device.
Page 178: Figure 3-72. System Information Page
Configuring the Switch Figure 3-72. System Information Page CLI – The following is an example of the device Authentication CLI commands: Console(config)# dot1x system-auth-control 4-270 Console(config)# aaa authentication dot1x default none 4-269...
Page 179: Defining Port Authentication
• Current Port Control — Displays the current port authorization state. • Unauthorized — Indicates that the port control is ForceUnauthorized, the port link is down, or the port control is Auto, but a client has not been authenticated via the port.
Page 180: Modify Port Authentication
• Current Port Control — Displays the current port authorization state. • Unauthorized — Indicates that the port control is ForceUnauthorized, the port link is down, or the port control is Auto, but a client has not been authenticated via the port.
Page 181 All selects all ports for reauthentication. • Authenticator State — Displays the current authenticator state. • Quiet Period — Displays the number of seconds that the device remains in the quiet state following a failed authentication exchange. The possible field range is 0-65535.
Page 182: Configuring Multiple Hosts
• Single Host Mode — Only the authorized host can access the port. • Multiple Host Mode — Multiple hosts can be attached to a single 802.1x-enabled port. Only one host must be authorized for all hosts to access the network. If the...
Page 183: Figure 3-74. Multiple Hosts Page
• Disabled — Indicates that traps are disabled for Multiple hosts. • Trap Frequency — Defines the time period by which traps are sent to the host. The Trap Frequency (1-1000000) field can be defined only if multiple hosts are disabled.
Page 184: Defining Authentication Hosts
Defining Authentication Hosts The Authentication Host Page contains a list of authenticated users. Command Attributes • User Name — Lists the supplicants that were authenticated, and are permitted on each port. • Port — Displays the port number. • Session Time — Displays the amount of time (in seconds) the supplicant was logged on the port.
Page 185 1/e3 Auto Unauthorized 3600 Clark 1/e4 Force-auth Authorized 3600 1/e5 Force-auth Unauthorized* 3600 * Port is down or not present. Console# show dot1x ethernet 1/e3 4-279 802.1x is enabled. Port Admin Mode Oper Mode Reauth Reauth Username Control Period ----...
Page 186: Viewing Eap Statistics
• Port — Indicates the port, which is polled for statistics. • Refresh Rate — Indicates the amount of time that passes before the EAP statistics are refreshed. The possible field values are: • 15 Sec — Indicates that the EAP statistics are refreshed every 15 seconds.
Page 187: Figure 3-76. Statistics Page
• Last Frame Version — Indicates the protocol version number attached to the most recently received EAPOL frame. • Last Frame Source — Indicates the source MAC address attached to the most recently received EAPOL frame. Web – Click Security, 802.1x, Statistics and select an interface.
Page 188 Configuring the Switch LastEapolFrameVersion: 1 LastEapolFrameSource: 00:08:78:32:98:78...
Page 189: Defining Access Control Lists
• Each ACL can have up to 256 Access Control Elements (ACE rules). • The maximum number of ACLs is 894 per port. • You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule.
Page 190: Binding Device Security Acls
Configuring the Switch • The switch does not support the explicit “deny any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
Page 191: Defining Ip Based Access Control Lists
The possible field value is 1-2147483647. • Protocol — Creates an ACE based on a specific protocol. • Select from List — Selects a protocol from a list on which ACE can be based. Some of the possible field values are: •...
Page 192 • ICMP Type — Specifies an ICMP message type for filtering ICMP packets. • ICMP Code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.
Page 193: Defining Mac Based Access Control Lists
Console(config-ip-al)# deny rsvp 192.1.1.1 0.0.0.255 any 4-309 Defining MAC Based Access Control Lists The MAC Based ACL Page allows a MAC- based ACL to be defined. ACEs can be added only if the ACL is not bound to an interface. Command Attributes •...
Page 194 00:AB:22:11:33:00 and the wildcard mask is 00:00:00:00:00:FF, the first two bits of the MAC are used, while the last two bits are ignored. • VLAN ID — Matches the packet’s VLAN ID to the ACE. The possible field values are 1 to 4095.
Page 195: Dhcp Snooping
DHCP Snooping Figure 3-79. MAC Based ACL Page CLI – The following is an example of the MAC Based ACL CLI commands: Console(config)# mac access-list macl-acl1 4-311 Console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6 4-312 Console (config-mac-acl)# deny 66:66:66:66:66:66 4-313...
Page 196: Dhcp Snooping Properties
• Database Update Interval — Indicates how often the DHCP Snooping Data- base is updated. The possible field range is 600 – 86400 seconds. The field default is 1200 seconds. Web – Click Security, Traffic Control, DHCP Snooping, Properties. Define the fields...
Page 197: Defining Dhcp Snooping On Vlans
VLANs. To enable DHCP Snooping on a VLAN, ensure DHCP Snooping is enabled on the device. Command Attributes • VLAN ID — Indicates the VLAN to be added to the Enabled VLAN list. • Enabled VLAN — Contains a list of VLANs for which DHCP Snooping is enabled.
Page 198: Defining Trusted Interfaces
Trusted interfaces are connected to DHCP servers, switches, or hosts which do not require DHCP packet filtering. Trusted interfaces receive packets only from within the network or the network firewall, and are allowed to respond to DHCP requests. Packets sent from an interface outside the network, or from beyond the network firewall, are blocked by trusted interfaces.
Page 199: Binding Addresses To The Dhcp Snooping Database
– LAG — Queries the VLAN database by LAG number. • VLAN ID — Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database. • Type — Displays the IP address binding type. The possible field values are: –...
Page 200: Configuring Option 82
DHCP with Option 82 can be enabled only if DHCP snooping is enabled. Command Attributes • DHCP Option 82 Insertion — Indicates if DHCP Option 82 with data insertion is enabled on the device. The possible field values are: • Enable — Enables DHCP Option 82 with data insertion on the device. If DHCP Option 82 with data insertion is enabled the DHCP server can insert information into DHCP requests.
Page 201: Dynamic Arp Inspection
• Permits two hosts on the same network to communicate and send packets. • Permits two hosts on different packets to communicate via a gateway. • Permits routers to send packets via a host to a different router on the same network.
Page 202: Arp Inspection Properties
Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. If the packet’s IP address was not found in the ARP Inspection List, and DHCP snooping is enabled for a VLAN, a search of the DHCP Snooping Database is performed. If the IP address is found the packet is valid, and is forwarded. ARP...
Page 203: Arp Inspection Trusted Interface Settings
ARP Inspection List. Trusted packets are forward without ARP Inspection. • Untrusted — Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses. The packet is checked for: –...
Page 204: Defining Arp Inspection List
• Units — Indicates the port on which ARP Inspection Trust mode is enabled. • LAGs — Indicates the LAG on which ARP Inspection Trust mode is enabled. • Trust — Indicates if the selected interface is trusted or untrusted. The possible field values are: •...
Page 205: Assigning Arp Inspection Vlan Settings
The VLAN Settings Page assigns static ARP Inspection Lists to VLANs. Command Attributes • VLAN ID — A new VLAN ID that is defined by the user and added to the Enabled VLANs list. • Enabled VLANs — Contains a list of VLANs in which ARP Inspection is enabled.
Page 206: Ip Source Guard
Figure 3-88. VLAN Settings Page IP Source Guard IP Source Guard is a security feature that restricts the client IP traffic to those source IP addresses configured in the binding. IP traffic restrictions are applied according to definitions in both the DHCP Snooping Binding Database and in manually configured IP source bindings.
Page 207: Figure 3-89. Ip Source Guard Properties Page
DHCP Snooping. If source IP address filtering is enabled, packet transmission is permitted as follows: • IPv4 traffic — Only IPv4 traffic with a source IP address that is associated with the specific port is permitted. • Non IPv4 traffic — All non-IPv4 traffic is permitted.
Page 208: Adding Interfaces To The Ip Source Guard Database
• Status — Indicates if IP Source Guard is enabled or disabled. • Enable — Indicates that IP Source Guard is enabled on the interface. • Disable — Indicates that IP Source Guard is disabled on the interface. This is the default value.
Page 209: Figure 3-91. Ip Source Guard Binding Database Page
• Port — Queries the VLAN database by port number. • LAG — Queries the VLAN database by LAG number. • Interface — Displays the VLAN ID to which the IP address is attached in the IP Source Guard Database.
Page 210: Defining The Forwarding Database
An address becomes associated with a port by learning the frame’s source address, but if a frame that is addressed to a destination MAC address is not associated with a port, that frame is flooded to all relevant VLAN ports. To prevent the bridging table from overflowing, a dynamic MAC address, from which no traffic arrives for a set period, is erased.
Page 211: Figure 3-93. Static Addresses Page
• Secure — The MAC Address is defined for locked ports. • Permanent — The MAC address is permanent. • Delete on Reset — The MAC address is deleted when the device is reset. • Delete on Timeout — The MAC address is deleted when a timeout occurs.
Page 212: Defining Dynamic Forwarding Database Entries
Command Attributes • Address Aging — Specifies the amount of time the MAC address remains in the Dynamic MAC Address table before it is timed out, if no traffic from the source is detected. The default value is 300 seconds.
Page 213: Configuring Spanning Tree
Configuring Spanning Tree Figure 3-94. Dynamic Addresses Page CLI – The following is an example of the CLI commands used to define dynamic addresses:. Console# clear bridge 4-325 Console# configure Console(config)# interface vlan 2 4-676 Console(config-if)# bridge multicast address 01:00:5e:02:02:03 4-321 Console(config-if)# bridge multicast forbidden address 0100.5e02.0203 add...
Page 214 STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device.
Page 215: Defining Spanning Tree
• Figure 3-95. Spanning Tree Home Page Defining Spanning Tree You can display a summary of the current bridge STP information that applies to the entire switch using the STP Information screen. Command Attributes • Spanning Tree State — Indicates whether STP is enabled on the device. The possible field values are: •...
Page 216 Root Bridge. This field is significant when the bridge is not the Root Bridge. The default is zero. • Root Path Cost — The cost of the path from this bridge to the Root Bridge. • Topology Changes Counts — Specifies the total amount of STP state changes that have occurred.
Page 217: Defining Stp On Interfaces
• A port on a network segment with no other STP compliant bridging device is always forwarding. • If two ports of a switch are connected to the same segment and there is no other STP device attached to this segment, the port with the smaller ID forwards packets...
Page 218 • Port Fast — Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state...
Page 219: Figure 3-97. Interface Configuration Page
(ports connected to clients) are enabled or when STP feature is disabled. When BPDU guard is enabled on a port, the port is shut down if a BPDU message is received and an appropriate SNMP trap is generated. The port must then be reactivated by using the set interface active command.
Page 220: Defining Rapid Spanning Tree
• Multiple STP — Multiple STP is enabled on the device. • Fast Link Status — Indicates whether Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is automatically placed in the forwarding state.
Page 221: Figure 3-98. Rstp Page
To establish communications over a point-to-point link, the originating PPP first sends Link Control Protocol (LCP) packets to configure and test the data link. After a link is established and optional facilities are negotiated as needed by the LCP, the originating PPP sends Network Control Protocol (NCP) packets to select and configure one or more network layer protocols.
Page 222: Defining Multiple Spanning Tree
Defining Multiple Spanning Tree Multiple Spanning Tree (MSTP) provides differing load balancing scenarios. For example, while port A is blocked in one STP instance, the same port can be placed in the Forwarding state in another STP instance. The MSTP General Page contains information for defining global MSTP settings, including region names, MSTP revisions, and maximum hops.
Page 223: Defining Mstp Instance Settings
• Bridge Priority — Specifies the selected spanning tree instance device priority. The field range is 0-61440. • Designated Root Bridge ID — Indicates the ID of the bridge with the lowest path cost to the instance ID. • Root Port — Indicates the selected instance’s root port.
Page 224: Defining Mstp Interface Settings
• Port — Specifies the port for which the MSTP settings are displayed. • LAG — Specifies the LAG for which the MSTP settings are displayed. • STP Port Status — Indicates if STP is enabled on the port. The possible field values are:...
Page 225 • Enabled — Enables the port for the specific instance. • Disabled — Disables the port for the specific instance. • Type — Indicates whether the port is a Boundary or Master port. The possible field values are: • Boundary Port — Indicates that the port is a Boundary port. A Boundary port attaches MST bridges to LANs in an outlying region.
Page 226: Configuring Vlans
This also provides a more secure and cleaner network environment. An IEEE VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment.
Page 227: Assigning Ports To Vlans
By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs.
Page 228 VLANs to which each end station should be assigned. If an end station (or its network adapter) supports the IEEE VLAN protocol, it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join.
Page 229: Tagged/Untagged Vlans
Configuring VLANs Note: If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports connected to these devices. But you can still enable GVRP on these edge switches, as well as on the core switches in the network.
Page 230: Figure 3-103. Vlan Basic Information Page
• Checked — Removes the selected VLAN. • Unchecked — Maintains VLANs. Web – Click Layer 2, VLAN, VLAN, Basic Information. Figure 3-103. VLAN Basic Information Page CLI – The following is an example of the VLAN Basic Information CLI commands: Console# show vlan 4-694 VLAN...
Page 231: Defining Vlan Membership
Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. The Current Table Page contains parameters for defining VLAN groups: Command Attributes •...
Page 232: Figure 3-104. Current Table Page
Configuring the Switch Name, and VLAN type fields. and define the port settings, and click Apply. Figure 3-104. Current Table Page CLI – The following is an example of the CLI commands used to create VLANs: Console(config)# vlan database 4-674...
Page 233: Defining Vlan Interface Settings
• General — Indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode). • Access — Indicates a port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated.
Page 234: Defining Customer Mapping For Multicast Tv
Console(config-if)# switchport access multicast-tv vlan 20 4-699 Defining Customer Mapping for Multicast TV The Customer Multicast TV VLAN Page assigns ports to a Multicast TV VLAN. This is required for configuring and implementing the Triple Play functionality. Command Attributes • Interface — Defines the VLAN to which the ports are assigned.
Page 235: Mapping Cpe Vlans
Configure the port as Triple Play see Command Attributes • CPE VLAN — Indicates the CPE VLAN which is mapped to the Multicast TV VLAN. • Multicast TV VLAN — Indicates the CPE VLAN which is mapped to the Multicast TV VLAN.
Page 236: Defining Vlan Groups
VLANs can be grouped by MAC address, Subnets, and Protocols. Once a user logs on, the system attempts to classify the user by MAC address. If the user cannot be classified by MAC address, the system attempts to classify the user by Subnet. If the subnet classification is unsuccessful, the system attempts to classify the user by protocol.
Page 237: Configuring Subnet Based Vlan Groups
Defining VLAN Groups • Group ID – Defines the MAC based VLAN ID. The possible field range is 1 - 2147483647. • Remove — If checked, deletes the MAC-Based VLAN Group. Web – Click Layer 2, VLAN, VLAN Groups, MAC-based VLAN Groups. Define the fields and click Apply.
Page 238: Configuring Protocol Based Vlan Groups
The classification places the interface into a protocol group. Command Attributes • Protocol Value — User-defined protocol value. • Group ID – Defines the IP based VLAN ID. The possible field range is 1 - 2147483647. • Remove — If checked, deletes the Protocol Based VLAN Group.
Page 239: Mapping Groups To Vlans
Defining VLAN Groups Figure 3-110. Protocol Based Groups Page CLI – The following is an example of the CLI commands used to create Protocol Based VLAN groups: console(config)# vlan database 4-674 console(config-vlan)# map protocol protocols-group 4-678 console(config-vlan)# switchport general map protocols-group vlan...
Page 240: Defining Garp
• VLAN ID — Attaches the interface to a user-defined VLAN ID. VLAN group ports can either be attached to a VLAN ID or a VLAN name. The possible field range is 1-4093, and 4095 (4094 is not available for configuration).
Page 241: Defining Gvrp
GARP state. Leave time is activated by a Leave All Time message sent/received, and cancelled by the Join message received. Leave time must be greater than or equal to three times the join time. The default value is 60 centiseconds.
Page 242 The GVRP Parameters Page is divided into port and LAG parameters. The field definitions are the same. Command Attributes • GVRP Global Status — Indicates if GVRP is enabled on the device. The possible field values are: • Enable — Enables GVRP on the selected device.
Page 243: Viewing Gvrp Statistics
Defining VLAN Groups Apply. Figure 3-113. GVRP Parameters Page CLI – The following is an example of the GVRP configuration commands: Console(config)# gvrp enable 4-406 Console(config)# interface ethernet 1/e6 4-380 Console(config-if)# gvrp enable 4-406 Console(config-if)# gvrp vlan-creation-forbid 4-409 Console(config-if)# gvrp registration-forbid...
Page 244: Figure 3-114. Gvrp Statistics Page
• Invalid Attribute Length—Displays the device GVRP Invalid Attribute Length statistics. • Invalid Event—Displays the device GVRP Invalid Event statistics. Web – Click Layer 2, VLAN, VLAN, GVRP Statistics. Enable or disable GVRP, define the fields, and click Apply. Figure 3-114. GVRP Statistics Page CLI –...
Page 245 Defining VLAN Groups Join Empty Sent sJIn: Join In Sent sEmp : Empty Sent sLIn: Leave In Sent Leave Empty Sent sLA : Leave All Sent Port rJIn rEmp rLIn sJIn sEmp sLIn...
Page 246: Multicast Filtering
Although this approach reduces the network overhead required by a multicast server, the broadcast traffic must be carefully pruned at every multicast switch/router it passes through to ensure that traffic is only passed on to the hosts which subscribed to this service.
Page 247 (VLAN). The user can set the IGMP Querier mode to either V2 or V3. (Default is V2). When working in IGMPv3 mode and detecting an IGMPv2 message, the switch will automatically change its mode to IGMPv2.
Page 248 • Source IP address — Defines the interface source IP address from which queries are sent. • Auto Learn — Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the device automatically learns where other Multicast groups are located.
Page 249: Specifying Static Interfaces For A Multicast Group
• D — Dynamically joins ports/LAG to the Multicast group in the Current Row. • S — Attaches the port to the Multicast group as static member in the Static Row. The port/LAG has joined the Multicast group statically in the Current Row.
Page 250: Figure 3-117. Multicast Group Page
Multicast frames are flooded to all ports in the relevant VLAN. Disabled is the default value. • VLAN ID — Identifies a VLAN and contains information about the Multicast group address. • Bridge Multicast Address — Identifies the Multicast group MAC address/IP address.
Page 251: Displaying Interfaces Attached To A Multicast Router
The following table summarizes the Multicast settings which can be assigned to ports in the Multicast Forward All Page: • D — Attaches the port to the Multicast router or switch as a dynamic port. • S — Attaches the port to the Multicast router or switch as a static port.
Page 252: Configuring Multicast Tv
VLAN, eliminating television traffic duplication. Ports which receive Multicast Transmissions, or Receiver Ports, can be defined in any VLAN, and not just in the Multicast VLAN. Receiver ports can only receive Multicast transmissions, they cannot initiate a Multicast TV transmission.
Page 253: Defining Multicast Tv Membership
Web – Click Layer 2, Multicast, Multicast TV, IGMP Snooping Mapping, click Add, define the fields, and click Apply. Figure 3-119. IGMP Snooping Mapping Page CLI – The following is an example of the Multicast Forward All CLI commands: console(config)# interface ethernet 1/e21 console(config-if)# switchport access multicast-tv vlan VLAN_ID VLAN ID...
Page 254: Configuring Triple Play
Configuring the Switch Command Attributes • Multicast TV VLAN ID — Indicates the Multicast VLAN ID to which the source ports and receiver ports are members. • Receiver Ports — Indicates the port on which Multicast TV transmissions are received.
Page 255: Configuring Quality Of Service
Each subscriber on a network maintains a Customer Premise Equipment Multi-Connect (CPE MUX) box. The MUX boxes directs network traffic from uplink ports to MUX access ports. MUX access ports are based on VLAN tags located in packet headers. Service provider’s packets are tagged twice. Each packet has an internal tag and an external tag.
Page 256: Access Control Lists
(ACE) is composed of a single classification rule and its action. A single ACL may contain one or more ACEs. The order of the ACEs within an ACL is important, as they are applied in a first-fit manner. The ACEs are processed sequentially, starting with the first ACE. When a packet is matched to an ACE classification, the ACE action is performed and the ACL processing terminates.
Page 257: Mapping To Queues
(see “Advanced QoS Mode”). • Simple — In the simple form, a single (MAC or IP) ACL is applied to an interface. Although a policy cannot be applied to an interface, it is possible to apply basic QoS rules that classify packets to output queues (see “Basic QoS Mode”).
Page 258: Qos Modes
Configuring the Switch is treated as if it had arrived with this tag. The VPT mapping to the output queue is based on the same user-defined 802.1p tag-based definitions. • DSCP — The user can configure the system to use the IP DSCP of the incoming packet to the output priority queues.
Page 259: Enabling Qos
VPT tag than that with which they ingressed. Packets are always assigned a VPT tag of 0 or 1 at the egress. When using trust VPT this caveat does not exist, and packets egress with the same VPT with which they ingressed.
Page 260: Defining Global Queue Settings
Web – Click Policy, General QoS, General, CoS Mode, define the fields, and click Apply. Figure 3-121. CoS Mode Page CLI – The following is an example of the CLI commands used to enable QoS: Console(config)# qos 4-479 Defining Global Queue Settings The Queue Priority Page contains fields for defining the QoS queue forwarding types.
Page 261: Defining Bandwidth Settings
Web – Click Policy, General QoS, General, Queue Priority. Define the fields, and click Apply. Figure 3-122. Queue Priority Page CLI – The following is an example of the CLI commands used to enable QoS: console(config)# priority-queue out num-of-queues 4 4-493...
Page 262 Configuring the Switch • Status — Enables or Disables rate limiting for ingress interfaces. Disable is the default value. • Rate Limit — Defines the rate limit for ingress ports. The possible field values are: Interface Rate 70 Kbps - 1 Gbps, depending on the maximum port speed.
Page 263: Configuring Vlan Rate Limit
QoS rate limiting has priority over VLAN rate limiting. For example, if a packet is subject to QoS rate limits but is also subject to VLAN rate limiting, and the rate limits conflict, the QoS rate limits take precedence.
Page 264: Mapping Cos Values To Queues
Command Attributes • Class of Service — Specifies the VLAN (CoS) priority tag values, where zero is the lowest and 8 is the highest. • Queue — Defines the traffic forwarding queue to which the CoS priority is mapped.
Page 265: Mapping Dscp Values To Queues
Configuring Quality of Service Figure 3-125. CoS to Queue Page CLI – The following is an example of the CLI commands used to map CoS values to forwarding queues: Console(config)# wrr-queue cos-map 2 7 4-492 Mapping DSCP Values to Queues The DSCP Priority Page contains fields for classifying DSCP settings to traffic queues.
Page 266: Defining Basic Qos Settings
Packets entering a QoS domain are classified at the edge of the QoS domain. Command Attributes • Trust Mode — Selects the trust mode. If a packet’s CoS tag and DSCP tag are mapped to different queues, the Trust mode determines the queue to which the packet is assigned.
Page 267: Defining Qos Dscp Rewriting Settings
Configuring Quality of Service Figure 3-127. QoS General Page CLI – The following is an example of the CLI commands used to configure QoS Basic Mode’s general parameters: Console(config)# qos trust dscp 4-500 Defining QoS DSCP Rewriting Settings The DSCP Rewrite Page allows network administrators to rewrite DSCP values.
Page 268: Defining Qos Dscp Mapping Settings
Configuring the Switch Figure 3-128. DSCP Rewrite Page CLI – The following is an example of the CLI commands used to rewrite DSCP values: Console(config)# qos dscp-mutation 4-502 Defining QoS DSCP Mapping Settings When traffic exceeds user-defined limits, use the DSCP Mapping Page to configure the DSCP tag to use in place of the incoming DSCP tags.
Page 269: Defining Qos Class Maps
Command Attributes • Class-Map Name — Displays the user-defined name of the class map. • Preferred ACL — Indicates if packets are first matched to an IP based ACL or a MAC based ACL. • ACL 1 — Contains a list of the user defined ACLs.
Page 270: Defining Policies
Console(config-cmap)# match access-group royrogers 4-482 Defining Policies A policy is a collection of classes, each of which is a combination of a class map and a QoS action to apply to matching traffic. Classes are applied in a first-fit manner within a policy.
Page 271: Defining Tail Drop
Configuring Quality of Service • Ingress Committed Burst Size (CBS) — CBS in bytes per second. This field is only relevant when the Police value is Single. • Exceed Action — Action assigned to incoming packets when limits (CIR) are exceeded.
Page 272: Viewing The Policy Table
Viewing the Policy Table The Policy Table Page provides parameters for defining policies. Command Attributes • Policy Name — Contains a list of user-defined policies that can be attached to the interface. • Remove — Removes policies. • Checked — Removes the selected policies.
Page 273: Adding A Policy
Configuring Quality of Service Figure 3-133. Policy Table Page Adding a Policy In addition to the fields in the Policy Table Page, the Add Policy Table Page contains the following fields: • Class Map — Selects a class map for the class.
Page 274: Viewing Policy Bindings
Configuring the Switch • Ingress Committed Burst Size (CBS) — CBS in bytes per second. This field is only relevant when the Police value is Single. • Exceed Action — Action assigned to incoming packets exceeding the CIR. This field is only relevant when the Police value is Single. Possible values are: •...
Page 275 LAGs — Displays the LAGs and their policy names. The Policy Binding table contains the following fields: • Interface — Selects an interface. • Policy Name — Contains a list of user-defined policies that can be attached to the interface. • Remove — Removes policies.
Page 276: Configuring Loopback Detection
Web – Click Policy, Advanced Mode, Policy Profile, Policy Binding. Define the fields, and click Apply. Figure 3-135. Policy Binding Page CLI – The following is an example of the CLI commands used to bind policies: Console# show policy-map 4-485...
Page 277: Figure 3-136. Loopback Detection Overview Page
When enabling and configuring Loopback Detection: • Enable Loopback Detection system wide. • Enable Loopback Detection on access ports. • If the STP mode is set to Multiple Spanning Tree, Loopback Detection can only be enabled on interfaces where STP is disabled. • Enable Auto-Recovery.
Page 278: Configuring Loopback Detection Globally
Configuring the Switch CLI – The following is an example of the CLI command used to display Loop Detection information: Console> show loopback-detection Loopback detection: Enabled Mode: src-mac-addr LBD packets interval: 30 Seconds Interface Loopback Detection Enabled Enabled Enabled Disabled0...
Page 279: Defining Loopback Detection Interface Settings
Web – Click Layer2, Loopback Detection, Properties. Define the fields, and click Apply. Figure 3-137. Loopback Detection Properties Page CLI – The following is an example of the CLI commands used to configure LBD globally: Console (config)# loopback-detection enable 4-485...
Page 280: Figure 3-138. Loopback Detection Interface Settings Page
Modify Loopback Detection Interface Settings Page The Modify Loopback Detection Interface Settings Page contains the following fields: • Interface — Select the interface for which the Loopback Detection information is displayed. The possible field values are: – Port — Select the port for which the Loopback Detection information is displayed.
Page 281: Figure 3-139. Modify Loopback Detection Interface Settings Page
Configuring Loopback Detection Figure 3-139. Modify Loopback Detection Interface Settings Page CLI – The following is an example of the CLI commands used to configure LBD on a specific interface: Console (config)# interface ethernet 1/e1 4-485 Console (config-if)# loopback-detection enable...
Page 282: Chapter 4: Command Line Interface
IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion.
Page 283 Using the Command Line Interface To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0...
Page 284: Entering Commands
Command Completion If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “logging history” example, typing log followed by a tab will result in printing the command up to “logging.”...
Page 285: Showing Commands
Entering Commands Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL,DHCP, Interface, Line, VLAN Database, or MSTP).
Page 286: Partial Keyword Lookup
Configuration commands, on the other hand, modify interface parameters or enable certain switching functions. These classes are further divided into different modes. Available commands depend on the selected mode. You can always enter a question mark “?” at the prompt to display a list of the commands available for the...
Page 287: Exec Commands
VLAN Database * You must be in Privileged Exec mode to access the Global Configuration mode. You must be in Global Configuration mode to access any of the other configuration modes. Exec Commands When you open a new console session on the switch with the user name and password “guest,”...
Page 288: Configuration Commands
Global Configuration commands. Console#configure Console(config)# To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. Table 4-2. Configuration Command Modes...
Page 289: Command Line Processing
You can use the Tab key to complete partial commands, or enter a partial command followed by the “?” character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing: Table 4-3.
Page 290: Command Groups
Command Line Interface Command Groups The system commands can be broken down into the functional groups shown below Table 4-4. Command Groups Command Group Description Page 802.1x Commands Configures Port based authentication for authenticating system users 4-268 on a per-port basis via a external server.
Page 291 IP Routing Configures static and dynamic unicast routing Multicast Routing Configures multicast routing protocols DVMRP and PIM-DM The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration)
Page 292: X Commands
Specifies one or more authentication, authorization, and 4-269 dot1x accounting (AAA) methods for use on interfaces running IEEE 802.1X. To return to the default configuration, use the no form of this command dot1x Enables 802.1x globally. To return to the default configuration, use...
Page 293: Aaa Authentication Dot1X
VLAN, use the no form of this command. dot1x multiple-hosts Enables multiple hosts (clients) on an 802.1X-authorized port, 4-286 where the authorization state of the port is set to auto. To return to the default configuration, use the no form of this command dot1x...
Page 294: Dot1X System-Auth-Control
Command Usage Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied. To ensure that authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 295: Dot1X Port-Control
Command Usage It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to get immediately to the forwarding state after successful authentication.
Page 296: Dot1X Re-Authentication
The dot1x re-authentication Interface Configuration mode command enables periodic re-authentication of the client. To return to the default configuration, use the no form of this command. Syntax dot1x re-authentication no dot1x re-authentication Default Setting Periodic re-authentication is disabled.
Page 297: Dot1X Timeout Re-Authperiod
The dot1x timeout re-authperiod Interface Configuration mode command sets the number of seconds between re-authentication attempts. To return to the default configuration, use the no form of this command. Syntax dot1x timeout re-authperiod seconds...
Page 298: Dot1X Re-Authenticate
The dot1x timeout quiet-period Interface Configuration mode command sets the number of seconds that the device remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password). To return to the default configuration, use the no form of this command.
Page 299: Dot1X Timeout Tx-Period
802.1x Commands Parameters • seconds — Specifies the time in seconds that the device remains in the quiet state following a failed authentication exchange with the client. (Range: 0 - 65535 seconds) Default Setting Quiet period is 60 seconds. Command Mode...
Page 300: Dot1X Max-Req
Command Line Interface resending the request. To return to the default configuration, use the no form of this command. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period Parameters • seconds — Specifies the time in seconds that the device waits for a response to an EAP-request/identity frame from the client before resending the request.
Page 301: Dot1X Timeout Supp-Timeout
The default number of times is 2. Command Mode Interface Configuration (Ethernet) mode Command Usage The default value of this command should be changed only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients. and authentication servers. Example The following example sets the number of times that the device sends an EAP-request/identity frame to 6 .
Page 302: Dot1X Timeout Server-Timeout
Command Line Interface frame to the client. To return to the default configuration, use the no form of this command. Syntax dot1x timeout supp-timeout seconds no dot1x timeout supp-timeout Parameters • seconds — Time in seconds that the device waits for a response to an EAP-request frame from the client before resending the request.
Page 303: Show Dot1X
Syntax dot1x timeout server-timeout seconds no dot1x timeout server-timeout Parameters • seconds — Time in seconds that the device waits for a response from the authentication server. (Range: 1-65535 seconds) Default Configuration The timeout period is 30 seconds. Command Mode...
Page 304 This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the status of 802.1X-enabled Ethernet ports. Console# show dot1x 802.1x is enabled Port Admin Mode Oper Mode...
Page 305 Username The username representing the identity of the Supplicant. This field shows the username in case the port control is auto. If the port is Authorized, it shows the username of the current user. If the port is unauthorized it shows the last user that was authenticated successfully.
Page 306: Show Dot1X Users
Command Line Interface Tx period The number of seconds that the device waits for a response to an Extensible Authentication Protocol (EAP)-request/identity frame from the client before resending the request. Max req The maximum number of times that the device sends an...
Page 307 The port number. Username The username representing the identity of the Supplicant. Session Time The period of time the Supplicant is connected to the system. Authentication Method Authentication method used by the Supplicant to open the session. MAC Address MAC address of the Supplicant.
Page 308: Show Dot1X Statistics
The show dot1x statistics Privileged EXEC mode command displays 802.1X statistics for the specified interface. Syntax show dot1x statistics ethernet interface Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) Default Configuration This command has no default configuration.
Page 309: Related Commands
802.1x Commands InvalidEapolFramesRx: EapLengthErrorFramesRx: LastEapolFrameVersion: LastEapolFrameSource: 00:08:78:32:98:78 The following table describes the significant fields shown in the display: Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator. EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator.
Page 310: Advanced Features
The dot1x multiple-hosts Interface Configuration mode command enables multiple hosts (clients) on an 802.1X-authorized port, where the authorization state of the port is set to auto. To return to the default configuration, use the no form of this command. Syntax...
Page 311: Dot1X Single-Host-Violation
MAC address only. For unauthenticated VLANs multiple hosts are always enabled. Port security on a port cannot be enabled if the port if multiple hosts are disabled or multiple hosts are enabled with authentication per host.
Page 312: Dot1X Guest-Vlan
Related Commands dot1x multiple-hosts show dot1x advanced dot1x guest-vlan The dot1x guest-vlan Interface Configuration mode command defines a guest VLAN. To return to the default configuration, use the no form of this command. Syntax dot1x guest-vlan no dot1x guest-vlan Default Setting No VLAN is defined as a guest VLAN.
Page 313: Dot1X Guest-Vlan Enable
If the guest VLAN is defined and enabled, the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becomes authorized. To be able to join or leave the guest VLAN, the port should not be a static member of the guest VLAN.
Page 314: Dot1X Mac-Authentication
The dot1x mac-authentication Interface Configuration command enables authentication based on the station’s MAC address. Use the no form of this command to disable MAC authentication. Syntax dot1x mac-authentication {mac-only | mac-and-802.1x} no dot1x mac-authentication Parameters •...
Page 315 This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Examples The following examples display 802.1X advanced features for the device. Switch# show dot1x advanced Guest VLAN: 3978 Unauthenticated VLANs: 91,92 Port Multiple Hosts...
Page 316 Command Line Interface Related Commands dot1x auth-not-req dot1x multiple-hosts dot1x single-host-violation dot1x guest-vlan dot1x guest-vlan enable...
Page 317: Aaa Commands
To return to the default configuration, use the no form of this command. login authentication Specifies the login authentication method list for a remote telnet or 4-296 console. To return to the default configuration specified by the aaa authentication login command, use the no form of this command.
Page 318 Uses the list of all TACACS+ servers for authentication. Default Setting The local user database is checked. This has the same effect as the command aaa authentication login list-name local. Note: On the console, login succeeds without any authentication check if the authentication method is not defined.
Page 319: Aaa Authentication Enable
"$enabx$." where x is the privilege level. Default Setting If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable. On the console, the enable password is used if it exists. If no password is set, the process still succeeds.
Page 320: Login Authentication
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 321: Enable Authentication
The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. To return to the default configuration specified by the aaa authentication enable command, use the no form of this command.
Page 322: Ip Http Authentication
Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Setting The local user database is checked. This has the same effect as the command ip http authentication local. Command Mode Global Configuration mode...
Page 323: Ip Https Authentication
Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Setting The local user database is checked. This has the same effect as the command ip https authentication local. Command Mode Global Configuration mode...
Page 324 Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the authentication configuration. Console# show authentication methods Login Authentication Method Lists ---------------------------------...
Page 325: Password
Syntax no enable password [level level] password [encrypted] no enable password [level level] Parameters • password — Password for this level (Range: 1-159 characters). • level — Level for which the password applies. If not specified the level is 15...
Page 326: Username
Global Configuration mode Command Usage There are no user guidelines for this command. Example The following example sets local level 15 password secret to control access to user and privilege levels. Console(config)# enable password level 15 secret Related Commands show privilege...
Page 327: Show Users Accounts
AAA Commands Example The following example configures user bob with password lee and user level 15 to the system. Console(config)# username bob password lee level 15 Related Commands show privilege show users accounts The show users accounts Privileged EXEC mode command displays information about the local user database.
Page 328 Command Line Interface Lockout If lockout control is enabled, specifies the number of failed authentication attempts since the user last logged in successfully. If the user account is locked, specifies LOCKOUT.
Page 329: Ip-Access-List
• name — Specifies the name of the ACL. Default Setting The default for all ACLs is deny-all. Command Mode Global Configuration mode Command Usage Up to 1018 rules can be defined on the device, depending on the type of rule defined.
Page 330: Permit (Ip)
• destination — Specifies the destination IP address of the packet. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255. • destination-wildcard — Specifies wildcard to be applied to the destination IP address. Use 1s in bit positions to be ignored.. Specify any to indicate IP...
Page 331 ACL Commands address 0.0.0.0 and mask 255.255.255.255. • protocol — Specifies the abbreviated name or number of an IP protocol. (Range: 0-255) The following table lists protocols that can be specified: IP Protocol Abbreviated Name Protocol Number Internet Control Message Protocol...
Page 332 • list-of-flags — Specifies a list of TCP flags that can be triggered. If a flag is set, it is prefixed by “+”. If a flag is not set, it is prefixed by “-”. Possible values: +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin.
Page 333: Deny (Ip)
• disable-port — Specifies the ethernet interface is disabled if the condition is matched. • source — Specifies the IP address or host name from which the packet was sent. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255.
Page 334 • flags list-of-flags — List of TCP flags that should occur. If a flag should be set it is prefixed by "+".If a flag should be unset it is prefixed by "-". Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin.
Page 335: Mac Access-List
Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the defined conditions are denied.
Page 336: Permit (Mac)
• source-wildcard — Specifies wildcard bits to be applied to the source MAC address. Use 1s in bit positions to be ignored. • destination — Specifies the MAC address of the host to which the packet is being sent. • destination-wildcard — Specifies wildcard bits to be applied to the destination MAC address.
Page 337: Deny (Mac)
Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
Page 338 Command Line Interface placing 1s in bit positions to be ignored. • destination — Specifies the MAC address of the host to which the packet is being sent. • destination-wildcard — (Optional for the first type) Specifies wildcard bits by placing 1s in bit positions to be ignored.
Page 339: Service-Acl
ACL Commands show access-lists service-acl The service-acl Interface Configuration mode command applies an ACL to the input interface. To detach an ACL from an input interface, use the no form of this command. Syntax service-acl {input acl-name} no service-acl {input} Parameters •...
Page 340: Show Interfaces Access-Lists
This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays ACLs applied to the interfaces of a device: Console# show interfaces access-lists Interface Input ACL...
Page 341 ACL Commands --------- --------- 1/e1 ACL1 2/e1 ACL3 Related Commands service-acl...
Page 342: Address Table Commands
Configures the maximum number of addresses that can be 4-327 learned on the port while the port is in port security mode. To return to the default configuration, use the no form of this command. port security routed Adds a MAC-layer secure address to a routed port.
Page 343: Bridge Address
• mac-address — A valid MAC address. • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number. • permanent — The address can only be deleted by the no bridge address command. • delete-on-reset — The address is deleted after reset.
Page 344: Bridge Multicast Filtering
If multicast devices exist on the VLAN, do not change the unregistered multicast addresses state to drop on the switch ports. If multicast devices exist on the VLAN and IGMP-snooping is not enabled, the bridge multicast forward-all command should be used to enable forwarding all multicast packets to the multicast switches.
Page 345: Bridge Multicast Address
| port-channel port-channel-number-list} no bridge multicast address {mac-multicast-address} Parameters • add — Adds ports to the group. If no option is specified, this is the default option. • remove — Removes ports from the group. • mac-multicast-address — A valid MAC multicast address.
Page 346: Bridge Multicast Forbidden Address
• interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; hyphen is used to designate a range of ports. • port-channel-number-list — Separate nonconsecutive valid port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels. Default Setting No forbidden addresses are defined.
Page 347: Bridge Multicast Forward-All
• interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports. • port-channel-number-list — Separate nonconsecutive port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels. Default Setting This setting is disabled.
Page 348: Bridge Multicast Forbidden Forward-All
• interface-list — Separates nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports. • port-channel-number-list — Separates nonconsecutive port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels. Default Setting This setting is disabled.
Page 349: Bridge Aging-Time
Address Table Commands bridge aging-time The bridge aging-time Global Configuration mode command sets the address table aging time. To restore the default configuration, use the no form of this command. Syntax bridge aging-time seconds no bridge aging-time Parameters • seconds — Time in seconds. (Range: 10-630 seconds) Default Setting The default is 300 seconds.
Page 350: Port Security
• discard-shutdown — Discards packets with unlearned source addresses. The port is also shut down. • seconds — Sends SNMP traps and defines the minimum amount of time in seconds between consecutive traps. (Range: 1-1000000) Default Setting This setting is disabled.
Page 351: Port Security Max
The port security max Interface Configuration (Ethernet, port-channel) mode command configures the maximum number of addresses that can be learned on the port while the port is in port security mode. To return to the default configuration, use the no form of this command.
Page 352: Port Security Routed Secure-Address
The command enables adding secure MAC addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode. The address is deleted if the port exits the security mode or is not a routed port.
Page 353: Show Bridge Address-Table
Command Usage Internal usage VLANs (VLANs that are automatically allocated on ports with a defined Layer 3 interface) are presented in the VLAN column by a port number and not by a VLAN ID. "Special" MAC addresses that were not statically defined or dynamically learned are displayed in the MAC address table.
Page 354: Show Bridge Address-Table Static
Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example In this example, all static entries in the bridge-forwarding database are displayed. Console# show bridge address-table static Aging time is 300 sec Vlan Mac Address...
Page 355: Show Bridge Multicast Address-Table
Privileged EXEC mode Command Usage There are no user guidelines for this command. Example In this example, the number of addresses present in all VLANs are displayed. Console# show bridge address-table count This may take some time. Capacity : 8192...
Page 356 This command has no default configuration. Command Mode Privileged EXEC mode Command Usage A MAC address can be displayed in IP format only if it is in the range of 0100.5e00.0000-0100.5e7f.ffff. Example In this example, multicast MAC address and IP address table information is displayed.
Page 357: Show Bridge Multicast Address-Table Static
[vlan vlan-id] [address mac-multicast-address | ip-multicast-address] [source ip-address] Parameters • vlan-id — Indicates the VLAN ID. This has to be a valid VLAN ID value. • mac-multicast-address — A valid MAC multicast address. • ip-multicast-address — A valid IP multicast address.
Page 358: Show Ports Security
This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command. Example In this example, the multicast configuration for VLAN 1 is displayed. Console# show bridge multicast filtering 1 Filtering: Enabled VLAN: 1 Port Forward-Unregistered...
Page 359 This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example In this example, all classes of entries in the port-lock status are displayed: Console# show ports security Port Status Learning Action...
Page 360: Show Ports Security Addresses
This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Examples In this example, dynamic addresses in currently locked ports are displayed. Console# show ports security addresses Port Status Learning Current...
Page 361 Address Table Commands In this example, dynamic addresses in currently locked port 1/e1 are displayed. Console# show ports security addresses ethernet 1/e1 Port Status Learning Current Maximum ---- -------- -------- ------- ------- 1/e1 Disabled Lock...
Page 362: Lldp Optional-Tlv
EXEC mode. lldp optional-tlv The lldp optional-tlv Interface Configuration (Ethernet) mode command specifies which optional TLVs from the basic set should be transmitted. To revert to the default setting, use the no form of this command. Syntax lldp optional-tlv tlv1 [tlv2 …...
Page 363: Lldp Med Enable
The lldp med enable Interface Configuration (Ethernet) mode command enables the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) on an interface. To disable LLDP MED on an interface, use the no form of this command. Syntax lldp med enable [tlv1 … tlv3]...
Page 364: Lldp Med Network-Policy (Interface)
Command Line Interface lldp med network-policy (global) The lldp med network-policy Global Configuration mode command defines the LLDP MED network policy. To remove LLDP MED network policy, use the no form of this command. Syntax lldp med network-policy number application [vlan id] [vlan-type {tagged |...
Page 365: Lldp Med Location
Interface Configuration (Ethernet) mode Command Usage There are no guidelines for this command. Example In this example, an LLDP MED network policy is attached to an Ethernet port. Console (config)# interface ethernet 1/e1 Console (config-if)# lldp med network-policy 1 lldp med location...
Page 366: Clear Lldp Rx
Interface Configuration (Ethernet) mode Command Usage There are no guidelines for this command. Example In this example, the LLDP MED location information for an Ethernet port is specified as civic-address. Console (config)# interface ethernet 1/e1 Console (config-if)# lldp med location civic-address a1:b2:c3:d4:e5:ff...
Page 367: Show Lldp Med Configuration
LLDP Commands Command Usage There are no guidelines for this command. Example In this example, the LLDP configuration is displayed for an Ethernet port. Console# show lldp configuration ethernet 1/e1 Timer: 30 Seconds Hold multiplier: 4 Reinit delay: 2 Seconds...
Page 368: Show Lldp Local
---------- ---------- Network Policies: 1 show lldp local The show lldp local Privileged EXEC mode command in privileged EXEC mode displays the Link Layer Discovery Protocol (LLDP) information that is advertised from a specific port. Syntax show lldp local ethernet interface Parameters •...
Page 369: Lldp Commands
Power priority: High Power value: 9.6 Watts LLDP-MED Location Coordinates: 54:53:c1:f7:51:57:50:ba:5b:97:27:80:00:00:67:01 show lldp neighbors The show lldp neighbors Privileged EXEC mode command displays information about neighboring devices discovered using Link Layer Discovery Protocol (LLDP). Syntax show lldp neighbors [ethernet interface] Parameters •...
Page 370: Command Usage
DSCP: 0 LLDP-MED Power over Ethernet Device Type: Power Device Power source: Primary power Power priority: High Power value: 9.6 Watts LLDP-MED Inventory Hardware revision: 2.1 Firmware revision: 2.3 Software revision: 2.7.1 Location information, if it exists, should be displayed too.
Page 371 The following table describes significant LLDP fields: Field Description Port The port number. Device ID The configured ID (name) or MAC address of the neighbor device. Port ID The port ID of the neighbor device. Hold time The remaining amount of time, in seconds, the current device will hold the LLDP advertisement from the neighbor device before discarding it.
Page 372 Critical, High and Low. Power value Indicates the total power in watts required by a PD device from a PSE device, or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration.
Page 373: Amap Commands
“Hello” packets to determine that it is still present. • Passive — A port enters this state if there is no response to a Discovery “hello” packet. This is a receive-only state and no “Hello” packets are transmitted. If a “Hello”...
Page 374: Amap Discovery Time
Command Line Interface amap discovery time The time (in seconds) that switch ports in the Discovery state wait for a response to a “Hello” packet from an adjacent switch. Syntax amap discovery time seconds no amap discovery time Parameters • seconds — Discovery transmission timeout value in seconds...
Page 375: Default Setting
AMAP Commands Syntax show amap Default Setting None Command Mode Privileged Executive Example Console# show amap Operational Status: active, Common Phase Timeout Interval (seconds) = 300, Discovery Phase Timeout Interval (seconds) = 30. Console#...
Page 376: Clock Commands
Sets the polling time for the Simple Network Time Protocol 4-359 (SNTP) client. To return to default configuration, use the no form of this command.
Page 377: Clock Set
(hh: 0 - 23, mm: 0 - 59, ss: 0 - 59). • day — Current day (by date) in the month (1 - 31). • month — Current month using the first three letters by name (Jan, …, Dec). • year — Current year (2000 - 2097).
Page 378: Clock Source
Command Line Interface clock source The clock source Global Configuration mode command configures an external time source for the system clock. Use no form of this command to disable external time source. Syntax clock source {sntp} no clock source Parameters •...
Page 379: Clock Summer-Time
The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). To configure the software not to automatically switch to summer time, use the no form of this command. Syntax...
Page 380 All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is chronologically after the ending month, the system assumes that you are in the southern hemisphere.
Page 381: Sntp Authentication-Key
The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol (SNTP) traffic from servers. To disable the feature, use the no form of this command. Syntax sntp authenticate...
Page 382: Sntp Trusted-Key
The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the no form of this command. Syntax...
Page 383: Sntp Client Poll Timer
Command Mode Global Configuration mode Command Usage The command is relevant for both received unicast and broadcast. If there is at least 1 trusted key, then unauthenticated messages will be ignored. Example The following example authenticates key 8. Console(config)# sntp authentication-key 8 md5 ClkKey...
Page 384: Sntp Broadcast Client Enable
Command Line Interface Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 120 seconds. Console(config)# sntp client poll timer 120 Related Commands sntp authentication-key sntp authenticate sntp trusted-key sntp broadcast client enable...
Page 385: Sntp Anycast Client Enable
The sntp anycast client enable Global Configuration mode command enables SNTP anycast client. To disable the SNTP anycast client, use the no form of this command. Syntax sntp anycast client enable...
Page 386: Sntp Unicast Client Enable
The sntp unicast client enable Global Configuration mode command enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. To disable requesting and accepting SNTP traffic from servers, use the no form of this command.
Page 387: Sntp Unicast Client Poll
Clock Commands Example The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. Console(config)# sntp unicast client enable Related Commands sntp authentication-key sntp authenticate sntp trusted-key sntp client poll timer...
Page 388: Sntp Server
The sntp server Global Configuration mode command configures the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from a specified server. To remove a server from the list of SNTP servers, use the no form of this command.
Page 389: Show Clock
Clock Commands Related Commands sntp anycast client enable sntp unicast client enable show clock The show clock User EXEC mode command displays the time and date from the system clock. Syntax show clock [detail] Parameters • detail — Shows timezone and summertime configuration.
Page 390: Show Sntp Configuration
Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the current SNTP configuration of the device. Console# show sntp configuration Polling interval: 7200 seconds MD5 Authentication keys: 8, 9 Authentication is required for synchronization.
Page 391: Show Sntp Status
(Interface) sntp unicast client enable show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status Default Setting This command has no default configuration.
Page 392: Sntp Server
Server Status Last Response Offset Delay [mSec] [mSec] ----------- ------- ---------------------------- ------ ------ 176.1.1.8 19:58:22.289 PDT Feb 19 2002 7.33 117.79 176.1.8.179 Unknown 12:17.17.987 PDT Feb 19 2002 8.98 189.19 Anycast server: Server InterfaceStatus Last Response Offset Delay [mSec] [mSec]...
Page 393: Configuration And Image File Commands
Displays the contents of the currently running configuration file. 4-376 show startup-config Displays the contents of the startup configuration file. 4-377 show startup-config Displays the active system image file that is loaded by the device 4-378 at startup. copy The copy Privileged EXEC mode command copies files from a source to a destination.
Page 394 Command Line Interface Image file on one of the units. To copy from the master to all units, unit://member/ specify * in the member field. image Boot file on one of the units. To copy from the master to all units, unit://member/ specify * in the member field.
Page 395 Configuration and Image File Commands To copy an image file from a server to flash memory, use the copy source-url image command. Copying a Boot File from a Server to Flash Memory To copy a boot file from a server to flash memory, enter the copy source-url boot command.
Page 396: Delete
The delete Privileged EXEC mode command deletes a file from a flash memory device. Syntax delete url Parameters • url — The location URL or reserved keyword of the file to be deleted. (Range: 1-160 characters) The following table displays keywords and URL prefixes: Keyword Source or Destination flash: Source or destination URL for flash memory.
Page 397 Console# delete flash:test Delete flash:test? [confirm] Related Commands copy show running-config show startup-config The dir Privileged EXEC mode command displays the list of files on a flash file system. Syntax Default Configuration This command has no default configuration. Command Mode...
Page 398: More
The more Privileged EXEC mode command displays a file. Syntax more url Parameters • url — The location URL or reserved keyword of the source file to be copied. (Range: 1-160 characters) The following table displays keywords and URL prefixes: Keyword...
Page 399: Rename
The following table displays keywords and URL prefixes: Keyword Source or Destination flash: Source or destination URL for flash memory. It’s the default in case a URL is specified without a prefix Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode Command Usage *.sys and *.prv files cannot be renamed.
Page 400: Boot System
• image-1 — Specifies image 1 as the system startup image. • image-2 — Specifies image 2 as the system startup image. Default Setting If the unit number is unspecified, the default setting is the master unit number. Command Mode Privileged EXEC mode Command Usage Use the show bootvar command to find out which image is the active image.
Page 401: Show Startup-Config
Configuration and Image File Commands Example The following example displays the contents of the running configuration file. Console# show running-config software version 1.1 hostname device interface ethernet 1/e1 ip address 176.242.100.100 255.255.255.0 duplex full speed 1000 interface ethernet 1/e2 ip address 176.243.100.100 255.255.255.0...
Page 402: Show Bootvar
This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the active system image file that is loaded by the device at startup. Console# show bootvar Image Filename Version...
Page 403 Configuration and Image File Commands “*" designates that the image was selected for the next boot Console# Related Commands boot system...
Page 404: Ethernet Configuration Commands
Displays the storm control configuration. 4-400 interface ethernet The interface ethernet Global Configuration mode command enters the Interface Configuration mode to configure an Ethernet type interface. The system supports up-to five IP addresses per device. Syntax interface ethernet interface...
Page 405: Interface Range Ethernet
{port-range | all} Parameters • port-range — List of valid ports. Where more than one port is listed, separate nonconsecutive ports with a comma and no spaces, use a hyphen to designate a range of ports and group a list separated by commas in brackets.
Page 406: Shutdown
Command Usage Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.
Page 407: Description
The description Interface Configuration (Ethernet, port-channel) mode command adds a description to an interface. To remove the description, use the no form of this command. Syntax description string no description Parameters •...
Page 408: Speed
Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage The no speed command in a port-channel context returns each port in the port-channel to its maximum capability. Example The following example configures the speed operation of Ethernet port 1/e5 to 100 Mbps operation.
Page 409: Duplex
When configuring a particular duplex mode on the port operating at 10/100 Mbps, disable the auto-negotiation on that port. Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps. Example The following example configures the duplex operation of Ethernet port 1/e5 to full duplex operation.
Page 410: Negotiation
• capability — Specifies the capabilities to advertise. (Possible values: 10h, 10f, 100h,100f, 1000f) Default Setting Auto-negotiation is enabled. If unspecified, the default setting is to enable all capabilities of the port. Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage...
Page 411: Flowcontrol
Ethernet Configuration Commands flowcontrol The flowcontrol Interface Configuration (Ethernet, port-channel) mode command configures flow control on a given interface. To disable flow control, use the no form of this command. Syntax flowcontrol {auto | on | off} no flowcontrol Parameters •...
Page 412: Back-Pressure
On: It is possible to connect to a PC only with a normal cable and to connect to another device only with a cross cable. No: It is possible to connect to a PC only with a cross cable and to connect to another device only with a normal cable.
Page 413: Clear Counters
Interface Configuration (Ethernet) mode Command Usage The back pressure Interface Configuration mode command enables back pressure on half duplex mode only, therefore it can not be configured on a channel port. Example In the following example back pressure is enabled on port 1/e5.
Page 414: Set Interface Active
This command has no default configuration. Command Mode Privileged EXEC mode Command Usage This command is used to activate interfaces that were configured to be active, but were shutdown by the system for some reason (e.g., port security). Example The following example reactivates interface 1/e5.
Page 415 Ethernet Configuration Commands Syntax show interfaces advertise [ethernet interface | port-channel port-channel-number] Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) • port-channel-number — Valid port-channel number. Default Setting This command has no default configuration. Command Modes Privileged EXEC mode Command Usage There are no user guidelines for this command.
Page 416: Show Interfaces Configuration
100M-Copper Enabled 100M-Copper Enabled Related Commands negotiation show interfaces configuration The show interfaces configuration Privileged EXEC mode command displays the configuration for all configured interfaces. Syntax show interfaces configuration ethernet interface | port-channel port-channel-number | interface] Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) •...
Page 417: Show Interfaces Status
The show interfaces status Privileged EXEC mode command displays the status of all configured interfaces. Syntax show interfaces status ethernet interface| port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port)
Page 418: Privileged Exec Mode
This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the status of all configured interfaces: Console# show interfaces status Port Type Duplex Speed...
Page 419: Show Interfaces Description
The show interfaces description Privileged EXEC mode command displays the description for all configured interfaces. Syntax show interfaces description [ethernet interface | port-channel port-channel-number] Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) •...
Page 420: Show Interfaces Counters
Description ---- ----------- Related Commands description show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) •...
Page 421 ----------- ----------- -------- 27889 OutUcastPkts OutMcastPkts OutBcastPkts OutOctets ------------ ------------ ------------ --------- 23739 The following example displays counters for Ethernet port 1/e1. Console# show interfaces counters ethernet 1/e1 Port InUcastPkts InMcastPkts InBcastPkts InOctets ------ ------------ ----------- ----------- ----------- 1/e1 183892...
Page 422: Port Storm-Control Broadcast Enable
Counted received frames that are an integral number of octets in length but do not pass the FCS check. Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully. Late Collisions Number of times that a collision is detected later than one slotTime into the transmission of a packet.
Page 423: Port Storm-Control Broadcast Rate
Syntax port storm-control broadcast rate rate no port storm-control broadcast rate Parameters • rate — Maximum kilobits per second of broadcast and multicast traffic on a port. Default Setting The default value is 3500 Kbits/Sec. Command Mode...
Page 424: Show Ports Storm-Control
Command Line Interface Related Commands port storm-control broadcast enable show ports storm-control show ports storm-control The show ports storm-control User/Privileged EXEC mode command displays the storm control configuration. Syntax show ports storm-control [interface] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) Default Setting This command has no default configuration.
Page 425 Ethernet Configuration Commands Related Commands port storm-control broadcast enable port storm-control broadcast rate...
Page 426: Errdisable Recovery Cause
4-404 interfaces errdisable recovery cause The errdisable recovery cause Global Configuration mode command enables automatic reactivation of an interface after Errdisable shutdown. Use the no form of this command to disable automatic reactivation. Syntax errdisable recovery cause {lbd} no errdisable recovery cause Parameters •...
Page 427: Errdisable Recovery Interval
The errdisable recovery interval Global Configuration mode command sets the errdisable recovery timeout interval. Use the no form of this command to reset the interval to its default value. Syntax errdisable recovery interval seconds...
Page 428: Show Errdisable Interfaces
Disabled Related Commands errdisable recovery cause errdisable recovery interval show errdisable interfaces show errdisable interfaces The show errdisable interfaces command displays the interfaces in the Errdisable state. Syntax show errdisable interfaces {ethernet interface | port-channel port-channel-number} Parameters • interface — Specifies the interface number...
Page 429 This command has no default configuration. Command Mode EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the interfaces in the Errdisable state. Console# show errdisable interfaces Interface Reason Automatic recovery ---------...
Page 430: Gvrp Enable (Global)
Table 4-15. GVRP Commands Command Function Mode Page gvrp enable (Global) Enables GVRP globally. To disable GVRP on the device, use the 4-406 no form of this command. gvrp enable Enables GVRP on an interface. To disable GVRP on an interface,...
Page 431: Gvrp Enable (Interface)
Related Commands gvrp enable (Interface) gvrp enable (Interface) The gvrp enable Interface Configuration (Ethernet, port-channel) mode command enables GVRP on an interface. To disable GVRP on an interface, use the no form of this command. Syntax gvrp enable no gvrp enable Default Setting GVRP is disabled on all interfaces.
Page 432: Garp Timer
The timer_value value must be a multiple of 10. You must maintain the following relationship for the various timer values: • Leave time must be greater than or equal to three times the join time. • Leave-all time must be greater than the leave time.
Page 433: Gvrp Vlan-Creation-Forbid
The gvrp registration-forbid Interface Configuration (Ethernet, port-channel) mode command deregisters all dynamic VLANs on a port and prevents VLAN creation or registration on the port. To allow dynamic registration of VLANs on a port, use the no form of this command.
Page 434: Clear Gvrp Statistics
Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines for this command. Example The following example forbids dynamic registration of VLANs on Ethernet port 1/e6. Console(config)# interface ethernet 1/e6 Console(config-if)# gvrp registration-forbid Related Commands gvrp enable (Interface)
Page 435: Show Gvrp Configuration
Related Commands show gvrp statistics show gvrp error-statistics show gvrp configuration The show gvrp configuration User EXEC mode command displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports are running GVRP. Syntax...
Page 436: Show Gvrp Statistics
Command Line Interface gvrp vlan-creation-forbid clear gvrp statistics show gvrp statistics The show gvrp statistics User EXEC mode command displays GVRP statistics. Syntax show gvrp statistics [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) •...
Page 437: Show Gvrp Error-Statistics
GVRP Commands show gvrp error-statistics show gvrp error-statistics The show gvrp error-statistics User EXEC mode command displays GVRP error statistics. Syntax show gvrp error-statistics [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) •...
Page 438: Ip Igmp Snooping (Global)
4-416 host-time-out group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that multicast group. To return to the default configuration, use the no form of this command. ip igmp snooping Configures the mrouter-time-out.
Page 439: Ip Igmp Snooping (Interface)
IGMP snooping is disabled. Command Mode Global Configuration mode Command Usage IGMP snooping can only be enabled on static VLANs. It must not be enabled on Private VLANs or their community VLANs. Example The following example enables IGMP snooping. Console(config)# ip igmp snooping...
Page 440: Ip Igmp Snooping Host-Time-Out
If an IGMP report for a multicast group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that multicast group. To return to the default configuration, use the no form of this command.
Page 441: Ip Igmp Snooping Leave-Time-Out
IGMP Leave was received from a specific port, this port is deleted from the member list of that multicast group. To return to the default configuration, use the no form of this command.
Page 442: Ip Igmp Snooping Multicast-Tv
Command Line Interface Use immediate leave only where there is just one host connected to a port. Example The following example configures the host leave-time-out to 60 seconds. Console(config)# interface vlan 2 Console(config-if)# ip igmp snooping leave-time-out 60 Related Commands...
Page 443: Ip Igmp Snooping Querier Enable
The ip igmp snooping querier enable Interface Configuration (VLAN) mode command enables the Internet Group Management Protocol (IGMP) querier on a specific VLAN. Use the no form of this command to disable IGMP querier on a VLAN interface. Syntax...
Page 444: Ip Igmp Snooping Querier Version
Command Line Interface Parameters • ip-address — Source IP address Default Configuration If an IP address is configured for the VLAN, it would be used as the source address of the IGMP Snooping querier. Command Mode Interface Configuration (VLAN) mode...
Page 445: Show Ip Igmp Snooping Mrouter
IGMP Snooping Commands Example The following example configures IGMPv2 of the IGMP querier on VLAN ID 2. Console(config)# interface vlan 2 Console(config-if)# ip igmp snooping querier version 2 show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamically learned multicast device interfaces.
Page 446: Show Ip Igmp Snooping Interface
Command Line Interface ip igmp snooping leave-time-out show ip igmp snooping interface The show ip igmp snooping interface User EXEC mode command displays IGMP snooping configuration. Syntax show ip igmp snooping interface vlan-id Parameters • vlan-id — VLAN number. Default Setting This command has no default configuration.
Page 447 This command has no default configuration. Command Mode User EXEC mode Command Usage To see the full multicast address table (including static addresses) use the show bridge multicast address-table Privileged EXEC command. Example The following example shows IGMP snooping information on multicast groups.
Page 448: Ip Address
Displays the default domain name, a list of name server hosts, the 4-435 static and the cached list of host names and addresses. ip address The ip address Interface Configuration (Ethernet, VLAN, port-channel) mode command sets an IP address. To remove an IP address, use the no form of this command.
Page 449: Ip Address Dhcp
Parameters • host-name — Specifies the name of the host to be placed in the DHCP option 12 field. This name does not have to be the same as the host name specified in the hostname Global Configuration mode command.
Page 450: Ip Default-Gateway
If the device is configured to obtain its IP address from a DHCP server, it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network.
Page 451: Show Ip Interface
Console(config)# ip default-gateway 192.168.1.1 Related Commands ip address ip address dhcp show ip interface The show ip interface Privileged EXEC mode command displays the usability status of configured IP interfaces. Syntax show ip interface [ethernet interface-number | vlan vlan-id | port-channel port-channel number] Parameters •...
Page 452 {ethernet interface-number | vlan vlan-id | port-channel port-channel number} Parameters • ip_addr — Valid IP address or IP alias to map to the specified MAC address. • hw_addr — Valid MAC address to map to the specified IP address or IP alias.
Page 453: Arp Timeout
The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache. To return to the default configuration, use the no form of this command. Syntax arp timeout seconds...
Page 454: Clear Arp-Cache
The following example deletes all dynamic entries from the ARP cache. Console# clear arp-cache Related Commands arp timeout show arp The show arp Privileged EXEC mode command displays entries in the ARP table. Syntax show arp [ip-address ip-address] [mac-address mac-address] [ethernet interface | port-channel port-channel-number] Parameters •...
Page 455: Ip Domain-Lookup
The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation. To disable DNS-based host name-to-address translation, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup...
Page 456: Ip Domain-Name
The ip name-server Global Configuration mode command defines the available name servers. To remove a name server, use the no form of this command. Syntax ip name-server server-address [server-address2 … server-address8] no ip name-server [server-address1 … server-address8]...
Page 457 No name server addresses are specified. Command Mode Global Configuration mode Command Usage The preference of the servers is determined by the order in which they were entered. Up to 8 servers can be defined using one command or using multiple commands.
Page 458: Clear Host
Command Line Interface Command Usage There are no user guidelines for this command. Example The following example defines a static host name-to-address mapping in the host cache. Console(config)# ip host accounting.Alcatel.com 176.10.23.1 Related Commands ip domain-lookup ip domain-name ip name-server...
Page 459: Clear Host Dhcp
Related Commands ip host show hosts The show hosts Privileged EXEC mode command displays the default domain name, a list of name server hosts, the static and the cached list of host names and addresses. Syntax show hosts [name] Parameters •...
Page 460 Command Line Interface Command Usage There are no user guidelines for this command. Example The following example displays host information. Console# show hosts Host name: Device Default domain is gm.com, sales.gm.com, usa.sales.gm.com(DHCP) Name/address lookup is enable Name servers (Preference order): 176.16.1.18 176.16.1.19...
Page 461: Lacp Commands
Displays LACP information for a port-channel. 4-441 port-channel lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. To return to the default configuration, use the no form of this command. Syntax lacp system-priority value no lacp system-priority Parameters •...
Page 462: Lacp Port-Priority
Command Line Interface lacp port-priority The lacp port-priority Interface Configuration (Ethernet) mode command configures physical port priority. To return to the default configuration, use the no form of this command. Syntax lacp port-priority value no lacp port-priority Parameters • value — Specifies port priority. (Range: 1 - 65535) Default Setting The default port priority is 1.
Page 463: Show Lacp Ethernet
Command Mode Interface Configuration (Ethernet) mode Command Usage There are no user guidelines for this command. Example The following example assigns a long administrative LACP timeout to Ethernet port 1/e6. Console(config)# interface ethernet 1/e6 Console(config-if)# lacp timeout long Related Commands...
Page 464: Command Line Interface
Oper number: port Admin priority: port Oper priority: port Oper timeout: LONG LACP Activity: PASSIVE Aggregation: AGGREGATABLE synchronization: FALSE collecting: FALSE distributing: FALSE expired: FALSE Port 1/e1 LACP Statistics: LACP PDUs sent: LACP PDUs received: Port 1/e1 LACP Protocol State:...
Page 465: Show Lacp Port-Channel
Related Commands lacp port-priority lacp timeout show lacp port-channel show lacp port-channel The show lacp port-channel Privileged EXEC mode command displays LACP information for a port-channel. Syntax show lacp port-channel [port_channel_number] Parameters • port_channel_number — Valid port-channel number.
Page 466 Command Line Interface Example The following example displays LACP information about port-channel 1. Console# show lacp port-channel 1 Port-Channel 1 Port Type 1000 Ethernet Actor System Priority: MAC Address: 00:02:85:0E:1C:00 Admin Key: Oper Key: Partner System Priority: MAC Address: 00:00:00:00:00:00...
Page 467: Line Commands
Identifies a specific line for configuration and enters the Line 4-443 Configuration command mode. speed Sets the line baud rate. To return to the default configuration, use 4-444 the no form of the command. autobaud Sets the line for automatic baud rate detection (autobaud). To...
Page 468: Speed
Console(config)# line telnet Console(config-line)# Related Commands show line speed The speed Line Configuration mode command sets the line baud rate. To return to the default configuration, use the no form of the command. Syntax speed bps no speed Parameters •...
Page 469: Autobaud
Related Commands show line exec-timeout The exec-timeout Line Configuration mode command sets the interval that the system waits until user input is detected. To return to the default configuration, use the no form of this command. Syntax exec-timeout minutes [seconds]...
Page 470: History
The history size Line Configuration mode command configures the command history buffer size for a particular line. To reset the command history buffer size to the default configuration, use the no form of this command.
Page 471: Terminal History
To configure the command history buffer size for the current terminal session, use the terminal history size User EXEC mode command. Example The following example changes the command history buffer size to 100 entries for a particular line. Console(config-line)# history size 100...
Page 472: Terminal History Size
The terminal history size user EXEC command configures the command history buffer size for the current terminal session. To reset the command history buffer size to the default setting, use the no form of this command. Syntax...
Page 473: Show Line
• console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Setting If the line is not specified, the default value is console.
Page 474 Command Line Interface Related Commands line speed autobaud exec-timeout history history size terminal historyterminal history size...
Page 475: Loopback Detection Commands
Displays information about loopback detection. 4-454 loopback-detection loopback-detection enable The loopback-detection enable Global Configuration mode command enables the Loopback Detection feature globally. Use the no form of this command to disable the Loopback Detection feature. Syntax loopback-detection enable no loopback-detection enable Default Setting Loopback detection is disabled.
Page 476: Loopback-Detection Enable
The loopback-detection enable Interface Configuration mode command enables the Loopback Detection feature on an interface. Use the no form of this command to disable the Loopback Detection feature on an interface. Syntax loopback-detection enable...
Page 477: Loopback-Detection Mode
The loopback-detection mode Global Configuration mode command configures the destination address for Loopback Detection packets. Use the no form of this command to reset the Loopback Detection mode to its default value. Syntax loopback-detection mode [src-mac-addr | base-mac-addr]...
Page 478: Show Loopback-Detection
Command Line Interface no loopback-detection interval Parameters • seconds — Specifies the number of seconds between Loopback Detection packets (Range: 30-60). Default Setting The default interval between Loopback Detection packets is 30 seconds. Command Mode Global Configuration mode Command Usage This command is not relevant for stp-bpdu.
Page 479 Enabled Enabled Enabled Enabled Disabled Disabled Disabled Disabled The following table describes the fields shown in the display: Field Description Interface Interface number Loopback Detection Specifies the user's configuration of the Loopback Detection Admin feature on the interface. The possible values are Enabled or Disabled.
Page 480: Management Acl Commands
The management access-list Global Configuration mode command configures a management access list and enters the Management Access-list Configuration command mode. To delete an access list, use the no form of this command. Syntax management access-list name no management access-list name Parameters •...
Page 481: Permit (Management)
Management ACL Commands If you reenter an access list context, the new rules are entered at the end of the access list. Use the management access-class command to select the active access list. The active management list cannot be updated or removed.
Page 482: Deny (Management)
• mask — A valid network mask of the source IP address. • prefix-length — Number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32) • service — Service type. Possible values are: telnet, ssh, http, https and snmp.
Page 483: Management Access-Class
• ip-address — A valid source IP address. • mask — A valid network mask of the source IP address. • prefix-length — Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/).
Page 484: Show Management Access-List
Command Line Interface Parameters • console-only — Indicates that the device can be managed only from the console. • name — Specifies the name of the access list to be used. (Range: 1-32 characters) If no access list is specified, an empty access list is used.
Page 485: Show Management Access-Class
Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays information about the active management access list. Console# show management access-class Management access-class is enabled, using access list mlist Related Commands...
Page 486: Phy Diagnostics Commands
Privileged EXEC mode Command Usage The port to be tested should be shut down during the test, unless it is a combination port with fiber port active. The maximum length of the cable for the TDR test is 120 meter.
Page 487: Show Copper-Ports Tdr
This command has no default configuration. Command Mode User EXEC mode Command Usage The maximum length of the cable for the TDR test is 120 meter. Example The following example displays information on the last TDR test performed on all copper ports.
Page 488: Show Fiber-Ports Optical-Transceiver
This command has no default configuration. Command Mode User EXEC mode Command Usage The port must be active and working in 100M or 1000M mode. Example The following example displays the estimated copper cable length attached to all ports. Console> show copper-ports cable-length...
Page 489 Output Power – Measured TX output power. Input Power – Measured RX received power. Tx Fault – Transmitter fault – Loss of signal N/A - Not Available, N/S - Not Supported, W - Warning, E - Error Console# show fiber-ports optical-transceiver detailed Port Temp Voltage Current...
Page 490: Port Channel Commands
This command has no default configuration. Command Mode Global Configuration mode Command Usage Eight aggregated links can be defined with up to eight member ports per port-channel. The aggregated links’ valid IDs are 1-8. Example The following example enters the context of port-channel number 1.
Page 491: Channel-Group
Related Commands show interfaces port-channel channel-group The channel-group Interface Configuration (Ethernet) mode command associates a port with a port-channel. To remove a port from a port-channel, use the no form of this command. Syntax channel-group port-channel-number mode {on | auto}...
Page 492: Show Interfaces Port-Channel
Command Line Interface Command Usage There are no user guidelines for this command. Example The following example forces port 1/e1 to join port-channel 1 without an LACP operation. Console(config)# interface ethernet 1/e1 Console(config-if)# channel-group 1 mode on Related Commands show interfaces port-channel...
Page 493: Port Monitor
• An IP interface is not configured on the port. • GVRP is not enabled on the port. • The port is not a member of a VLAN, except for the default VLAN (will automatically be removed from the default VLAN).
Page 494: Show Ports Monitor
Command Line Interface Example The following example copies traffic on port 1/e8 (source port) to port 1/e1 (destination port). Console(config)# interface ethernet 1/e1 Console(config-if)# port monitor 1/e8 Related Commands show ports monitor show ports monitor show ports monitor The show ports monitor User EXEC mode command displays the port monitoring status.
Page 495: Power Inline
Syntax power inline {auto | never} Parameters • auto — Enables the device discovery protocol and, if found, supplies power to the device. • never — Disables the device discovery protocol and stops supplying power to the device.
Page 496: Power Inline Powered-Device
The power inline powered-device Interface Configuration (Ethernet) mode command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface. To remove the description, use the no form of this command.
Page 497: Power Inline Priority
Power over Ethernet Commands power inline priority The power inline priority Interface Configuration (Ethernet) mode command configures the inline power management priority of the interface. To return to the default configuration, use the no form of this command. Syntax power inline priority...
Page 498: Power Inline Traps Enable
The power inline traps enable Global Configuration mode command enables inline power traps. To disable inline power traps, use the no form of this command. Syntax power inline traps enable no power inline traps Default Setting Inline power traps are disabled.
Page 499: Show Power Inline
Power over Ethernet Commands Related Commands show power inline show power inline The show power inline User EXEC mode command displays the information about inline power. Syntax show power inline [ethernet interface] Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) Default Setting This command has no default configuration.
Page 500 Powered Device Description of the powered device type. State Indicates if the port is enabled to provide power. Can be: Auto or Never. Priority The priority of the port from the point of view of inline power management. Can be: Critical, High or Low.
Page 501 Power over Ethernet Commands Related Commands power inline power inline powered-device power inline priority power inline usage-threshold power inline traps enable...
Page 502: Qos Commands
Displays the quality of service (QoS) mode for the device. 4-480 class-map Creates or modifies a class map and enters the Class-map 4-480 Configuration mode. To delete a class map, use the no form of this command. show class-map Displays all class maps. 4-481 match Defines the match criteria for classifying traffic.
Page 503 Displays the QoS mapping information. 4-504 The qos Global Configuration mode command enables quality of service (QoS) on the device. To disable QoS on the device, use the no form of this command. Syntax qos [basic | advanced] no qos Parameters •...
Page 504: Show Qos
Basic tust: dscp Related Commands class-map The create-map Global Configuration mode command creates or modifies a class map and enters the Class-map Configuration mode. To delete a class map, use the no form of this command. Syntax class-map class-map-name [match-all | match-any]...
Page 505: Show Class-Map
ACLs, an error message is generated. Note: A class map in match-all mode cannot be configured if it contains both an IP ACL and a MAC ACL with an ether type that is not 0x0800.
Page 506: Match
Match Ip dscp 11 21 Related Commands class-map match The match Class-map Configuration mode command defines the match criteria for classifying traffic. To delete the match criteria, use the no form of this command. Syntax match access-group acl-name no match access-group acl-name Parameters •...
Page 507: Policy-Map
• policy-map-name — Specifies the name of the policy map. Default Setting If the packet is an IP packet, the DCSP value of the policy map is 0. If the packet is tagged, the CoS value is 0. Command Mode...
Page 508: Rate-Limit
Policy-map Configuration mode Command Usage Before modifying a policy for an existing class or creating a policy for a new class, use the policy-map Global Configuration mode command to specify the name of the policy map to which the policy belongs and to enter the Policy-map Configuration mode.
Page 509: Rate-Limit (Vlan)
Traffic policing in a policy map have precedence over VLAN rate limiting. I.e. if a packet is subject to traffic policing in a policy map and is associated with a VLAN that is rate limited, the packet would be counted only in the traffic policing of the policy map.
Page 510: Trust Cos-Dscp
Syntax trust cos-dscp no trust cos-dscp Default Setting The port is not in the trust mode. If the port is in trust mode, the internal DSCP value is derived from the ingress packet. Command Mode Policy-map Class Configuration mode...
Page 511 QoS Commands Command Usage Action serviced to a class, so that if an IP packet arrives, the queue is assigned per DSCP. If a non-IP packet arrives, the queue is assigned per CoS (VPT). Example The following example configures the trust state for a class called class1 in a policy map called policy1.
Page 512: Police
GE ports. The command does not function on an FE port. Example The following example sets the dscp value in the packet to 56 for classes in the policy map called policy1. Console (config)# policy-map policy1...
Page 513: Service-Policy
The following example defines a policer for classified traffic. When the traffic rate exceeds 124,000 bps or the normal burst size exceeds 96000 bps, the packet is dropped. The class is called class1 and is in a policy map called policy1.
Page 514 This policer can also be used in Cascade police to make a cascade policer. An aggregate policer cannot be deleted if it is being used in a policy map. The no police aggregate Policy-map Class Configuration command must first be used to delete the aggregate policer from all policy maps.
Page 515: Show Qos Aggregate-Policer
QoS Commands exceeds 124,000 bps or the normal burst size exceeds 96000 bps, the packet is dropped. Console (config)# qos aggregate-policer policer1 124000 96000 exceed-action drop Related Commands police show qos aggregate-policer police aggregate show qos aggregate-policer The show qos aggregate-policer User EXEC mode command displays the aggregate policer parameter.
Page 516: Police Aggregate
The police aggregate Policy-map Class Configuration mode command applies an aggregate policer to multiple classes within the same policy map. To remove an existing aggregate policer from a policy map, use the no form of this command. Syntax police aggregate aggregate-policer-name...
Page 517: Priority-Queue Out Num-Of-Queues
Weighted Round Robin (WRR) and Weighted Random Early Detection (WRED) parameters. It is recommended to specifically map a single VPT to a queue, rather than mapping multiple VPTs to a single queue. Use the priority-queue out Interface Configuration (Ethernet, Port-channel) mode command to enable expedite queues.
Page 518: Traffic-Shape
Console(config)# priority-queue out num-of-queues 0 Related Commands wrr-queue cos-map traffic-shape The traffic-shape Interface Configuration (Ethernet, port-channel) mode command configures the shaper of the egress port. To disable the shaper, use the no form of this command. Syntax traffic-shape {committed-rate committed-burst} no traffic-shape Parameters •...
Page 519: Show Qos Interface
• shapers — Display quality of service (QoS) shapers information at the interface level. • rate limit — Display quality of service (QoS) rate-limit information at the interface level. • ethernet interface-number — Specify port for which QoS information will be displayed.
Page 520 Command Line Interface Notify Q depth Size Threshold Prob Prob Prob Weight...
Page 521: Qos Wrr-Queue Threshold
0 is exceeded, packets with the corresponding DP are dropped until the threshold is no longer exceeded. However, packets assigned to threshold 1 or 2 continue to be queued and sent as long as the second or third threshold is not exceeded.
Page 522: Qos Map Dscp-Dp
Command Line Interface qos map dscp-dp Use the qos map dscp-dp Global Configuration mode command to map DSCP to Drop Precedence. To return to the default setting, use the no form of this command. Syntax qos map dscp-dp dscp-list to dp...
Page 523: Qos Map Dscp-Queue
The qos map dscp-queue Global Configuration mode command modifies the DSCP to CoS map. To return to the default map, use the no form of this command. Syntax qos map dscp-queue dscp-list to queue-id...
Page 524: Qos Trust (Global)
(Global) The qos trust Global Configuration mode command configures the system to the basic mode and trust state. To return to the untrusted state, use the no form of this command. Syntax qos trust {cos | dscp}...
Page 525: Qos Trust (Interface)
Console(config-if) qos trust 3 qos cos The qos cos Interface Configuration (Ethernet, port-channel) mode command defines the default CoS value of a port. To return to the default configuration, use the no form of this command. Syntax qos cos default-cos Parameters •...
Page 526: Qos Dscp-Mutation
Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage If the port is trusted, the default CoS value of the port is used to assign a CoS value to all untagged packets entering the port. Example The following example configures port 1/e15 default CoS value to 3.
Page 527: Qos Map Dscp-Mutation
Command Mode Global Configuration mode. Command Usage This is the only map that is not globally configured. it is possible to have several maps and assign each one to different ports. Example The following example changes DSCP values 1, 2, 4, 5 and 6 to DSCP mutation...
Page 528: Show Qos Map
Powered Device Description of the powered device type. State Indicates if the port is enabled to provide power. Can be: Auto or Never. Priority The priority of the port from the point of view of inline power management. Can be: Critical, High or Low.
Page 529 • policed-dscp — Displays the DSCP to DSCP remark table. • dscp-mutation — Displays the DSCP-DSCP mutation table. • service-type-cos — Displays the Service type to CoS map (Service mode only). • service-type-dscp — Displays the Service type to DSCP map (Service mode only).
Page 530 Dscp-queue map: d1 : d2 0 ------------------------------------ 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 03 03 03 03 03 03 03...
Page 531: Radius Commands
4-513 radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. To delete the specified RADIUS host, use the no form of this command. Syntax radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retries] [deadtime deadtime] [key key-string]...
Page 532 0.0.0.0 is interpreted as request to use the IP address of the outgoing IP interface. • priority — Determines the order in which servers are used, where 0 has the highest priority. (Range: 0-65535) • type — Specifies the usage type of the server. Possible values are: login, dot.1x or all.
Page 533: Radius-Server Key
The radius-server key Global Configuration mode command sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon. To return to the default configuration, use the no form of this command. Syntax...
Page 534: Radius-Server Retransmit
Command Line Interface radius-server retransmit The radius-server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts. To reset the default configuration, use the no form of this command. Syntax radius-server retransmit retries...
Page 535: Radius-Server Timeout
The radius-server timeout Global Configuration mode command sets the interval during which the device waits for a server host to reply. To return to the default configuration, use the no form of this command. Syntax radius-server timeout timeout...
Page 536: Radius-Server Deadtime
Syntax radius-server deadtime deadtime no radius-server deadtime Parameters • deadtime — Length of time in minutes during which a RADIUS server is skipped over by transaction requests. (Range: 0 - 2000) Default Setting The deadtime setting is 0. Command Mode...
Page 537: Show Radius-Servers
RADIUS Commands radius-server key radius-server retransmit radius-server source-ip radius-server timeout show radius-servers show radius-servers The show radius-servers Privileged EXEC mode command displays the RADIUS server settings. Syntax show radius-servers Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.
Page 538 Command Line Interface Related Commands radius-server host radius-server key radius-server retransmit radius-server source-ip radius-server timeout radius-server deadtime...
Page 539: Rmon Commands
Displays the alarms table. 4-523 alarm-table show rmon alarm Displays alarm configuration. 4-524 rmon event Configures an event. To remove an event, use the no form of this 4-526 command. show rmon events Displays the RMON event table. 4-526 show rmon log Displays the RMON log table.
Page 540 The total number of packets received less than 64 octets in length (excluding framing bits but including FCS octets) and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Page 541: Rmon Collection History
The total number of packets received longer than 1632 octets (excluding framing bits, but including FCS octets), and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Page 542: Show Rmon Collection History
Cannot be configured for a range of interfaces (range context). Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on Ethernet port 1/e1 with index number 1 and a polling interval period of 2400 seconds. Console(config)# interface ethernet 1/e1...
Page 543: Show Rmon History
Syntax show rmon history index {throughput | errors | other} [period seconds] Parameters • index — Specifies the requested set of samples. (Range: 1 - 65535) • throughput — Indicates throughput counters. • errors — Indicates error counters. • other — Indicates drop and collision counters.
Page 544 Command Line Interface Examples The following examples display RMON Ethernet history statistics for index 1. Console> show rmon history 1 throughput Sample Set: 1 Owner: CLI Interface: 1/e1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500...
Page 545 Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval.
Page 546: Rmon Alarm
Command Line Interface Dropped The total number of events in which packets were dropped by the probe due to lack of resources during this sampling interval. This number is not necessarily the number of packets dropped, it is just the number of times this condition has been detected.
Page 547: Show Rmon Alarm-Table
• name — Specifies the name of the person who configured this alarm. If unspecified, the name is an empty string.
Page 548: Show Rmon Alarm
The entity that configured this entry. Related Commands rmon alarm show rmon alarm show rmon alarm The show rmon alarm User EXEC mode command displays alarm configuration. Syntax show rmon alarm number Parameters • number — Specifies the alarm index. (Range: 1 - 65535) Default Setting This command has no default configuration.
Page 549 Startup Alarm The alarm that may be sent when this entry is first set. If the first sample is greater than or equal to the rising threshold, and startup alarm is equal to rising or rising and falling, then a single rising alarm is generated.
Page 550: Rmon Event
Command Mode Global Configuration mode Command Usage If log is specified as the notification type, an entry is made in the log table for each event. If trap is specified, an SNMP trap is sent to one or more management stations.
Page 551: Show Rmon Log
The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event. In the case of trap, an SNMP trap is sent to one or more management stations.
Page 552: Rmon Table-Size
Related Commands rmon alarm rmon table-size The rmon table-size Global Configuration mode command configures the maximum size of RMON tables. To return to the default configuration, use the no form of this command. Syntax rmon table-size {history entries | log entries}...
Page 553 RMON Commands Parameters • history entries — Maximum number of history table entries. (Range: 20-32767) • log entries — Maximum number of log table entries. (Range: 20-32767) Default Setting History table size is 270. Log table size is 200. Command Mode...
Page 554: Snmp Commands
Defines the SNMP MIB value. 4-543 show snmp Displays the SNMP status. 4-543 show snmp engineid Displays the ID of the local Simple Network Management Protocol 4-545 (SNMP) engine. show snmp views Displays the configuration of views. 4-546 show snmp groups Displays the configuration of groups.
Page 555: Snmp-Server Community
SNMP Commands snmp-server community The snmp-server community Global Configuration mode command configures the community access string to permit access to the SNMP protocol. To remove the specified community string, use the no form of this command. Syntax snmp-server community community [ro | rw | su] [ipv4 address] [mask |...
Page 556: Snmp-Server View
Command Line Interface The group-name parameter can also be used to restrict the access rights of a community string. When it is specified: • An internal security name is generated. • The internal security name for SNMPv1 and SNMPv2 security models is mapped to the group name.
Page 557: Snmp-Server Group
• priv — Indicates authentication of a packet with encryption. Applicable only to the SNMP Version 3 security model. • readview — Specifies a string that is the name of the view that enables only viewing the contents of the agent. If unspecified, all objects except for the community-table and SNMPv3 user and access tables are available.
Page 558: Snmp-Server User
There are no user guidelines for this command. Example The following example attaches a group called user-group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view called user-view. Console(config)# snmp-server group user-group v3 priv read user-view...
Page 559 When a show running-config Privileged EXEC mode command is entered, a line for this user will not be displayed. To see if this user has been added to the configuration, type the show snmp users Privileged EXEC mode command.
Page 560: Snmp-Server Engineid Local
If SNMPv3 is enabled using this command, and the default is specified, the default engine ID is defined per standard as: • First 4 octets — first bit = 1, the rest is IANA Enterprise number = 674. • Fifth octet — set to 3 to indicate the MAC address that follows.
Page 561: Snmp-Server Enable Traps
ID. The user’s command line password is then destroyed, as required by RFC 2274. As a result, the security digests of SNMPv3 users become invalid if the local value of the engine ID change, and the users will have to be reconfigured.
Page 562: Snmp-Server Filter
Example The following example creates a filter that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group. Console(config)# snmp-server filter filter-name system included Console(config)# snmp-server filter filter-name system.7 excluded Console(config)# snmp-server filter filter-name ifEntry.*.1 included...
Page 563 • 1 — Indicates that SNMPv1 traps will be used. • 2 — Indicates that SNMPv2 traps will be used. If • port — Specifies the UDP port of the host to use. If unspecified, the default UDP port number is 162. (Range:1-65535) •...
Page 564: Snmp-Server V3-Host
• auth — Indicates authentication of a packet without encrypting it. • priv — Indicates authentication of a packet with encryption. • port — Specifies the UDP port of the host to use. If unspecified, the default UDP port number is 162. (Range: 1-65535) •...
Page 565: Snmp-Server Trap Authentication
The snmp-server trap authentication Global Configuration mode command enables the device to send SNMP traps when authentication fails. To disable SNMP failed authentication traps, use the no form of this command. Syntax snmp-server trap authentication...
Page 566: Snmp-Server Location
This command has no default configuration. Command Mode Global Configuration mode Command Usage Do not include spaces in the text string or place text that includes spaces inside quotation marks. Example The following example configures the system contact point called Alcatel Technical Support.
Page 567: Snmp-Server Set
• name value — List of name and value pairs. In the case of scalar MIBs, only a single pair of name values. In the case of an entry in a table, at least one pair of name and value followed by one or more fields.
Page 568 Command Line Interface Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the SNMP communications status. Console# show snmp Community-String Community-Access...
Page 569: Show Snmp Engineid
The show snmp engineID Privileged EXEC mode command displays the ID of the local Simple Network Management Protocol (SNMP) engine. Syntax show snmp engineID Default Setting This command has no default configuration.
Page 570: Show Snmp Views
Console# show snmp engineID Local SNMP engineID: 08009009020C0B099C075878 Related Commands snmp-server engineID local show snmp views The show snmp views Privileged EXEC mode command displays the configuration of views. Syntax show snmp views [viewname] Parameters • viewname — Specifies the name of the view. (Range: 1-30) Default Setting This command has no default configuration.
Page 571: Show Snmp Groups
Related Commands snmp-server view show snmp groups The show snmp groups Privileged EXEC mode command displays the configuration of groups. Syntax show snmp groups [groupname] Parameters • groupname—Specifies the name of the group. (Range: 1-30) Default Setting This command has no default configuration.
Page 572: Show Snmp Filters
Authentication of a packet with encryption. Applicable only to the SNMP v3 security model. Views Read Name of the view that enables only viewing the contents of the agent. If unspecified, all objects except the community-table and SNMPv3 user and access tables are available. Write Name of the view that enables entering data and managing the contents of the agent.
Page 573: Show Snmp Users
1.3.6.1.2.1.2.2.1.*.1 Included Related Commands snmp-server filter show snmp users The show snmp users Privileged EXEC mode command displays the configuration of users. Syntax show snmp users [username] Parameters • username—Specifies the name of the user. (Range: 1-30) Default Setting This command has no default configuration.
Page 574: Spanning-Tree Commands
4-556 disable on a port, use the no form of this command. spanning-tree cost Configures the spanning tree path cost for a port. To return to the 4-557 default configuration, use the no form of this command. spanning-tree Configures port priority. To return to the default configuration, use...
Page 575: Spanning-Tree
Configures the number of hops in an MST region before the BPDU 4-564 max-hops is discarded and the port information is aged out. To return to the default configuration, use the no form of this command. spanning-tree mst Configures port priority for the specified MST instance. To return...
Page 576: Spanning-Tree Mode
The spanning-tree mode Global Configuration mode command configures the spanning-tree protocol. To return to the default configuration, use the no form of this command. Syntax spanning-tree mode {stp | rstp | mstp} no spanning-tree mode Parameters •...
Page 577: Spanning-Tree Forward-Time
The spanning-tree forward-time Global Configuration mode command configures the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. To return to the default configuration, use the no form of this command.
Page 578: Spanning-Tree Hello-Time
The spanning-tree hello-time Global Configuration mode command configures the spanning tree bridge hello time, which is how often the device broadcasts hello messages to other devices.To return to the default configuration, use the no form of this command. Syntax...
Page 579: Spanning-Tree Max-Age
The spanning-tree max-age Global Configuration mode command configures the spanning tree bridge maximum age. To return to the default configuration, use the no form of this command. Syntax spanning-tree max-age seconds no spanning-tree max-age Parameters •...
Page 580: Spanning-Tree Priority
The spanning-tree disable Interface Configuration mode command disables spanning tree on a specific port. To enable spanning tree on a port, use the no form of this command.
Page 581: Spanning-Tree Cost
The spanning-tree cost Interface Configuration mode command configures the spanning tree path cost for a port. To return to the default configuration, use the no form of this command. Syntax spanning-tree cost cost no spanning-tree cost Parameters •...
Page 582: Spanning-Tree Port-Priority
The spanning-tree port-priority Interface Configuration mode command configures port priority. To return to the default configuration, use the no form of this command. Syntax spanning-tree port-priority priority...
Page 583: Spanning-Tree Portfast
Spanning-Tree Commands no spanning-tree port-priority Parameters • priority — The priority of the port. (Range: 0 - 240 in multiples of 16) Default Setting The default port priority for IEEE Spanning TreeProtocol (STP) is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines for this command.
Page 584: Spanning-Tree Link-Type
The spanning-tree link-type Interface Configuration mode command overrides the default link-type setting determined by the duplex mode of the port and enables Rapid Spanning Tree Protocol (RSTP) transitions to the forwarding state. To return to the default configuration, use the no form of this command.
Page 585: Spanning-Tree Pathcost Method
The spanning-tree pathcost method Global Configuration mode command sets the default path cost method. To return to the default configuration, use the no form of this command. Syntax spanning-tree pathcost method {long | short}...
Page 586: Spanning-Tree Bpdu
• bridging — When Spanning Tree is globally disabled, untagged or tagged BPDU packets are flooded, and are subject to ingress and egress VLAN rules. This mode is not relevant if Spanning Tree is disabled only on a group of ports.
Page 587: Clear Spanning-Tree Detected-Protocols
This command has no default configuration. Command Modes Privileged EXEC mode Command Usage This feature should be used only when working in RSTP or MSTP mode. Example The following example restarts the protocol migration process on Ethernet port 1/ e11.
Page 588: Spanning-Tree Mst Max-Hops
The spanning-tree mst priority Global Configuration mode command configures the number of hops in an MST region before the BPDU is discarded and the port information is aged out. To return to the default configuration, use the no form of this command.
Page 589: Spanning-Tree Mst Port-Priority
Spanning-Tree Commands Parameters • hop-count — Number of hops in an MST region before the BPDU is discarded. (Range: 1-40) Default Setting The default number of hops is 20. Command Mode Global Configuration mode Command Usage There are no user guidelines for this command.
Page 590: Spanning-Tree Mst Cost
Command Line Interface (Range: 1-Product Specific upper limit) • priority — The port priority. (Range: 0 - 240 in multiples of 16) Default Setting The default port priority for IEEE Multiple Spanning Tree Protocol (MSTP) is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines for this command.
Page 591 Command Usage There are no user guidelines for this command. Example The following example configures the MSTP instance 1 path cost for Ethernet port 1/ e9 to 4. Console(config) # interface ethernet 1/e9 Console(config-if) # spanning-tree mst 1 cost 4...
Page 592: Spanning-Tree Mst Configuration
Command Line Interface spanning-tree mst configuration The spanning-tree mst configuration Global Configuration mode command enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode. Syntax spanning-tree mst configuration Default Setting This command has no default configuration. Command Mode...
Page 593 (CIST) instance (instance 0) and cannot be unmapped from the CIST. For two or more devices to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name.
Page 594: Name (Mst)
(mst) revision (mst) show (mst) exit (mst) abort (mst) show spanning-tree revision (mst) The revision MST Configuration mode command defines the configuration revision number. To return to the default configuration, use the no form of this command.
Page 595: Show (Mst)
(mst) name (mst) show (mst) exit (mst) abort (mst) show spanning-tree show (mst) The show MST Configuration mode command displays the current or pending MST region configuration. Syntax show {current | pending}...
Page 596 This command has no default configuration. Command Mode MST Configuration mode Command Usage The pending MST region configuration takes effect only after exiting the MST configuration mode. Example The following example displays a pending MST region configuration. Console(config-mst)# show pending Gathering information ..
Page 597: Exit (Mst)
Spanning-Tree Commands exit (mst) The exit MST Configuration mode command exits the MST configuration mode and applies all configuration changes. Syntax exit Default Setting This command has no default configuration. Command Mode MST Configuration mode Command Usage There are no user guidelines for this command.
Page 598: Spanning-Tree Guard Root
Root guard prevents the interface from becoming the root port of the device. To disable root guard on the interface, use the no form of this command.
Page 599: Spanning-Tree Bpduguard
When root guard is enabled, the port changes to the alternate state if spanning-tree calculations selects the port as the root port. Example The following example prevents Ethernet port 1/g1 from being the root port of the device. Console(config) # interface ethernet 1/g1...
Page 600: Show Dot1X Bpdu
802.1X is enabled on the ingress port, or discarded in all other cases. This feature enables to bridge 802.1X BPDUs packets as data packets. The feature can be enabled only when 802.1X is globally disabled (by the no dot1x system-auth-control Global Configuration command). If the port is disabled for 802.1X but 802.1X is enabled globally, 802.1X BPDUs would...
Page 601: Show Spanning-Tree
• active — Indicates active ports only. • blockedports — Indicates blocked ports only. • mst-configuration — Indicates the MST configuration identifier. • instance-id — Specifies the ID of the spanning tree instance (The range lower limit is 0. The upper limit is product-specific). Default Setting This command has no default configuration.
Page 602 20000 ALTN Shared (STP) 1/e5 Enabled 128.5 20000 Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 36864 Address 00:02:4b:29:7a:00 This switch is the root. Hello Time 2 sec Max Age 20 sec...
Page 603 Spanning-Tree Commands Console# show spanning-tree Spanning tree disabled (BPDU filtering) mode RSTP Default port cost method: long Root ID Priority Address Path Cost Root Port Hello Time N/A Max Age N/A Forward Delay N/A Bridge Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec...
Page 604 Command Line Interface Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1/e1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec...
Page 605 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/e1) enabled...
Page 606 Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (1/e2) enabled State: Forwarding Role: Designated Port id: 128.2...
Page 607 Port Fast: N/A (configured:no) Designated bridge Priority: N/A Address: N/A Designated port id: N/A Designated path cost: N/A Number of transitions to forwarding state: N/A BPDU: sent N/A, received N/A Console# show spanning-tree ethernet 1/e1 Port 1 (1/e1) enabled State: Forwarding Role: Root Port id: 128.1...
Page 608 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1/e1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:29:7a:00 This switch is the IST master. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec...
Page 609 Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:29:7a:00 This switch is the IST master. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops Number of topology changes 2 last change occurred 2d18h ago...
Page 610 Command Line Interface Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/e1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) Boundary RSTP Port Fast: No (configured:no)
Page 611 Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/e1) enabled State: Forwarding Role: Boundary Port id: 128.1...
Page 612 Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1/e1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec...
Page 613 ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 This switch is root for CST and IST master. Root Port 1 (1/e1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops...
Page 614 Command Line Interface spanning-tree port-priority spanning-tree portfast spanning-tree link-type spanning-tree pathcost method spanning-tree bpdu clear spanning-tree detected-protocols spanning-tree mst priority spanning-tree mst max-hops spanning-tree mst port-priority spanning-tree mst cost spanning-tree mst configuration instance (mst) name (mst) revision (mst) show (mst)
Page 615: Ssh Commands
The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. To return to the default configuration, use the no form of this command. Syntax ip ssh port port-number...
Page 616: Ip Ssh Server
Command Line Interface Command Usage There are no user guidelines for this command. Example The following example specifies the port to be used by the SSH server as 8080. Console(config)# ip ssh port 8080 Related Commands ip ssh server show ip ssh...
Page 617: Crypto Key Generate Rsa
Command Usage DSA keys are generated in pairs: one public DSA key and one private DSA key. If the device already has DSA keys, a warning and prompt to replace the existing keys with new keys are displayed. This command is not saved in the device configuration; however, the keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up on another device.
Page 618: Ip Ssh Pubkey-Auth
Command Usage RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys are displayed. This command is not saved in the device configuration; however, the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another device.
Page 619: Crypto Key Pubkey-Chain Ssh
The crypto key pubkey-chain ssh Global Configuration mode command enters the SSH Public Key-chain Configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys. Syntax...
Page 620: User-Key
The user-key SSH Public Key-string Configuration mode command specifies which SSH public key is manually configured. To remove an SSH public key, use the no form of this command. Syntax user-key username {rsa | dsa}...
Page 621: Key-String
Follow this command with the key-string SSH Public Key-String Configuration mode command to specify the key. Example The following example enables manually configuring an SSH public key for SSH public key-chain bob. Console(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key bob rsa...
Page 622 Use the key-string row SSH Public Key-string Configuration mode command to specify the SSH public key row by row. Each row must begin with a key-string row command. This command is useful for configuration files.
Page 623: Show Crypto Key Mypubkey
Authentication Code (HMAC-MD5, HMAC-SHA1) Related Commands ip ssh port ip ssh server show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command displays the SSH public keys on the device. Syntax show crypto key mypubkey [rsa | dsa]...
Page 624: Show Crypto Key Pubkey-Chain Ssh
Command Usage There are no user guidelines for this command. Example The following example displays the SSH public RSA keys on the device. Console# show crypto key mypubkey rsa rsa key data: ssh-rsa 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B...
Page 625 This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Examples The following examples display SSH public keys stored on the device. Console# show crypto key pubkey-chain ssh Username Fingerprint -------- -----------------------------------------------...
Page 626: Logging On
The logging on Global Configuration mode command controls error message logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. To disable the logging process, use the no form of this command.
Page 627: Logging
The logging Global Configuration mode command logs messages to a syslog server. To delete the syslog server with the specified address from the list of syslogs, use the no form of this command. Syntax logging {ip-address | hostname} [port port] [severity level] [facility facility]...
Page 628: Logging Console
Related Commands show logging logging console The logging console Global Configuration mode command limits messages logged to the console based on severity. To disable logging to the console, use the no form of this command. Syntax logging console level no logging console Parameters •...
Page 629: Logging Buffered
The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity. To cancel using the buffer, use the no form of this command. Syntax logging buffered level no logging buffered Parameters •...
Page 630: Logging Buffered Size
Command Line Interface logging buffered size The logging buffered size Global Configuration mode command changes the number of syslog messages stored in the internal buffer. To return to the default configuration, use the no form of this command. Syntax logging buffered size number...
Page 631: Logging File
The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity. To cancel using the buffer, use the no form of this command. Syntax logging file level...
Page 632: Clear Logging File
The aaa logging Global Configuration mode command enables logging AAA login events. To disable logging AAA login events, use the no form of this command. Syntax aaa logging login no aaa logging login Parameters •...
Page 633: File-System Logging
Console(config)# aaa logging login Related Commands show logging file-system logging The file-system logging Global Configuration mode command enables logging file system events. To disable logging file system events, use the no form of this command. Syntax file-system logging copy no file-system logging copy...
Page 634: Show Logging
Logging management ACL events is enabled. Command Mode Global Configuration mode Command Usage Other types of management ACL events are not subject to this command. Example The following example enables logging messages related to deny actions of management ACLs. Console(config)# management logging deny...
Page 635 Syslog Commands Example The following example displays the state of logging and the syslog messages stored in the internal buffer. Console# show logging Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max.
Page 636: Show Logging File
Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the logging state and the syslog messages stored in the logging file. Console# show logging file Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity).
Page 637: Logging Console
11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/2, changed state to up 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/3, changed state to up 11-Aug-2004 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2004 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up 11-Aug-2004 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface...
Page 638: Show Syslog-Servers
Command Line Interface file-system logging management logging show syslog-servers The show syslog-servers Privileged EXEC mode command displays the settings of the syslog servers. Syntax show syslog-servers Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.
Page 639: System Management Commands
• ip-address — IP address to ping. • hostname — Host name to ping. (Range: 1-158 characters) • packet_size — Number of bytes in a packet. The actual packet size is eight bytes larger than the specified size specified because the device adds...
Page 640 Command Line Interface • packet_count — Number of packets to send. If 0 is entered, it pings until stopped. (Range: 0-65535 packets) • time_out — Timeout in milliseconds to wait for each reply. (Range: 50 - 65535 milliseconds) Default Setting Default packet size is 56 bytes.
Page 641: Traceroute
• packet_count — The number of probes to be sent at each TTL level. (Range:1-10) • time_out — The number of seconds to wait for a response to a probe packet. (Range:1-60) • ip-address — One of the device’s interface addresses to use as a source address for the probes.
Page 642 (TTL) value. The traceroute command starts by sending probe datagrams with a TTL value of one. This causes the first device to discard the probe datagram and send back an error message. The traceroute command sends several probes at each TTL level and displays the round-trip time for each.
Page 643: Telnet
• ip-address — IP address of the destination host. • hostname — Host name of the destination host. (Range: 1-158 characters) • port — A decimal TCP port number, or one of the keywords listed in the Ports table in the Command Usage.
Page 644 At any time during an active Telnet session, Telnet commands can be listed by pressing the Ctrl-shift-6-? keys at the system prompt. A sample of this list follows. Note that the Ctrl-shift-6 sequence appears as ^^ on the screen. Console> ‘Ctrl-shift-6’ ?
Page 645 System Management Commands /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to-UNIX Copy Program (UUCP) and other non-Telnet protocols.
Page 646: Resume
World Wide Web This command lists concurrent telnet connections to remote hosts that were opened by the current telnet session to the local device. It does not list telnet connections to remote hosts that were opened by other telnet sessions.
Page 647: Reload
Do you want to continue (y/n) [n]? Related Commands telnet hostname The hostname Global Configuration mode command specifies or modifies the device host name. To remove the existing host name, use the no form of the command. Syntax hostname name no hostname Parameters •...
Page 648: Stack Master
Related Commands telnet stack master The stack master Global Configuration mode command enables forcing the selection of a stack master. To return to the default configuration, use the no form of this command. Syntax stack master unit unit no stack master Parameters •...
Page 649: Stack Reload
The stack display-order Global Configuration mode command configures the order of the units in the display. To return to the default configuration, use the no form of this command. Syntax stack display-order top unit bottom unit...
Page 650: Show Stack
Command Modes Global Configuration mode Command Usage If the units are not adjacent in ring or chain topology, the units are not at the edge and the default display order is used. Example This example displays unit 8 at the top of the display and unit 1 at the bottom.
Page 651 00:00:b0:87:12:11 1.0.0.0 Enabled Slave 00:00:b0:87:12:13 1.0.0.0 Enabled Master 00:00:b0:87:12:14 1.0.0.0 Slave 00:00:b0:87:12:15 1.0.0.0 Slave 00:00:b0:87:12:16 1.0.0.0 Slave Configured order: Unit 1 at Top, Unit 2 at bottom Console> show stack Unit Address Software Master Uplink Downlink Status ---- ----------------- -------- ------...
Page 652: Show Users
Command Line Interface Related Commands stack master stack reload stack display-order show users The show users User EXEC mode command displays information about the active users. Syntax show users Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.
Page 653: Show System
The following table describes significant fields shown above. Field Description Connection Connection number. Host Remote host to which the device is connected through a Telnet session. Address IP address of the remote host. Port Telnet TCP port number Byte Number of unread bytes for the user to see on the connection.
Page 654: Show Version
The show version User EXEC mode command displays system version information. Syntax show version [unit unit] Parameters • unit — Specifies the number of the unit. (Range: 1-6) Default Setting This command has no default configuration. Command Mode User EXEC mode...
Page 655: Service Cpu-Utilization
2.178 1.0.0 Related Commands service cpu-utilization service cpu-utilization The service cpu-utilization Global Configuration mode command enables measuring CPU utilization. To return to the default configuration, use the no form of this command. Syntax service cpu-utilization no service cpu-utilization Default Setting Disabled.
Page 656: Show Cpu Utilization
Command Line Interface Related Commands show cpu utilization show cpu utilization The show cpu utilization Privileged EXEC mode command displays information about CPU utilization. Syntax show cpu utilization Default Setting This command has no default configuration. Command Mode Privileged EXEC mode...
Page 657: Tacacs+ Commands
4-636 TACACS+ server. tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. To delete the specified name or address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source]...
Page 658: Tacacs-Server Key
The tacacs-server key Global Configuration mode command sets the authentication encryption key used for all TACACS+ communications between the device and the TACACS+ daemon. To disable the key, use the no form of this command. Syntax tacacs-server key key-string...
Page 659: Tacacs-Server Timeout
The tacacs-server timeout Global Configuration mode command sets the interval during which the device waits for a TACACS+ server to reply. To return to the default configuration, use the no form of this command. Syntax tacacs-server timeout timeout...
Page 660: Tacacs-Server Source-Ip
The tacacs-server source-ip Global Configuration mode command configures the source IP address to be used for communication with TACACS+ servers. To return to the default configuration, use the no form of this command. Syntax tacacs-server source-ip source...
Page 661 TACACS+ Commands Parameters • ip-address — Name or IP address of the TACACS+ server. Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays configuration and statistical information about a TACACS+ server.
Page 662: Triple Play Commands
The switchport customer vlan Interface Configuration (Ethernet, port-channel) mode command sets the port's VLAN when the interface is in customer mode. To restore the default configuration, use the no form of this command. Syntax switchport customer vlan vlan-id...
Page 663: Ip Igmp Snooping Map Cpe Vlan
The ip igmp snooping map cpe vlan Global Configuration command maps CPE VLANs to multicast-TV VLANs. Use the no form of this command to remove the mapping. Syntax...
Page 664: Show Ip Igmp Snooping Cpe Vlans
Command Line Interface If an IGMP message is received on a customer port tagged with a CPE VLAN, and there is a mapping from that CPE VLAN to a multicast-TV VLAN, the IGMP message would be associated with the multicast-TV VLAN.
Page 665: Show Ip Igmp Snooping Interface
Triple Play Commands show ip igmp snooping interface The show ip igmp snooping interface Privileged EXEC mode command displays IGMP snooping configuration. Syntax show ip igmp snooping interface vlan-id Parameters • vlan-id — Specifies the valid VLAN number. Default Configuration This command has no default configuration.
Page 666: Dhcp Snooping, Ip Source Guard And Arp Inspection Commands
Use the ip dhcp snooping verify global configuration command to 4-646 verify configure the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. ip dhcp snooping...
Page 667: Ip Dhcp Snooping
Use the show ip arp inspection list privileged EXEC command to 4-663 inspection list display the static ARP binding list. ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. To return to the default configuration, use the no form of this command.
Page 668: Ip Dhcp Snooping Vlan
Console # (config)# ip dhcp snooping vlan The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN. To disable DHCP snooping on a VLAN, use the no form of this command. Syntax ip dhcp snooping vlan vlan-id...
Page 669: Ip Dhcp Snooping Trust
Console # (config)# ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration (Ethernet, Port-channel) mode command configures a port as trusted for DHCP snooping purposes. To return to the default configuration, use the no form of this command. Syntax...
Page 670: Ip Dhcp Information Option
The ip dhcp snooping verify Global Configuration mode command configures the switch to verify, on an untrusted port, that the source MAC address in a DHCP packet matches the client hardware address. To configure the switch to not verify the MAC addresses, use the no form of this command.
Page 671: Ip Dhcp Snooping Database
Console # (config)# ip dhcp snooping verify Console # (config)# ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file. To delete the binding file, use the no form of this command. Syntax ip dhcp snooping database...
Page 672: Ip Dhcp Snooping Database Update-Freq
Command Line Interface ip dhcp snooping database update-freq The ip dhcp snooping database update-freq Global Configuration Command configures the update frequency of the DHCP snooping binding file. To return to the default configuration, use the no form of this command. Syntax...
Page 673: Clear Ip Dhcp Snooping Database
Command Mode Privileged EXEC mode Command Usage After entering this command an entry would be added to the DHCP snooping database. If DHCP snooping binding file exists, the entry would be added to that file also. The entry would be displayed in the show commands as a “DHCP Snooping entry”.
Page 674: Show Ip Dhcp Snooping Binding
Trusted ---------------------- ---------------------- show ip dhcp snooping binding The show ip dhcp snooping binding User EXEC mode command displays the DHCP snooping binding database and configuration information for all interfaces on a switch. Syntax show ip dhcp snooping binding [mac-address mac-address]...
Page 675: Ip Source-Guard (Global)
(s) 3 1/22 ip source-guard (global) The ip source-guard Global Configuration mode command globally enables the IP source guard. To disable IP source guard, use the no form of this command. Syntax ip source-guard no ip source-guard Default Configuration IP source guard is disabled.
Page 676: Ip Source-Guard (Interface)
Console # (config-if)# ip source-guard binding The ip source-guard binding Global Configuration mode command configures the static IP source bindings on the switch. To delete static bindings, use the no form of this command. Syntax ip source-guard binding mac-address vlan-id ip-address {ethernet interface...
Page 677: Ip Source-Guard Tcam Retries-Freq
Global Configuration mode Command Usage There are no user guidelines for this command. Example The following example configures the static IP source bindings on the switch for port 1/e16. Console # (config)# ip source-guard binding 00:60:70:4C:73:FF 1 10.6.22.195 ethernet 1/e16...
Page 678: Ip Source-Guard Tcam Locate
(TCAM) resources, there may be situations where IP source guard addresses are inactive because of lack of TCAM resources. By default, every minute the software conducts a search for available space in the TCAM for the inactive IP source guard addresses.
Page 679: Show Ip Source-Guard Configuration
IP Source Guard is Enabled. Interface State ----------- --------- 1/21 Enabled 1/22 Enabled 1/22 Enabled 1/22 Enabled 1/23 Enabled 1/24 Enabled 1/32 Disabled show ip source-guard inactive The show ip source-guard inactive EXEC mode command displays the IP source guard inactive addresses.
Page 680: Show Ip Source-Guard Status
(TCAM) resources, there may be situations where IP source guard addresses are inactive because of lack of TCAM resources. By default, every minute the software conducts a search for available space in the TCAM for the inactive IP source guard addresses.
Page 681: Ip Arp Inspection
The following example globally enables the ARP inspection. Console # (config)# ip arp inspection Console # (config)# 01-Jan-2000 23:07:53 %ARPINSP-I-PCKTLOG: ARP packet dropped from port g3 with VLAN tag 1 and reason: packet verification failed SRC MAC 00:00:5e:00:01:07 SRC IP 10.6.22.193 DST MAC 00:00:00:00:00:00 DST IP 10.6.22.195...
Page 682: Ip Arp Inspection Vlan
Default Configuration The interface is untrusted. Command Mode Interface Configuration (Ethernet, Port-channel) mode Command Usage The switch does not check ARP packets, which are received on the trusted interface; it simply forwards the packets.
Page 683: Ip Arp Inspection Validate
The switch drops invalid packets and logs them in the log buffer according to the logging configuration specified with the ip arp inspection log-buffer vlan Global Configuration mode command.
Page 684: Ip Arp Inspection List Create
The ip arp inspection list create Global Configuration mode command creates a static ARP binding list and to enter the ARP list configuration mode. To delete the list, use the no form of this command.
Page 685: Ip Arp Inspection List Assign
Console(config-ARP-list)# ip 172.16.1.2 mac 0060.704C.7322 ip arp inspection list assign The ip arp inspection list assign Global Configuration mode command assigns static ARP binding lists to a VLAN. To delete the assignment, use the no form of this command. Syntax...
Page 686: Show Ip Arp Inspection
Global Configuration mode Command Usage There are no user guidelines for this command. Example The following example sets the minimum ARP SYSLOG message interval to 10 seconds. Console # (config)# ip arp inspection logging interval 10 Console # (config)# show ip arp inspection The show ip arp inspection EXEC mode command displays the ARP inspection configuration.
Page 687: Show Ip Arp Inspection List
User Interface Commands ----------- ----------- show ip arp inspection list The show ip arp inspection list Privileged EXEC mode command displays the static ARP binding list. Syntax show ip arp inspection list Default Configuration This command has no default configuration.
Page 688 Changes a login username. 4-666 configure Enters the Global Configuration mode. 4-667 exit (Configuration) Exits any configuration mode to the next highest mode in the CLI 4-667 mode hierarchy. Configur ation Modes exit Closes an active terminal session by logging off the device.
Page 689: Enable
The enable User EXEC mode command enters the Privileged EXEC mode. Syntax enable [privilege-level] Parameters • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Setting The default privilege level is 15. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.
Page 690: Disable
The disable Privileged EXEC mode command returns to the User EXEC mode. Syntax disable [privilege-level] Parameters • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Setting The default privilege level is 1. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.
Page 691: Configure
The following example enters Global Configuration mode. Console# configure Console(config)# Related Commands enable disable exit (Configuration) The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy. Syntax exit Default Setting This command has no default configuration.
Page 692: Exit
Privileged and User EXEC modes Command Usage There are no user guidelines for this command. Example The following example closes an active terminal session. Console> exit Related Commands configure The end command ends the current configuration session and returns to the Privileged EXEC mode.
Page 693: Help
This command has no default configuration. Command Mode All configuration modes. Command Usage There are no user guidelines for this command. Example The following example changes from Global Configuration mode to Privileged EXEC mode. Console(config)# end Console# Related Commands exit help The help command displays a brief description of the help system.
Page 694: Terminal Datadump
Help is provided when: 1. There is a valid command and a help request is made for entering a parameter or argument (e.g. 'show ?'). All possible parameters or arguments for the entered command are displayed.
Page 695: Show History
User Interface Commands Related Commands show history show history The show history User EXEC mode command lists the commands entered in the current session. Syntax show history Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage The buffer includes executed and unexecuted commands.
Page 696 Command Mode Privileged and User EXEC modes Command Usage There are no user guidelines for this command. Example The following example displays the current privilege level for the Privileged EXEC mode. Console# show privilege Current privilege level is 15 Related Commands...
Page 697: Vlan Commands
4-676 interface range vlan Enables simultaneously configuring multiple VLANs. 4-677 name Adds a name to a VLAN. To remove the VLAN name, use the no 4-678 form of this command. map protocol Maps a protocol to a group of protocols.
Page 698: Vlan Database
Sets a subnet-based classification rule. 4-691 map subnets-group vlan switchport protected Overrides the FDB decision and sends all Unicast, Multicast and 4-692 Broadcast traffic to an uplink port. To return to the default configuration, use the no form of the command.
Page 699: Vlan
Console(config-vlan)# Related Commands vlan name show vlan vlan Use the vlan VLAN Configuration mode command to create a VLAN. To delete a VLAN, use the no form of this command. Syntax vlan vlan-range no vlan vlan-range Parameters • vlan-range — Specifies a list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces;...
Page 700: Default-Vlan Vlan
Command Line Interface default-vlan vlan Use the default-vlan vlan VLAN Configuration mode command to create a default VLAN. To restore the default configuration or delete a VLAN, use the no form of this command. Syntax default-vlan vlan vlan-id no default-vlan vlan Parameters •...
Page 701: Interface Range Vlan
Command Usage Commands under the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution of the command continues on the other interfaces.
Page 702: Name
The map protocol protocols-group VLAN Configuration command maps a protocol to a group of protocols. Use the no form of this command to delete the map. Syntax map protocol protocol [encapsulation] protocols-group group no map protocol protocol [encapsulation] Parameters - protocol —...
Page 703: Switchport General Map Protocols-Group Vlan
The following protocol names are reserved for Ethernet Encapsulation: - ip-arp - ipx - ip Example The following example maps a protocol 0x0000 to protocol group 1000 for Ethernet port 1/e16. Console(config-vlan)# map protocol 0x000 ethernet protocols-group 1000 Console(config-if)# switchport mode access Related Commands...
Page 704: Switchport Mode
The switchport mode Interface Configuration mode command configures the VLAN membership mode of a port. To return to the default configuration, use the no form of this command. Syntax switchport mode {access | trunk | general}...
Page 705: Switchport Access Vlan
The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode. To return to the default configuration, use the no form of this command. Syntax...
Page 706: Switchport Trunk Allowed Vlan
Command Line Interface Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN Ethernet port 1/e16. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport access vlan 23 Related Commands switchport mode switchport trunk allowed vlan switchport trunk native vlan...
Page 707: Switchport Trunk Native Vlan
VLAN Commands Example The following example adds VLANs 1, 2, 5 to 6 to the allowed list of Ethernet port 1/ e16. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport trunk allowed vlan add 1-2,5-6 Related Commands switchport mode switchport access vlan...
Page 708: Switchport General Allowed Vlan
[tagged | untagged] switchport general allowed vlan remove vlan-list Parameters • add vlan-list — Specifies the list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs.
Page 709: Switchport General Pvid
This command enables changing the egress rule (e.g., from tagged to untagged) without first removing the VLAN from the list. Example The following example adds VLANs 2, 5, and 6 to the allowed list of Ethernet port 1/ e16. Console(config)# interface ethernet 1/e16...
Page 710: Switchport General Ingress-Filtering Disable
Command Line Interface Command Usage There are no user guidelines for this command. Example The following example configures the PVID for Ethernet port 1/e16, when the interface is in general mode. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport general pvid 234...
Page 711: Switchport General Acceptable-Frame-Type Tagged-Only
The switchport general acceptable-frame-type tagged-only Interface Configuration mode command discards untagged frames at ingress. To return to the default configuration, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only...
Page 712: Switchport Forbidden Vlan
The switchport forbidden vlan Interface Configuration mode command forbids adding specific VLANs to a port. To return to the default configuration, use the remove parameter for this command. Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} Parameters •...
Page 713: Map Mac Macs-Group
The map mac macs-group VLAN Configuration mode command maps a MAC address or range of MAC addresses to a group of MAC addresses. To delete the map, use the no form of this command. Syntax...
Page 714: Switchport General Map Macs-Group Vlan
The map subnet subnets-group VLAN Configuration mode command maps the IP subnet to a group of IP subnets. To delete the map, use the no form of this command. Syntax map subnet ip-address prefix-mask subnets-group group...
Page 715: Switchport General Map Subnets-Group Vlan
VLAN Commands Parameters • ip-address — Specifies the IP address prefix of the subnet to be entered to the group. • prefix-mask — Mask bits. The format is IP address format. • group — Indicates the group number. (Range: 1-2147483647) Default Configuration This command has no default configuration.
Page 716: Switchport Protected
Command Mode Interface Configuration (Ethernet, port-channel) Command Usage Packets to the MAC address of the device are sent to the device and not forwarded to the uplink. IGMP snooping works on PVE protected ports; however forwarding of query/ reports is not limited to the PVE uplink.
Page 717: Ip Internal-Usage-Vlan
IP interface, an unused VLAN is selected by the software. • If the software selected a VLAN for internal use and the user wants to use that VLAN as a static or dynamic VLAN, the user should do one of the following: •...
Page 718: Show Vlan
Command Line Interface Example The following example reserves an unused VLAN as the internal usage VLAN of ethernet port 1/e8. Console# config Console(config)# interface ethernet 1/e8 Console(config-if)# ip internal-usage-vlan Related Commands switchport mode switchport access vlan switchport trunk allowed vlan...
Page 719: Show Vlan Internal Usage
Related Commands vlan database vlan name show vlan internal usage The show vlan internal usage Privileged EXEC mode command displays a list of VLANs used internally by the device. Syntax show vlan internal usage Default Setting This command has no default configuration.
Page 720: Show Interfaces Switchport
Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Examples The following examples display the switchport configuration for Ethernet ports 1/e1 and 1/e2. Console# show interfaces switchport ethernet 1/e1 Port 1/e1: Port Mode: Access...
Page 721 VLAN Commands Acceptable Frame Type: admitAll Ingress UnTagged VLAN ( NATIVE ): 1 Protected: Enabled, Uplink is 1/e9. Port 1/e1 is member in: Vlan Name Egress rule Port Membership Type ---- -------------------- ----------- ------------------- default untagged System VLAN008 tagged Dynamic...
Page 722 Port Membership Type ---- ------------ ----------- ------------------- IP Telephony tagged Static Static configuration: PVID: 8 Ingress Filtering: Disabled Acceptable Frame Type: All Port 1/e2 is statically configured to: Vlan Name Egress rule ---- ------------ ----------- VLAN0072 untagged IP Telephony tagged Forbidden VLANS:...
Page 723: Switchport Access Multicast-Tv Vlan
VLAN that is not the Access port VLAN, while keeping the L2 segregation with subscribers on different Access port VLANs. Use the no form of this command to disable receiving multicast transmissions.
Page 724: Show Vlan Protocols-Groups
The show vlan protocols-groups EXEC command displays protocols-groups information. Syntax show vlan protocols-groups Default Configuration There are no user default configuration for this command. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example configures displays IPMP Snooping configuration.
Page 725: Show Vlan Macs-Groups
VLAN Commands switchport access vlan show vlan macs-groups The show vlan macs-groups Privileged EXEC mode command displays macs-groups information. Syntax show vlan macs-groups Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.
Page 726: Show Vlan Multicast-Tv
-------- 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0 show vlan multicast-tv Use the show multicast-tv command to display information on the source ports and receiver ports of multicast-tv vlan. Syntax show vlan multicast-tv vlan-id Parameters of the Multicast TV VLAN • vlan-id — VLAN ID Default Configuration This command has no default configuration.
Page 727: Ip Http Server
Specifies the TCP port to be used by the Web browser interface. 4-704 To return to the default configuration, use the no form of this command. ip http exec-timeout Sets the interval, which the system waits to user input in http 4-705 sessions before automatic logoff. ip https server Enables configuring the device from a secured browser.
Page 728: Ip Http Port
The ip http port Global Configuration mode command specifies the TCP port to be used by the Web browser interface. To return to the default configuration, use the no form of this command. Syntax...
Page 729: Ip Http Exec-Timeout
The ip http exec-timeout Global Configuration mode command sets the interval, which the system waits to user input in http sessions before automatic logoff. To restore the default configuration, use the no form of this command. Syntax...
Page 730: Ip Https Port
The ip https port Global Configuration mode command specifies the TCP port used by the server to configure the device through the Web browser. To return to the default configuration, use the no form of this command.
Page 731: Ip Https Exec-Timeout
The ip https exec-timeout Global Configuration mode command sets the interval that the system waits to user input in https sessions before automatic logoff. To restore the default configuration, use the no form of this command. Syntax...
Page 732: Crypto Certificate Request
If no RSA key length is specified, the default length is 1024. If no URL or IP address is specified, the default common name is the lowest IP address of the device at the time that the certificate is generated.
Page 733 Web Server Commands • common-name — Specifies the fully qualified URL or IP address of the device. (Range: 1- 64) • organization-unit — Specifies the organization-unit or department name. (Range: 1- 64) • organization — Specifies the organization name. (Range: 1- 64) •...
Page 734: Crypto Certificate Import
The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command. If the public key found in the certificate does not match the device's SSL RSA key, the command fails. This command is not saved in the device configuration; however, the certificate imported by this command is saved in the private configuration (which is never displayed to the user or backed up to another device).
Page 735: Ip Https Certificate
The ip https certificate Global Configuration mode command configures the active certificate for HTTPS. To return to the default configuration, use the no form of this command. Syntax ip https certificate number...
Page 736: Show Crypto Certificate Mycertificate
Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Related Commands crypto certificate generate crypto certificate request crypto certificate import ip https certificate show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration.
Page 737: Show Ip Https
HTTP server enabled. Port: 80 Related Commands ip http server ip http port show ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration. Syntax show ip https Default Setting This command has no default configuration.
Page 738: Ip Https Server
Command Line Interface Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2004 to 8/9/2005 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: 1873B936 88DC3411 BC8932EF 782134BA Related Commands ip https server ip https port ip https certificate...
Page 739: Appendix A. Configuration Examples
Appendix A. Configuration Examples This appendix contains configuration example for the Customer VLANs, and Multicast TV, and contains the following sections: • Configuring QinQ • Configuring Multicast TV • Configuring Customer VLANs -715...
Page 740: Configuring Qinq
QinQ. Adding additional tags to the packets helps create more VLAN space. The added tag provides an VLAN ID to each customer, this ensures private and segregated network traffic. The VLAN ID tag is assigned to a customer port in the service providers network. The designated port then provides additional services to the packets with the double-tags.
Page 741: Figure 2. Add 802.1Q Vlan Page
Figure 2. Add 802.1q VLAN Page Define the VLAN ID and VLAN Name field. Click Click Layer 2 > VLAN > VLAN > Interface Configuration. The VLAN Interface Configuration Page opens. Figure 3. VLAN Interface Configuration Page Click on a previously defined customer VLAN row. The Modify VLAN Interface...
Page 742: Figure 4. Modify Vlan Interface Configuration Page
Set the VLAN Interface Mode field to Customer. Define the remaining fields. 10. Click . The VLAN interface settings are saved, and the device is updated. 11. Click Layer 2 > VLAN > VLAN > Current Table. The VLAN Current Table opens. -718...
Page 743: Configuring Customer Vlans Using The Cli
14. Click . The customer VLAN is defined, and the device is updated. Configuring Customer VLANs using the CLI As an example for configuring QinQ. The following figure illustrates the configuration example being described. Figure 6. QinQ Configuration Example To configure QinQ, perform the following: Enter the global configuration mode.
Page 744 Console (config-if)# switchport customer vlan 100 Console (config-if)# exit Console (config)# Configure port e10 as a trunked port, tagged for VLAN 100. Console (config)# interface ethernet e10 Console (config-if)# switchport mode trunk Console (config-if)# switchport trunk allowed vlan add 100...
Page 745: Configuring Multicast Tv
A and B, to each of the CPE customers. For this purpose port e4 is configured as a trunked port, tagged for VLANs 1001, 1048, 3000, 3001, with port e1 and e48 configured as the triple play ports connected to the customer site.
Page 746 Console (config)# Enter the VLAN configuration mode. Console (config)# vlan database Console (config-vlan)# Create VLANs for customer port 1 and port 48 for QinQ. Each customer has separate VLAN. Console (config-vlan)# vlan 1001 Console (config-vlan)# vlan 1048 Create a VLAN for configuring Multicast TV provider A.
Page 747 12. To configure the QinQ uplink, configure port e4 as a trunked port, tagged for VLANs 1001, 1048, 3000 and 3001. Console (Config)# interface ethernet e4 Console (config-if)# switchport mode trunk Console (config-if)# switchport trunk allowed vlan add 1001 Console (config-if)# switchport trunk allowed vlan add 1048...
Page 748: Figure 8. Add Vlan Membership Page
Figure 8. Add VLAN Membership Page Create VLANs for customer port 1 and port 48 for QinQ. Each customer has separate VLAN. For this example use 1001 and 1048. With the same screen create a VLAN for configuring Multicast TV provider A as 3000, and create a VLAN for configuring Multicast TV provider B as 3001.
Page 749: Figure 9. Cpe Vlan Mapping Page
Figure 9. CPE VLAN Mapping Page Click The Add CPE VLAN Mapping Page opens: Map the internal CPE VLAN 3 to the Multicast TV VLAN 3001, and map the internal CPE VLAN 4 to the Multicast TV VLAN 3000. 10. Click 11.
Page 750: Figure 10. Cpe Vlan Mapping Page
12. Click Layer 2 > VLAN > VLAN > Current Table. The VLAN Current Table Page opens. 13. Select VLAN ID number 1001 and double-click port e1. The VLAN Membership Settings page opens. Figure 10. CPE VLAN Mapping Page 14. In the...
Page 751: Figure 11. Vlan Interface Settings Page
20. Click 21. Close the VLAN Interface Settings Page. 22. Repeat steps 18 to 21 configuring port e48 as a customer port on VLAN 1048. 23. Click Layer 2 > VLAN > VLAN > Customer Multicast TV VLAN. The Customer Multicast VLAN Page opens.
Page 752: Configuring Customer Vlans
VLAN space. The added tag provides an VLAN ID to each customer, this ensures private and segregated network traffic. The VLAN ID tag is assigned to a customer port in the service providers network. The designated port then provides additional services to the packets with the double-tags.
Page 753: Figure 13. Vlan Basic Information Page
To configure customer VLANs: Click Layer 2 > VLAN > VLAN > Basic Information. The VLAN Basic Information Page opens. Figure 13. VLAN Basic Information Page Click . The Add VLAN Page opens: Figure 14. Add VLAN Page Define the VLAN ID and VLAN Name field.
Page 754: Figure 15. Vlan Interface Configuration Page
Click Layer 2 > VLAN > VLAN > Interface Configuration. The VLAN Interface Configuration Page opens. Figure 15. VLAN Interface Configuration Page Click on previously defined customer VLAN row. The Modify VLAN Interface Configuration Page opens: Figure 16. Modify VLAN Interface Configuration Page...
Page 755: Figure 17. Vlan Current Table
10. Click . The VLAN interface settings are saved, and the device is updated. 11. Click Layer 2 > VLAN > VLAN > Current Table. The VLAN Current Table opens. Figure 17. VLAN Current Table 12. Select the VLAN ID.
Page 756: Appendix B. Software Specifications
Appendix B. Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) AMAP Alcatel Mapping Adjacency Protocol SNMPv3 Management access via MIB database Trap management to specified hosts...
Page 757: Management Features
Up to 255 groups; port-based, protocol-based, or tagged (802.1Q), GVRP for automatic VLAN learning, private VLANs Class of Service Supports eight levels of priority and Weighted Round Robin Queueing (which can be configured by VLAN tag or port), Layer 3/4 priority mapping: IP Precedence, IP DSCP...
Page 758: Management Information Bases
Port Access Entity MIB (IEEE 802.1x) Private MIB Quality of Service MIB RADIUS Authentication Client MIB (RFC 2621) RMON MIB (RFC 2819) RMON II Probe Configuration Group (RFC 2021, partial implementation) SNMP framework MIB (RFC 2571) SNMP-MPD MIB (RFC 2572)
Page 759 Management Information Bases SNMP Target MIB, SNMP Notification MIB (RFC 2573) SNMP User-Based SM MIB (RFC 2574) SNMP View Based ACM MIB (RFC 2575) SNMP Community MIB (RFC 2576) TACACS+ Authentication Client MIB TCP MIB (RFC 2013) Trap (RFC 1215)
Page 760: Appendix C. Troubleshooting
• Be sure the management station has an IP address in the same subnet as the switch’s IP interface to which it is connected. • If you are trying to connect to the switch via the IP address for a tagged VLAN group, your management station, and the ports connecting intermediate switches in the network, must be configured with the appropriate tag.
Page 761: Using System Logs
YSTEM Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 762: Appendix D. Glossary
DSCP priority bit. Differentiated Services Code Point Service (DSCP) DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.
Page 763 Spanning Tree network. Generic Attribute Registration Protocol (GARP) GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations.
Page 764 On each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
Page 765 MD5 Message Digest Algorithm An algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
Page 766 NTP servers. Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.
Page 767 Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN.
Page 768 802.1p 234 static entries 86 Domain Name Service 83 DSCP 234, 244 Access Control Element 232 Dynamic Host Configuration Access Control List See ACL Protocol 81 Access Control Lists 165, 232 ACE 232 ACEs 165, 232 E-911 131 ACL 234, 245...
Page 769 Index Line 108 Link Aggregation Control Protocol 72 RADIUS 108 Link Control Protocol 197 Rapid Spanning Tree Protocol 196 LLDP Media Endpoint Discovery 131 RSTP 196 LLDP-MED 131 Rules 106, 233 log-in, Web interface 32 logon authentication TACACS+ client 104...
Page 770 Index Web interface access requirements 32 Warm standby 38 configuration buttons 33 home page 32 menu list 34 panel display 34 Weighted Round Robin 234 WRR 234, 235...

Alcatel OS-LS-6224 User Manual

Chapter 1: Introduction

Chapter 2: Initial Configuration

Chapter 3: Configuring the Switch

Quick Links

User Guide

Related Manuals for Alcatel OS-LS-6224

Summary of Contents for Alcatel OS-LS-6224