Page 1: Software Version
ProSafe 7200 Managed Switches CLI Manual, Software Version 8.0 NETGEAR, Inc. 350 Plumeria Dr. San Jose, CA 95124 USA 202-10530-01 July 2009...
Page 2: Statement Of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3 Product and Publication Details Model Number: FSM72xx/GSM72xx Publication Date: July 2009 Product Family: managed switch Product Name: ProSafe 7200 Series Stackable Managed Switches Home or Business Product: Business Language: English Publication Part Number: 202-10530-01 Publication Version Number v1.0, July 2009...
Page 4 v1.0, July 2009...
Page 5: Table Of Contents
Managed Switch CLI Manual, Release 8.0 Contents About This Manual Audience ........................... ix About the Software ......................ix Scope .......................... x Product Concept ......................x Chapter 1 Using the Command-Line Interface Command Syntax ......................1-1 Command Conventions ....................1-2 Common Parameter Values ...................1-3 Unit/Slot/Port Naming Convention ..................1-3 Using the “No”...
Page 6 Managed Switch CLI Manual, Release 8.0 Voice VLAN Commands ....................3-47 Provisioning (IEEE 802.1p) Commands ...............3-50 Protected Ports Commands ..................3-51 Private Group Commands ....................3-53 GARP Commands ......................3-55 GVRP Commands ......................3-58 GMRP Commands .......................3-60 Port-Based Network Access Control Commands ............3-63 Storm-Control Commands ....................3-77 Port-Channel/LAG (802.3ad) Commands ..............3-89 Port Mirroring ......................3-112 Static MAC Filtering ....................3-114...
Page 7 Managed Switch CLI Manual, Release 8.0 DiffServ Class Commands ...................5-10 DiffServ Policy Commands ...................5-19 DiffServ Service Commands ..................5-25 DiffServ Show Commands ...................5-26 MAC Access Control List (ACL) Commands ..............5-32 IP Access Control List (ACL) Commands ..............5-37 IPv6 Access Control List (ACL) Commands ..............5-44 Auto-Voice over IP Commands ..................5-48 Chapter 6 Utility Commands...
Page 8 Managed Switch CLI Manual, Release 8.0 TACACS+ Commands ....................7-67 Configuration Scripting Commands ................7-71 Pre-login Banner and System Prompt Commands ............7-73 Chapter 8 Log Messages Core ..........................8-1 Utilities ..........................8-4 Management ........................8-6 Switching ........................8-10 QoS ..........................8-16 Routing/IPv6 Routing ....................8-17 Multicast ........................8-21 Stacking ........................8-23 Technologies ........................8-23 O/S Support ........................8-26 Chapter 9...
Page 9: About This Manual
About This Manual This document describes command-line interface (CLI) commands you use to view and configure 7200 Series Switch software. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a remote network connection. Note: This document contains both standalone and stacking commands.
Page 10: Scope
Managed Switch CLI Manual, Release 8.0 Scope The software encompasses both hardware and software support. The software is partitioned to run in the following processors: • CPU – This code runs the networking device management portfolio and controls the overall networking device hardware.
Page 11 • Scope. This manual is written for the 7200 Series Switch. Product Version ProSafe 7000 Series Managed Switch Manual Publication Date July 2009 Note: Product updates are available on the NETGEAR, Inc. website at http://kbserver.netgear.com v1.0, July 2009...
Page 12: How To Print This Manual
Managed Switch CLI Manual, Release 8.0 How to Print This Manual To print this manual, your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
Page 13: Using The Command-Line Interface
Chapter 1 Using the Command-Line Interface The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes.
Page 14: Command Conventions
Managed Switch CLI Manual, Release 8.0 • network parms is the command name. • <ipaddr> and <netmask> are parameters and represent required values that you must enter after you type the command keywords. • [gateway] is an optional parameter, so you are not required to enter a value in place of the parameter. The CLI Command Reference lists each command by the command name and provides a brief description of the command.
Page 15: Common Parameter Values
Managed Switch CLI Manual, Release 8.0 Common Parameter Values Parameter values might be names (strings) or numbers.To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (““) are not valid user-defined strings.
Page 16: Using The "No" Form Of A Command
Managed Switch CLI Manual, Release 8.0 The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also identifies the type of interface or port. Table 3.
Page 17: Managed Switch Modules
Managed Switch CLI Manual, Release 8.0 shutdown configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. Only the configuration commands are available in the no form. Managed Switch Modules Managed switch software consists of flexible modules that can be applied in various combinations to develop advanced Layer 2/3/4+ products.
Page 18 Managed Switch CLI Manual, Release 8.0 Table 5. CLI Command Modes Command Mode Prompt Mode Description User EXEC Contains a limited set of commands to view Switch> basic system information. Privileged EXEC Allows you to issue any EXEC command, enter Switch# the VLAN mode, or enter the Global Configuration mode.
Page 19 Managed Switch CLI Manual, Release 8.0 Table 5. CLI Command Modes (continued) Command Mode Prompt Mode Description TACACS Config Switch (Tacacs)# Contains commands to configure properties for the TACACS servers. DHCP Pool Switch (Config dhcp-pool)# Contains the DHCP server IP address pool Config configuration commands.
Page 20 Managed Switch CLI Manual, Release 8.0 Table 6. CLI Mode Access and Exit (continued) Command Mode Access Method Exit or Access Previous Mode Class-Map From the Global Config mode, To exit to the Global Config mode, enter exit. To Config enter return to the Privileged EXEC mode, enter Ctrl- class-map, and specify the...
Page 21: Command Completion And Abbreviation
Managed Switch CLI Manual, Release 8.0 Table 6. CLI Mode Access and Exit (continued) Command Mode Access Method Exit or Access Previous Mode DHCPv6 Pool From the Global Config mode, To exit to the Global Config mode, enter exit. To Config enter return to the Privileged EXEC mode, enter Ctrl-...
Page 22: Cli Line-Editing Conventions
Managed Switch CLI Manual, Release 8.0 Table 7. CLI Error Messages Message Text Description Command not found / Incomplete Indicates that you did not enter the required keywords or values. command. Use ? to list commands. Ambiguous command Indicates that you did not enter enough letters to uniquely identify the command.
Page 23: Using Cli Help
Managed Switch CLI Manual, Release 8.0 Table 8. CLI Editing Conventions (continued) Key Sequence Description Exit Go to next lower command prompt List available commands, keywords, or parameters Using CLI Help Enter a question mark (?) at the command prompt to display the commands available in the current mode.
Page 24: Accessing The Cli
Managed Switch CLI Manual, Release 8.0 (switch) #show m? mac-addr-table mac-address-table monitor Accessing the CLI You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host. For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway.
Page 25: Stacking Commands
Chapter 2 Stacking Commands The Stacking Commands chapter includes the following sections: • “Dedicated Port Stacking” on page 2-1 • “Front Panel Stacking Commands” on page 2-10 Note: The commands in this chapter are in one of two functional groups: Note: Show commands display switch settings, statistics, and other information.
Page 26 Managed Switch CLI Manual, Release 8.0 member This command configures a switch. The <unit> is the switch identifier of the switch to be added/removed from the stack. The <switchindex> is the index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer.
Page 27 Managed Switch CLI Manual, Release 8.0 switch renumber This command changes the switch identifier for a switch in the stack. The <oldunit> is the current switch identifier on the switch whose identifier is to be changed. The <newunit> is the updated value of the switch identifier.
Page 28 Managed Switch CLI Manual, Release 8.0 slot This command configures a slot in the system. The <unit/slot> is the slot identifier of the slot. The <cardindex> is the index into the database of the supported card types, indicating the type of the card being preconfigured in the specified slot. The card index is a 32-bit integer. If a card is currently present in the slot that is unconfigured, the configured information will be deleted and the slot will be re-configured with default information for the card.
Page 29: Set Slot Power
Managed Switch CLI Manual, Release 8.0 If a card or other module is present in the slot, this administrative mode will effectively be applied to the contents of the slot. If the slot is empty, this administrative mode will be applied to any module that is inserted into the slot.
Page 30: Reload (Stack)
Managed Switch CLI Manual, Release 8.0 no set slot power This command unconfigures the power mode of the slot(s) and prohibits power from being supplied to a card located in the slot. If you specify [all], the command prohibits power to all slots, otherwise the command prohibits power to the slot identified by <unit/slot>.
Page 31: Show Supported Cardtype
Managed Switch CLI Manual, Release 8.0 Term Definition Pluggable Cards are pluggable or non-pluggable in the slot. Power Down Indicates whether the slot can be powered down. If you supply a value for <unit/slot>, the following additional information appears: Term Definition Inserted Card The model identifier of the card inserted in the slot.
Page 32: Show Switch
Managed Switch CLI Manual, Release 8.0 show switch This command displays information about all units in the stack or a single unit when you specify the unit value. Format show switch [<unit>] Mode Privileged EXEC Term Definition Switch The unit identifier assigned to the switch. When you do not specify a value for <unit>, the following information appears: Term Definition...
Page 33: Show Supported Switchtype
Managed Switch CLI Manual, Release 8.0 Term Definition Switch Status The switch status. Possible values are OK, Unsupported, Code Mismatch, Config Mismatch, or Not Present. Switch The switch description. Description Expected Code The expected code version. Version Detected Code The version of code running on this switch. If the switch is not present and the data is Version from pre-configuration, then the code version is “None”.
Page 34: Front Panel Stacking Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Model Identifier The model identifier for the supported switch type. Switch The description for the supported switch type. Description Front Panel Stacking Commands This section describes the commands you use to view and configure front panel stacking information.
Page 35: Show Stack-Port Counters
Managed Switch CLI Manual, Release 8.0 For Each Interface: Term Definition Unit The unit number. Interface The slot and port numbers. Configured Stack Stack or Ethernet. Mode Running Stack Stack or Ethernet. Mode Link Status Status of the link. Link Speed Speed (Gbps) of the stack port link.
Page 36: Show Stack-Port Diag
Managed Switch CLI Manual, Release 8.0 show stack-port diag This command shows front panel stacking diagnostics for each port and is only intended for Field Application Engineers (FAEs) and developers. An FAE will advise on the necessity to run this command and capture this information.
Page 37: Switching Commands
Chapter 3 Switching Commands This chapter describes the switching commands available in the managed switch CLI. The Switching Commands chapter includes the following sections: • “Port Configuration Commands” on page 3-2 • “show port description” on page 3-9 • “VLAN Commands” on page 3-30 •...
Page 38: Port Configuration Commands
Managed Switch CLI Manual, Release 8.0 • “LLDP-MED Commands” on page 3-168 • “Denial of Service Commands” on page 3-179 • “MAC Database Commands” on page 3-191 • “ISDP Commands” on page 3-193 Warning: The commands in this chapter are in one of three functional groups: •...
Page 39: Interface Vlan
Managed Switch CLI Manual, Release 8.0 interface vlan This command gives you access to to the vlan virtual interface mode, which allows certain port configurations (for example, the IP address) to be applied to the VLAN interface. Type a question mark (?) after entering the interface configuration mode to see the available options.
Page 40: Auto-Negotiate All
Managed Switch CLI Manual, Release 8.0 no auto-negotiate This command disables automatic negotiation on a port. Note: Automatic sensing is disabled when automatic negotiation is disabled. auto-negotiate all Format no auto-negotiate Mode Interface Config This command enables automatic negotiation on all ports. Default enabled Format...
Page 41 Managed Switch CLI Manual, Release 8.0 Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG) interfaces. For the standard 7000 seriesimplementation, the MTU size is a valid integer between 1522 - 9216 for tagged packets and a valid integer between 1518 - 9216 for untagged packets.
Page 42: Shutdown All
Managed Switch CLI Manual, Release 8.0 Format shutdown Mode Interface Config no shutdown This command enables a port. Format no shutdown Mode Interface Config shutdown all This command disables all ports. Note: You can use the shutdown all command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces.
Page 43: Speed All
Managed Switch CLI Manual, Release 8.0 speed This command sets the speed and duplex setting for the interface. Format speed {<100 | 10> <half-duplex | full-duplex>} Mode Interface Config Acceptable Definition Values 100h 100BASE-T half duplex 100f 100BASE-T full duplex 10BASE-T half duplex 10BASE-T full duplex speed all...
Page 44: Show Port Protocol
Managed Switch CLI Manual, Release 8.0 Term Definition Interface Valid unit, slot, and port number separated by forward slashes. Type If not blank, this field indicates that this port is a special type of port. The possible values are: • Mirror - this port is a monitoring port. For more information, see “Port Mirroring”...
Page 45: Show Port Description
Managed Switch CLI Manual, Release 8.0 show port description This command displays the port description for every port. Format show port description <unit/slot/port> Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by forward slashes Description Shows the port description configured via the “description” command show port status This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.
Page 46: Spanning Tree Protocol (Stp) Commands
Managed Switch CLI Manual, Release 8.0 Spanning Tree Protocol (STP) Commands This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability. spanning-tree This command sets the spanning-tree operational mode to enabled. Default enabled Format...
Page 47: Spanning-Tree Bpduflood
Managed Switch CLI Manual, Release 8.0 Default enabled Format no spanning-tree bpdufilter default Mode Global Config spanning-tree bpduflood Use this command to enable BPDU Flood on the interface. Default disabled Format spanning-tree bpduflood Mode Interface Config no spanning-tree bpduflood Use this command to disable BPDU Flood on the interface. Format no spanning-tree bpduflood Mode...
Page 48: Spanning-Tree Bpdumigrationcheck
Managed Switch CLI Manual, Release 8.0 Format no spanning-tree bpduguard Mode Global Config spanning-tree bpdumigrationcheck Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP) BPDUs. Use the <unit/slot/port> parameter to transmit a BPDU from a specified interface, or use the all keyword to transmit BPDUs from all interfaces.
Page 49: Spanning-Tree Configuration Revision
Managed Switch CLI Manual, Release 8.0 spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535. Default Format spanning-tree configuration revision <0-65535>...
Page 50: Spanning-Tree Forceversion
Managed Switch CLI Manual, Release 8.0 spanning-tree forceversion This command sets the Force Protocol Version parameter to a new value. Default 802.1s Format spanning-tree forceversion <802.1d | 802.1s | 802.1w> Mode Global Config • Use 802.1d to specify that the switch transmits ST BPDUs rather than MST BPDUs (IEEE 802.1d functionality supported).
Page 51: Spanning-Tree Guard
Managed Switch CLI Manual, Release 8.0 no spanning-tree forward-time This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value. Format no spanning-tree forward-time Mode Global Config spanning-tree guard This command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, then the port operates in accordance with the multiple spanning tree protocol.
Page 52: Spanning-Tree Max-Hops
Managed Switch CLI Manual, Release 8.0 no spanning-tree max-age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-age Mode Global Config spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree.
Page 53 Managed Switch CLI Manual, Release 8.0 If you specify the cost option, the command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the <mstid> parameter. You can set the path cost as a number in the range of 1 to 200000000 or auto.
Page 54: Spanning-Tree Mst Instance
Managed Switch CLI Manual, Release 8.0 Format no spanning-tree mst <mstid> <cost | external-cost | port-priority> Mode Interface Config spanning-tree mst instance This command adds a multiple spanning tree instance to the switch. The parameter <mstid> is a number within a range of 1 to 4094, that corresponds to the new instance ID to be added. The maximum number of multiple instances supported by the switch is 4.
Page 55: Spanning-Tree Mst Vlan
Managed Switch CLI Manual, Release 8.0 If you specify 0 (defined as the default CIST ID) as the <mstid>, this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree. The bridge priority value is a number within a range of 0 to 61440.
Page 56: Spanning-Tree Port Mode
Managed Switch CLI Manual, Release 8.0 no spanning-tree mst vlan This command removes an association between a multiple spanning tree instance and one or more VLANs so that the VLAN(s) are again associated with the common and internal spanning tree. Format no spanning-tree mst vlan <mstid>...
Page 57: Spanning-Tree Edgeport All
Managed Switch CLI Manual, Release 8.0 no spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to disabled. Format no spanning-tree port mode all Mode Global Config spanning-tree edgeport all This command specifies that every port is an Edge Port within the common and internal spanning tree.
Page 58: Show Spanning-Tree
Managed Switch CLI Manual, Release 8.0 no spanning-tree bpduforwarding This command will cause the STP BPDU packets received from the network to be dropped if STP is disabled. Format no spanning-tree bpduforwarding Mode Global Config show spanning-tree This command displays spanning tree settings for the common and internal spanning tree. The following details are displayed.
Page 59: Show Spanning-Tree Brief
Managed Switch CLI Manual, Release 8.0 Term Definition Root Port Derived value. Bridge Forward Delay Hello Time Configured value of the parameter for the CST. Bridge Hold Minimum time between transmission of Configuration Bridge Protocol Data Units Time (BPDUs). Bridge Max Bridge max-hops count for the device.
Page 60: Show Spanning-Tree Interface
Managed Switch CLI Manual, Release 8.0 show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <unit/slot/port> is the desired switch port. The following details are displayed on execution of the command. Format show spanning-tree interface <unit/slot/port>...
Page 61: Show Spanning-Tree Mst Port Detailed
Managed Switch CLI Manual, Release 8.0 show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <unit/slot/port> is the desired switch port.
Page 62 Managed Switch CLI Manual, Release 8.0 Term Definition Transitions Into The number of times this interface has transitioned into loop inconsistent state. Loop Inconsistent State Transitions Out The number of times this interface has transitioned out of loop inconsistent state. of Loop Inconsistent State...
Page 63: Show Spanning-Tree Mst Port Summary
Managed Switch CLI Manual, Release 8.0 Term Definition Topology Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission Change indicating if a topology change is in progress for this port. Acknowledgem Hello Time The hello time in use for this port. Edge Port The configured value indicating if this port is an edge port.
Page 64: Show Spanning-Tree Mst Summary
Managed Switch CLI Manual, Release 8.0 Term Definition MST Instance ID The MST instance associated with this port. Interface Valid unit, slot, and port number separated by forward slashes. STP Mode Indicates whether spanning tree is enabled or disabled on the port. Type Currently not used.
Page 65: Show Spanning-Tree Summary
Managed Switch CLI Manual, Release 8.0 show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. Format show spanning-tree summary Mode • Privileged EXEC • User EXEC Term Definition Spanning Tree...
Page 66: Vlan Commands
Managed Switch CLI Manual, Release 8.0 Term Definition VLAN Identifier The VLANs associated with the selected MST instance. Associated Identifier for the associated multiple spanning tree instance or “CST” if associated with Instance the common and internal spanning tree. VLAN Commands This section describes the commands you use to configure VLAN settings.
Page 67: Vlan Acceptframe
Managed Switch CLI Manual, Release 8.0 vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). The vlan-list contains VlanId's in range <1- 4093>.
Page 68: Vlan Ingressfilter
Managed Switch CLI Manual, Release 8.0 no vlan acceptframe This command resets the frame acceptance mode for the interface to the default value. Format no vlan acceptframe Mode Interface Config vlan ingressfilter This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
Page 69: Vlan Name
Managed Switch CLI Manual, Release 8.0 vlan name This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-4093. Default •...
Page 70: Vlan Participation All
Managed Switch CLI Manual, Release 8.0 vlan participation all This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number. Format vlan participation all {exclude | include | auto} <1-4093> Mode Global Config You can use the following participation options:...
Page 71: Vlan Port Ingressfilter All
Managed Switch CLI Manual, Release 8.0 no vlan port acceptframe all This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port.
Page 72: Vlan Port Tagging All
Managed Switch CLI Manual, Release 8.0 no vlan port pvid all This command sets the VLAN ID for all interfaces to 1. Format no vlan port pvid all Mode Global Config vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames.
Page 73 Managed Switch CLI Manual, Release 8.0 vlan protocol group add protocol This command adds the <protocol> to the protocol-based VLAN identified by <groupid>. A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command fails and the protocol is not added to the group.
Page 74: Protocol Vlan Group
Managed Switch CLI Manual, Release 8.0 Default none Format protocol group <groupid> <vlanid> Mode VLAN Config no protocol group This command removes the <vlanid> from this protocol-based VLAN group that is identified by this <groupid>. Format no protocol group <groupid> <vlanid> Mode VLAN Config protocol vlan group...
Page 75: Protocol Vlan Group All
Managed Switch CLI Manual, Release 8.0 protocol vlan group all This command adds all physical interfaces to the protocol-based VLAN identified by <groupid>. You can associate multiple interfaces with a group, but you can only associate each interface and protocol combination with one group. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command will fail and the interface(s) will not be added to the group.
Page 76: Vlan Tagging
Managed Switch CLI Manual, Release 8.0 vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The vlan-list contains VlanId's in range <1-4093>. Separate non- consecutive IDs with ',' and no spaces and no zeros in between the range;...
Page 77: Vlan Association Mac
Managed Switch CLI Manual, Release 8.0 vlan association mac This command associates a MAC address to a VLAN. Format vlan association mac <macaddr> <1-4093> Mode VLAN database no vlan association mac This command removes the association of a MAC address to a VLAN. Format no vlan association mac <macaddr>...
Page 78: Managed Switch Cli Manual, Release
Managed Switch CLI Manual, Release 8.0 Format show vlan <vlanid> Mode • Privileged EXEC • User EXEC Term Definition VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 3965. VLAN Name A string associated with this VLAN as a convenience.
Page 79: Show Vlan Port
Managed Switch CLI Manual, Release 8.0 Format show vlan brief Mode • Privileged EXEC • User EXEC Term Definition VLAN ID There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN ID is 1 to 3965. VLAN Name A string associated with this VLAN as a convenience.
Page 80: Show Vlan Association Subnet
Managed Switch CLI Manual, Release 8.0 Term Definition GVRP May be enabled or disabled. Default Priority The 802.1p priority assigned to tagged packets arriving on the port. show vlan association subnet This command displays the VLAN associated with a specific configured IP-Address and net mask. If no IP address and net mask are specified, the VLAN associations of all the configured IP- subnets are displayed.
Page 81: Double Vlan Commands
Managed Switch CLI Manual, Release 8.0 Double VLAN Commands This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain.
Page 82: Mode Dvlan-Tunnel
Managed Switch CLI Manual, Release 8.0 mode dvlan-tunnel Use this command to enable Double VLAN Tunneling on the specified interface. Note: When you use the mode dvlan-tunnel command on an interface, it becomes a service provider port. Ports that do not have double VLAN tunneling enabled are customer ports.
Page 83: Voice Vlan Commands
Managed Switch CLI Manual, Release 8.0 Term Definition EtherType A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly used value of 0x8100.
Page 84: Voice Vlan (Interface Config)
Managed Switch CLI Manual, Release 8.0 Also the inherent isolation provided by VLANs ensures that inter-VLAN traffic is under management control and that network- attached clients cannot initiate a direct attack on voice components. QoS-based on IEEE 802.1P class of service (CoS) uses classification and scheduling to sent network traffic from the switch in a predictable manner.
Page 85: Voice Vlan Data Priority
Managed Switch CLI Manual, Release 8.0 Parameter Description none Allow the IP phone to use its own configuration to send untagged voice traffic. untagged Configure the phone to send untagged voice traffic. no voice vlan (Interface Config) Use this command to disable the Voice VLAN capability on the interface. Format no voice vlan Mode...
Page 86: Provisioning (Ieee 802.1P) Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Voice VLAN Interface Mode The admin mode of the Voice VLAN on the interface. Voice VLAN ID The Voice VLAN ID Voice VLAN Priority The do1p priority for the Voice VLAN on the port. Voice VLAN Untagged The tagging option for the Voice VLAN traffic.
Page 87: Protected Ports Commands
Managed Switch CLI Manual, Release 8.0 Protected Ports Commands This section describes commands you use to configure and view protected ports on a switch. Protected ports do not forward traffic to each other, even if they are on the same VLAN. However, protected ports can forward traffic to all unprotected ports in their group.
Page 88: Switchport Protected (Interface Config)
Managed Switch CLI Manual, Release 8.0 switchport protected (Interface Config) Use this command to add an interface to a protected port group. The <groupid> parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group.
Page 89: Private Group Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Name An optional name of the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank. List of Physical List of ports, which are configured as protected for the group identified with <groupid>. If Ports no port is configured as protected for this group, this field is blank.
Page 90: Private-Group Name
Managed Switch CLI Manual, Release 8.0 By default, a port does not belong to any private group. A port cannot be in more than one private group. An error message should return when that occurred. To change a port’s private group, first the port must be removed from its private group.
Page 91: Garp Commands
Managed Switch CLI Manual, Release 8.0 no private-group name This command is used to remove the specified private group. Format private-group name <privategroup-name> Mode Global Config show private-group This command displays the private groups’ information. Format show private-groupname [<private-group-name>|<private-group- id>|port <unit/slot/port>] Mode Priviledged EXEC Term...
Page 92: Set Garp Timer Join
Managed Switch CLI Manual, Release 8.0 set garp timer join This command sets the GVRP join time for one port (Interface Config mode) or all (Global Config mode) and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group.
Page 93: Set Garp Timer Leaveall
Managed Switch CLI Manual, Release 8.0 no set garp timer leave This command sets the GVRP leave time on all ports or a single port to the default and only has an effect when GVRP is enabled. Format no set garp timer leave Mode •...
Page 94: Gvrp Commands
Managed Switch CLI Manual, Release 8.0 Format show garp Mode • Privileged EXEC • User EXEC Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system. GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system.
Page 95: Set Gvrp Interfacemode
Managed Switch CLI Manual, Release 8.0 Format no set gvrp adminmode Mode Privileged EXEC set gvrp interfacemode This command enables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). Default disabled Format set gvrp interfacemode Mode •...
Page 96: Gmrp Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Join Timer The interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds).
Page 97 Managed Switch CLI Manual, Release 8.0 Default disabled Format set gmrp adminmode Mode Privileged EXEC no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system. Format no set gmrp adminmode Mode Privileged EXEC set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode).
Page 98: Show Gmrp Configuration
Managed Switch CLI Manual, Release 8.0 Format no set gmrp interfacemode Mode • Interface Config • Global Config show gmrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Format show gmrp configuration {<unit/slot/port> | all} Mode •...
Page 99: Port-Based Network Access Control Commands
Managed Switch CLI Manual, Release 8.0 show mac-address-table gmrp This command displays the GMRP entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table gmrp Mode Privileged EXEC Term Definition Mac Address A unicast MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
Page 100: Dot1X Guest-Vlan
Managed Switch CLI Manual, Release 8.0 Format clear radius statistics Mode Privileged EXEC dot1x guest-vlan This command configures VLAN as guest vlan on a per port basis. The command specifies an active VLAN as an IEEE 802.1x guest VLAN. The range is 1 to the maximumVLAN ID supported by the platform.
Page 101: Dot1X Max-Req
Managed Switch CLI Manual, Release 8.0 dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <count> value must be in the range 1 - 10. Default Format dot1x max-req <count>...
Page 102 Managed Switch CLI Manual, Release 8.0 dot1x port-control This command sets the authentication mode to use on the specified port. Select force- unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify that the authenticator PAE unconditionally sets the controlled port to authorized.
Page 103: Dot1X Re-Authenticate
Managed Switch CLI Manual, Release 8.0 no dot1x port-control all This command sets the authentication mode on all ports to the default value. Format no dot1x port-control all Mode Global Config dot1x re-authenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is “auto”...
Page 104: Dot1X Timeout
Managed Switch CLI Manual, Release 8.0 dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Default disabled Format dot1x system-auth-control Mode Global Config no dot1x system-auth-control...
Page 105: No Dot1X Timeout
Managed Switch CLI Manual, Release 8.0 Tokens Definition supp-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535. server-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server.
Page 106: Dot1X User
Managed Switch CLI Manual, Release 8.0 Default Format dot1x unauthenticated-vlan <vlan id> Mode Interface Config no dot1x unauthenticated-vlan This command resets the unauthenticated-vlan associated with the port to its default value. Format no dot1x unauthenticated-vlan Mode Interface Config dot1x user This command adds the specified user to the list of users with access to the specified port or all ports.
Page 107: Show Authentication Methods
Managed Switch CLI Manual, Release 8.0 show authentication methods This command displays information about the authentication methods. Format show authentication methods Mode Privileged EXEC The following is an example of this command: Login Authentication Method Lists ________________________________ Console_Default: None Network_Default:Local Enable Authentication Lists _____________________ Console_Default: Enable None...
Page 108 Managed Switch CLI Manual, Release 8.0 Term Definition Administrative Indicates whether authentication control on the switch is enabled or disabled. Mode VLAN Indicates whether assignment of an authorized port to a RADIUS assigned VLAN is Assignment allowed (enabled) or not (disabled). Mode If you use the optional parameter summary {<unit/slot/port>...
Page 109 Managed Switch CLI Manual, Release 8.0 Term Definition Backend Current state of the backend authentication state machine. Possible values are Request, Authentication Response, Success, Fail, Timeout, Idle, and Initialize. When MAC-based authentication State is enabled on the port, this parameter is deprecated. Quiet Period The timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant.
Page 110 Managed Switch CLI Manual, Release 8.0 Term Definition Maximum Users The maximum number of clients that can get authenticated on the port in the MAC-based dot1x authentication mode. This value is used only when the port control mode is not MAC-based.
Page 111: Show Dot1X Clients
Managed Switch CLI Manual, Release 8.0 Term Definition Port The interface whose statistics are displayed. EAPOL Frames The number of valid EAPOL frames of any type that have been received by this Received authenticator. EAPOL Frames The number of EAPOL frames of any type that have been transmitted by this Transmitted authenticator.
Page 112: Show Dot1X Users
Managed Switch CLI Manual, Release 8.0 Format show dot1x clients {<unit/slot/port> | all} Mode Privileged EXEC Term Definition Logical The logical port number associated with a client. Interface Interface The physical port to which the supplicant is associated. User Name The user name used by the client to authenticate to the server.
Page 113: Storm-Control Commands
Managed Switch CLI Manual, Release 8.0 Storm-Control Commands This section describes commands you use to configure storm-control and view storm-control configuration information. A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates performance degredation in the network. The Storm-Control feature protects against this condition.
Page 114: Storm-Control Broadcast Level
Managed Switch CLI Manual, Release 8.0 Default enabled Format storm-control broadcast Mode Interface Config no storm-control broadcast Use this command to disable broadcast storm recovery mode for a specific interface. Format no storm-control broadcast Mode Interface Config storm-control broadcast level Use this command to configure the broadcast storm recovery threshold for an interface as a percentage of link speed and enable broadcast storm recovery.
Page 115: Storm-Control Broadcast Rate
Managed Switch CLI Manual, Release 8.0 storm-control broadcast rate Use this command to configure the broadcast storm recovery threshold for an interface in packets per second. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped.
Page 116 Managed Switch CLI Manual, Release 8.0 Format no storm-control broadcast Mode Global Config storm-control broadcast level (Global) This command configures the broadcast storm recovery threshold for all interfaces as a percentage of link speed and enables broadcast storm recovery. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 117: Storm-Control Multicast
Managed Switch CLI Manual, Release 8.0 Format storm-control broadcast rate <0-14880000> Mode Global Config no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast rate Mode Global Config storm-control multicast...
Page 118: Storm-Control Multicast Level
Managed Switch CLI Manual, Release 8.0 storm-control multicast level This command configures the multicast storm recovery threshold for an interface as a perecentage of link speed and enables multicast storm recovery mode. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 119 Managed Switch CLI Manual, Release 8.0 Format no storm-control multicast rate Mode Interface Config storm-control multicast (Global) This command enables multicast storm recovery mode for all interfaces. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 120: Storm-Control Unicast
Managed Switch CLI Manual, Release 8.0 no storm-control multicast level This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery. Format no storm-control multicast level Mode Global Config storm-control multicast rate (Global) Use this command to configure the multicast storm recovery threshold for all interfaces in packets per second.
Page 121: Storm-Control Unicast Level
Managed Switch CLI Manual, Release 8.0 Default disabled Format storm-control unicast Mode Interface Config no storm-control unicast This command disables unicast storm recovery mode for an interface. Format no storm-control unicast Mode Interface Config storm-control unicast level This command configures the unicast storm recovery threshold for an interface as a percentage of link speed, and enables unicast storm recovery.
Page 122: Storm-Control Unicast Rate
Managed Switch CLI Manual, Release 8.0 storm-control unicast rate Use this command to configure the unicast storm recovery threshold for an interface in packets per second. If the mode is enabled, unicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped.
Page 123 Managed Switch CLI Manual, Release 8.0 Format no storm-control unicast Mode Global Config storm-control unicast level (Global) This command configures the unicast storm recovery threshold for all interfaces as a percentage of link speed, and enables unicast storm recovery. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 124 Managed Switch CLI Manual, Release 8.0 no storm-control unicast rate This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery. Format no storm-control unicast rate Mode Global Config storm-control flowcontrol This command enables 802.3x flow control for the switch and only applies to full-duplex mode ports.
Page 125: Port-Channel/Lag (802.3Ad) Commands
Managed Switch CLI Manual, Release 8.0 show storm-control This command displays switch configuration information. If you do not use any of the optional parameters, this command displays global storm control configuration parameters: • Broadcast Storm Control Mode may be enabled or disabled. The factory default is disabled. •...
Page 126 Managed Switch CLI Manual, Release 8.0 shares traffic based upon the source and destination MAC address.Assign the port-channel (LAG) VLAN membership after you create a port-channel. If you do not assign VLAN membership, the port-channel might become a member of the management VLAN which can result in learning and switching issues.
Page 127: Deleteport (Global Config)
Managed Switch CLI Manual, Release 8.0 addport This command adds one port to the port-channel (LAG). The interface is a logical unit/slot/port number or a group ID of a configured port-channel. Note: Before adding a port to a port-channel, set the physical mode of the port. For more information, see “speed”...
Page 128: Lacp Admin Key
Managed Switch CLI Manual, Release 8.0 lacp admin key Use this command to configure the administrative value of the key for the port-channel. The value range of <key> is 0 to 65535. Default 0x8000 Format lacp admin key <key> Mode Interface Config Note: This command is only applicable to port-channel interfaces.
Page 129: Lacp Actor Admin
Managed Switch CLI Manual, Release 8.0 no lacp collector max delay Use this command to configure the default port-channel collector max delay. Format no lacp collector max-delay Mode Interface Config lacp actor admin Use this command to configure the LACP actor admin parameters. lacp actor admin key Use this command to configure the administrative value of the LACP actor admin key.
Page 130: Lacp Actor Admin State Individual
Managed Switch CLI Manual, Release 8.0 lacp actor admin state individual Use this command to set LACP actor admin state to individual. Format lacp actor admin state individual Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp actor admin state individual Use this command to set the LACP actor admin state to aggregation.
Page 131: Lacp Actor Admin State Passive
Managed Switch CLI Manual, Release 8.0 no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout. Format no lacp actor admin state longtimeout Mode Interface Config Note: This command is only applicable to physical interfaces. lacp actor admin state passive Use this command to set the LACP actor admin state to passive.
Page 132: Lacp Actor Port Priority
Managed Switch CLI Manual, Release 8.0 lacp actor port priority Use this command to configure the priority value assigned to the Aggregation Port. The valid range for <priority> is 0 to 255. Default 0x80 Format lacp actor port priority <priority> Mode Interface Config Note: This command is only applicable to physical interfaces.
Page 133: Lacp Partner Admin Key
Managed Switch CLI Manual, Release 8.0 no lacp actor system priority Use this command to configure the priority value associated with the Actor’s SystemID. Format no lacp actor system priority Mode Interface Config lacp partner admin key Use this command to configure the administrative value of the Key for the protocol partner. The valid range for <key>...
Page 134: Lacp Partner Admin State Longtimeout
Managed Switch CLI Manual, Release 8.0 Note: This command is only applicable to physical interfaces. no lacp partner admin state individual Use this command to set the LACP partner admin state to aggregation. Format no lacp partner admin state individual Mode Interface Config lacp partner admin state longtimeout...
Page 135: Lacp Partner Admin State Passive
Managed Switch CLI Manual, Release 8.0 lacp partner admin state passive Use this command to set the LACP partner admin state to passive. Format lacp partner admin state passive Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner admin state passive Use this command to set the LACP partner admin state to active.
Page 136: Lacp Partner Port Priority
Managed Switch CLI Manual, Release 8.0 no lacp partner port id Use this command to set the LACP partner port id to the default. Format no lacp partner portid Mode Interface Config lacp partner port priority Use this command to configure the LACP partner port priority. The valid range for <priority> is 0 to 255.
Page 137 Managed Switch CLI Manual, Release 8.0 lacp partner system id Use this command to configure the 6-octet MAC Address value representing the administrative value of the Aggregation Port’s protocol Partner’s System ID. The valid range of <system-id> is 00:00:00:00:00:00 - FF:FF:FF:FF:FF. Default 00:00:00:00:00:00 Format...
Page 138: Port-Channel Static
Managed Switch CLI Manual, Release 8.0 Note: This command is only applicable to physical interfaces. no lacp partner system priority Use this command to configure the default administrative value of priority associated with the Partner’s System ID. Format no lacp partner system priority Mode Interface Config port-channel static...
Page 139: Port Lacpmode
Managed Switch CLI Manual, Release 8.0 port lacpmode This command enables Link Aggregation Control Protocol (LACP) on a port. Default enabled Format port lacpmode Mode Interface Config no port lacpmode This command disables Link Aggregation Control Protocol (LACP) on a port. Format no port lacpmode Mode...
Page 140: Port Lacptimeout (Global Config)
Managed Switch CLI Manual, Release 8.0 port lacptimeout (Interface Config) This command sets the timeout on a physical interface of a particular device type (actor or partner) to either long or short timeout. Default long Format port lacptimeout {actor | partner} {long | short} Mode Interface Config no port lacptimeout...
Page 141 Managed Switch CLI Manual, Release 8.0 port-channel adminmode This command enables a port-channel (LAG). This command sets every configured port-channel with the same administrative mode setting. Format port-channel adminmode all Mode Global Config no port-channel adminmode This command disables a port-channel (LAG). This command clears every configured port- channel with the same administrative mode setting.
Page 142 Managed Switch CLI Manual, Release 8.0 hashing-mode This command sets the hashing algorithm on Trunk ports. The command is available in the interface configuration mode for a port-channel. The mode range is in the range 1-6 as follows: 1. Source MAC, VLAN, EtherType, and port ID 2.
Page 143 Managed Switch CLI Manual, Release 8.0 Load-balancing is not supported on every device. The range of options for load-balancing may vary per device. Default Format port-channel load-balance { 1 | 2 | 3 | 4 | 5 | 6 } {<unit/slot/ port>...
Page 144: Port-Channel Name
Managed Switch CLI Manual, Release 8.0 port-channel name This command defines a name for the port-channel (LAG). The interface is a logical unit/slot/port for a configured port-channel, and <name> is an alphanumeric string up to 15 characters. Format port-channel name {<logical unit/slot/port> | all | <name>} Mode Global Config port-channel system priority...
Page 145: Show Lacp Partner
Managed Switch CLI Manual, Release 8.0 Parameter Description Admin Key The administrative value of the Key. Port Priority The priority value assigned to the Aggregation Port. Admin State The administrative values of the actor state as transmitted by the Actor in LACPDUs. show lacp partner Use this command to display LACP partner attributes.
Page 146: Show Port-Channel
Managed Switch CLI Manual, Release 8.0 For each port-channel the following information is displayed: Term Definition Logical The unit/slot/port of the logical interface. Interface Port-channel The name of port-channel (LAG) interface. Name Link-State Shows whether the link is up or down. Trap Flag Shows whether trap flags are enabled or disabled.
Page 147: Show Port-Channel System Priority
Managed Switch CLI Manual, Release 8.0 show port-channel This command displays an overview of all port-channels (LAGs) on the switch. Format show port-channel {<logical unit/slot/port> | all} Mode • Privileged EXEC • User EXEC Term Definition Logical Valid unit, slot, and port number separated by forward slashes. Interface Port-Channel The name of this port-channel (LAG).
Page 148: Port Mirroring
Managed Switch CLI Manual, Release 8.0 Port Mirroring Port mirroring, which is also known as port monitoring, selects network traffic that you can analyze with a network analyzer, such as a SwitchProbe device or other Remote Monitoring (RMON) probe. monitor session This command configures a probe port and a monitored port for monitor session (port monitoring).
Page 149: No Monitor
Managed Switch CLI Manual, Release 8.0 Format no monitor session <session-id> [{source interface <unit/slot/port> | destination interface <unit/slot/port> | mode}] Mode Global Config no monitor This command removes all the source ports and a destination port for the and restores the default value for mirroring session mode for all the configured sessions.
Page 150: Static Mac Filtering
Managed Switch CLI Manual, Release 8.0 Term Definition Admin Mode Indicates whether the Port Mirroring feature is enabled or disabled for the session identified with <session-id>. The possible values are Enabled and Disabled. Probe Port Probe port (destination port) for the session identified with <session-id>. If probe port is not set then this field is blank.
Page 151 Managed Switch CLI Manual, Release 8.0 • Multicast MAC and source ports and destination ports (max=20) Format macfilter <macaddr> <vlanid> Mode Global Config no macfilter This command removes all filtering restrictions and the static MAC filter entry for the MAC address <macaddr>...
Page 152 Managed Switch CLI Manual, Release 8.0 no macfilter adddest This command removes a port from the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6- byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
Page 153 Managed Switch CLI Manual, Release 8.0 macfilter addsrc This command adds the interface to the source filter set for the MAC filter with the MAC address of <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
Page 154: Show Mac-Address-Table Static
Managed Switch CLI Manual, Release 8.0 The <vlanid> parameter must identify a valid VLAN. Format no macfilter addsrc all <macaddr> <vlanid> Mode Global Config show mac-address-table static This command displays the Static MAC Filtering information for all Static MAC Filters. If you select <all>, all the Static MAC Filters in the system are displayed.
Page 155: Dhcp Snooping Configuration Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Mac Address A unicast MAC address for which the switch has forwarding and or filtering information. As the data is gleaned from the MFDB, the address will be a multicast address. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
Page 156: Ip Dhcp Snooping Verify Mac-Address
Managed Switch CLI Manual, Release 8.0 Default disabled Format ip dhcp snooping vlan <vlan-list> Mode Global Config no ip dhcp snooping vlan Use this command to disable DHCP Snooping on VLANs. Format no ip dhcp snooping vlan <vlan-list> Mode Global Config ip dhcp snooping verify mac-address Use this command to enable verification of the source MAC address with the client hardware address in the received DCHP message.
Page 157: Ip Dhcp Snooping Database Write-Delay
Managed Switch CLI Manual, Release 8.0 Default local Format ip dhcp snooping database {local|tftp://hostIP/filename} Mode Global Config ip dhcp snooping database write-delay Use this command to configure the interval in seconds at which the DHCP Snooping database will be persisted. The interval value ranges from 15 to 86400 seconds. Default 300 seconds Format...
Page 158: Ip Verify Binding
Managed Switch CLI Manual, Release 8.0 Format no ip dhcp snooping binding <mac-address> Mode Global Config ip verify binding Use this command to configure static IP source guard (IPSG) entries. Format ip verify binding <mac-address> vlan <vlan id> <ip address> interface <interface id>...
Page 159: Ip Dhcp Snooping Log-Invalid
Managed Switch CLI Manual, Release 8.0 Format no ip dhcp snooping limit Mode Interface Config ip dhcp snooping log-invalid Use this command to control the logging DHCP messages filtration by the DHCP Snooping application. Default disabled Format ip dhcp snooping log-invalid Mode Interface Config no ip dhcp snooping log-invalid...
Page 160: Ip Verify Source
Managed Switch CLI Manual, Release 8.0 Format no ip dhcp snooping trust Mode Interface Config ip verify source Use this command to configure the IPSG source ID attribute to filter the data traffic in the hardware. Source ID is the combination of IP address and MAC address. Normal command allows data traffic filtration based on the IP address.
Page 161: Show Ip Dhcp Snooping Binding
Managed Switch CLI Manual, Release 8.0 Term Definition Interface The interface for which data is displayed. Trusted If it is enabled, DHCP snooping considers the port as trusted. The factory default is disabled. Log Invalid Pkts If it is enabled, DHCP snooping application logs invalid packets on the specified interface.
Page 162: Show Ip Dhcp Snooping Database
Managed Switch CLI Manual, Release 8.0 Term Definition MAC Address Displays the MAC address for the binding that was added. The MAC address is the key to the binding database. IP Address Displays the valid IP address for the binding rule. VLAN The VLAN for the binding rule.
Page 163: Show Ip Dhcp Snooping Statistics
Managed Switch CLI Manual, Release 8.0 agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ip dhcp snooping statistics Use this command to list statistics for DHCP Snooping security violations on untrusted ports. Format show ip dhcp snooping statistics Mode • Privileged EXEC •...
Page 164: Clear Ip Dhcp Snooping Binding
Managed Switch CLI Manual, Release 8.0 1/0/14 1/0/15 1/0/16 1/0/17 1/0/18 1/0/19 1/0/20 clear ip dhcp snooping binding Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific interface. Format clear ip dhcp snooping binding [interface <unit/slot/port>] Mode •...
Page 165: Show Ip Source Binding
Managed Switch CLI Manual, Release 8.0 Term Definition Filter Type Is one of two values: • ip-mac: User has configured MAC address filtering on this interface. • ip: Only IP address filtering on this interface. IP Address IP address of the interface MAC Address If MAC address filtering is not configured on the interface, the MAC Address field is empty.
Page 166: Dynamic Arp Inspection Commands
Managed Switch CLI Manual, Release 8.0 Example: The following shows example CLI display output for the command. (switch) #show ip source binding MAC Address IP Address Type Vlan Interface ----------------- --------------- ------------- ----- ------------- 00:00:00:00:00:08 1.2.3.4 dhcp-snooping 1/0/1 00:00:00:00:00:09 1.2.3.4 dhcp-snooping 1/0/1 00:00:00:00:00:0A...
Page 167: Ip Arp Inspection Validate
Managed Switch CLI Manual, Release 8.0 Format no ip arp inspection vlan vlan-list Mode Global Config ip arp inspection validate Use this command to enable additional validation checks like source-mac validation, destination- mac validation, and ip address validation on the received ARP packets. Each command overrides the configuration of the previous command.
Page 168: Ip Arp Inspection Trust
Managed Switch CLI Manual, Release 8.0 no ip arp inspection vlan logging Use this command to disable logging of invalid ARP packets on a list of comma-separated VLAN ranges. Format no ip arp inspection vlan vlan-list logging Mode Global Config ip arp inspection trust Use this command to configure an interface as trusted for Dynamic ARP Inspection.
Page 169: Ip Arp Inspection Filter
Managed Switch CLI Manual, Release 8.0 Default 15 pps for rate and 1 second for burst-interval Format ip arp inspection limit {rate pps [burst interval seconds] | none} Mode Interface Config no ip arp inspection limit Use this command to set the rate limit and burst interval values for an interface to the default values of 15 pps and 1 second, respectively.
Page 170: Arp Access-List
Managed Switch CLI Manual, Release 8.0 arp access-list Use this command to create an ARP ACL. Format arp access-list acl-name Mode Global Config no arp access-list Use this command to delete a configured ARP ACL. Format no arp access-list acl-name Mode Global Config permit ip host mac host...
Page 171: Show Ip Arp Inspection
Managed Switch CLI Manual, Release 8.0 show ip arp inspection Use this command to display the Dynamic ARP Inspection global configuration and configuration on all the VLANs. With the vlan-list argument (i.e. comma separated VLAN ranges), the command displays the global configuration and configuration on all the VLANs in the given VLAN list.
Page 172: Show Ip Arp Inspection Statistics
Managed Switch CLI Manual, Release 8.0 show ip arp inspection statistics Use this command to display the statitstics of the ARP packets processed by Dynamic ARP Inspection. Give the vlan-list argument and the command displays the statistics on all DAI-enabled VLANs in that list.
Page 173: Clear Ip Arp Inspection Statistics
Managed Switch CLI Manual, Release 8.0 clear ip arp inspection statistics Use this command to reset the statistics for Dynamic ARP Inspection on all VLANs. Default none Format clear ip arp inspection statistics Mode Privileged EXEC show ip arp inspection interfaces Use this command to display the Dynamic ARP Inspection configuration on all the DAI-enabled interfaces.
Page 174: Igmp Snooping Configuration Commands
Managed Switch CLI Manual, Release 8.0 Untrusted show arp access-list Use this command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument will display on ly the rules in that ARP ACL. Format show arp access-list [acl-name] Mode...
Page 175 Managed Switch CLI Manual, Release 8.0 If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of a port-channel (LAG), IGMP Snooping functionality is disabled on that interface. IGMP Snooping functionality is re-enabled if you disable routing or remove port-channel (LAG) membership from an interface that has IGMP Snooping enabled.
Page 176: Set Igmp Interfacemode
Managed Switch CLI Manual, Release 8.0 set igmp interfacemode This command enables IGMP Snooping on all interfaces. If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of a port-channel (LAG), IGMP Snooping functionality is disabled on that interface.
Page 177: Set Igmp Groupmembership-Interval
Managed Switch CLI Manual, Release 8.0 no set igmp fast-leave This command disables IGMP Snooping fast-leave admin mode on a selected interface. Format no set igmp fast-leave Mode Interface Config Format no set igmp fast-leave <vlan_id> Mode VLAN Config set igmp groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN, one interface or all interfaces.
Page 178: Set Igmp Maxresponse
Managed Switch CLI Manual, Release 8.0 set igmp maxresponse This command sets the IGMP Maximum Response time for the system, or on a particular interface or VLAN. The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface.
Page 179: Set Igmp Mrouter
Managed Switch CLI Manual, Release 8.0 Format set igmp mcrtrexpiretime <0-3600> Mode • Global Config • Interface Config Format set igmp mcrtrexpiretime <vlan_id> <0-3600> Mode VLAN Config no set igmp mcrtrexpiretime This command sets the Multicast Router Present Expiration time to 0. The time is set for the system, on a particular interface or a VLAN.
Page 180: Set Igmp Mrouter Interface
Managed Switch CLI Manual, Release 8.0 set igmp mrouter interface This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Default disabled Format set igmp mrouter interface...
Page 181: Show Igmpsnooping
Managed Switch CLI Manual, Release 8.0 show igmpsnooping This command displays IGMP Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled. Format show igmpsnooping [<unit/slot/port> | <vlan_id>] Mode Privileged EXEC When the optional arguments <unit/slot/port> or <vlan_id> are not used, the command displays the following information: Term Definition...
Page 182: Show Igmpsnooping Mrouter Interface
Managed Switch CLI Manual, Release 8.0 When you specify a value for <vlan_id>, the following information appears: Term Definition VLAN ID The VLAN ID. IGMP Snooping Indicates whether IGMP Snooping is active on the VLAN. Admin Mode Fast Leave Indicates whether IGMP Snooping Fast-leave is active on the VLAN. Mode Group The amount of time in seconds that a switch will wait for a report from a particular group...
Page 183: Igmp Snooping Querier Commands
Managed Switch CLI Manual, Release 8.0 Format show igmpsnooping mrouter vlan <unit/slot/port> Mode Privileged EXEC Term Definition Interface The port on which multicast router information is being displayed. VLAN ID The list of VLANs of which the interface is a member. show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the MFDB table.
Page 184: Set Igmp Querier
Managed Switch CLI Manual, Release 8.0 This section describes commands used to configure and display information on IGMP Snooping Queriers on the network and, separately, on VLANs. set igmp querier Use this command to enable IGMP Snooping Querier on the system, using Global Config mode, or on a VLAN.
Page 185: Set Igmp Querier Query-Interval
Managed Switch CLI Manual, Release 8.0 set igmp querier query-interval Use this command to set the IGMP Querier Query Interval time. It is the amount of time in seconds that the switch waits before sending another general query. Default disabled Format set igmp querier query-interval <1-18000>...
Page 186: Set Igmp Querier Version
Managed Switch CLI Manual, Release 8.0 set igmp querier version Use this command to set the IGMP version of the query that the snooping switch is going to send periodically. Default Format set igmp querier version <1-2> Mode Global Config no set igmp querier version Use this command to set the IGMP Querier version to its default value.
Page 187: Show Igmpsnooping Querier
Managed Switch CLI Manual, Release 8.0 show igmpsnooping querier Use this command to display IGMP Snooping Querier information. Configured information is displayed whether or not IGMP Snooping Querier is enabled. Format show igmpsnooping querier [{detail | vlan <vlanid>}] Mode Privileged EXEC When the optional argument <vlanid>...
Page 188 Managed Switch CLI Manual, Release 8.0 Field Description Last Querier Indicates the IP address of the most recent Querier from which a Query was received. Address Last Querier Indicates the IGMP version of the most recent Querier from which a Query was received Version on this VLAN.
Page 189: Port Security Commands
Managed Switch CLI Manual, Release 8.0 Format no set mld maxresponse Mode • Global Config • Interface Config Default Format set mld mcrtexpiretime <0-3600> Mode • Global Config • Interface Config Format no set mld mcrtexpiretime Mode • Global Config •...
Page 190: Port-Security Max-Dynamic
Managed Switch CLI Manual, Release 8.0 port-security This command enables port locking at the system level (Global Config) or port level (Interface Config) Default disabled Format port-security Mode • Global Config • Interface Config no port-security This command disables port locking for one (Interface Config) or all (Global Config) ports. Format no port-security Mode...
Page 191: Port-Security Max-Static
Managed Switch CLI Manual, Release 8.0 port-security max-static This command sets the maximum number of statically locked MAC addresses allowed on a port. Default Format port-security max-static <maxvalue> Mode Interface Config no port-security max-static This command sets maximum number of statically locked MAC addresses to the default value. Format no port-security max-static Mode...
Page 192: Port-Security Mac-Address Move
Managed Switch CLI Manual, Release 8.0 port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses. Format port-security mac-address move Mode Interface Config show port-security This command displays the port-security settings. If you do not use a parameter, the command displays the settings for the entire system.
Page 193: Lldp (802.1Ab) Commands
Managed Switch CLI Manual, Release 8.0 Term Definition MAC Address MAC Address of dynamically locked MAC. show port-security static This command displays the statically locked MAC addresses for port. Format show port-security static <unit/slot/port> Mode Privileged EXEC Term Definition MAC Address MAC Address of statically locked MAC.
Page 194 Managed Switch CLI Manual, Release 8.0 lldp transmit Use this command to enable the LLDP advertise capability. Default enabled Format lldp transmit Mode Interface Config no lldp transmit Use this command to return the local data transmission capability to the default. Format no lldp transmit Mode...
Page 195: Lldp Transmit-Tlv
Managed Switch CLI Manual, Release 8.0 multiplier on the transmit interval that sets the TTL in local data LLDPDUs. The multiplier range is 2-10. The <reinit-seconds> is the delay before re-initialization, and the range is 1-0 seconds. Default • interval—30 seconds •...
Page 196: Lldp Transmit-Mgmt
Managed Switch CLI Manual, Release 8.0 no lldp transmit-tlv Use this command to remove an optional TLV from the LLDPDUs. Use the command without parameters to remove all optional TLVs from the LLDPDU. Format no lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] Mode Interface Config lldp transmit-mgmt...
Page 197: Lldp Notification-Interval
Managed Switch CLI Manual, Release 8.0 no lldp notification Use this command to disable notifications. Default disabled Format no lldp notification Mode Interface Config lldp notification-interval Use this command to configure how frequently the system sends remote data change notifications. The <interval>...
Page 198: Clear Lldp Remote-Data
Managed Switch CLI Manual, Release 8.0 clear lldp remote-data Use this command to delete all information from the LLDP remote data table, including MED- related information. Format clear lldp remote-data Mode Global Config show lldp Use this command to display a summary of the current LLDP configuration. Format show lldp Mode...
Page 199: Show Lldp Statistics
Managed Switch CLI Manual, Release 8.0 Term Definition Transmit Shows whether the interface transmits LLDPDUs. Receive Shows whether the interface receives LLDPDUs. Notify Shows whether the interface sends remote data change notifications. TLVs Shows whether the interface sends optional TLVs in the LLDPDUs. The TLV codes can be 0 (Port Description), 1 (System Name), 2 (System Description), or 3 (System Capability).
Page 200: Show Lldp Remote-Device
Managed Switch CLI Manual, Release 8.0 Term Definition Errors The number of invalid LLDP frames received on the port. Ageouts Total number of times a complete remote data entry was deleted for the port because the Time to Live interval expired. TLV Discards The number of TLVs discarded.
Page 201 Managed Switch CLI Manual, Release 8.0 (switch) #show lldp remote-device all LLDP Remote Device Summary Local Interface RemID Chassis ID Port ID System Name ------- ------- -------------------- ------------------ ------------------ 00:FC:E3:90:01:0F 00:FC:E3:90:01:11 00:FC:E3:90:01:0F 00:FC:E3:90:01:12 00:FC:E3:90:01:0F 00:FC:E3:90:01:13 00:FC:E3:90:01:0F 00:FC:E3:90:01:14 00:FC:E3:90:01:0F 00:FC:E3:90:03:11 00:FC:E3:90:01:0F 00:FC:E3:90:04:11 0/10 0/11...
Page 202 Managed Switch CLI Manual, Release 8.0 Term Definition Port ID The port number that transmitted the LLDPDU. System Name The system name of the remote device. System Describes the remote system by identifying the system name and versions of hardware, Description operating system, and networking software supported in the device.
Page 203: Show Lldp Local-Device
Managed Switch CLI Manual, Release 8.0 show lldp local-device Use this command to display summary information about the advertised LLDP local data. This command can display summary information or detail for each interface. Format show lldp local-device {<unit/slot/port> | all} Mode Privileged EXEC Term...
Page 204: Lldp-Med Commands
Managed Switch CLI Manual, Release 8.0 Term Definition System Shows which of the supported system capabilities are enabled. Capabilities Enabled Management The type of address and the specific address the local LLDP agent uses to send and Address receive information. LLDP-MED Commands Link Layer Discovery Protocol - Media Endpoint Discovery (LLDP-MED) (ANSI-TIA-1057) provides an extension to the LLDP standard.
Page 205: Lldp Med Confignotification
Managed Switch CLI Manual, Release 8.0 lldp med confignotification Use this command to configure all the ports to send the topology change notification. Default enabled Format lldp med confignotification Mode Interface Config no ldp med confignotification Use this command to disable notifications. Format no lldp med confignotification Mode...
Page 206: Lldp Med All
Managed Switch CLI Manual, Release 8.0 no lldp med transmit-tlv Use this command to remove a TLV. Format no lldp med transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] Mode Interface Config lldp med all Use this command to configure LLDP-MED on all the ports Format lldp med all Mode...
Page 207: Lldp Med Faststartrepeatcount
Managed Switch CLI Manual, Release 8.0 lldp med faststartrepeatcount Use this command to set the value of the fast start repeat count. [count] is the number of LLDP PDUs that will be transmitted when the product is enabled. The range is 1 to 10. Default Format lldp med faststartrepeatcount [count]...
Page 208: Show Lldp Med
Managed Switch CLI Manual, Release 8.0 no lldp med transmit-tlv Use this command to remove a TLV. Format no lldp med transmit-tlv all [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] Mode Global Config show lldp med Use this command to display a summary of the current LLDP MED configuration. Format show lldp med Mode...
Page 209: Show Lldp Med Interface
Managed Switch CLI Manual, Release 8.0 show lldp med interface Use this command to display a summary of the current LLDP MED configuration for a specific interface. <unit/slot/port> indicates a specific physical interface. all indicates all valid LLDP interfaces. Format show lldp med interface {<unit/slot/port>...
Page 210: Show Lldp Med Local-Device Detail
Managed Switch CLI Manual, Release 8.0 TLV Codes: 0- Capabilities, 1- Network Policy 2- Location, 3- Extended PSE 4- Extended Pd, 5- Inventory --More-- or (q)uit (Switch) #show lldp med interface 1/0/2 Interface Link configMED operMED ConfigNotify TLVsTx --------- ------ --------- -------- ------------ ----------- 1/0/2...
Page 211 Managed Switch CLI Manual, Release 8.0 Example: The following shows example CLI display output for the command. (Switch) #show lldp med local-device detail 1/0/8 LLDP MED Local Device Detail Interface: 1/0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False...
Page 212: Show Lldp Med Remote-Device
Managed Switch CLI Manual, Release 8.0 Source: local Priority: low show lldp med remote-device This command displays summary information about remote devices that transmit current LLDP MED data to the system. You can show information about LLDP remote data received on all ports or on a specific port.
Page 213: Show Lldp Med Remote-Device Detail
Managed Switch CLI Manual, Release 8.0 show lldp med remote-device detail Use this command to display detailed information about remote devices that transmit current LLDP MED data to an interface on the system. Format show lldp med remote-device detail <unit/slot/port> Mode Privileged EXEC Term...
Page 214 Managed Switch CLI Manual, Release 8.0 Term Definition Sub Type Shows the type of location information. Location Shows the location information as a string for a given type of location id Information Device Type Shows the remote device’s PoE device type connected to this port. Available Shows the romote port’s PSE power value in tenths of a watt.
Page 215: Denial Of Service Commands
Managed Switch CLI Manual, Release 8.0 Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts...
Page 216: Dos-Control All
Managed Switch CLI Manual, Release 8.0 dos-control all This command enables Denial of Service protection checks globally. Default disabled Format dos-control all Mode Global Config no dos-control all This command disables Denial of Service prevention checks globally. Format no dos-control all Mode Global Config dos-control sipdip...
Page 217: Dos-Control Firstfrag
Managed Switch CLI Manual, Release 8.0 dos-control firstfrag This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller then the configured value, the packets will be dropped if the mode is enabled.The default is disabled.
Page 218: Dos-Control Tcpflag
Managed Switch CLI Manual, Release 8.0 dos-control tcpflag This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attacks. If packets ingress having TCP Flag SYN set and a source port less than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN, URG, and PSH set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will be dropped if the mode is enabled.
Page 219: Dos-Control Icmp
Managed Switch CLI Manual, Release 8.0 no dos-control l4port This command disables L4 Port Denial of Service protections. Format no dos-control l4port Mode Global Config dos-control icmp This command enables Maximum ICMP Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack.
Page 220 Managed Switch CLI Manual, Release 8.0 no dos-control smacdmac This command disables Source MAC address = Destination MAC address (SMAC=DMAC) Denial of Service protection. This command is only available on FSM72xxRS switches. Format no dos-control smacdmac Mode Global Config dos-control tcpport This command enables TCP L4 source = destination port number (Source TCP Port =Destination TCP Port) Denial of Service protection.
Page 221: Dos-Control Tcpflagseq
Managed Switch CLI Manual, Release 8.0 Default disabled Format dos-control udppport Mode Global Config no dos-control udpport This command disables UDP L4 source = destination port number (Source UDP Port =Destination UDP Port) Denial of Service protection. This command is only available on FSM72xxRS switches.
Page 222: Dos-Control Tcpoffset
Managed Switch CLI Manual, Release 8.0 dos-control tcpoffset This command enables TCP Offset Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP Header Offset equal to one (1), the packets will be dropped if the mode is enabled.
Page 223: Dos-Control Tcpsynfin
Managed Switch CLI Manual, Release 8.0 Format no dos-control tcpsyn Mode Global Config dos-control tcpsynfin This command enables TCP SYN and FIN Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP flags SYN and FIN set, the packets will be dropped if the mode is enabled.
Page 224: Dos-Control Icmpv
Managed Switch CLI Manual, Release 8.0 Format dos-control tcpfinurgpsh Mode Global Config no dos-control tcpfinurgpsh This command sets disables TCP FIN and URG and PSH and SEQ=0 checking Denial of Service protections. This command is only available on FSM72xxRS switches. dos-control icmpv4 Format no dos-control tcpfinurgpsh...
Page 225 Managed Switch CLI Manual, Release 8.0 dos-control icmpv6 This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv6 Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
Page 226: Show Dos-Control
Managed Switch CLI Manual, Release 8.0 Format no dos-control icmpfrag Mode Global Config show dos-control This command displays Denial of Service configuration information. Format show dos-control Mode Privileged EXEC Note: Not all messages below are available in all 7000series managed switches. Term Definition First Fragment...
Page 227: Mac Database Commands
Managed Switch CLI Manual, Release 8.0 Term Definition TCP FIN&URG& May be enabled or disabled. The factory default is disabled. PSH Mode TCP Flag & May be enabled or disabled. The factory default is disabled. Sequence Mode TCP SYN Mode May be enabled or disabled.
Page 228: Show Forwardingdb Agetime
Managed Switch CLI Manual, Release 8.0 show forwardingdb agetime This command displays the timeout for address aging. Default Format show forwardingdb agetime Mode Privileged EXEC Term Definition Address Aging • This parameter displays the address aging timeout for the associated forwarding Timeout database.
Page 229: Isdp Commands
Managed Switch CLI Manual, Release 8.0 show mac-address-table stats This command displays the Multicast Forwarding Database (MFDB) statistics. Format show mac-address-table stats Mode Privileged EXEC Term Definition Max MFDB The total number of entries that can possibly be in the Multicast Forwarding Database Table Entries table.
Page 230: Isdp Holdtime
Managed Switch CLI Manual, Release 8.0 isdp holdtime This command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Default 180 seconds Format...
Page 231: Isdp Enable
Managed Switch CLI Manual, Release 8.0 isdp enable This command enables ISDP on the interface. Default Enabled Format isdp enable Mode Interface Config no isdp enable This command disables ISDP on the interface. Format no isdp enable Mode Interface Config clear isdp counters This command clears ISDP counters.
Page 232: Show Isdp Interface
Managed Switch CLI Manual, Release 8.0 Term Definition Timer The frequency with which this device sends ISDP packets. This value is given in seconds. Hold Time The length of time the receiving device should save information sent by this device. This value is given in seconds.
Page 233: Show Isdp Entry
Managed Switch CLI Manual, Release 8.0 show isdp entry This command displays ISDP entries. If the device id is specified, then only entries for that device are shown. Format show isdp entry {all | deviceid} Mode Privileged EXEC Term Definition Device ID The device ID associated with the neighbor which advertised the information.
Page 234: Show Isdp Traffic
Managed Switch CLI Manual, Release 8.0 Term Definition Port ID The port ID of the interface from which the neighbor sent the advertisement. Hold Time The hold time advertised by the neighbor. Advertisement The version of the advertisement packet received from the neighbor. Version Entry Last Displays when the entry was last modified.
Page 235: Debug Isdp Packet
Managed Switch CLI Manual, Release 8.0 Term Definition ISDPv2 Packets Total number of ISDPv2 packets transmitted Transmitted ISDP Bad Header Number of packets received with a bad header ISDP Checksum Error Number of packets received with a checksum error ISDP Transmission Failure Number of packets which failed to transmit ISDP Invalid Format Number of invalid packets received...
Page 236: Routing Commands
Chapter 4 Routing Commands This chapter describes the routing commands available in the 7000 series CLI. The Routing Commands chapter contains the following sections: • “Address Resolution Protocol (ARP) Commands” on page 4-1 • “IP Routing Commands” on page 4-8 •...
Page 237: Ip Proxy-Arp
Managed Switch CLI Manual, Release 8.0 This command creates an ARP entry. The value for <ipaddress> is the IP address of a device on a subnet attached to an existing routing interface. <macaddr> is a unicast MAC address for that device. The format of the MAC address is 6 two-digit hexadecimal numbers that are separated by colons, for example 00:06:29:32:81:40.
Page 238: Arp Cachesize
Managed Switch CLI Manual, Release 8.0 no ip proxy-arp This command disables proxy ARP on a router interface. Format no ip proxy-arp Mode Interface Config arp cachesize This command configures the ARP cache size. The ARP cache size value is a platform specific integer value.
Page 239: Arp Purge
Managed Switch CLI Manual, Release 8.0 arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command. Format arp purge <ipaddr> Mode Privileged EXEC arp resptime This command configures the ARP request response timeout.
Page 240: Arp Timeout
Managed Switch CLI Manual, Release 8.0 no arp retries This command configures the default ARP count of maximum request for retries. Format no arp retries Mode Global Config arp timeout This command configures the ARP entry ageout time. The value for <seconds> is a valid positive integer, which represents the IP ARP entry ageout time in seconds.
Page 241: Clear Arp-Switch
Managed Switch CLI Manual, Release 8.0 clear arp-switch Use this command to clear the contents of the switch’s Address Resolution Protocol (ARP) table that contains entries learned through the Management port. To observe whether this command is successful, ping from the remote system to the DUT. Issue the show arp switch command to see the ARP entries.
Page 242: Show Arp Brief
Managed Switch CLI Manual, Release 8.0 Term Definition MAC Address The hardware MAC address of that device. Interface The routing unit/slot/port associated with the device ARP entry. Type The type that is configurable. The possible values are Local, Gateway, Dynamic and Static.
Page 243: Ip Routing Commands
Managed Switch CLI Manual, Release 8.0 Term Definition IP Address The IP address of a device on a subnet attached to the switch. MAC Address The hardware MAC address of that device. Interface The routing unit/slot/port associated with the device’s ARP entry. IP Routing Commands This section describes the commands you use to enable and configure IP routing on the switch.
Page 244: Ip Address
Managed Switch CLI Manual, Release 8.0 no ip routing This command disables the IP Router Admin Mode for the master switch. Format no ip routing Mode Global Config ip address This command configures an IP address on an interface. You can also use this command to configure one or more secondary IP addresses on the interface.The value for <ipaddr>...
Page 245: Ip Route Default
Managed Switch CLI Manual, Release 8.0 entered into the forwarding database. By specifying the preference of a static route, you control whether a static route is more or less preferred than routes from dynamic routing protocols. The preference also controls whether a static route is more or less preferred than other static routes to the same destination.
Page 246: Ip Route Distance
Managed Switch CLI Manual, Release 8.0 no ip route default This command deletes all configured default routes. If the optional <nexthopip> parameter is designated, the specific next hop is deleted from the configured default route and if the optional preference value is designated, the preference of the configured default route is reset to its default. Format no ip route default [{<nexthopip>...
Page 247: Ip Mtu
Managed Switch CLI Manual, Release 8.0 Format ip netdirbcast Mode Interface Config no ip netdirbcast This command disables the forwarding of network-directed broadcasts. When disabled, network directed broadcasts are dropped. Format no ip netdirbcast Mode Interface Config ip mtu This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation.
Page 248: Clear Ip Route All
Managed Switch CLI Manual, Release 8.0 no ip mtu This command resets the ip mtu to the default value. Format no ip mtu <mtu> Mode Interface Config encapsulation This command configures the link layer encapsulation type for the packet. The encapsulation type can be ethernet or snap.
Page 249: Show Ip Interface
Managed Switch CLI Manual, Release 8.0 Format show ip brief Modes • Privileged EXEC • User EXEC Term Definition Default Time to Live The computed TTL (Time to Live) of forwarding a packet from the local router to the final destination. Routing Mode Shows whether the routing mode is enabled or disabled.
Page 250 Managed Switch CLI Manual, Release 8.0 Term Definition Routing Determine the operational status of IPv4 routing Interface. The possible values are Up or Interface Status Down. Primary IP The primary IP address and subnet masks for the interface. This value appears only if you Address configure it.
Page 251: Show Ip Interface Brief
Managed Switch CLI Manual, Release 8.0 Routing Mode........Disable Administrative Mode......Enable Forward Net Directed Broadcasts....Disable Proxy ARP........Enable Local Proxy ARP........ Disable Active State........Inactive Link Speed Data Rate......Inactive MAC Address........00:10:18:82:0C:68 Encapsulation Type......Ethernet IP MTU......... 1500 Bandwidth........
Page 252 Managed Switch CLI Manual, Release 8.0 prefixes keyword, the <ip-address> and <mask> pair becomes the prefix, and the command displays the routes to the addresses that match that prefix. Use the <protocol> parameter to specify the protocol that installed the routes. The value for <protocol> can be connected, ospf, rip, or static.
Page 253: Show Ip Route Summary
Managed Switch CLI Manual, Release 8.0 To administratively control the traffic destined to a particular network and prevent it from being forwarded through the router, you can configure a static reject route on the router. Such traffic would be discarded and the ICMP destination unreachable message is sent back to the source. This is typically used for preventing routing loops.
Page 254: Show Ip Route Preferences
Managed Switch CLI Manual, Release 8.0 Term Definition Reject Routes Total number of reject routes installed by all protocols. Total Routes Total number of routes in the routing table. The following shows example CLI display output for the command. (Switch) #show ip route summary Connected Routes......1 Static Routes.........7 RIP Routes........0...
Page 255: Router Discovery Protocol Commands
Managed Switch CLI Manual, Release 8.0 show ip stats This command displays IP statistical information. Refer to RFC 1213 for more information about the fields that are displayed. Format show ip stats Modes • Privileged EXEC • User EXEC Router Discovery Protocol Commands This section describes the commands you use to view and configure Router Discovery Protocol settings on the switch.
Page 256: Ip Irdp Address
Managed Switch CLI Manual, Release 8.0 ip irdp address This command configures the address that the interface uses to send the router discovery advertisements. The valid values for <ipaddr> are 224.0.0.1, which is the all-hosts IP multicast address, and 255.255.255.255, which is the limited broadcast address. Default 224.0.0.1 Format...
Page 257: Ip Irdp Maxadvertinterval
Managed Switch CLI Manual, Release 8.0 ip irdp maxadvertinterval This command configures the maximum time, in seconds, allowed between sending router advertisements from the interface. The range for maxadvertinterval is 4 to 1800 seconds. Default Format ip irdp maxadvertinterval <4-1800> Mode Interface Config no ip irdp maxadvertinterval...
Page 258: Ip Irdp Preference
Managed Switch CLI Manual, Release 8.0 ip irdp preference This command configures the preferability of the address as a default router address, relative to other router addresses on the same subnet. Default Format ip irdp preference <-2147483648 to 2147483647> Mode Interface Config no ip irdp preference This command configures the default preferability of the address as a default router address,...
Page 259: Virtual Lan Routing Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Preference The preference of the address as a default router address, relative to other router addresses on the same subnet. Virtual LAN Routing Commands This section describes the commands you use to view and configure VLAN routing and to view VLAN routing status information.
Page 260: Dhcp And Bootp Relay Commands
Managed Switch CLI Manual, Release 8.0 Term Definition VLAN ID The identifier of the VLAN. Logical Interface The logical unit/slot/port associated with the VLAN routing interface. IP Address The IP address associated with this VLAN. Subnet Mask The subnet mask that is associated with this VLAN. DHCP and BOOTP Relay Commands This section describes the commands you use to configure BootP/DHCP Relay on the switch.
Page 261: Bootpdhcprelay Minwaittime
Managed Switch CLI Manual, Release 8.0 no bootpdhcprelay maxhopcount This command configures the default maximum allowable relay agent hops for BootP/DHCP Relay on the system. Format no bootpdhcprelay maxhopcount Mode Global Config bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP/DHCP Relay on the system.
Page 262: Ip Helper Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Maximum Hop The maximum allowable relay agent hops. Count Minimum Wait The minimum wait time. Time (Seconds) Admin Mode Indicates whether relaying of requests is enabled or disabled. Server IP The IP address for the BootP/DHCP Relay server. Address Circuit Id Option The DHCP circuit Id option which may be enabled or disabled.
Page 263: Ip Helper-Address
Managed Switch CLI Manual, Release 8.0 Ip-address: Destination broadcast or host address to be used when forwarding UDP broadcasts. You can specify 0.0.0.0 to indicate not to forward the UDP packet to any host and use "255.255.255.255" to broadcast the UDP packets to all hosts on the target subnet. udp-port-list: The broadcast packet destination UDP port number to forward.
Page 264: Ip Helper-Address Discard
Managed Switch CLI Manual, Release 8.0 no ip helper-address Use this command to remove the IP address from the previously configured list. The no command without an < > argument removes the entire list of helper addresses on that interface. ip-address Format no ip helper-address {<ip-address>}...
Page 265: Icmp Throttling Commands
Managed Switch CLI Manual, Release 8.0 (switch) #show ip helper-address 1/0/1 Helper IP Address......1.2.3.4 ..........1.2.3.5 ICMP Throttling Commands This section describes the commands you use to configure options for the transmission of various types of ICMP messages. ip unreachables Use this command to enable the generation of ICMP Destination Unreachable messages.
Page 266: Ip Icmp Echo-Reply
Managed Switch CLI Manual, Release 8.0 no ip redirects Use this command to prevent the generation of ICMP Redirect messages by the router. Format no ip redirects Mode • Global Config • Interface Config ip icmp echo-reply Use this command to enable the generation of ICMP Echo Reply messages by the router. By default, the generation of ICMP Echo Reply messages is enabled.
Page 267 Managed Switch CLI Manual, Release 8.0 Default • burst-interval of 1000 msec. • burst-size of 100 messages Format ip icmp error-interval <burst-interval> [<burst-size>] Mode Global Config no ip icmp error-interval Use the no form of the command to return burst-interval and burst-size to their default values. Format no ip icmp error-interval Mode...
Page 268: Quality Of Service (Qos) Commands
Chapter 5 Quality of Service (QoS) Commands This chapter describes the Quality of Service (QoS) commands available in the managed switch CLI. The QoS Commands chapter contains the following sections: • “Class of Service (CoS) Commands” on page 5-2 • “Differentiated Services (DiffServ) Commands”...
Page 269: Class Of Service (Cos) Commands
Managed Switch CLI Manual, Release 8.0 Class of Service (CoS) Commands This section describes the commands you use to configure and view Class of Service (CoS) settings for the switch. The commands in this section allow you to control the priority and transmission rate of traffic.
Page 270: Classofservice Trust
Managed Switch CLI Manual, Release 8.0 The <trafficclass> values can range from 0-6, although the actual number of available traffic classes depends on the platform. Format classofservice ip-dscp-mapping <ipdscp> <trafficclass> Mode Global Config no classofservice ip-dscp-mapping This command maps each IP DSCP value to its default internal traffic class value. Format no classofservice ip-dscp-mapping Mode...
Page 271: Cos-Queue Min-Bandwidth
Managed Switch CLI Manual, Release 8.0 cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue. The total number of queues supported per interface is platform specific. A value from 0-100 (percentage of link rate) must be specified for each supported queue, with 0 indicating no guaranteed minimum bandwidth.
Page 272: Show Classofservice Dot1P-Mapping
Managed Switch CLI Manual, Release 8.0 traffic-shape This command specifies the maximum transmission bandwidth limit for the interface as a whole. Also known as rate shaping, traffic shaping has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded. Format traffic-shape <bw>...
Page 273: Show Classofservice Ip-Precedence-Mapping
Managed Switch CLI Manual, Release 8.0 show classofservice ip-precedence-mapping This command displays the current IP Precedence mapping to internal traffic classes for a specific interface. The unit/slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the IP Precedence mapping table of the interface is displayed.
Page 274: Show Classofservice Trust
Managed Switch CLI Manual, Release 8.0 show classofservice trust This command displays the current trust mode setting for a specific interface. The <unit/slot/ port> parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If you specify an interface, the command displays the port trust mode of the interface.
Page 275: Differentiated Services (Diffserv) Commands
Managed Switch CLI Manual, Release 8.0 If you specify the interface, the command also displays the following information. Term Definition Interface The unit/slot/port of the interface. If displaying the global configuration, this output line is replaced with a Global Config indication. Interface The maximum transmission bandwidth limit for the interface as a whole.
Page 276 Managed Switch CLI Manual, Release 8.0 A given class definition can contain a maximum of one reference to another class. You can combine the reference with other match criteria. The referenced class is truly a reference and not a copy since additions to a referenced class affect all classes that reference it. Changes to any class definition currently referenced by any other class must result in valid class definitions for all derived classes, otherwise the switch rejects the change.
Page 277: Diffserv Class Commands
Managed Switch CLI Manual, Release 8.0 DiffServ Class Commands Use the DiffServ class commands to define traffic classification. To classify traffic, you specify Behavior Aggregate (BA), based on DSCP and Multi-Field (MF) classes of traffic (name, match criteria) This set of commands consists of class creation/deletion and matching, with the class match commands specifying Layer 3, Layer 2, and general match criteria.
Page 278: Class-Map Rename
Managed Switch CLI Manual, Release 8.0 Note: The CLI mode is changed to Class-Map Config or Ipv6-Class-Map Config when this command is successfully executed depending on the [{ipv4 | ipv6}] keyword specified. Format class-map match-all <class-map-name> [{ipv4 | ipv6}] Mode Global Config no class-map This command eliminates an existing DiffServ class.
Page 279: Match Ethertype
Managed Switch CLI Manual, Release 8.0 match ethertype This command adds to the specified class definition a match condition based on the value of the ethertype. The <ethertype> value is specified as one of the following keywords: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF.
Page 280: Match Cos
Managed Switch CLI Manual, Release 8.0 Note: • The parameters <refclassname> and <class-map-name> can not be the same. • Only one other class may be referenced by a class. • Any attempts to delete the <refclassname> class while the class is still referenced by any <class- map-name>...
Page 281: Match Ip6Flowlbl
Managed Switch CLI Manual, Release 8.0 match ip6flowlbl This command adds to the specified class definition a match condition based on the IP6flowlbl of a packet. The label is the value to match in the Flow Label field of the IPv6 header (range 0- 1048575).
Page 282: Match Dstl4Port
Managed Switch CLI Manual, Release 8.0 match dstip6 This command adds to the specified class definition a match condition based on the destination IPv6 address of a packet. Default none Format match dstip6 <destination-ipv6-prefix/prefix-length> Mode Ipv6-Class-Map Config match dstl4port This command adds to the specified class definition a match condition based on the destination layer 4 port of a packet using a single keyword or numeric notation.
Page 283: Match Ip Precedence
Managed Switch CLI Manual, Release 8.0 Default none Format match ip dscp <dscpval> Mode Class-Map Config Ipv6-Class-Map Config match ip precedence This command adds to the specified class definition a match condition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in the IP header (the low-order five bits are not checked).
Page 284: Match Protocol
Managed Switch CLI Manual, Release 8.0 Note: This “free form” version of the IP DSCP/Precedence/TOS match specification gives the user complete control when specifying which bits of the IP Service Type field are checked. Default none Format match ip tos <tosbits> <tosmask> Mode Class-Map Config match protocol...
Page 285: Match Source-Address Mac
Managed Switch CLI Manual, Release 8.0 match source-address mac This command adds to the specified class definition a match condition based on the source MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff).
Page 286: Diffserv Policy Commands
Managed Switch CLI Manual, Release 8.0 (listed below). The currently supported <portkey> values are: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number, which is used as both the start and end of a port range. To specify the match condition as a numeric value, one layer 4 port number is required.
Page 287 Managed Switch CLI Manual, Release 8.0 assign-queue This command modifies the queue id to which the associated traffic stream is assigned. The queueid is an integer from 0 to n-1, where n is the number of egress queues supported by the device.
Page 288 Managed Switch CLI Manual, Release 8.0 redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel). Note: This command is not available on the GSM7328Sv1 or GSM7352Sv1 platforms. Format redirect <unit/slot/port>...
Page 289: Mark Cos
Managed Switch CLI Manual, Release 8.0 Note: The CLI mode is changed to Policy-Class-Map Config when this command is successfully executed. Format class <classname> Mode Policy-Map Config no class This command deletes the instance of a particular class and its defined treatment from the specified policy.
Page 290: Mark Ip-Precedence
Managed Switch CLI Manual, Release 8.0 The <dscpval> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
Page 291 Managed Switch CLI Manual, Release 8.0 For set-cos-transmit an 802.1p priority value is required and is specified as an integer from 0-7. Format police-simple {<1-4294967295> <1-128> conform-action {drop | set- prec-transmit <0-7> | set-dscp-transmit <0-63> | set-cos-transmit <0-7> | transmit} [violate-action {drop | set-prec-transmit <0-7> | set-dscp-transmit <0-63>...
Page 292: Diffserv Service Commands
Managed Switch CLI Manual, Release 8.0 policy-map rename This command changes the name of a DiffServ policy. The <policyname> is the name of an existing DiffServ class. The <newpolicyname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy. Format policy-map rename <policyname>...
Page 293: Diffserv Show Commands
Managed Switch CLI Manual, Release 8.0 Format service-policy in <policymapname> Modes • Global Config • Interface Config Note: Each interface can have one policy attached. no service-policy This command detaches a policy from an interface in the inbound direction. The <policyname> parameter is the name of an existing DiffServ policy.
Page 294: Show Diffserv
Managed Switch CLI Manual, Release 8.0 If the class-name is specified the following fields are displayed: Term Definition Class Name The name of this class. Class Type A class type of ‘all’ means every match criterion defined for the class is evaluated simultaneously and must all be true to indicate a class match.
Page 295: Show Policy-Map
Managed Switch CLI Manual, Release 8.0 Term Definition DiffServ Admin mode The current value of the DiffServ administrative mode. Class Table Size The current number of entries (rows) and the maximum allowed entries (rows) in Current /Max the Class Table. Class Rule Table Size The current number of entries (rows) and the maximum allowed entries(rows) in Current /Max...
Page 296 Managed Switch CLI Manual, Release 8.0 Term Definition Committed Burst The committed burst size, used in simple policing. Size (KB) Committed Rate The committed rate, used in simple policing, (Kbps) Conform Action The current setting for the action taken on a packet considered to conform to the policing parameters.
Page 297: Show Diffserv Service
Managed Switch CLI Manual, Release 8.0 If the Policy Name is not specified this command displays a list of all defined DiffServ policies. The following fields are displayed: Definition Term Policy Name The name of this policy. (The order in which the policies are displayed is not necessarily the same order in which they were created.) Policy Type The policy type (Only inbound is supported).
Page 298: Show Policy-Map Interface
Managed Switch CLI Manual, Release 8.0 Term Definition DiffServ Admin The current setting of the DiffServ administrative mode. An attached policy is only active Mode on an interface while DiffServ is in an enabled mode. The following information is repeated for interface and direction (only those interfaces configured with an attached policy are shown): Term Definition...
Page 299: Mac Access Control List (Acl) Commands
Managed Switch CLI Manual, Release 8.0 Term Definition In Discarded A count of the packets discarded for this class instance for any reason due to DiffServ Packets treatment of the traffic class. show service-policy This command displays a summary of policy-oriented statistics information for all interfaces in the specified direction.
Page 300 Managed Switch CLI Manual, Release 8.0 mac access-list extended This command creates a MAC Access Control List (ACL) identified by <name>, consisting of classification fields defined for the Layer 2 header of an Ethernet frame. The <name> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list.
Page 301: Deny | Permit} (Mac Acl)
Managed Switch CLI Manual, Release 8.0 {deny | permit} (MAC ACL) This command creates a new rule for the current MAC access list. Each rule is appended to the list of configured rules for the list. Note: The 'no' form of this command is not supported, since the rules within a MAC ACL cannot be deleted individually.
Page 302: Mac Access-Group
Managed Switch CLI Manual, Release 8.0 The vlan and cos parameters refer to the VLAN identifier and 802.1p user priority fields, respectively, of the VLAN tag. For packets containing a double VLAN tag, this is the first (or outer) tag. The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule.
Page 303: Show Mac Access-Lists
Managed Switch CLI Manual, Release 8.0 Format mac access-group <name> [vlan <vlan-id>] [in|out] [sequence <1- 4294967295>] Modes • Global Config • Interface Config no mac access-group This command removes a MAC ACL identified by <name> from the interface in a given direction.
Page 304: Ip Access Control List (Acl) Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Redirect The unit/slot/port to which packets matching this rule are forwarded. Interface IP Access Control List (ACL) Commands This section describes the commands you use to configure IP ACL settings. IP ACLs ensure that only authorized users have access to specific resources and block any unwarranted attempts to reach network resources.
Page 305 Managed Switch CLI Manual, Release 8.0 IP Extended ACL: Format access-list <100-199> {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | <number>} <srcip> <srcmask>[{eq {<portkey> | <0-65535>} <dstip> <dstmask> [{eq {<portkey>| <0-65535>}] [precedence <precedence> | tos <tos> <tosmask> | dscp <dscp>] [log] [assign-queue <queue-id>] [{mirror | redirect} <unit/slot/port>] Mode Global Config...
Page 306 Managed Switch CLI Manual, Release 8.0 no access-list This command deletes an IP ACL that is identified by the parameter <accesslistnumber> from the system. The range for <accesslistnumber> 1-99 for standard access lists and 100- 199 for extended access lists. Format no access-list <accesslistnumber>...
Page 307 Managed Switch CLI Manual, Release 8.0 ip access-list rename This command changes the name of an IP Access Control List (ACL). The <name> parameter is the names of an existing IP ACL. The <newname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IP access list. This command fails is an IP ACL by the name <newname>...
Page 308: Ip Access-Group
Managed Switch CLI Manual, Release 8.0 keyword ‘ ’ to indicate a match on any value in that field. The remaining command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format. The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule.
Page 309: Show Ip Access-Lists
Managed Switch CLI Manual, Release 8.0 no ip access-group This command removes a specified IP ACL from an interface. Default none Format no ip access-group <accesslistnumber> [vlan <vlan-id>] in Mode • Interface Config • Global Config acl-trapflags This command enables the ACL trap mode. Default disabled Format...
Page 310: Show Access-Lists
Managed Switch CLI Manual, Release 8.0 Term Definition Rule Number The number identifier for each rule that is defined for the IP ACL. Action The action associated with each rule. The possible values are Permit or Deny. Match All Indicates whether this access list applies to every packet. Possible values are True or False.
Page 311: Ipv6 Access Control List (Acl) Commands
Managed Switch CLI Manual, Release 8.0 Term Definition ACL ID Access List name for a MAC or IPv6 access list or the numeric identifier for an IP access list. Sequence An optional sequence number may be specified to indicate the order of this access list Number relative to other access lists already assigned to this interface and direction.
Page 312: Ipv6 Access-List Rename
Managed Switch CLI Manual, Release 8.0 If an IPv6 ACL by this name already exists, this command enters IPv6-Access-List config mode to allow updating the existing IPv6 ACL. Note: The CLI mode changes to IPv6-Access-List Config mode when you successfully execute this command.
Page 313 Managed Switch CLI Manual, Release 8.0 Note: An implicit ‘deny all’ IPv6 rule always terminates the access list. A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the ‘every’ keyword or the protocol, source address, and destination address values must be specified.
Page 314: Show Ipv6 Access-Lists
Managed Switch CLI Manual, Release 8.0 This command specified in Interface Config mode only affects a single interface, whereas the Global Config mode setting is applied to all interfaces. The vlan keyword is only valid in the Global Config mode. The Interface Config mode command is only available on platforms that support independent per-port class of service queue configuration.
Page 315: Auto-Voice Over Ip Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Match All Indicates whether this access list applies to every packet. Possible values are True or False. Protocol The protocol to filter for this rule. Source IP The source IP address for this rule. Address Source L4 Port The source port for this rule.
Page 316: Show Auto-Voip
Managed Switch CLI Manual, Release 8.0 Default disabled Format auto-voip all Mode Global Config no auto-voip all Use this command to disable VoIP Profile on the interfaces of the switch. Format no auto-voip all Mode Global Config auto-voip Use this command to enable VoIP Profile on the interface. Default disabled Format...
Page 317 Managed Switch CLI Manual, Release 8.0 Field Description AutoVoIP Mode The Auto VoIP mode on the interface. Traffic Class The CoS Queue or Traffic Class to which all VoIP traffic is mapped to. This is not configurable and defaults to the highest CoS queue available in the system for data traffic. Quality of Service (QoS) Commands 5-50 v1.0, July 2009...
Page 318: Utility Commands
Chapter 6 Utility Commands This chapter describes the utility commands available in the CLI. The Utility Commands chapter includes the following sections: • “Auto Install Commands” on page 6-2 • “Dual Image Commands” on page 6-4 • “System Information and Statistics Commands” on page 6-6 •...
Page 319: Auto Install Commands
Managed Switch CLI Manual, Release 8.0 Auto Install Commands This section describes the Auto Install Commands. Auto Install is a software feature which provides for the configuration of a switch automatically when the device is initialized and no configuration file is found on the switch. The Auto Install process requires DHCP to be enabled by default in order for it to be completed.
Page 320: Boot Autoinstall Auto-Save
Managed Switch CLI Manual, Release 8.0 boot autoinstall auto-save This command is used to enable automatically saving the downloaded configuration on the switch. Default Disabled Format boot autoinstall auto-save Mode Privileged EXEC no boot autoinstall auto-save This command is used to disable automatically saving the downloaded configuration on the switch..
Page 321: Dual Image Commands
Managed Switch CLI Manual, Release 8.0 boot autoinstall retry-count This command is used to set the number of attempts to download a configuration. The valid range is from 1 to 6. Default Format boot autoinstall retry-count Mode Privileged EXEC no boot autoinstall retry-count This command is used to reset the number to the default.
Page 322: Boot System
Managed Switch CLI Manual, Release 8.0 boot system This command activates the specified image. It will be the active-image for subsequent reboots and will be loaded by the boot loader. The current active-image is marked as the backup-image for subsequent reboots. The optional <unit> parameter is valid only in Stacking, where the unit parameter identifies the node on which this command must be executed.
Page 323: System Information And Statistics Commands
Managed Switch CLI Manual, Release 8.0 update bootcode This command updates the bootcode (boot loader) on the switch. The bootcode is read from the active-image for subsequent reboots.The optional <unit> parameter is valid only on Stacks. Error will be returned, if this parameter is provided, on Standalone systems. For Stacking, the <unit>...
Page 324: Show Eventlog
Managed Switch CLI Manual, Release 8.0 show eventlog This command displays the event log, which contains error messages from the system. The event log is not cleared on a system reset. The <unit> is the switch identifier. Format show eventlog [<unit>] Mode Privileged EXEC Term...
Page 325: Show Version
Managed Switch CLI Manual, Release 8.0 show version This command displays inventory information for the switch. Note: The show version command will replace the show hardware command in future releases of the software. Format show version Mode Privileged EXEC Term Definition Switch Text used to identify the product name of this switch.
Page 326 Managed Switch CLI Manual, Release 8.0 The display parameters, when the argument is <unit/slot/port>, are as follows: Parameters Definition Packets The total number of packets (including broadcast packets and multicast packets) received Received by the processor. Without Error Packets The number of inbound packets that contained errors preventing them from being Received With deliverable to a higher-layer protocol.
Page 327: Show Interface Ethernet
Managed Switch CLI Manual, Release 8.0 Term Definition Address Entries The total number of Forwarding Database Address Table entries now active on the Currently In Use switch, including learned and static entries. VLAN Entries The number of VLAN entries presently occupying the VLAN table. Currently In Use Time Since The elapsed time, in days, hours, minutes, and seconds since the statistics for this switch...
Page 328: Show Mac-Addr-Table
Managed Switch CLI Manual, Release 8.0 Term Definition Octets The total number of octets transmitted out of the interface, including framing characters. Transmitted Packets The total number of packets transmitted out of the interface. Transmitted without Errors Unicast Packets The total number of packets that higher-level protocols requested be transmitted to a Transmitted subnetwork-unicast address, including those that were discarded or not sent.
Page 329 Managed Switch CLI Manual, Release 8.0 Enter all or no parameter to display the entire table. Enter a MAC Address and VLAN ID to display the table entry for the requested MAC address on the specified VLAN. Enter the count parameter to view summary information about the forwarding database table.
Page 330: Show Process Cpu
Managed Switch CLI Manual, Release 8.0 If you enter the interface <unit/slot/port> parameter, in addition to the MAC Address and Status fields, the following field appears: Term Definition VLAN ID The VLAN on which the MAC address was learned. The following information displays if you enter the count parameter: Term Definition Dynamic...
Page 331: Show Mbuf Total
Managed Switch CLI Manual, Release 8.0 ------ ---------- free 192980480 alloc 53409968 Task Utilization Report Task Utilization ----------------------- ----------- bcmL2X.0 0.75% bcmCNTR.0 0.20% bcmLINK.0 0.35% DHCP snoop 0.10% Dynamic ARP Inspection 0.10% dot1s_timer_task 0.10% dhcpsPingTask 0.20% show mbuf total This command shows the total system buffer pools status. Format show rmbuf total Mode...
Page 332 Managed Switch CLI Manual, Release 8.0 show running-config Use this command to display or capture the current setting of different protocol packages supported on the switch. This command displays or captures commands with settings and configurations that differ from the default value. To display or capture the commands with settings and configurations that are equal to the default value, include the [all] option.
Page 333: Show Running-Config Interface
Managed Switch CLI Manual, Release 8.0 show running-config interface This command shows the current configuration on a particular interface. The interface could be a physical port or a virtual port—like a LAG or VLAN. The output captures how the configuration differs from the factory default value.
Page 334 Managed Switch CLI Manual, Release 8.0 • show port all • show isdp neighbors • show logging • show event log • show logging buffered • show trap log Format show tech-support Mode Privileged EXEC terminal length Use this command to set the number of lines of output to be displayed on the screen, i.e. pagination, for the show running-config and show running-config all commands.
Page 335: Logging Commands
Managed Switch CLI Manual, Release 8.0 show terminal length Use this command to display the value of the user-configured terminal length size. Format show terminal length Mode Privileged EXEC Logging Commands This section describes the commands you use to configure system logging, and to view logs and the logging settings.
Page 336: Logging Cli-Command
Managed Switch CLI Manual, Release 8.0 no logging buffered wrap This command disables wrapping of in-memory logging and configures logging to stop when the log file capacity is full. Format no logging buffered wrap Mode Privileged EXEC logging cli-command This command enables the CLI command logging feature, which enables the 7000 series software to log all CLI commands issued on the system.
Page 337: Logging Host
Managed Switch CLI Manual, Release 8.0 no logging console This command disables logging to the console. Format no logging console Mode Global Config logging host This command enables logging to a host. You can configure up to eight hosts. The <ipaddr|hostname>...
Page 338: Show Logging
Managed Switch CLI Manual, Release 8.0 no logging syslog This command disables syslog logging. Format no logging syslog Mode Global Config show logging This command displays logging configuration information. Format show logging Mode Privileged EXEC Term Definition Logging Client Port on the collector/relay to which syslog messages are sent. Local Port CLI Command Shows whether CLI Command logging is enabled.
Page 339: Show Logging Hosts
Managed Switch CLI Manual, Release 8.0 Term Definition Buffered (In- Shows whether the In-Memory log is enabled or disabled. Memory) Logging Buffered The behavior of the In Memory log when faced with a log full situation. Logging Wrapping Behavior Buffered Log The count of valid entries in the buffered log.
Page 340: System Utility And Clear Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Number of Traps The number of traps since the last boot. Since Last Reset Trap Log The number of traps the system can retain. Capacity Number of Traps The number of new traps since the command was last executed. Since Log Last Viewed The log number.
Page 341 Managed Switch CLI Manual, Release 8.0 traceroute Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Traceroute continues to provide a synchronous response when initiated from the CLI. Default •...
Page 342: Traceroute Ipv6
Managed Switch CLI Manual, Release 8.0 Example: The following are examples of the CLI command. traceroute Success: (Switch) # traceroute 10.240.10.115 initTtl 1 maxTtl 4 maxFail 0 interval 1 count 3 port 33434 size 43 Traceroute to 10.240.10.115 ,4 hops max 43 byte packets: 1 10.240.4.1 708 msec 41 msec...
Page 343: Clear Config
Managed Switch CLI Manual, Release 8.0 clear config This command resets the configuration to the factory defaults without powering off the switch. When you issue this command, a prompt appears to confirm that the reset should proceed. When you enter y, you automatically reset the current configuration on the switch to the default values. It does not reset the switch.
Page 344: Clear Igmpsnooping
Managed Switch CLI Manual, Release 8.0 clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and attempts to delete these entries from the Multicast Forwarding Database. Format clear igmpsnooping Mode Privileged EXEC clear pass This command resets all user passwords to the factory defaults without powering off the switch. You are prompted to confirm that the password reset should proceed.
Page 345: Enable Password
Managed Switch CLI Manual, Release 8.0 enable password This command prompts you to change the Privileged EXEC password. Passwords are a maximum of 64 alphanumeric characters. The password is case sensitive. The option [encrypted] allows the administrator to transfer the enable password between devices without having to know the password.
Page 346 Managed Switch CLI Manual, Release 8.0 Using the options described below, you can specify the number and size of Echo Requests and the interval between Echo Requests. Parameter Description count Use the count parameter to specify the number of ping packets (ICMP Echo requests) that are sent to the destination address specified by the <ip-address>...
Page 347 Managed Switch CLI Manual, Release 8.0 1 packets transmitted,0 packets received, 100% packet loss round-trip (msec) min/avg/max = 0/0/0 quit This command closes the current telnet connection or resets the current serial connection. The system asks you whether to save configuration changes before quitting. Format quit Modes...
Page 348 Managed Switch CLI Manual, Release 8.0 copy The copy command uploads and downloads files to and from the switch. You can also use the copy command to manage the dual images (image1 and image2) on the file system. Upload and download files from a server by using TFTP or Xmodem.
Page 349 When you use this option, the copy command will not <destfilename> noval validate the downloaded script file. An example of the CLI command follows: (NETGEAR Switch CLI Routing) #copy tftp://1.1.1.1/file.scr nvram:script file.scr noval <url> nvram:sshkey-dsa Downloads an SSH key file. For more information, see “Secure Shell (SSH) Commands”...
Page 350: Simple Network Time Protocol (Sntp) Commands
Managed Switch CLI Manual, Release 8.0 Source Destination Description <url> {image1 | image2} Download an image from the remote server to either image. In a stacking environment, the downloaded image is distributed to the stack nodes. {image1 | image2} <url> Upload either image to the remote server.
Page 351: Sntp Client Mode
Managed Switch CLI Manual, Release 8.0 sntp client mode This command enables Simple Network Time Protocol (SNTP) client mode and may set the mode to either broadcast or unicast. Default disabled Format sntp client mode [broadcast | unicast] Mode Global Config no sntp client mode This command disables Simple Network Time Protocol (SNTP) client mode.
Page 352: Sntp Unicast Client Poll-Interval
Managed Switch CLI Manual, Release 8.0 sntp unicast client poll-interval This command sets the poll interval for SNTP unicast clients in seconds as a power of two where <poll-interval> can be a value from 6 to 10. Default Format sntp unicast client poll-interval <poll-interval> Mode Global Config no sntp unicast client poll-interval...
Page 353: Sntp Server
Managed Switch CLI Manual, Release 8.0 Format sntp unicast client poll-retry <poll-retry> Mode Global Config no sntp unicast client poll-retry This command will reset the poll retry for SNTP unicast clients to its default value. Format no sntp unicast client poll-retry Mode Global Config sntp server...
Page 354: Show Sntp
Managed Switch CLI Manual, Release 8.0 Zone name: A name to associate with the time zone Hours-offset: Number of hours difference with UTC Minutes-offset: Number of minutes difference with UTC no clock timezone This command sets the switch to UTC time. Format no clock timezone Mode...
Page 355: Show Sntp Server
Managed Switch CLI Manual, Release 8.0 Term Definition Client Supported Supported SNTP Modes (Broadcast, Unicast, or Multicast). Modes SNTP Version The highest SNTP version the client supports. Port SNTP Client Port. Client Mode Configured SNTP Client Mode. show sntp server This command is used to display SNTP server settings and configured servers.
Page 356: Dhcp Server Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Last Attempt Last server attempt time for the specified server. Time Last Update Last server attempt status for the server. Status Total Unicast Number of requests to the server. Requests Failed Unicast Number of failed requests from server.
Page 357: Ip Dhcp Pool
Managed Switch CLI Manual, Release 8.0 ip dhcp pool This command configures a DHCP address pool name on a DHCP server and enters DHCP pool configuration mode. Default none Format ip dhcp pool <name> Mode Global Config no ip dhcp pool This command removes the DHCP address pool.
Page 358 Managed Switch CLI Manual, Release 8.0 client-name This command specifies the name for a DHCP client. Name is a string consisting of standard ASCII characters. Default none Format client-name <name> Mode DHCP Pool Config no client-name This command removes the client name. Format no client-name Mode...
Page 359 Managed Switch CLI Manual, Release 8.0 dns-server This command specifies the IP servers available to a DHCP client. Address parameters are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Default none Format...
Page 360 Managed Switch CLI Manual, Release 8.0 host This command specifies the IP address and network mask for a manual binding to a DHCP client. Address and Mask are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255.
Page 361: Network (Dhcp Pool Config)
Managed Switch CLI Manual, Release 8.0 network (DHCP Pool Config) Use this command to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255.
Page 362 Managed Switch CLI Manual, Release 8.0 domain-name This command specifies the domain name for a DHCP client. The <domain> specifies the domain name string of the client. Default none Format domain-name <domain> Mode DHCP Pool Config no domain-name This command removes the domain name. Format no domain-name Mode...
Page 363 Managed Switch CLI Manual, Release 8.0 netbios-node-type The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol (DHCP) clients.type Specifies the NetBIOS node type. Valid types are: • b-node—Broadcast • p-node—Peer-to-peer • m-node—Mixed • h-node—Hybrid (recommended) Default none Format netbios-node-type <type>...
Page 364: Ip Dhcp Excluded-Address
Managed Switch CLI Manual, Release 8.0 option The option command configures DHCP Server options. The <code> parameter specifies the DHCP option code and ranges from 1-254. The <ascii string> parameter specifies an NVT ASCII character string. ASCII character strings that contain white space must be delimited by quotation marks.
Page 365: Ip Dhcp Ping Packets
Managed Switch CLI Manual, Release 8.0 no ip dhcp excluded-address This command removes the excluded IP addresses for a DHCP client. Low-address and high- address are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
Page 366: Ip Dhcp Bootp Automatic
Managed Switch CLI Manual, Release 8.0 no service dhcp This command disables the DHCP server. Format no service dhcp Mode Global Config ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp client. The addresses are from the automatic address pool.
Page 367: Clear Ip Dhcp Binding
Managed Switch CLI Manual, Release 8.0 no ip dhcp conflict logging This command disables conflict logging on DHCP server. Format no ip dhcp conflict logging Mode Global Config clear ip dhcp binding This command deletes an automatic address binding from the DHCP server database. If “*” is specified, the bindings corresponding to all the addresses are deleted.
Page 368: Show Ip Dhcp Binding
Managed Switch CLI Manual, Release 8.0 show ip dhcp binding This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed. Format show ip dhcp binding [<address>] Modes •...
Page 369: Show Ip Dhcp Pool Configuration
Managed Switch CLI Manual, Release 8.0 show ip dhcp pool configuration This command displays pool configuration. If all is specified, configuration for all the pools is displayed. Format show ip dhcp pool configuration {<name> | all} Modes • Privileged EXEC •...
Page 370: Show Ip Dhcp Server Statistics
Managed Switch CLI Manual, Release 8.0 show ip dhcp server statistics This command displays DHCP server statistics. Format show ip dhcp server statistics Modes • Privileged EXEC • User EXEC Field Definition Automatic The number of IP addresses that have been automatically mapped to the MAC addresses Bindings of hosts that are found in the DHCP database.
Page 371: Dns Client Commands
Managed Switch CLI Manual, Release 8.0 show ip dhcp conflict This command displays address conflicts logged by the DHCP Server. If no IP address is specified, all the conflicting addresses are displayed. Format show ip dhcp conflict [<ip-address>] Modes • Privileged EXEC •...
Page 372: Ip Domain Name
Managed Switch CLI Manual, Release 8.0 ip domain name Use this command to define a default domain name that the software uses to complete unqualified host names (names with a domain name). By default, no default domain name is configured in the system.
Page 373: Ip Name Server
Managed Switch CLI Manual, Release 8.0 no ip domain list Use this command to delete a name from a list. Format no ip domain list <name> Mode Global Config ip name server Use this command to configure the available name servers. Up to eight servers can be defined in one command or by using multiple commands.
Page 374: Ipv6 Host
Managed Switch CLI Manual, Release 8.0 no ip host Use this command to remove the name-to-address mapping. Format no ip host <name> Mode Global Config ipv6 host Use this command to define static host name-to-IPv6 address mapping in the host cache. <name> is host name.
Page 375: Ip Domain Timeout
Managed Switch CLI Manual, Release 8.0 no ip domain retry Use this command to return to the default. Format no ip domain retry <number> Mode Global Config ip domain timeout Use this command to specify the amount of time to wait for a response to a DNS query. The parameter <seconds>...
Page 376: Show Hosts
Managed Switch CLI Manual, Release 8.0 show hosts Use this command to display the default domain name, a list of name server hosts, the static and the cached list of host names and addresses <ame> ranges from 1-255 characters. This command displays both IPv4 and IPv6 entries.
Page 377: Packet Capture Commands
Managed Switch CLI Manual, Release 8.0 www.stanford.edu 171.64.14.203 Packet Capture Commands Packet capture commands assist in troubleshooting protocol-related problems with the management CPU. The packets to and from the management CPU can be captured in an internally allocated buffer area for export to a PC host for protocol analysis. Public domain packet analysis tools like Ethereal can be used to decode and review the packets in detail.
Page 378: Capture Wrap
Managed Switch CLI Manual, Release 8.0 no capture receive packet This command disables the capturing of receive packets. Format no capture receive packet Mode Global Config capture all packets This command enables the capturing of receive packets. Format capture all packet Mode Global Config no capture all packets...
Page 379: Serviceability Packet Tracing Commands
Managed Switch CLI Manual, Release 8.0 Mode Global Config Default Enabled Serviceability Packet Tracing Commands These commands improve the capability of network engineers to diagnose conditions affecting their managed switch product. Caution! The output of “debug” commands can be long and may adversely affect system performance.
Page 380: Debug Clear
Managed Switch CLI Manual, Release 8.0 no debug auto-voip Use this command to disable Auto VOIP debug messages. Format no debug auto-voip Mode Privileged EXEC debug clear This command disables all previously enabled “debug” traces. Default disabled Format debug clear Mode Privileged EXEC debug console...
Page 381: Debug Dot1X Packet
Managed Switch CLI Manual, Release 8.0 debug dot1x packet Use this command to enable dot1x packet debug trace. Default disabled Format debug dot1x Mode Privileged EXEC no debug dot1x packet Use this command to disable dot1x packet debug trace. Format no debug dot1x Mode Privileged EXEC...
Page 382: Debug Igmpsnooping Packet Transmit
Managed Switch CLI Manual, Release 8.0 debug igmpsnooping packet transmit This command enables tracing of IGMP Snooping packets transmitted by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
Page 383: Debug Igmpsnooping Packet Receive
Managed Switch CLI Manual, Release 8.0 no debug igmpsnooping transmit This command disables tracing of transmitted IGMP snooping packets. Format no debug igmpsnooping transmit Mode Privileged EXEC debug igmpsnooping packet receive This command enables tracing of IGMP Snooping packets received by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
Page 384: Debug Ip Acl
Managed Switch CLI Manual, Release 8.0 Parameter Definition Group Multicast group address in the IGMP header. no debug igmpsnooping receive This command disables tracing of received IGMP Snooping packets. Format no debug igmpsnooping receive Mode Privileged EXEC debug ip acl Use this command to enable debug of IP Protocol packets matching the ACL criteria.
Page 385: Debug Ip Igmp Packet
Managed Switch CLI Manual, Release 8.0 no debug ip dvmrp packet Use this command to disable debug tracing of DVMRP packet reception and transmission. Format no debug ip dvmrp packet [receive|transmit] Mode Privileged EXEC debug ip igmp packet Use this command to trace IGMP packet reception and transmission. receive traces only received IGMP packets and transmit traces only transmitted IGMP packets.
Page 386: Debug Ip Pimdm Packet
Managed Switch CLI Manual, Release 8.0 Format debug ip mcache packet [receive|transmit] Mode Privileged EXEC no debug ip mcache packet Use this command to disable debug tracing of MDATA packet reception and transmission. Format no debug ip mcache packet [receive|transmit] Mode Privileged EXEC debug ip pimdm packet...
Page 387: Debug Ip Pimsm Packet
Managed Switch CLI Manual, Release 8.0 debug ip pimsm packet Use this command to trace PIMSM packet reception and transmission. receive traces only received PIMSM packets and transmit traces only transmitted PIMSM packets. When neither keyword is used in the command, then all PIMSM packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Page 388: Debug Ipv6 Mcache Packet
Managed Switch CLI Manual, Release 8.0 debug ipv6 mcache packet Use this command for tracing MDATAv6 packet reception and transmission. receive traces only received data packets and transmit traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Page 389: Debug Ipv6 Pimdm Packet
Managed Switch CLI Manual, Release 8.0 Format no debug ipv6 mld packet [receive|transmit] Mode Privileged EXEC debug ipv6 pimdm packet Use this command to trace PIMDMv6 packet reception and transmission. receive traces only received PIMDMv6 packets and transmit traces only transmitted PIMDMv6 packets. When neither keyword is used in the command, then all PIMDMv6 packet traces are dumped.
Page 390: Debug Lacp Packet
Managed Switch CLI Manual, Release 8.0 Format no debug ipv6 pimsm packet [receive|transmit] Mode Privileged EXEC debug lacp packet This command enables tracing of LACP packets received and transmitted by the switch. Default disabled Format debug lacp packet Mode Privileged EXEC A sample output of the trace message is shown below.
Page 391: Debug Ospf Packet
Managed Switch CLI Manual, Release 8.0 no debug mldsnooping packet Use this command to disable debug tracing of MLD snooping packet reception and transmission. debug ospf packet This command enables tracing of OSPF packets received and transmitted by the switch. Default disabled Format...
Page 392 Managed Switch CLI Manual, Release 8.0 Parameter Definition Intf The interface that the packet came in or went out on. Format used is unit/slot/port (internal interface number). SrcIp The source IP address in the IP header of the packet. DestIp The destination IP address in the IP header of the packet.
Page 393: Debug Ospfv3 Packet
Managed Switch CLI Manual, Release 8.0 LS_UPD packet field definitions. Field Definition Length Length of packet LS_ACK packet field definitions. Field Definition Length Length of packet no debug ospf packet This command disables tracing of OSPF packets. Format no debug ospf packet Mode Privileged EXEC debug ospfv3 packet...
Page 394: Debug Ping Packet
Managed Switch CLI Manual, Release 8.0 debug ping packet This command enables tracing of ICMP echo requests and responses. The command traces pings on the network port/ serviceport for switching packages. For routing packages, pings are traced on the routing ports as well. Default disabled Format...
Page 395: Debug Rip Packet
Managed Switch CLI Manual, Release 8.0 debug rip packet This command turns on tracing of RIP requests and responses. This command takes no options. The output is directed to the log file. Default disabled Format debug rip packet Mode Privileged EXEC A sample output of the trace message is shown below.
Page 396: Debug Sflow Packet
Managed Switch CLI Manual, Release 8.0 no debug rip packet This command disables tracing of RIP requests and responses. Format no debug rip packet Mode Privileged EXEC debug sflow packet Use this command to enable sFlow debug packet trace. Default disabled Format debug sflow packet...
Page 397: Debug Spanning-Tree Bpdu Receive
Managed Switch CLI Manual, Release 8.0 no debug spanning-tree bpdu This command disables tracing of spanning tree BPDUs. Format no debug spanning-tree bpdu Mode Privileged EXEC debug spanning-tree bpdu receive This command enables tracing of spanning tree BPDUs received by the switch. Spanning tree should be enabled on the device and on the interface in order to monitor packets for a particular interface.
Page 398: Debug Spanning-Tree Bpdu Transmit
Managed Switch CLI Manual, Release 8.0 no debug spanning-tree bpdu receive This command disables tracing of received spanning tree BPDUs. Format no debug spanning-tree bpdu receive Mode Privileged EXEC debug spanning-tree bpdu transmit This command enables tracing of spanning tree BPDUs transmitted by the switch. Spanning tree should be enabled on the device and on the interface in order to monitor packets on a particular interface.
Page 399: Cable Test Command
Managed Switch CLI Manual, Release 8.0 no debug spanning-tree bpdu transmit This command disables tracing of transmitted spanning tree BPDUs. Format no debug spanning-tree bpdu transmit Mode Privileged EXEC Cable Test Command The cable test feature enables you to determine the cable connection status on a selected port. Note: The cable test feature is supported only for copper cable.
Page 400: Sflow Commands
Managed Switch CLI Manual, Release 8.0 Field Description Cable Length If this feature is supported by the PHY for the current link speed, the cable length is displayed as a range between the shortest estimated length and the longest estimated length.
Page 401: Sflow Sampler
Managed Switch CLI Manual, Release 8.0 Field Description Receiver IP The sFlow receiver IP address. If set to 0.0.0.0, no sFlow datagrams will be sent. The default is 0.0.0.0. Receiver Port The destination Layer4 UDP port for sFlow datagrams. The range is 1-65535. The default is 6343.
Page 402: Sflow Poller
Managed Switch CLI Manual, Release 8.0 no sflow sampler Use this command to reset the sFlow sampler instance to the default settings. Format no sflow sampler {<rcvr-indx> | rate <sampling-rate> | maxheadersize <size>} Mode Interface Config sflow poller A data source configured to collect counter samples is called a poller. Use this command to enable a new sFlow poller instance for this data source if <rcvr_idx>...
Page 403: Show Sflow Agent
Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: • MIB Version: ‘1.3’, the version of this MIB. • Organization: Netgear. • Revision: 1.0 IP Address The IP address associated with this agent.
Page 404: Show Sflow Receivers
Managed Switch CLI Manual, Release 8.0 Field Description Poller Interval The number of seconds between successive samples of the counters associated with this data source. show sflow receivers Use this command to display configuration information related to the sFlow receivers. Format show sflow receivers [<index>] Mode...
Page 405: Show Sflow Samplers
Managed Switch CLI Manual, Release 8.0 show sflow samplers Use this command to display the sFlow sampling instances created on the switch. Format show sflow samplers Mode Privileged EXEC Field Description Sampler Data The sFlowDataSource (slot/port) for this sFlow sampler. This agent will support Physical Source ports only.
Page 406: Management Commands
Chapter 7 Management Commands This chapter describes the management commands available in the managed switch CLI. The Management Commands chapter contains the following sections: • “Configuring the Switch Management CPU” on page 7-2. • “Console Port Access Commands” on page 7-8.
Page 407: Configuring The Switch Management Cpu
To manage the switch via the web GUI or telnet, an IP address needs to be assigned to the switch management CPU. Whereas there are CLI commands that can be used to do this, ezconfig simplifies the task. The tool is applicable to all NETGEAR 7000-series managed switches, and allows you to configure the following parameters: 1.
Page 408 Managed Switch CLI Manual, Release 8.0 The following is an example of an ezconfig session. NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you thru assigning the IP address for the switch management CPU. It will allow you to save the changes at the end. After the session, simply use the newly assigned IP address to access the Web GUI using any public domain Web browser.
Page 409: Network Interface Commands
Managed Switch CLI Manual, Release 8.0 There are changes detected, do you wish to save the changes permanently (Y/N)? The configuration changes have been saved succesfully. Please enter 'show running-config' to see the final configuration. Thanks for using EzConfig! Network Interface Commands This section describes the commands you use to configure a logical interface for management access.
Page 410: Network Protocol
Managed Switch CLI Manual, Release 8.0 network protocol This command specifies the network configuration protocol to be used. If you modify this value, change is effective immediately. If you use the bootp parameter, the switch periodically sends requests to a BootP server until a response is received. If you use the dhcp parameter, the switch periodically sends requests to a DHCP server until a response is received.
Page 411: Network Javamode
Managed Switch CLI Manual, Release 8.0 no network mac-type This command resets the value of MAC address to its default. Format no network mac-type Mode Privileged EXEC network javamode This command specifies whether or not the switch should allow access to the Java applet in the header frame of the Web interface.
Page 412 Locally Administered address. The factory default is to use the burned in MAC address. The following shows example CLI display output for the network port. (Netgear Switch) #show network Interface Status....... Always Up IP Address........10.250.3.1 Subnet Mask........
Page 413: Console Port Access Commands
Managed Switch CLI Manual, Release 8.0 Management VLAN ID......1 Web Mode........Enable Java Mode........Enable Console Port Access Commands This section describes the commands you use to configure the console port. You can use a serial cable to connect a management host directly to the console port of the switch. configuration This command gives you access to the Global Config mode.
Page 414: Serial Timeout
Managed Switch CLI Manual, Release 8.0 no serial baudrate This command sets the communication rate of the terminal interface. Format no serial baudrate Mode Line Config serial timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely.
Page 415: Enable Authentication
Managed Switch CLI Manual, Release 8.0 enable authentication To specify authentication method list when the user accesses a higher privilege level in remote telnet or console, use the command in line configuration mode.. enable authentication Format enable authentication {default | list-name} Mode Line Config no enable authentication...
Page 416: Telnet Commands
Managed Switch CLI Manual, Release 8.0 Telnet Commands This section describes the commands you use to configure and view Telnet settings. You can use Telnet to manage the device from a remote management host. ip telnet server enable Use this command to enable Telnet connections to the system and to enable the Telnet Server Admin Mode.
Page 417: Transport Input Telnet
Managed Switch CLI Manual, Release 8.0 transport input telnet This command regulates new Telnet sessions. If enabled, new Telnet sessions can be established until there are no more sessions available. An established session remains active until the session is ended or an abnormal network error ends the session. Note: If the Telnet Server Admin Mode is disabled, Telnet sessions cannot be established.
Page 418 Managed Switch CLI Manual, Release 8.0 no transport output telnet Use this command to prevent new outbound Telnet connection from being established. Format no transport output telnet Mode Line Config session-limit This command specifies the maximum number of simultaneous outbound Telnet sessions. A value of 0 indicates that no outbound Telnet session can be established.
Page 419: Telnetcon Maxsessions
Managed Switch CLI Manual, Release 8.0 no session-timeout This command sets the Telnet session timeout value to the default. The timeout value unit of time is minutes. Format no session-timeout Mode Line Config telnetcon maxsessions This command specifies the maximum number of Telnet connection sessions that can be established.
Page 420: Show Telnet
Managed Switch CLI Manual, Release 8.0 no telnetcon timeout This command sets the Telnet connection session timeout value to the default. Note: Changing the timeout value for active sessions does not become effective until the session is reaccessed. Also, any keystroke activates the new timeout duration. Format no telnetcon timeout Mode...
Page 421: Secure Shell (Ssh) Commands
Managed Switch CLI Manual, Release 8.0 show telnetcon This command displays the current inbound Telnet settings. In other words, these settings apply to Telnet connections initiated from a remote system to the switch. Format show telnetcon Modes • Privileged EXEC •...
Page 422: Ip Ssh Protocol
Managed Switch CLI Manual, Release 8.0 Format ip ssh Mode Privileged EXEC ip ssh protocol This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set. Default 1 and 2 Format...
Page 423: Sshcon Timeout
Managed Switch CLI Manual, Release 8.0 no sshcon maxsessions This command sets the maximum number of allowed SSH connection sessions to the default value. Format no sshcon maxsessions Mode Privileged EXEC sshcon timeout This command sets the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set.
Page 424: Management Security Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Administrative This field indicates whether the administrative mode of SSH is enabled or disabled. Mode Protocol Level The protocol level may have the values of version 1, version 2 or both versions 1 and version 2.
Page 425: Hypertext Transfer Protocol (Http) Commands
Managed Switch CLI Manual, Release 8.0 crypto key generate rsa Use this command to generate an RSA key pair for SSH. The new key files will overwrite any existing generated or downloaded RSA key files. Format crypto key generate rsa Mode Global Config no crypto key generate rsa...
Page 426: Ip Http Server
Managed Switch CLI Manual, Release 8.0 ip http server This command enables access to the switch through the Web interface. When access is enabled, the user can login to the switch from the Web interface. When access is disabled, the user cannot login to the switch's Web server.
Page 427: Ip Http Java
Managed Switch CLI Manual, Release 8.0 ip http java This command enables the Web Java mode. The Java mode applies to both secure and un-secure Web connections. Default Enabled Format ip http java Mode Privileged EXEC no ip http java This command disables the Web Java mode.
Page 428: Ip Http Authentication
Managed Switch CLI Manual, Release 8.0 ip http authentication This command specifies the authentication methods for http server users. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 429: Ip Http Session Soft-Timeout
Managed Switch CLI Manual, Release 8.0 no ip http session maxsessions This command restores the number of allowable un-secure HTTP sessions to the default value. Format no ip http session maxsessions Mode Privileged EXEC ip http session soft-timeout This command configures the soft timeout for un-secure HTTP sessions in minutes. Configuring this value to zero will give an infinite soft-timeout.
Page 430: Ip Http Secure-Session Soft-Timeout
Managed Switch CLI Manual, Release 8.0 no ip http secure-session maxsessions This command restores the number of allowable secure HTTP sessions to the default value. Format no ip http secure-session maxsessions Mode Privileged EXEC ip http secure-session soft-timeout This command configures the soft timeout for secure HTTP sessions in minutes. Configuring this value to zero will give an infinite soft-timeout.
Page 431: Ip Https Authentication
Managed Switch CLI Manual, Release 8.0 no ip http secure-session hard-timeout This command resets the hard timeout for secure HTTP sessions to the default value. Format no ip http secure-session hard-timeout Mode Privileged EXEC ip https authentication This command specifies the authentication methods for http server users. The additional methods of authentication are used only if the previous method returns an error, not if it fails.
Page 432: Show Ip Http
Managed Switch CLI Manual, Release 8.0 Format ip http secure-port <portid> Mode Privileged EXEC no ip http secure-port This command is used to reset the SSL port to the default value. Format no ip http secure-port Mode Privileged EXEC ip http secure-protocol This command is used to set protocol levels (versions).
Page 433: Access Commands
Managed Switch CLI Manual, Release 8.0 Term Definition Secure Protocol Level(s) The protocol level may have the values of SSL3, TSL1, or both SSL3 and TSL1. Maximum Allowable HTTPS The number of allowable secure http sessions. Sessions HTTPS Session Hard Timeout The hard timeout for secure http sessions in hours.
Page 434: User Account Commands
Managed Switch CLI Manual, Release 8.0 Term Definition User Name The name the user entered to log on to the system. Connection IP address of the remote client machine or EIA-232 for the serial port connection. From Idle Time Time this session has been idle. Session Time Total time this session has been connected.
Page 435: Username Nopassword
Managed Switch CLI Manual, Release 8.0 no usermane This command removes a user account. Format no username <username> Mode Global Config Note: You cannot delete the “admin” user account. username nopassword This command removes the password from a user. Format username <name>...
Page 436: Username Snmpv3 Authentication
Managed Switch CLI Manual, Release 8.0 Format username snmpv3 accessmode <username> {readonly | readwrite} Mode Global Config no username snmpv3 accessmode This command sets the snmpv3 access privileges for the specified user as readwrite for the “admin” user and readonly for all other users. The <username> value is the user name for which the specified access mode will apply.
Page 437: Username Snmpv3 Encryption
Managed Switch CLI Manual, Release 8.0 username snmpv3 encryption This command specifies the encryption protocol used for the specified user. The valid encryption protocols are des or none. If you select des, you can specify the required key on the command line. The encryption key must be 8 to 64 characters long.
Page 438: Show Users Accounts
Managed Switch CLI Manual, Release 8.0 Term Definition Access Mode Shows whether the user is able to change parameters on the switch (Read/Write) or is only able to view them (Read Only). As a factory default, the “admin” user has Read/Write access and the “guest”...
Page 439: Show Users Login-History
Managed Switch CLI Manual, Release 8.0 Term Definition User Name The full name of the user. show users login-history This command is used to display the users who have logged in previously. Format show users login-history [{user name}] Mode Privileged EXEC Term Definition Login Time...
Page 440: Passwords History
Managed Switch CLI Manual, Release 8.0 passwords history Use this command to set the number of previous passwords that shall be stored for each user account. When a local user changes his or her password, the user will not be able to reuse any password stored in password history.
Page 441: Passwords Lock-Out
Managed Switch CLI Manual, Release 8.0 passwords lock-out Use this command to strengthen the security of the switch by locking user accounts that have failed login due to wrong passwords. When a lockout count is configured, a user that is logged in must enter the correct password within that count.
Page 442 Managed Switch CLI Manual, Release 8.0 aaa authentication login This command is used to set authentication at login. The default and optional list names that you create with the command are used with the aaa authentication login login command. Create a list by entering the authentication aaa authentication login command for a particular protocol, where...
Page 443 Managed Switch CLI Manual, Release 8.0 no aaa authenticaton login This command is used to remove authentication at login. . Format no aaa authentication login {default | list-name} Mode Global Config aaa authenticaton enable This command is used to set authentication when the user access higher privilege level, use the command in global configuration mode.
Page 444: Aaa Authentication Dot1X
Managed Switch CLI Manual, Release 8.0 Keyword Description line Uses the line password for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. Uses username "$enabx$."where x is the privilege level. tacacs Uses the list of all TACACS servers for authentication. Uses username "$enabx$." where x is the privilege level.
Page 445: Snmp Commands
Managed Switch CLI Manual, Release 8.0 method1 [method2…] At least one from the following table: Keyword Description local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. no aaa authentication dot1x This command is used to remove the authentication at login.
Page 446: Snmp-Server Community
Managed Switch CLI Manual, Release 8.0 snmp-server This command sets the name and the physical location of the switch, and the organization responsible for the network. The range for <name>, <loc> and <con> is from 1 to 31 alphanumeric characters. Default none Format...
Page 447: Snmp-Server Community Ipaddr
Managed Switch CLI Manual, Release 8.0 snmp-server community ipaddr This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device.
Page 448: Snmp-Server Community Mode
Managed Switch CLI Manual, Release 8.0 no snmp-server community ipmask This command sets a client IP mask for an SNMP community to 0.0.0.0. The name is the applicable community name. The community name may be up to 16 alphanumeric characters. Format no snmp-server community ipmask <name>...
Page 449: Snmp-Server Community Rw
Managed Switch CLI Manual, Release 8.0 snmp-server community rw This command restricts access to switch information. The access mode is read/write (also called private). Format snmp-server community rw <name> Mode Global Config snmp-server enable traps violation This command enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port.
Page 450: Snmp-Server Enable Traps Linkmode
Managed Switch CLI Manual, Release 8.0 no snmp-server enable traps This command disables the Authentication Flag. Format no snmp-server enable traps Mode Global Config snmp-server enable traps linkmode Note: This command may not be available on all platforms. This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled.
Page 451: Snmp-Server Enable Traps Stpmode
The SNMP trap address can be set using both an IPv4 address format as well as an IPv6 global address format. The following shows an example of the CLI command. (Netgear Switch)# snmptrap mytrap ip6addr 3099::2 Management Commands 7-46...
Page 452: Snmptrap Snmpversion
Managed Switch CLI Manual, Release 8.0 Note: The <name> parameter does not need to be unique, however; the <name> and <ipaddr> pair must be unique. Multiple entries can exist with the same <name>, as long as they are associated with a different <ipaddr>. The reverse scenario is also acceptable.
Page 453: Snmptrap Ipaddr
Managed Switch CLI Manual, Release 8.0 snmptrap ipaddr This command assigns an IP address to a specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters. Note: IP addresses in the SNMP trap receiver table must be unique. If you make multiple entries using the same IP address, the first entry is retained and processed.
Page 454: Snmp Trap Link-Status All
Managed Switch CLI Manual, Release 8.0 Format snmp trap link-status Mode Interface Config no snmp trap link-status This command disables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. Format no snmp trap link-status Mode Interface Config snmp trap link-status all...
Page 455: Show Snmpcommunity
Managed Switch CLI Manual, Release 8.0 show snmpcommunity This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. The switch does not have to be reset for changes to take effect. The SNMP agent of the switch complies with SNMP Versions 1, 2 or 3. For more information about the SNMP specification, see the SNMP RFCs.
Page 456: Show Trapflags
The IPv6 address to receive SNMP traps from this device. SNMP Version SNMPv2 Status The receiver's status (enabled or disabled). The following shows an example of the CLI command. (Netgear Switch)#show snmptrap Community Name IpAddress IPv6 Address Snmp Version Mode Mytrap 0.0.0.0...
Page 457: Radius Commands
Managed Switch CLI Manual, Release 8.0 Term Definition DVMRP Traps Can be enabled or disabled. The factory default is disabled. Indicates whether DVMRP traps are sent. OSPFv2 Traps Can be enabled or disabled. The factory default is disabled. Indicates whether OSPF traps are sent.
Page 458: Radius Accounting Mode
Managed Switch CLI Manual, Release 8.0 radius accounting mode This command is used to enable the RADIUS accounting function. Default disabled Format radius accounting mode Mode Global Config no radius accounting mode This command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting function is disabled.
Page 459: Radius Server Host
Managed Switch CLI Manual, Release 8.0 Format no radius server attribute <4> [<ipaddr>] Mode Global Config The following shows an example of the command. (Switch) (Config) #radius server attribute 4 192.168.37.60 (Switch) (Config) #radius server attribute 4 radius server host This command configures the IP address or DNS name to use for communicating with the RADIUS server of a selected server type.
Page 460 Managed Switch CLI Manual, Release 8.0 when connecting to the RADIUS accounting server. If a <port> is already configured for the accounting server, the new <port> replaces the previously configured <port>. The <port> must be a value in the range 0 - 65535, with 1813 being the default. Note: To re-configure a RADIUS accounting server to use the default UDP <port>, set the <port>...
Page 461: Radius Server Key
Managed Switch CLI Manual, Release 8.0 (Switch) (Config) #radius server host auth 192.168.37.60 name Network1_RADIUS_Auth_Server port 1813 (Switch) (Config) #radius server host acct 192.168.37.60 name Network2_RADIUS_Auth_Server (Switch) (Config) #no radius server host acct 192.168.37.60 radius server key This command configures the key to be used in RADIUS client communication with the specified server.
Page 462: Radius Server Msgauth
Managed Switch CLI Manual, Release 8.0 radius server msgauth This command enables the message authenticator attribute to be used for the specified RADIUS Authenticating server. Format radius server msgauth <ipaddr|dnsname> Mode Global Config Field Description ip addr The IP address of the server. dnsname The DNS name of the server.
Page 463: Radius Server Retransmit
Managed Switch CLI Manual, Release 8.0 Field Description ip addr The IP address of the RADIUS Authenticating server. dnsname The DNS name of the server. radius server retransmit This command configures the global parameter for the RADIUS client that specifies the number of transmissions of the messages to be made before attempting the fall back server upon unsuccessful communication with the current RADIUS authenticating server.
Page 464: Show Radius
Managed Switch CLI Manual, Release 8.0 Default Format radius server timeout <seconds> Mode Global Config Field Description retries Maximum number of transmission attempts in the range <1-30>. no radius server timeout The no version of this command sets the timeout global parameter to the default value. Format no radius server timeout Mode...
Page 465: Show Radius Servers
Managed Switch CLI Manual, Release 8.0 Term Definition Number of Retransmits The configured value of the maximum number of times a request packet is retransmitted. Time Duration The configured timeout value, in seconds, for request re-transmissions. RADIUS Accounting Mode A global parameter to indicate whether the accounting mode for all the servers is enabled or not.
Page 466 Managed Switch CLI Manual, Release 8.0 Field Description Host Address The IP address of the host. Server Name The name of the authenticating server. Port The port used for communication with the authenticating server. Type Specifies whether this server is a primary or secondary type. Current Host Address The IP address of the currently active authenticating server.
Page 467: Show Radius Accounting
Managed Switch CLI Manual, Release 8.0 Server Name......Default_RADIUS_Server Host Address......192.168.37.58 Secret Configured...... No Message Authenticator ....Enable Number of Retransmits....4 Time Duration......10 RADIUS Accounting Mode....Disable RADIUS Attribute 4 Mode....Enable RADIUS Attribute 4 Value ....192.168.37.60 (Switch) #show radius servers 192.168.37.58 Server Name......
Page 468: Show Radius Accounting Statistics
Managed Switch CLI Manual, Release 8.0 Term Definition Server Name The name of the accounting server. Port The port used for communication with the accounting server. Secret Configured Yes or No Boolean value indicating whether this server is configured with a secret. The following shows example CLI display output for the command.
Page 469 Managed Switch CLI Manual, Release 8.0 Term Definition RADIUS Accounting The name of the accounting server. Server Name Server Host Address The IP address of the host. Round Trip Time The time interval, in hundredths of a second, between the most recent Accounting- Response and the Accounting-Request that matched it from this RADIUS accounting server.
Page 470: Show Radius Statistics
Managed Switch CLI Manual, Release 8.0 (Switch) #show radius accounting statistics name Default_RADIUS_Server RADIUS Accounting Server Name....Default_RADIUS_Server Host Address........192.168.37.200 Round Trip Time....... 0.00 Requests........0 Retransmissions....... 0 Responses........0 Malformed Responses......0 Bad Authenticators......0 Pending Requests......0 Timeouts........
Page 471 Managed Switch CLI Manual, Release 8.0 Term Definition Malformed Access The number of malformed RADIUS Access-Response packets received from this Responses server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access responses.
Page 472: Tacacs+ Commands
Managed Switch CLI Manual, Release 8.0 Timeouts........0 Unknown Types......... 0 Packets Dropped....... 0 TACACS+ Commands TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS, this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network.
Page 473 Managed Switch CLI Manual, Release 8.0 tacacs-server key Use the tacacs-server key command to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. The <key- string> parameter has a range of 0 - 128 characters and specifies the authentication and encryption key for all TACACS communications between the switch and the TACACS+ server.
Page 474 Managed Switch CLI Manual, Release 8.0 no tacacs-server timeout Use the no tacacs-server timeout command to restore the default timeout value for all TACACS servers. Format no tacacs-server timeout Mode Global Config Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server.
Page 475: Show Tacacs
Managed Switch CLI Manual, Release 8.0 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. The <priority> parameter specifies the priority for servers. The highest priority is 0 (zero), and the range is 0 - 65535. Default Format priority <priority>...
Page 476: Configuration Scripting Commands
Managed Switch CLI Manual, Release 8.0 Configuration Scripting Commands Configuration Scripting allows you to generate text-formatted script files representing the current configuration of a system. You can upload these configuration script files to a PC or UNIX system and edit them. Then, you can download the edited files to the system and apply the new configuration.
Page 477: Script Apply
Managed Switch CLI Manual, Release 8.0 Note: To specify a blank password for a user in the configuration script, you must specify it as a space within quotes. For example, to change the password for user jane from a blank password to hello, the script entry is as follows: users passwd jane "...
Page 478: Pre-Login Banner And System Prompt Commands
Managed Switch CLI Manual, Release 8.0 script show This command displays the contents of a script file, which is named <scriptname>. Format script show <scriptname> Mode Privileged EXEC Term Definition Output Format line <number>: <line contents> script validate This command validates a script file by parsing each line in the script file where <scriptname> is the name of the script to validate.The validate option is intended to be used as a tool for script development.
Page 479: Set Prompt
Managed Switch CLI Manual, Release 8.0 Default none Format copy <Code Sample Variable><tftp://<ipaddr>/<filepath>/ <filename>><Code Sample Variable> nvram:clibanner copy nvram:clibanner <Code Sample Variable><tftp://<ipaddr>/ <filepath>/<filename>><Code Sample Variable> Mode Privileged EXEC set prompt This command changes the name of the prompt. The length of name may be up to 64 alphanumeric characters.
Page 480: Log Messages
There is no specific action that can be taken per message. When there is a problem being diagnosed, a set of these messages in the event log, along with an understanding of the system configuration and details of the problem will assist NETGEAR, Inc. in determining the root cause of such a problem.
Page 481 Managed Switch CLI Manual, Release 8.0 Table 8-1: BSP Log Messages Component Message Cause Event(0xaaaaaaaa) Switch has restarted. Starting code... BSP initialization complete, starting 7000 series application. Table 8-2: NIM Log Messages Component Message Cause NIM: L7_ATTACH out of order for Interface creation out of order intIfNum(x) unit x slot x port x NIM: Failed to find interface at unit x slot x...
Page 482 Managed Switch CLI Manual, Release 8.0 Table 8-3: System Log Messages Component Message Cause SYSTEM Configuration file Switch CLI.cfg size is 0 The configuration file could not be read. (zero) bytes This message may occur on a system for which no configuration has ever been saved or for which configuration has been erased.
Page 483: Utilities
Managed Switch CLI Manual, Release 8.0 Utilities Table 8-4: Trap Mgr Log Message Component Message Cause Trap Mgr Link Up/Down: unit/slot/port An interface changed link state. Table 8-5: DHCP Filtering Log Messages Component Message Cause DHCP Filtering Unable to create r/w lock for DHCP Filtering Unable to create semaphore used for dhcp filtering configuration structure .
Page 484 Managed Switch CLI Manual, Release 8.0 Table 8-7: RADIUS Log Messages Component Message Cause RADIUS RADIUS: Invalid data length - xxx The RADIUS Client received an invalid message from the server. RADIUS RADIUS: Failed to send the request A problem communicating with the RADIUS server.
Page 485: Management
Managed Switch CLI Manual, Release 8.0 Table 8-8: TACACS+ Log Messages Component Message Cause TACACS+ TACACS+: authentication error, no server to TACACS+ request needed, but no servers contact are configured. TACACS+ TACACS+: connection failed to server TACACS+ request sent to server x.x.x.x but x.x.x.x no response was received.
Page 486 Managed Switch CLI Manual, Release 8.0 Table 8-12: EmWeb Log Messages Component Message Cause EmWeb EMWEB (Telnet): Max number of Telnet A user attempted to connect via telnet when login sessions exceeded the maximum number of telnet sessions were already active. EmWeb EMWEB (SSH): Max number of SSH login A user attempted to connect via SSH when...
Page 487 Managed Switch CLI Manual, Release 8.0 Table 8-14: WEB Log Messages Component Message Cause Max clients exceeded This message is shown when the maximum allowed java client connections to the switch is exceeded. Error on send to sockfd XXXX, closing Failed to send data to the java clients connection through the socket.
Page 488 Managed Switch CLI Manual, Release 8.0 Table 8-16: SSHD Log Messages Component Message Cause SSHD SSHD: Unknown UI event in message, Failed to dispatch the UI event to the event=XXXX appropriate SSHD function as it’s an invalid event. XXXX indicates the event to be dispatched.
Page 489: Switching
Managed Switch CLI Manual, Release 8.0 Table 8-18: User_Manager Log Messages Component Message Cause User_Manager User Login Failed for XXXX Failed to authenticate user login. XXXX indicates the username to be authenticated. User_Manager Access level for user XXXX could not be Invalid access level specified for the user.
Page 490 Managed Switch CLI Manual, Release 8.0 Table 8-20: IP Subnet VLANS Log Messages Component Message Cause IPsubnet vlans ERROR vlanIpSubnetSubnetValid :Invalid This occurs when an invalid pair of subnet subnet and netmask has come from the CLI IPsubnet vlans IP Subnet Vlans: failed to save configuration This message appears when save configuration of subnet vlans failed IPsubnet vlans vlanIpSubnetCnfgrInitPhase1Process:...
Page 491 Managed Switch CLI Manual, Release 8.0 Table 8-21: Mac-based VLANs Log Messages Component Message Cause Mac based vlanMacVlanChangeCallback: Failed to This appears when a dtl fails to delete an VLANS delete an entry entry for an vlan delete notify event. Table 8-22: 802.1x Log Messages Component Message...
Page 492 Managed Switch CLI Manual, Release 8.0 Table 8-23: IGMP Snooping Log Messages Component Message Cause IGMP Snooping Failed to set igmp mrouter mode %d for Failed to set VLAN multicast router mode interface xxx on Vlan yyy due to IGMP Snooping message queue being full IGMP Snooping snoopCnfgrInitPhase1Process: Error Could not allocate buffers for small IGMP...
Page 493 Managed Switch CLI Manual, Release 8.0 Table 8-25: 802.3ad Log Messages Component Message Cause 802.3ad dot3adNimEventCompletionCallback, The event sent to NIM was not completed dot3adNimEventCreateCompletionCallback: successfully DOT3AD: notification failed for event(%d), intf(%d), reason(%d) Table 8-26: FDB Log Message Component Message Cause fdbSetAddressAgingTimeOut: Failure Unable to set the age time in the hardware...
Page 494 Managed Switch CLI Manual, Release 8.0 Table 8-30: 802.1Q Log Messages Component Message Cause 802.1Q dot1qIssueCmd: Unable to send message dot1qMsgQueue is full. %d to dot1qMsgQueue for vlan %d - %d msgs in queue 802.1Q dot1qVlanCreateProcess: Attempt to create This accommodates for reserved vlan ids. a vlan with an invalid vlan id %d ;...
Page 495: Qos
Managed Switch CLI Manual, Release 8.0 Table 8-33: Protocol-based VLANs Log Messages Component Message Cause Protocol Based pbVlanCnfgrInitPhase2Process: Unable to Appears when nimRegisterIntfChange fails VLANs register NIM callback to register pbVlan for link state changes. Protocol Based pbVlanCnfgrInitPhase2Process: Unable to Appears when vlanRegisterForChange fails VLANs register pbVlan callback with vlans...
Page 496: Routing/Ipv6 Routing
Managed Switch CLI Manual, Release 8.0 Table 8-35: CoS Log Message Component Message Cause cosCnfgrInitPhase3Process: Unable to The COS component was unable to apply apply saved config -- using factory defaults the saved configuration and has initialized to the factory default settings. Table 8-36: DiffServ Log Messages Component Message...
Page 497 Managed Switch CLI Manual, Release 8.0 Table 8-38: OSPFv2 Log Messages Component Message Cause OSPFv2 Best route client deregistration failed for OSPFv2 registers with the IPv4 routing table OSPF Redist manager (“RTO”) to be notified of best route changes. There are cases where OSPFv2 deregisters more than once, causing the second deregistration to fail.
Page 498 Managed Switch CLI Manual, Release 8.0 Table 8-39: OSPFv3 Log Messages Component Message Cause OSPFv3 Warning: OSPF LSDB is 90% full (15292 OSPFv3 limits the number of Link State LSAs). Advertisements (LSAs) that can be stored in the link state database (LSDB). When the database becomes 90 or 95 percent full, OSPFv3 logs this warning.
Page 499 Managed Switch CLI Manual, Release 8.0 Table 8-41: VRRP Log Messages Component Message Cause VRRP Changing priority to 255 for virtual router When the router is configured with the with VRID 1 on interface 1/0/1 address being used as the virtual router ID, the router’s priority is automatically set to the maximum value to ensure that the address owner becomes the VRRP master.
Page 500: Multicast
Managed Switch CLI Manual, Release 8.0 Multicast Table 8-45: Cache Log Messages Component Message Cause Cache Out of memory when creating entry. When we run out of memory while creating a new cache (MFC) entry Cache Out of memory when creating cache. When we run out of memory while creating the cache itself Table 8-46: IGMP Log Messages...
Page 501 Managed Switch CLI Manual, Release 8.0 Table 8-48: PIM-SM Log Messages Component Message Cause PIM-SM PIM-SM not initialized This message arises when trying to activate pimsm interfaces or receiving pimsm packets when pimsm component is not initialized. PIM-SM Unable to take xxx semaphore This message is logged when failed to acquire semaphore to access source list or group list or candidate Rp list or virtual...
Page 502: Stacking
Managed Switch CLI Manual, Release 8.0 Table 8-49: PIM-DM Log Messages Component Message Cause PIM-DM Error creating PIM-DM pipe This message is logged when the PIM-DM Pipe (that receives control messages) creation fails. Table 8-50: DVMRP Log Messages Component Message Cause DVMRP dvmrp_send_graft: failed getting memory for...
Page 503 Managed Switch CLI Manual, Release 8.0 Table 8-52: System General Error Messages Component Message Cause In hapiBroadSystemMacAddress call to Failed to add an L2 address to the MAC 'bcm_l2_addr_add' - FAILED : x table. This should only happen when a hash collision occurs or the table is full.
Page 504 Managed Switch CLI Manual, Release 8.0 Table 8-52: System General Error Messages Component Message Cause USL: A Trunk being set doesn't exist in USL Possible synchronization issue between the application, hardware, and sync layer. USL: failed to sync trunk table on unit=x Could not synchronize unit x due to a transport failure or API issue on remote unit.
Page 505: O/S Support
Managed Switch CLI Manual, Release 8.0 Table 8-52: System General Error Messages Component Message Cause USL: failed to sync initiator table on unit=x Could not synchronize unit x due to a transport failure or API issue on remote unit. A synchronization retry will be issued USL: failed to sync terminator table on Could not synchronize unit x due to a unit=x...
Page 506 Managed Switch CLI Manual, Release 8.0 Table 8-53: OSAPI Log Messages (continued) Component Message Cause OSAPI osapiCleanupIf: NetIPGet During the call to remove the interface from the route table, the attempt to get an ipv4 interface address from the stack failed. OSAPI osapiCleanupIf: NetMaskGet During the call to remove the interface from...
Page 507: Captive Portal Commands
Managed Switch CLI Manual, Release 8.0 Chapter 9 Captive Portal Commands The Captive Portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.
Page 508: Http Port
Managed Switch CLI Manual, Release 8.0 no enable Use this command to globally disable captive portal. Default disabled Format no enable Mode Captive Portal Configuration mode http port Use this command to configure an additional HTTP port for captive portal to monitor. The valid range is from 0 to 65535.
Page 509: Authentication Timeout
Managed Switch CLI Manual, Release 8.0 no https port Use this command to reset the HTTPs port to the default HTTPS port 443. Format no https port Mode Captive Portal Configuration mode authentication timeout Use this command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network.
Page 510: Show Captive-Portal Status
Managed Switch CLI Manual, Release 8.0 Term Definition The administrative mode is enabled or disabled. Administrative Mode The Operational status is enabled or disabled. Operational Status If the operational status is disabled. This field shows the reason why the operational is Disable Reason disabled.
Page 511: Captive Portal Configuration Commands
Managed Switch CLI Manual, Release 8.0 Term Definition The number of active captive portal instances. Active Captive Portals System Supported The maximum number of user can be authenticated. Users The maximum number of local user can be created. Local Supported Users The number of the authenticated users.
Page 512: Enable (Instance)
Managed Switch CLI Manual, Release 8.0 no configuration Use this command to to delete a CP configuration. The default configuration cannot be deleted. Format no configuration <1-10> Mode Captive Portal Configuration mode enable (Instance) Use this command to enable a captive portal configuration. Default enable Format...
Page 513 Managed Switch CLI Manual, Release 8.0 no name Use this command to remove a configuration name. Format no name Mode Captive Portal Instance mode protocol Use this command to configure the protocol mode for a captive portal configuration. The default protocol is http.
Page 514: Redirect (Captive Portal)
Managed Switch CLI Manual, Release 8.0 group Use this command to configure a group ID for this captive portal configuration. If a group number is configured, the user entry (Local or RADIUS) must be configured with the ame name and the group to authenticate to this captive portal instance.
Page 515 Managed Switch CLI Manual, Release 8.0 Format no redirect Mode Captive Portal Instance mode redirect-url Use this command to configure the redirect URL for a captive portal configuration. The url is the URL for redirection which can be up to 512 characters in length. Format redirect-url url Mode...
Page 516 Managed Switch CLI Manual, Release 8.0 Default Format max-bandwidth-up <0-536870911> Mode Captive Portal Instance mode no max-bandwidth-up Use this command to reset the maximum rate to the default Format no max-bandwidth-up Mode Captive Portal Instance mode max-input-octets Use this command to configure the maximum number of octets the user is allowed to transmit. After this limit has been reached the user will be disconnected.
Page 517 Managed Switch CLI Manual, Release 8.0 max-output-octets Use this command to configure the maximum number of octets the user is allowed to receive. After this limit has been reached the user will be disconnected. The number of octets is in bytes. 0 indicates limit not enforced Use the “no”.
Page 518: Session-Timeout (Captive Portal)
Managed Switch CLI Manual, Release 8.0 Format max-total-octets <0-4294967295> Mode Captive Portal Instance mode session-timeout (Captive Portal) Use this command to configure the session timeout for a captive portal configuration. After this limit has been reached, the user will be disconnected. Timeout is time in seconds.
Page 519: Interface (Captive Portal)
Managed Switch CLI Manual, Release 8.0 Format no idle-timeout Mode Captive Portal Instance mode locale This command is not intended to be a user command. The administrator must use the WEB UI to create and customize captive portal web content. This command is primarily used by the show running-config command and process as it provides the ability to save and restore configurations using a text based format.
Page 520: Captive Portal Status Commands
Managed Switch CLI Manual, Release 8.0 Format no interface <unit/slot/port> Mode Captive Portal Instance Config mode block Use this command to block all traffic for a captive portal configuration. The administrator can block access to a captive portal configuration. When an instance is blocked no client traffic is allowed through any interfaces associated with that captive portal configuration.
Page 521: Show Captive-Portal Configuration Interface
Managed Switch CLI Manual, Release 8.0 Format show captive-portal configuration <1-10> Mode Privileged EXEC mode Term Definition CP ID The captive portal ID CP Name The captive portal instance name Operational Status The operational status is enabled or disabled. Disable Reason If the operational status is disabled, this field shows the reason.
Page 522 Managed Switch CLI Manual, Release 8.0 Term Definition CP ID The captive portal ID. CP Name The captive portal name. Interface The interface associated with the CP ID Interface The interface description Description Operational Status The operational status is enabled or disabled. Disable Reason The reason if the operational status is disabled.
Page 523: Show Captive-Portal Configuration Status
Managed Switch CLI Manual, Release 8.0 show captive-portal configuration status Use this command to display information about all configured captive portal configurations or about a specific captive portal configuration. The <1-10> is captive portal ID. If <1-10> is not entered, all the configurations are displayed. Format show captive-portal configuration [ <1-10>...
Page 524: Show Captive-Portal Configuration Locales
Managed Switch CLI Manual, Release 8.0 Example (switch)#show captive-portal configuration status CP ID CP Name Mode Protocol Verification ----- ---------- -------- -------- ------------ Enable https Guest Enable http Local Disable https Guest (switch)#show captive-portal configuration 1 status CP ID.......... 1 CP Name........
Page 525: Captive Portal Client Connection Commands
Managed Switch CLI Manual, Release 8.0 show captive-portal trapflags Use this command to display which captive portal traps are enabled. Format show captive-portal trapflags Mode Privileged EXEC mode Example (switch)#show captive-portal trapflags Client Authentication Failure Traps.... Disable Client Connection Traps......Disable Client Database Full Traps.....
Page 526: Show Captive-Portal Client Statistics
Managed Switch CLI Manual, Release 8.0 If the macaddr is specified, the following terms are displayed. Term Definition CP ID The captive portal ID associated with the client CP Name The captive portal name associated with the client Interface The interface on which the client authenticated. Interface The interface description Description...
Page 527: Show Captive-Portal Interface Client Status
Managed Switch CLI Manual, Release 8.0 Term Definition Client MAC The MAC address of the authenticated client address Bytes Received The number of bytes received from the client Bytes Transmitted The number of bytes transmitted to the client Packets Received The number of packets received from the client Packets The number of packets transmitted from the client Transmitted...
Page 528: Show Captive-Portal Configuration Client Status
Managed Switch CLI Manual, Release 8.0 Term Definition Verification The user verification mode Example (switch) #show captive-portal interface client status Client Client Intf Intf Description MAC Address IP Address ------ ----------------------------------- ----------------- -------------- 1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit 0002.BC00.1290 10.254.96.47 1/0/2...
Page 529: Captive Portal Interface Commands
Managed Switch CLI Manual, Release 8.0 If the CP ID is specified, the following terms are displayed. Term Definition Interface The description of the interace Description Example (switch)#show captive-portal configuration client status CP ID CP Name Client MAC Address Client IP Address Interface ----- -------...
Page 530: Captive Portal Local User Commands
Managed Switch CLI Manual, Release 8.0 Format show captive-portal interface configuration [ <1-10>] status Mode Privileged EXEC mode Term Definition CP ID The captive portal ID CP Name The captive portal name Interface The interface associated with the CP ID. Interface The description of the interface Description...
Page 531 Managed Switch CLI Manual, Release 8.0 Format user user-id password { password | encrypted enc-password } Mode Captive Portal Configuration mode no user Use this command to delete a user from the local user database. If the user has an existing session, it is disconnected.
Page 532: User Session-Timeout
Managed Switch CLI Manual, Release 8.0 no user group Use this command to dis-associate a group and user. Format no user <1-128> group <1-10> Mode Captive Portal Configuration mode user session-timeout Use this command to set the session timeout value for a captive portal user. Use the “no” form of this command to reset the session timeout to the default.
Page 533: User Max-Bandwidth-Down
Managed Switch CLI Manual, Release 8.0 no user idle-timeout Use this command to reset the idle timeout to the default value. Format no user <1-128> idle-timeout timeout Mode Captive Portal Configuration mode user max-bandwidth-down Use this command to configure the bandwidth at which the client can receive data from the network.
Page 534: User Max-Input-Octets
Managed Switch CLI Manual, Release 8.0 no user max-bandwidth-up Use this command to reset the limit to the default. Format user <1-128> max-bandwidth-up Mode Captive Portal Configuration mode user max-input-octets Use this command to limit the number of octets the user is allowed to transmit. After this limit has been reached the user will be disconnected.
Page 535: User Max-Total-Octets
Managed Switch CLI Manual, Release 8.0 no user max-output-octets Use this command to reset the limit to the default. Default Format no user <1-128> max-output-octets Mode Captive Portal Configuration mode user max-total-octets Use this command to limit the number of bytes the user is allowed to transmit and receive. The maximum number of octets is the sum of octets transmitted and received.
Page 536 Managed Switch CLI Manual, Release 8.0 Format show captive-portal user [ <1-128> ] Mode Privileged EXEC mode Term Definition User ID The user ID User Name The user name Session Timeout Logout once session timeout is reached (seconds). If the value is 0 then use the value configured for the captive portal.
Page 537: Captive Portal User Group Commands
Managed Switch CLI Manual, Release 8.0 Session Idle User ID User Name Timeout Timeout Group ID Group Name ------- -------------- -------- -------- -------- ----------- user123 Default user234 Default (switch)#show captive-portal user 1 User ID........1 User Name........user123 Password Configured......Yes Session Timeout........
Page 538: User Group Name
Managed Switch CLI Manual, Release 8.0 Default Format user group <1-10> Mode Captive Portal Configuration mode no user group Use this command to delete a user group. The default user group (1) cannot be deleted. Format user group <1-10> Mode Captive Portal Configuration mode user group name Use this command to configure a group name.
Page 539: Command List
Chapter 10 Command List {deny | permit} (IP ACL) ...........................5-40 {deny | permit} (IPv6) ............................5-45 {deny | permit} (MAC ACL) ..........................5-34 aaa authentication dot1x .............................7-39 aaa authentication login ............................7-37 aaa authenticaton enable .............................7-38 access-list .................................5-37 acl-trapflags ................................5-42 addport ..................................3-91 ....................................4-2 arp access-list ................................3-134 arp cachesize...
Page 540 Managed Switch CLI Manual, Release 8.0 bridge aging-time ..............................3-191 cablestatus ................................6-83 captive-portal client deauthenticate .........................9-23 captive-portal ................................9-1 capture wrap ................................6-62 class ....................................5-21 class-map ..................................5-10 class-map rename ..............................5-11 classofservice dot1p-mapping ..........................5-2 classofservice ip-dscp-mapping ..........................5-2 classofservice trust ..............................5-3 clear arp-cache ................................4-5 clear arp-switch ................................4-6 clear captive-portal users ............................9-31...
Page 541 Managed Switch CLI Manual, Release 8.0 configuration ................................7-8 configuration (Captive Portal) ..........................9-5 conform-color .................................5-21 copy ....................................6-32 copy (pre-login banner) ............................7-73 cos-queue min-bandwidth ............................5-4 cos-queue strict ................................5-4 crypto certificate generate ..........................7-19 crypto key generate dsa ............................7-20 crypto key generate rsa ............................7-20 debug arp ..................................6-63 debug auto-voip...
Page 542 Managed Switch CLI Manual, Release 8.0 default-router ................................6-42 delete ....................................6-4 deleteport (Global Config) ..........................3-91 deleteport (Interface Config) ..........................3-91 description ..................................3-4 diffserv ..................................5-9 disconnect ................................7-28 dns-server .................................6-43 domain-name ................................6-46 dos-control all ...............................3-180 dos-control firstfrag ............................3-181 dos-control icmp ..............................3-183 dos-control icmpfrag ............................3-189 dos-control icmpv4 .............................3-188 dos-control icmpv6...
Page 543 Managed Switch CLI Manual, Release 8.0 dvlan-tunnel ethertype ............................3-45 enable (Privileged EXEC access) ........................7-4 enable authentication ............................7-10 enable password ..............................6-29 enable ...................................9-1 enable (Instance) ...............................9-6 encapsulation ................................4-13 ezconfig ..................................7-2 filedescr ..................................6-5 group ....................................9-8 hardware-address ..............................6-43 hashing-mode ................................3-106 host .....................................6-44 http port ..................................9-2 https port ..................................9-2...
Page 544 Managed Switch CLI Manual, Release 8.0 ip dhcp snooping limit ............................3-122 ip dhcp snooping log-invalid ...........................3-123 ip dhcp snooping trust ............................3-123 ip dhcp snooping verify mac-address ......................3-120 ip dhcp snooping vlan ............................3-119 ip domain list ................................6-56 ip domain lookup ..............................6-55 ip domain name ..............................6-56 ip domain retry...
Page 545 Managed Switch CLI Manual, Release 8.0 ip redirects ................................4-30 ip route ..................................4-9 ip route default ...............................4-10 ip route distance ..............................4-11 ip routing ..................................4-8 ip ssh ..................................7-16 ip ssh protocol ................................7-17 ip ssh server enable ...............................7-17 ip telnet server enable ............................7-11 ip unreachables ...............................4-30 ip verify binding...
Page 546 Managed Switch CLI Manual, Release 8.0 line ....................................7-8 lldp med ..................................3-168 lldp med all ................................3-170 lldp med confignotification ..........................3-169 lldp med confignotification all ........................3-170 lldp med faststartrepeatcount ...........................3-171 lldp med transmit-tlv ............................3-169 lldp med transmit-tlv all ............................3-171 lldp notification ..............................3-160 lldp notification-interval ...........................3-161 lldp receive...
Page 547 Managed Switch CLI Manual, Release 8.0 match dstip ................................5-14 match dstip6 ................................5-15 match dstl4port ...............................5-15 match ethertype ..............................5-12 match ip dscp ................................5-15 match ip precedence .............................5-16 match ip tos ................................5-16 match ip6flowlbl ..............................5-14 match protocol ................................5-17 match source-address mac ..........................5-18 match srcip ................................5-18 match srcip6...
Page 548 Managed Switch CLI Manual, Release 8.0 passwords lock-out ...............................7-36 passwords min-length ............................7-34 permit ip host mac host .............................3-134 ping .....................................6-29 police-simple ................................5-23 policy-map ................................5-24 policy-map rename ...............................5-25 port .....................................7-69 port lacpmode ...............................3-103 port lacpmode enable all ...........................3-103 port lacptimeout (Global Config) ........................3-104 port lacptimeout (Interface Config) ......................3-104...
Page 549 Managed Switch CLI Manual, Release 8.0 redirect (Captive Portal) ............................9-8 redirect-url .................................9-9 reload ..................................6-31 reload (Stack) ................................2-6 routing ..................................4-8 save .....................................6-31 script apply ................................7-72 script delete ................................7-72 script list ...................................7-72 script show ................................7-73 script validate ................................7-73 serial baudrate ................................7-8 serial timeout ................................7-9 service dhcp ................................6-49...
Page 550 Managed Switch CLI Manual, Release 8.0 set slot power ................................2-5 sflow poller ................................6-86 sflow receiver .................................6-84 sflow sampler ................................6-85 show access-lists ..............................5-43 show arp ..................................4-6 show arp access-list ............................3-138 show arp brief ................................4-7 show arp switch ................................4-7 show arp switch ................................6-6 show authentication methods ..........................3-71...
Page 551 Managed Switch CLI Manual, Release 8.0 show dot1x ................................3-71 show dot1x clients ..............................3-75 show dot1x users ..............................3-76 show dvlan-tunnel ..............................3-47 show eventlog ................................6-7 show forwardingdb agetime ..........................3-192 show garp .................................3-57 show gmrp configuration ............................3-62 show gvrp configuration .............................3-59 show hardware ................................6-7 show hosts ................................6-60...
Page 552 Managed Switch CLI Manual, Release 8.0 show ip route summary ............................4-18 show ip source binding ............................3-129 show ip ssh ................................7-18 show ip stats ................................4-20 show ip verify source ............................3-128 show ip vlan ................................4-24 show ipv6 access-lists ............................5-47 show isdp ................................3-195 show isdp entry ..............................3-197 show isdp interface...
Page 553 Managed Switch CLI Manual, Release 8.0 show monitor session ............................3-113 show network ................................7-6 show passwords configuration ..........................7-36 show policy-map ..............................5-28 show policy-map interface ..........................5-31 show port ..................................3-7 show port description .............................3-9 show port protocol ..............................3-8 show port status ................................3-9 show port-channel ...............................3-111 show port-channel brief .............................3-109...
Page 554 Managed Switch CLI Manual, Release 8.0 show spanning-tree interface ..........................3-24 show spanning-tree mst port detailed ......................3-25 show spanning-tree mst port summary ......................3-27 show spanning-tree mst summary ........................3-28 show spanning-tree summary ..........................3-29 show spanning-tree vlan .............................3-29 show stack-port ..............................2-10 show stack-port counters ............................2-11 show stack-port diag .............................2-11...
Page 555 Managed Switch CLI Manual, Release 8.0 snmp-server community ipaddr ........................7-42 snmp-server community ipmask ........................7-42 snmp-server community mode ..........................7-43 snmp-server community ro ..........................7-43 snmp-server community rw ..........................7-44 snmp-server enable traps ............................7-44 snmp-server enable traps linkmode .........................7-45 snmp-server enable traps multiusers .......................7-45 snmp-server enable traps stpmode ........................7-46 snmp-server enable traps violation...
Page 556 Managed Switch CLI Manual, Release 8.0 spanning-tree port mode .............................3-20 spanning-tree port mode all ..........................3-20 speed ....................................3-7 speed all ..................................3-7 sshcon maxsessions ..............................7-17 sshcon timeout ................................7-18 stack .....................................2-1 stack-port ..................................2-10 storm-control broadcast ............................3-77 storm-control broadcast ............................3-79 storm-control broadcast level ..........................3-78 storm-control broadcast level ..........................3-80 storm-control broadcast rate...
Page 557 Managed Switch CLI Manual, Release 8.0 traceroute ..................................6-25 traceroute ipv6 ................................6-26 traffic-shape ................................5-5 transport input telnet .............................7-12 transport output telnet ............................7-12 update bootcode ...............................6-6 user group name ..............................9-32 user group rename ..............................9-32 user group .................................9-25 user group (Create) ..............................9-31 user idle-timeout ..............................9-26 user max-bandwidth-down ..........................9-27...
Page 558 Managed Switch CLI Manual, Release 8.0 vlan port tagging all ..............................3-36 vlan priority ................................3-50 vlan protocol group ...............................3-36 vlan protocol group add protocol ........................3-37 vlan protocol group remove ..........................3-37 vlan pvid ...................................3-39 vlan routing ................................4-24 vlan tagging ................................3-40 voice vlan (Global Config) ..........................3-48 voice vlan (Interface Config) ..........................3-48...

This manual is also suitable for:

Gsm7248v2 - prosafe 48 port layer 2 gigabit l2 ethernet switch Fsm726v3 - prosafe fast ethernet l2 managed switch Prosafe 7200

NETGEAR GSM7224v2 - Layer 2 Managed Gigabit Switch Cli Manual

Table of Contents

Chapter 1 Using the Command-Line Interface

Chapter 2 Stacking Commands

Chapter 3 Switching Commands

Chapter 4 Routing Commands

Chapter 5 Quality of Service (Qos) Commands

Chapter 6 Utility Commands

Chapter 7 Management Commands

Chapter 8 Log Messages

Chapter 9 Captive Portal Commands

Quick Links

Software Version 8.0

Chapters

Related Manuals for NETGEAR GSM7224v2 - Layer 2 Managed Gigabit Switch

Summary of Contents for NETGEAR GSM7224v2 - Layer 2 Managed Gigabit Switch