Page 1 ExtremeWare Command Reference Guide Software Version 7.7 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: October 2006 Part number: 100231-00...
Page 2 Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
Page 3: Table Of Contents
Contents Preface Chapter 1 Command Reference Overview Chapter 2 Commands for Accessing the Switch clear account lockout clear session configure account configure account password-policy char-validation configure account password-policy history configure account password-policy lockout-on-login-failures configure account password-policy maxage configure account password-policy min-pwd-length configure banner configure banner netlogin configure dns-client add...
Page 4 Contents create account delete account disable clipaging disable idletimeouts enable clipaging enable idletimeouts enable license history reboot show accounts password-policy show accounts pppuser show banner show dns-client show esrp-aware show switch traceroute Chapter 3 Commands for Managing the Switch configure snmp access-profile readonly configure snmp access-profile readwrite configure snmp add community configure snmp add trapreceiver...
Page 5 Contents configure snmpv3 add notify configure snmpv3 add target-addr configure snmpv3 add target-params configure snmpv3 add user configure snmpv3 add user clone-from configure snmpv3 delete access configure snmpv3 delete community configure snmpv3 delete filter configure snmpv3 delete filter-profile configure snmpv3 delete group user configure snmpv3 delete mib-view configure snmpv3 delete notify configure snmpv3 delete target-addr...
Page 6 Contents enable alt-queue-management enable dhcp ports vlan enable eapol-flooding enable snmp access enable snmp dot1dTpFdbTable enable snmp traps enable snmp traps exceed-committed-rate ports enable snmp traps gratuitous-arp-protection enable snmp traps mac-security enable snmp traps port-up-down enable sntp-client enable system-watchdog enable telnet exit logout quit...
Page 7 Contents show vlan dhcp-address-allocation show vlan dhcp-config telnet unconfigure management Chapter 4 Commands for Configuring Slots and Ports on a Switch clear slot configure backplane-ls-policy configure ip-mtu vlan configure jumbo-frame size configure mirroring add configure mirroring delete configure msm-failover link-action configure msm-failover slave-config configure msm-failover timeout configure port aggregate-bandwidth percent...
Page 8 Contents disable mirroring disable ports disable sharing disable slot disable smartredundancy enable card-scan enable edp ports enable flooding ports enable jumbo-frame ports enable lbdetect port enable learning ports enable mirroring to port enable ports enable sharing grouping enable slot enable smartredundancy restart ports run msm-failover show edp...
Page 9 Contents unconfigure ports display string unconfigure ports redundant unconfigure slot Chapter 5 VLAN Commands configure dot1q ethertype configure mac-vlan add mac-address configure mac-vlan delete configure ports monitor vlan configure protocol add configure protocol delete configure vlan add member-vlan configure vlan add ports configure vlan add ports loopback-vid configure vlan add secondary-ip configure vlan delete member-vlan...
Page 10 Contents clear fdb configure fdb agingtime configure fdb-scan failure-action configure fdb-scan period create fdbentry secure-mac create fdbentry vlan blackhole create fdbentry vlan dynamic create fdbentry vlan ports delete fdbentry disable fdb-scan enable fdb-scan run fdb-check show fdb unconfigure fdb-scan failure-action unconfigure fdb-scan period Chapter 7 QoS Commands...
Page 11 Contents enable diffserv replacement ports enable dlcs enable dot1p replacement ports enable qosmonitor enable red ports show dlcs show dot1p show ports qosmonitor show qosprofile show qostype priority unconfigure diffserv examination ports unconfigure diffserv replacement ports unconfigure qostype priority Chapter 8 NAT Commands clear nat configure nat add vlan map...
Page 12 Contents configure flow-redirect service-check http configure flow-redirect service-check L4-port configure flow-redirect service-check nntp configure flow-redirect service-check ping configure flow-redirect service-check pop3 configure flow-redirect service-check smtp configure flow-redirect service-check telnet configure flow-redirect timer ping-check configure flow-redirect timer service-check configure flow-redirect timer tcp-port-check configure slb esrp vlan configure slb failover alive-frequency configure slb failover dead-frequency...
Page 13 Contents configure slb gogo-mode service-check pop3 configure slb gogo-mode service-check smtp configure slb gogo-mode service-check telnet configure slb gogo-mode service-check timer configure slb gogo-mode tcp-port-check add configure slb gogo-mode tcp-port-check delete configure slb gogo-mode tcp-port-check timer configure slb L4-port configure slb node max-connections configure slb node ping-check configure slb node tcp-port-check configure slb pool add...
Page 14 Contents disable slb disable slb 3dns disable slb failover disable slb failover manual-failback disable slb failover ping-check disable slb global synguard disable slb gogo-mode disable slb gogo-mode ping-check disable slb gogo-mode service-check disable slb gogo-mode tcp-port-check disable slb L4-port disable slb node disable slb node ping-check disable slb node tcp-port-check disable slb proxy-client-persistence...
Page 15 Contents enable slb node tcp-port-check enable slb proxy-client-persistence enable slb vip enable slb vip client-persistence enable slb vip service-check enable slb vip sticky-persistence enable slb vip svcdown-reset show flow-redirect show slb 3dns members show slb connections show slb esrp show slb failover show slb global show slb gogo-mode show slb L4-port...
Page 16 Contents configure flowstats filter ports configure flowstats source configure flowstats timeout ports configure log display configure log filter events configure log filter events match configure log filter set severity configure log filter set severity match configure log target filter configure log target format configure log target match configure log target severity configure packet-mem-scan-recovery-mode...
Page 17 Contents disable flowstats filter ports disable flowstats ping-check disable flowstats ports disable log debug-mode disable log display disable log target disable rmon disable sflow disable sflow backoff-threshold disable sflow ports disable sys-hardware-recovery polling disable sys-health-check disable syslog disable temperature-logging disable transceiver-test enable cli-config-logging enable flowstats enable flowstats filter ports...
Page 18 Contents save log show flowstats show flowstats show flowstats export show log show log components show log configuration show log configuration filter show log configuration target show log counters show log events show memory show packet-mem-scan-recovery-mode show packet miscompare show ports rxerrors show ports stats show ports txerrors show sflow configuration...
Page 19 Contents upload log Chapter 11 Security Commands clear netlogin state clear netlogin state mac-address configure access-profile add configure access-profile delete configure access-profile mode configure auth mgmt-access local configure auth mgmt-access radius configure auth mgmt-access radius-accounting configure auth mgmt-access tacacs configure auth mgmt-access tacacs-accounting configure auth netlogin radius configure auth netlogin radius-accounting configure cpu-dos-protect alert-threshold...
Page 20 Contents configure netlogin dot1x guest-vlan configure netlogin dot1x timers supplicant-response-timeout configure netlogin dot1x guest-vlan supplicant-response-timeout configure netlogin mac-address configure netlogin mac auth-retry-count configure netlogin mac reauth-period configure netlogin redirect-page configure netlogin dot1x timers reauth-period configure radius server configure radius shared-secret configure radius timeout configure radius-accounting server configure radius-accounting shared-secret...
Page 21 Contents configure security-profile wpa2-psk configure security-profile wpa-only configure ssh2 key configure ssl certificate pregenerated configure ssl certificate privkeylen country organization common-name configure ssl privkey pregenerated configure tacacs server configure tacacs server timeout configure tacacs shared-secret configure tacacs timeout configure tacacs-accounting server configure tacacs-accounting shared-secret configure tacacs-accounting timeout configure vlan access-profile...
Page 22 Contents delete route-map delete security-profile delete trusted-mac-address disable access-list disable arp-learning disable arp-learning ports disable arp-learning vlan disable arp-learning vlan ports disable cpu-dos-protect disable dhcp ports vlan disable enhanced-dos-protect disable ip-subnet-lookup disable mac-lockdown-timeout ports disable netlogin disable netlogin dot1x guest-vlan ports 1000 disable netlogin logout-privilege 1001...
Page 23 Contents enable arp-learning ports 1021 enable arp-learning vlan 1022 enable arp-learning vlan ports 1023 enable cpu-dos-protect 1024 enable cpu-dos-protect simulated 1025 enable dhcp ports vlan 1026 enable enhanced-dos-protect 1027 enable ip-subnet-lookup 1028 enable mac-lockdown-timeout ports 1030 enable netlogin 1031 enable netlogin dot1x guest-vlan ports 1033 enable netlogin logout-privilege 1034...
Page 24 Contents show access-mask 1063 show access-profile 1064 show arp-learning vlan 1065 show arp-learning vlan ports 1067 show auth 1068 show cpu-dos-protect 1069 show enhanced-dos-protect 1071 show ip-subnet-lookup fdb 1073 show mac-lockdown-timeout ports 1074 show mac-lockdown-timeout fdb ports 1075 show netlogin 1077 show netlogin guest-vlan 1080...
Page 25 Contents unconfigure netlogin dot1x guest-vlan 1115 unconfigure netlogin dot1x timers supplicant-response-timeout 1116 unconfigure netlogin dot1x guest-vlan supplicant-response-timeout 1117 unconfigure netlogin dot1x timers reauth-period 1118 unconfigure netlogin mac-address 1119 unconfigure netlogin mac auth-retry-count 1120 unconfigure netlogin mac reauth-period 1121 unconfigure radius 1122 unconfigure radius-accounting 1123...
Page 26 Contents upload configuration 1159 upload configuration cancel 1161 use configuration 1162 use image 1163 Chapter 13 Troubleshooting Commands clear debug-trace 1166 configure debug-trace accounting 1167 configure debug-trace bootprelay 1169 configure debug-trace card-state-change 1170 configure debug-trace debug-link 1171 configure debug-trace dvmrp-cache 1172 configure debug-trace dvmrp-hello 1174...
Page 27 Contents configure debug-trace mpls-signalling 1210 configure debug-trace npcard 1212 configure debug-trace pim-cache 1213 configure debug-trace pim-hello 1215 configure debug-trace pim-message 1217 configure debug-trace pim-neighbor 1219 configure debug-trace pim-rp-mgmt 1221 configure debug-trace rip-message 1223 configure debug-trace rip-route-change 1224 configure debug-trace rip-triggered-update 1225 configure debug-trace slb-3dns 1226...
Page 28 Contents show diagnostics 1265 show diagnostics backplane arm mapping 1268 show diagnostics backplane mpls mapping 1269 show diagnostics backplane utilization 1270 show diagnostics cable 1271 show diagnostics packet-memory slot 1273 show diagnostics slot fdb 1275 show ports cable diagnostics 1276 show system-dump 1278 show tech-support...
Page 29 Contents configure wireless port antenna-profile 1311 configure wireless ports antenna-location 1312 configure wireless ports detected-station-timeout 1313 configure wireless ports force-disassociation 1314 configure wireless ports health-check 1315 configure wireless ports interface ap-scan added-trap 1316 configure wireless ports interface ap-scan off-channel 1317 configure wireless ports interface ap-scan off-channel continuous 1318 configure wireless ports interface ap-scan off-channel max-wait...
Page 30 Contents create rf-profile mode 1347 delete antenna-profile 1348 delete rf-profile 1349 disable wireless ports 1350 disable wireless ports cancel-scheduler 1351 disable wireless ports every 1352 disable wireless ports interface 1353 disable wireless ports interface ap-scan 1354 disable wireless ports interface ap-scan off-channel 1355 disable wireless ports interface client-history 1356...
Page 31 Contents show wireless ports 1389 show wireless ports configuration 1391 show wireless ports debug-trace 1393 show wireless ports image-configuration 1395 show wireless ports interface ap-scan configuration 1396 show wireless ports interface ap-scan results 1398 show wireless ports interface ap-scan results mac-address 1401 show wireless ports interface ap-scan status 1402...
Page 32 Contents configure stacking slot-binding loose or strict 1444 disable stacking 1446 enable stacking 1448 show stacking 1449 show stacking port 1452 unconfigure stacking fallback-ip 1453 unconfigure stacking requested-slot 1454 Chapter 16 EAPS Commands configure eaps add control vlan 1456 configure eaps add protect vlan 1457 configure eaps delete control vlan 1458...
Page 33 Contents unconfigure eaps shared-port mode 1489 Chapter 17 ESRP Commands clear elrp stats 1493 clear elsm auto-restart ports 1494 clear elsm counters ports 1496 configure debug elsm-port 1497 configure debug elsm-system 1499 configure elrp-client one-shot 1501 configure elrp-client periodic 1503 configure elsm hellotime 1505 configure elsm hold-threshold...
Page 34 Contents configure vlan delete track-rip 1534 configure vlan delete track-vlan 1535 configure vlan esrp elrp-master-poll disable 1536 configure vlan esrp elrp-master-poll enable 1537 configure vlan esrp elrp-premaster-poll disable 1539 configure vlan esrp elrp-premaster-poll enable 1540 configure vlan esrp esrp-election 1542 configure vlan esrp esrp-premaster-timeout 1544 configure vlan esrp group...
Page 35 Contents configure stpd delete vlan 1585 configure stpd forwarddelay 1586 configure stpd hellotime 1587 configure stpd max-hop-count 1588 configure stpd maxage 1589 configure stpd mode 1590 configure stpd ports cost 1592 configure stpd ports link-type 1594 configure stpd ports link-type edge edge-safeguard disable 1596 configure stpd ports link-type edge edge-safeguard enable 1597...
Page 36 Contents unconfigure stpd 1634 Chapter 19 VRRP Commands configure vrrp add vlan 1637 configure vrrp delete 1638 configure vrrp vlan add 1639 configure vrrp vlan authentication 1640 configure vrrp vlan delete vrid 1641 configure vrrp vlan vrid 1642 disable vrrp 1644 enable vrrp 1645...
Page 37 Contents configure iproute delete 1676 configure iproute delete blackhole 1677 configure iproute delete blackhole default 1678 configure iproute delete default 1679 configure iproute priority 1680 configure iproute route-map 1682 configure irdp 1684 configure irdp 1685 configure udp-profile add 1686 configure udp-profile delete 1687 configure vlan secondary-ip 1688...
Page 38 Contents disable ipforwarding 1713 disable ipforwarding lpm-routing 1715 disable iproute sharing 1716 disable irdp 1717 disable loopback-mode vlan 1718 disable multinetting 1719 disable subvlan-proxy-arp vlan 1720 disable udp-echo-server 1721 enable bootp vlan 1722 enable bootprelay 1723 enable ip-security arp gratuitous-protection 1724 enable icmp access-list 1725...
Page 39 Contents enable udp-echo-server 1749 disable ip-security arp gratuitous-protection 1750 rtlookup 1751 run ipfdb-check 1752 show ip-security arp gratuitous-protection 1753 show iparp 1754 show iparp proxy 1755 show ipconfig 1756 show ipfdb 1758 show iproute 1760 show ipstats 1763 show udp-profile 1766 unconfigure bootprelay dhcp-agent information check 1767...
Page 40 Contents configure isis lsp refresh interval 1790 configure isis metric-size 1791 configure isis spf hold time 1792 configure isis system-identifier 1793 configure isis vlan 1794 configure isis vlan authentication 1795 configure isis vlan cost 1796 configure isis vlan hello-multiplier 1797 configure isis vlan priority 1798 configure isis vlan timer...
Page 41 Contents configure ospf virtual-link authentication password 1828 configure ospf vlan area 1829 configure ospf vlan neighbor add 1830 configure ospf vlan neighbor delete 1831 configure ospf vlan <vlan name> timer 1832 configure rip add vlan 1834 configure rip delete vlan 1835 configure rip garbagetime 1836...
Page 42 Contents disable rip poisonreverse 1866 disable rip splithorizon 1867 disable rip triggerupdate 1868 enable isis 1869 enable isis export 1870 enable isis ignore-attached-bit 1872 enable isis originate-default 1873 enable isis overload 1874 enable ospf 1875 enable ospf capability opaque-lsa 1876 enable ospf export 1877 enable ospf export direct...
Page 43 Contents show rip 1908 show rip stats 1909 show rip stats vlan 1910 show rip vlan 1911 unconfigure ospf 1912 unconfigure rip 1913 Chapter 22 BGP Commands—“i” Series Switches Only clear bgp neighbor counters 1917 clear bgp neighbor flap-statistics 1918 configure bgp add aggregate-address 1920 configure bgp add confederation-peer sub-AS-number...
Page 44 Contents configure bgp neighbor timer 1947 configure bgp neighbor weight 1948 configure bgp peer-group as-path-filter 1949 configure bgp peer-group dampening 1950 configure bgp peer-group maximum-prefix 1952 configure bgp peer-group next-hop-self 1954 configure bgp peer-group nlri-filter 1955 configure bgp peer-group no-dampening 1956 configure bgp peer-group route-reflector-client 1957...
Page 45 Contents enable bgp 1984 enable bgp aggregation 1985 enable bgp always-compare-med 1986 enable bgp community format 1987 enable bgp export 1988 enable bgp neighbor 1990 enable bgp neighbor remove-private-AS-numbers 1991 enable bgp neighbor soft-in-reset 1992 enable bgp peer-group 1993 enable bgp synchronization 1994 show bgp 1995...
Page 46 Contents configure igmp snooping filter 2023 configure igmp snooping flood-list 2024 configure igmp snooping leave-timeout 2026 configure igmp snooping timer 2027 configure mcast-queue-mgmt 2029 configure mroute add 2030 configure mroute delete 2031 configure pim add vlan 2032 configure pim cbsr 2034 configure pim crp static 2035...
Page 47 Contents enable dvmrp rxmode vlan 2061 enable dvmrp txmode vlan 2062 enable ext-mcast 2063 enable igmp 2064 enable igmp snooping 2065 enable igmp snooping with-proxy 2067 enable ipmcforwarding 2068 enable mcast-queue-mgmt 2069 enable pim 2070 enable pim snooping 2071 enable mvr 2072 mrinfo 2073...
Page 48 Contents configure ipxmaxhops 2098 configure ipxrip add vlan 2099 configure ipxrip delete vlan 2100 configure ipxrip vlan delay 2101 configure ipxrip vlan export-filter 2102 configure ipxrip vlan import-filter 2103 configure ipxrip vlan max-packet-size 2104 configure ipxrip vlan trusted-gateway 2105 configure ipxrip vlan update-interval 2106 configure ipxroute add 2107...
Page 49 Contents show ipxroute 2132 show ipxsap 2133 show ipxservice 2134 show ipxstats 2135 unconfigure ipxrip 2136 unconfigure ipxsap 2137 unconfigure vlan xnetid 2138 xping 2139 Chapter 25 ARM Commands—BlackDiamond Switch Only clear accounting counters 2143 configure route-map set accounting-index 1 value 2144 configure route-map set iphost-routing 2146...
Page 50 Contents Chapter 27 ATM Commands—BlackDiamond 6800 Series Platforms Only configure atm add pvc 2170 configure atm delete pvc 2172 configure atm scrambling 2174 show atm 2175 show atm pvc 2178 Chapter 28 T1, E1, and T3 WAN Commands—Alpine 3800 Series Platforms configure multilink add 2182 configure multilink delete...
Page 51 Contents delete multilink 2210 disable multilink 2211 disable ports loopback 2212 disable wanqos 2213 enable multilink 2214 enable ports loopback 2215 enable ports loopback remote 2216 enable ports t1 loopback network payload 2217 enable vman termination 2218 enable wanqos 2219 restart multilink 2220 show accounts pppuser...
Page 52 Contents configure qostype ingress priority 2247 configure vlan qosprofile ingress 2249 create application examination 2250 delete application examination 2252 disable application examination ports 2253 disable diagnostics cable 2254 disable diffserv ingress replacement ports 2255 disable flow-control ports 2256 enable application examination ports 2257 enable diagnostics cable 2258...
Page 53 Contents configure flowstats export add 2295 configure flowstats export delete 2297 configure flowstats filter ports 2299 configure flowstats source ipaddress 2301 configure ports tunnel hdlc 2302 configure ppp ports 2303 configure ppp authentication ports 2305 configure ppp delayed-down-time ports 2306 configure ppp echo ports 2307 configure ppp pos checksum ports...
Page 54 Contents show flowstats 2336 show ppp 2338 show sonet 2340 unconfigure aps 2341 unconfigure diffserv dscp-mapping ports 2342 unconfigure ppp ports 2344 unconfigure sonet ports 2345 Chapter 31 Power Over Ethernet Commands—Summit 300 and 400-24p Switches and Alpine PoE Module clear inline-power connection-history slot 2349 clear inline-power fault ports...
Page 55 Contents reset inline-power ports 2384 reset inline-power slot 2385 show inline-power 2386 show inline-power configuration port 2388 show inline-power configuration slot 2390 show inline-power info show inline-power info port 2392 show inline-power slot 2396 show inline-power stats ports 2398 show inline-power stats slot 2400 unconfigure inline-power backup-source slot 2401...
Page 56 Contents configure lldp snmp-notification-interval 2426 configure lldp transmit-delay 2427 configure lldp transmit-hold 2428 configure lldp transmit-interval 2429 disable lldp ports 2430 disable snmp traps lldp port 2431 enable lldp ports 2432 enable snmp traps lldp port 2433 show lldp 2434 show lldp neighbor 2436 show lldp port statistics...
Page 57 Contents configure mpls tls-tunnel lsp 2471 configure mpls vpls 2472 configure mpls vpls add 2474 configure mpls vpls add peer 2476 configure mpls vpls delete 2479 configure mpls vpls delete peer 2480 configure mpls vpls peer 2481 mplsping 2482 mplstrace 2484 show fdb vpls 2486...
Page 58 Contents configure mpls ldp acl 2521 configure mpls ldp acl add peer 2522 configure mpls ldp acl delete peer 2523 configure mpls ldp advertise 2524 configure mpls ldp advertise vlan 2526 configure mpls php 2527 configure mpls propagate-ip-ttl 2528 configure mpls qos-mapping 2530 configure mpls rsvp-te add lsp 2532...
Page 59 Contents mplstrace 2572 show fdb vpls 2574 show mpls health-check mplsping 2575 show mpls health-check vplsping 2576 show mpls ldp acl 2577 show mpls 2578 show mpls forwarding 2579 show mpls interface 2581 show mpls label 2582 show mpls ldp 2584 show mpls qos-mapping 2586...
Page 60 Contents ExtremeWare 7.7 Command Reference Guide...
Page 61 This guide is intended for use as a reference by network administrators who are responsible for installing and setting up network equipment. It assumes knowledge of Extreme Networks switch configuration. For conceptual information and guidance on configuring Extreme Networks switches, see the ExtremeWare Software User Guide for your version of the ExtremeWare software.
Page 62: Related Publications
The publications related to this one are: • ExtremeWare release notes • ExtremeWare User Guide • Consolidated Hardware Installation Guide Documentation for Extreme Networks products is available on the World Wide Web at the following location: http://www.extremenetworks.com/ ExtremeWare 7.7 Command Reference Guide...
Page 63: Using Extremeware Publications Online
Related Publications Using ExtremeWare Publications Online You can access ExtremeWare publications by downloading them from the Extreme Networks World ® Wide Web location or from your ExtremeWare product CD. Publications are provided in Adobe Portable Document Format (PDF). Displaying or printing PDF files requires that your computer be ®...
Page 64 Preface Using Adobe Reader Version 6.0. If you are using Adobe Reader version 6.0 or later, or if you are using Reader embedded in Adobe Acrobat version 6.0 or later, follow these steps to ensure proper concurrent viewing and linking of both the user guide and command reference guide PDF files: 1 Double-click a PDF icon to open the Adobe Reader or Adobe Acrobat window.
Page 65 This guide does not provide feature descriptions, explanations of the technologies, or configuration examples. For information about the various features and technologies supported by Extreme Networks switches, see the installation and user guides for your product. This guide does not replace the installation and user guides;...
Page 66 Command Reference Overview • Protocol Independent Multicast (PIM) concepts (PIM dense mode commands are supported only on the “i” series platforms.) • Internet Packet Exchange (IPX) concepts (IPX-related commands are supported only on the “i” series platforms.) • Server Load Balancing (SLB) concepts (SLB-related commands are supported only on the “i” series platforms.) •...
Page 67: Understanding The Command Syntax
Understanding the Command Syntax Understanding the Command Syntax When entering a command at the prompt, be sure that you have the appropriate privilege level. Most configuration commands require you to have the administrator privilege level. A variety of symbols are shown in this guide as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself.
Page 68: Command Shortcuts
Command Reference Overview Abbreviated Syntax Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command or parameter. Typically, this is the first three letters of the command. If you do not enter enough letters to allow the switch to determine which command you mean, the syntax helper will provide a list of the options based on the portion of the command you have entered.
Page 69 Line-Editing Keys You can specify all ports on a particular slot. For example, port 3:* indicates all ports on slot 3. You can specify a range of slots and ports. For example, port 2:3-4:5 indicates slot 2, port 3 through slot 4, port 5. Stand-alone Switch Numerical Ranges Commands that require you to enter one or more port numbers on a stand-alone switch use the parameter...
Page 70: Command History
Command Reference Overview Command History ExtremeWare “remembers” the last 49 commands you entered. You can display a list of these commands by using the following command: history What is New in ExtremeWare 7.7 This section contains the new and modified commands in ExtremeWare 7.7: •...
Page 71 What is New in ExtremeWare 7.7 The command... has been modified to... disable arp-learning ports all disable ip-security arp learning learn-from-arp ports all disable arp-learning vlan <vlan name> disable ip-security arp learning learn-from-arp vlan <vlan name> disable arp-learning vlan <vlan name> ports <portlist> disable ip-security arp learning learn-from-arp vlan <vlan name>...
Page 72 Command Reference Overview ExtremeWare 7.7 Command Reference Guide...
Page 73: Commands For Accessing The Switch
Commands for Accessing the Switch This chapter describes: • Commands used for accessing and configuring the switch including how to set up user accounts, passwords, date and time settings, and software licenses • Commands used for configuring the Domain Name Service (DNS) client •...
Page 74: Clear Account Lockout
Commands for Accessing the Switch clear account lockout clear account [all | <name>] lockout Description Re-enables an account that has been locked out (disabled) for exceeding the permitted number failed login attempts, which was configured by using the configure account password-policy command.
Page 75: Clear Session
clear session clear session clear session <number> Description Terminates a Telnet, SSH, NetLogin, or Console session from the switch. Syntax Description number Specifies a session number from show session output to terminate. Default Usage Guidelines An administrator-level account can disconnect a management session that has been established by way of a Telnet connection.
Page 76: Configure Account
Commands for Accessing the Switch configure account configure account <user account> {encrypted} {<password>} Description Configures a user account password. Syntax Description user account Specifies a user account name. encrypted This option is for use only by the switch when generating an ASCII configuration file. Specifies that the password should be encrypted when the configuration is uploaded to a file.
Page 77 configure account Example The following command defines a new password for the account admin: configure account admin The switch responds with a password prompt: password: Your keystrokes will not be echoed as you enter the new password. After you enter the password, the switch will then prompt you to reenter it.
Page 78: Configure Account Password-Policy Char-Validation
Commands for Accessing the Switch configure account password-policy char-validation configure account [all | <name>] password-policy char-validation [none | all-char-groups] Description Requires that the user include an upper-case letter, a lower-case letter, a digit, and a symbol in the password. Syntax Description Specifies all users (and future users).
Page 79 configure account password-policy char-validation Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 80: Configure Account Password-Policy History
Commands for Accessing the Switch configure account password-policy history configure account [all | <name>] password-policy history [<num_passwords> | none] Description Configures the switch to verify the specified number of previous passwords for the account. The user is prevented from changing the password on a user or administrative account to any of these previously saved passwords.
Page 81: Configure Account Password-Policy Lockout-On-Login-Failures
configure account password-policy lockout-on-login-failures configure account password-policy lockout-on-login-failures configure account [all | <name>] password-policy lockout-on-login-failures [on | off] Description Disables an account after the user has 3 consecutive failed login attempts. Syntax Description Specifies all users (and future users). name Specifies an account name.
Page 82: Configure Account Password-Policy Maxage
Commands for Accessing the Switch configure account password-policy maxage configure account [all | <name>] password-policy maxage [<num_days> | none] Description Configures a time limit for the passwords for specified accounts. The passwords for the default admin account and the failsafe account do not age out. Syntax Description Specifies all accounts (and future users).
Page 83: Configure Account Password-Policy Min-Pwd-Length
configure account password-policy min-pwd-length configure account password-policy min-pwd-length configure account [all | <name>] password-policy min-pwd-length [<num_characters> | none] Description Requires a minimum number of characters for passwords. Syntax Description Specifies all accounts (and future users). name Specifies an account name. num_characters Specifies the minimum number of characters required for the password.
Page 84 Commands for Accessing the Switch Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 85: Configure Banner
configure banner configure banner configure banner Description Configures the banner string that is displayed at the beginning of each login prompt of each session. Syntax Description This command has no arguments or variables. Default Usage Guidelines Press [Return] at the beginning of a line to terminate the command and apply the banner. To clear the banner, press [Return] at the beginning of the first line.
Page 86: Configure Banner Netlogin
Commands for Accessing the Switch configure banner netlogin configure banner netlogin Description Configures the network login banner that is displayed at the beginning of each login prompt of each session. Syntax Description This command has no arguments or variables. Default Usage Guidelines The network login banner and the switch banner cannot be used at the same time.
Page 87: Configure Dns-Client Add
configure dns-client add configure dns-client add configure dns-client add <ipaddress> Description Adds a DNS name server to the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default Usage Guidelines Up to three DNS name servers can be configured in ExtremeWare versions prior to 6.2.1. In ExtremeWare 6.2.1 and later, eight DNS name servers can be configured.
Page 88: Configure Dns-Client Add Domain-Suffix
Commands for Accessing the Switch configure dns-client add domain-suffix configure dns-client add domain-suffix <domain_name> Description Adds a domain name to the domain suffix list. Syntax Description domain_name Specifies a domain name. Default Usage Guidelines The domain suffix list can include up to six items. If the use of all previous names fails to resolve a name, the most recently added entry on the domain suffix list will be the last name used during name resolution.
Page 89: Configure Dns-Client Add Name-Server
configure dns-client add name-server configure dns-client add name-server configure dns-client add name-server <ipaddress> Description Adds a DNS name server to the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default Usage Guidelines Up to three DNS name servers can be configured in ExtremeWare versions prior to 6.2.1. In ExtremeWare 6.2.1 and later, eight DNS name servers can be configured.
Page 90: Configure Dns-Client Default-Domain
Commands for Accessing the Switch configure dns-client default-domain configure dns-client default-domain <domain_name> Description Configures the domain that the DNS client uses if a fully qualified domain name is not entered. Syntax Description domain_name Specifies a default domain name. Default Usage Guidelines Sets the DNS client default domain name to .
Page 91: Configure Dns-Client Delete
configure dns-client delete configure dns-client delete configure dns-client delete <ipaddress> Description Removes a DNS name server from the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default Usage Guidelines None Example The following command removes a DNS server from the list: configure dns-client delete 10.1.2.1 History This command was first available in ExtremeWare 4.0.
Page 92: Configure Dns-Client Delete Domain-Suffix
Commands for Accessing the Switch configure dns-client delete domain-suffix configure dns-client delete domain-suffix <domain_name> Description Deletes a domain name from the domain suffix list. Syntax Description domain_name Specifies a domain name. Default Usage Guidelines This command randomly removes an entry from the domain suffix list. If the deleted item was not the last entry in the list, all items that had been added later are moved up in the list.
Page 93: Configure Dns-Client Delete Name-Server
configure dns-client delete name-server configure dns-client delete name-server configure dns-client delete name-server <ipaddress> Description Removes a DNS name server from the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default Usage Guidelines None. Example The following command removes a DNS server from the list: configure dns-client delete name-server 10.1.2.1 History...
Page 94: Configure Idletimeouts
Commands for Accessing the Switch configure idletimeouts configure idletimeouts <minutes> Description Configures the time-out for idle HTTP, console, and Telnet sessions. Syntax Description minutes Specifies the time-out interval, in minutes. Range is 1 to 240 (1 minute to 4 hours). Default Default time-out is 20 minutes.
Page 95: Configure Time
configure time configure time configure time <date> <time> Description Configures the system date and time. Syntax Description date Specifies the date in mm/dd/yyyy format. time Specifies the time in hh:mm:ss format. Default Usage Guidelines The format for the system date and time is as follows: mm/dd/yyyy hh:mm:ss The time uses a 24-hour clock format.
Page 96: Configure Timezone
Commands for Accessing the Switch configure timezone configure timezone {name <std_timezone_ID>} <GMT_offset> {autodst {name <dst_timezone_ID>} {<dst_offset>} {begins [every <floatingday> | on <absoluteday>] {at <time_of_day>} {ends [every <floatingday> | on <absoluteday>] {at <time_of_day>}}} | noautodst} Description Configures the Greenwich Mean Time (GMT) offset and Daylight Saving Time (DST) preference. Syntax Description GMT_offset Specifies a Greenwich Mean Time (GMT) offset, in + or - minutes.
Page 97 configure timezone Usage Guidelines Network Time Protocol (NTP) server updates are distributed using GMT time. To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to GMT based on geographic location. is specified in +/- minutes from the GMT time.
Page 98 Commands for Accessing the Switch Table 5: Greenwich Mean Time Offsets (Continued) GMT Offset GMT Offset in Hours in Minutes Common Time Zone References Cities -5:00 -300 EST - Eastern Standard Bogota, Columbia; Lima, Peru; New York, NY, Trevor City, MI USA -6:00 -360 CST - Central Standard...
Page 99 configure timezone Example The following command configures GMT offset for Mexico City, Mexico and disables automatic DST: configure timezone -360 noautodst The following four commands are equivalent, and configure the GMT offset and automatic DST adjustment for the US Eastern timezone, with an optional timezone ID of EST: configure timezone name EST -300 autodst name EDT 60 begins every first sunday april at 2:00 ends every last sunday october at 2:00 configure timezone name EST -300 autodst name EDT 60 begins every 1 1 4 at 2:00 ends...
Page 100: Create Account
Commands for Accessing the Switch create account create account [admin | pppuser |sma-ftp-user |user] <username> {encrypted} {<password>} Description Creates a new user account. Syntax Description admin Specifies an access level for account type admin. pppuser Specifies an access level for account type pppuser. sma-ftp-user Specifies an access level for account type sma-ftp-user.
Page 101 create account For ExtremeWare 4.x and higher: • Admin-level users and users with RADIUS command authorization can use the create account command. For ExtremeWare 4.x: • User account name specifications are not available. • Passwords must have a minimum of 4 characters and can have a maximum of 12 characters. •...
Page 102: Delete Account
Commands for Accessing the Switch delete account delete account <username> Description Deletes a specified user account. Syntax Description username Specifies a user account name. Default Usage Guidelines Use the command to determine which account you want to delete from the system. The show accounts show accounts output displays the following information in a tabular format: •...
Page 103 delete account Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 104: Disable Clipaging
Commands for Accessing the Switch disable clipaging disable clipaging Description Disables pausing at the end of each show screen. Syntax Description This command has no arguments or variables. Default Enabled Usage Guidelines The command line interface (CLI) is designed for use in a VT100 environment. Most command show output will pause when the display reaches the end of a page.
Page 105: Disable Idletimeouts
disable idletimeouts disable idletimeouts disable idletimeouts Description Disables the timer that disconnects idle sessions from the switch. Syntax Description This command has no arguments or variables. Default Enabled. Timeout 20 minutes. Usage Guidelines When idle time-outs are disabled, console sessions remain open until the switch is rebooted or you logoff.
Page 106: Enable Clipaging
Commands for Accessing the Switch enable clipaging enable clipaging Description Enables the pause mechanism and does not allow the display to print continuously to the screen. Syntax Description This command has no arguments or variables. Default Enabled Usage Guidelines The command line interface (CLI) is designed for use in a VT100 environment. Most command show output will pause when the display reaches the end of a page.
Page 107: Enable Idletimeouts
enable idletimeouts enable idletimeouts enable idletimeouts Description Enables a timer that disconnects Telnet and console sessions after 20 minutes of inactivity. Syntax Description This command has no arguments or variables. Default Enabled. Timeout 20 minutes. Usage Guidelines You can use this command to ensure that a Telnet, HTTP, or console session is disconnected if it has been idle for the required length of time.
Page 108: Enable License
Commands for Accessing the Switch enable license For the “i” series switches: enable license [basic_L3 | advanced_L3 | full_L3 ] <license_key> For the “e” series switches: enable license [advanced-edge] <license_key> Description Enables a particular software feature license. Syntax Description basic_L3 Specifies a basic L3 license.
Page 109 enable license This command was added to the “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 110: History
Commands for Accessing the Switch history history Description Displays a list of the previous 49 commands entered on the switch. Syntax Description This command has no arguments or variables. Default Usage Guidelines ExtremeWare “remembers” the last 49 commands you entered on the switch. Use the history command to display a list of these commands.
Page 111: Reboot
reboot reboot For the “i” series switches: reboot {time <date> <time> | cancel} {slot <slot number> | msm-a | msm-b | msm-c | msm-d} For the “e” series switches: reboot {time <date> <time> | cancel} {slot <slot number>} Description Reboots the switch or the module in the specified slot at a specified date and time. Syntax Description date Specifies a reboot date in mm/dd/yyyy format.
Page 112 Commands for Accessing the Switch The modules that can be rebooted are: E1, T1, T3, ARM, ATM, MPLS, PoS, and slave or switch fabric MSM modules. NOTE When you configure a timed reboot of an MSM, you can use the command output to view show switch the configuration.
Page 113: Show Accounts Password-Policy
show accounts password-policy show accounts password-policy show accounts password-policy Description Displays password policy information for all users on the switch. Syntax Description This command has no arguments or variables. Default Usage Guidelines To view the password management information, you must have administrator privileges. command displays the following information in a tabular show accounts password-policy format:...
Page 114 Commands for Accessing the Switch Output from this command looks similar to the following: --------------------------------------------------------------------------- Accounts global configuration(applied to new accounts on creation) --------------------------------------------------------------------------- Password Max. age : None Password History limit : None Password Min. length : None Password Character Validation : Disabled Accts.
Page 115: Show Accounts Pppuser
show accounts pppuser show accounts pppuser show accounts pppuser Description Displays user account information for all users on the switch. Syntax Description This command has no arguments or variables. Default Usage Guidelines You need to create a user account using the command before you can display user create account account information.
Page 116 Commands for Accessing the Switch Platform Availability This command is only available on the “i” series of switches. ExtremeWare 7.7 Command Reference Guide...
Page 117: Show Banner
Use this command to view the banner that is displayed before the login prompt. Example The following command displays the switch banner: show banner Output from this command looks similar to the following: Extreme Networks Summit48i Layer 3 Switch ######################################################### Unauthorized Access is strictly prohibited. Violators will be prosecuted. ######################################################### History This command was first available in ExtremeWare 2.0.
Page 118: Show Dns-Client
Commands for Accessing the Switch show dns-client show dns-client Description Displays the DNS configuration. Syntax Description This command has no arguments or variables. Default Usage Guidelines None. Example The following command displays the DNS configuration: show dns-client Output from this command looks similar to the following: Number of domain suffixes: 2 Domain Suffix 1: njudah.local...
Page 119: Show Esrp-Aware
show esrp-aware show esrp-aware show esrp-aware [vlan <vlan name>] Description Displays ESRP awareness information. Syntax Description vlan name Specifies a VLAN name. Default Without the vlan option, the show command displays all VLAN interfaces receiving ESRP packets. Usage Guidelines The VLANs associated with the ports connecting an ESRP-aware switch to an ESRP-enabled switch must be configured using an 802.1Q tag on the connecting port, or, if only a single VLAN is involved, as untagged.
Page 120: Show Switch
Commands for Accessing the Switch show switch show switch Description Displays the current switch information. Syntax Description This command has no arguments or variables. Default Usage Guidelines Viewing statistics on a regular basis allows you to see how well your network is performing. If you keep simple daily records, you will see trends emerging and notice problems arising before they cause major network faults.
Page 121 Example The following command displays current switch information: show switch Output from this command looks similar to the following: SysName: Alpine3804 SysLocation: Extreme Networks HQ SysContact: Carlos_Beronio System MAC: 00:01:30:23:C1:00 License: Full L3 System Mode: 802.1Q EtherType is 8100 (Hex).
Page 122 Commands for Accessing the Switch Power supply: Upper (PSU-A) not present, Lower (PSU-B) OK Image Selected: Primary Image Booted: Primary Primary EW Ver: 7.0.0b61 [unknown-ssh] Secondary EW Ver: 7.1.0b34 [non-ssh] Module Image Selected Image Booted ------ -------------- ------------ Secondary Secondary Slot 2 (WM4T1) Secondary Secondary...
Page 123 show switch Config Booted: Secondary Primary Config: Created by EW Version: 7.2e.0 Build 26 [46] 5990 bytes saved on Wed Jan 12 15:54:31 2056 Secondary Config: Empty * Summit400-48t:3 # History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 6.1.8 to display the mode of switch operation—extended, standard, or auto—for the Alpine 3802.
Page 124: Traceroute
Commands for Accessing the Switch traceroute traceroute <host name | ip_address> {from <source IP address>} {ttl <number>} {port <port number>} Description Enables you to trace the routed path between the switch and a destination endstation. Syntax Description host name Specifies the hostname of the destination endstation. ip_address Specifies the IP address of the destination endstation.
Page 125: Commands For Managing The Switch
Commands for Managing the Switch This chapter describes: • Commands for configuring Simple Network Management Protocol (SNMP) parameters on the switch • Commands for managing the switch using Telnet and web access • Commands for configuring Simple Network Time Protocol (SNTP) parameters on the switch SNMP Any network manager running the Simple Network Management Protocol (SNMP) can manage the switch, if the Management Information Base (MIB) is installed correctly on the management station.
Page 126: Simple Network Time Protocol
Commands for Managing the Switch The following can also be configured on the switch for version 6.0 and higher: • SNMP read access—The ability to read SNMP information can be restricted through the use of an access profile. An access profile permits or denies a named list of IP addresses and subnet masks. •...
Page 127: Configure Snmp Access-Profile Readonly
configure snmp access-profile readonly configure snmp access-profile readonly configure snmp access-profile readonly [<access-profile> | none] Description Assigns an access profile that limits which stations have read-only access to the switch. Syntax Description access-profile Specifies a user defined access profile. none Cancels a previously configured access profile.
Page 128 Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 129: Configure Snmp Access-Profile Readwrite
configure snmp access-profile readwrite configure snmp access-profile readwrite configure snmp access-profile readwrite [<access-profile> | none] Description Assigns an access profile that limits which stations have read/write access to the switch. Syntax Description access-profile Specifies a user defined access profile. none Cancels a previously configured access profile.
Page 130 Commands for Managing the Switch This command was added to the Summit “e” series of switches in 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 131: Configure Snmp Add Community
configure snmp add community configure snmp add community configure snmp add community [readonly | readwrite] {encrypted} <alphanumeric string> Description Adds an SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies encryption, for use only by the switch when uploading or downloading a configuration.
Page 132 Commands for Managing the Switch • The parameter is included in the command syntax. It is available only in version 2.0. • SNMP community strings can contain up to 127 characters. Example The following command adds a read/write community string with the value extreme: configure snmp add community readwrite extreme History This command was first available in ExtremeWare 6.2.
Page 133: Configure Snmp Add Trapreceiver
Specifies that BGP traps will be sent to the trap receiver. NOTE: This option is only available on the “i” series of switches. extreme-traps Specifies that Extreme Networks specific traps will be sent to the trap receiver. link-up-down-traps Specifies that link state traps will be sent to the trap receiver.
Page 134 Commands for Managing the Switch Default Trap receivers are in enhanced mode by default, and the version is SNMPv2c by default. Usage Guidelines The IP address can be unicast, multicast, or broadcast. An authorized trap receiver can be one or more network management stations on your network. Authorized trap receivers must be configured on the switch for the trap receiver to receive switch-generated traps.
Page 135 configure snmp add trapreceiver Table 7: SNMP Trap Groups (Continued) Trap Group Notifications MIB Subtree system-traps extremeOverheat 1.3.6.1.4.1.1916.0.6 extremeFanFailed 1.3.6.1.4.1.1916.0.7 extremeFanOK 1.3.6.1.4.1.1916.0.8 extremePowerSupplyFail 1.3.6.1.4.1.1916.0.10 extremePowerSupplyGood 1.3.6.1.4.1.1916.0.11 extremeModuleStateChange 1.3.6.1.4.1.1916.0.15 extremeHealthCheckFailed 1.3.6.1.4.1.1916.4.1.0.1 extremeCpuUtilizationRisingTrap 1.3.6.1.4.1.1916.4.1.0.2 extremeCpuUtilizationFallingTrap 1.3.6.1.4.1.1916.4.1.0.3 coldStart 1.3.6.1.6.3.1.1.5.1 warmStart 1.3.6.1.6.3.1.1.5.2 extreme-traps extremeEsrpStateChange 1.3.6.1.4.1.1916.0.17 extremeEdpNeighborAdded 1.3.6.1.4.1.1916.0.20...
Page 136 The following command adds port 9990 at the IP address 10.203.0.22 as a trap receiver with the community string public, and the receiver should be sent standard traps for the trap groups for BGP and Extreme Networks: configure snmp add trapreceiver ipaddress 10.203.0.22 port 9990 community public mode...
Page 137: Configure Snmp Community
configure snmp community configure snmp community configure snmp community [readonly | readwrite] {encrypted} <alphanumeric string> Description Configures the value of the default SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies encryption, for use only by the switch when uploading or downloading a configuration.
Page 138 Commands for Managing the Switch History This command was first available in ExtremeWare 1.0. This command was added to the Summit “e” series of switches in 7.1e. This command was modified in ExtremeWare 7.2e to add support for encryption. Platform Availability This command is available on all platforms.
Page 139: Configure Snmp Delete Community
configure snmp delete community configure snmp delete community configure snmp delete community [readonly | readwrite] {encrypted} [all | <alphanumeric string>] Description Deletes an SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies an encrypted option.
Page 140 Commands for Managing the Switch Example The following command deletes a read/write community string named extreme: configure snmp delete community readwrite extreme History This command was first available in ExtremeWare 2.0. Support for the parameter was discontinued in ExtremeWare 4.0. This command was added to the Summit “e”...
Page 141: Configure Snmp Delete Trapreceiver
configure snmp delete trapreceiver configure snmp delete trapreceiver configure snmp delete trapreceiver [ip address> | {all}] Description Deletes a specified trap receiver or all authorized trap receivers. Syntax Description ip address Specifies an SNMP trap receiver IP address. Specifies all SNMP trap receiver IP addresses. Default The default port number is 162.
Page 142 Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 143: Configure Snmp Syscontact
configure snmp sysContact configure snmp sysContact configure snmp syscontact <alphanumeric string> Description Configures the name of the system contact. Syntax Description alphanumeric string Specifies a system contact name. Default N/A. Usage Guidelines The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch.
Page 144: Configure Snmp Syslocation
Commands for Managing the Switch configure snmp sysLocation configure snmp syslocation <alphanumeric string> Description Configures the location of the switch. Syntax Description alphanumeric string Specifies the switch location. Default N/A. Usage Guidelines Use this command to indicate the location of the switch. A maximum of 255 characters is allowed. To view the location of the switch on the switch, use the command.
Page 145: Configure Snmp Sysname
configure snmp sysName configure snmp sysName configure snmp sysname <alphanumeric string> Description Configures the name of the switch. Syntax Description alphanumeric string Specifies a device name. Default The default is the model name of the device (for example, sysname Summit1 Usage Guidelines You can use this command to change the name of the switch.
Page 146: Configure Snmpv3 Add Access
Commands for Managing the Switch configure snmpv3 add access configure snmpv3 add access [hex <hex value> | <group name>] {sec-model [snmpv1 | snmpv2 | usm]} {sec-level [noauth | authnopriv | authpriv]} {read-view [hex <hex value> | <view name>] { write-view [hex <hex value> | <view name>] {notify-view [hex <hex value>...
Page 147 configure snmpv3 add access • The default groups defined (permanent) are v1v2c_ro for security names snmpv1 and snmpv2c, v1v2c_rw for security names snmpv1 and snmpv2c, admin for security name admin, and initial for security names initial, initialmd5, initialsha, initialmd5Priv and initialshaPriv. •...
Page 148: Configure Snmpv3 Add Community
Commands for Managing the Switch configure snmpv3 add community configure snmpv3 add community {hex <hex value>} <community index> name {hex <hex value>} <community name> user {hex <hex value>} <user name> {tag {hex <hex value>} <transport tag>} {volatile} Description Add an SNMPv3 community entry. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 149 configure snmpv3 add community Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 150: Configure Snmpv3 Add Filter
Commands for Managing the Switch configure snmpv3 add filter configure snmpv3 add filter {hex <hex value>} <profile name> subtree <object identifier> {/<subtree mask>} type [included | excluded] {volatile} Description Add a filter to a filter profile. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 151 configure snmpv3 add filter Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 152: Configure Snmpv3 Add Filter-Profile
Commands for Managing the Switch configure snmpv3 add filter-profile configure snmpv3 add filter-profile {hex <hex value>} <profile name> param {hex <hex value>} <param name> {volatile} Description Associate a filter profile with a parameter name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 153: Configure Snmpv3 Add Group User
configure snmpv3 add group user configure snmpv3 add group user configure snmpv3 add group [hex <hex value> | <group name>] user [ hex <hex value} | <user name>] {sec-model [snmpv1| snmpv2 | usm]} {volatile} Description Add a user name (security name) to a group. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 154 Commands for Managing the Switch History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 155: Configure Snmpv3 Add Mib-View
configure snmpv3 add mib-view configure snmpv3 add mib-view configure snmpv3 add mib-view [{hex <hex value>} | <view name> subtree <object identifier> {/<subtree mask>} {type [included | excluded]} {volatile} Description Add (and modify) a MIB view. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 156 Commands for Managing the Switch configure snmpv3 add mib-view vrrpTrapNewMaster 1.3.6.1.2.1.68.0.1/ff8 type excluded volatile History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 157: Configure Snmpv3 Add Notify
configure snmpv3 add notify configure snmpv3 add notify configure snmpv3 add notify {hex <hex value>} <notify name> tag {hex <hex value>} <tag> {volatile} Description Add an entry to the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 158: Configure Snmpv3 Add Target-Addr
Commands for Managing the Switch configure snmpv3 add target-addr configure snmpv3 add target-addr [{hex <hex value>} | <addr name>] param [{hex <hex value>} | <param name>] ipaddress <ip address> {/<target-addr mask>} {transport-port <port>} {from <source IP address>} {tag-list {hex <hex value>} <tag>, {hex <hex value>} <tag>, ...} {volatile} Description Add and configure an SNMPv3 target address and associate filtering, security, and notifications with that address.
Page 159 configure snmpv3 add target-addr History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 160: Configure Snmpv3 Add Target-Params
Commands for Managing the Switch configure snmpv3 add target-params configure snmpv3 add target-params [hex <hex value> | <param name>] user [hex <hex value> | <user name>] mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile} Description Add and configure SNMPv3 target parameters.
Page 161 configure snmpv3 add target-params configure snmpv3 add target-params P1 user guest mp-model snmpv2c sec-model snmpv2c sec-level noauth History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms.
Page 162: Configure Snmpv3 Add User
Commands for Managing the Switch configure snmpv3 add user configure snmpv3 add user {hex} <user name> {authentication [md5 | sha] [hex <hex octet> | <password>]} {privacy [hex <hex octet> | <password>]} {volatile} Description Add (and modify) an SNMPv3 user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 163 configure snmpv3 add user Use the following command to configure the user authMD5 to use authentication with the password palertyu:· configure snmpv3 add user authMD5 authentication md5 palertyu Use the following command to configure the user authSHApriv to use authentication with the hex key shown below, the privacy password palertyu, and storage: volatile...
Page 164: Configure Snmpv3 Add User Clone-From
Commands for Managing the Switch configure snmpv3 add user clone-from configure snmpv3 add user {hex <hex value>} <user name> clone-from {hex <hex value>} <user name> Description Create a new user by cloning from an existing SNMPv3 user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 165: Configure Snmpv3 Delete Access
configure snmpv3 delete access configure snmpv3 delete access configure snmpv3 delete access [all-non-defaults | {hex <hex value>} | <group name> {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv | priv]}}] Description Delete access rights for a group. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) security groups are to be deleted.
Page 166 Commands for Managing the Switch The following command deletes the group userGroup with the security model and security level snmpv1 of authentication and no privacy ( authnopriv configure snmpv3 delete access userGroup sec-model snmpv1 sec-level authnopriv History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e”...
Page 167: Configure Snmpv3 Delete Community
configure snmpv3 delete community configure snmpv3 delete community configure snmpv3 delete community [all-non-defaults | {{hex <hex value>} <community index>} | {name {hex <hex value>} <community name> }] Description Delete an SNMPv3 community entry. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 168: Configure Snmpv3 Delete Filter
Commands for Managing the Switch configure snmpv3 delete filter configure snmpv3 delete filter [all | [{hex <hex value>} <profile name> {subtree <object identifier>}]] Description Delete a filter from a filter profile. Syntax Description Specifies all filters. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 169: Configure Snmpv3 Delete Filter-Profile
configure snmpv3 delete filter-profile configure snmpv3 delete filter-profile configure snmpv3 delete filter-profile [all |[{hex <hex value>}<profile name> {param {hex <hex value>}<param name>}]] Description Remove the association of a filter profile with a parameter name. Syntax Description Specifies all filter profiles. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 170: Configure Snmpv3 Delete Group User
Commands for Managing the Switch configure snmpv3 delete group user configure snmpv3 delete group {{hex <hex value>} | <group name>} user [all-non-defaults | {{hex <hex value>} |<user name>} {sec-model [snmpv1|snmpv2c|usm]}] Description Delete a user name (security name) from a group. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 171 configure snmpv3 delete group user Use the following command to delete the user guest from the group userGroup with the security model configure snmpv3 delete group userGroup user guest History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms.
Page 172: Configure Snmpv3 Delete Mib-View
Commands for Managing the Switch configure snmpv3 delete mib-view configure snmpv3 delete mib-view [all-non-defaults | {{hex <hex value>} | <view name> {subtree <object identifier>}] Description Delete a MIB view. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) MIB views are to be deleted. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 173 configure snmpv3 delete mib-view Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 174: Configure Snmpv3 Delete Notify
Commands for Managing the Switch configure snmpv3 delete notify configure snmpv3 delete notify [{{hex <hex value>} <notify name>} | all-non-defaults] Description Delete an entry from the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 175: Configure Snmpv3 Delete Target-Addr
configure snmpv3 delete target-addr configure snmpv3 delete target-addr configure snmpv3 delete target-addr [{{hex <hex value>} | <addr name>| all}] Description Delete SNMPv3 target addresses. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 176: Configure Snmpv3 Delete Target-Params
Commands for Managing the Switch configure snmpv3 delete target-params configure snmpv3 delete target-params [{{hex <hex value>} <param name>} | all] Description Delete SNMPv3 target parameters. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 177: Configure Snmpv3 Delete User
configure snmpv3 delete user configure snmpv3 delete user configure snmpv3 delete user [all-non-defaults | {hex <hex value>} <user name>] Description Delete an existing SNMPv3 user. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) users are to be deleted. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 178: Configure Snmpv3 Engine-Boots
Commands for Managing the Switch configure snmpv3 engine-boots configure snmpv3 engine-boots <(1-2147483647)> Description Configures the SNMPv3 Engine Boots value. Syntax Description (1-2147483647) Specifies the value of engine boots. Default N/A. Usage Guidelines Use this command if the Engine Boots value needs to be explicitly configured. Engine Boots and Engine Time will be reset to zero if the Engine ID is changed.
Page 179: Configure Snmpv3 Engine-Id
Use this command if the needs to be explicitly configured. The first four octets of the ID snmpEngineID are fixed to 80:00:07:7C,which represents Extreme Networks Vendor ID. Once the snmpEngineID changed, default users will be reverted back to their original passwords/keys, while non-default users will be reset to the security level of no authorization, no privacy.
Page 180: Configure Snmpv3 Extreme-Target-Addr-Ext
Commands for Managing the Switch configure snmpv3 extreme-target-addr-ext configure snmpv3 extreme-target-addr-ext {hex <hex value>} <addr name> mode [standard | enhanced] {ignore-mp-model} {ignore-event-community} Description Configure an entry in the extremeTargetAddrExtTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 181 configure snmpv3 extreme-target-addr-ext This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 182: Configure Sntp-Client Server
Commands for Managing the Switch configure sntp-client server configure sntp-client [primary | secondary] server <host name | ipaddress>] Description Configures an NTP server for the switch to obtain time information. Syntax Description primary Specifies a primary server name. secondary Specifies a secondary server name. host name/ip Specifies a host name.
Page 183: Configure Sntp-Client Update-Interval
configure sntp-client update-interval configure sntp-client update-interval configure sntp-client update-interval <seconds> Description Configures the interval between polls for time information from SNTP servers. Syntax Description seconds Specifies an interval in seconds. Default 64 seconds. Usage Guidelines None. Example The following command configures the interval timer: configure sntp-client update-interval 30 History This command was first available in ExtremeWare 4.0.
Page 184: Configure Web Login-Timeout
Commands for Managing the Switch configure web login-timeout configure web login-timeout <seconds> Description Configures the timeout for user to enter username/password in the pop-up window. Syntax Description seconds Specifies an interval in seconds, where <seconds> can range from 30 seconds to 10 minutes (600 seconds). Default 30 seconds.
Page 185: Disable Alt-Queue-Management
disable alt-queue-management disable alt-queue-management disable alt-queue-management Description Disables the alternate queue management. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines The following command enables alternate queue management: enable alt-queue-management To disable the alternative queue management feature for the next boot, use the following command: disable alt-queue-management Example The following command disables alternate queue management:...
Page 186: Disable Dhcp Ports Vlan
Commands for Managing the Switch disable dhcp ports vlan disable dhcp ports <portlist> vlan <vlan name> Description Disables DHCP on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which DHCP should be disabled. vlan name Specifies the VLAN on whose ports DHCP should be disabled.
Page 187: Disable Eapol-Flooding
disable eapol-flooding disable eapol-flooding disable eapol-flooding Description Disables EAPOL flooding on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Per IEEE 802.1D, Summit “e’ series switches do not forward EAPOL frames. Also, if network login is enabled, EAPOL flooding cannot be enabled.
Page 188: Disable Snmp Access
Commands for Managing the Switch disable snmp access disable snmp access {snmp-v1v2c} Description Selectively disables SNMP on the switch. Syntax Description snmp-v1v2c Disables SNMPv1/v2c access only; does not affect SNMPv3 access. Default Enabled. Usage Guidelines Disabling SNMP access does not affect the SNMP configuration (for example, community strings). However, if you disable SNMP access, you will be unable to access the switch using SNMP.
Page 189: Disable Snmp Dot1Dtpfdbtable
disable snmp dot1dTpFdbTable disable snmp dot1dTpFdbTable disable snmp dot1dTpFdbTable Description Disables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SNMP Get responses are not affected by this command. To view the configuration of the dot1dTpFdb table on the switch, use the command.
Page 190: Disable Snmp Traps
Commands for Managing the Switch disable snmp traps disable snmp traps Description Prevents SNMP traps from being sent from the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines This command does not clear the SNMP trap receivers that have been configured. The command prevents SNMP traps from being sent from the switch even if trap receivers are configured.
Page 191: Disable Snmp Traps Exceed-Committed-Rate Ports
disable snmp traps exceed-committed-rate ports disable snmp traps exceed-committed-rate ports disable snmp traps exceed-committed-rate ports <portlist> {<Ingress QOS Profile>} Description Prevents SNMP traps from being sent from the indicated ports on the switch. Syntax Description “3” portlist Specifies a list of series I/O module ports (in the form 2:*, 2:5, or 2:6-2:8).
Page 192: Disable Snmp Traps Gratuitous-Arp-Protection
Commands for Managing the Switch disable snmp traps gratuitous-arp-protection disable snmp traps gratuitous-arp-protection Description Disables SNMP gratuitous ARP traps for all ports to be sent by the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the enable ip-security gratuitous-arp-protection command.
Page 193: Disable Snmp Traps Mac-Security
disable snmp traps mac-security disable snmp traps mac-security disable snmp traps mac-security Description Prevents SNMP mac-security traps from being sent from the switch for all ports. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the configure ports <portlist> limit-learning command. That command configures a limit on the number of MAC addresses that can be learned on a port(s).
Page 194: Disable Snmp Traps Port-Up-Down
Commands for Managing the Switch disable snmp traps port-up-down disable snmp traps port-up-down ports [all | mgmt | <portlist>] Description Prevents SNMP port up/down traps (also known as link up and link down traps) from being sent from the switch for the indicated ports. Syntax Description Specifies that no link up/down traps should be sent for all ports.
Page 195: Disable Sntp-Client
disable sntp-client disable sntp-client disable sntp-client Description Disables the SNTP client. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server.
Page 196: Disable System-Watchdog
Commands for Managing the Switch disable system-watchdog disable system-watchdog Description Disables the system watchdog timer. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to the system log.
Page 197: Disable Telnet
disable telnet disable telnet disable telnet Description Disables Telnet services on the system. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines You must be logged in as an administrator to enable or disable Telnet services. Disabling Telnet services aborts any existing Telnet connection to the switch.
Page 198: Enable Alt-Queue-Management
Commands for Managing the Switch enable alt-queue-management enable alt-queue-management Description Enables the alternate queue management. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Use this command to configure the alternative queue management feature for the next boot. Configuring the feature does not affect the queue management current boot.
Page 199 enable alt-queue-management Use the following command to disable alternate queue management: disable alt-queue-management Example The following command configures alternate queue management: enable alt-queue-management History This command was available in ExtremeWare 7.2. Platform Availability This command is only available on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 200: Enable Dhcp Ports Vlan
Commands for Managing the Switch enable dhcp ports vlan enable dhcp ports <portlist> vlan <vlan name> Description Enables DHCP on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which DHCP should be enabled. vlan_name Specifies the VLAN on whose ports DHCP should be enabled. Default N/A.
Page 201: Enable Eapol-Flooding
enable eapol-flooding enable eapol-flooding enable eapol-flooding Description Enables EAPOL flooding on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Per IEEE 802.1D, Summit “e’ series switches do not forward EAPOL frames. Also, if network login is enabled, EAPOL flooding cannot be enabled.
Page 202: Enable Snmp Access
Commands for Managing the Switch enable snmp access enable snmp access Description Turns on SNMP support for SNMPv3 and v1/v2c on the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address assigned to it.
Page 203 enable snmp access Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 204: Enable Snmp Dot1Dtpfdbtable
Commands for Managing the Switch enable snmp dot1dTpFdbTable enable snmp dot1dTpFdbTable Description Enables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SNMP Get responses are not affected by this command. To view the configuration of the dot1dTpFdb table on the switch, use the command.
Page 205: Enable Snmp Traps
enable snmp traps enable snmp traps enable snmp traps Description Turns on SNMP trap support. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines An authorized trap receiver can be one or more network management stations on your network. The switch sends SNMP traps to all trap receivers.
Page 206: Enable Snmp Traps Exceed-Committed-Rate Ports
Commands for Managing the Switch enable snmp traps exceed-committed-rate ports enable snmp traps exceed-committed-rate ports <portlist> {<Ingress QOS Profile>} Description Enables SNMP traps for the condition when ingress traffic has exceeded the configured committed-rate and is either being dropped, or is in danger of being dropped, on the indicated ports. Syntax Description “3”...
Page 207 enable snmp traps exceed-committed-rate ports History This command was first available in ExtremeWare 7.2. Platform Availability This command is available on “3” series I/O modules only. ExtremeWare 7.7 Command Reference Guide...
Page 208: Enable Snmp Traps Gratuitous-Arp-Protection
Commands for Managing the Switch enable snmp traps gratuitous-arp-protection enable snmp traps gratuitous-arp-protection Description Enables SNMP gratuitous ARP traps for all ports to be sent by the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the enable ip-security gratuitous-arp-protection command.
Page 209: Enable Snmp Traps Mac-Security
enable snmp traps mac-security enable snmp traps mac-security enable snmp traps mac-security Description Enables SNMP mac-security traps for all ports to be sent by the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the configure ports <portlist> limit-learning command. That command configures a limit on the number of MAC addresses that can be learned on a port(s).
Page 210: Enable Snmp Traps Port-Up-Down
Commands for Managing the Switch enable snmp traps port-up-down enable snmp traps {port-up-down ports [all | mgmt | <portlist>]} Description Enables SNMP port up/down traps (also known as link up and link down traps) for the indicated ports. Syntax Description Specifies that link up/down traps should be sent for all ports.
Page 211: Enable Sntp-Client
enable sntp-client enable sntp-client enable sntp-client Description Enables the SNTP client. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server.
Page 212: Enable System-Watchdog
Commands for Managing the Switch enable system-watchdog enable system-watchdog Description Enables the system watchdog timer. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to the system log.
Page 213: Enable Telnet
enable telnet enable telnet enable telnet {access-profile [<access_profile> | none]} {port <tcp_port_number>} Description Enables Telnet access to the switch. Syntax Description access profile Specifies an access profile. (6.0, 6.1) none Cancels a previously configured access profile. (6.0, 6.1) port Specifies a TCP port number. (6.0, 6.1) Default Telnet is enabled with no access profile and uses TCP port number 23.
Page 214 Commands for Managing the Switch History This command was first available in ExtremeWare 2.0. Support for the , and parameters was introduced in ExtremeWare 6.0. access profile none port This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 215: Exit
exit exit exit Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: exit...
Page 216: Logout
Commands for Managing the Switch logout logout Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: logout...
Page 217: Quit
quit quit quit Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: quit...
Page 218: Show Eapol-Flooding
Commands for Managing the Switch show eapol-flooding show eapol-flooding Description Displays the current EAPOL flooding state. Syntax Description This command has no arguments or variables. Default Usage Guidelines Per IEEE 802.1D, Summit “e” series switches do not forward EAPOL frames. Also, if network login is enabled, EAPOL flooding cannot be enabled.
Page 219: Show Management
show management show management show management Description Displays the SNMP settings configured on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: The following show management output is displayed: • Enable/disable state for Telnet, SNMP, and web access •...
Page 220 Commands for Managing the Switch CLI idle timeouts: disabled CLI Paging: enabled CLI configuration logging: enabled Telnet access: enabled tcp port: 23 Web access: enabled tcp port: 80 Web access login timeout : 30 secs SSH Access: key invalid, disabled tcp port: 22 UDP Echo Server: disabled udp port: 7 SNMP Access:...
Page 221 show management Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 222: Show Odometer
Commands for Managing the Switch show odometer show odometer Description Displays a counter for each component of a switch that shows how long it has been functioning since it was manufactured. Syntax Description This command has no arguments or variables. Default N/A.
Page 223 show odometer Slot 2: WM4T1 Oct-25-2002 Slot 3: FM8V Jan-22-2003 Slot 4: GM4X Jan-22-2003 Upper PS: PSU-A Apr-12-2002 Lower PS: PSU-B History This command was first available in ExtremeWare 6.2.1. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms.
Page 224: Show Session
Commands for Managing the Switch show session show session Description Displays the currently active Telnet, console, and web sessions communicating with the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the username and IP address of the incoming Telnet session, show session whether a console session is currently active, and the login time.
Page 225 show session Support for the Auth command field definition was introduced in ExtremeWare 4.0. Support for the CLI Auth command field definition was introduced in ExtremeWare 6.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 226: Show Snmpv3 Access
Commands for Managing the Switch show snmpv3 access show snmpv3 access {hex <hex value>} | <group name>} Description Displays SNMPv3 access rights. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. group name Specifies the name of the group to display.
Page 227 show snmpv3 access Row Status : Active Group Name : initial Context Prefix : Security Model : USM Security Level : Authentication No-Privacy Context Match : Exact Read View : defaultUserView Write View : defaultUserView Notify View : defaultNotifyView Storage Type : Permanent Row Status : Active...
Page 228 Commands for Managing the Switch Group Name : v1v2cNotifyGroup Context Prefix : Security Model : snmpv1 Security Level : No-Authentication No-Privacy Context Match : Exact Read View Write View Notify View : defaultNotifyView Storage Type : Permanent Row Status : Active Group Name : v1v2cNotifyGroup Context Prefix :...
Page 229: Show Snmpv3 Context
show snmpv3 context show snmpv3 context show snmpv3 context Description Displays information about the SNMPv3 contexts on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: This command displays the entries in the View-based Access Control Model (VACM) context table (VACMContextTable).
Page 230: Show Snmpv3 Counters
Commands for Managing the Switch show snmpv3 counters show snmpv3 counters Description Displays SNMPv3 counters. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the following SNMPv3 counters: show snmpv3 counters • snmpUnknownSecurityModels • snmpInvalidMessages •...
Page 231 show snmpv3 counters History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 232: Show Snmpv3 Engine-Info
Commands for Managing the Switch show snmpv3 engine-info show snmpv3 engine-info Description Displays information about the SNMPv3 engine on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: The following show engine-info output is displayed: •...
Page 233: Show Snmpv3 Extreme-Target-Addr-Ext
show snmpv3 extreme-target-addr-ext show snmpv3 extreme-target-addr-ext show snmpv3 extreme-target-addr-ext {hex <hex value>} <addr name> Description Display information about SNMPv3 target addresses enhanced or standard mode. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 234: Show Snmpv3 Filter
Commands for Managing the Switch show snmpv3 filter show snmpv3 filter {{hex <hex value>} <profile name> {{subtree} <object identifier>} Description Display the filters that belong a filter profile. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 235: Show Snmpv3 Filter-Profile
show snmpv3 filter-profile show snmpv3 filter-profile show snmpv3 filter-profile {{hex <hex value>} <profile name>} {param {hex <hex value>} <param name>} Description Display the association between parameter names and filter profiles. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 236: Show Snmpv3 Group
Commands for Managing the Switch show snmpv3 group show snmpv3 group {hex <hex value> | <group name>} {user {hex <hex value>} | <user name>} Description Displays the user name (security name) and security model association with a group name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 237 show snmpv3 group Row Status : Active Group Name : v1v2c_rw Security Name : v1v2c_rw Security Model : snmpv2c Storage Type : Permanent Row Status : Active Group Name : admin Security Name : admin Security Model : USM Storage Type : Permanent Row Status : Active...
Page 238: Show Snmpv3 Mib-View
Commands for Managing the Switch show snmpv3 mib-view show snmpv3 mib-view {{hex <hex value>} | <view name>} {subtree <object identifier>} Description Displays a MIB view. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 239 show snmpv3 mib-view View Name : defaultUserView MIB Subtree : 1.3.6.1.6.3.18 Mask View Type : Excluded Storage Type : Permanent Row Status : Active View Name : defaultUserView MIB Subtree : 1.3.6.1.6.3.15.1.2.2.1.4 Mask View Type : Excluded Storage Type : Permanent Row Status : Active View Name...
Page 240: Show Snmpv3 Notify
Commands for Managing the Switch show snmpv3 notify show snmpv3 notify {{hex <hex value>} <notify name>} Description Display the notifications that are set. This command displays the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 241: Show Snmpv3 Target-Addr
show snmpv3 target-addr show snmpv3 target-addr show snmpv3 target-addr {{hex <hex value>} | <addr name>} Description Display information about SNMPv3 target addresses. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. addr name Specifies a string identifier for the target address.
Page 242: Show Snmpv3 Target-Params
Commands for Managing the Switch show snmpv3 target-params show snmpv3 target-params [{{hex <hex value>} | <param name>}] Description Display the information about the options associated with the parameter name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 243: Show Snmpv3 User
show snmpv3 user show snmpv3 user show snmpv3 user {{hex <hex value>} <user name>} Description Displays detailed information about the user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. user name Specifies the user name to display.
Page 244 Commands for Managing the Switch This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 245: Show Sntp-Client
show sntp-client show sntp-client show sntp-client Description Displays the DNS configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Displays configuration and statistics information of SNTP client. Example The following command displays the DNS configuration: show sntp-client Following is the output from this command: SNTP client is enabled...
Page 246 Commands for Managing the Switch This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 247: Show Vlan Dhcp-Address-Allocation
show vlan dhcp-address-allocation show vlan dhcp-address-allocation show vlan <vlan name> dhcp-address-allocation Description Displays DHCP address allocation information about VLANs. Syntax Description vlan name Specifies a VLAN name. Default Summary information for all VLANs on the device. Usage Guidelines Display the IP address, MAC address, and time assigned to each end device. Example The following command displays DHCP address allocation information about VLAN temp: show vlan temp dhcp-address-allocation...
Page 248: Show Vlan Dhcp-Config
Commands for Managing the Switch show vlan dhcp-config show vlan <vlan-name> dhcp-config Description Displays the DHCP configuration for a specified VLAN. Syntax Description vlan-name Specifies the name of the VLAN for which the DHCP configuration is to be displayed. If no VLAN name is specified, summary configuration information is shown for all VLANs on the device.
Page 249 show vlan dhcp-config Platform Availability This command is available on the “i” series platform only. ExtremeWare 7.7 Command Reference Guide...
Page 250: Telnet
Commands for Managing the Switch telnet telnet [<ipaddress> | <hostname>] {<port_number>} Description Allows you to Telnet from the current command-line interface session to another host. Syntax Description ipaddress Specifies the IP address of the host. hostname Specifies the name of the host. (4.x and higher) port_number Specifies a TCP port number.
Page 251 telnet History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.x to support the hostname port number parameters. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 252: Unconfigure Management
Commands for Managing the Switch unconfigure management unconfigure management Description Restores default values to all SNMP-related entries. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command restores default values to all SNMP-related entries on the switch: unconfigure management History This command was first available in ExtremeWare 2.0.
Page 253: Commands For Configuring Slots And Ports On A Switch
If autonegotiation is set to off, flow control is disabled. When autonegotiation is turned on, flow control is enabled. Load sharing with Extreme Networks switches allows you to increase bandwidth and resilience between switches by using a group of ports to carry traffic in parallel between switches. The sharing algorithm allows the switch to use multiple ports as a single logical port.
Page 254 Commands for Configuring Slots and Ports on a Switch Load sharing is most useful in cases where the traffic transmitted from the switch to the load-sharing group is sourced from an equal or greater number of ports on the switch. For example, traffic transmitted to a two-port load-sharing group should originate from a minimum of two other ports on the same switch.
Page 255: Clear Slot
clear slot clear slot clear slot <slot> Description Clears a slot of a previously assigned module type. Syntax Description slot Specifies a modular switch slot number. Default Usage Guidelines All configuration information related to the slot and the ports on the module is erased. If a module is present when you issue this command, the module is reset to default settings.
Page 256: Configure Backplane-Ls-Policy
Commands for Configuring Slots and Ports on a Switch configure backplane-ls-policy configure backplane-ls-policy [address-based | port-based | round-robin] Description Selects a load-sharing policy for the backplane on a BlackDiamond switch. NOTE This command is available only on BlackDiamond switches. Syntax Description address-based Specifies address-based algorithm.
Page 257: Configure Ip-Mtu Vlan
configure ip-mtu vlan configure ip-mtu vlan configure ip-mtu <number> vlan <vlan name> Description Sets the maximum transmission unit (MTU) for the VLAN. Syntax Description IP MTU number Specifies the value. Range is from 1500 to 9194. vlan name Specifies a VLAN name. Default The default IP MTU size is 1500.
Page 258 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 259: Configure Jumbo-Frame Size
configure jumbo-frame size configure jumbo-frame size configure jumbo-frame size <number> Description This command sets the maximum jumbo frame size for the switch chassis. NOTE This command is available only on the “i” series switches and the Summit 400-48t switch. Syntax Description number Specifies a maximum transmission unit (MTU) size for a jumbo frame.
Page 260 Commands for Configuring Slots and Ports on a Switch Example The following command configures the maximum MTU size of a jumbo frame size to 5500: configure jumbo-frame size 5500 History This command was first available in ExtremeWare 6.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on the “i”...
Page 261: Configure Mirroring Add
configure mirroring add configure mirroring add configure mirroring add [<mac_address> | vlan <vlan name> {ports <port number>} | ports <portnumber> {vlan <vlan name>}] Description Adds a particular mirroring filter definition on the switch. Syntax Description mac_address Specifies a MAC address. (Supported in versions 2.0 - 4x only) vlan name Specifies a VLAN name.
Page 262 Commands for Configuring Slots and Ports on a Switch For version 2.0 and 4.0: In addition to the physical port, VLAN, and virtual port, the traffic filter can be defined based on the following criteria: • MAC source address/destination address—All data sent to or received from a particular source or destination MAC address is copied to the monitor port.
Page 263: Configure Mirroring Delete
configure mirroring delete configure mirroring delete configure mirroring delete [<mac_address> | vlan <vlan name> {ports <portnumber>} | ports <portnumber> {vlan <vlan name>}] Description Deletes a particular mirroring filter definition on the switch. Syntax Description mac_address Specifies a MAC address. (Supported in versions 4.0 and 6.0 only) vlan name Specifies a VLAN name.
Page 264 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 265: Configure Msm-Failover Link-Action
configure msm-failover link-action configure msm-failover link-action configure msm-failover link-action [keep-links-up {preserve-state [l2 | l2_l3]} | take-links-down] Description Configures external port response when MSM failover occurs. NOTE This command is available only on the BlackDiamond switches. Syntax Description keep-links-up Configures the external ports to not be reset when MSM failover occurs. NOTE: This option is available only on the “i”...
Page 266 Commands for Configuring Slots and Ports on a Switch The design of the neighboring router and/or the network traffic load determines whether a network re-routing operation is or is not hitless. If you enter , you also need to configure ESRP for hitless failover to preserve the ESRP state. l2_l3 Example The following command prevents external ports from being reset when an MSM failover occurs:...
Page 267: Configure Msm-Failover Slave-Config
configure msm-failover slave-config configure msm-failover slave-config configure msm-failover slave-config [inherited | flash] Description Configures the slave MSM-3 to inherit the software configuration from the master MSM-3. NOTE This command is available only on the BlackDiamond switches. Syntax Description inherited Specifies that the slave MSM-3 inherits the software configuration maintained by the current master MSM-3 (this supports hitless failover).
Page 268: Configure Msm-Failover Timeout
Commands for Configuring Slots and Ports on a Switch configure msm-failover timeout configure msm-failover timeout <time> Description Configures the failover timer. NOTE This command is available only on the MSM-3 in the BlackDiamond switch. Syntax Description time Specifies the failover time. By default, the failover time is 60 seconds, and the range is 30 to 300 seconds.
Page 269: Configure Port Aggregate-Bandwidth Percent
configure port aggregate-bandwidth percent configure port aggregate-bandwidth percent configure port <portnumber> aggregate-bandwidth percent <bandwidth> Description Controls the egress bandwidth of a particular port by restricting it to the specified percentage. NOTE This command is available only on the “i” series switches. Syntax Description portnumber Specifies a port or slot and port.
Page 270: Configure Port Interpacket-Gap
10 Gigabit Ethernet interfaces drop packets when packets are transmitted using a value of 12. Thus, by increasing the Interpacket Gap, packet transmission is slowed and packet loss can be minimized or prevented. The Interpacket Gap value need not be modified when interconnecting Extreme Networks switches over 10 Gigabit Ethernet links.
Page 271: Configure Ports
configure ports configure ports configure ports [<portlist> vlan <vlan name> | all] [limit-learning <number> | lock-learning | unlimited-learning | unlock-learning] Description Configures virtual ports for limited or locked MAC address learning. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 272 Commands for Configuring Slots and Ports on a Switch • EDP traffic Traffic from the permanent MAC and any other non-blackholed MACs will still flow from the virtual port. If you configure a MAC address limit on VLANS that have ESRP enabled, you should add an additional back-to-back link (that has no MAC address limit on these ports) between the ESRP-enabled switches.
Page 273 configure ports History This command was first available in ExtremeWare 6.2.1. This command was added to the Summit “e” series of switches in ExtremeWare 7.3e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 274: Configure Ports Auto-Polarity
Commands for Configuring Slots and Ports on a Switch configure ports auto-polarity configure ports [<portlist> | all] auto-polarity [off | on] Description Configures the autopolarity detection feature on the specified Ethernet ports. Syntax Description portlist Specifies one or more ports on the switch. May be in the form 1, 2, 3-5. Specifies all of the ports on the switch.
Page 275: Configure Ports Auto Off
configure ports auto off configure ports auto off configure ports [<portlist> | all | mgmt] auto off {speed [10 | 100 | 1000]} duplex [half | full] Description Manually configures port speed and duplex setting configuration on one or more ports on a switch. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 276 Commands for Configuring Slots and Ports on a Switch For version 6.1: • The parameter specifies all ports on the switch. • The parameter specifies 1000 Mbps ports. 1000 Example The following example turns autonegotiation off for port 4 (a Gigabit Ethernet port) on a stand-alone switch: configure ports 4 auto off duplex full The following example turns autonegotiation off for slot 2, port 1 on a modular switch:...
Page 277: Configure Ports Auto On
configure ports auto on configure ports auto on configure ports [<portlist> | mgmt | all] auto on {speed [10 | 100 | 1000]} Description Enables autonegotiation for the particular port type. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 278 Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 6.1 to support the parameter. This command was modified in ExtremeWare 4.0 to support modular switches. This command was added to the Summit “e”...
Page 279: Configure Ports Display-String
configure ports display-string configure ports display-string configure ports [<portlist> | mgmt] display-string <alphanumeric string> Description Configures a user-defined string for a port or group of ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 280 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 281: Configure Ports Link-Detection-Level
configure ports link-detection-level configure ports link-detection-level configure ports <portlist> link-detection-level <link-detection-level> Description Configures the link detection level. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies one or more primary ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 282: Configure Ports Preferred-Medium
Commands for Configuring Slots and Ports on a Switch configure ports preferred-medium configure ports <nnn> preferred-medium {copper} | {fiber} |[force] Description Configures the primary uplink port to use a preferred medium. NOTE This command is available only on the Summit 300-24 and Summit 400-48t switches. Syntax Description Specifies the port number.
Page 283 configure ports preferred-medium History This command was first available in ExtremeWare 7.2.e. Platform Availability This command is only available on Summit 300-24 and Summit 400-48t switches. ExtremeWare 7.7 Command Reference Guide...
Page 284: Configure Ports Redundant
Commands for Configuring Slots and Ports on a Switch configure ports redundant configure ports [<portlist> | <portid>] redundant [<portlist> | <portid>] Description Configures a software-controlled redundant port. Syntax Description portlist Specifies one or more primary ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 285 configure ports redundant • Software redundant ports are not supported on 1000BASE-T ports. Software redundant port only cover failures where both the TX and RX paths fail. If a single strand of fiber is pulled, the software redundant port cannot correctly recover from the failure. Example The following command configures a software-controlled redundant port on a stand-alone switch: configure ports 3 redundant 4...
Page 286: Configure Ports Vdsl
Commands for Configuring Slots and Ports on a Switch configure ports vdsl configure ports <portlist> vdsl [5meg | 10meg | etsi] Description Configures VDSL ports. Syntax Description portlist Specifies one or more slots and ports. Can specify a list of slots and ports, and may be in the form 2:*, 2:5, 2:6-2:8.
Page 287: Configure Sharing Address-Based
configure sharing address-based configure sharing address-based For “i” series switches: configure sharing address-based [L2 | L2_L3 | L2_L3_L4] For ”e” series switches: configure sharing address-based [ip-dest| ip-source| ip-source-dest |mac-dest | mac-source | mac-source-dest] Description Configures the part of the packet examined by the switch when selecting the egress port for transmitting load-sharing data.
Page 288 Commands for Configuring Slots and Ports on a Switch • IPX packets—Uses the source and destination MAC address and IPX identifiers. • All other packets—Uses the source and destination MAC address. To verify your configuration, use the command. The show sharing show sharing address-based address-based output displays the addressed-based configurations on the switch.
Page 289: Configure Slot
configure slot configure slot configure slot <slot> module <module name> Description Configures a slot for a particular I/O module in a modular switch. NOTE This command is available only on modular switches. Syntax Description slot Specifies the slot number. module name Specifies the type of module for which the slot should be configured.
Page 290 Commands for Configuring Slots and Ports on a Switch gm16x—Specifies a Gigabit Ethernet, 16-mini-GBIC port, oversubscribed, fiber module gm16t—Specifies a Gigabit Ethernet, 16-port, oversubscribed, copper module. wdmi—Specifies a Gigabit Ethernet WAN module. (6.1 or later) wm4t1—Specifies a T1 WAN module. (6.1 or later) wm4e1—Specifies an E1 WAN module.
Page 291 configure slot This command was modified in ExtremeWare 6.0 to support the Alpine and additional BlackDiamond F48T, G8X, and G12X I/O modules. Platform Availability This command is available on modular switches only. ExtremeWare 7.7 Command Reference Guide...
Page 292: Disable Card-Scan
Commands for Configuring Slots and Ports on a Switch disable card-scan disable card-scan Description Disables the card-scan feature on MSM slots in the BlackDiamond switch. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default By default, card-scan is enabled.
Page 293 disable card-scan Platform Availability This command is available only on BlackDiamond switches. ExtremeWare 7.7 Command Reference Guide...
Page 294: Disable Edp Ports
Numerical Ranges” or “Stand-alone Switch Numerical Ranges” in Chapter 1. You can use the command to disable EDP on one or more ports when you no disable edp ports longer need to locate neighbor Extreme Networks switches. For version 6.1: • The parameter specifies all ports on the switch.
Page 295 disable edp ports History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was modified in ExtremeWare 6.1 to support the parameter. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. This command was modified in ExtremeWare 7.2e to support the keyword.
Page 296: Disable Flooding Ports
Commands for Configuring Slots and Ports on a Switch disable flooding ports disable flooding ports <portlist> Description Disables packet flooding on one or more ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 297: Disable Jumbo-Frame Ports
disable jumbo-frame ports disable jumbo-frame ports disable jumbo-frame ports [<portlist> | all] Description Disables jumbo frame support on a port. For PoS modules. This command applies to PoS ports when disabling jumbo-frame support changes the negotiated maximum receive unit (MRU) size. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 298: Disable Lbdetect Port
Commands for Configuring Slots and Ports on a Switch disable lbdetect port disable lbdetect port <portlist> Description Disables the detection of loops between ports. Syntax Description portlist Specifies one or more ports or slots and ports to be grouped to the master port. On a modular switch, can be a list of slots and ports.
Page 299: Disable Learning Ports
disable learning ports disable learning ports disable learning ports <portlist> Description Disables MAC address learning on one or more ports for security purposes. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 300: Disable Mirroring
Commands for Configuring Slots and Ports on a Switch disable mirroring disable mirroring Description Disables port-mirroring. Syntax Description This command has no arguments or variables. Default Enabled Usage Guidelines Use the command to stop configured copied traffic associated with one or more disable mirroring ports.
Page 301: Disable Ports
disable ports disable ports disable ports [<portlist> | all |{vlan} <vlan name>] Description Disables one or more ports on the switch. For PoS modules. Brings down the PPP link on the specified port and changes the port status LED to blinking green.
Page 302 Commands for Configuring Slots and Ports on a Switch The command was modified in ExtremeWare 7.3 and ExtremeWare 7.3e to support the option. vlan Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 303: Disable Sharing
disable sharing disable sharing disable sharing [<port>] Description Disables a load-sharing group of ports. Syntax Description port Specifies the master port of a load-sharing group. On a modular switch, is a combination of the slot and port number, in the format <slot>:<port>. Default Disabled Usage Guidelines...
Page 304: Disable Slot
Commands for Configuring Slots and Ports on a Switch disable slot disable slot [all | msm-a | msm-b | msm-s | msm-d | <slot number>] Description Disables one or all slots on a BlackDiamond or Alpine switch, and leaves the module in a power-down state.
Page 305 disable slot History This command was first available in ExtremeWare 6.2.1. Platform Availability This command is available on BlackDiamond and Alpine switches only. ExtremeWare 7.7 Command Reference Guide...
Page 306: Disable Smartredundancy
For a detailed explanation of port specification, see “Modular Switch Numerical Ranges” or “Stand-alone Switch Numerical Ranges” in Chapter 1. Use with Extreme Networks switches that support privacy and backup uplinks. When smartredundancy is disabled, the switch changes the active link only when the current active link becomes inoperable.
Page 307: Enable Card-Scan
enable card-scan enable card-scan enable card-scan Description Enables the card-scan function on MSM slots in the BlackDiamond switch. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default By default, card-scan is enabled. Usage Guidelines On certain BlackDiamond switches running earlier releases of ExtremeWare, hot insertion of a slave MSM causes one or more of the following conditions:...
Page 308 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available only on BlackDiamond switches. ExtremeWare 7.7 Command Reference Guide...
Page 309: Enable Edp Ports
EDP is useful when Extreme Networks switches are attached to a port. The EDP is used to locate neighbor Extreme Networks switches and exchange information about switch configuration. When running on a normal switch port, EDP is used to by the switches to exchange topology information with each other.
Page 310 Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e Platform Availability This command is available on all platforms.
Page 311: Enable Flooding Ports
enable flooding ports enable flooding ports enable flooding ports <portlist> Description Enables packet flooding on one or more ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 312: Enable Jumbo-Frame Ports
Commands for Configuring Slots and Ports on a Switch enable jumbo-frame ports enable jumbo-frame ports [<portlist> | all] Description Enables support on the physical ports that will carry jumbo frames. For PoS modules. Enables jumbo-frame support to specific PoS ports when jumbo-frame support changes the negotiated maximum receive unit (MRU) size.
Page 313: Enable Lbdetect Port
enable lbdetect port enable lbdetect port enable lbdetect port <portlist> [retry-timeout<seconds>] Description Enables the system to detect loops between ports. If a port is looped, it disables the port. Every n seconds, it re-enables the port and tries again, unless “none” is specified Syntax Description portlist Specifies one or more ports or slots and ports to be grouped to the master port.
Page 314: Enable Learning Ports
Commands for Configuring Slots and Ports on a Switch enable learning ports enable learning ports <portlist> Description Enables MAC address learning on one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 315: Enable Mirroring To Port
enable mirroring to port enable mirroring to port enable mirroring to port [<port>] [tagged | untagged] Description Dedicates a port on the switch to be the mirror output port. Syntax Description port Specifies the port to be the mirror output port. tagged Configures the port as tagged.
Page 316 Commands for Configuring Slots and Ports on a Switch Example The following example selects port 3 as a tagged mirror port on a stand-alone switch: enable mirroring to port 3 tagged The following example selects slot 1, port 3 as the mirror port on a modular switch: enable mirroring to port 1:3 History This command was first available in ExtremeWare 2.0.
Page 317: Enable Ports
enable ports enable ports enable ports [<portlist> | all | {vlan} <vlan name>] Description Enables a port. For PoS modules. Enables the PPP link on the specified port, and changes the port status LED to solid green (if no other problems exist). Syntax Description portlist Specifies one or more ports or slots and ports.
Page 318 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 319: Enable Sharing Grouping
Load sharing must be enabled on both ends of the link, or a network loop will result. While LACP is based on industry standard, this feature is supported between Extreme Networks switches only. However, it may be compatible with third-party “trunking” or sharing algorithms. Check with an Extreme Networks technical representative for more information.
Page 320 This feature is supported between Extreme Networks switches only, but may be compatible with third-party trunking or link-aggregation algorithms. Check with an Extreme Networks technical representative for more information. Load-sharing algorithms allow you to select the distribution technique used by the load-sharing group to determine the output port selection.
Page 321 enable sharing grouping • Round-robin—When the switch receives a stream of packets, it forwards one packet out of each physical port in the load-sharing group using a round-robin scheme. The round-robin algorithm is available only on “i” series switches. Using the round-robin algorithm, packet sequencing between clients is not guaranteed. If you do not explicitly select an algorithm, the port-based scheme is used.
Page 322: Enable Slot
Commands for Configuring Slots and Ports on a Switch enable slot enable slot [all | msm-a | msm-b | msm-c | msm-d | <slot number>] Description Enables one or all slots on a BlackDiamond or Alpine switch. NOTE This command is available only on the BlackDiamond and Alpine switches. Syntax Description Species that all slots in the device should be enables.
Page 323 enable slot History This command was first available in ExtremeWare 6.2.1. Platform Availability This command is available on BlackDiamond and Alpine switches only. ExtremeWare 7.7 Command Reference Guide...
Page 324: Enable Smartredundancy
Commands for Configuring Slots and Ports on a Switch enable smartredundancy enable smartredundancy <portlist> Description Enables the Smart Redundancy feature on the redundant Gigabit Ethernet port. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 325: Restart Ports
restart ports restart ports restart ports [<portlist> Description Resets autonegotiation for one or more ports by resetting the physical link. For PoS modules. Causes the PPP link to be renegotiated. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 326: Run Msm-Failover
Commands for Configuring Slots and Ports on a Switch run msm-failover run msm-failover Description Causes a user-specified MSM failover. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines None Example The following command causes a user-specified MSM failover:...
Page 327: Show Edp
This is most effective show edp with Extreme Networks switches. Example The following command displays the connectivity and configuration of neighboring Extreme Networks switches: show edp Following is the output from this command:...
Page 328 Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 329: Show Mirroring
show mirroring show mirroring show mirroring Description Displays the port-mirroring configuration on the switch. Syntax Description This command has no arguments or variables. Default Usage Guidelines You must configure mirroring on the switch to display mirroring statistics. Use the show mirroring command to configure mirroring.
Page 330: Show Msm-Failover
Commands for Configuring Slots and Ports on a Switch show msm-failover show msm-failover Description Displays hitless failover statistics. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines None Example The following command displays MSM failover statistics:...
Page 331 ® — unknown—If this state is displayed, contact Extreme Networks Technical Support. — <not available>—The state and reason for the current slave shows this if the slave is in the process of being rebooted or is not present in the chassis.
Page 332: Show Ports Vlan Stats
Commands for Configuring Slots and Ports on a Switch show ports vlan stats show ports <portlist> | vlan <vlan_name> vlan stats Description Displays port VLAN statistics. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 333 show ports vlan stats Platform Availability This command is available on the “i” series platforms only. ExtremeWare 7.7 Command Reference Guide...
Page 334: Show Ports Collisions
Commands for Configuring Slots and Ports on a Switch show ports collisions show ports {mgmt | <portlist>} collisions Description Displays real-time collision statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 335 show ports collisions ============================================================================== Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback 0->Clear Counters U->page up D->page down ESC->exit History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 336: Show Ports Configuration
Commands for Configuring Slots and Ports on a Switch show ports configuration show ports {mgmt | <portlist>| vlan <vlan name>} configuration Description Displays port configuration statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 337 show ports configuration Following is the output from this command: Port Configuration Monitor Thu Oct 24 16:22:08 2002 Port Port Link Auto Speed Duplex Flow Ld Share Media State Status Neg Cfg Actual Cfg Actual Ctrl Master Pri ENABLED R AUTO 1000 AUTO FULL NONE...
Page 338: Show Ports Info
Commands for Configuring Slots and Ports on a Switch show ports info show ports {mgmt | <portlist>| vlan <vlan name>} info {detail} Description Displays detailed system-related information. For PoS modules. Displays port information that includes new DiffServ and RED configuration parameters.
Page 339 show ports info — Flooding — QoS profiles — ELSM status, if configured If you do not specify a port number or range of ports, detailed system-related information is displayed for all ports. The data is displayed in a table format. On a modular switch, can be a list of slots and ports.
Page 340 Commands for Configuring Slots and Ports on a Switch Flags: (a) Load Sharing Algorithm address-based, (d) DLCS Enabled (D) Port Disabled, (dy) Dynamic Load Sharing (e) Extreme Discovery Protocol Enabled, (E) Port Enabled (f) Flooding Enabled, (g) Egress TOS Enabled, (G) SLB GoGo Mode (h) Hardware Redundant Phy, (j) Jumbo Frame Enabled (l) Load Sharing Enabled, (m) MAC Learning Enabled (n) Ingress TOS Enabled, (o) Dot1p Vlan Priority Replacement Enabled...
Page 341 show ports info 08->QP2 09->QP2 10->QP2 11->QP2 12->QP2 13->QP2 14->QP2 15->QP2 16->QP3 17->QP3 18->QP3 19->QP3 20->QP3 21->QP3 22->QP3 23->QP3 24->QP4 25->QP4 26->QP4 27->QP4 28->QP4 29->QP4 30->QP4 31->QP4 32->QP5 33->QP5 34->QP5 35->QP5 36->QP5 37->QP5 38->QP5 39->QP5 40->QP6 41->QP6 42->QP6 43->QP6 44->QP6 45->QP6 46->QP6 47->QP6 48->QP7 49->QP7 50->QP7 51->QP7 52->QP7 53->QP7 54->QP7 55->QP7 56->QP8 57->QP8 58->QP8 59->QP8 60->QP8 61->QP8 62->QP8 63->QP8 Egress IPTOS:...
Page 342: Show Ports Packet
Commands for Configuring Slots and Ports on a Switch show ports packet show ports {mgmt | <portlist>| vlan <vlan name>} packet Description Displays a histogram of packet statistics. Syntax Description mgmt Specifies the management port Supported only for switches that provide a management port, such as the Summit 400.
Page 343 show ports packet =====Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback 0->Clear Counters U->page up D->page down ESC->exit The following command displays packet statistics for slot 1, ports 1 through 8, slot 2, ports 1 through 8, and slot 3, port 1 on a modular switch: show ports 1:1-1:8, 2:1-2:8, 3:1 packet Following is the output from this command: Receive Packet Statistics...
Page 344: Show Ports Redundant
Commands for Configuring Slots and Ports on a Switch show ports redundant show ports redundant Description Displays detailed information about redundant ports. NOTE This command is available only on the “e” series switches. Syntax Description This command does not have any parameters or variables. Default Usage Guidelines An asterisk appears when an individual link is active and an exclamation point when the link is...
Page 345: Show Ports Sharing
show ports sharing show ports sharing show ports <portlist> sharing Description Displays port loadsharing groups. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 346 Commands for Configuring Slots and Ports on a Switch Ld Share Type: (a) address based, (dy) dynamic The following command displays the port loadsharing group configured for port 5:4; the current master has shifted to port 7:4 since both ports 5:4 and 5:5 of the group are not active links: show ports 5:4 sharing The following is the output from this command: * admin:3 # sh port 5:4 sharing...
Page 347: Show Ports Utilization
show ports utilization show ports utilization show ports {mgmt | <portlist>| vlan <vlan name>} utilization Description Displays real-time port utilization information. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port, such as the Summit 400. portlist Specifies one or more ports or slots and ports.
Page 348 Commands for Configuring Slots and Ports on a Switch The following examples show the output from the show ports utilization command for all ports on the switch. The three displays show the information presented when you use the spacebar to toggle through the display types.
Page 349 show ports utilization spacebar->toggle screen U->page up D->page down ESC->exit History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 350: Show Ports Vlan Info
Commands for Configuring Slots and Ports on a Switch show ports vlan info show ports <portlist> | vlan <vlan_name> vlan info Description Displays port VLAN information. Syntax Description portlist Specifies one or more ports or slots and ports. Can be one or more port numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
Page 351 show ports vlan info Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 352: Show Sharing Address-Based
Commands for Configuring Slots and Ports on a Switch show sharing address-based show sharing address-based Description Displays the address-based load sharing configuration. Syntax Description This command has no arguments or variables. Default Usage Guidelines This feature is available using the address-based load-sharing algorithm only. The address-based load-sharing algorithm uses addressing information to determine which physical port in the load-sharing group to use for forwarding traffic out of the switch.
Page 353: Show Slot
show slot show slot show slot <slot number> Description Displays slot-specific information. For ARM, ATM, MPLS, PoS, and WAN modules. Displays information that includes data about the software images loaded on the module, as well as status information on the module’s processors. For stacked switches.
Page 354 Commands for Configuring Slots and Ports on a Switch Field Description Manager/Member Stacked Switches only: Indicates whether the switch is a stack manager (master) or a member (slave). Primary ExtremeWare Version Stacked Switches only: ExtremeWare version of the primary software image. Secondary ExtremeWare Version Stacked Switches only: ExtremeWare version of the secondary software image.
Page 355 show slot As the module progresses through its initialization, the command displays the show slot <slot> general purpose processor (GPP) subsystem change state to OPERATIONAL, and then each of the network processors will change state to OPERATIONAL. When the GPP subsystem completes its initialization cycle and the subsystem state is OPERATIONAL, use the command to check the results of the show diagnostics {<slot>}...
Page 356 Commands for Configuring Slots and Ports on a Switch Slot 2 information: State: Operational Serial number: 701024-19-0125F06190 HW Module Type: G8Xi Configured Type: Not configured Gigabit ports available: Link Active: Link Down: GBIC missing: 02 03 04 05 06 07 08 Slot 3 information: State: Operational...
Page 357 show slot Configured Type: Not configured UTP ports available: Link Active: Link Down: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 Slot 6 information:...
Page 358 Commands for Configuring Slots and Ports on a Switch 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] • • • Slot 8 information: State: Operational Serial number: HW Module Type: S400-24P Slave: 00:04:96:1F:A7:3F Primary EW Ver:...
Page 359 show slot As the module progresses through its initialization, the command displays the show slot <slot> general purpose processor (GPP) subsystem change state to OPERATIONAL, and then each of the network processors will change state to OPERATIONAL. When the GPP subsystem completes its initialization cycle and the subsystem state is OPERATIONAL, use the command to check the results of the show diagnostics {<slot>}...
Page 360 Commands for Configuring Slots and Ports on a Switch Gigabit ports available: Link Active: Link Down: 01 02 03 04 05 06 07 08 09 10 11 12 Slot 4 information: State: Operational Network Processor 1 : Operational Network Processor 2 : Operational General Purpose Proc: Operational Serial number: 701039-04-0128F07843...
Page 361 show slot HW Module Type: Empty Configured Type: Not configured Slot 8 information: State: Empty HW Module Type: Empty Configured Type: Not configured History This command was first available in ExtremeWare 4.0. This command was modified in ExtremeWare 6.1 to support PoS modules. This command was modified in ExtremeWare 7.0.0 to support WAN modules.
Page 362: Unconfigure Msm-Failover
Commands for Configuring Slots and Ports on a Switch unconfigure msm-failover unconfigure msm-failover Description Disables hitless failover. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines The following occurs after you execute this command: •...
Page 363: Unconfigure Port Aggregate-Bandwidth
unconfigure port aggregate-bandwidth unconfigure port aggregate-bandwidth unconfigure port <portnumber> aggregate-bandwidth Description Restores the egress bandwidth of a particular port to 100%. NOTE This command is available only on the “i” series switches. Syntax Description portnumber Specifies a port or slot and port. Default None Usage Guidelines...
Page 364: Unconfigure Ports Display String
Commands for Configuring Slots and Ports on a Switch unconfigure ports display string unconfigure ports <portlist> display-string Description Clears the user-defined display string from one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 365: Unconfigure Ports Redundant
unconfigure ports redundant unconfigure ports redundant unconfigure ports [<portlist> | <port id>] redundant Description Clears a previously configured software-controlled redundant port. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 366: Unconfigure Slot
Commands for Configuring Slots and Ports on a Switch unconfigure slot unconfigure slot <slot number> Description Clears a slot of a previously assigned module type. NOTE This command is available only on modular switches. Syntax Description slot number Specifies a slot on a modular switch. Default Usage Guidelines None...
Page 367: Vlan Commands
VLAN Commands This chapter describes the following commands: • Commands for creating and deleting VLANs and performing basic VLAN configuration • Commands for defining protocol filters for use with VLANs VLANs can be created according to the following criteria: • Physical port—A port-based VLAN consists of a group of one or more ports on the switch. A port can be a member of only one port-based VLAN, and is by default a member of the VLAN named Default.
Page 368: Configure Dot1Q Ethertype
Use this command if you need to communicate with a switch that supports 802.1Q, but uses an Ethertype value other than 8100. This feature is useful for VMAN tunneling. Extreme Networks recommends the use of IEEE registered Ethertype 0x88a8 for deploying vMANs.
Page 369: Configure Mac-Vlan Add Mac-Address
configure mac-vlan add mac-address configure mac-vlan add mac-address configure mac-vlan add mac-address [any | <mac_address>] mac-group [any | <group_number>] vlan <vlan name> Description Adds a MAC address as a potential member of a MAC-based VLAN. Syntax Description mac_address The MAC address to be added to the specified VLAN. Specified in the form nn:nn:nn:nn:nn:nn.
Page 370 VLAN Commands The following command sets up the end-station 00:00:00:00:00:02 to participate in VLAN engineering through the ports in group 10 (ports 11 or 12) or through ports 16 or 17 (enabled for any mac-group): configure mac-vlan add mac-address 00:00:00:00:00:02 mac-group 10 vlan engineering History This command was first available in ExtremeWare 6.0.
Page 371: Configure Mac-Vlan Delete
configure mac-vlan delete configure mac-vlan delete configure mac-vlan delete [all | mac-address [<mac_address> | any]] Description Removes a MAC address from any MAC-based VLANs with which it was associated. Syntax Description Indicates that all MAC addresses should be removed from all VLANs. mac_address The MAC address to be removed.
Page 372: Configure Ports Monitor Vlan
VLAN Commands configure ports monitor vlan configure ports <portlist> monitor vlan <vlan name> Description Configures VLAN statistic monitoring on a per-port basis. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies one or more ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. vlan name Specifies a VLAN name.
Page 373: Configure Protocol Add
configure protocol add configure protocol add configure protocol <protocol_name> add <protocol_type> <hex_value> {<protocol_type> <hex_value>} ... Description Configures a user-defined protocol filter. NOTE This command is available only on the “i” series switches and the Summit 400 series switches. Syntax Description protocol_name Specifies a protocol filter name.
Page 374 VLAN Commands Platform Availability This command is available on the “i” series platforms and the Summit 400 series switches. ExtremeWare 7.7 Command Reference Guide...
Page 375: Configure Protocol Delete
configure protocol delete configure protocol delete configure protocol <protocol_name> delete <protocol_type> <hex_value> {<protocol_type> <hex_value>} ... Description Deletes the specified protocol type from a protocol filter. Syntax Description protocol_name Specifies a protocol filter name. protocol_type Specifies a protocol type. Supported protocol types include: •...
Page 376: Configure Vlan Add Member-Vlan
VLAN Commands configure vlan add member-vlan configure vlan <translation vlan name> add member-vlan <vlan name> Description Adds a member VLAN to a translation VLAN. NOTE This command is available only on the “i” series switches. Syntax Description translation vlan name Specifies a translation VLAN.
Page 377: Configure Vlan Add Ports
configure vlan add ports configure vlan add ports For “i” series switches: configure vlan <vlan name> add ports <portlist> {tagged | untagged} {nobroadcast} {soft-rate-limit} For “e” series switches: configure vlan <vlan name> add ports <portlist> {tagged | untagged} Description Adds one or more ports in a VLAN. Syntax Description vlan name Specifies a VLAN name.
Page 378 VLAN Commands History This command was first available in ExtremeWare 1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. This command was modified in ExtremeWare 7.2e to support rate limiting with the soft-rate-limit keyword. Platform Availability This command is available on all platforms.
Page 379: Configure Vlan Add Ports Loopback-Vid
configure vlan add ports loopback-vid configure vlan add ports loopback-vid configure vlan <vlan name> add ports <portlist> loopback-vid <vlan-id> Description Adds a loopback port to a VLAN. NOTE This command is available only on the “i” series switches. Syntax Description vlan name Specifies a VLAN name.
Page 380 VLAN Commands History This command was first available in ExtremeWare 6.0. Platform Availability This command is available only on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 381: Configure Vlan Add Secondary-Ip
configure vlan add secondary-ip configure vlan add secondary-ip configure vlan <vlan-name> add secondary-ip <sec-ip-address> {<sec-ip-mask> | <mask-length>} Description Configures the secondary IP address for the selected VLAN. NOTE This command is available only on the “i” series switches. Syntax Description vlan-name Specifies the name of the VLAN to be configured.
Page 382 VLAN Commands History This command was enhanced for multinetting and made available in ExtremeWare 7.3.0. In earlier releases of ExtremeWare the secondary IP addresses must fall in the same subnet as the primary IP address. With ExtremeWare 7.3.0, secondary IP addresses specify local subnets in the switch and must be unique.
Page 383: Configure Vlan Delete Member-Vlan
configure vlan delete member-vlan configure vlan delete member-vlan configure vlan <translation vlan name> delete member-vlan [<vlan name> | all] Description Deletes a member VLAN from a translation VLAN. NOTE This command is available only on the “i” series switches. Syntax Description translation vlan name Specifies a translation VLAN.
Page 384: Configure Vlan Delete Port
VLAN Commands configure vlan delete port configure vlan <vlan name> delete port [all | <portlist>] Description Deletes one or more ports in a VLAN. Syntax Description vlan name Specifies a VLAN name. portlist A list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Usage Guidelines None...
Page 385: Configure Vlan Delete Secondary-Ip
configure vlan delete secondary-ip configure vlan delete secondary-ip configure vlan <vlan-name> delete secondary-ip {<sec-ip-address> | all} Description Deletes a secondary IP address from the specified VLAN. NOTE This command is available only on the “i” series switches. Syntax Description vlan-name Specifies the name of the VLAN to be configured.
Page 386: Configure Vlan Ipaddress
VLAN Commands configure vlan ipaddress configure vlan <vlan name> ipaddress <ipaddress> {<netmask> | <mask length> Description Assigns an IP address and an optional subnet mask to the VLAN. Syntax Description vlan name Specifies a VLAN name. ipaddress Specifies an IP address. netmask Specifies a subnet mask in dotted-quad notation (for example, 255.255.255.0).
Page 387: Configure Vlan Name
configure vlan name configure vlan name configure vlan <old_name> name <new_name> Description Renames a previously configured VLAN. Syntax Description old_name Specifies the current (old) VLAN name. new_name Specifies a new name for the VLAN. Default Usage Guidelines You cannot change the name of the default VLAN Default. Example The following command renames VLAN vlan1 to engineering: configure vlan vlan1 name engineering...
Page 388: Configure Vlan Protocol
VLAN Commands configure vlan protocol configure vlan <vlan name> protocol [<protocol_name> | any] Description Configures a VLAN to use a specific protocol filter. NOTE This command is available only on the “i” series switches and the Summit 400 series switches. Syntax Description vlan name Specifies a VLAN name.
Page 389: Configure Vlan Tag
configure vlan tag configure vlan tag configure vlan <vlan name> tag <vlan tag> Description Assigns a unique 802.1Q tag to the VLAN. Syntax Description vlan name Specifies a VLAN name. vlan tag Specifies a value to use as an 802.1Q tag. The valid range is from 2 to 4,095. Default The default VLAN uses an 802.1Q tag (and an internal VLANid) of 1.
Page 390: Create Protocol
VLAN Commands create protocol create protocol <protocol_name> Description Creates a user-defined protocol filter. NOTE This command is available only on the “i” series switches and the Summit 400 series switches. Syntax Description protocol_name Specifies a protocol filter name. The protocol filter name can have a maximum of 31 characters.
Page 391: Create Vlan
create vlan create vlan create vlan <vlan name> Description Creates a named VLAN. Syntax Description vlan name Specifies a VLAN name (up to 32 characters). Default A VLAN named Default exists on all new or initialized Extreme switches: • It initially contains all ports on a new or initialized switch, except for the management port(s), if there are any.
Page 392 VLAN Commands Example The following command creates a VLAN named accounting: create vlan accounting History This command was first available in ExtremeWare 1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 393: Delete Protocol
delete protocol delete protocol delete protocol <protocol_name> Description Deletes a user-defined protocol. Syntax Description protocol_name Specifies a protocol name. Default Usage Guidelines If you delete a protocol that is in use by a VLAN, the protocol associated with that VLAN becomes “none.”...
Page 394: Delete Vlan
VLAN Commands delete vlan delete vlan <vlan name> Description Deletes a VLAN. Syntax Description vlan name Specifies a VLAN name. Default Usage Guidelines If you delete a VLAN that has untagged port members, and you want those ports to be returned to the default VLAN, you must add them back explicitly using the command.
Page 395: Disable Mac-Vlan Port
disable mac-vlan port disable mac-vlan port disable mac-vlan port <portlist> Description Disables a port from using the MAC-based VLAN algorithm. Syntax Description portlist A list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Usage Guidelines Disabling a port removes it from the MacVlanDiscover VLAN, but does not automatically return it to...
Page 396: Enable Mac-Vlan Mac-Group Port
VLAN Commands enable mac-vlan mac-group port enable mac-vlan mac-group [any | <group_number>] port <portlist> Description Enables a port to use the MAC-based VLAN algorithm. Syntax Description group_number A group number that should be associated with a specific set of ports. Specified as an integer. any indicates that these ports can be considered members of any MAC group.
Page 397: Show Mac-Vlan
show mac-vlan show mac-vlan show mac-vlan {configuration | database} Description Displays the MAC-based VLAN configuration and MAC address database content. Syntax Description configuration Specifies display of the MAC-based VLAN configuration only. database Specifies display of the MAC address database content only. Default Shows both configuration and database information.
Page 398: Show Protocol
VLAN Commands show protocol show protocol {<protocol>} Description Displays protocol filter definitions. Syntax Description protocol Specifies a protocol filter name. Default Displays all protocol filters. Usage Guidelines Displays the defined protocol filter(s) with the types and values of its component protocols. Example The following is an example of the command:...
Page 399: Show Vlan
show vlan show vlan For the “i” series platforms: show vlan {[<vlan name>} | detail | stats <vlan-name>]} For the “e” series platforms: show vlan {<vlan name> | detail} Description Displays configuration information about specified VLANs. Syntax Description vlan-name Specifies the name of the VLAN whose configuration is to be displayed. detail Specifies that detailed information should be displayed for each VLAN.
Page 400 VLAN Commands Examples The following is an example of the command: show vlan MSM64:1 # show vlan Name Protocol Addr Flags Proto Ports Default 0.0.0.0 /BP -----T-------- ANY MacVlanDiscover 4095 ------------------ ------ Mgmt 4094 10.5.4.80 /24 -------------- ANY 4093 192.168.11.1 /24 ------f------- ANY 4092 192.168.12.1 /24 ------f------- ANY...
Page 401 show vlan The following example shows the detail information for VLAN, called “v2,” which contains a port for a load-sharing group that spans multiple modules: show vlan detail VLAN Interface[3-201] with name “v2” created by user Tagging: 802.1Q Tag 2 Priority: 802.1P Priority 7 10.222.0.2/255.255.255.0...
Page 402: Unconfigure Ports Monitor Vlan
VLAN Commands unconfigure ports monitor vlan unconfigure ports <portlist> monitor vlan <vlan name> Description Removes port-based VLAN monitoring. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies one or more ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. vlan name Specifies a VLAN name.
Page 403: Unconfigure Vlan Ipaddress
unconfigure vlan ipaddress unconfigure vlan ipaddress unconfigure vlan <vlan name> ipaddress Description Removes the primary IP address of a VLAN. Syntax Description vlan-name Specifies the name of the VLAN for which the primary IP address is to be unconfigured. Default Usage Guidelines Use this command to remove the primary IP address on a VLAN.
Page 404 VLAN Commands ExtremeWare 7.7 Command Reference Guide...
Page 405: Fdb Commands
FDB Commands This chapter describes commands for: • Configuring FDB entries • Displaying FDB entries • Configuring and enabling FDB scanning The switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered. Each FDB entry consists of the MAC address of the device, an identifier for the port on which it was received, and an identifier for the VLAN to which the device belongs.
Page 406: Clear Fdb
FDB Commands clear fdb On the “i” series of switches: clear fdb {<mac_address> | blackhole | ports <portlist> | remap | vlan <vlan name>} On the “e” series of switches: clear fdb {<mac_address> | blackhole | ports <portlist> | vlan <vlan name>} Description Clears dynamic FDB entries that match the filter.
Page 407 clear fdb You can also display FDB scan statistics using the following command: show diagnostics sys-health-check Example The following command clears any FDB entries associated with ports 3-5: clear fdb ports 3-5 The following command clears any FDB entries associated with VLAN corporate: clear fdb vlan corporate On the “i”...
Page 408: Configure Fdb Agingtime
FDB Commands configure fdb agingtime configure fdb agingtime <seconds> Description Configures the FDB aging time for dynamic entries. Syntax Description seconds Specifies the aging time in seconds. Range is 15 through 1,000,000. A value of 0 indicates that the entry should never be aged out. Default 300 seconds Usage Guidelines...
Page 409: Configure Fdb-Scan Failure-Action
configure fdb-scan failure-action configure fdb-scan failure-action configure fdb-scan failure-action [log | sys-health-check] Description Configures the action the switch takes if too many failures are detected within the specified FDB scan period. Syntax Description Specifies that messages are sent to the syslog. sys-health-check Specifies the configured system health check action is taken.
Page 410 FDB Commands This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on the “i” series platform only. ExtremeWare 7.7 Command Reference Guide...
Page 411: Configure Fdb-Scan Period
Do you wish to do this? (yes, no, cancel) 06/19/2003 10:29.28 <INFO:SYST> serial admin: configure fdb-scan period 1 Extreme Networks recommends an interval period of at least 15 seconds. This setting is independent of and does not affect the system health check configurations.
Page 412: Create Fdbentry Secure-Mac
FDB Commands create fdbentry secure-mac create fdbentry secure-mac <mac_address> vlan <vlan name> ports <port-list> Description Specifies an authorized set of ports on which the specified MAC address will be permitted. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes. vlan name Specifies a VLAN name associated with a MAC address.
Page 413: Create Fdbentry Vlan Blackhole
create fdbentry vlan blackhole create fdbentry vlan blackhole create fdbentry <mac_address> vlan <vlan name> blackhole {source-mac | dest-mac | both} Description Creates a blackhole FDB entry. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes. vlan name Specifies a VLAN name associated with a MAC address. blackhole Configures the MAC address as a blackhole entry.
Page 414 FDB Commands This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 415: Create Fdbentry Vlan Dynamic
create fdbentry vlan dynamic create fdbentry vlan dynamic For “i” series switches: create fdbentry [<mac_address> | broadcast-mac | any-mac] vlan <vlan name> dynamic [qosprofile <qosprofile> {ingress-qosprofile <inqosprofile>} | ingress-qosprofile <inqosprofile> {qosprofile <qosprofile>}] For “e” series switches: create fdbentry [<mac_address> | any-mac] vlan <vlan name> dynamic [ingress-qosprofile <qosprofile>...
Page 416 FDB Commands • A port is disabled. • A port enters blocking state. • A port QoS setting is changed. • A port goes down (link down). Using the keyword, you can enable traffic from a QoS VLAN to have higher priority than any-mac 802.1p traffic.
Page 417: Create Fdbentry Vlan Ports
create fdbentry vlan ports create fdbentry vlan ports create fdbentry <mac_address> vlan <vlan name> ports [<portlist> | all] {qosprofile <qosprofile>} {ingress-qosprofile <inqosprofile>} Description Creates a permanent static FDB entry, and optionally associates it with an ingress and/or egress QoS profile. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes.
Page 418 FDB Commands Permanent static entries are designated by “spm” in the flags field of the output. You can use show fdb command to display permanent FDB entries, including their QoS profile show fdb permanent associations. Example The following example adds a permanent, static entry to the FDB for MAC address is 00 E0 2B 12 34 56, in VLAN marketing on port 4: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 4 History...
Page 419: Delete Fdbentry
delete fdbentry delete fdbentry delete fdbentry [[<mac_address> | any-mac | broadcast-mac] vlan <vlan name> | all] Description Deletes one or all permanent FDB entries. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes. any-mac Specifies the wildcard MAC address. broadcast-mac Specifies the broadcast MAC address.
Page 420: Disable Fdb-Scan
FDB Commands disable fdb-scan disable fdb-scan [all | slot {{backplane} | <slot number> | msm-a | msm-b}] Description Disables FDB scanning on a stand-alone switch or on a per slot or backplane basis on a modular switch. Syntax Description Specifies all of the slots in the chassis. NOTE: This is available on modular switches only.
Page 421 disable fdb-scan The following command disables FDB scanning on all of the slots of a modular switch: disable fdb-scan all History This command was first available in ExtremeWare 6.2.2b108. The default for this command was changed to disabled in ExtremeWare 6.2.2b134. This command was not supported in ExtremeWare 7.0.
Page 422: Enable Fdb-Scan
FDB Commands enable fdb-scan enable fdb-scan [all | slot {{backplane} | <slot number> | msm-a | msm-b}] Description Enables FDB scanning on a stand-alone switch or on a per slot or backplane basis on a modular switch. Syntax Description Specifies all of the slots in the chassis. NOTE: This option is available on modular switches only.
Page 423 enable fdb-scan The following command enables FDB scanning on all of the slots of a modular switch: enable fdb-scan all History This command was first available in ExtremeWare 6.2.2b108. The default for this command was changed to disabled in ExtremeWare 6.2.2b134 This command was not supported in ExtremeWare 7.0.
Page 424: Run Fdb-Check
FDB Commands run fdb-check run fdb-check [all |index <bucket> <entry> | [<mac_address> | broadcast-mac] {<vlan name>}] {extended} {detail} Description Checks MAC FDB entries for consistency. Syntax Description Specifies all entries in the FDB. bucket Specifies the bucket portion of the FDB hash index. entry Specifies the entry portion of the FDB hash index.
Page 425 run fdb-check History This command was first available in ExtremeWare 6.1.9 This command was modified in ExtremeWare 6.2.1 to support the keyword. broadcast-mac Platform Availability This command is available on the “i” series platform. option is available on the Black Diamond 6800 chassis-based system only. extended ExtremeWare 7.7 Command Reference Guide...
Page 426: Show Fdb
FDB Commands show fdb On “i” series of switches: show fdb {<mac_address> | broadcast-mac | permanent | ports <portlist> | remap | stats | vlan <vlan name>} On “e” series of switches: show fdb {<mac_address> | permanent | ports <portlist> | vlan <vlan name>} Description Displays FDB entries.
Page 427 show fdb Flags Flags that define the type of entry: • B - Egress Blackhole • b - Ingress Blackhole • d - Dynamic • s - Static • p - Permanent • m - MAC • S - secure MAC •...
Page 428 FDB Commands Total: 33 Static: 16 Perm: 0 Locked: 0 Secure: 0 Dynamic: 17 Dropped: 0 Questionable: 0 Remapped: 0 FDB Aging time: 300 seconds NOTE IPX information only shows in “i” series switch output. The following command displays information about the permanent entries in the FDB: show fdb permanent It produces output similar to the following: EQP IQP Index...
Page 429: Unconfigure Fdb-Scan Failure-Action
unconfigure fdb-scan failure-action unconfigure fdb-scan failure-action unconfigure fdb-scan failure-action Description Returns the switch to its default of sending FDB scan messages to the syslog if too many failures are detected within the specified scan period. Syntax Description The command has no arguments or variables. Default Usage Guidelines This setting is independent of and does not affect the system health check configurations.
Page 430: Unconfigure Fdb-Scan Period
FDB Commands unconfigure fdb-scan period unconfigure fdb-scan period Description Returns the FDB scan interval to the factory default of 30 seconds. Syntax Description This command has no arguments or variables. Default Usage Guidelines This setting is independent of and does not affect the system health check configurations. Example The following command returns the FDB scan interval to 30 seconds: unconfigure fdb-scan period...
Page 431: Chapter 7 Qos Commands
QoS Commands This chapter describes the following commands: • Commands for configuring Quality of Service (QoS) profiles • Commands creating traffic groupings and assigning the groups to QoS profiles • Commands for configuring, enabling and disabling explicit class-of-service traffic groupings (802.1p and DiffServ) •...
Page 432 QoS Commands To configure QoS, you define how your switch responds to different categories of traffic by creating and configuring QoS profiles. The service that a particular type of traffic receives is determined by assigning a QoS profile to a traffic grouping or classification. The building blocks are defined as follows: •...
Page 433: Clear Dlcs
clear dlcs clear dlcs clear dlcs Description Clears all learned DLCS data. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines If the IP address of an end-station changes, and the end-station is not immediately rebooted, the old host-to-IP mapping is not deleted.
Page 434: Configure Diffserv Examination Code-Point Qosprofile Ports
QoS Commands configure diffserv examination code-point qosprofile ports configure diffserv examination code-point <code_point> qosprofile <qosprofile> ports [<portlist> | all] {low-drop-probability | high-drop-probability} Description Configures the default mapping of ingress DiffServ code points (DSCP) to QoS profiles. NOTE This command is available only on the “i” series switches. Syntax Description code_point Specifies a DiffServ code point (a 6-bit value in the IP-TOS byte in the IP header).
Page 435 configure diffserv examination code-point qosprofile ports For the BlackDiamond Switches. The low-drop-probability high-drop-probability keywords are applicable only to SONET ports. The low-drop-probability keywords are useful in conjunction with the weighted RED (WRED) high-drop-probability implementation provided by SONET ports. This implementation supports two different drop probabilities;...
Page 436: Configure Diffserv Replacement Priority Vpri Code-Point Ports
QoS Commands configure diffserv replacement priority vpri code-point ports configure diffserv replacement priority vpri <value> code-point <code_point> ports [<portlist> | all] Description Configures the default egress DiffServ replacement mapping. NOTE This command is available only on the “i” series switches. Syntax Description value Specifies the 802.1p priority value.
Page 437 configure diffserv replacement priority vpri code-point ports Example The following command specifies that a code point value of 25 should be used to replace the TOS bits in packets with an 802.1p priority of 2 for ports 5-9: configure diffserv replacement priority 2 code-point 25 ports 5-9 History This command was first available in ExtremeWare 6.0.
Page 438: Configure Dot1P Type
QoS Commands configure dot1p type configure dot1p type <dot1p_priority> qosprofile <qosprofile> Description Configures the default QoS profile to 802.1p priority mapping. NOTE This command is available only on the “i” series switches. Syntax Description dot1p_priority Specifies the 802.1p priority value. The value is an integer between 0 and 7. qosprofile Specifies a QoS profile.
Page 439 configure dot1p type Platform Availability This command is available on the “i” series platforms only. ExtremeWare 7.7 Command Reference Guide...
Page 440: Configure Ports Qosprofile
QoS Commands configure ports qosprofile configure ports <portlist> qosprofile <qosprofile> Description Configures one or more ports to use a particular QoS profile. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. qosprofile Specifies a QoS profile.
Page 441: Configure Qosprofile
configure qosprofile configure qosprofile configure qosprofile <qosprofile> minbw <min_percent> maxbw <max_percent> priority <level> {[minbuf <percent> maxbuf <number> [K | M] | maxbuff <number> [K | M] | <portlist>]} Description Modifies the default QoS profile parameters. NOTE This command is available only on the “i” series switches. Syntax Description qosprofile Specifies a QoS profile name.
Page 442 QoS Commands parameter unless specific situations and application behavior indicate. You must reboot the switch for changes to this parameter to take effect. For ExtremeWare 4.0: • Only four priority levels are available (low, normal, medium, and high). Examples The following command configures the QoS profile parameters of QoS profile qp5 for specific ports on an “i”...
Page 443: Configure Qostype Priority
configure qostype priority configure qostype priority configure qostype priority [source-mac | dest-mac | access-list | vlan | diffserv | dot1p] <priority> Description Configures the priority of the specified QoS traffic grouping. NOTE This command is available only on the “i” series switches. Syntax Description source-mac Specifies the priority of traffic groupings based on FDB source MAC addresses.
Page 444 QoS Commands Platform Availability This command is available on the “i” series platforms only. ExtremeWare 7.7 Command Reference Guide...
Page 445: Configure Red Drop-Probability
configure red drop-probability configure red drop-probability configure red drop-probability <percent> Description Configures the random early detect (RED) drop probability. NOTE This command is available only on the “i” series switches. Syntax Description percent Specifies the RED drop probability as a percentage. Range is 0 -100. Default Usage Guidelines When the switch detects that traffic is filling up any of the eight hardware queues, it performs a random...
Page 446: Configure Vlan Priority
QoS Commands configure vlan priority configure vlan <vlan name> priority <priority> Description Configures the 802.1p priority value for traffic generated on the switch. Syntax Description vlan name Specifies a VLAN name. priority Specifies the 802.1p priority value. The value is an integer between 0 and 7. Default Usage Guidelines The 802.1p priority field is placed in the 802.1Q tag when a packet is generated by the switch.
Page 447: Configure Vlan Qosprofile
configure vlan qosprofile configure vlan qosprofile configure vlan <vlan name> qosprofile <qosprofile> Description Configures a VLAN to use a particular QoS profile. NOTE This command is available only on the “i” series switches. Syntax Description vlan name Specifies a VLAN name. qosprofile Specifies a QoS profile.
Page 448: Disable Diffserv Examination Ports
QoS Commands disable diffserv examination ports disable diffserv examination ports [<portlist> | all] Description Disables the examination of the DiffServ field in an IP packet. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 449: Disable Diffserv Replacement Ports
disable diffserv replacement ports disable diffserv replacement ports disable diffserv replacement ports [<portlist> | all] Description Disables the replacement of diffserv code points in packets transmitted by the switch. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply.
Page 450: Disable Dlcs
QoS Commands disable dlcs disable dlcs {fast-ethernet-ports | ports [all | <port_number>]} Description This command disables Windows internet Naming Service (WINS) snooping for ports on this switch. NOTE This command is available only on the “i” series switches. Syntax Description fast-ethernet-ports Specifies that WINS packet snooping should be disabled on all Fast Ethernet ports.
Page 451: Disable Dot1P Replacement Ports
disable dot1p replacement ports disable dot1p replacement ports disable dot1p replacement ports [<portlist> | all] Description Disables the ability to overwrite 802.1p priority values for a given set of ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply.
Page 452: Disable Qosmonitor
QoS Commands disable qosmonitor disable qosmonitor Description Disables the QoS monitoring capability. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines The QoS monitor is a utility on “i” series switches that monitors the eight hardware queues (QP1-QP8) associated with any port(s).
Page 453: Disable Red Ports
disable red ports disable red ports disable red ports <portlist> Description Disables random early detection (RED) on the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies the port number(s). May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Disabled Usage Guidelines...
Page 454: Enable Diffserv Examination Ports
QoS Commands enable diffserv examination ports enable diffserv examination ports [<portlist> | all] Description Enables examination of the DiffServ field of an ingress IP packet in order to select a QoS profile. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 455: Enable Diffserv Replacement Ports
enable diffserv replacement ports enable diffserv replacement ports enable diffserv replacement ports [<portlist> | all] Description Enables the DiffServ code point to be overwritten in packets transmitted by the switch. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply.
Page 456: Enable Dlcs
QoS Commands enable dlcs enable dlcs {fast-etherenable dlcs net-ports | ports [all | <port_number>]} Description This command enables Windows Internet Naming Service (WINS) snooping for ports on the switch. NOTE This command is available only on the “i” series switches. Syntax Description fast-ethernet-ports Specifies that WINS packets should be snooped on all Fast Ethernet ports.
Page 457 enable dlcs Platform Availability This command is available on the “i” series platforms only. ExtremeWare 7.7 Command Reference Guide...
Page 458: Enable Dot1P Replacement Ports
QoS Commands enable dot1p replacement ports enable dot1p replacement ports [<portlist> | all] Description Allows the 802.1p priority field to be overwritten on egress according to the QoS profile-to-802.1p priority mapping for a given set of ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports.
Page 459 enable dot1p replacement ports History This command was available in ExtremeWare 6.0. Platform Availability This command is available on the “i” series platforms only. ExtremeWare 7.7 Command Reference Guide...
Page 460: Enable Qosmonitor
QoS Commands enable qosmonitor enable qosmonitor {port <port>} Description Enables the QoS monitoring capability on the switch. NOTE This command is available only on the “i” series switches. Syntax Description port Specifies a port. Default Disabled Usage Guidelines When no port is specified, the QoS monitor automatically samples all the ports and records the sampled results.
Page 461: Enable Red Ports
enable red ports enable red ports enable red ports <portlist> Description Enables random early detection (RED) on a port. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Disabled Usage Guidelines...
Page 462: Show Dlcs
QoS Commands show dlcs show dlcs Description Displays the status of DLCS (enabled or disabled) and the status of ports that are snooping WINS packets. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines None...
Page 463: Show Dot1P
show dot1p show dot1p show dot1p Description Displays the 802.1p-to-QoS profile mappings. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines None Example The following command displays the current 802.1p-to-QoS mappings on the switch: show dot1p Following is the output from this command: 802.1p Priority Value...
Page 464: Show Ports Qosmonitor
QoS Commands show ports qosmonitor For the “i” series switches: show ports {mgmt | <portlist>} qosmonitor {egress | ingress} {discards} For the “e” series switches: show ports {mgmt | <portlist>} qosmonitor} Description Displays real-time QoS statistics for egress packets on one or more ports. Syntax Description mgmt Specifies the management port.
Page 465 show ports qosmonitor Following is sample output from this command: Qos Monitor Egress Queue Summary Mon Oct 21 20:35:21 2002 Port Xmts Xmts Xmts Xmts Xmts Xmts Xmts Xmts ================================================================================ ================================================================================ 0->Clear Counters U->page up D->page down R->rate screen ESC->exit History This command was available in ExtremeWare 2.0.
Page 466: Show Qosprofile
QoS Commands show qosprofile show qosprofile {<qosprofile>} {port <portlist>} Description Displays QoS information for the switch. Syntax Description <qosprofile> Specifies a QoS profile name. portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Displays QoS information for all profiles.
Page 467 show qosprofile Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 468: Show Qostype Priority
QoS Commands show qostype priority show qostype priority Description Displays priority settings for QoS traffic groupings. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines None Example The following command displays the QoS traffic grouping priority settings for this switch: show qostype priority...
Page 469: Unconfigure Diffserv Examination Ports
unconfigure diffserv examination ports unconfigure diffserv examination ports unconfigure diffserv examination ports [<portlist> | all] Description Removes the DiffServ examination code point from a port. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Specifies that DiffServ examination code points should be removed from all ports.
Page 470: Unconfigure Diffserv Replacement Ports
QoS Commands unconfigure diffserv replacement ports unconfigure diffserv replacement ports [<portlist> | all] Description Removes the DiffServ replacement mapping from a port. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Specifies that DiffServ replacement mapping should be removed from all ports.
Page 471: Unconfigure Qostype Priority
unconfigure qostype priority unconfigure qostype priority unconfigure qostype priority Description Resets all traffic grouping priority values to their defaults. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines Resets the traffic grouping priorities to the following: access-list = 11...
Page 472 QoS Commands ExtremeWare 7.7 Command Reference Guide...
Page 473: Nat Commands
IP addresses, typically public Internet IP addresses. This conversion is done transparently by having a NAT device (for example, any Extreme Networks switch) rewrite the source IP address and layer 4 port of the packets.
Page 474: Clear Nat
NAT Commands clear nat clear nat [connections | stats} Description Clears NAT connections or statistics. Syntax Description connections Specifies the current NAT connections table. stats Specifies the statistics counter. Default Usage Guidelines None Example The following command clears NAT connections: clear nat connections History This command was first available in ExtremeWare 6.2.
Page 475: Configure Nat Add Vlan Map
configure nat add vlan map configure nat add vlan map configure nat add vlan <vlan name> map source [any | <source_ipaddress>/<mask>] {l4-port [any | <port> {- <port>}]} {destination [any | <dest_ipaddress>/<mask>] {l4-port [any | <port> {- <port>}]}} to <nat_ip address> [/<mask> | - <ip address>] {[tcp | udp | both] [portmap {<min>...
Page 476 NAT Commands Usage Guidelines Four different modes are used to determine how the outside IP addresses and layer 4 ports are assigned: • Static mapping Dynamic mapping • • Port mapping • Auto-constraining Static and Dynamic Mapping. When static mapping is used, each inside IP address uses a single outside IP address.
Page 477 configure nat add vlan map Using Layer 4 Port Numbers. The addition of the optional keyword allows the NAT rule to l4-port be applied to only packets with a specific layer 4 source or destination port. If you use the layer 4-port command after the source IP/mask, the rule matches only if the port(s) specified are the source layer 4-ports.
Page 478 NAT Commands Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 479: Configure Nat Delete
configure nat delete configure nat delete configure nat delete [all | vlan <vlan name> map source [any | <source_ip address>/<mask>] {l4-port [any | <port> {- <port>}]} {destination <dest_ip address>/<mask> {l4-port [any | <port> {- <port>}]}} to <nat_ip address> [/<mask> | - <ip address>] [tcp | udp | both] [portmap {<min>...
Page 480 NAT Commands Example The following command deletes a portmap translation rule: configure nat delete out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp portmap 1024 - 8192 History This command was first available in ExtremeWare 6.2. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 481: Configure Nat Finrst-Timeout
configure nat finrst-timeout configure nat finrst-timeout configure nat finrst-timeout <seconds> Description Configures the timeout for a TCP session that has been torn down or reset. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 60 seconds.
Page 482: Configure Nat Icmp-Timeout
NAT Commands configure nat icmp-timeout configure nat icmp-timeout <seconds> Description Configures the timeout for an ICMP packet. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 3 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed out.
Page 483: Configure Nat Syn-Timeout
configure nat syn-timeout configure nat syn-timeout configure nat syn-timeout <seconds> Description Configures the timeout for an entry with an unacknowledged TCP SYN state. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 60 seconds.
Page 484: Configure Nat Tcp-Timeout
NAT Commands configure nat tcp-timeout configure nat tcp-timeout <seconds> Description Configures the timeout for a fully set up TCP SYN session. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 120 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed out.
Page 485: Configure Nat Timeout
configure nat timeout configure nat timeout configure nat timeout <seconds> Description Configures the timeout for any IP packet that is not TCP, UDP, or ICMP. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 600 seconds.
Page 486: Configure Nat Udp-Timeout
NAT Commands configure nat udp-timeout configure nat udp-timeout <seconds> Description Configures the timeout for a UDP session. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 120 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed out.
Page 487: Configure Nat Vlan
configure nat vlan configure nat vlan configure nat vlan <vlan name> [inside | outside | none] Description Configures a VLAN to participate in NAT. Syntax Description vlan name Specifies a VLAN name. inside Specifies that the VLAN is an inside VLAN. outside Specifies that the VLAN is an outside VLAN.
Page 488: Disable Nat
NAT Commands disable nat disable nat Description Disables network address translation on the switch. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines None Example The following command disables NAT functionality on the switch: disable nat History This command was first available in ExtremeWare 6.2.
Page 489: Enable Nat
enable nat enable nat enable nat Description Enables network address translation on the switch. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines None Example The following command enables NAT functionality on the switch: enable nat History This command was first available in ExtremeWare 6.2.
Page 490: Show Nat
NAT Commands show nat show nat {timeout | stats | connections | rules {vlan <outside_vlan>}} Description Displays NAT settings. Syntax Description timeout Specifies the display of NAT timeout settings. stats Specifies the display of statistics for NAT traffic. connections Specifies the display of the current NAT connection table. rules Specifies the display of NAT rules, optionally for a specific VLAN.
Page 491 show nat Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 492 NAT Commands ExtremeWare 7.7 Command Reference Guide...
Page 493: Slb Commands-"I" Series Switches Only
SLB Commands—“i” Series Switches Only This chapter discusses server load balancing (SLB) and flow redirection commands. SLB distributes client requests transparently among several servers. The main use for SLB is for web hosting (using redundant servers to increase the performance and reliability of busy websites). You can use SLB to manage and balance traffic for client equipment such as web servers, cache servers, routers, and proxy servers.
Page 494: Clear Slb Connections
SLB Commands—“i” Series Switches Only clear slb connections clear slb connections {ipaddress <ip address> : <port> | vip <vip name>} Description Clears all existing SLB connections. Syntax Description ip address Specifies an IP address. port Specifies a port. vip name Specifies a virtual server.
Page 495: Clear Slb Persistence Vip
clear slb persistence vip clear slb persistence vip clear slb persistence vip <vip name> Description Clears the connection information in the persistence table. Syntax Description vip name Specifies a virtual server. Default Usage Guidelines Use this command only during testing. Clearing persistence disables applications, such as shopping carts, that require persistence.
Page 496: Configure Flow-Redirect Add Next-Hop
SLB Commands—“i” Series Switches Only configure flow-redirect add next-hop configure flow-redirect <flow redirect> add next-hop <ip address> Description Adds the next hop host (gateway) that is to receive the packets that match the flow redirection policy. Syntax Description flow redirect Specifies a flow redirection policy.
Page 497: Configure Flow-Redirect Delete Next-Hop
configure flow-redirect delete next-hop configure flow-redirect delete next-hop configure flow-redirect <flow redirect> delete next-hop <ip address> Description Deletes the next hop host (gateway). Syntax Description flow redirect Specifies a flow redirection policy. ip address Specifies an IP address. Default Usage Guidelines None Example The following command deletes the next hop of 10.2.1.20 from the flow redirection policy named...
Page 498: Configure Flow-Redirect Service-Check Ftp
SLB Commands—“i” Series Switches Only configure flow-redirect service-check ftp configure flow-redirect <flow redirect> service-check ftp user <user name> <password> Description Configures the flow redirection FTP check. Syntax Description flow redirect Specifies a flow redirection policy. user name Specifies the user name for logging in to the FTP service. password Specifies the password for logging in to the FTP service.
Page 499: Configure Flow-Redirect Service-Check Http
5000 bytes. Extreme Networks recommends that you create a specific URL dedicated to this check. Do not include “http://” in the URL. To check a URL beyond the root directory, include the path in the specified URL.
Page 500: Configure Flow-Redirect Service-Check L4-Port
SLB Commands—“i” Series Switches Only configure flow-redirect service-check L4-port configure flow-redirect <flow redirect> service-check L4-port Description Configures the flow redirection layer 4 port check. Syntax Description flow redirect Specifies a flow redirection policy. Default Usage Guidelines This command automatically enables layer 4 port check. The layer 4 port check opens and closes the layer 4 port specified in the flow redirection policy.
Page 501: Configure Flow-Redirect Service-Check Nntp
configure flow-redirect service-check nntp configure flow-redirect service-check nntp configure flow-redirect <flow redirect> service-check nntp <newsgroup> Description Configures the flow redirection NNTP check. Syntax Description flow redirect Specifies a flow redirection policy. newsgroup Specifies the news group to be checked. Default Usage Guidelines This command automatically enables NNTP check.
Page 502: Configure Flow-Redirect Service-Check Ping
SLB Commands—“i” Series Switches Only configure flow-redirect service-check ping configure flow-redirect <flow redirect> service-check ping Description Configures the flow redirection ping check. Syntax Description flow redirect Specifies a flow redirection policy. Default Usage Guidelines This command automatically enables ping check. Ping check is also automatically enabled when you add a next hop using the following command: configure flow-redirect add next-hop In ExtremeWare 6.2.0 and prior, the frequency of the ping check is 10 seconds, the timeout of the ping...
Page 503: Configure Flow-Redirect Service-Check Pop3
configure flow-redirect service-check pop3 configure flow-redirect service-check pop3 configure flow-redirect <flow redirect> service-check pop3 user <user name> <password> Description Configures the flow redirection POP3 check. Syntax Description flow redirect Specifies a flow redirection policy. user name Specifies the user name for logging in to the POP3 service. password Specifies the password for logging in to the POP3 service.
Page 504: Configure Flow-Redirect Service-Check Smtp
SLB Commands—“i” Series Switches Only configure flow-redirect service-check smtp configure flow-redirect <flow redirect> service-check smtp <dns domain> Description Configures the flow redirection SMTP check. Syntax Description flow redirect Specifies a flow redirection policy. dns domain Specifies the DNS domain of the mail server. Default Usage Guidelines This command automatically enables SMTP check.
Page 505: Configure Flow-Redirect Service-Check Telnet
configure flow-redirect service-check telnet configure flow-redirect service-check telnet configure flow-redirect <flow redirect> service-check telnet user <user name> <password> Description Configures the flow redirection telnet check. Syntax Description flow redirect Specifies a flow redirection policy. user name Specifies the user name for logging in to the telnet service. password Specifies the password for logging in to the telnet service.
Page 506: Configure Flow-Redirect Timer Ping-Check
SLB Commands—“i” Series Switches Only configure flow-redirect timer ping-check configure flow-redirect timer ping-check frequency <seconds> timeout <seconds> Description Configures the frequency and timeout for the flow redirection ping check. Syntax Description frequency Specifies the ping check frequency. The range is 1 to 60. timeout Specifies the ping check timeout.
Page 507: Configure Flow-Redirect Timer Service-Check
configure flow-redirect timer service-check configure flow-redirect timer service-check configure flow-redirect timer service-check frequency <seconds> timeout <seconds> Description Configures the frequency and timeout for the flow redirection service check. Syntax Description frequency Specifies the service-check frequency. The range is 15 to 300. timeout Specifies the service-check timeout.
Page 508: Configure Flow-Redirect Timer Tcp-Port-Check
SLB Commands—“i” Series Switches Only configure flow-redirect timer tcp-port-check configure flow-redirect timer tcp-port-check frequency <seconds> timeout <seconds> Description Configures the frequency and timeout for the flow redirection TCP port check. Syntax Description frequency Specifies the tcp-port-check frequency. The range is 5 to 120. timeout Specifies the tcp-port-check timeout.
Page 509: Configure Slb Esrp Vlan
To set the unit number of a virtual server, use the following command: configure slb vip For simplicity, Extreme Networks recommends that you put client, server, and virtual server VLANs in the same ESRP group. Example The following command configures ESRP VLAN “servers”...
Page 510: Configure Slb Failover Alive-Frequency
The default timeout is 3 seconds. Usage Guidelines The frequency must be less than the timeout. Extreme Networks recommends that you set the timeout greater than an even multiple of the frequency. To enable active-active operation, use the following command:...
Page 511: Configure Slb Failover Dead-Frequency
configure slb failover dead-frequency configure slb failover dead-frequency configure slb failover dead-frequency <seconds> Description Configures the frequency at which the local switch attempts to re-establish communication with an unresponsive remote switch. Syntax Description dead-frequency The frequency at which the local switch attempts to re-establish communication with an unresponsive remote switch.
Page 512: Configure Slb Failover Failback-Now
SLB Commands—“i” Series Switches Only configure slb failover failback-now configure slb failover failback-now Description Configures the local SLB device to release the remote SLB resources if the remote SLB is alive. Syntax Description This command has no arguments or variables. Default Usage Guidelines When an active SLB unit fails and recovers, and manual failback is enabled, use this command to force...
Page 513: Configure Slb Failover Ping-Check
configure slb failover ping-check configure slb failover ping-check configure slb failover ping-check <ip address> {frequency <seconds> timeout <seconds>} Description Configures the SLB device to actively determine if a remote gateway is reachable by performing a ping. Syntax Description ip address Specifies the IP address of the remote gateway.
Page 514: Configure Slb Failover Unit
To enable active-active operation, use the following command: enable slb failover Extreme Networks recommends that you use a dedicated layer 2 VLAN to connect the two active-active switches. Example The following command configures the local SLB switch (with an IP address of 10.10.10.22) to direct unit 2 virtual servers to failover to the SLB switch with an IP address of 10.10.10.21:...
Page 515: Configure Slb Global Connection-Block
configure slb global connection-block configure slb global connection-block configure slb global connection-block <number> Description Configures the number of SLB connections to allocate in memory; this allocation can improve performance. Syntax Description number Specifies the number of connection blocks. The range is 100 to 20,000. Default The default is 10,000.
Page 516: Configure Slb Global Connection-Timeout
SLB Commands—“i” Series Switches Only configure slb global connection-timeout configure slb global connection-timeout <seconds> Description Configures the connection timeout for transparent and translation modes. Syntax Description seconds Specifies the number of seconds. The range is 1 to 180. Default The default is one second. Usage Guidelines None Example...
Page 517: Configure Slb Global Ftp
For both user and password, the default value is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The FTP service check provides a more thorough check than ping check, because the FTP service check logs in to the service.
Page 518 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 519: Configure Slb Global Http
The HTTP service check provides a more thorough check than ping check, because the HTTP service check connects to a specific URL and checks for a specific text string. Extreme Networks recommends that you create a specific URL dedicated to this check.
Page 520 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 521: Configure Slb Global Nntp
configure slb global nntp configure slb global nntp configure slb global nntp <newsgroup> Description Configures the default parameters for layer 7 NNTP service checking. Syntax Description newsgroup Specifies a newsgroup. Default The default newsgroup is ebusiness. Usage Guidelines The NNTP service check provides a more thorough check than ping check, because the NNTP service check logs in to the service.
Page 522: Configure Slb Global Persistence-Level
SLB Commands—“i” Series Switches Only configure slb global persistence-level configure slb global persistence-level [any-vip | same-vip-any-port | same-vip-same-port] Description Configures the persistence level globally. Syntax Description any-vip Specifies that an entry can match any port on any virtual server. same-vip-any-port Specifies that an entry must match the virtual server and can be any port.
Page 523: Configure Slb Global Persistence-Method
configure slb global persistence-method configure slb global persistence-method configure slb global persistence-method [per-packet | per-session] Description Configures the behavior of the persistence timer. Syntax Description per-packet Resets the persistence timer at the receipt of each packet. per-session Resets the persistence timer at the beginning of the session. When the timer expires, persistence for the session ends.
Page 524: Configure Slb Global Ping-Check
SLB Commands—“i” Series Switches Only configure slb global ping-check configure slb global ping-check frequency <seconds> timeout <seconds> Description Configures the default health checking frequency and timeout period using layer 3-based pinging of the physical node. Syntax Description frequency Specifies the frequency of the ping check. The range is 1 to 60 seconds. timeout Specifies the timeout of the ping check.
Page 525: Configure Slb Global Pop3
For both user and password, the default value is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The POP3 service check provides a more thorough check than ping check, because the POP3 service check logs in to the service.
Page 526 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 527: Configure Slb Global Service-Check
configure slb global service-check configure slb global service-check configure slb global service-check frequency <seconds> timeout <seconds> Description Configures the default health checking frequency and timeout period using layer 7-based application-dependent checking. Syntax Description frequency Specifies the frequency of the service check. The range is 15 to 300 seconds. timeout Specifies the timeout of the service check.
Page 528: Configure Slb Global Smtp
SLB Commands—“i” Series Switches Only configure slb global smtp configure slb global smtp <dns domain> Description Configures the default parameters for layer 7 SMTP service checking. Syntax Description dns domain Specifies the domain to check. Default The default value for is the switch domain.
Page 529: Configure Slb Global Synguard
configure slb global synguard configure slb global synguard configure slb global synguard max-unacknowledged-SYNs <number> Description Configures the SYN-guard feature. Syntax Description max-unacknowledged-SYNs Specifies the number of half-open connections that the switch allows. The range is 10 to 4000. Default The default value is 50. Usage Guidelines If the number of half-open connections exceeds the number specified, the switch immediately ages out the half-open connections.
Page 530: Configure Slb Global Tcp-Port-Check
SLB Commands—“i” Series Switches Only configure slb global tcp-port-check configure slb global tcp-port-check frequency <seconds> timeout <seconds> Description Configures the default health checking frequency and timeout period using layer 4-based TCP port testing. Syntax Description frequency Specifies the frequency of the TCP port check. The range is 5 to 120 seconds. timeout Specifies the timeout of the TCP port check.
Page 531: Configure Slb Global Telnet
For both user and password, the default value is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The telnet service check provides a more thorough check than ping check, because the telnet service check logs in to the service.
Page 532 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 533: Configure Slb Gogo-Mode Health-Check
configure slb gogo-mode health-check configure slb gogo-mode health-check configure slb gogo-mode <port number> health-check <ip address> Description Configures the health checker with the common IP addresses of the GoGo mode servers in this group. Syntax Description port number Specifies the GoGo mode master port. ip address Specifies an IP address.
Page 534: Configure Slb Gogo-Mode Ping-Check
SLB Commands—“i” Series Switches Only configure slb gogo-mode ping-check configure slb gogo-mode <port number> ping-check frequency <seconds> timeout <seconds> Description Overrides the global default ping check frequency and timeout values for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. frequency Specifies the frequency of the ping check.
Page 535 configure slb gogo-mode ping-check Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 536: Configure Slb Gogo-Mode Service-Check Ftp
SLB Commands—“i” Series Switches Only configure slb gogo-mode service-check ftp configure slb gogo-mode <port number> service-check ftp {L4-port <L4-port>} {user <user> | password {encrypted} <password>} Description Configures the FTP service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 537: Configure Slb Gogo-Mode Service-Check Http
This command accesses the specified URL and checks for the specified alphanumeric string in the first 1000 bytes. Extreme Networks recommends that you create a specific URL dedicated to this check. Do not include “http://” in the URL. To check a URL beyond the root directory, include the path in the specified URL.
Page 538 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 539: Configure Slb Gogo-Mode Service-Check Pop3
configure slb gogo-mode service-check pop3 configure slb gogo-mode service-check pop3 configure slb gogo-mode <port number> service-check pop3 {L4-port <L4-port>} {userid <userid> | password {encrypted} <password>} Description Configures the service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 540: Configure Slb Gogo-Mode Service-Check Smtp
SLB Commands—“i” Series Switches Only configure slb gogo-mode service-check smtp configure slb gogo-mode <port number> service-check smtp {L4-port <L4-port>} {<dns domain>} Description Configures the service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. L4-port Specifies a layer 4 port.
Page 541: Configure Slb Gogo-Mode Service-Check Telnet
configure slb gogo-mode service-check telnet configure slb gogo-mode service-check telnet configure slb gogo-mode <port number> service-check telnet {L4-port <L4-port>} {user <user name> | password {encrypted} <password>} Description Configures the service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 542: Configure Slb Gogo-Mode Service-Check Timer
SLB Commands—“i” Series Switches Only configure slb gogo-mode service-check timer configure slb gogo-mode <port number> service-check timer [all | ftp | http | telnet | smtp | nntp | pop3 | <TCP port number>] frequency <seconds> timeout <seconds> Description Overrides the global frequency and timeout values for the service check. Syntax Description port number Specifies the GoGo mode master port.
Page 543 configure slb gogo-mode service-check timer Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 544: Configure Slb Gogo-Mode Tcp-Port-Check Add
SLB Commands—“i” Series Switches Only configure slb gogo-mode tcp-port-check add configure slb gogo-mode <port number> tcp-port-check add [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Adds the specified layer 4 port.
Page 545 configure slb gogo-mode tcp-port-check add Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 546: Configure Slb Gogo-Mode Tcp-Port-Check Delete
SLB Commands—“i” Series Switches Only configure slb gogo-mode tcp-port-check delete configure slb gogo-mode <port number> tcp-port-check delete [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Deletes the specified layer 4 port.
Page 547 configure slb gogo-mode tcp-port-check delete Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 548: Configure Slb Gogo-Mode Tcp-Port-Check Timer
SLB Commands—“i” Series Switches Only configure slb gogo-mode tcp-port-check timer configure slb gogo-mode <port number> tcp-port-check timer [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] frequency <seconds>...
Page 549 configure slb gogo-mode tcp-port-check timer Example The following command configures GoGo mode FTP TCP port check for the group with port 29 as the master port with a frequency of 15 seconds and a timeout of 45 seconds: configure slb gogo-mode 29 tcp-port-check timer ftp frequency 15 timeout 45 History This command was first available in ExtremeWare 6.1.5.
Page 550: Configure Slb L4-Port
SLB Commands—“i” Series Switches Only configure slb L4-port configure slb L4-port [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] [treaper-timeout <seconds>...
Page 551 configure slb L4-port History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 552: Configure Slb Node Max-Connections
SLB Commands—“i” Series Switches Only configure slb node max-connections configure slb node <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] max-connections <number>...
Page 553 configure slb node max-connections History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 554: Configure Slb Node Ping-Check
SLB Commands—“i” Series Switches Only configure slb node ping-check configure slb node <ip address> ping-check frequency <seconds> timeout <seconds> Description Overrides the global default frequency and timeout values for this node. Syntax Description ip address Specifies the IP address of the node. frequency Specifies the frequency of the ping check.
Page 555: Configure Slb Node Tcp-Port-Check
configure slb node tcp-port-check configure slb node tcp-port-check configure slb node <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] tcp-port-check frequency <seconds>...
Page 556 SLB Commands—“i” Series Switches Only Example The following command sets the FTP TCP port check for the node with an IP address of 10.2.1.2 to a frequency of 30 seconds and a timeout of 90 seconds: configure slb node 10.2.1.2 : ftp tcp-port-check frequency 30 timeout 90 History This command was first available in ExtremeWare 6.1.
Page 557: Configure Slb Pool Add
configure slb pool add configure slb pool add configure slb pool <pool name> add <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] {ratio <number>...
Page 558 SLB Commands—“i” Series Switches Only configure the ratio, use the smallest common denominator. For example, to configure a ratio of 25% and 75%, use ratios of 1 and 3, instead of 25 and 75. To configure a pool to use the ratio load balancing method, use the following command: configure slb pool <pool name>...
Page 559: Configure Slb Pool Delete
configure slb pool delete configure slb pool delete configure slb pool <pool name> delete <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Deletes a node from a pool.
Page 560 SLB Commands—“i” Series Switches Only History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 561: Configure Slb Pool Lb-Method
configure slb pool lb-method configure slb pool lb-method configure slb pool <pool name> lb-method [least-connections | priority | ratio | round-robin] Description Configures the SLB load balancing method. Syntax Description pool name Specifies a pool. least-connections Specifies the least connections load balancing method. priority Specifies the priority load balancing method.
Page 562: Configure Slb Pool Member
SLB Commands—“i” Series Switches Only configure slb pool member configure slb pool <pool name> member <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP or UDP port number>] [ratio <number>...
Page 563 configure slb pool member Example The following command changes the priority of the FTP node with an IP address of 10.2.1.2 in the pool “ftp” to 2: configure slb pool ftp member 10.2.1.2 : ftp priority 2 History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i”...
Page 564: Configure Slb Proxy-Client-Persistence
SLB Commands—“i” Series Switches Only configure slb proxy-client-persistence configure slb proxy-client-persistence [add | delete] <ip address>/<netmask> Description Configures a client subnet that should be treated as one persistent entity. Syntax Description ip address/netmask Specifies an IP address and netmask. Default Usage Guidelines Use this command to force all clients from the specified proxy array to connect to the same physical server.
Page 565: Configure Slb Vip
configure slb vip configure slb vip configure slb vip <vip name> unit [number] Description Configures the unit number for active-active failover. Syntax Description vip name Specifies a virtual server. unit Specifies a unit identifier on a virtual server. The range is 1 to 16. Default The default unit is 1.
Page 566: Configure Slb Vip Client-Persistence-Timeout
The default is 3600. client-persistence-timeout Usage Guidelines Extreme Networks recommends that you specify a short client persistence timeout, because longer timeout values consume more memory. Example The following command configures the virtual server “ftp” with a client persistence timeout of 3000...
Page 567: Configure Slb Vip Max-Connections
configure slb vip max-connections configure slb vip max-connections configure slb vip <vip name> max-connections <number> Description Configures the maximum connections allowed to a particular virtual server. Syntax Description vip name Specifies a virtual server. max-connections Specifies the maximum number of connections allowed to a virtual server. The range is 0 to 999,999,999.
Page 568: Configure Slb Vip Service-Check Frequency
SLB Commands—“i” Series Switches Only configure slb vip service-check frequency configure slb vip <vip name> service-check frequency <seconds> timeout <seconds> Description Configures the layer 7 service check frequency and timeout for a particular virtual server. Syntax Description vip name Specifies a virtual server. frequency Specifies the frequency of the service check.
Page 569: Configure Slb Vip Service-Check Ftp
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The FTP service check provides a more thorough check than ping check, because the FTP service check logs in to the service.
Page 570 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 571: Configure Slb Vip Service-Check Http
The HTTP service check provides a more thorough check than ping check, because the HTTP service check connects to a specific URL and checks for a specific text string. Extreme Networks recommends that you create a specific URL dedicated to this check.
Page 572 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 573: Configure Slb Vip Service-Check Nntp
configure slb vip service-check nntp configure slb vip service-check nntp configure slb vip <vip name> service-check nntp <newsgroup> Description Configures layer 7 NNTP service checking for a specific virtual server. Syntax Description vip name Specifies a virtual server. newsgroup Specifies a newsgroup. Default Usage Guidelines This command automatically enables service checking.
Page 574: Configure Slb Vip Service-Check Pop3
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The POP3 service check provides a more thorough check than ping check, because the POP3 service check logs in to the service.
Page 575 configure slb vip service-check pop3 Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 576: Configure Slb Vip Service-Check Smtp
SLB Commands—“i” Series Switches Only configure slb vip service-check smtp configure slb vip <vip name> service-check smtp {<dns domain>} Description Configures layer 7 SMTP service checking for a specific virtual server. Syntax Description vip name Specifies a virtual server. dns domain Specifies the domain to check.
Page 577: Configure Slb Vip Service-Check Telnet
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The telnet service check provides a more thorough check than ping check, because the telnet service check logs in to the service.
Page 578 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 579: Configure Vlan Slb-Type
configure vlan slb-type configure vlan slb-type configure vlan <vlan name> slb-type [both | client | none | server] Description Marks a VLAN as either a server VLAN or a client VLAN. Syntax Description both Configures the VLAN as both a server and a client VLAN. client Configures the VLAN as a client VLAN.
Page 580: Create Flow-Redirect
SLB Commands—“i” Series Switches Only create flow-redirect create flow-redirect <flow redirect> [any | tcp | tup | udp] destination [<ip address> / <mask> [ip-port <number> | src-ip-port <number>] | any] source [<ip address> / <mask> | any] Description Creates a flow redirection policy. Syntax Description flow redirect Specifies a flow redirection policy.
Page 581 create flow-redirect Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 582: Create Slb Pool
SLB Commands—“i” Series Switches Only create slb pool create slb pool <pool name> {lb-method [least-connections | priority | ratio | round-robin]} Description Creates a server pool and optionally assigns a load-balancing method to the pool. Syntax Description pool name Specifies a pool. lb-method Specifies the load-balancing method.
Page 583: Create Slb Vip
create slb vip create slb vip create slb vip <vip name> pool <pool name> mode [transparent | translation | port-translation] <ip address> {- <upper range>} : <L4 port> {unit <number>} Description Creates one or more new virtual servers. Syntax Description vip name Specifies a virtual server.
Page 584: Delete Flow-Redirect
SLB Commands—“i” Series Switches Only delete flow-redirect delete flow-redirect <flow redirect> Description Deletes a flow redirection policy. Syntax Description flow redirect Specifies a flow redirection policy. Default Usage Guidelines To rename or modify a flow redirection policy, you must delete and recreate the flow redirection policy. Example The following command deletes a flow redirection policy named http: delete flow-redirect http...
Page 585: Delete Slb Pool
delete slb pool delete slb pool delete slb pool [<pool name> | all] Description Deletes a server pool. Syntax Description pool name Specifies a pool. Specifies all pools. Default Usage Guidelines You must first delete all virtual servers before deleting the pool. To delete a virtual server, use the following command: delete slb vip Example...
Page 586: Delete Slb Vip
SLB Commands—“i” Series Switches Only delete slb vip delete slb vip [<vip name> | all] Description Deletes one or all virtual servers. Syntax Description vip name Specifies a virtual server. Specifies all virtual servers. Default Usage Guidelines You must use this command to delete all virtual servers from a pool before deleting the pool. Example The following command deletes the virtual server named http_vip: delete slb vip http_vip...
Page 587: Disable Flow-Redirect
disable flow-redirect disable flow-redirect disable flow-redirect [all | <flow redirect>] Description Disables flow redirection. Syntax Description Specifies all flow policies. flow redirect Specifies a single flow redirection policy. Default The default parameter is all. Flow redirection is disabled by default. Usage Guidelines When you create a new flow redirection policy, flow redirection is automatically enabled.
Page 588: Disable Slb
SLB Commands—“i” Series Switches Only disable slb disable slb Description Disables SLB processing. Syntax Description This command has no arguments or variables. Default SLB is disabled by default. Usage Guidelines Disabling SLB causes the following to occur: • Closes all connections. •...
Page 589: Disable Slb 3Dns
disable slb 3dns disable slb 3dns disable slb 3dns iquery-client Description Disables 3DNS support. Syntax Description This command has no arguments or variables. Default 3DNS is disabled by default. Usage Guidelines To enable 3DNS, use the following command: enable slb 3dns Example The following command disables 3DNS: disable slb 3dns iquery-client...
Page 590: Disable Slb Failover
SLB Commands—“i” Series Switches Only disable slb failover disable slb failover Description Disables the SLB failover mechanism. Syntax Description This command has no arguments or variables. Default SLB failover is disabled by default. Usage Guidelines To enable SLB failover, use the following command: enable slb failover Example The following command disables SLB failover:...
Page 591: Disable Slb Failover Manual-Failback
disable slb failover manual-failback disable slb failover manual-failback disable slb failover manual-failback Description Disables manual failback. Syntax Description This command has no arguments or variables. Default Manual failback is disabled by default. Usage Guidelines To enable manual failback, use the following command: enable slb failover manual-failback Example The following command disables manual failback:...
Page 592: Disable Slb Failover Ping-Check
SLB Commands—“i” Series Switches Only disable slb failover ping-check disable slb failover ping-check Description Disables ping check to an external gateway. Syntax Description This command has no arguments or variables. Default Ping check is disabled by default. Usage Guidelines To enable ping check, use the following command: enable slb failover ping-check Example The following command disables ping check:...
Page 593: Disable Slb Global Synguard
disable slb global synguard disable slb global synguard disable slb global synguard Description Disables the TCP SYN-guard feature. Syntax Description This command has no arguments or variables. Default SYN-guard is disabled by default. Usage Guidelines To enable SYN-guard, use the following command: enable slb global synguard Example The following command disables SYN-guard:...
Page 594: Disable Slb Gogo-Mode
SLB Commands—“i” Series Switches Only disable slb gogo-mode disable slb gogo-mode <port number> {all} Description Disables GoGo mode processing. Syntax Description port number Specifies the GoGo mode master port. Disables all health checking. Default GoGo mode is disabled by default. Usage Guidelines Before you disable GoGo mode, disconnect the servers;...
Page 595: Disable Slb Gogo-Mode Ping-Check
disable slb gogo-mode ping-check disable slb gogo-mode ping-check disable slb gogo-mode <port number> ping-check Description Disables layer 3 ping check for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. Default GoGo mode ping check is disabled by default. Usage Guidelines To enable ping check for a GoGo mode group, use the following command: enable slb gogo-mode ping-check...
Page 596: Disable Slb Gogo-Mode Service-Check
SLB Commands—“i” Series Switches Only disable slb gogo-mode service-check disable slb gogo-mode <port number> service-check [all | ftp | http | nntp | pop3 | smtp | telnet | <TCP port number>] Description Disables layer 7 service check for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 597: Disable Slb Gogo-Mode Tcp-Port-Check
disable slb gogo-mode tcp-port-check disable slb gogo-mode tcp-port-check disable slb gogo-mode <port number> tcp-port-check [all | ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Disables layer 4 TCP port check for this GoGo mode group.
Page 598 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 599: Disable Slb L4-Port
disable slb L4-port disable slb L4-port disable slb L4-port [all | ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Disables one or all SLB ports.
Page 600 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 601: Disable Slb Node
disable slb node disable slb node disable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {close-connections-now} Description Disables one or all nodes.
Page 602 SLB Commands—“i” Series Switches Only Example The following command disables all nodes and immediately closes all open connections: disable slb node all close-connections-now History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 603: Disable Slb Node Ping-Check
disable slb node ping-check disable slb node ping-check disable slb node [all | <ip address>] ping-check Description Disables layer 3 ping check. Syntax Description Specifies all nodes. ip address Specifies the IP address of the node. Default Ping check is disabled by default. Usage Guidelines Ping check is automatically enabled when a node is added to a pool.
Page 604: Disable Slb Node Tcp-Port-Check
SLB Commands—“i” Series Switches Only disable slb node tcp-port-check disable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] tcp-port-check Description Disables layer 4 TCP port checking.
Page 605 disable slb node tcp-port-check Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 606: Disable Slb Proxy-Client-Persistence
SLB Commands—“i” Series Switches Only disable slb proxy-client-persistence disable slb proxy-client-persistence Description Disables proxy client persistence. Syntax Description This command has no arguments or variables. Default Proxy client persistence is disabled by default. Usage Guidelines To enable proxy client persistence, use the following command: enable slb proxy-client-persistence Example The following command disables proxy client persistence:...
Page 607: Disable Slb Vip
disable slb vip disable slb vip disable slb vip [all | <vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {close-connections-now} Description Disables one or all virtual servers.
Page 608 SLB Commands—“i” Series Switches Only Example The following command disables the virtual server named ftp_vip and closes all open connections: disable slb vip ftp_vip close-connections-now History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 609: Disable Slb Vip Client-Persistence
disable slb vip client-persistence disable slb vip client-persistence disable slb vip [all | <vip name>] client-persistence Description Disables client persistence. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Client persistence is disabled by default. Usage Guidelines To enable client persistence, use the following command: enable slb vip client-persistence Example...
Page 610: Disable Slb Vip Service-Check
SLB Commands—“i” Series Switches Only disable slb vip service-check disable slb vip [all | <vip name>] service-check Description Disables layer 7 service check. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Service check is disabled by default. Usage Guidelines To enable service check, use the following command: enable slb vip service-check...
Page 611: Disable Slb Vip Sticky-Persistence
disable slb vip sticky-persistence disable slb vip sticky-persistence disable slb vip [all | <vip name>] sticky-persistence Description Disables sticky persistence. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Sticky persistence is disabled by default. Usage Guidelines Sticky persistence is available only on wildcard virtual servers;...
Page 612: Disable Slb Vip Svcdown-Reset
SLB Commands—“i” Series Switches Only disable slb vip svcdown-reset disable slb vip [all | <vip name>] svcdown-reset Description Disables the svcdown-reset feature. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default The svcdown-reset feature is disabled by default. Usage Guidelines The svcdown-reset feature configures the switch to send TCP RST packets to both the clients and the virtual server if the virtual server fails a health-check.
Page 613: Enable Flow-Redirect
enable flow-redirect enable flow-redirect enable flow-redirect [all | <flow redirect>] Description Enables flow redirection. Syntax Description Specifies all flow redirection policies. flow redirect Specifies a single flow redirection policy. Default The default parameter is all. Flow redirection is disabled by default. Usage Guidelines When you create a new flow redirection policy, flow redirection is automatically enabled.
Page 614: Enable Slb
SLB Commands—“i” Series Switches Only enable slb enable slb Description Enables SLB processing. Syntax Description This command has no arguments or variables. Default SLB is disabled by default. Usage Guidelines This command activates the following functions for transparent, translational, and port translation modes: •...
Page 615: Enable Slb 3Dns
enable slb 3dns enable slb 3dns enable slb 3dns iquery-client Description Enables 3DNS support. Syntax Description This command has no arguments or variables. Default 3DNS is disabled by default. Usage Guidelines The following 3DNS global balance modes are supported: • completion •...
Page 616: Enable Slb Failover
SLB Commands—“i” Series Switches Only enable slb failover enable slb failover Description Enables SLB failover. Syntax Description This command has no arguments or variables. Default Failover is disabled by default. Usage Guidelines When SLB failover is enabled, the primary SLB switch automatically resumes primary status when it becomes active.
Page 617: Enable Slb Failover Manual-Failback
enable slb failover manual-failback enable slb failover manual-failback enable slb failover manual-failback Description Enables manual failback. Syntax Description This command has no arguments or variables. Default Manual failback is disabled by default. Usage Guidelines When manual failback is enabled, the primary SLB switch does not automatically resume primary status until you use the following command: configure slb failover failback-now To disable manual failback, use the following command:...
Page 618: Enable Slb Failover Ping-Check
SLB Commands—“i” Series Switches Only enable slb failover ping-check enable slb failover ping-check Description Enables ping check. Syntax Description This command has no arguments or variables. Default Ping check is disabled by default. Usage Guidelines To disable ping check, use the following command: disable slb failover ping-check Example The following command enables ping check:...
Page 619: Enable Slb Global Synguard
enable slb global synguard enable slb global synguard enable slb global synguard Description Enables the TCP SYN-guard feature. Syntax Description This command has no arguments or variables. Default SYN-guard is disabled by default. Usage Guidelines To disable SYN-guard, use the following command: disable slb global synguard Example The following command enables SYN-guard:...
Page 620: Enable Slb Gogo-Mode
SLB Commands—“i” Series Switches Only enable slb gogo-mode enable slb gogo-mode <port number> grouping <port list> Description Enables GoGo mode processing for a group of ports. Syntax Description port number Specifies the GoGo mode master port. port list Specifies a range or list of ports assigned to the group. Default GoGo mode is disabled by default.
Page 621: Enable Slb Gogo-Mode Ping-Check
enable slb gogo-mode ping-check enable slb gogo-mode ping-check enable slb gogo-mode <port number> ping-check <ip address> Description Enables layer 3 ping check for the GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. ip address Specifies an IP address to be pinged. Default GoGo mode ping check is disabled by default.
Page 622: Enable Slb Gogo-Mode Service-Check
SLB Commands—“i” Series Switches Only enable slb gogo-mode service-check enable slb gogo-mode <port number> service-check [all | ftp | http | nntp | pop3 | smtp | telnet | <TCP port number>] Description Enables layer 7 service checking for the GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 623: Enable Slb Gogo-Mode Tcp-Port-Check
enable slb gogo-mode tcp-port-check enable slb gogo-mode tcp-port-check enable slb gogo-mode <port number> tcp-port-check [all | ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Enables layer 4 TCP port check for the GoGo mode group.
Page 624 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 625: Enable Slb L4-Port
enable slb L4-port enable slb L4-port enable slb L4-port [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Enables an SLB port.
Page 626 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 627: Enable Slb Node
enable slb node enable slb node enable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] Description Enables one or all nodes.
Page 628 SLB Commands—“i” Series Switches Only History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 629: Enable Slb Node Ping-Check
enable slb node ping-check enable slb node ping-check enable slb node [all | <ip address>] ping-check Description Enables layer 3 ping check. Syntax Description Specifies all nodes. ip address Specifies the IP address of the node. Default Ping check is enabled by default. Usage Guidelines Ping check is automatically enabled when a node is added to a pool.
Page 630: Enable Slb Node Tcp-Port-Check
SLB Commands—“i” Series Switches Only enable slb node tcp-port-check enable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] tcp-port-check Description Enables layer 4 TCP port check.
Page 631 enable slb node tcp-port-check Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 632: Enable Slb Proxy-Client-Persistence
SLB Commands—“i” Series Switches Only enable slb proxy-client-persistence enable slb proxy-client-persistence Description Enables proxy client persistence. Syntax Description This command has no arguments or variables. Default Proxy client persistence is disabled by default. Usage Guidelines To disable proxy client persistence, use the following command: disable slb proxy-client-persistence Example The following command enables proxy client persistence:...
Page 633: Enable Slb Vip
enable slb vip enable slb vip enable slb vip [all | <vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] Description Enables one or all virtual servers.
Page 634 SLB Commands—“i” Series Switches Only History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 635: Enable Slb Vip Client-Persistence
enable slb vip client-persistence enable slb vip client-persistence enable slb vip [all | <vip name>] client-persistence {netmask <netmask>} Description Enables client persistence. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. netmask Specifies a netmask. Default The default is disabled. Usage Guidelines To disable client persistence, use the following command: disable slb vip client-persistence...
Page 636: Enable Slb Vip Service-Check
SLB Commands—“i” Series Switches Only enable slb vip service-check enable slb vip [all | <vip name>] service-check Description Enables layer 7 service check. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Service check is disabled by default. Usage Guidelines The service checks are based on the following information: •...
Page 637: Enable Slb Vip Sticky-Persistence
enable slb vip sticky-persistence enable slb vip sticky-persistence enable slb vip [all | ipaddress <ip address> | <vip name>] sticky-persistence {netmask <netmask>} Description Enables the sticky persistence feature and specifies the client address mask. Syntax Description Specifies all virtual servers. ip address Specifies an IP address.
Page 638: Enable Slb Vip Svcdown-Reset
SLB Commands—“i” Series Switches Only enable slb vip svcdown-reset enable slb vip [all | <vip name>] svcdown-reset Description Enables svcdown-reset. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default The svcdown-reset feature is disabled by default. Usage Guidelines The svcdown-reset feature configures the switch to send TCP RST packets to both the clients and the virtual server if the virtual server fails a health-check.
Page 639: Show Flow-Redirect
show flow-redirect show flow-redirect show flow-redirect <flow redirect> Description Displays the current configuration and statistics for flow redirection. Syntax Description flow redirect Specifies a flow redirection policy. Default Usage Guidelines If you do not specify a flow redirection policy, configuration and statistics for all flow redirection policies are displayed.
Page 640 SLB Commands—“i” Series Switches Only Service Checking: Displays the configured service check type. • • http • L4-port • nntp • ping • pop3 • smtp • telnet IP Address Displays the IP address of the next hop. State Displays the status of the next hop, either up or down. Flow Info Displays hardware mapping information.
Page 641: Show Slb 3Dns Members
show slb 3dns members show slb 3dns members show slb 3dns members Description Displays the current connection information between the switch and the 3DNS query. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current 3DNS information: show slb 3dns members IP Address...
Page 642: Show Slb Connections
SLB Commands—“i” Series Switches Only show slb connections show slb connections [ipaddress <ip address>: [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] | vip <vip name>] Description Displays information about current connections.
Page 643 show slb connections Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 644: Show Slb Esrp
SLB Commands—“i” Series Switches Only show slb esrp show slb esrp Description Displays SLB configuration for ESRP. Syntax Description This command has no arguments or variables. Default Usage Guidelines None Example The following command displays the current ESRP configuration: show slb esrp Following is the output from this command: VLAN Name SLB Unit Status SLB Unit(s)
Page 645: Show Slb Failover
show slb failover show slb failover show slb failover Description Displays SLB failover configuration and status. Syntax Description This command has no arguments or variables. Default Usage Guidelines command also displays SLB failover configuration and status. show slb global Example The following command displays the current SLB failover configuration and status: show slb failover Following is the output from this command:...
Page 646 SLB Commands—“i” Series Switches Only Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 647: Show Slb Global
show slb global show slb global show slb global Description Displays the current SLB global configuration information. Syntax Description This command has no arguments or variables. Default Usage Guidelines Displays the following: • Global enable/disable mode • Global modes • Default settings for health checker •...
Page 648 SLB Commands—“i” Series Switches Only Password: (not shown) SMTPDomain: "mydomain.com" NNTP Newsgroup: "ebusiness" User: anonymous Password: (not shown) POP3User: anonymous Password: (not shown) SLB Failover Configuration: Failover: Enabled Local unit ID: 1 Local IP address: 10.1.1.1 Remote IP address: 10.1.1.2 TCP port number: 1028 Remote Alive frequency: 1 Remote Dead frequency: 2...
Page 649: Show Slb Gogo-Mode
show slb gogo-mode show slb gogo-mode show slb gogo-mode <port number> {configuration} Description Displays GoGo mode ping check, TCP port check, and service check status. Syntax Description port number Specifies the GoGo mode master port. configuration Displays configuration instead of status. Default Usage Guidelines If you do not specify a master port, status is displayed for all GoGo mode groups with health checks...
Page 650: Show Slb L4-Port
SLB Commands—“i” Series Switches Only show slb L4-port show slb L4-port [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Displays the SLB configuration for the active layer 4 ports.
Page 651 show slb L4-port Platform Availability This command is available on all “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 652: Show Slb Node
SLB Commands—“i” Series Switches Only show slb node show slb node {<ip address> [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]} Description Displays node configuration and status.
Page 653 show slb node Flags: E - Enable, U - Up, R - IP Route Up, H - Health check enabled, P - Health check passed, ! - VLAN not configured with "slb-type" History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all “i”...
Page 654: Show Slb Persistence
SLB Commands—“i” Series Switches Only show slb persistence show slb persistence Description Displays persistence status of existing clients. Syntax Description This command has no arguments or variables. Default Usage Guidelines None Example The following command displays the current persistence status: show slb persistence History This command was first available in ExtremeWare 6.1.
Page 655: Show Slb Pool
show slb pool show slb pool show slb pool <pool name> Description Displays the current SLB pool configuration and status. Syntax Description pool name Specifies a pool. Default Usage Guidelines If you do not specify a pool, configuration and status for all pools is displayed. Example The following command displays the current pool configuration and statistics for all pools, currently “rr_pool”...
Page 656: Show Slb Stats
SLB Commands—“i” Series Switches Only show slb stats show slb stats [pool <pool name> | vip <vip name>] Description Displays the current SLB pool connection status. Syntax Description pool name Specifies a pool. vip name Specifies a virtual server. Default Usage Guidelines If you specify but do not specify a specific pool, status for all pools is displayed.
Page 657: Show Slb Vip
show slb vip show slb vip show slb vip [<vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {detail} Description Displays the current virtual server configuration and statistics.
Page 658 SLB Commands—“i” Series Switches Only ratio_vip 4.1.1.100 EUA-----ratio_po0/3 rr_vip 10.1.1.10 EUA----!rr_pool0/3 Modes: TP - Transparent, TL - Translational, PT - Port Translational Automatically Exported via: PA - Proxy Arp, HR - Host Route, SR - Subnet Route Flags: E - Enable, U - Up, A - Active Unit, H - Health-Check Enabled,...
Page 659: Unconfigure Slb All
unconfigure slb all unconfigure slb all unconfigure slb all Description Resets SLB global defaults and clears the SLB configuration. Syntax Description This command has no arguments or variables. Default Usage Guidelines This command does not delete nodes, pools, or virtual servers. To delete all nodes and pools, use the following command: delete slb pool all To delete all virtual servers, use the following command:...
Page 660: Unconfigure Slb Gogo-Mode Health-Check
SLB Commands—“i” Series Switches Only unconfigure slb gogo-mode health-check unconfigure slb gogo-mode <port number> health-check Description Disables and deletes all the ping check, TCP port check, and service check configurations for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. Default Usage Guidelines None...
Page 661: Unconfigure Slb Gogo-Mode Service-Check
unconfigure slb gogo-mode service-check unconfigure slb gogo-mode service-check unconfigure slb gogo-mode <port number> service-check [all | ftp | http | nntp | pop3 | smtp | telnet | <TCP port number>] Description Disables and deletes the GoGo mode service check configuration. Syntax Description port number Specifies the GoGo mode master port.
Page 662: Unconfigure Slb Vip Service-Check
SLB Commands—“i” Series Switches Only unconfigure slb vip service-check unconfigure slb vip [all | <vip name>] service-check Description Disables and deletes the service check configuration. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Usage Guidelines None Example The following command disables and deletes the FTP service-check configurations for the virtual server...
Page 663: Commands For Status Monitoring And Statistics
Commands for Status Monitoring and Statistics This chapter describes commands for: • Configuring and managing the Event Management System and logging • Enabling and disabling NetFlow flow statistics collection (“i” series platforms only) • Configuring flow-collection port and filtering options (“i” series platforms only) •...
Page 664 Commands for Status Monitoring and Statistics display or telnet session. In addition to maintaining an internal log, the switch supports remote logging by way of the UNIX syslog host facility. NetFlow Statistics—“i” Series Platforms Only NetFlow flow statistics provide a way for a switch to capture and export traffic classification or precedence information as data traverses, or flows across, portions of a network.
Page 665: Clear Counters
clear counters clear counters clear counters Description Clears all switch statistics and port counters, including port packet statistics, bridging statistics, IP statistics, log event counters, and MPLS statistics. Syntax Description This command has no arguments or variables. Default Usage Guidelines You should view the switch statistics and port counters before you clear them.
Page 666: Clear Log
Commands for Status Monitoring and Statistics clear log For the “i” series switches: clear log {diag-status | error-led | static | messages [memory-buffer | nvram]} For the “e” series switches: clear log {diag-status | static | messages [memory-buffer | nvram]} Description Clears the log database.
Page 667 clear log clear log static History This command was first available in ExtremeWare 2.0. option was added in ExtremeWare 7.0.0. diag-status option was added in ExtremeWare 7.1.0 error-led option was added in ExtremeWare 7.1.0 messages This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. options were added in ExtremeWare 7.2e.
Page 668: Clear Log Counters
Commands for Status Monitoring and Statistics clear log counters clear log counters {<event condition> | [all | <event component>] {severity <severity> {only}}} Description Clears the incident counters for events. Syntax Description event condition Specifies the event condition counter to clear. Specifies that all events counters are to be cleared.
Page 669 clear log counters History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.2e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 670: Clear Log Diag Error
Specifies the slot where the I/O module is installed. Default Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can clear the Alpine diagnostics failures from the NVRAM using the following command: clear log diag error <slot number>...
Page 671: Clear Log Diag Remap
Specifies the slot where the I/O module is installed. Default Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can clear the packet memory diagnostics failures from the EEPROM using the following command: clear log diag remap <slot number>...
Page 672: Clear Transceiver-Test
Commands for Status Monitoring and Statistics clear transceiver-test clear transceiver-test Description Clears (resets) the transceiver test statistics. NOTE This command is available only on the “i” series modular switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines To display the transceiver test statistics, use the command.
Page 673 clear transceiver-test Platform Availability This command is available on “i” series modular switches only. ExtremeWare 7.7 Command Reference Guide...
Page 674: Configure Flowstats Export Add Port
Commands for Status Monitoring and Statistics configure flowstats export add port configure flowstats export <group#> add [<ipaddress> | <hostname>] <udp_port> Description Adds a flow-collector device to an export group to which NetFlow datagrams are exported. NOTE This command is available only on the “i” series switches. Syntax Description group# Specifies the export group to which the specified flow-collector device should be added.
Page 675 configure flowstats export add port History This command was first available in ExtremeWare 6.2. Platform Availability This command is available only on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 676: Configure Flowstats Export Delete Port
Commands for Status Monitoring and Statistics configure flowstats export delete port configure flowstats export <group#> delete [<ipaddress> | <hostname>] <udp_port> Description Removes a flow-collector device from an export group to which NetFlow datagrams are exported. NOTE This command is available only on the “i” series switches. Syntax Description group# Specifies the export group to which the specified flow-collector device belongs.
Page 677: Configure Flowstats Filter Ports
configure flowstats filter ports configure flowstats filter ports configure flowstats filter <filter#> {aggregation} {export <group#>} ports <portlist> [ingress | egress] <filterspec> Description Configures a flow record filter for the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description filter# The filter# parameter is an integer in the range from 1 to 8 that identifies the filter being...
Page 678 Commands for Status Monitoring and Statistics Conceptually, the filters work by ANDing the contents of each of the five components of a forwarded flow with the associated masks from the first defined filter (filter #1). Statistics are maintained if the results of the AND operations match the configured filter values for all fields of the sequence.
Page 679: Configure Flowstats Source
configure flowstats source configure flowstats source configure flowstats source ipaddress <ipaddress> Description Configures the IP address that is to be used as the source IP address for NetFlow datagrams to be exported. NOTE This command is available only on the “i” series switches. Syntax Description ipaddress Specifies the IP address of a VLAN to be used as the source address for the NetFlow datagrams.
Page 680: Configure Flowstats Timeout Ports
Commands for Status Monitoring and Statistics configure flowstats timeout ports configure flowstats timeout <minutes> ports [<portlist> | all] Description Configures the timeout value for flow records on the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description minutes Specifies the number of minutes to use in deciding when to export flow records.
Page 681: Configure Log Display
configure log display configure log display configure log display {<severity>} Description Configures the real-time log display. Syntax Description severity Specifies a message severity. Severities include critical, error, warning, notice, info, debug-summary, debug-verbose, and debug-data. Default If not specified, messages of all severities are displayed on the console display. Usage Guidelines You must enable the log display before messages are displayed on the log display.
Page 682 Commands for Status Monitoring and Statistics Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 683: Configure Log Filter Events
configure log filter events configure log filter events configure log filter <filter name> [add | delete] {exclude} events [<event condition> | [all | <event component>] {severity <severity> {only}}] Description Configures a log filter by adding or deleting a specified set of events. Syntax Description filter name Specifies the filter to configure.
Page 684 Commands for Status Monitoring and Statistics Events, Components, and Subcomponents. As mentioned, a single event can be included or excluded by specifying the event’s name. Multiple events can be added or removed by specifying an ExtremeWare component name plus an optional severity. Some components, such as BGP, contain subcomponents, such as Keepalive, which is specified as BGP.Keepalive.
Page 685 configure log filter events configure log filter myFilter add events bgp.keepalive severity error only then the following exclude item actually results in no change to the filter item list: configure log filter myFilter add exclude events bgp.updatein severity all Since the newly created filter called myFilter only includes some items from the subcomponent BGP.Keepalive, there are no BGP.UpdateIn events that need to be excluded.
Page 686: Configure Log Filter Events Match
Commands for Status Monitoring and Statistics configure log filter events match configure log filter <filter name> [add | delete] {exclude} events [<event condition> | [all | <event component>] {severity <severity> {only}}] [match | strict-match] <type> <value> {and <type> <value> ...} Description Configures a log filter by adding or deleting a specified set of events and specific set of match parameter values.
Page 687 configure log filter events match definitions (the event text and parameter types). The syntax for the parameter types (represented by <type> in the command syntax above) is: [bgp [neighbor | routerid] <ip address> | eaps <eaps domain name> | {destination | source} [ipaddress <ip address> | L4-port | mac-address ] | {egress | ingress} [slot <slot number>...
Page 688 Commands for Status Monitoring and Statistics configure log bridgeFilter add events bridge severity notice match source mac-address 00:11:12:13:14:15 configure log bridgeFilter add events bridge severity notice match source mac-address 00:21:22:23:24:25 configure log bridgeFilter add events bridge severity notice match source mac-address 00:31:32:33:34:35 In order to exclude only incidents whose parameter values match the specified criteria, follow this two-step process.
Page 689 configure log filter events match Example By default, all log targets are associated with the built-in filter called DefaultFilter. Therefore, the most straightforward way to send additional messages to a log target is to modify DefaultFilter. In the following example, the command modifies the built-in filter to allow incidents in the STP component, and all subcomponents of STP, of severity critical, error, warning, notice and info.
Page 690: Configure Log Filter Set Severity
Commands for Status Monitoring and Statistics configure log filter set severity configure log filter <filter name> set severity <severity> events [<event component> | all ] Description Sets the severity level of an existing filter item. Syntax Description filter name Specifies the filter to configure. severity Specifies the severity level to send.
Page 691 configure log filter set severity To see the current configuration of a filter, use the following command: show log configuration filter Example To change the severity level of the filter item added with this command: configure log filter bgpFilter2 add events bgp.keepalive severity notice use the following command: configure log filter bgpFilter2 set severity info events bgp.keepalive History...
Page 692: Configure Log Filter Set Severity Match
Commands for Status Monitoring and Statistics configure log filter set severity match configure log filter <filter name> set severity <severity> events [<event condition> | [all | <event component>]] [match | strict-match] <type> <value> {and <type> <value> ...} Description Sets the severity level of an existing filter item. Syntax Description filter name Specifies the filter to configure.
Page 693 configure log filter set severity match source ipaddress 10.1.2.0/24 Using the single command eliminates the possibility of missing an event of interest between the separate commands. delete See the command on page 791 for a detailed description of severity levels. show log To see the current configuration of a target, use the following command: show log configuration target {console-display | memory-buffer | nvram | session |...
Page 694: Configure Log Target Filter
Commands for Status Monitoring and Statistics configure log target filter configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] filter <filter name> {severity <severity> {only}} Description Associates a filter to a target. Syntax Description target Specifies the device to send the log entries.
Page 695 configure log target filter Table 14: Default Target Log Characteristics Target Enabled Severity Level Pre-7.1.0 Command to Set Log Severity console display no info configure log display {<severity>} memory buffer debug-data NVRAM warning session info syslog debug-data configure syslog add <host name/ip> {: <udp-port>} [local0...
Page 696: Configure Log Target Format
Commands for Status Monitoring and Statistics configure log target format configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] format [date [dd-mm-yyyy | dd-Mmm-yyyy | mm-dd-yyyy | Mmm-dd | yyyy-mm-dd | none] | host-name [on | off] | event-name [component | condition | none | subcomponent] | priority [on | off] | process-id [on | off] | process-name [on | off] | sequence-number [on | off] | severity [on | off] |...
Page 697 configure log target format • severity—on • event-name—condition • host-name—off • priority—off • tag-id—off • tag-name—off • sequence-number—off • process-name—off • process-id—off • source-function—off • source-line—off The following defaults apply to syslog targets (per RFC 3164): • timestamp—seconds • date—mmm-dd •...
Page 698 Commands for Status Monitoring and Statistics Timestamps. A timestamp refers to the time an event occurred. Timestamps can be output either in seconds, as described in RFC 3164 (for example, “13:42:56”), or in hundredths of a second (for example, “13:42:56.98”). They can also be suppressed altogether. To display timestamps as hh:mm:ss, use the keyword;...
Page 699 configure log target format Process Name. For providing detailed information to technical support, the (internal) ExtremeWare task names of the applications detecting the events can be displayed by specifying process-name on suppressed by specifying . The default setting is process-name off process-name off Process ID.
Page 700: Configure Log Target Match
Commands for Status Monitoring and Statistics configure log target match configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] match [any |<match-expression>] Description Associates a match expression to a target. Syntax Description console-display Specifies the console display.
Page 701 configure log target match Example The following command sends log messages to the current session if they pass the current filter and severity level and contain the string “user5”: configure log target session match user5 History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e”...
Page 702: Configure Log Target Severity
Commands for Status Monitoring and Statistics configure log target severity configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] {severity <severity> {only}} Description Sets the severity level of messages sent to the target. Syntax Description console-display Specifies the console display.
Page 703 configure log target severity Example The following command sends log messages to the current session that pass the current filter at a severity level of info or greater: configure log target session severity info History This command was first available in ExtremeWare 7.1.0. This command was added to the Summit “e”...
Page 704: Configure Packet-Mem-Scan-Recovery-Mode
Commands for Status Monitoring and Statistics configure packet-mem-scan-recovery-mode configure packet-mem-scan-recovery-mode [offline | online] [msm-a | msm-b | msm-c | msm-d | <slot number>] Description Configures packet memory scanning and the recovery mode setting on a BlackDiamond module. NOTE This command is available only on the BlackDiamond switches. Syntax Description offline Specifies that a faulty BlackDiamond module is taken offline and kept offline if one of the...
Page 705 configure packet-mem-scan-recovery-mode Example The following command enables packet memory scanning on slot 1, and specifies that the module be taken offline: configure packet-mem-scan-recovery mode offline slot 1 The following command enables packet memory scanning on the MSM module in slot B, and specifies that the module be kept online configure packet-mem-scan-recovery mode online slot msm-b History...
Page 706: Configure Sflow Agent
Commands for Status Monitoring and Statistics configure sflow agent configure sflow agent <ip-address> Description Configures the sFlow agent source IP address used in the sFlow UDP datagrams sent to the sFlow collector. NOTE This command is available only on the “i” series switches. Syntax Description ip-address Specifies the IP address from which sFlow data is sent on the switch.
Page 707: Configure Sflow Backoff-Threshold
configure sflow backoff-threshold configure sflow backoff-threshold configure sflow backoff-threshold <rate> Description Configures the maximum number of packets sent to the sFlow collector per second. NOTE This command is available only on the “i” series switches. Syntax Description rate Specifies the maximum number of packets sent to the sFlow collector per second. The range is 100 - 5000 Default The default is 50.
Page 708 Commands for Status Monitoring and Statistics Platform Availability This command is available only on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 709: Configure Sflow Collector
configure sflow collector configure sflow collector configure sflow collector <ip-address> port <udp-port> Description Configures the IP address and UDP port number identifying the sFlow collector. NOTE This command is available only on the “i” series switches. Syntax Description ip-address Specifies the IP address to send the sFlow data. udp-port Specifies the UDP port number to send the sFlow data.
Page 710 Commands for Status Monitoring and Statistics Platform Availability This command is available only on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 711: Configure Sflow Poll-Interval
configure sflow poll-interval configure sflow poll-interval configure sflow poll-interval <seconds> Description Configures the sFlow counter polling interval, the interval at which the statistics counter values are sent to the sFlow collector. NOTE This command is available only on the “i” series switches. Syntax Description seconds Specifies the number of seconds between polling each counter.
Page 712: Configure Sflow Sample-Rate
Commands for Status Monitoring and Statistics configure sflow sample-rate configure sflow sample-rate <number> Description Configures the sample rate at which the sFlow agent collects network traffic samples. NOTE This command is available only on the “i” series switches. Syntax Description number Specifies the fraction (1/number) of packets to be sampled.
Page 713: Configure Sys-Hardware-Recovery
configure sys-hardware-recovery configure sys-hardware-recovery configure sys-hardware-recovery [log | card-reset | card-offline | fabric-reset | system-offline | system-reset] Description Configures a recovery mechanism for a switch or module with a processor in a hang state. NOTE This command is available only on the “i” series switches. Syntax Description Posts a CRIT message to the syslog.
Page 714 Commands for Status Monitoring and Statistics Example The following command sets a switch to reset an I/O module with a processor in a hang state: configure sys-hardwre-recovery card-reset History This command was first available in ExtremeWare 7.6. Platform Availability This command is available only on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 715: Configure Sys-Health-Check Alarm-Level
configure sys-health-check alarm-level configure sys-health-check alarm-level configure sys-health-check alarm-level [card-down | default | log | system-down | traps] Description Configures the alarm response for the system health checker. NOTE This command is available only on the Alpine, BlackDiamond, and Summit “i” series switches. Syntax Description card-down Shuts down the module that failed the health check.
Page 716 Commands for Status Monitoring and Statistics In ExtremeWare versions prior to 6.2, you cannot use both mirroring and the system health checker at the same time. If you configure mirroring with the system health checker enabled, the health checker will indicate that it has been disabled by sending a message to the syslog. In ExtremeWare 6.2 or later, this restriction does not apply.
Page 717: Configure Sys-Health-Check Alarm-Level Msm
configure sys-health-check alarm-level msm configure sys-health-check alarm-level msm configure sys-health-check alarm-level msm [auto-recovery | card-down | default | log | system-down | traps] Description Configures a separate alarm response for the system health checker specifically for MSMs in the BlackDiamond switches. NOTE This command is available only on the BlackDiamond switches.
Page 718 Commands for Status Monitoring and Statistics will indicate that it has been disabled by sending a message to the syslog. In ExtremeWare 6.2 or later, this restriction does not apply. If the faulty module is a master MSM, the slave MSM automatically becomes the master and sets the faulty MSM to the card-down state.
Page 719: Configure Sys-Health-Check Auto-Recovery
configure sys-health-check auto-recovery configure sys-health-check auto-recovery configure sys-health-check auto-recovery <number> [offline | online] Description Configures the auto-recovery function of the system health checker. NOTE This command is available only on the “i” series switches. Syntax Description number Specifies the number of times that the health checker attempts to auto-recover a faulty module. The range is from 0 through 255 times.
Page 720 Commands for Status Monitoring and Statistics In ExtremeWare versions prior to 6.2, you cannot use both mirroring and the system health checker at the same time. If you configure mirroring with the system health checker enabled, the health checker indicates that it has been disabled by sending a message to the syslog. In ExtremeWare 6.2 or later, this restriction does not apply.
Page 721 configure sys-health-check auto-recovery To view the failure messages, use the command. show diagnostics To clear the MSM failure messages posted to the log, use the command. This command clear log clears the error messages from the MSM NVRAM. If the MSM failed a system health check, this command restores the MSM to full functionality.
Page 722: Configure Sys-Health-Check Scan Recovery
Reset module and run diagnostics (remap). Usage Guidelines Extreme Networks support personnel can configure the action taken by the system health check if diagnostics are run or if checksum errors trigger diagnostics. If diagnostics are run or triggered in previous releases of ExtremeWare, the module is reset and diagnostics are run. Support personnel can...
Page 723 configure sys-health-check scan recovery History This command was first available in ExtremeWare 7.2.0b25. Platform Availability This command is available only on “i” series switches other than the BlackDiamond 6816 switch. ExtremeWare 7.7 Command Reference Guide...
Page 724: Configure Sys-Recovery-Level
Commands for Status Monitoring and Statistics configure sys-recovery-level For the “i” series switches: configure sys-recovery-level [none | [all | critical] [msm-failover | reboot | shutdown | system-dump [maintenance-mode | msm-failover | reboot | shutdown]] For the “e” series switches: configure sys-recovery-level [none | [all | critical] [reboot ] Description Configures a recovery option for instances where an exception occurs in ExtremeWare.
Page 725 configure sys-recovery-level For ExtremeWare 6.1, the system always reboots after a task exception when the system recovery level is specified as critical For ExtremeWare 6.2 or later, you must specify whether the system should shut down or reboot upon a task exception if the recovery level is critical For BlackDiamond Switches.
Page 726: Configure Syslog Add
Commands for Status Monitoring and Statistics configure syslog add configure syslog {add} <host name/ip> {: <udp-port>} [local0 ... local7] {<severity>} Description Configures the remote syslog server host address, and filters messages to be sent to the remote syslog target. Syntax Description host name/ip Specifies the remote syslog server host name or IP address.
Page 727 configure syslog add • configure syslog 123.45.67.78 local1 critical • configure syslog add 123.45.67.78 local1 critical History This command was first available in ExtremeWare 2.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms.
Page 728: Configure Syslog Delete
Commands for Status Monitoring and Statistics configure syslog delete configure syslog delete <host name/ip> {: <udp-port>} [local0 ... local7] Description Deletes a remote syslog server address. Syntax Description host name/ip Specifies the remote syslog server host name or IP address. udp-port Specifies the UDP port number for the syslog target.
Page 729: Configure Transceiver-Test Failure-Action
configure transceiver-test failure-action configure transceiver-test failure-action configure transceiver-test failure-action [log | sys-health-check] Description Configures the action the switch takes if too many failures are detected within the specified window. NOTE This command is available only on modular switches. Syntax Description Specifies that messages are sent to the syslog.
Page 730 Commands for Status Monitoring and Statistics The default for this command was changed to in ExtremeWare 6.2.2b134. This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available only on modular switches. ExtremeWare 7.7 Command Reference Guide...
Page 731: Configure Transceiver-Test Period
Use this feature when the switch can be brought off-line. Configuring the transceiver test period to 11 seconds or less can affect system performance; therefore, Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks.
Page 732: Configure Transceiver-Test Threshold
Three errors Usage Guidelines Use this feature when the switch can be brought off line. Extreme Networks does not recommend changing the default transceiver test threshold parameter. The default parameter is adequate for most networks. Example The following command configures the switch to accept 4 errors before an action is taken:...
Page 733: Configure Transceiver-Test Window
Extreme Networks does not recommend changing the default transceiver test window parameter. The default parameter is adequate for most networks. Example The following command configures the switch to check for errors within the last seven 20-second...
Page 734: Create Log Filter
Commands for Status Monitoring and Statistics create log filter create log filter <name> {copy <filter name>} Description Create a log filter with the specified name. Syntax Description name Specifies the name of the filter to create. copy Specifies that the new filter is to be copied from an existing one. filter name Specifies the existing filter to copy.
Page 735 create log filter Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 736: Delete Log Filter
Commands for Status Monitoring and Statistics delete log filter delete log filter [<filter name> | all] Description Delete a log filter with the specified name. Syntax Description filter name Specifies the filter to delete. Specifies that all filters, except DefaultFilter, are to be deleted Default Usage Guidelines This command deletes the specified filter, or all filters except for the filter DefaultFilter.
Page 737: Disable Cli-Config-Logging
disable cli-config-logging disable cli-config-logging disable cli-config-logging Description Disables the logging of CLI configuration commands to the switch Syslog. Syntax Description This command has no arguments or variables. Default Enabled Usage Guidelines command discontinues the recording of all switch configuration disable cli-config-logging changes and their sources that are made using the CLI via telnet or the local console.
Page 738: Disable Flowstats
Commands for Status Monitoring and Statistics disable flowstats disable flowstats Description Disables the flow statistics feature on the switch. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines When this feature is disabled, no flow records are exported.
Page 739: Disable Flowstats Filter Ports
disable flowstats filter ports disable flowstats filter ports disable flowstats filter <filter#> ports <portlist> {ingress | egress} Description Disables a specified flow record filter for the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description filter# Specifies the flow record filter that should be disabled.
Page 740 Commands for Status Monitoring and Statistics History This command was first available in ExtremeWare 6.1.5b20 for the PoS module only. This command was modified in ExtremeWare 6.2 to support all “i” series platforms. Platform Availability This command is available only on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 741: Disable Flowstats Ping-Check
disable flowstats ping-check disable flowstats ping-check disable flowstats ping-check {<group#> | all} Description Disables the flow statistics ping-check function for a specified group of collector devices. NOTE This command is available only on the “i” series switches. Syntax Description group# Specifies the export group for which the ping-check function should be disabled.
Page 742: Disable Flowstats Ports
Commands for Status Monitoring and Statistics disable flowstats ports disable flowstats ports <portlist> Description Disables the flow statistics function on the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports for which the flowstats function should be disabled. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 743: Disable Log Debug-Mode
disable log debug-mode disable log debug-mode disable log debug-mode Description Disables debug mode. The switch stops logging events of severity debug-summary, debug-verbose, and debug-data. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines This command disables debug mode. Debug mode must be enabled before logging debug messages, which can severely degrade performance.
Page 744: Disable Log Display
Commands for Status Monitoring and Statistics disable log display disable log display Description Disables the sending of messages to the console display. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines If the log display is disabled, log information is no longer written to the serial console. This command setting is saved to FLASH and determines the initial setting of the console display at boot-up.
Page 745: Disable Log Target
disable log target disable log target disable log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] Description Stop sending log messages to the specified target. Syntax Description console-display Specifies the console display. memory-buffer Specifies the switch memory buffer.
Page 746 Commands for Status Monitoring and Statistics Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 747: Disable Rmon
disable rmon disable rmon disable rmon Description Disables the collection of RMON statistics on the switch. Syntax Description This command has no arguments or variables. Default By default, RMON is disabled. However, even when RMON is disabled, the switch responds to RMON queries and sets for alarms and events.
Page 748: Disable Sflow
Commands for Status Monitoring and Statistics disable sflow disable sflow Description Globally disables sFlow statistical packet sampling. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines This command disables sFlow globally on the switch.
Page 749: Disable Sflow Backoff-Threshold
disable sflow backoff-threshold disable sflow backoff-threshold disable sflow backoff-threshold Description Disables the sFlow backoff-threshold feature, which limits the maximum number of packets sent to the sFlow collector per second. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables.
Page 750: Disable Sflow Ports
Commands for Status Monitoring and Statistics disable sflow ports disable sflow ports [<portlist> | all] Description Disables sFlow statistical packet sampling on a particular list of ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports.
Page 751: Disable Sys-Hardware-Recovery Polling
disable sys-hardware-recovery polling disable sys-hardware-recovery polling disable sys-hardware-recovery polling Description Configures the hardware recovery mechanism to work in a passive, non-polling mode. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default The polling mechanism is disabled by default.
Page 752: Disable Sys-Health-Check
Commands for Status Monitoring and Statistics disable sys-health-check disable sys-health-check Description Disables the BlackDiamond system health checker. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default Enabled Usage Guidelines If the system health checker is disabled, it does not test I/O modules, MSM modules, and the backplane for system faults.
Page 753: Disable Syslog
disable syslog disable syslog disable syslog Description Disables logging to all remote syslog server targets. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines Disables logging to all remote syslog server targets, but not to the switch targets. This setting is saved in FLASH, and will be in effect upon boot-up.
Page 754: Disable Temperature-Logging
Commands for Status Monitoring and Statistics disable temperature-logging disable temperature-logging Description Stops recording the celsius system temperature to the syslog for the BlackDiamond and Alpine systems. (The temperature is recorded in degrees celsius.) NOTE This command is available only on modular switches. Syntax Description This command has no arguments or variables.
Page 755 disable temperature-logging Platform Availability This command is available on modular switches only. ExtremeWare 7.7 Command Reference Guide...
Page 756: Disable Transceiver-Test
Commands for Status Monitoring and Statistics disable transceiver-test For an Alpine switch: disable transceiver-test [all | slot <slot number> {backplane} ] For a BlackDiamond switch: disable transceiver-test [all | slot <slot number> | msm-a | msm-b | msm-c | msm-d] Description Disables the integrity testing of the transceivers used for communication between the ASICs and the CPU on an MSM or an SMMi module.
Page 757 disable transceiver-test Slot Cardtype Cardstate Test Pass Fail Time_last_fail ---- -------- --------- ---- -------- -------- -------------- slot 1 Unknown slot 2 Unknown slot 3 FM8V Operational MAC 2b81b slot 4 GM4X Operational MAC 2b81b BPLNE SMMI Operational UART 2b81a BPLNE SMMI Operational FLASH 2b81a...
Page 758: Enable Cli-Config-Logging
Commands for Status Monitoring and Statistics enable cli-config-logging enable cli-config-logging Description Enables the logging of CLI configuration commands to the Syslog for auditing. Syntax Description This command has no arguments or variables. Default Enabled Usage Guidelines ExtremeWare allows you to record all configuration changes and their sources that are made using the CLI by way of Telnet or the local console.
Page 759: Enable Flowstats
enable flowstats enable flowstats enable flowstats Description Enables the flow statistics feature on the switch. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines None Example The following command enables NetFlow statistics feature on this switch: enable flowstats...
Page 760: Enable Flowstats Filter Ports
Commands for Status Monitoring and Statistics enable flowstats filter ports enable flowstats filter <filter#> ports <portlist> {ingress | egress} Description Enables a specified flow record filter for the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description filter# Specifies the flow record filter that should be enabled.
Page 761 enable flowstats filter ports Platform Availability This command is available on “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 762: Enable Flowstats Ping-Check
Commands for Status Monitoring and Statistics enable flowstats ping-check enable flowstats ping-check {<group#>} Description Enables the flow statistics ping-check function for a specified group of collector devices. NOTE This command is available only on the “i” series switches. Syntax Description group# Specifies the export group for which the ping-check function should be enabled.
Page 763: Enable Flowstats Ports
enable flowstats ports enable flowstats ports enable flowstats ports <portlist> Description Enables the flow statistics function on the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports for which the flowstats function should be enabled. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 764: Enable Log Debug-Mode
Commands for Status Monitoring and Statistics enable log debug-mode enable log debug-mode Description Enables debug mode. The switch allows debug events included in log filters to be logged. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines This command enables debug mode.
Page 765: Enable Log Display
enable log display enable log display enable log display Description Enables a running real-time display of log messages on the console display. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines If you enable the log display on a terminal connected to the console port, your settings will remain in effect even after your console session is ended (unless you explicitly disable the log display).
Page 766: Enable Log Target
Commands for Status Monitoring and Statistics enable log target enable log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] Description Start sending log messages to the specified target. Syntax Description console-display Specifies the console display. memory-buffer Specifies the switch memory buffer.
Page 767 enable log target Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 768: Enable Rmon
Commands for Status Monitoring and Statistics enable rmon enable rmon Description Enables the collection of RMON statistics on the switch. Syntax Description This command has no arguments or variables. Default By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON queries and sets for alarms and events.
Page 769 enable rmon To view the status of RMON polling on the switch, use the command. The show management show command displays information about the switch including the enable/disable state for management RMON polling. Example The following command enables the collection of RMON statistics on the switch: enable rmon History This command was first available in ExtremeWare 4.1.
Page 770: Enable Sflow
Commands for Status Monitoring and Statistics enable sflow enable sflow Description Globally enables sFlow statistical packet sampling. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines This command enables sFlow globally on the switch.
Page 771: Enable Sflow Backoff-Threshold
enable sflow backoff-threshold enable sflow backoff-threshold enable sflow backoff-threshold Description Enables the sFlow backoff-threshold feature, limiting the maximum number of packets sent to the sFlow collector per second. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables.
Page 772: Enable Sflow Ports
Commands for Status Monitoring and Statistics enable sflow ports enable sflow ports <portlist> Description Enables sFlow statistical packet sampling on one or more ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Disabled Usage Guidelines...
Page 773: Configure Sys-Hardware-Recovery
configure sys-hardware-recovery configure sys-hardware-recovery configure sys-hardware-recovery [log | card-reset | card-offline| system-offline | system-reset] Description Configures a recovery mechanism for a switch or module with a processor in a hang state. NOTE This command is available only on the “i” series switches. Syntax Description Posts a CRIT message to the syslog.
Page 774 Commands for Status Monitoring and Statistics History This command was first available in ExtremeWare 7.6. Platform Availability This command is available only on the “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 775: Configure Sys-Hardware-Recovery Poll-Interval
configure sys-hardware-recovery poll-interval configure sys-hardware-recovery poll-interval configure sys-hardware-recovery poll-interval <seconds> Description Configures the polling interval for the hardware recovery mechanism for a switch or module with a processor in a hang state. NOTE This command is available only on the “i” series switches. Syntax Description seconds The polling interval in seconds for the system hardware recovery mechanism.
Page 776: Enable Sys-Hardware-Recovery Polling
Commands for Status Monitoring and Statistics enable sys-hardware-recovery polling enable sys-hardware-recovery polling Description Enables the hardware recovery mechanism to work in an active polling mode. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default The polling mechanism is disabled by default.
Page 777: Enable Sys-Health-Check
enable sys-health-check enable sys-health-check enable sys-health-check Description Enables the BlackDiamond system health checker. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default Enabled Usage Guidelines The system health checker tests I/O modules, MSM modules, and the backplane by forwarding packets every 4 seconds.
Page 778 Commands for Status Monitoring and Statistics History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on BlackDiamond switches only. ExtremeWare 7.7 Command Reference Guide...
Page 779: Enable Syslog
enable syslog enable syslog enable syslog Description Enables logging to all remote syslog host targets. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines In order to enable remote logging, you must do the following: • Configure the syslog host to accept and log messages. •...
Page 780: Enable Temperature-Logging
Commands for Status Monitoring and Statistics enable temperature-logging enable temperature-logging Description Records the system temperature in celsius for the BlackDiamond and Alpine systems to the syslog. NOTE This command is available only on modular switches. Syntax Description This command has no arguments or variables. Default Disabled Usage Guidelines...
Page 781 enable temperature-logging History This command was first available in ExtremeWare 6.2.2b108. This command was not supported in ExtremeWare 7.0. The command was supported and the syntax changed from in ExtremeWare enable log temperature 7.1.0. Platform Availability This command is available on modular switches only. ExtremeWare 7.7 Command Reference Guide...
Page 782: Enable Transceiver-Test
Commands for Status Monitoring and Statistics enable transceiver-test For an Alpine switch: enable transceiver-test [all | slot <slot number> {backplane} ] For a BlackDiamond switch: enable transceiver-test [all | slot <slot number> | msm-a | msm-b | msm-c | msm-d] Description Enables an integrity test of the transceivers used for communication between the ASICs and the CPU on an MSM or an SMMi module.
Page 783 enable transceiver-test To display the transceiver test statistics, use the command. The show diagnostics sys-health-check following is sample output: Transceiver system health diag result Pass/Fail Counters Are in HEX Slot Cardtype Cardstate Test Pass Fail Time_last_fail ---- -------- --------- ---- -------- -------- -------------- slot 1 Unknown...
Page 784: Save Log
Commands for Status Monitoring and Statistics save log save log file ascii <local-filespec> {messages [memory-buffer | nvram]} {severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]} {ending [date <date> time <time> | date <date> | time <time>]} {match <match-expression>} {format <format>} {chronological} Description Saves the current log messages to the local file system.
Page 785 save log Example The following command saves messages with a critical severity to the filename switch4critical.log: save log switch4critical.log critical The following command saves messages with warning, error, or critical severity to the filename switch4warn.log: save log switch4warn.log warning The following command saves messages starting August 1, ending August 31, containing the string “slot 2”...
Page 786: Show Flowstats
Commands for Status Monitoring and Statistics show flowstats show flowstats Description Displays status information for the flow statistics function. NOTE This command is available only on the “i” series switches. Syntax Description Default Displays summary statistics information for all ports. Usage Guidelines The command with no arguments displays flowstats configuration information for all ports.
Page 787 show flowstats Dest/Src Info: match-all-flows DestIP: 10.0.1.1/255.255.255.254 DestPort: any SrcIP: 10.201.32.1/255.255.255.255 SrcPort: any Flags: E - Enable, D - Disable; I - Ingress, S - Egress; A - Aggregation History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on “i”...
Page 788: Show Flowstats
Commands for Status Monitoring and Statistics show flowstats show flowstats <portlist> Description Displays status information for the flow statistics function for specified ports. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a list of ports or slots and ports for which flow statistics should be displayed. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 789 show flowstats DestIP: 10.201.26.0/ 255.255.255.0 DestPort: any SrcIP: 10.201.31.0/ 255.255.255.0 SrcPort: any Flags: E - Enable, D - Disable; I - Ingress, S - Egress; A - Aggregation History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 790: Show Flowstats Export
Commands for Status Monitoring and Statistics show flowstats export show flowstats export [ detail |{<group number> detail} ] Description Displays configuration information an export group. NOTE This command is available only on the “i” series switches. Syntax Description group number Specifies a group number for which configuration information should be displayed.
Page 791: Show Log
show log show log show log {messages [memory-buffer | nvram]} {severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]} {ending [date <date> time <time> | date <date> | time <time>]} {match <match-expression>} {format <format>} {chronological} Description Displays the current log messages.
Page 792 Commands for Status Monitoring and Statistics • Component, Subcomponent, and Condition Name—describes the subsystem in the software that generates the event. This provides a good indication of where a fault might lie. • Message—a description of the event occurrence. If the event was caused by a user, the user name is also provided.
Page 793 show log The three severity levels for extended debugging, , and debug-summary debug-verbose debug-data require that debug mode be enabled (which may cause a performance degradation). See the command on page 764. enable log debug-mode Table 15: Severity Levels Assigned by the Switch Level Description Critical...
Page 794 Commands for Status Monitoring and Statistics show log warning The following command displays messages containing the string “slot 2”: show log match "slot 2" History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 6.2.2 to include the option.
Page 795: Show Log Components
show log components show log components show log components {<event component> | all} Description Display the name, description and default severity for all components. Syntax Description event component Specifies component to display. Displays all components. Default Usage Guidelines This command displays the name, description, and default severity defined for the specified components and subcomponents.
Page 796 Commands for Status Monitoring and Statistics Tracking ESRP Tracking Error Forwarding Data Base Error IP FDB Error IPMC IP Multicast FDB Error Replacement FDB Replacement Error IGMP Internet Group Management Protocol Error Snooping IGMP Snooping Error AccessList IP Access List Error Forwarding IP Forwarding...
Page 797: Show Log Configuration
show log configuration show log configuration show log configuration Description Displays the log configuration for switch log settings, and for certain targets. Syntax Description This command has no arguments or variables. Default Usage Guidelines This command displays the log configuration for all targets. The state of the target, enabled or disabled is displayed.
Page 798 Commands for Status Monitoring and Statistics The additional EMS information was added in ExtremeWare 7.1.0 This command was added to the Summit “e” series of switches in ExtremeWare 7.2e Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 799: Show Log Configuration Filter
show log configuration filter show log configuration filter show log configuration filter {<filter name>} Description Displays the log configuration for the specified filter. Syntax Description filter name Specifies the filter to display. Default If no options are specified, the command displays the configuration for all filters. Usage Guidelines This command displays the configuration for filters.
Page 800 Commands for Status Monitoring and Statistics events from the STP.OutBPDU component. The third item includes the remaining events from the STP component. The severity value is show as “-”, indicating that the component’s default severity threshold controls which messages are passed. History This command was first available in ExtremeWare 7.1.0 This command was added to the Summit “e”...
Page 801: Show Log Configuration Target
show log configuration target show log configuration target show log configuration target {console-display | memory-buffer | nvram | session | syslog <host name/ip> {: <udp-port>}[local0 ... local7]} Description Displays the log configuration for the specified target. Syntax Description console-display Show the log configuration for the console display. memory-buffer Show the log configuration for volatile memory.
Page 802: Show Log Counters
Commands for Status Monitoring and Statistics show log counters show log counters {<event condition> | [all | <event component>] {severity <severity> {only}}} Description Displays the incident counters for events. Syntax Description event condition Specifies the event condition to display. Specifies that all events are to be displayed. event component Specifies that all the events associated with a particular component or subcomponent should be displayed.
Page 803 show log counters Comp SubComp Condition Severity Rf Notified Occurred ------- ----------- ----------------------- ------------- -- -------- -------- InBPDU PDUDrop Error PDUIgn Debug-Summary PDUTrace Info The following command displays the event counters for the event condition PDUDrop in the component STP.InBPDU: show log counters "STP.InBPDU.PDUDrop"...
Page 804: Show Log Events
Commands for Status Monitoring and Statistics show log events show log events {<event condition> | [all | <event component>] {severity <severity> {only}}} {detail} Description Displays information about the individual events (conditions) that can be logged. Syntax Description event condition Specifies the event condition to display. Specifies that all events are to be displayed.
Page 805 show log events PDUIgn Debug-Summary PDUTrace Info The following command displays the details of the event condition PDUTrace in the component STP.InBPDU: show log events stp.inbpdu.pdutrace detail The output produced by the above command is similar to the following: Comp SubComp Condition Severity...
Page 806: Show Memory
Commands for Status Monitoring and Statistics show memory show memory {detail} Description Displays the current system memory information. Syntax Description detail Specifies task-specific memory usage. Default Usage Guidelines A BlackDiamond or Summit switch must have 32MB of DRAM to support the features in ExtremeWare version 4.0 and above.
Page 807 show memory History This command was first available in ExtremeWare 2.0. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 808: Show Packet-Mem-Scan-Recovery-Mode
Commands for Status Monitoring and Statistics show packet-mem-scan-recovery-mode show packet-mem-scan-recovery-mode Description Displays the recovery mode setting for slot’s that have packet memory scanning enabled. NOTE This command is available only on the BlackDiamond switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines command displays the following information:...
Page 809 show packet-mem-scan-recovery-mode Platform Availability This command is available on BlackDiamond switches only. ExtremeWare 7.7 Command Reference Guide...
Page 810: Show Packet Miscompare
Default Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can capture corrupted packet data to help in troubleshooting problems using the following command: show packet miscompare <slot number>...
Page 811: Show Ports Rxerrors
show ports rxerrors show ports rxerrors show ports {mgmt | <portlist>| vlan <vlan name>} rxerrors Description Displays real-time receive error statistics. For PoS modules, displays the information for the PoS ports. Only a subset of the statistics rxerror displayed by this command are applicable to PoS ports. The fields that do not apply to PoS ports are displayed with values of all zeroes.
Page 812 Commands for Status Monitoring and Statistics • Receive Jabber Frames (RX Jabber)—The total number of frames received by the port that was of greater than the support maximum length and had a Cyclic Redundancy Check (CRC) error. • Receive Alignment Errors (RX Align)—The total number of frames received by the port that occurs if a frame has a CRC error and does not contain an integral number of octets.
Page 813 show ports rxerrors Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 814: Show Ports Stats
Commands for Status Monitoring and Statistics show ports stats show ports {mgmt | <portlist> | vlan <vlan name>} stats {cable-diagnostics} Description Displays real-time port statistics. Syntax Description mgmt Specifies the management port. NOTE: This option is available only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 815 show ports stats • Received Byte Count (RX Byte Count)—The total number of bytes that were received by the port, including bad or lost frames. This number includes bytes contained in the Frame Check Sequence (FCS), but excludes bytes in the preamble. •...
Page 816 Commands for Status Monitoring and Statistics 1:5R 10 8 2 0 1:6A 0 0 0 0 1:7R 0 0 0 0 History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was modified in Extreme 4.1 to discontinue support for the chassis link status indicator.
Page 817: Show Ports Txerrors
show ports txerrors show ports txerrors show ports {mgmt | <portlist>| vlan <vlan name>} txerrors Description Displays real-time transmit error statistics. For PoS modules, displays the information for the PoS ports. txerror Syntax Description mgmt Specifies the management port. NOTE: This option is available only on switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 818 Commands for Status Monitoring and Statistics • Transmit Errored Frames (TX Error)—The total number of frames that were not completely transmitted by the port because of network errors (such as late collisions or excessive collisions). • Transmit Lost Frames (TX Lost)—The total number of frames transmitted by the port that were lost. •...
Page 819 show ports txerrors Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 820: Show Sflow Configuration
Commands for Status Monitoring and Statistics show sflow configuration show sflow configuration Description Displays the current sFlow configuration. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines This command displays all sFlow configuration information for the switch.
Page 821 show sflow configuration SFLOW Configured Agent IP: 10.203.2.38 Operational Agent IP: 10.203.2.38 BackOff Threshold: disabled BackOff Threshold (No. of Samples): 50 SFLOW Configured Agent IP: 10.201.6.100 Collectors Collector IP 10.201.6.250, Port 6343 Collector IP 123.124.125.111 port 6344 SFLOW Port Configuration Port Status 3:9enabled...
Page 822: Show Sflow Statistics
Commands for Status Monitoring and Statistics show sflow statistics show sflow statistics Description Displays sFlow statistics. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables Default Usage Guidelines This command displays sFlow statistics collected on all enabled ports. (No per port status is displayed.) The following fields are displayed: •...
Page 823 show sflow statistics Packet Drops Zero Sampling rate: 0 No Receivers: 0 History This command was first available in an ExtremeWare 7.3.0. Platform Availability This command is available on “i” series platforms. ExtremeWare 7.7 Command Reference Guide...
Page 824: Show Version
Commands for Status Monitoring and Statistics show version show version {detail} Description Displays the hardware serial numbers and versions, and software versions currently running on the switch, and (if applicable) the modules. Syntax Description detail Specifies display of slot board name and chassis or platform name. Default Usage Guidelines On modular switches, displays the switch serial number and version numbers of MSM modules...
Page 825 show version On a stackable switch, this command produces output similar to the following: System Serial Number: 800078-11-0035M02442 CPU Serial Number: 700027-11 0034M-01445 CPLD Rev 04 Daughtercard Serial Number: 703015-02 0029M-02701 CPLD Rev ÿ Image Extremeware Version 6.2.0 (Build 60) by Release_Master 09/21/0120:53:17 On a BlackDiamond switch, this command produces output similar to the following: Chassis:...
Page 826 Commands for Status Monitoring and Statistics Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 827: Unconfigure Flowstats Filter Ports
unconfigure flowstats filter ports unconfigure flowstats filter ports unconfigure flowstats filter <filter#> ports <portlist> Description Removes the filter specification for the specified ports. NOTE This command is available only on the “i” series switches. Syntax Description filter# Specifies the filter specification that should be removed. portlist Specifies a set of ports or slots and ports from which the filter specification is removed.
Page 828: Unconfigure Flowstats Ports
Commands for Status Monitoring and Statistics unconfigure flowstats ports unconfigure flowstats ports [<portlist> | all] Description Resets the flow statistics configuration parameters for the specified ports to their default values. NOTE This command is available only on the “i” series switches. Syntax Description portlist Specifies a set of ports or slots and ports that should be reset.
Page 829: Unconfigure Log Filter
unconfigure log filter unconfigure log filter unconfigure log filter <filter name> Description Resets the log filter to its default values; removes all filter items. Syntax Description filter name Specifies the log filter to unconfigure. Default Usage Guidelines If the filter name specified is DefaultFilter, this command restores the configuration of DefaultFilter back to its original settings.
Page 830: Unconfigure Log Target Format
Commands for Status Monitoring and Statistics unconfigure log target format unconfigure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] format Description Resets the log target format to its default values. Syntax Description console-display Specifies the console display format.
Page 831 unconfigure log target format • severity—on • event-name—none • host-name—off • priority—on • tag-id—off • tag-name—on • sequence-number—off • process-name—off • process-id—off • source-function—off • source-line—off Usage Guidelines Use this command to reset the target format to the default format. Example The following command sets the log format for the target (the current session) to the default:...
Page 832: Unconfigure Packet-Mem-Scan-Recovery-Mode
Commands for Status Monitoring and Statistics unconfigure packet-mem-scan-recovery-mode unconfigure packet-mem-scan-recovery-mode slot [msm-a | msm-b | msm-c | msm-d | <slot number>] Description Disables packet memory scanning and the recovery mode on a BlackDiamond module, and returns the system to the configured system health check behavior. NOTE This command is available only on the BlackDiamond switches.
Page 833 unconfigure packet-mem-scan-recovery-mode Platform Availability This command is available on BlackDiamond switches only. ExtremeWare 7.7 Command Reference Guide...
Page 834: Unconfigure Sflow Agent
Commands for Status Monitoring and Statistics unconfigure sflow agent unconfigure sflow agent Description Resets the sFlow agent IP address to the default value. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default The default IP address is 0.0.0.0.
Page 835: Unconfigure Sflow Backoff-Threshold
unconfigure sflow backoff-threshold unconfigure sflow backoff-threshold unconfigure sflow backoff-threshold Description Removes the configured value of the sFlow backoff threshold and resets it to 0 (zero). NOTE This command is available only on the “i” series switches. Syntax Description The command has no arguments or variables. Default The default backoff threshold rate is 0 packets per second.
Page 836: Unconfigure Sflow Collector
Commands for Status Monitoring and Statistics unconfigure sflow collector unconfigure sflow collector [<ip-address> | all] Description Removes the IP addresses of a selected sFlow collector or all sFlow collectors so that sampled flows are no longer sent to the specified collector or collectors. NOTE This command is available only on the “i”...
Page 837: Unconfigure Sys-Hardware-Recovery
unconfigure sys-hardware-recovery unconfigure sys-hardware-recovery unconfigure sys-hardware-recovery Description Removes any previous hardware recovery mode and sets the system to the default value, which is log. NOTE This command is available only on the “i” series switches. Syntax Description This command has no arguments or variables. Default Usage Guidelines This command removes a previously configured hardware recovery mechanism for systems with a...
Page 838: Unconfigure Sys-Health-Check Alarm-Level Msm
Commands for Status Monitoring and Statistics unconfigure sys-health-check alarm-level msm unconfigure sys-health-check alarm-level msm Description Returns the switch to using the globally configured alarm level response for MSMs. NOTE This command is available only on the BlackDiamond switches. Syntax Description The command has no arguments or variables.
Page 839: Unconfigure Transceiver-Test Failure-Action
unconfigure transceiver-test failure-action unconfigure transceiver-test failure-action unconfigure transceiver-test failure-action Description Returns the switch to its default of sending transceiver test messages to the syslog if too many failures are detected within the specified window. NOTE This command is available only on modular switches. Syntax Description The command has no arguments or variables.
Page 840: Unconfigure Transceiver-Test Period
Use this feature when the switch can be brought off-line. Configuring the transceiver test period to 11 seconds or less can affect system performance; therefore, Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks.
Page 841: Unconfigure Transceiver-Test Threshold
Default Usage Guidelines Use this feature when the switch can be brought off line. Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks. Example The following command returns the transceiver test threshold to 3 errors:...
Page 842: Unconfigure Transceiver-Test Window
This configuration provides a sliding window. When you return to the default window, the switch checks for errors within the last eight 20-second windows. Extreme Networks does not recommend changing the default transceiver test window. The default is adequate for most networks.
Page 843: Upload Log
upload log upload log upload log <host name/ip> <filename> {messages [memory-buffer | nvram]} {severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]} {ending [date <date> time <time> | date <date> | time <time>]} {match <match-expression>} {format <format>} {chronological} Description Uploads the current log messages to a TFTP server.
Page 844 Commands for Status Monitoring and Statistics most of the options of this command, see the command on page 791, and for the show log format option see the command on page 696. configure log target format Example The following command uploads messages with a critical severity to the filename switch4critical.log on TFTP server at 10.31.8.25: upload log 10.31.8.25 switch4critical.log critical The following command uploads messages with warning, error, or critical severity to the filename...
Page 845: Security Commands
Security Commands This chapter describes commands for: • Creating and configuring routing access policies • Creating and configuring IP access lists • Creating and configuring route maps (“i” series switches only) • Managing MAC address access to the switch • Managing the switch using SSH2 •...
Page 846: Mac Address Security
Security Commands Route maps are used to modify or filter routes redistributed between two routing domains. They are also used to modify or filter the routing information exchanged between the domains. NOTE Route maps are supported only on the “i” series switches. MAC Address Security The switch maintains a database of all media access control (MAC) addresses received on all of its ports.
Page 847: Network Login
Network Login • Class • Service-Type • Login-Service • Tunnel-Type • Tunnel-Medium-Type • Tunnel-Private-Group-ID Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS client.
Page 848 Security Commands policy and management capabilities not available in overlay networks or those with “thick” access points. Unified Access Security provides the following capabilities: • Consolidated management—greater network support with reduced management overhead • Scalable encryption—ASIC based AES encryption, WPA with TKIP support, and RC4 based WEP support on the Altitude 300 wireless port •...
Page 849: Clear Netlogin State
clear netlogin state clear netlogin state clear netlogin state port <portlist> vlan <vlan name> Description Clears and initializes the network login sessions on a VLAN port. Syntax Description portlist Specifies the ports to clear. vlan name Specifies a VLAN to clear. Default None Usage Guidelines...
Page 850: Clear Netlogin State Mac-Address
Security Commands clear netlogin state mac-address clear netlogin state mac-address <hex-octet> Description Initialize or reset the network login sessions for a specified supplicant. Syntax Description hex-octet Specifies the MAC address of the supplicant. Default Usage Guidelines This command is essentially equivalent to a particular supplicant’s logging out. The MAC address is cleared from the FDB, the port is put back to its original VLAN (for campus mode), and the port state is set to unauthenticated, if this was the last authenticated MAC on this port.
Page 851: Configure Access-Profile Add
configure access-profile add configure access-profile add For the “i” series switches: configure access-profile <access profile> add {<seq_number>} {permit | deny} [ipaddress <ip address> <mask> {exact} | as-path <path-expression> | bgp-community [internet | no-export | no-advertise | no-export-subconfed | <as_no:number> | number <community>] | ipxnet <netid> <netid mask> | ipxsap <sap_type>...
Page 852 Security Commands netid/netid mask Specifies an IPX netID and mask as an entry in the profile list. NOTE: This option is available only on “i” series switches. sap_type/service_name Specifies an IPX SAP service type and service name as an entry in the profile list. NOTE: This option is available only on “i”...
Page 853 configure access-profile add Examples The following command adds an IP subnet address to access profile nosales, as the next available entry: configure access-profile nosales add ipaddress 10.1.33.0/24 The following command configures the access profile AS1 to permit AS paths beginning with AS number 1, followed by any AS number from 2 - 8, and ending with either AS number 11, 13, or 15: configure access-profile AS1 add 15 permit as-path “^1 2-8 [11 13 15]$”...
Page 854: Configure Access-Profile Delete
Security Commands configure access-profile delete configure access-profile <access profile> delete <seq_number> Description Deletes an access profile entry using the sequence number. Syntax Description access profile Specifies an access profile name. seq-number Specifies the order of the entry within the access profile. If no sequence number is specified, the new entry is added to the end of the access-profile and is automatically assigned a value of 5 more than the sequence number of the last entry.
Page 855: Configure Access-Profile Mode
configure access-profile mode configure access-profile mode configure access-profile <access profile> mode [permit | deny | none] Description Configures the access profile mode to permit or deny access, or to require per-entry access control. Syntax Description access profile Specifies an access profile name. permit Allows the addresses that match the access profile description.
Page 856: Configure Auth Mgmt-Access Local
Security Commands configure auth mgmt-access local configure auth mgmt-access local Description Configures local authentication for management sessions. If local authentication is configured for management sessions, users are authenticated through local user database. Syntax Description This command has no arguments or variables. Default Usage Guidelines RADIUS or TACACS servers are used only if they are enabled.
Page 857 configure auth mgmt-access local Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 858: Configure Auth Mgmt-Access Radius
Security Commands configure auth mgmt-access radius configure auth mgmt-access radius primary [<ipaddress> | <hostname>] {secondary [<ipaddress> | hostname]} Description Configures authentication of management sessions for RADIUS servers. Syntax Description primary Configures the primary RADIUS authentication server that is used for management sessions. secondary Configures the secondary RADIUS authentication server that is used for management sessions.
Page 859 configure auth mgmt-access radius Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 860: Configure Auth Mgmt-Access Radius-Accounting
Security Commands configure auth mgmt-access radius-accounting configure auth mgmt-access radius-accounting primary [<ipaddress> | <hostname>] {secondary {<ipaddress> | <hostname>]} Description Configures RADIUS accounting servers for accounting management sessions. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary accounting server. hostname Specifies the host name of the authentication server.
Page 861: Configure Auth Mgmt-Access Tacacs
configure auth mgmt-access tacacs configure auth mgmt-access tacacs configure auth mgmt-access tacacs primary [<ipaddress> | <hostname>] {secondary [<ipaddress> | <hostname>]} Description Configures authentication of management sessions for TACACS servers. Syntax Description primary Configures the primary TACACS+ authentication server that is used for management sessions. secondary Configures the secondary TACACS+ authentication server that is used for management sessions.
Page 862 Security Commands Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 863: Configure Auth Mgmt-Access Tacacs-Accounting
configure auth mgmt-access tacacs-accounting configure auth mgmt-access tacacs-accounting configure auth mgmt-access tacacs-accounting primary [<ipaddress> | <hostname>] {secondary [<ipaddress> | <hostname>]} Description Configures TACACS accounting servers for accounting management sessions. Syntax Description primary Configures the primary TACACS+ accounting server that is used for management sessions. secondary Configures the secondary TACACS+ accounting server that is used for management sessions.
Page 864 Security Commands Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 865: Configure Auth Netlogin Radius
configure auth netlogin radius configure auth netlogin radius configure auth netlogin radius primary [<ipaddress> | <hostname>] {secondary [<ipaddress> | <hostname>]} Description Configures authentication of netlogin sessions through RADIUS servers. Syntax Description primary Configures the primary RADIUS authentication server that is used for netlogin sessions. secondary Configures the secondary RADIUS authentication server that is used for netlogin sessions.
Page 866: Configure Auth Netlogin Radius-Accounting
Security Commands configure auth netlogin radius-accounting configure auth netlogin radius-accounting primary [<ipaddress> | <hostname>] {secondary [<ipaddress> | <hostname>]} Description Configures the use of RADIUS accounting servers for netlogin session accounting. Syntax Description primary Configures the primary RADIUS accounting server that is used for netlogin sessions. secondary Configures the secondary RADIUS accounting server that is used for netlogin sessions.
Page 867: Configure Cpu-Dos-Protect Alert-Threshold
configure cpu-dos-protect alert-threshold configure cpu-dos-protect alert-threshold configure cpu-dos-protect alert-threshold <packets per second> Description Configures the number of packets per second that the switch needs to receive on a port for an access list to be enabled for denial of service protection. Syntax Description packets per second Configures the number of packets per second that the switch needs to receive on a port...
Page 868: Configure Cpu-Dos-Protect Filter-Precedence
Security Commands configure cpu-dos-protect filter-precedence configure cpu-dos-protect filter-precedence <number> Description Configures the access list precedence for denial of service protection. If you set the filter-precedence to 0, the ACLs created by DoS protection will be overwritten by the default VLAN QoS profile. Syntax Description filter-precedence Configures the access list precedence.
Page 869: Configure Cpu-Dos-Protect Filter-Type-Allowed
configure cpu-dos-protect filter-type-allowed configure cpu-dos-protect filter-type-allowed configure cpu-dos-protect filter-type-allowed <destination | source>] Description Configures the type of access list allowed for denial of service protection. Syntax Description destination Specifies that destination ACLs can be created. source Specifies that source ACLs can be created. Default The default is destination.
Page 870: Configure Cpu-Dos-Protect Messages
Security Commands configure cpu-dos-protect messages configure cpu-dos-protect messages [on | off] Description Configures messaging for denial of service protection. Syntax Description Turns messaging on. Turns messaging off. Default The default is on. Usage Guidelines None Example The following command sets messaging to be off: configure cpu-dos-protect messages off History This command was first available in ExtremeWare 6.2.2.
Page 871: Configure Cpu-Dos-Protect Notice-Threshold
configure cpu-dos-protect notice-threshold configure cpu-dos-protect notice-threshold configure cpu-dos-protect notice-threshold <packets per second> Description Configures the number of packets per second that the switch needs to receive on a port for messages to be logged. Used for denial of service protection. Syntax Description packets per second Configures the number of packets per second that the switch needs to receive on a port...
Page 872: Configure Cpu-Dos-Protect Timeouts
Security Commands configure cpu-dos-protect timeouts configure cpu-dos-protect timeouts <seconds> Description Configures the number of seconds prior to timeout for denial of services. Syntax Description seconds Specifies the number of seconds before a timeout takes place. Default None Usage Guidelines When heavy traffic reaches the alert threshold, a hardware ACL is created that blocks the traffic for the timeout number of seconds.
Page 873: Configure Cpu-Dos-Protect Trusted-Ports
configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports [add <slot number> | all | delete <slot number> | none | <slot number>] Description Specifies the ports to be trusted when considering denial of service threats. Syntax Description Adds trusted port protection. Specifies that all ports are trusted.
Page 874: Configure Cpu-Dos-Protect (Port-Based)
Security Commands configure cpu-dos-protect (Port-Based) configure cpu-dos-protect [ports <portnumber> |all] alert-threshold <pkts> interval-time <seconds> Description Sets the maximum allowed limit before invoking denial of service (DoS) protection and discarding packets. NOTE This command is available only on the “e” series switches. Syntax Description portnumber Specifies one or more port numbers.
Page 875: Configure Cpu-Dos-Protect Trusted-Ports
configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports [add <port number> | delete <port number> | all | none] Description Configures the trusted port feature at a system level. Syntax Description port number Specifies a port. Specifies all ports as trusted. none Specifies that no ports are trusted.
Page 876: Configure Enhanced-Dos-Protect Ipfdb Agingtime
Security Commands configure enhanced-dos-protect ipfdb agingtime configure enhanced-dos-protect ipfdb agingtime <aging> ports <portlist> Description Configures the aging time on untrusted ports for enhanced denial of service protection. Syntax Description aging Specifies the number of seconds for the aging time per port. The aging value is the software cache timeout: the duration of time to be considered to reach the threshold.
Page 877: Configure Enhanced-Dos-Protect Ipfdb Cache-Size
configure enhanced-dos-protect ipfdb cache-size configure enhanced-dos-protect ipfdb cache-size configure enhanced-dos-protect ipfdb cache-size <cache-size> Description Configures the cache size on untrusted ports for enhanced denial of service protection. Syntax Description cache-size Specifies the cache size limit in kilobytes. The default value is 256. The maximum value is 262144.
Page 878: Configure Enhanced-Dos-Protect Ipfdb Learn-Limit
Security Commands configure enhanced-dos-protect ipfdb learn-limit configure enhanced-dos-protect ipfdb learn-limit <learn-limit> ports <portlist> Description Configures the learning limit on untrusted ports for enhanced denial of service protection. Syntax Description learn-limit Specifies the number of packets allowed on the selected ports within the learning window before the rate limit is applied;...
Page 879: Configure Enhanced-Dos-Protect Ipfdb Learn-Window
configure enhanced-dos-protect ipfdb learn-window configure enhanced-dos-protect ipfdb learn-window configure enhanced-dos-protect ipfdb learn-window <learn-window> ports <portlist> Description Configures the learning window on untrusted ports for the enhanced denial of service protection IPFDB learning qualifier. Syntax Description learn-window Specifies the number of seconds for the learning window per port. This value is the duration of time to be considered to reach the threshold.
Page 880: Configure Enhanced-Dos-Protect Ports
Security Commands configure enhanced-dos-protect ports configure enhanced-dos-protect ports [trusted | untrusted] <portlist> Description Configures ports as trusted, so that enhanced denial of service protection is not applied to the ports; or configures ports as untrusted, so that enhanced denial of service protection is applied to the ports. Syntax Description trusted Specifies the selected ports as trusted, so that enhanced denial of service is not applied to...
Page 881: Configure Enhanced-Dos-Protect Rate-Limit
configure enhanced-dos-protect rate-limit configure enhanced-dos-protect rate-limit configure enhanced-dos-protect rate-limit [threshold <threshold> | drop-probability <drop-probability> | learn-window <learn-window> | protocol [all | icmp]] ports <portlist> Description Configures rate limiting for enhanced denial of service protection. Syntax Description threshold Specifies the number of packets allowed on a given port within the learning window before the rate limit is applied.
Page 882 Security Commands configure enhanced-dos-protect rate-limit drop-probability 60 ports 4 The following command sets the rate limiting learn window on ports 2 and 3 to 90 seconds: configure enhanced-dos-protect rate-limit learn-window 90 ports 2,3 The following command sets the rate limiting protocol to all packet types on ports 1 through 3: configure enhanced-dos-protect rate-limit protocol all ports 1-3 History This command was first available in ExtremeWare 7.3.0 and ExtremeWare 7.3e.
Page 883: Configure Ip-Subnet-Lookup Maskbits
configure ip-subnet-lookup maskbits configure ip-subnet-lookup maskbits configure ip-subnet-lookup maskbits <length> Description This command changes the length of the IPDA subnet lookup mask. NOTE This command is available only on the “i” series switches. Syntax Description length Specifies the number of maskbits for the IPDA subnet lookup mask. Default is 24. Default The default length of the subnet lookup mask is 24 bits.
Page 884: Configure Mac-Lockdown-Timeout Ports Aging-Time
Security Commands configure mac-lockdown-timeout ports aging-time configure mac-lockdown-timeout ports [<portlist> | all] aging-time <seconds> Description This command configures the MAC address lockdown timeout value in seconds for the specified port or group of ports or for all ports. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 885: Configure Netlogin Agingtime
configure netlogin agingtime configure netlogin agingtime configure netlogin agingtime <seconds> Description This command configures the duration after which the unauthenticated network login clients will be aged out. Syntax Description seconds Sets the length of the timeout value in seconds. Default is 5 minutes; range is 0 to 3000. Default The default is 5 minutes Usage Guidelines...
Page 886: Configure Netlogin Base-Url
Security Commands configure netlogin base-url configure netlogin base-url <url> Description This command configures the base URL for network login. Syntax Description Specifies the base URL for network login. Default The base URL default value is “network-access.net”. Usage Guidelines When you log in using a web browser, you are redirected to the specified base URL, which is the DNS name for the switch.
Page 887: Configure Netlogin Dot1X Guest-Vlan
configure netlogin dot1x guest-vlan configure netlogin dot1x guest-vlan configure netlogin dot1x guest-vlan <vlan-name> {ports <port-list>} Description This command configures a guest VLAN for 802.1x authentication netlogin. Syntax Description vlan-name Specifies the name of the guest VLAN. port-list Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 888: Configure Netlogin Dot1X Timers Supplicant-Response-Timeout
Security Commands configure netlogin dot1x timers supplicant-response-timeout configure netlogin dot1x timers supplicant-response-timeout <supplicant-response-timeout> Description Configures the 802.1x timers for Network Login Syntax Description supplicant response Specifies the length of time the switch waits for a response from the supplicant. The range timeout is 1 to 120 seconds.
Page 889: Configure Netlogin Dot1X Guest-Vlan Supplicant-Response-Timeout
configure netlogin dot1x guest-vlan supplicant-response-timeout configure netlogin dot1x guest-vlan supplicant-response-timeout configure netlogin dot1x guest-vlan supplicant-response-timeout <response timeout> From ExtremeWare 7.7, this command is modified to: configure netlogin dot1x timers supplicant-response-timeout <supplicant-response-timeout> Description This command configures the supplicant response timer for the 802.1x guest VLAN feature. If the supplicant does not respond to 802.1x EAPOL requests for a time equal to 3 times the configured supplicant response time, the port is moved to the guest VLAN.
Page 890 Security Commands ExtremeWare 7.7 Command Reference Guide...
Page 891: Configure Netlogin Mac-Address
configure netlogin mac-address configure netlogin mac-address configure netlogin mac-address [ <mac-address> {mask <mask>} | default ] {<password>} Description Configures the MAC address/mask pairs that are used for authentication in MAC-based network login. Syntax Description mac address Specifies a client MAC address in the form nn:nn:nn:nn:nn:nn. default Used as the default entry password the supplicant's mac-address does not match any of the entries in the table.
Page 892: Configure Netlogin Mac Auth-Retry-Count
Security Commands configure netlogin mac auth-retry-count configure netlogin mac auth-retry-count <value> Description Configures the maximum number of times the RADIUS client tries again to authenticate a port using the MAC address before it times out. Syntax Description value Specifies the maximum number of retries for MAC-based RADIUS authentication. The range of values is 3–100.
Page 893: Configure Netlogin Mac Reauth-Period
configure netlogin mac reauth-period configure netlogin mac reauth-period configure netlogin mac reauth-period <seconds> Description Configures the reauthentication interval for ports using MAC-based RADIUS authentication. Syntax Description seconds Specifies the interval between successive RADIUS Access-Request messages that reauthenticate the port. The range of values is 600-60000. Default 1800 seconds Usage Guidelines...
Page 894: Configure Netlogin Redirect-Page
Security Commands configure netlogin redirect-page configure netlogin redirect-page <url> Description Configures the redirect URL for network login. Syntax Description Specifies the redirect URL for network login. Default The redirect URL default value is “http://www.extremenetworks.com”. Usage Guidelines In ISP mode, you can configure network login to be redirected to a base page after successful login using this command.
Page 895: Configure Netlogin Dot1X Timers Reauth-Period
configure netlogin dot1x timers reauth-period configure netlogin dot1x timers reauth-period configure netlogin dot1x timers reauth-period <seconds> Description This command configures the value of the dot1x reauthentication period. Syntax Description seconds Specifies the length of the reauthentication period in seconds. Possible values are 0 and 30 to 7200 seconds.
Page 896: Configure Radius Server
Security Commands configure radius server For the “i” series switches: configure radius [primary | secondary] server [<ipaddress> | <hostname>] {<L4 port no>} client-ip [<ipaddress>] For the “e” series switches: configure radius [primary | secondary] server [<ipaddress> | <hostname>] client-ip [<ipaddress>] Description Configures the primary and secondary RADIUS authentication server.
Page 897 configure radius server Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 898: Configure Radius Shared-Secret
Security Commands configure radius shared-secret configure radius [primary | secondary] shared-secret {encrypted} [<string>] Description Configures the authentication string used to communicate with the RADIUS authentication server. Syntax Description primary Configures the authentication string for the primary RADIUS server. secondary Configures the authentication string for the secondary RADIUS server. encrypted Indicates that the secret should be encrypted.
Page 899: Configure Radius Timeout
configure radius timeout configure radius timeout configure radius {[primary | secondary] {server <ipaddress> | <hostname>}} timeout <seconds> Description Configures the timeout interval for RADIUS authentication requests. Syntax Description primary Configures the timeout for the primary RADIUS server. secondary Configures the timeout for the secondary RADIUS server. ipaddress Specifies the IP address of the server being configured.
Page 900 Security Commands Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 901: Configure Radius-Accounting Server
configure radius-accounting server configure radius-accounting server configure radius-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<L4 port no>} client-ip [<ipaddress>] Description Configures the primary and secondary RADIUS accounting servers. Syntax Description primary Configure the primary RADIUS accounting server. secondary Configure the secondary RADIUS accounting server. ipaddress The IP address of the accounting server being configured.
Page 902: Configure Radius-Accounting Shared-Secret
Security Commands configure radius-accounting shared-secret configure radius-accounting [primary | secondary] shared-secret {encrypted} [<string>] Description Configures the authentication string used to communicate with the RADIUS accounting server. Syntax Description primary Configures the authentication string for the primary RADIUS accounting server. secondary Configures the authentication string for the secondary RADIUS accounting server.
Page 903: Configure Radius-Accounting Timeout
configure radius-accounting timeout configure radius-accounting timeout configure radius-accounting {[primary | secondary] {server <ipaddress> | <hostname>}} timeout <seconds> Description Configures the timeout interval for RADIUS-Accounting authentication requests. Syntax Description primary Configures the timeout for the primary RADIUS accounting server. secondary Configures the timeout for the secondary RADIUS accounting server. ipaddress Specifies the IP address of the server being configured.
Page 904: Configure Route-Map Add
Security Commands configure route-map add configure route-map <route-map> add <seq_number> [permit | deny] {match-one | match-all} {set lpm-routing | set iphost-routing} Description Adds an entry in the route map with the specified sequence number and action. NOTE This command is available only on the “i” series switches. Syntax Description route-map The name of the route map to which this entry should be added.
Page 905 configure route-map add Examples The following command adds an entry to the route-map named bgp-out that denies all matching routes: configure route-map bgp-out add 10 deny The following command adds an entry to the route-map named bgp-out that will be evaluated after the previous entry, and that permits all matching routes: configure route-map bgp-out add 20 permit History...
Page 906: Configure Route-Map Add Goto
Security Commands configure route-map add goto configure route-map <route_map> <seq_number> add goto <new_route_map> Description Configures a route map statement to transfer evaluation to another route map. goto NOTE This command is available only on the “i” series switches. Syntax Description route-map The name of the route map to which this statement should be added.
Page 907: Configure Route-Map Add Match
configure route-map add match configure route-map add match configure route-map <route-map> <seq_number> add match [nlri-list <access profile> | as-path [access-profile <access profile> | <as_number>] | community [access-profile <access profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | next-hop <ip address>...
Page 908 Security Commands Usage Guidelines A match operation specifies a criterion that must be matched for the route to be successful. If there are multiple statements in a route table entry, match statements are evaluated before set or goto statements. When an entry has multiple match statements, the primitive in the entry match-one match-all...
Page 909: Configure Route-Map Add Set
configure route-map add set configure route-map add set configure route-map <route-map> <seq_number> add set [as-path <as_number> | community [[access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | remove | [add | delete] [access-profile <access-profile> | <as no> : <number> | number <community>...
Page 910 Security Commands next-hop <ipaddress> Sets the next hop in the path attribute to the specified IP address. internal When used in the BGP neighbor output route map, sets the MED attribute to a value equal to the metric to reach the nexthop. med_number Sets the MED attribute to the specified value.
Page 911: Configure Route-Map Delete
configure route-map delete configure route-map delete configure route-map <route_map> delete <seq_number> Description Deletes an entry from the route map. NOTE This command is available only on the “i” series switches. Syntax Description route_map The name of the route map to which this entry should be added. seq_number Specifies a sequence number that uniquely identifies the entry, and determines the position of the entry in the route map.
Page 912: Configure Route-Map Delete Goto
Security Commands configure route-map delete goto configure route-map <route_map> <seq_number> delete goto <new_route_map> Description Deletes a route map statement. goto NOTE This command is available only on the “i” series switches. Syntax Description route_map The name of the route map from which this statement should be deleted. seq_number The sequence number of the entry in the route map from which this statement should be deleted.
Page 913: Configure Route-Map Delete Match
configure route-map delete match configure route-map delete match configure route-map <route-map> <seq_number> delete match [nlri-list <access-profile> | as-path [access-profile <access-profile> | <as_number>] | community [access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | next-hop <ip address> | med <number> | tag <number> | origin [igp | egp | incomplete]] Description Deletes a route map...
Page 914 Security Commands Example The following command deletes the statement from entry 15 in route map bgp-out that specifies that the access profile aslist should be used to match the AS path: configure bgp-out 15 add match as-path access-profile aslist History This command was first available in ExtremeWare 6.1.
Page 915: Configure Route-Map Delete Set
configure route-map delete set configure route-map delete set configure route-map <route-map> <seq_number> delete set [as-path <as_number> | community [[access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | remove | [add | delete] [access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed]] | next-hop <ip address>...
Page 916 Security Commands add | delete <med_number> Specifies add or delete of the specified value to or from the MED. local-preference <number> Specifies a local preference number. weight <number> Specifies a weight associated with the NLRI. origin [igp | egp | incomplete] Specifies the origin.
Page 917: Configure Security-Profile Default-User-Vlan
configure security-profile default-user-vlan configure security-profile default-user-vlan configure security-profile <name> default-user-vlan <vlan> [tagged | untagged] Description Configures the default data VLAN for wireless users. Syntax Description name Specifies the name of the security profile. vlan Specifies the name of the default VLAN for wireless users. tagged Specifies that the Altitude 300 access point (AP) should send the wireless user traffic tagged.
Page 918 Security Commands Example The following example sets the security profile open-auth to use the VLAN open-vlan: configure security-profile open-auth default-user-vlan open-vlan The following example sets the option so that the remote connect Altitude 300 AP can send untagged the user traffic untagged: configure security-profile open-auth default-user-vlan open-vlan untagged History This command was first available in ExtremeWare 6.2a.
Page 919: Configure Security-Profile Dot11-Auth Network-Auth Encryption
configure security-profile dot11-auth network-auth encryption configure security-profile dot11-auth network-auth encryption configure security-profile <name> dot11-auth <open | shared> network-auth <none | dot1x |mac-radius |web-based | wpa | wpa-psk | wpa2 | wpa2-psk> encryption <none | aes |tkip | aes-tkip | wep64 | wep128> Description Enables dot11 authentication, network authentication, and encryption.
Page 920 Security Commands Dot11 Authentication Network Authentication Encryption open web-based Choices: • none • wep64 • wep128 open mac-radius Choices: • none • wep64 • wep128 open dot1x Choices: • wep64 • wep128 open Choices: • tkip • • aes-tkip open wpa-psk Choices: •...
Page 921 configure security-profile dot11-auth network-auth encryption Platform Availability This command is available on the Summit 300-48, Summit 300-24, Summit 400-24p, and Alpine 3800 switches. ExtremeWare 7.7 Command Reference Guide...
Page 922: Configure Security-Profile Dot1X-Wpa-Timers Group-Update-Timer
Security Commands configure security-profile dot1x-wpa-timers group-update-timer configure security-profile <name> dot1x-wpa-timers group-update-timer <minutes> Description When the network-authentication is set to dot1x, WPA or WPA2, this command configures the interval when group keys for dot1x and WPA clients are updated. Syntax Description name Specifies the name of the security profile.
Page 923: Configure Security-Profile Dot1X-Wpa-Timers Pairwise-Update-Timer
configure security-profile dot1x-wpa-timers pairwise-update-timer configure security-profile dot1x-wpa-timers pairwise-update-timer configure security-profile <name> dot1x-wpa-timers pairwise-update-timer <minutes> Description When the network-authentication is set to dot1x, WPA or WPA2, this command configures the interval when pairwise keys for dot1x and WPA clients are updated. Syntax Description name Specifies the name of the security profile.
Page 924: Configure Security-Profile Dot1X-Wpa-Timers Reauth-Period
Security Commands configure security-profile dot1x-wpa-timers reauth-period configure security-profile <name> dot1x-wpa-timers reauth-period <seconds> Description When the network-authentication is set to dot1x, WPA or WPA2, this command configures the interval when clients are re-authenticated. Syntax Description name Specifies the name of the security profile. seconds Specifies the interval in seconds.
Page 925: Configure Security-Profile Ess-Name
configure security-profile ess-name configure security-profile ess-name configure security-profile <name> ess-name <ess_name> Description Sets the name of the wireless network for the 802.11 interface associated with the security profile. Syntax Description name Specifies the name of the security profile. ess_name Specifies the ESS name. Default Usage Guidelines ESS names can be shared across wireless ports and interfaces.
Page 926: Configure Security-Profile Ssid-In-Beacon
Security Commands configure security-profile ssid-in-beacon configure security-profile <name> ssid-in-beacon {on | off} Description Establishes whether the service set identifier (SSID) is advertised in the beacon frame. Syntax Description name Specifies the name of the security profile. Specifies that the beacon contains the SSID. Specifies that the beacon does not contain the SSID.
Page 927: Configure Security-Profile Use-Dynamic-Vlan
configure security-profile use-dynamic-vlan configure security-profile use-dynamic-vlan configure security-profile <name> use-dynamic-vlan {y | n} Description Determines whether or not the security profile uses the dynamic VLAN (VLAN pushed by the RADIUS server through a VSA (Vendor Specific Attribute)). Syntax Description name Specifies the names of the security profile.
Page 928 Security Commands Platform Availability This command is available on the Summit 300-48, Summit 300-24, Summit 400-24p, and Alpine 3800 switches. ExtremeWare 7.7 Command Reference Guide...
Page 929: Configure Security-Profile Wep Default-Key-Index
configure security-profile wep default-key-index configure security-profile wep default-key-index configure security-profile <name> wep default-key-index <index> Description Sets the default key index for the security profile in case of static WEP encryption. Syntax Description name Specifies the names of the security profile. index Specifies the index of the WEP key.
Page 930: Configure Security-Profile Wep Key Add
Security Commands configure security-profile wep key add configure security-profile <name> wep key add <index> [hex <hexoctet> | plaintext <string>] Description Adds the given WEP key at the specified index. Syntax Description name Specifies the names of the security profile. index Specifies the index.
Page 931: Configure Security-Profile Wep Key Delete
configure security-profile wep key delete configure security-profile wep key delete configure security-profile <name> wep key delete [all | <integer>] Description Deletes the specified WEP key. Syntax Description name Specifies the names of the security profile. Specifies that all WEP keys are deleted. integer Specifies the numeric value identifying the WEP key.
Page 932: Configure Security-Profile Wpa-Psk
Security Commands configure security-profile wpa-psk configure security-profile <name> wpa-psk [hex <hexadecimal_digit> | passphrase <alphanumeric_string>] Description Configures the WPA pre-shared key to have the specified hexadecimal or alphanumeric value. Syntax Description name Specifies the names of the security profile. Specifies the WPA pre-shared key type as hexadecimal. hexadecimal digit Specifies a 64-byte hexadecimal key.
Page 933: Configure Security-Profile Wpa2-Psk
configure security-profile wpa2-psk configure security-profile wpa2-psk configure security-profile <name> wpa2-psk [hex <hexadecimal_digit> | passphrase <alphanumeric_string>] Description Configures the WPA2 pre-shared key to have the specified hexadecimal or alphanumeric value. Syntax Description name Specifies the names of the security profile. Specifies the WPA2 pre-shared key type as hexadecimal. hexadecimal digit Specifies a 64-byte hexadecimal key.
Page 934: Configure Security-Profile Wpa-Only
Security Commands configure security-profile wpa-only configure security-profile <name> wpa-only [on | off] Description Prohibits use of wpa2 when wpa is selected as the network-authentication algorithm (see “configure security-profile dot11-auth network-auth encryption” on page 919). Syntax Description name Specifies name of the security-profile. Prohibits use of wpa2 when wpa is selected as the network authentication algorithm.
Page 935: Configure Ssh2 Key
Secure Copy Program (SCP) or the Secure File Transfer Protocol (SFTP). Before you can enable SSH2, you must first obtain a security license from Extreme Networks. After you receive the license, you must enable SSH2 and generate a host key. To enable SSH2, use the enable command.
Page 936 Security Commands This will take approximately 10 minutes and cannot be canceled. Continue? (y/n) If you respond yes, the command prompts as follows: Enter some random characters. End with a newline Type in a series of random characters, and then press the Enter or Return key. The key generation process proceeds.
Page 937: Configure Ssl Certificate Pregenerated
configure ssl certificate pregenerated configure ssl certificate pregenerated configure ssl certificate pregenerated Description Obtains the pre-generated certificate from the user. Syntax Description This command has no parameters or variables. Default Usage Guidelines This command is also used when downloading or uploading the configuration. The certificate information stored in the uploaded configuration file should not be modified, because it is signed using the issuer’s private key.
Page 938: Configure Ssl Certificate Privkeylen Country Organization Common-Name
Security Commands configure ssl certificate privkeylen country organization common-name configure ssl certificate privkeylen <length> country <code> organization <org_name> common-name <name> Description Creates a self-signed certificate and private key that can be saved in NVRAM. Syntax Description length Specifies the private key length in bytes. Valid values are between 1024 and 4096. code Specifies the country code in 2-character format.
Page 939 configure ssl certificate privkeylen country organization common-name Platform Availability This command is available in all platforms that use the SSH image except for the Summit “i” platform switches that use the SSH Base image. ExtremeWare 7.7 Command Reference Guide...
Page 940: Configure Ssl Privkey Pregenerated
Security Commands configure ssl privkey pregenerated configure ssl privkey pregenerated Description Obtains the pre-generated private key from the user. NOTE This command is available only for the Alpine 3800 and Summit 300 series switches. Syntax Description This command has no parameters or variables. Default Usage Guidelines This command is also used when downloading or uploading the configuration.
Page 941: Configure Tacacs Server
configure tacacs server configure tacacs server For the “i” switches: configure tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<L4 port no>} client-ip <ipaddress> For the “e” switches: configure tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<L4 port no>} client-ip [<ipaddress>] Description Configures the server information for a TACACS+ authentication server.
Page 942 Security Commands This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 943: Configure Tacacs Server Timeout
configure tacacs server timeout configure tacacs server timeout configure tacacs [primary |secondary] server <ipaddress> timeout <seconds> Description Configures the timeout interval for TACAS+ authentication requests for the primary and secondary servers. NOTE This command is available only on the “i” series switches. Syntax Description ipaddress Specifies the IP address of the primary or secondary server.
Page 944: Configure Tacacs Shared-Secret
Security Commands configure tacacs shared-secret configure tacacs [primary | secondary] shared-secret {encrypted} <string> Description Configures the shared secret string used to communicate with the TACACS+ authentication server. Syntax Description primary Configures the authentication string for the primary TACACS+ server. secondary Configures the authentication string for the secondary TACACS+ server.
Page 945: Configure Tacacs Timeout
configure tacacs timeout configure tacacs timeout configure tacacs [primary | secondary] {server <ipaddress> | <hostname>}} timeout <seconds> Description Configures the timeout interval for TACAS+ authentication requests. Syntax Description primary Configures the timeout for the primary TACACS+ server. secondary Configures the timeout for the secondary TACACS+ server. ipaddress Specifies the IP address of the TACACS+ server being configured.
Page 946: Configure Tacacs-Accounting Server
Security Commands configure tacacs-accounting server configure tacacs-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<tcp_port>} client-ip <ipaddress> Description Configures the primary and secondary TACACS+ accounting servers. Syntax Description primary Configures the primary TACACS+ accounting server. secondary Configures the secondary TACACS+ accounting server. ipaddress Specifies the IP address of the TACACS+ server being configured.
Page 947: Configure Tacacs-Accounting Shared-Secret
configure tacacs-accounting shared-secret configure tacacs-accounting shared-secret configure tacacs-accounting [primary | secondary] shared-secret {encrypted} <string> Description Configures the shared secret string used to communicate with the TACACS+ accounting server. Syntax Description primary Configures the authentication string for the primary TACACS+ accounting server. secondary Configures the authentication string for the secondary TACACS+ accounting server.
Page 948: Configure Tacacs-Accounting Timeout
Security Commands configure tacacs-accounting timeout configure tacacs-accounting {[primary | secondary] {server [<ipaddress>] | <hostname>}} timeout <seconds> Description Configures the timeout interval for TACACS+ accounting authentication requests. Syntax Description primary Configures the timeout for the primary TACACS+ accounting server. secondary Configures the timeout for the secondary TACACS+ accounting server. ipaddress Specifies the IP address of the TACACS+ server being configured.
Page 949: Configure Vlan Access-Profile
configure vlan access-profile configure vlan access-profile configure vlan <vlan name> access-profile [<access profile> | none] Description Configures a BlackDiamond 6800 series switch running ExtremeWare 4.1 to control the routing of traffic between VLANs. NOTE This command is available only on the BlackDiamond 6800 series switches. Syntax Description vlan name Specifies the name of an egress VLAN.
Page 950 Security Commands Platform Availability This command is available on the BlackDiamond 6800 MSM32 only. ExtremeWare 7.7 Command Reference Guide...
Page 951: Configure Vlan Dhcp-Address-Range
configure vlan dhcp-address-range configure vlan dhcp-address-range configure vlan <vlan-name> dhcp-address-range <start-addr> - <end-addr> {<mask>} Description Configures a set of DHCP addresses for a VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be configured. start-addr Specifies the starting IP address in the configured range. end-addr Specifies the ending IP address in the configured range.
Page 952 Security Commands Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 953: Configure Vlan Dhcp-Lease-Timer
configure vlan dhcp-lease-timer configure vlan dhcp-lease-timer configure vlan <name> dhcp-lease-timer <lease-timer> Description Configures the timer value in seconds returned as part of the DHCP response. Syntax Description name Specifies the VLAN on whose ports netlogin should be disabled. lease-timer Specifies the timer value, in seconds. Default Usage Guidelines The timer value is specified in seconds.
Page 954: Configure Vlan Dhcp-Options
Security Commands configure vlan dhcp-options configure vlan <vlan-name> dhcp-options [dhcp-gateway <gateway-addr> | dns-server <dns-server-ip> | wins-server <wins-server-ip>] {<start-addr>} Description Configures the DHCP options returned as part of the DHCP response by a switch configured as a DHCP server. Syntax Description vlan-name Specifies the name of the VLAN to be configured.
Page 955 configure vlan dhcp-options 40.0.0.40. Similarly, for the secondary subnet the DHCP address range is configured ranging from 50.0.0.5 to 50.0.0.40. To configure the DHCP gateway as 40.0.0.90 for the primary subnet, use the following command: configure vlan test dhcp-options dhcp-gateway 40.0.0.90 To configure the DHCP gateway as 50.0.0.90 for the secondary subnet use the following command: configure vlan test dhcp-options dhcp-gateway 50.0.0.90 50.0.0.5 NOTE...
Page 956 Security Commands History This command was first available in ExtremeWare 6.2. This command was added to the Summit “e” series of switches in ExtremeWare 7.1e. This command was modified so that remote or secondary subnets could be configured for DHCP options in ExtremeWare (through the addition of the parameter ).
Page 957: Configure Vlan Netlogin-Lease-Timer
configure vlan netlogin-lease-timer configure vlan netlogin-lease-timer configure vlan <vlan name> netlogin-lease-timer <seconds> Description Configures the timer value returned as part of the DHCP response for clients attached to network login-enabled ports. Syntax Description vlan name Specifies the VLAN to which this timer value applies. seconds Specifies the timer value, in seconds.
Page 958: Create Access-List
Security Commands create access-list create access-list <name> access-mask <access-mask name> {code-point <code_point>} {dest-mac <dest_mac} {source-mac <src_mac>} {vlan <name>} {ethertype [IP | ARP | <hex_value>]} {tos <ip_precedence> | {ip-protocol [tcp | udp | icmp | igmp | <prococol_num>]} {igmp-type [membership-query | leave-group | v1-membership-report | v2-membership-report | <number>...
Page 959 create access-list vlan-pri Specifies the 802.1p priority of the VLAN tag, which is a three-bit field. Valid values are 0 to 7. vlan-pri-2bits Specifies the two most significant bits of the vlan-pri field. Default Usage Guidelines None Example The following access-list example performs packet filtering in the following sequence, as determined by the precedence number: •...
Page 960: Create Access-List Igmp Destination Source Igmp-Type Ipmc-Group Ports
Security Commands create access-list igmp destination source igmp-type ipmc-group ports create access-list <access-list name> igmp destination [<dest_ipaddress>/ <mask> | any] source [<src_ipaddress>/<mask> | any] igmp-type [membership-query | leave-group | v1-membership-report | v2-membership-report | <number> | any] ipmc-group [<multicast ip address>/ <mask>...
Page 961 create access-list igmp destination source igmp-type ipmc-group ports create access-list igmp_acl1 destination any source any igmp-type v2-membership report ipmc-group 224.10.1.0/24 deny ports any precedence 30 History This form of the command was first available in ExtremeWare 7.6. Platform Availability This command is available on the “i” series switches only. ExtremeWare 7.7 Command Reference Guide...
Page 962: Create Access-List Icmp Destination Source
Security Commands create access-list icmp destination source create access-list <name> icmp destination [<dest_ipaddress>/<mask> | any] source [<src_ipaddress>/<source_mask> | any] type <icmp_type> code <icmp_code> [permit | deny] {<portlist>} {precedence <number>} Description Creates a named IP access list that applies to ICMP traffic. NOTE This command is available only on the “i”...
Page 963 create access-list icmp destination source History This command was first available in ExtremeWare 6.0, and replaced the command. configure ipqos Platform Availability This command is available on the “i” series platforms only. ExtremeWare 7.7 Command Reference Guide...
Page 964: Create Access-List Ip Destination Source Ports
Security Commands create access-list ip destination source ports create access-list <name> ip destination [<dest_ipaddress>/<mask> | any] source [<src_ipaddress>/<src_mask> | any] [permit {<qosprofile>} | deny] ports [<portlist> | any] {precedence <prec_number>} Description Creates a named IP access list that applies to all IP traffic. NOTE This command is available only on the “i”...
Page 965 create access-list ip destination source ports create access-list denyall ip dest 0.0.0.0/0 source 0.0.0.0/0 deny ports any History This command was first available in ExtremeWare 6.0, and replaced the command. configure ipqos Platform Availability This command is available on the “i” series platforms only. ExtremeWare 7.7 Command Reference Guide...
Page 966: Create Access-List Tcp Destination Source Ports
Security Commands create access-list tcp destination source ports create access-list <name> tcp destination [<dest_ipaddress>/<mask> | any] ip-port [<dst_port> | range <dst_port_min> <dst_port_max> | any] source [<src_ipaddress>/<src_mask> | any] ip-port [<src_port> | range <src_port_min> <src_port_max> | any] [permit <qosprofile> | permit-established | deny] ports [<portlist> | any] {precedence <precedence_num>} Description Creates a named IP access list that applies to TCP traffic.
Page 967 create access-list tcp destination source ports Default Usage Guidelines The access list is applied to all ingress packets. Example The following command defines an access-list rule named allow10_23 with precedence 30 that permits TCP port 23 traffic destined for other 10.x.x.x networks, and assigns QoS profile Qp4: create access-list allow10_23 tcp dest 10.0.0.0/8 ip-port 23 source any ip-port any permit qosprofile qp4 ports any precedence 30 History...
Page 968: Create Access-List Udp Destination Source Ports
Security Commands create access-list udp destination source ports create access-list <name> udp destination [<dest_ipaddress>/<mask> | any] ip-port [<dst_port> | range <dst_port_min> <dst_port_max> | any] source [<src_ipaddress>/<src_mask> | any] ip-port [<src_port> | range <src_port_min> <src_port_max> | any] [permit <qosprofile> | deny] ports [<portlist>...
Page 969 create access-list udp destination source ports Usage Guidelines The access list is applied to all ingress packets. Example The following command defines an access-list rule named allow10_35 with precedence 70 that permits udp port 35 traffic destined for other 10.X.X.X networks, and assigns QoS profile Qp2: create access-list allow10_35 udp dest 10.0.0.0/8 ip-port 35 source any ip-port any permit qosprofile qp2 ports any precedence 70 History...
Page 970: Create Access-Mask
Security Commands create access-mask create access-mask <access-mask name> {code-point} {ip-protocol} {icmp-code} {icmp-type} {igmp-type} {ipmc-group/<mask length>} {dest-ip/<mask length>} {dest-L4port} {dest-mac} {egressport} {ethertype} {permit-established} {ports} {precedence <number>} {source-ip/<mask length>} {source-L4port} {source-mac} {tos} {vlan} {vlan-pri} {vlan-pri-2bits} Description Creates an access mask. NOTE This command is available only on the “e” series switches. Syntax Description access mask name Specifies the name of the access-mask.
Page 971 create access-mask source-L4port Specifies that the source TCP/UDP port should be specified when you create an access list using this access mask. source-mac Specifies that the source MAC address should be specified when you create an access list using this access mask. Specifies that the 3-bit precedence field within the IP ToS field.should be specified when you create an access list using this access mask.
Page 972: Create Access-Profile Type
Security Commands create access-profile type For the “i” series switches: create access-profile <access profile> type [ipaddress | ipx-node | ipx-net | ipx-sap | as-path | bgp-community | vlan] For the “e” series switches: create access-profile <access profile> type [ipaddress | as-path] Description Creates an access profile.
Page 973 create access-profile type Examples The following command creates an access profile named nosales that will contain IP address/mask pairs: create access-profile nosales type ipaddress The following command creates an access profile that will contain AS path expressions: create access-profile AS1 type as-path History A limited version of this command was first available in ExtremeWare 4.0.
Page 974: Create Rate-Limit
Security Commands create rate-limit create rate-limit <rule_name> access-mask <access-mask name> {dest-mac <dest_mac>} {source-mac <scr_mac>} {vlan <name>} {ethertype [IP | ARP | <hex_value>]} {tos <ip_precedence> | code-point <code_point>} {ipprotocol [tcp | udp | icmp | igmp | <prococol_num>]} {dest-ip <dest_IP>/<mask length>} {dest-L4port <dest_port>} {source-ip <src_IP>/<mask length>} {source-L4port <src_port>...
Page 975 create rate-limit vlan-pri-2bits Specifies the two most significant bits of the vlan-pri field. Example This command creates an access list named denyping that filters out ping (ICMP echo) packets. ICMP echo packets are defined as type 8 code 0: create access-list denyping icmp destination any source any type 8 code 0 deny ports History This command was first available in ExtremeWare 7.1e.
Page 976: Create Route-Map
Security Commands create route-map create route-map <name> Description Creates a route map statement. NOTE This command is available only on the “i” series switches. Syntax Description name Specifies a route map name. Default Usage Guidelines Route maps are a mechanism that can be used to conditionally control the redistribution of routes between two routing domains, and to modify the routing information that is redistributed.
Page 977: Create Security-Profile
create security-profile create security-profile create security-profile <name> {copy <existing_profile>} Description Creates a new security profile. NOTE This command is available on Summit 300 and Alpine 3800 series switches only. Syntax Description name Specifies the name of the security profile being created. existing_profile Specifies the name of an existing profile from which the system copies the initial values.
Page 978: Create Trusted-Mac-Address
Security Commands create trusted-mac-address For the “i” switches: create trusted-mac-address {mac-address} <xx:yy:zz:aa:bb:cc> {mask <dd:ee:ff:gg:hh:kk>} vlan <vlan-name | all> {port <portlist>} {protocol[DHCP|ARP]} For the “e” switches: create trusted-mac-address mac-address <mac_address> [mask <mask>] vlan <vlan_name>| all [ports <portlist>] [protocol {DHCP|ARP}] Description Configures a trusted media access control (MAC) address with mask for each VLAN or all VLANs for the ARP or DHCP protocols.
Page 979 create trusted-mac-address Use the following command to delete a trusted MAC address: delete trusted-mac-address [mac-address <mac_address> {mask <mask>} <vlan_name>] | all [ports <portlist>] [protocol [DHCP|ARP]] Example The following command creates a trusted MAC address of for all ports in the 00:e0:18:01:32:1f VLAN named vlan1: create trusted-mac-address 00:e0:18:01:32:1f vlan1...
Page 980: Delete Access-List
Security Commands delete access-list For the “i” switches: delete access-list [<name> | all] For the “i” switches: delete access-list <name> Description Deletes an access list. Syntax Description name Specifies the name of the access list to be deleted. Specifies that all access lists should be deleted. NOTE: This option is available only on the “I”...
Page 981: Delete Access-Mask
delete access-mask delete access-mask delete access-mask <name> Description Deletes the named access-mask. NOTE This command is available only on the “e” series switches. Syntax Description name Specifies the name of the access list to be deleted. Usage Guidelines None Example The following command disables statistics collection for access list allow102: delele access-list allow102 History...
Page 982: Delete Access-Profile
Security Commands delete access-profile delete access-profile <access profile> Description Deletes an access profile. Syntax Description access profile Specifies the access profile name to be deleted. Default Usage Guidelines None Example The following command deletes an access profile named nosales: delete access-profile nosales History This command was first available in ExtremeWare 4.0.
Page 983: Delete Rate-Limit
delete rate-limit delete rate-limit delete rate-limit <name> Description Deletes a rate limit rule. NOTE This command is available only on the “e” series switches. Syntax Description name Specifies the name of the rate limit rule. Usage Guidelines None Example The following command deletes a rate limit rule named throttle2: delete access-profile throttle2 History This command was first available in ExtremeWare 7.1e.
Page 984: Delete Route-Map
Security Commands delete route-map delete route-map <route map> Description Deletes a route map statement from the route map. NOTE This command is available only on the “i” series switches. Syntax Description route map Specifies a route map name. Default Usage Guidelines None Example The following command deletes a route-map named bgp-out:...
Page 985: Delete Security-Profile
delete security-profile delete security-profile delete security-profile <name> Description Deletes the named security profile. Syntax Description name Specifies the name of an existing security profile to be deleted. Default Usage Guidelines Use this command to delete the named security profile. The named profile cannot be attached to any active ports before deletion.
Page 986: Delete Trusted-Mac-Address
Security Commands delete trusted-mac-address delete trusted-mac-address [mac-address <mac_address> {mask <mask>} <vlan_name>] | all [ports <portlist>] [protocol [DHCP|ARP]] Description Deletes a trusted MAC address. Syntax Description <xx:yy:zz:aa:bb:cc> Specifies the MAC address of the enabled trusted-MAC. Either is specified in the form xx:yy:zz:aa:bb:cc.
Page 987 delete trusted-mac-address Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 988: Disable Access-List
Security Commands disable access-list disable access-list <name> [counter | log] Description Disables message logging or the collection of access-list statistics. NOTE This command is available only on the “i” series switches. Syntax Description name Specifies the name of the access list. counter Specifies that access-list statistics collection should be disabled.
Page 989: Disable Arp-Learning
disable arp-learning disable arp-learning disable arp-learning From ExtremeWare 7.7, this command is modified to: disable ip-security arp learning learn-from-arp Description Disables the ARP-learning feature on the switch. Syntax Description This command has no arguments or variables. Default By default, ARP learning is enabled. Usage Guidelines This feature applies only to the layer 3 environment.
Page 990: Disable Arp-Learning Ports
Security Commands disable arp-learning ports disable arp-learning ports <portlist> From ExtremeWare 7.7, this command is modified to: disable ip-security arp learning learn-from-arp ports <portlist> Description Disables the ARP-learning feature on a port or ports. Syntax Description portlist Specifies the ingress port(s) on which this rule is applied. all specifies that the rule will be applied to all ports.
Page 991: Disable Arp-Learning Vlan
disable arp-learning vlan disable arp-learning vlan disable arp-learning vlan <vlan name> From ExtremeWare 7.7, this command is modified to: disable ip-security arp learning learn-from-arp vlan <vlan name> Description Disables the ARP-learning feature on a specified VLAN. Syntax Description vlan name Specifies the vlan to which the rule applies.
Page 992: Disable Arp-Learning Vlan Ports
Security Commands disable arp-learning vlan ports disable arp-learning vlan <vlan name> port <portlist> From ExtremeWare 7.7, this command is modified to: disable ip-security arp learning learn-from-arp vlan <vlan name> ports <portlist> Description Disables the ARP-learning feature on a port in the specified VLAN. Syntax Description vlan name Specifies the vlan to which the rule applies.
Page 993: Disable Cpu-Dos-Protect
disable cpu-dos-protect disable cpu-dos-protect disable cpu-dos-protect Description Disables denial of service protection. Syntax Description There are no arguments or variables for this command. Default The default is disabled. Usage Guidelines None Example The following command disables denial of service protection. disable cpu-dos-protect History This command was first available in ExtremeWare 6.2.2.
Page 994: Disable Dhcp Ports Vlan
Security Commands disable dhcp ports vlan disable dhcp ports <portlist> vlan <vlan name> Description Disables DHCP on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which DHCP should be disabled. vlan name Specifies the VLAN on whose ports DHCP should be disabled. Default Usage Guidelines The DHCP server should be used with network login and not as a stand-alone DHCP server.
Page 995: Disable Enhanced-Dos-Protect
disable enhanced-dos-protect disable enhanced-dos-protect disable enhanced-dos-protect {rate-limit | ipfdb |benchmark} {ports [<portlist>]} Description Disables enhanced denial of service protection globally or for selected ports. Syntax Description rate-limit Disables software rate limiting. ipfdb Disables the IPFDB learning qualifier. benchmark Displays the cumulative number of packets dropped by the CPU and the current packet rate on a port.
Page 996: Disable Ip-Subnet-Lookup
Security Commands disable ip-subnet-lookup disable ip-subnet-lookup Description Disables the IPDA subnet lookup feature in a switch. Syntax Description There are no arguments or variables for this command. Default The default is disabled. Usage Guidelines On the “i” series switches, system rebooting is needed for a new setting to be effective. On the “e”...
Page 997: Disable Mac-Lockdown-Timeout Ports
disable mac-lockdown-timeout ports disable mac-lockdown-timeout ports disable mac-lockdown-timeout ports [<portlist> | all] Description This command disables the MAC address lockdown timeout feature for the specified port or group of ports or for all ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 998: Disable Netlogin
Security Commands disable netlogin disable netlogin [web-based |dot1x |mac] Description Disables network login modes. Syntax Description web-based Specifies web-based authentication. dot1x Specifies 802.1x authenticating. Specifies MAC-based RADIUS authentication. Default Web-based and 802.1x authentication are enabled by default. MAC-based authentication is disabled by default. Usage Guidelines All types, any combination of types, or no type of authentication can be enabled on the same switch.
Page 999 disable netlogin keyword was added in Extremeware 7.4. Platform Availability This command is available on all platforms. ExtremeWare 7.7 Command Reference Guide...
Page 1000: Disable Netlogin Dot1X Guest-Vlan Ports
Security Commands disable netlogin dot1x guest-vlan ports disable netlogin dot1x guest-vlan ports [all | <port-list>] Description Disables a guest VLAN for the specified 802.1x netlogin ports. Syntax Description Disables the guest VLAN on all ports. <port-list> Specifies one or more ports or slots and ports on which the guest VLAN is disabled. On a modular switch, can be a list of slots and ports.

This manual is also suitable for:

Extremeware 7.7

Extreme Networks ExtremeWare Command Reference Manual

Chapter 1 Command Reference Overview

Chapter 2 Commands for Accessing the Switch

Chapter 3 Commands for Managing the Switch

Chapter 4 Commands for Configuring Slots and Ports on a Switch

Chapter 5 VLAN Commands

Chapter 6 FDB Commands

Chapter 7 Qos Commands

Chapter 8 NAT Commands

Chapter 9 SLB Commands-“I” Series Switches Only

Quick Links

Related Manuals for Extreme Networks ExtremeWare

Summary of Contents for Extreme Networks ExtremeWare