Summary of Contents for Extreme Networks ExtremeWare
Page 1
ExtremeWare Software Command Reference Guide Software Version 7.3.0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: March, 2005 Part number: 100160-00 Rev. 04...
Page 2
Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
Page 6
Contents enable telnet enable web exit logout quit show snmpv3 context show snmpv3 engine-info show management show odometer show session show snmpv3 access show snmpv3 counters show snmpv3 filter show snmpv3 filter-profile show snmpv3 group show snmpv3 mib-view show snmpv3 notify show snmpv3 target-addr show snmpv3 target-addr-ext show snmpv3 target-params...
Page 7
Contents configure msm-failover link-action configure msm-failover slave-config configure msm-failover timeout configure port aggregate-bandwidth percent configure ports configure ports auto off configure ports auto on configure ports auto-polarity configure ports display-string configure port interpacket-gap configure ports link-detection-level configure ports redundant configure ports vdsl configure sharing address-based configure slot disable edp ports...
Page 8
Contents enable smartredundancy restart ports run msm-failover show edp show mirroring show msm-failover show ports collisions show ports configuration show ports info show ports packet show ports sharing show ports utilization show ports vlan info show sharing address-based show slot unconfigure msm-failover unconfigure port aggregate-bandwidth unconfigure ports display string...
Page 9
Contents configure vlan delete port configure vlan delete secondary-ip configure vlan ipaddress configure vlan name configure vlan protocol configure vlan tag create protocol create vlan delete protocol delete vlan disable gvrp disable mac-vlan port enable gvrp enable mac-vlan mac-group port show gvrp show mac-vlan show protocol...
Page 12
Contents configure slb failover failback-now configure slb failover ping-check configure slb failover unit configure slb global connection-block configure slb global connection-timeout configure slb global ftp configure slb global http configure slb global nntp configure slb global persistence-level configure slb global persistence-method configure slb global ping-check configure slb global pop3 configure slb global service-check...
Page 15
Contents show slb gogo-mode show slb L4-port show slb node show slb persistence show slb pool show slb stats show slb vip unconfigure slb all unconfigure slb gogo-mode health-check unconfigure slb gogo-mode service-check unconfigure slb vip service-check Chapter 10 Commands for Status Monitoring and Statistics clear counters clear log clear log counters...
Page 22
Contents enable ssh2 enable tacacs enable tacacs-accounting enable tacacs-authorization enable trusted-mac-address enable web http enable web http access-profile enable web https access-profile enable web https scp2 scp2 configuration show access-list show access-list-fdb show access-list-monitor show access-profile show arp-learning vlan show arp-learning vlan ports show auth show cpu-dos-protect show enhanced-dos-protect...
Page 43
Contents show multilink alarms 1737 show multilink e1 errors 1738 show multilink stats 1739 show multilink t1 errors 1740 show ports alarms 1741 show ports configuration 1742 show ports errors 1743 show ports e1 errors 1744 show ports info 1745 show ports stats 1746 show ppp...
Page 45
Contents show mpls ldp acl 1832 show mpls 1833 show mpls forwarding 1834 show mpls interface 1836 show mpls label 1837 show mpls ldp 1839 show mpls qos-mapping 1841 show mpls rsvp-te 1842 show mpls rsvp-te lsp 1843 show mpls rsvp-te path 1844 show mpls rsvp-te profile 1845...
Page 46
Contents disable flow-control ports 1876 enable application examination ports 1877 enable diagnostics cable 1878 enable diffserv ingress replacement ports 1879 enable flow-control ports 1881 run diagnostics cable 1882 show application examination 1884 show diagnostics cable 1885 show ports egress-rate-limit 1888 show ports ingress stats 1890 show qosprofile ingress...
Page 47
Contents reset inline-power ports 1918 show inline-power 1919 show inline-power configuration port 1921 show inline-power configuration slot 1923 show inline-power info 1925 show inline-power slot 1928 show inline-power stats ports 1929 show inline-power stats slot 1931 unconfig inline-power backup-source slot 1932 unconfig inline-power detection ports 1933...
Page 55
This guide is intended for use as a reference by network administrators who are responsible for installing and setting up network equipment. It assumes knowledge of Extreme Networks switch configuration. For conceptual information and guidance on configuring Extreme Networks switches, see the ExtremeWare Software User Guide for your version of the ExtremeWare software.
The publications related to this one are: • ExtremeWare release notes • ExtremeWare Software User Guide • Extreme Networks Consolidated “i” Series Hardware Installation Guide Documentation for Extreme Networks products is available on the World Wide Web at the following location: http://www.extremenetworks.com/ Using ExtremeWare Publications Online You can access ExtremeWare publications by downloading them from the Extreme Networks World Wide Web location or from your ExtremeWare product CD.
Page 57
Related Publications NOTE ® If you are using Adobe Reader or Adobe Acrobat Version 6.0 or later to view PDF files, see “Using Adobe Reader Version 6.0” in this section for important information on making a configuration adjustment to ensure proper viewing and linking of PDF files. The following two ExtremeWare publications are available as PDF files that are designed to be used online together: •...
Page 58
Preface Open cross-document links in same window To deselect this option, make sure that the check box next to it is unchecked. 5 Click OK. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 59
ExtremeWare version 7.3.0. NOTE ExtremeWare 7.3.0 only supports Extreme Networks products that contain the “i” or “3” series chipset. This includes the BlackDiamond, Alpine, and Summit “i” series platforms, but does not include the Summit e-series and Summit 200 series platforms.
Page 60
Command Reference Overview • Server Load Balancing (SLB) concepts • Simple Network Management Protocol (SNMP) This guide also assumes that you have read the Installation and User Guide for your product. Structure of this Guide This guide documents each ExtremeWare command. Related commands are grouped together and organized into chapters based on their most common usage.
Understanding the Command Syntax Understanding the Command Syntax When entering a command at the prompt, ensure that you have the appropriate privilege level. Most configuration commands require you to have the administrator privilege level. You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself.
Command Reference Overview Abbreviated Syntax Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command or parameter. Typically, this is the first three letters of the command. If you do not enter enough letters to allow the switch to determine which command you mean, the syntax helper will provide a list of the options based on the portion of the command you have entered.
Page 63
Line-Editing Keys You can specify all ports on a particular slot. For example, port 3:* indicates all ports on slot 3. You can specify a range of slots and ports. For example, port 2:3-4:5 indicates slot 2, port 3 through slot 4, port 5. Stand-alone Switch Numerical Ranges Commands that require you to enter one or more port numbers on a stand-alone switch use the parameter...
Command Reference Overview Command History ExtremeWare “remembers” the last 49 commands you entered. You can display a list of these commands by using the following command: history ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Accessing the Switch This chapter describes: • Commands used for accessing and configuring the switch including how to set up user accounts, passwords, date and time settings, and software licenses • Commands used for configuring the Domain Name Service (DNS) client •...
Commands for Accessing the Switch clear session clear session <number> Description Terminates a Telnet, SSH, NetLogin, or Console session from the switch. Syntax Description number Specifies a session number from show session output to terminate. Default N/A. Usage Guidelines An administrator-level account can disconnect a management session that has been established by way of a Telnet connection.
configure account configure account configure account <user account> {encrypted} {<password>} Description Configures a user account password. Syntax Description user account Specifies a user account name. encrypted This option is for use only by the switch when generating an ASCII configuration file. Specifies that the password should be encrypted when the configuration is uploaded to a file.
Page 68
Commands for Accessing the Switch Example The following command defines a new password for the account admin: configure account admin The switch responds with a password prompt: password: Your keystrokes will not be echoed as you enter the new password. After you enter the password, the switch will then prompt you to reenter it.
configure banner configure banner configure banner Description Configures the banner string that is displayed at the beginning of each login prompt of each session. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Press [Return] at the beginning of a line to terminate the command and apply the banner. To clear the banner, press [Return] at the beginning of the first line.
Commands for Accessing the Switch configure banner netlogin configure banner netlogin Description Configures the network login banner that is displayed at the beginning of each login prompt of each session. Syntax Description This command has no arguments or variables. Default N/A.
configure dns-client add configure dns-client add configure dns-client add <ipaddress> Description Adds a DNS name server to the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines Up to three DNS name servers can be configured in ExtremeWare versions prior to 6.2.1. In ExtremeWare 6.2.1 and later, eight DNS name servers can be configured.
Commands for Accessing the Switch configure dns-client add domain-suffix configure dns-client add domain-suffix <domain_name> Description Adds a domain name to the domain suffix list. Syntax Description domain_name Specifies a domain name. Default N/A. Usage Guidelines The domain suffix list can include up to six items. If the use of all previous names fails to resolve a name, the most recently added entry on the domain suffix list will be the last name used during name resolution.
configure dns-client add name-server configure dns-client add name-server configure dns-client add name-server <ipaddress> Description Adds a DNS name server to the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines Up to three DNS name servers can be configured in ExtremeWare versions prior to 6.2.1. In ExtremeWare 6.2.1 and later, eight DNS name servers can be configured.
Commands for Accessing the Switch configure dns-client default-domain configure dns-client default-domain <domain_name> Description Configures the domain that the DNS client uses if a fully qualified domain name is not entered. Syntax Description domain_name Specifies a default domain name. Default N/A. Usage Guidelines Sets the DNS client default domain name to .
configure dns-client delete configure dns-client delete configure dns-client delete <ipaddress> Description Removes a DNS name server from the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines None Example The following command removes a DNS server from the list: configure dns-client delete 10.1.2.1 History This command was first available in ExtremeWare 4.0.
Commands for Accessing the Switch configure dns-client delete domain-suffix configure dns-client delete domain-suffix <domain_name> Description Deletes a domain name from the domain suffix list. Syntax Description domain_name Specifies a domain name. Default N/A. Usage Guidelines This command randomly removes an entry from the domain suffix list. If the deleted item was not the last entry in the list, all items that had been added later are moved up in the list.
configure dns-client delete name-server configure dns-client delete name-server configure dns-client delete name-server <ipaddress> Description Removes a DNS name server from the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines None. Example The following command removes a DNS server from the list: configure dns-client delete name-server 10.1.2.1...
Commands for Accessing the Switch configure idletimeouts configure idletimeouts <minutes> Description Configures the time-out for idle HTTP, console, and Telnet sessions. Syntax Description minutes Specifies the time-out interval, in minutes. Range is 1 to 240 (1 minute to 4 hours). Default Default time-out is 20 minutes.
configure time configure time configure time <date> <time> Description Configures the system date and time. Syntax Description date Specifies the date in mm/dd/yyyy format. time Specifies the time in hh:mm:ss format. Default N/A. Usage Guidelines The format for the system date and time is as follows: mm/dd/yyyy hh:mm:ss The time uses a 24-hour clock format.
Commands for Accessing the Switch configure timezone configure timezone {name <std_timezone_ID>} <GMT_offset> {autodst {name <dst_timezone_ID>} {<dst_offset>} {begins [every <floatingday> | on <absoluteday>] {at <time_of_day>} {ends [every <floatingday> | on <absoluteday>] {at <time_of_day>}}} | noautodst} Description Configures the Greenwich Mean Time (GMT) offset and Daylight Saving Time (DST) preference. Syntax Description GMT_offset Specifies a Greenwich Mean Time (GMT) offset, in + or - minutes.
Page 81
configure timezone Usage Guidelines Network Time Protocol (NTP) server updates are distributed using GMT time. To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to GMT based on geographic location. is specified in +/- minutes from the GMT time.
Page 82
Commands for Accessing the Switch Table 5: Greenwich Mean Time Offsets (Continued) GMT Offset GMT Offset in Hours in Minutes Common Time Zone References Cities -5:00 -300 EST - Eastern Standard Bogota, Columbia; Lima, Peru; New York, NY, Trevor City, MI USA -6:00 -360 CST - Central Standard...
Page 83
configure timezone Example The following command configures GMT offset for Mexico City, Mexico and disables automatic DST: configure timezone -360 noautodst The following four commands are equivalent, and configure the GMT offset and automatic DST adjustment for the US Eastern timezone, with an optional timezone ID of EST: configure timezone name EST -300 autodst name EDT 60 begins every first sunday april at 2:00 ends every last sunday october at 2:00 configure timezone name EST -300 autodst name EDT 60 begins every 1 1 4 at 2:00 ends...
Commands for Accessing the Switch create account create account [admin | user] <username> {encrypted} {<password>} Description Creates a new user account. Syntax Description admin Specifies an access level for account type admin. user Specifies an access level for account type user. username Specifies a new user account name.
Page 85
create account For ExtremeWare 4.x and higher: • Admin-level users and users with RADIUS command authorization can use the create account command. For ExtremeWare 4.x: • User account name specifications are not available. • Passwords must have a minimum of 4 characters and can have a maximum of 12 characters. •...
Commands for Accessing the Switch delete account delete account <username> Description Deletes a specified user account. Syntax Description username Specifies a user account name. Default N/A. Usage Guidelines Use the command to determine which account you want to delete from the system. The show accounts show accounts output displays the following information in a tabular format: •...
Page 87
delete account Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Accessing the Switch disable clipaging disable clipaging Description Disables pausing at the end of each show screen. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The command line interface (CLI) is designed for use in a VT100 environment. Most command show output will pause when the display reaches the end of a page.
disable idletimeouts disable idletimeouts disable idletimeouts Description Disables the timer that disconnects idle sessions from the switch. Syntax Description This command has no arguments or variables. Default Enabled. Timeout 20 minutes. Usage Guidelines When idle time-outs are disabled, console sessions remain open until the switch is rebooted or you logoff.
Commands for Accessing the Switch enable clipaging enable clipaging Description Enables the pause mechanism and does not allow the display to print continuously to the screen. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The command line interface (CLI) is designed for use in a VT100 environment. Most command show output will pause when the display reaches the end of a page.
enable idletimeouts enable idletimeouts enable idletimeouts Description Enables a timer that disconnects Telnet and console sessions after 20 minutes of inactivity. Syntax Description This command has no arguments or variables. Default Enabled. Timeout 20 minutes. Usage Guidelines You can use this command to ensure that a Telnet, HTTP, or console session is disconnected if it has been idle for the required length of time.
history history history Description Displays a list of the previous 49 commands entered on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines ExtremeWare “remembers” the last 49 commands you entered on the switch. Use the history command to display a list of these commands.
Commands for Accessing the Switch reboot reboot {time <date> <time> | cancel} {slot <slot number> | msm-a | msm-b} Description Reboots the switch or the module in the specified slot at a specified date and time. Syntax Description date Specifies a reboot date in mm/dd/yyyy format. time Specifies a reboot time in hh:mm:ss format.
Page 95
reboot reboot time 10/04/2001 10,46,00 slot 5 History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 7.0.0 to include the option. slot This command was modified in ExtremeWare 7.1.0 to include the options. msm-a msm-b Platform Availability This command is available on all platforms.
Commands for Accessing the Switch show accounts pppuser show accounts pppuser Description Displays user account information for all users on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines You need to create a user account using the command before you can display user create account account information.
Page 97
show accounts pppuser Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Use this command to view the banner that is displayed before the login prompt. Example The following command displays the switch banner: show banner Output from this command looks similar to the following: Extreme Networks Summit48i Layer 3 Switch ######################################################### Unauthorized Access is strictly prohibited. Violators will be persecuted ######################################################### History This command was first available in ExtremeWare 2.0.
show dns-client show dns-client show dns-client Description Displays the DNS configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the DNS configuration: show dns-client Output from this command looks similar to the following: Number of domain suffixes: 2 Domain Suffix 1: njudah.local...
Commands for Accessing the Switch show switch show switch Description Displays the current switch information. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Viewing statistics on a regular basis allows you to see how well your network is performing. If you keep simple daily records, you will see trends emerging and notice problems arising before they cause major network faults.
Page 101
Example The following command displays current switch information: show switch Output from this command looks similar to the following: SysName: Alpine3804 SysLocation: Extreme Networks HQ SysContact: Carlos_Beronio System MAC: 00:01:30:23:C1:00 License: Full L3 System Mode: 802.1Q EtherType is 8100 (Hex).
Page 102
Commands for Accessing the Switch Secondary EW Ver: 7.1.0b34 [non-ssh] Module Image Selected Image Booted ------ -------------- ------------ Secondary Secondary Slot 2 (WM4T1) Secondary Secondary Config Selected: Primary Config Booted: Primary Primary Config: Created by EW Version: 7.1.0 Build 34 [38] 7928 bytes saved on Wed Jun 4 11:54:03 2003 Secondary Config: Created by EW Version:...
traceroute traceroute traceroute <host name/ip> {from <source IP address>} {ttl <number>} {port <port number>} Description Enables you to trace the routed path between the switch and a destination endstation. Syntax Description host name/ip Specifies the hostname or IP address of the destination endstation. from <source IP address>...
Page 104
Commands for Accessing the Switch ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch This chapter describes: • Commands for configuring Simple Network Management Protocol (SNMP) parameters on the switch • Commands for managing the switch using Telnet and web access • Commands for configuring Simple Network Time Protocol (SNTP) parameters on the switch SNMP Any network manager running the Simple Network Management Protocol (SNMP) can manage the switch, if the Management Information Base (MIB) is installed correctly on the management station.
Commands for Managing the Switch • SNMP read access—The ability to read SNMP information can be restricted through the use of an access profile. An access profile permits or denies a named list of IP addresses and subnet masks. • SNMP read/write access—The ability to read and write SNMP information can be restricted through the use of an access profile.
configure snmp access-profile readonly configure snmp access-profile readonly configure snmp access-profile readonly [<access-profile> | none] Description Assigns an access profile that limits which stations have read-only access to the switch. Syntax Description access-profile Specifies a user defined access profile. none Cancels a previously configured access profile.
Page 108
Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure snmp access-profile readwrite configure snmp access-profile readwrite configure snmp access-profile readwrite [<access-profile> | none] Description Assigns an access profile that limits which stations have read/write access to the switch. Syntax Description access-profile Specifies a user defined access profile. none Cancels a previously configured access profile.
Page 110
Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure snmp add community configure snmp add community configure snmp add community [readonly | readwrite] {encrypted} <alphanumeric string> Description Adds an SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies encryption, for use only by the switch when uploading or downloading a configuration.
Page 112
Commands for Managing the Switch History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Specifies that BGP traps will be sent to the trap receiver. extreme-traps Specifies that Extreme Networks specific traps will be sent to the trap receiver. link-up-down-traps Specifies that link state traps will be sent to the trap receiver. ospf-traps Specifies that OSPF traps will be sent to the trap receiver.
Page 114
Commands for Managing the Switch specific trap group. If no trap groups are specified, all traps will be sent to the receiver. Entries in this list can be created, modified, and deleted using the RMON2 trapDestTable MIB variable, as described in RFC 2021.
Page 115
The following command adds port 9990 at the IP address 10.203.0.22 as a trap receiver with the community string public, and the receiver should be sent standard traps for the trap groups for BGP and Extreme Networks: ExtremeWare Software 7.3.0 Command Reference Guide...
Page 116
Commands for Managing the Switch configure snmp add trapreceiver ipaddress 10.203.0.22 port 9990 community public mode standard trap-group extreme-traps, bgp-traps History This command was first available in ExtremeWare 1.0. This command was modified in ExtremeWare 6.2.1 to support the , and source ( port community from...
configure snmp community configure snmp community configure snmp community [readonly | readwrite] {encrypted} <alphanumeric string> Description Configures the value of the default SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies encryption, for use only by the switch when uploading or downloading a configuration.
Page 118
Commands for Managing the Switch History This command was first available in ExtremeWare 1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure snmp delete community configure snmp delete community configure snmp delete community [readonly | readwrite] {encrypted} [all | <alphanumeric string>] Description Deletes an SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies an encrypted option.
Page 120
Commands for Managing the Switch Example The following command deletes a read/write community string named extreme: configure snmp delete community readwrite extreme History This command was first available in ExtremeWare 2.0. Support for the parameter was discontinued in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
Commands for Managing the Switch configure snmp sysContact configure snmp syscontact <alphanumeric string> Description Configures the name of the system contact. Syntax Description alphanumeric string Specifies a system contact name. Default N/A. Usage Guidelines The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch.
configure snmp sysLocation configure snmp sysLocation configure snmp syslocation <alphanumeric string> Description Configures the location of the switch. Syntax Description alphanumeric string Specifies the switch location. Default N/A. Usage Guidelines Use this command to indicate the location of the switch. A maximum of 255 characters is allowed. To view the location of the switch on the switch, use the command.
Commands for Managing the Switch configure snmp sysName configure snmp sysname <alphanumeric string> Description Configures the name of the switch. Syntax Description alphanumeric string Specifies a device name. Default The default is the model name of the device (for example, sysname Summit1 Usage Guidelines...
Page 126
Commands for Managing the Switch • The default groups defined (permanent) are v1v2c_ro for security names snmpv1 and snmpv2c, v1v2c_rw for security names snmpv1 and snmpv2c, admin for security name admin, and initial for security names initial, initialmd5, initialsha, initialmd5Priv and initialshaPriv. •...
configure snmpv3 add community configure snmpv3 add community configure snmpv3 add community {hex} <community index> name {hex} <community name> user {hex} <user name> {tag {hex} <transport tag>} {volatile} Description Add an SNMPv3 community entry. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch configure snmpv3 add filter configure snmpv3 add filter {hex} <profile name> subtree <object identifier> {/<subtree mask>} type [included | excluded] {volatile} Description Add a filter to a filter profile. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
configure snmpv3 add filter-profile configure snmpv3 add filter-profile configure snmpv3 add filter-profile {hex} <profile name> param {hex} <param name> {volatile} Description Associate a filter profile with a parameter name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch configure snmpv3 add group user configure snmpv3 add group {hex} <group name> user {hex} <user name> {sec-model [snmpv1| snmpv2 | usm]} {volatile} Description Add a user name (security name) to a group. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 131
configure snmpv3 add group user History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch configure snmpv3 add mib-view configure snmpv3 add mib-view {hex} <view name> subtree <object identifier> {/<subtree mask>} {type [included | excluded]} {volatile} Description Add (and modify) a MIB view. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 133
configure snmpv3 add mib-view History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch configure snmpv3 add notify configure snmpv3 add notify {hex} <notify name> tag {hex} <tag> {volatile} Description Add an entry to the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
configure snmpv3 add target-addr configure snmpv3 add target-addr configure snmpv3 add target-addr {hex} <addr name> param {hex} <param name> ipaddress <ip address> {transport-port <port>} {from <source IP address>} {tag-list {hex} <tag>, {hex} <tag>, ...} {volatile} Description Add and configure an SNMPv3 target address and associate filtering, security, and notifications with that address.
Page 136
Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure snmpv3 add target-params configure snmpv3 add target-params configure snmpv3 add target-params {hex} <param name> user {hex} <user name> mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile} Description Add and configure SNMPv3 target parameters. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 138
Commands for Managing the Switch configure snmpv3 add target-params P1 user guest mp-model snmpv2c sec-model snmpv2c sec-level noauth History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure snmpv3 add user configure snmpv3 add user configure snmpv3 add user {hex} <user name> {authentication [md5 | sha] [hex <hex octet> | <password>]} {privacy [hex <hex octet> | <password>]} {volatile} Description Add (and modify) an SNMPv3 user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 140
Commands for Managing the Switch Use the following command to configure the user authMD5 to use authentication with the password palertyu:· configure snmpv3 add user authMD5 authentication md5 palertyu Use the following command to configure the user authSHApriv to use authentication with the hex key shown below, the privacy password palertyu, and storage:...
configure snmpv3 add user clone-from configure snmpv3 add user clone-from configure snmpv3 add user {hex} <user name> clone-from {hex} <user name> Description Create a new user by cloning from an existing SNMPv3 user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch configure snmpv3 delete access configure snmpv3 delete access [all-non-defaults | {{hex} <group name> {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv | priv]}}] Description Delete access rights for a group. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) security groups are to be deleted.
Page 143
configure snmpv3 delete access The following command deletes the group userGroup with the security model and security level snmpv1 of authentication and no privacy ( authnopriv configure snmpv3 delete access userGroup sec-model snmpv1 sec-level authnopriv History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
Commands for Managing the Switch configure snmpv3 delete community configure snmpv3 delete community [all-non-defaults | {{hex} <community index>} | {name {hex} <community name> }] Description Delete an SNMPv3 community entry. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
configure snmpv3 delete filter configure snmpv3 delete filter configure snmpv3 delete filter [all | [{hex} <profile name> {subtree <object identifier>}]] Description Delete a filter from a filter profile. Syntax Description Specifies all filters. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch configure snmpv3 delete filter-profile configure snmpv3 delete filter-profile [all |[{hex}<profile name> {param {hex}<param name>}]] Description Remove the association of a filter profile with a parameter name. Syntax Description Specifies all filter profiles. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
configure snmpv3 delete group user configure snmpv3 delete group user configure snmpv3 delete group {{hex} <group name>} user [all-non-defaults | {{hex} <user name> {sec-model [snmpv1|snmpv2c|usm]}}] Description Delete a user name (security name) from a group. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 148
Commands for Managing the Switch Use the following command to delete the user guest from the group userGroup with the security model configure snmpv3 delete group userGroup user guest History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
configure snmpv3 delete mib-view configure snmpv3 delete mib-view configure snmpv3 delete mib-view [all-non-defaults | {{hex} <view name> {subtree <object identifier>}}] Description Delete a MIB view. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) MIB views are to be deleted. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch configure snmpv3 delete notify configure snmpv3 delete notify [{{hex} <notify name>} | all-non-defaults] Description Delete an entry from the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
configure snmpv3 delete target-addr configure snmpv3 delete target-addr configure snmpv3 delete target-addr [{{hex} <addr name>} | all] Description Delete SNMPv3 target addresses. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. addr name Specifies a string identifier for the target address.
Commands for Managing the Switch configure snmpv3 delete target-params configure snmpv3 delete target-params [{{hex} <param name>} | all] Description Delete SNMPv3 target parameters. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
configure snmpv3 delete user configure snmpv3 delete user configure snmpv3 delete user [all-non-defaults | {hex} <user name>] Description Delete an existing SNMPv3 user. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) users are to be deleted. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch configure snmpv3 engine-boots configure snmpv3 engine-boots <(1-2147483647)> Description Configures the SNMPv3 Engine Boots value. Syntax Description (1-2147483647) Specifies the value of engine boots. Default N/A. Usage Guidelines Use this command if the Engine Boots value needs to be explicitly configured. Engine Boots and Engine Time will be reset to zero if the Engine ID is changed.
Use this command if the needs to be explicitly configured. The first four octets of the ID snmpEngineID are fixed to 80:00:07:7C,which represents Extreme Networks Vendor ID. Once the snmpEngineID changed, default users will be reverted back to their original passwords/keys, while non-default users will be reset to the security level of no authorization, no privacy.
Commands for Managing the Switch configure snmpv3 target-addr-ext configure snmpv3 target-addr-ext {hex} <addr name> mode [standard | enhanced] {ignore-mp-model} {ignore-event-community} Description Configure an entry in the extremeTargetAddrExtTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 157
configure snmpv3 target-addr-ext Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch configure sntp-client server configure sntp-client [primary | secondary] server <host name/ip>] Description Configures an NTP server for the switch to obtain time information. Syntax Description primary Specifies a primary server name. secondary Specifies a secondary server name. host name/ip Specifies a host name or IP address.
configure sntp-client update-interval configure sntp-client update-interval configure sntp-client update-interval <seconds> Description Configures the interval between polls for time information from SNTP servers. Syntax Description seconds Specifies an interval in seconds. Default 64 seconds. Usage Guidelines None. Example The following command configures the interval timer: configure sntp-client update-interval 30 History This command was first available in ExtremeWare 4.0.
Commands for Managing the Switch configure web login-timeout configure web login-timeout <seconds> Description Configures the timeout for user to enter username/password in the pop-up window. Syntax Description seconds Specifies an interval in seconds, where <seconds> can range from 30 seconds to 10 minutes (600 seconds). Default 30 seconds.
disable alt-queue-management disable alt-queue-management disable alt-queue-management Description Disables the Alternative Queue Management (Alt-Queue Management). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines The following command enables Alt-Queue Management: enable alt-queue-management To disable the Alt-Queue Management feature for the next boot, use the following command: disable alt-queue-management Example The following command disables Alt-Queue Management:...
Commands for Managing the Switch disable snmp access disable snmp access {snmp-v1v2c} Description Selectively disables SNMP on the switch. Syntax Description snmp-v1v2c Disables SNMPv1/v2c access only; does not affect SNMPv3 access. Default Enabled. Usage Guidelines Disabling SNMP access does not affect the SNMP configuration (for example, community strings). However, if you disable SNMP access, you will be unable to access the switch using SNMP.
disable snmp dot1dTpFdbTable disable snmp dot1dTpFdbTable disable snmp dot1dTpFdbTable Description Disables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SNMP Get responses are not affected by this command. To view the configuration of the dot1dTpFdb table on the switch, use the command.
Commands for Managing the Switch disable snmp traps disable snmp traps Description Prevents SNMP traps from being sent from the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines This command does not clear the SNMP trap receivers that have been configured. The command prevents SNMP traps from being sent from the switch even if trap receivers are configured.
disable snmp traps exceed-committed-rate ports disable snmp traps exceed-committed-rate ports disable snmp traps exceed-committed-rate ports <portlist> {<Ingress QOS Profile>} Description Prevents SNMP traps from being sent from the indicated ports on the switch. Syntax Description “3” portlist Specifies a list of series I/O module ports (in the form 2:*, 2:5, or 2:6-2:8).
Commands for Managing the Switch disable snmp traps port-up-down disable snmp traps port-up-down ports [all | mgmt | <portlist>] Description Prevents SNMP port up/down traps (also known as link up and link down traps) from being sent from the switch for the indicated ports. Syntax Description Specifies that no link up/down traps should be sent for all ports.
disable snmp traps mac-security disable snmp traps mac-security disable snmp traps mac-security Description Prevents SNMP mac-security traps from being sent from the switch for all ports. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the configure ports <portlist> limit-learning command. That command configures a limit on the number of MAC addresses that can be learned on a port(s).
Commands for Managing the Switch disable sntp-client disable sntp-client Description Disables the SNTP client. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server.
disable system-watchdog disable system-watchdog disable system-watchdog Description Disables the system watchdog timer. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to the system log.
Commands for Managing the Switch disable telnet disable telnet Description Disables Telnet services on the system. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines You must be logged in as an administrator to enable or disable Telnet. Example With administrator privilege, the following command disables Telnet services on the switch: disable telnet...
disable web disable web disable web Description Disables web access to the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines You can use this command to disable web access to the switch. If you are using ExtremeWare Vista for web access, you must create and configure an access profile before you can use this option.
Commands for Managing the Switch enable alt-queue-management enable alt-queue-management Description Enables the Alternative Queue Management (Alt-Queue Management). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Use this command to enable the Alt-Queue Management feature for the next boot. Configuring the feature does not affect the queue management of the current boot.
Page 173
enable alt-queue-management Use the following command to disable Alt-Queue Management: disable alt-queue-management Example The following command configures Alt-Queue Management: enable alt-queue-management History This command was available in ExtremeWare 7.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch enable dhcp ports vlan enable dhcp ports <portlist> vlan <vlan name> Description Enables DHCP on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which DHCP should be enabled. vlan_name Specifies the VLAN on whose ports DHCP should be enabled. Default N/A.
enable snmp access enable snmp access enable snmp access Description Turns on SNMP support for SNMPv3 and v1/v2c on the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address assigned to it.
Page 176
Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
enable snmp dot1dTpFdbTable enable snmp dot1dTpFdbTable enable snmp dot1dTpFdbTable Description Enables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SNMP Get responses are not affected by this command. To view the configuration of the dot1dTpFdb table on the switch, use the command.
Commands for Managing the Switch enable snmp traps enable snmp traps Description Turns on SNMP trap support. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines An authorized trap receiver can be one or more network management stations on your network. The switch sends SNMP traps to all trap receivers.
enable snmp traps exceed-committed-rate ports enable snmp traps exceed-committed-rate ports enable snmp traps exceed-committed-rate ports <portlist> {<Ingress QOS Profile>} Description Enables SNMP traps for the condition when ingress traffic has exceeded the configured committed-rate and is either being dropped, or is in danger of being dropped, on the indicated ports. Syntax Description “3”...
Page 180
Commands for Managing the Switch History This command was first available in ExtremeWare 7.2. Platform Availability This command is available on “3” series I/O modules only. ExtremeWare Software 7.3.0 Command Reference Guide...
enable snmp traps port-up-down enable snmp traps port-up-down enable snmp traps port-up-down ports [all | mgmt | <portlist>] Description Enables SNMP port up/down traps (also known as link up and link down traps) for the indicated ports. Syntax Description Specifies that link up/down traps should be sent for all ports. This does not include the management port which must be explicitly specified.
Commands for Managing the Switch enable snmp traps mac-security enable snmp traps mac-security Description Enables SNMP mac-security traps for all ports to be sent by the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the configure ports <portlist>...
enable sntp-client enable sntp-client enable sntp-client Description Enables the SNTP client. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server.
Commands for Managing the Switch enable system-watchdog enable system-watchdog Description Enables the system watchdog timer. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to the system log.
enable telnet enable telnet enable telnet {access-profile [<access_profile> | none]} {port <tcp_port_number>} Description Enables Telnet access to the switch. Syntax Description access profile Specifies an access profile. (6.0, 6.1) none Cancels a previously configured access profile. (6.0, 6.1) port Specifies a TCP port number. (6.0, 6.1) Default Telnet is enabled with no access profile and uses TCP port number 23.
Page 186
Commands for Managing the Switch History This command was first available in ExtremeWare 2.0. Support for the , and parameters was introduced in ExtremeWare 6.0. access profile none port Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
enable web enable web enable web {access-profile [<access_profile> | none]} {port <tcp_port_number>} Description Enables ExtremeWare Vista web access to the switch. Syntax Description access profile Specifies an access profile. (6.0, 6.1) none Cancels a previously configured access profile. (6.0, 6.1) port Specifies a TCP port number.
Commands for Managing the Switch exit exit Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: exit...
logout logout logout Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: logout...
Commands for Managing the Switch quit quit Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: quit...
show snmpv3 context show snmpv3 context show snmpv3 context Description Displays information about the SNMPv3 contexts on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: This command displays the entries in the View-based Access Control Model (VACM) context table (VACMContextTable).
Commands for Managing the Switch show snmpv3 engine-info show snmpv3 engine-info Description Displays information about the SNMPv3 engine on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: The following show engine-info output is displayed: •...
show management show management show management Description Displays the SNMP settings configured on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: The following show management output is displayed: • Enable/disable state for Telnet, SNMP, and web access •...
Commands for Managing the Switch show odometer show odometer Description Displays a counter for each component of a switch that shows how long it has been functioning since it was manufactured. Syntax Description This command has no arguments or variables. Default N/A.
Page 197
show odometer History This command was first available in ExtremeWare 6.2.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch show session show session Description Displays the currently active Telnet, console, and web sessions communicating with the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the username and IP address of the incoming Telnet session, show session whether a console session is currently active, and the login time.
Page 199
show session History This command was first available in ExtremeWare 2.0. Support for the CLI Auth command field definition was introduced in ExtremeWare 6.0. Support for the Auth command field definition was introduced in ExtremeWare 4.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch show snmpv3 access show snmpv3 access {{hex} <group name>} Description Displays SNMPv3 access rights. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. group name Specifies the name of the group to display.
show snmpv3 counters show snmpv3 counters show snmpv3 counters Description Displays SNMPv3 counters. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the following SNMPv3 counters: show snmpv3 counters • snmpUnknownSecurityModels • snmpInvalidMessages • snmpUnknownPDUHandlers •...
Commands for Managing the Switch show snmpv3 filter show snmpv3 filter {{hex} <profile name> {{subtree} <object identifier>} Description Display the filters that belong a filter profile. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
show snmpv3 filter-profile show snmpv3 filter-profile show snmpv3 filter-profile {{hex} <profile name>} {param {hex} <param name>} Description Display the association between parameter names and filter profiles. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch show snmpv3 group show snmpv3 group {{hex} <group name> {user {hex} <user name>}} Description Displays the user name (security name) and security model association with a group name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
show snmpv3 mib-view show snmpv3 mib-view show snmpv3 mib-view {{hex} <view name> {subtree <object identifier>}} Description Displays a MIB view. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. view name Specifies the name of the MIB view to display.
Commands for Managing the Switch show snmpv3 notify show snmpv3 notify {{hex} <notify name>} Description Display the notifications that are set. This command displays the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
show snmpv3 target-addr show snmpv3 target-addr show snmpv3 target-addr {{hex} <addr name>} Description Display information about SNMPv3 target addresses. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. addr name Specifies a string identifier for the target address.
Commands for Managing the Switch show snmpv3 target-addr-ext show snmpv3 target-addr-ext {hex} <addr name> Description Display information about SNMPv3 target addresses enhanced or standard mode. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
show snmpv3 target-params show snmpv3 target-params show snmpv3 target-params {{hex} <param name>} Description Display the information about the options associated with the parameter name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Commands for Managing the Switch show snmpv3 user show snmpv3 user {{hex} <user name>} Description Displays detailed information about the user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. user name Specifies the user name to display.
show sntp-client show sntp-client show sntp-client Description Displays the DNS configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Displays configuration and statistics information of SNTP client. Example The following command displays the DNS configuration: show sntp-client Following is the output from this command: SNTP client is enabled...
Page 212
Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show vlan dhcp-address-allocation show vlan dhcp-address-allocation show vlan <vlan name> dhcp-address-allocation Description Displays DHCP address allocation information about VLANs. Syntax Description vlan name Specifies a VLAN name. Default Summary information for all VLANs on the device. Usage Guidelines Display the IP address, MAC address, and time assigned to each end device. Example The following command displays DHCP address allocation information about VLAN vlan1: show vlan vlan1 dhcp-address-allocation...
Commands for Managing the Switch show vlan dhcp-config show vlan <vlan-name> dhcp-config Description Displays the DHCP configuration for a specified VLAN. Syntax Description vlan-name Specifies the name of the VLAN for which the DHCP configuration is to be displayed. If no VLAN name is specified, summary configuration information is shown for all VLANs on the device.
Page 215
show vlan dhcp-config Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch telnet telnet [<ipaddress> | <hostname>] {<port_number>} Description Allows you to Telnet from the current command-line interface session to another host. Syntax Description ipaddress Specifies the IP address of the host. hostname Specifies the name of the host. (4.x and higher) port_number Specifies a TCP port number.
Page 217
telnet History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.x to support the hostname port number parameters. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Managing the Switch unconfigure management unconfigure management Description Restores default values to all SNMP-related entries. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command restores default values to all SNMP-related entries on the switch: unconfigure management History This command was first available in ExtremeWare 2.0.
Commands for Configuring Slots and Ports on a Switch This chapter describes: • Commands related to enabling, disabling, and configuring individual ports • Commands related to configuring port speed (Fast Ethernet ports only) and half- or full-duplex mode • Commands related to creating load-sharing groups on multiple ports •...
Page 220
Commands for Configuring Slots and Ports on a Switch Load sharing is most useful in cases where the traffic transmitted from the switch to the load-sharing group is sourced from an equal or greater number of ports on the switch. For example, traffic transmitted to a two-port load-sharing group should originate from a minimum of two other ports on the same switch.
clear slot clear slot clear slot <slot> Description Clears a slot of a previously assigned module type. Syntax Description slot Specifies a modular switch slot number. Default N/A. Usage Guidelines All configuration information related to the slot and the ports on the module is erased. If a module is present when you issue this command, the module is reset to default settings.
Commands for Configuring Slots and Ports on a Switch configure backplane-ls-policy configure backplane-ls-policy [address-based | port-based | round-robin] Description Selects a load-sharing policy for the backplane on a BlackDiamond switch. Syntax Description address-based Specifies address-based algorithm. port-based Specifies port-based algorithm. round-robin Specifies round-robin algorithm.
configure ip-mtu vlan configure ip-mtu vlan configure ip-mtu <number> vlan <vlan name> Description Sets the maximum transmission unit (MTU) for the VLAN. Syntax Description IP MTU number Specifies the value. Range is from 1500 to 9194. vlan name Specifies a VLAN name. Default The default IP MTU size is 1500.
Page 224
Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure jumbo-frame size configure jumbo-frame size configure jumbo-frame size <number> Description Sets the maximum jumbo frame size for the switch chassis. Syntax Description number Specifies a maximum transmission unit (MTU) size for a jumbo frame. Default The default setting is 9216. Usage Guidelines Jumbo frames are used between endstations that support larger frame sizes for more efficient transfers of bulk data.
Page 226
Commands for Configuring Slots and Ports on a Switch configure jumbo-frame size 5500 History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure mirroring add configure mirroring add configure mirroring add [<mac_address> | vlan <vlan name> {ports <port number>} | ports <portnumber> {vlan <vlan name>}] Description Adds a particular mirroring filter definition on the switch. Syntax Description mac_address Specifies a MAC address. (Supported in versions 2.0 - 4x only) vlan name Specifies a VLAN name.
Page 228
Commands for Configuring Slots and Ports on a Switch For MAC mirroring to work correctly, the MAC address must already be present in the forwarding database (FDB). You need to enable and configure FDB for MAC mirroring to work correctly. See “FDB Commands”...
Commands for Configuring Slots and Ports on a Switch configure msm-failover link-action configure msm-failover link-action [keep-links-up {preserve-state [l2 | l2_l3]} | take-links-down] Description Configures external port response when MSM failover occurs. Syntax Description keep-links-up Configures the external ports to not be reset when MSM failover occurs. This option is available on the “i”...
Page 231
configure msm-failover link-action Example The following command prevents external ports from being reset when an MSM failover occurs: configure msm-failover link-action keep-links-up History This command was first available in ExtremeWare 6.2.2. This command was modified to add the preserve-state option in ExtremeWare 7.1.1. Platform Availability This command is available on the BlackDiamond switch only.
Commands for Configuring Slots and Ports on a Switch configure msm-failover slave-config configure msm-failover slave-config [inherited | flash] Description Configures the slave MSM-3 to inherit the software configuration from the master MSM-3. Syntax Description inherited Specifies that the slave MSM-3 inherits the software configuration maintained by the current master MSM-3 (this supports hitless failover).
configure msm-failover timeout configure msm-failover timeout configure msm-failover timeout <time> Description Configures the failover timer. Syntax Description time Specifies the failover time. By default, the failover time is 60 seconds, and the range is 30 to 300 seconds. Default 60 seconds. Usage Guidelines For switch management functions to hitlessly transition between the master and the slave, timer expiration is required.
Commands for Configuring Slots and Ports on a Switch configure port aggregate-bandwidth percent configure port <portnumber> aggregate-bandwidth percent <bandwidth> Description Controls the egress bandwidth of a particular port by restricting it to the specified percentage. Syntax Description portnumber Specifies a port or slot and port. bandwidth Specifies a percentage number (1-99) of restricted aggregate bandwidth.
configure ports configure ports configure ports [<portlist> vlan <vlan name> | all] [limit-learning <number> | lock-learning | unlimited-learning | unlock-learning] Description Configures virtual ports for limited or locked MAC address learning. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 236
Commands for Configuring Slots and Ports on a Switch • Broadcast traffic • EDP traffic Traffic from the permanent MAC and any other non-blackholed MACs will still flow from the virtual port. If you configure a MAC address limit on VLANS that have ESRP enabled, you should add an additional back-to-back link (that has no MAC address limit on these ports) between the ESRP-enabled switches.
Page 237
configure ports History This command was first available in ExtremeWare 6.2.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Configuring Slots and Ports on a Switch configure ports auto off configure ports [<portlist> | all | mgmt] auto off {speed [10 | 100 | 1000]} duplex [half | full] Description Manually configures port speed and duplex setting configuration on one or more ports on a switch. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 239
configure ports auto off For version 6.1: • The parameter specifies all ports on the switch. • The parameter specifies 1000 Mbps ports. 1000 Example The following example turns autonegotiation off for port 4 (a Gigabit Ethernet port) on a stand-alone switch: configure ports 4 auto off duplex full The following example turns autonegotiation off for slot 2, port 1 on a modular switch:...
Commands for Configuring Slots and Ports on a Switch configure ports auto on configure ports [<portlist> | mgmt | all] auto on Description Enables autonegotiation for the particular port type. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 241
configure ports auto on History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 6.1 to support the parameter. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Configuring Slots and Ports on a Switch configure ports auto-polarity configure ports [<portlist> | all] auto-polarity [off | on] Description Configures the autopolarity detection feature on the specified Ethernet ports. Syntax Description portlist Specifies one or more ports on the switch. May be in the form 1, 2, 3-5. Specifies all of the ports on the switch.
configure ports display-string configure ports display-string configure ports [<portlist> | mgmt] display-string <alphanumeric string> Description Configures a user-defined string for a port or group of ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
10 Gigabit Ethernet interfaces drop packets when packets are transmitted using a value of 12. Thus, by increasing the Interpacket Gap, packet transmission is slowed and packet loss can be minimized or prevented. The Interpacket Gap value need not be modified when interconnecting Extreme Networks switches over 10 Gigabit Ethernet links.
configure ports link-detection-level configure ports link-detection-level configure ports <portlist> link-detection-level <link-detection-level> Description Configures the link detection level. Syntax Description portlist Specifies one or more primary ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers. May be in the form 1, 2, 3-5, 2:*, 2:5, 2:6-2:8.
Commands for Configuring Slots and Ports on a Switch configure ports redundant configure ports [<portlist> | <portid>] redundant [<portlist> | <portid>] Description Configures a software-controlled redundant port. Syntax Description portlist Specifies one or more primary ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 247
configure ports redundant • Software redundant ports are not supported on 1000BASE-T ports. Software redundant port only cover failures where both the TX and RX paths fail. If a single strand of fiber is pulled, the software redundant port cannot correctly recover from the failure. Example The following command configures a software-controlled redundant port on a stand-alone switch: configure ports 3 redundant 4...
Commands for Configuring Slots and Ports on a Switch configure ports vdsl configure ports <portlist> vdsl [5meg | 10meg | etsi] Description Configures VDSL ports. Syntax Description portlist Specifies one or more slots and ports. Can specify a list of slots and ports, and may be in the form 2:*, 2:5, 2:6-2:8.
configure sharing address-based configure sharing address-based configure sharing address-based [L2 | L2_L3 | L2_L3_L4] Description Configures the part of the packet examined by the switch when selecting the egress port for transmitting load-sharing data. Syntax Description Indicates that the switch should examine the MAC source and destination address.
Commands for Configuring Slots and Ports on a Switch configure slot configure slot <slot> module <module name> Description Configures a slot for a particular I/O module card in a modular switch. Syntax Description slot Specifies the slot number. module name Specifies the type of module for which the slot should be configured.
Page 251
configure slot wm4t1—Specifies a T1 WAN module. (6.1 or later) wm4e1—Specifies an E1 WAN module. wm1t3—Specifies a T3 WAN module. Default If a slot has not been configured for a particular type of I/O module, then any type of module is accepted in that slot, and a default port and VLAN configuration is automatically generated.
Page 252
Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on modular switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
Numerical Ranges” or “Stand-alone Switch Numerical Ranges” in Chapter 1. You can use the command to disable EDP on one or more ports when you no disable edp ports longer need to locate neighbor Extreme Networks switches. For version 6.1: • The parameter specifies all ports on the switch.
Page 254
Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was modified in ExtremeWare 6.1 to support the parameter. Platform Availability This command is available on all platforms.
disable flooding ports disable flooding ports disable flooding ports <portlist> Description Disables packet flooding on one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Commands for Configuring Slots and Ports on a Switch disable jumbo-frame ports disable jumbo-frame ports [<portlist> | all] Description Disables jumbo frame support on a port. For PoS modules, this command applies to PoS ports when disabling jumbo-frame support changes the negotiated maximum receive unit (MRU) size.
disable lbdetect port disable lbdetect port disable lbdetect port <portlist> Description Disables the detection of loops between ports. Syntax Description portlist Specifies one or more ports or slots and ports to be grouped to the master port. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Commands for Configuring Slots and Ports on a Switch disable learning ports disable learning ports <portlist> Description Disables MAC address learning on one or more ports for security purposes. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 259
disable learning ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Configuring Slots and Ports on a Switch disable mirroring disable mirroring Description Disables port-mirroring. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines Use the command to stop configured copied traffic associated with one or more disable mirroring ports.
disable ports disable ports disable ports [<portlist> | all] Description Disables one or more ports on the switch. For PoS modules, brings down the PPP link on the specified port and changes the port status LED to blinking green. Syntax Description portlist Specifies one or more ports or slots and ports.
Commands for Configuring Slots and Ports on a Switch disable sharing disable sharing [<port>] Description Disables a load-sharing group of ports. Syntax Description port Specifies the master port of a load-sharing group. On a modular switch, is a combination of the slot and port number, in the format <slot>:<port>. Default Disabled.
disable slot disable slot disable slot [<slot number> | all] Description Disables one or all slots on a BlackDiamond or Alpine switch, and leaves the blade in a power down state. Syntax Description slot number Specifies the slot to be disabled. Species that all slots in the device should be disabled.
For a detailed explanation of port specification, see “Modular Switch Numerical Ranges” or “Stand-alone Switch Numerical Ranges” in Chapter 1. Use with Extreme Networks switches that support privacy and backup uplinks. When smartredundancy is disabled, the switch changes the active link only when the current active link becomes inoperable.
EDP is useful when Extreme Networks switches are attached to a port. The EDP is used to locate neighbor Extreme Networks switches and exchange information about switch configuration. When running on a normal switch port, EDP is used to by the switches to exchange topology information with each other.
Page 266
Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
enable flooding ports enable flooding ports enable flooding ports <portlist> Description Enables packet flooding on one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Commands for Configuring Slots and Ports on a Switch enable jumbo-frame ports enable jumbo-frame ports [<portlist> | all] Description Enables support on the physical ports that will carry jumbo frames. For PoS modules, enables jumbo-frame support to specific PoS ports when jumbo-frame support changes the negotiated maximum receive unit (MRU) size.
enable lbdetect port enable lbdetect port enable lbdetect port <portlist> [retry-timeout<seconds>] Description Enables the system to detect loops between ports. If a port is looped, it disables the port. Every N seconds, it re-enables the port and tries again, unless “none” is specified Syntax Description portlist Specifies one or more ports or slots and ports to be grouped to the master...
Commands for Configuring Slots and Ports on a Switch enable learning ports enable learning ports <portlist> Description Enables MAC address learning on one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
enable mirroring to port enable mirroring to port enable mirroring to port [<port>] [tagged | untagged] Description Dedicates a port on the switch to be the mirror output port. Syntax Description port Specifies the port to be the mirror output port. tagged Configures the port as tagged.
Page 272
Commands for Configuring Slots and Ports on a Switch Example The following example selects port 3 as a tagged mirror port on a stand-alone switch: enable mirroring to port 3 tagged The following example selects slot 1, port 3 as the mirror port on a modular switch: enable mirroring to port 1:3 History This command was first available in ExtremeWare 2.0.
enable ports enable ports enable ports [<portlist> | all] Description Enables a port. For PoS modules, enables the PPP link on the specified port, and changes the port status LED to solid green (if no other problems exist). Syntax Description portlist Specifies one or more ports or slots and ports.
Load sharing must be enabled on both ends of the link, or a network loop will result. While LACP is based on industry standard, this feature is supported between Extreme Networks switches only. However, it may be compatible with third-party “trunking” or sharing algorithms. Check with an Extreme Networks technical representative for more information.
Page 275
Additionally, you can choose the load-sharing algorithm used by the group. This feature is supported between Extreme Networks switches only, but may be compatible with third-party trunking or link-aggregation algorithms.
Page 276
Commands for Configuring Slots and Ports on a Switch enable sharing 9 grouping 9-12 The following example defines a load-sharing group that contains ports 9 through 12 on slot 3, ports 7 through 10 on slot 5, and uses the first port on slot 3 as the master logical port 9 on a modular switch: enable sharing 3:9 grouping 3:9-3:12, 5:7-5:10 In this example, logical port 3:9 represents physical ports 3:9 through 3:12 and 5:7 through 5:10.
enable slot enable slot enable slot [<slot number> | all] Description Enables one or all slots on a BlackDiamond or Alpine switch. Syntax Description slot number Specifies the slot to be enabled. Species that all slots in the device should be enabled. Default Enabled.
Commands for Configuring Slots and Ports on a Switch enable smartredundancy enable smartredundancy <portlist> Description Enables the Smart Redundancy feature on the redundant Gigabit Ethernet port. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
restart ports restart ports restart ports [<portlist> Description Resets autonegotiation for one or more ports by resetting the physical link. For PoS modules, causes the PPP link to be renegotiated. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Commands for Configuring Slots and Ports on a Switch run msm-failover run msm-failover Description Causes a user-specified MSM failover. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command causes a user-specified MSM failover: run msm-failover History This command was first available in ExtremeWare 6.2.2.
This is most effective show edp with Extreme Networks switches. Example The following command displays the connectivity and configuration of neighboring Extreme Networks switches: show edp Following is the output from this command:...
Page 282
Commands for Configuring Slots and Ports on a Switch Remote-Vlans: Mgmt(4094, 10.45.208.226) Default(1) MacVlanDiscover(0) History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show mirroring show mirroring show mirroring Description Displays the port-mirroring configuration on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines You must configure mirroring on the switch to display mirroring statistics. Use the show mirroring command to configure mirroring.
— ready—The subsystem has received its state download. In the ready state, it may receive updates to its internal states. — failed—The subsystem encountered a failure. To clear the failure, reboot the slave MSM. — unknown—If this state is displayed, contact Extreme Networks ® Technical Support.
Page 285
show msm-failover After a reboot or insertion of a slave MSM-3, use this command to ensure that the slave is ready before initiating a hitless failover. History This command was first available in ExtremeWare 7.1.1. Platform Availability This command is available on the BlackDiamond switch only. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Configuring Slots and Ports on a Switch show ports collisions show ports {mgmt | <portlist>} collisions Description Displays real-time collision statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 287
show ports collisions ============================================================================== Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback 0->Clear Counters U->page up D->page down ESC->exit History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms.
Commands for Configuring Slots and Ports on a Switch show ports configuration show ports {mgmt | <portlist>} configuration Description Displays port configuration statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 289
show ports configuration Following is the output from this command: Port Configuration Monitor Thu Oct 24 16:22:08 2002 Port Port Link Auto Speed Duplex Flow Ld Share Media State Status Neg Cfg Actual Cfg Actual Ctrl Master Pri ENABLED R AUTO 1000 AUTO FULL NONE...
Commands for Configuring Slots and Ports on a Switch show ports info show ports {mgmt | <portlist>} info {detail} Description Displays detailed system-related information. For PoS modules, displays port information that includes new DiffServ and RED configuration parameters. “3” series modules, if you specify the keyword, the output displays the flow control state detail and the ingress QoS profile, ingress IPTOS replacement, and egress rate limiting configurations.
Page 291
show ports info — QoS profiles If you do not specify a port number or range of ports, detailed system-related information is displayed for all ports. The data is displayed in a table format. On a modular switch, can be a list of slots and ports. On a stand-alone switch, <portlist>...
Page 292
Commands for Configuring Slots and Ports on a Switch Flags: (a) Load Sharing Algorithm address-based, (d) DLCS Enabled (D) Port Disabled, (dy) Dynamic Load Sharing (e) Extreme Discovery Protocol Enabled, (E) Port Enabled (f) Flooding Enabled, (g) Egress TOS Enabled, (G) SLB GoGo Mode (h) Hardware Redundant Phy, (j) Jumbo Frame Enabled (l) Load Sharing Enabled, (m) MAC Learning Enabled (n) Ingress TOS Enabled, (o) Dot1p Vlan Priority Replacement Enabled...
Commands for Configuring Slots and Ports on a Switch show ports packet show ports {mgmt | <portlist>} packet Description Displays a histogram of packet statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 295
show ports packet =============================================================================== Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback 0->Clear Counters U->page up D->page down ESC->exit History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms.
Commands for Configuring Slots and Ports on a Switch show ports sharing show ports <portlist> sharing Description Displays port loadsharing groups. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 297
show ports sharing Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Configuring Slots and Ports on a Switch show ports utilization show ports {mgmt | <portlist>} utilization Description Displays real-time port utilization information. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 299
show ports utilization The following examples show the output from the show ports utilization command for all ports on the switch. The three displays show the information presented when you use the spacebar to toggle through the display types. The first display shows utilization in terms of packets: Link Utilization Averages Wed Jan 23 21:29:45 2002 Port...
Page 300
Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show ports vlan info show ports vlan info show ports <portlist> vlan info Description Displays port VLAN information. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 302
Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show sharing address-based show sharing address-based show sharing address-based Description Displays the address-based load sharing configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This feature is available using the address-based load-sharing algorithm only. The address-based load-sharing algorithm uses addressing information to determine which physical port in the load-sharing group to use for forwarding traffic out of the switch.
Commands for Configuring Slots and Ports on a Switch show slot show slot <slot number> Description Displays the slot-specific information. For ARM, ATM, MPLS, PoS, and WAN modules, displays information that includes data about the software images loaded on the module, as well as status information on the module’s processors. Syntax Description slot number Specifies a slot on a modular switch.
Page 305
show slot As the module progresses through its initialization, the command displays the show slot <slot> general purpose processor (GPP) subsystem change state to OPERATIONAL, and then each of the network processors will change state to OPERATIONAL. When the GPP subsystem completes its initialization cycle and the subsystem state is OPERATIONAL, use the command to check the results of the show diagnostics {<slot>}...
Page 306
Commands for Configuring Slots and Ports on a Switch Link Active: Link Down: 01 02 03 04 05 06 07 08 09 10 11 12 Slot 4 information: State: Operational Network Processor 1 : Operational Network Processor 2 : Operational General Purpose Proc: Operational Serial number: 701039-04-0128F07843...
Page 307
show slot Configured Type: Not configured Slot 8 information: State: Empty HW Module Type: Empty Configured Type: Not configured History This command was first available in ExtremeWare 4.0. This command was modified in ExtremeWare 6.1 to support PoS modules. This command was modified in ExtremeWare 7.0.0 to support WAN modules. Platform Availability This command is available on modular switches only.
Commands for Configuring Slots and Ports on a Switch unconfigure msm-failover unconfigure msm-failover Description Disables hitless failover. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines The following occurs after you execute this command: • The external ports are reset when an MSM failover occurs •...
unconfigure port aggregate-bandwidth unconfigure port aggregate-bandwidth unconfigure port <portnumber> aggregate-bandwidth Description Restores the egress bandwidth of a particular port to 100%. Syntax Description portnumber Specifies a port or slot and port. Default None. Usage Guidelines None. Example The following command restores the egress bandwidth of port 3 on slot 1 to 100%. unconfigure port 1:3 aggregate-bandwidth History This command was first available in ExtremeWare 7.3.0...
Commands for Configuring Slots and Ports on a Switch unconfigure ports display string unconfigure ports <portlist> display-string Description Clears the user-defined display string from one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
unconfigure ports redundant unconfigure ports redundant unconfigure ports [<portlist> | <port id>] redundant Description Clears a previously configured software-controlled redundant port. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Commands for Configuring Slots and Ports on a Switch unconfigure slot unconfigure slot <slot number> Description Clears a slot of a previously assigned module type. Syntax Description slot number Specifies a slot on a modular switch. Default N/A. Usage Guidelines None.
VLAN Commands This chapter describes the following commands: • Commands for creating and deleting VLANs and performing basic VLAN configuration • Commands for defining protocol filters for use with VLANs • Commands for enabling or disabling the use of Generic VLAN Registration Protocol (GVRP) information on a switch and its ports VLANs can be created according to the following criteria: •...
Use this command if you need to communicate with a switch that supports 802.1Q, but uses an Ethertype value other than 8100. This feature is useful for VMAN tunneling. Extreme Networks recommends the use of IEEE registered ethertype 0x88a8 for deploying vMANs.
configure gvrp configure gvrp configure gvrp {listen | send | both | none} port <portlist> Description Configures the sending and receiving of Generic VLAN Registration Protocol (GVRP) information on a port. Syntax Description listen Enables the receipt of GVRP packets on the specified port(s). send Enables sending of GVRP packets on the specified port(s).
Page 316
VLAN Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure mac-vlan add mac-address configure mac-vlan add mac-address configure mac-vlan add mac-address [any | <mac_address>] mac-group [any | <group_number>] vlan <vlan name> Description Adds a MAC address as a potential member of a MAC-based VLAN. Syntax Description mac_address The MAC address to be added to the specified VLAN. Specified in the form nn:nn:nn:nn:nn:nn.
Page 318
VLAN Commands History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure mac-vlan delete configure mac-vlan delete configure mac-vlan delete [all | mac-address [<mac_address> | any]] Description Removes a MAC address from any MAC-based VLANs with which it was associated. Syntax Description Indicates that all MAC addresses should be removed from all VLANs. mac_address The MAC address to be removed.
VLAN Commands configure ports monitor vlan configure ports <portlist> monitor vlan <vlan name> Description Configures VLAN statistic monitoring on a per-port basis. Syntax Description portlist Specifies one or more ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. vlan name Specifies a VLAN name.
configure vlan add member-vlan configure vlan add member-vlan configure vlan <translation vlan name> add member-vlan <vlan name> Description Adds a member VLAN to a translation VLAN. Syntax Description translation vlan name Specifies a translation VLAN. vlan name Specifies a VLAN to add to the translation VLAN. Default N/A.
VLAN Commands configure vlan add ports configure vlan <vlan name> add ports <portlist> {tagged | untagged} {nobroadcast} {soft-rate-limit} Description Adds one or more ports in a VLAN. Syntax Description vlan name Specifies a VLAN name. portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 325
configure vlan add ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
VLAN Commands configure vlan add ports loopback-vid configure vlan <vlan name> add ports <portlist> loopback-vid <vlan-id> Description Adds a loopback port to a VLAN. Syntax Description vlan name Specifies a VLAN name. port Specifies a loopback port for the VLAN. vlan-id Specifies a unique loopback VLAN tag.
configure vlan add secondary-ip configure vlan add secondary-ip configure vlan <vlan-name> add secondary-ip <sec-ip-address> {<sec-ip-mask> | <mask-length>} Description Configures the secondary IP address for the selected VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be configured. add-secondary-ip Specifies that the secondary IP address is to be configured.
Page 328
VLAN Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure vlan delete member-vlan configure vlan delete member-vlan configure vlan <translation vlan name> delete member-vlan [<vlan name> | all] Description Deletes a member VLAN from a translation VLAN. Syntax Description translation vlan name Specifies a translation VLAN. vlan name Specifies a VLAN to add to the translation VLAN. Default N/A.
VLAN Commands configure vlan delete port configure vlan <vlan name> delete port <portlist> Description Deletes one or more ports in a VLAN. Syntax Description vlan name Specifies a VLAN name. portlist A list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
configure vlan delete secondary-ip configure vlan delete secondary-ip configure vlan <vlan-name> delete secondary-ip {<sec-ip-address> | all} Description Deletes a secondary IP address from the specified VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be configured. delete secondary-ip Specifies that a secondary IP address is to be deleted.
VLAN Commands configure vlan ipaddress configure vlan <vlan name> ipaddress <ipaddress> {<netmask> | <mask length>} Description Assigns an IP address and an optional subnet mask to the VLAN. Syntax Description vlan name Specifies a VLAN name. ipaddress Specifies an IP address. netmask Specifies a subnet mask in dotted-quad notation (e.g.
configure vlan name configure vlan name configure vlan <old_name> name <new_name> Description Renames a previously configured VLAN. Syntax Description old_name Specifies the current (old) VLAN name. new_name Specifies a new name for the VLAN. Default N/A. Usage Guidelines You cannot change the name of the default VLAN “Default” Example The following command renames VLAN vlan1 to engineering: configure vlan vlan1 name engineering...
VLAN Commands configure vlan protocol configure vlan <vlan name> protocol [<protocol_name> | any] Description Configures a VLAN to use a specific protocol filter. Syntax Description vlan name Specifies a VLAN name. protocol_name Specifies a protocol filter name. This can be the name of a predefined protocol filter, or one you have defined.
configure vlan tag configure vlan tag configure vlan <vlan name> tag <vlan tag> Description Assigns a unique 802.1Q tag to the VLAN. Syntax Description vlan name Specifies a VLAN name. vlan tag Specifies a value to use as an 802.1Q tag. The valid range is from 2 to 4,095. Default The default VLAN uses an 802.1Q tag (and an internal VLANid) of 1.
VLAN Commands create protocol create protocol <protocol_name> Description Creates a user-defined protocol filter. Syntax Description protocol_name Specifies a protocol filter name. The protocol filter name can have a maximum of 31 characters. Usage Guidelines Protocol-based VLANs enable you to define packet filters that the switch can use as the matching criteria to determine if a particular packet belongs to a particular VLAN.
create vlan create vlan create vlan <vlan name> Description Creates a named VLAN. Syntax Description vlan name Specifies a VLAN name (up to 32 characters). Default A VLAN named Default exists on all new or initialized Extreme switches: • It initially contains all ports on a new or initialized switch, except for the management port(s), if there are any.
Page 338
VLAN Commands Example The following command creates a VLAN named accounting: create vlan accounting History This command was first available in ExtremeWare 1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
delete protocol delete protocol delete protocol <protocol_name> Description Deletes a user-defined protocol. Syntax Description protocol_name Specifies a protocol name. Default N/A. Usage Guidelines If you delete a protocol that is in use by a VLAN, the protocol associated with than VLAN will become “None.”...
VLAN Commands delete vlan delete vlan <vlan name> Description Deletes a VLAN. Syntax Description vlan name Specifies a VLAN name. Default N/A. Usage Guidelines If you delete a VLAN that has untagged port members, and you want those ports to be returned to the default VLAN, you must add them back explicitly using the command.
disable gvrp disable gvrp disable gvrp Description Disables the Generic VLAN Registration Protocol (GVRP). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command globally disables GVRP functionality on the switch. It does not change the GVRP configuration of individual ports, but GVRP will no longer function on these ports.
VLAN Commands disable mac-vlan port disable mac-vlan port <portlist> Description Disables a port from using the MAC-based VLAN algorithm. Syntax Description portlist A list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
enable gvrp enable gvrp enable gvrp Description Enables the Generic VLAN Registration Protocol (GVRP). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines The GVRP protocol allows switches to automatically discover some of the VLAN information that would otherwise have to be manually configured in each switch.
VLAN Commands enable mac-vlan mac-group port enable mac-vlan mac-group [any | <group_number>] port <portlist> Description Enables a port to use the MAC-based VLAN algorithm. Syntax Description group_number A group number that should be associated with a specific set of ports. Specified as an integer.
show gvrp show gvrp show gvrp Description Displays the current configuration and status of GVRP. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines GVRP is not supported in ExtremeWare version 6.1 or later. Example The following shows results of this command: GVRP running (866422): JoinTime 20 LeaveTime 200...
VLAN Commands show mac-vlan show mac-vlan {configuration | database} Description Displays the MAC-based VLAN configuration and MAC address database content. Syntax Description configuration Specifies display of the MAC-based VLAN configuration only. database Specifies display of the MAC address database content only. Default Shows both configuration and database information.
show protocol show protocol show protocol {<protocol>} Description Displays protocol filter definitions. Syntax Description protocol Specifies a protocol filter name. Default Displays all protocol filters. Usage Guidelines Displays the defined protocol filter(s) with the types and values of its component protocols. Example The following is an example of the command:...
VLAN Commands show vlan show vlan {<vlan name> | detail | stats {vlan} <vlan-name>} Description Displays configuration information about specified VLANs. Syntax Description vlan-name Specifies the name of the VLAN whose configuration is to be displayed. detail Specifies that detailed information should be displayed for each VLAN. stats Specifies a real-time display of utilization statistics (packets transmitted and received) for a specific VLAN.
Page 349
show vlan Example The following is an example of the command: show vlan MSM64:1 # show vlan Name Protocol Addr Flags Proto Ports Default 0.0.0.0 /BP -----T-------- ANY MacVlanDiscover 4095 ------------------ ------ Mgmt 4094 10.5.4.80 /24 -------------- ANY 4093 192.168.11.1 /24 ------f------- ANY 4092 192.168.12.1 /24 ------f------- ANY...
Page 350
VLAN Commands Priority: 802.1P Priority 7 10.222.0.2/255.255.255.0 STPD: s0(Disabled,Auto-bind) Protocol: Match all unfiltered protocols. Loopback: Disable RateShape: Disable QosProfile:QP1 QosIngress:IQP1 Ports: (Number of active ports=4) Flags: * - Active, ! - Disabled B - BcastDisabled, R - RateLimited, L - Loopback (g) Load Share Group, (c) Cross Module Trunk Untag: *1:25...
unconfigure ports monitor vlan unconfigure ports monitor vlan unconfigure ports <portlist> monitor vlan <vlan name> Description Removes port-based VLAN monitoring. Syntax Description portlist Specifies one or more ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. vlan name Specifies a VLAN name.
VLAN Commands unconfigure vlan ipaddress unconfigure vlan <vlan name> ipaddress Description Removes the primary IP address of a VLAN. Syntax Description vlan-name Specifies the name of the VLAN for which the primary IP address is to be unconfigured. ip-address Specifies that the VLAN primary IP address is to be cleared. Default N/A.
FDB Commands This chapter describes commands for: • Configuring FDB entries • Displaying FDB entries • Configuring and enabling FDB scanning The switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered. Each FDB entry consists of the MAC address of the device, an identifier for the port on which it was received, and an identifier for the VLAN to which the device belongs.
FDB Commands clear fdb clear fdb {<mac_address> | blackhole | ports <portlist> | remap | vlan <vlan name>} Description Clears dynamic FDB entries that match the filter. Syntax Description mac_address Specifies a MAC address, using colon-separated bytes. blackhole Specifies the blackhole entries. portlist Specifies one or more ports.
Page 355
clear fdb The following command clears any FDB entries associated with VLAN corporate: clear fdb vlan corporate The following command clears all questionable and remapped entries from the FDB: clear fdb remap History This command was available in ExtremeWare 2.0. The command was modified in ExtremeWare 6.2.1 to support the broadcast-mac keyword and to support clearing locked-static entries.
FDB Commands configure fdb agingtime configure fdb agingtime <seconds> Description Configures the FDB aging time for dynamic entries. Syntax Description seconds Specifies the aging time in seconds. Range is 15 through 1,000,000. A value of 0 indicates that the entry should never be aged out. Default 300 seconds.
configure fdb-scan failure-action configure fdb-scan failure-action configure fdb-scan failure-action [log | sys-health-check] Description Configures the action the switch takes if too many failures are detected within the specified FDB scan period. Syntax Description Specifies that messages are sent to the syslog. sys-health-check Specifies the configured system health check action is taken.
Page 358
FDB Commands This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Do you wish to do this? (yes, no, cancel) 06/19/2003 10:29.28 <INFO:SYST> serial admin: configure fdb-scan period 1 Extreme Networks recommends an interval period of at least 15 seconds. This setting is independent of and does not affect the system health check configurations.
FDB Commands create fdbentry vlan blackhole create fdbentry <mac_address> vlan <vlan name> blackhole {source-mac | dest-mac | both} Description Creates a blackhole FDB entry. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes. vlan name Specifies a VLAN name associated with a MAC address. blackhole Configures the MAC address as a blackhole entry.
Page 361
create fdbentry vlan blackhole Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
FDB Commands create fdbentry vlan dynamic create fdbentry [<mac_address> | broadcast-mac | any-mac] vlan <vlan name> dynamic [qosprofile <qosprofile> {ingress-qosprofile <inqosprofile>} | ingress-qosprofile <inqosprofile> {qosprofile <qosprofile>}] Description Creates a permanent dynamic FDB entry, and associates it with an ingress and/or egress QoS profile. Syntax Description mac_address Specifies a device MAC address, using colon separated bytes.
Page 363
create fdbentry vlan dynamic • A port goes down (link down). Using the keyword, you can enable traffic from a QoS VLAN to have higher priority than any-mac 802.1p traffic. Normally, an 802.1p packet has a higher priority over the VLAN classification. To use this feature, you must create a wildcard permanent FDB entry named and apply the QoS profile to any-mac...
FDB Commands create fdbentry vlan ports create fdbentry <mac_address> vlan <vlan name> ports [<portlist> | all] {qosprofile <qosprofile>} {ingress-qosprofile <inqosprofile>} Description Creates a permanent static FDB entry, and optionally associates it with an ingress and/or egress QoS profile. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes.
Page 365
create fdbentry vlan ports Permanent static entries are designated by “spm” in the flags field of the output. You can use show fdb command to display permanent FDB entries, including their QoS profile show fdb permanent associations. Example The following example adds a permanent, static entry to the FDB for MAC address is 00 E0 2B 12 34 56, in VLAN marketing on port 4: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 4 History...
FDB Commands delete fdbentry delete fdbentry [[<mac_address> | broadcast-mac] vlan <vlan name> | all] Description Deletes one or all permanent FDB entries. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes. broadcast-mac Specifies the broadcast MAC address. May be used as an alternate to the colon-separated byte form of the address ff:ff:ff:ff:ff:ff.
disable fdb-scan disable fdb-scan disable fdb-scan [all | slot {{backplane} | <slot number> | msm-a | msm-b}] Description Disables FDB scanning on a stand-alone switch or on a per slot or backplane basis on a modular switch. Syntax Description Specifies all of the slots in the chassis. This is available on modular switches only.
Page 368
FDB Commands History This command was first available in ExtremeWare 6.2.2b108. The default for this command was changed to disabled in ExtremeWare 6.2.2b134. This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
enable fdb-scan enable fdb-scan enable fdb-scan [all | slot {{backplane} | <slot number> | msm-a | msm-b}] Description Enables FDB scanning on a stand-alone switch or on a per slot or backplane basis on a modular switch. Syntax Description Specifies all of the slots in the chassis. This is available on modular switches only.
Page 370
FDB Commands History This command was first available in ExtremeWare 6.2.2b108. The default for this command was changed to disabled in ExtremeWare 6.2.2b134 This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
run fdb-check run fdb-check run fdb-check [index <bucket> <entry> | [<mac_address> | broadcast-mac] {<vlan name>}] {extended} {detail} Description Checks MAC FDB entries for consistency. Syntax Description bucket Specifies the bucket portion of the FDB hash index. entry Specifies the entry portion of the FDB hash index. mac-address Specifies a MAC address (hex octet).
Page 372
FDB Commands History This command was first available in ExtremeWare 6.1.9 This command was modified in ExtremeWare 6.2.1 to support the keyword. broadcast-mac Platform Availability This command is available on all platforms. option is available on the Black Diamond 6800 chassis-based system only. extended ExtremeWare Software 7.3.0 Command Reference Guide...
show fdb show fdb show fdb {<mac_address> | broadcast-mac | permanent | ports <portlist> | remap | vlan <vlan name>} Description Displays FDB entries. Syntax Description mac_address Specifies a MAC address, using colon-separated bytes, for which FDB entries should be displayed. broadcast-mac Specifies the broadcast MAC address.
Page 374
FDB Commands Flags Flags that define the type of entry: • B - Egress Blackhole • b - Ingress Blackhole • d - Dynamic • s - Static • p - Permanent • m - MAC • S - secure MAC •...
Page 375
show fdb Total: 33 Static: 16 Perm: 0 Locked: 0 Secure: 0 Dynamic: 17 Dropped: 0 Questionable: 0 Remapped: 0 FDB Aging time: 300 seconds The following command displays information about the permanent entries in the FDB: show fdb permanent It produces output similar to the following: EQP IQP Index Vlan...
FDB Commands unconfigure fdb-scan failure-action unconfigure fdb-scan failure-action Description Returns the switch to its default of sending FDB scan messages to the syslog if too many failures are detected within the specified scan period. Syntax Description The command has no arguments or variables. Default N/A.
unconfigure fdb-scan period unconfigure fdb-scan period unconfigure fdb-scan period Description Returns the FDB scan interval to the factory default of 30 seconds. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This setting is independent of and does not affect the system health check configurations. Example The following command returns the FDB scan interval to 30 seconds: unconfigure fdb-scan period...
QoS Commands This chapter describes the following commands: • Commands for configuring Quality of Service (QoS) profiles • Commands creating traffic groupings and assigning the groups to QoS profiles • Commands for configuring, enabling and disabling explicit class-of-service traffic groupings (802.1p and Diffserv) •...
Page 380
QoS Commands • Traffic grouping—A method of classifying or grouping traffic that has one or more attributes in common. • QoS policy—The combination that results from assigning a QoS profile to a traffic grouping. QoS profiles are assigned to traffic groupings to modify switch-forwarding behavior. When assigned to a traffic grouping, the combination of the traffic grouping and the QoS profile comprise an example of a single policy that is part of Policy-Based QoS.
clear dlcs clear dlcs clear dlcs Description Clears all learned DLCS data. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines If the IP address of an end-station changes, and the end-station is not immediately rebooted, the old host-to-IP mapping is not deleted.
QoS Commands configure diffserv examination code-point qosprofile ports configure diffserv examination code-point <code_point> qosprofile <qosprofile> ports [<portlist> | all] {low-drop-probability | high-drop-probability} Description Configures the default ingress Diffserv code points (DSCP) to QoS profile mapping. Syntax Description code_point Specifies a DiffServ code point (a 6-bit value in the IP-TOS byte in the IP header).
Page 383
configure diffserv examination code-point qosprofile ports with the weighted RED (WRED) implementation provided by SONET ports. This implementation supports two different drop probabilities; one for DSCPs designated as having low drop-probability and another for DSCPs designated as having high drop-probability. These keywords enable complete flexibility in assigning DSCPs to the two different drop-probability levels.
QoS Commands configure diffserv replacement priority configure diffserv replacement priority <value> code-point <code_point> ports [<portlist> | all] Description Configures the default egress Diffserv replacement mapping. Syntax Description value Specifies the 802.1p priority value. code_point Specifies a 6-bit value to be used as the replacement code point in the IP-TOS byte in the IP header.
Page 385
configure diffserv replacement priority History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
QoS Commands configure dot1p type configure dot1p type <dot1p_priority> qosprofile <qosprofile> Description Configures the default QoS profile to 802.1p priority mapping. Syntax Description dot1p_priority Specifies the 802.1p priority value. The value is an integer between 0 and 7. qosprofile Specifies a QoS profile. Default N/A.
configure ports qosprofile configure ports qosprofile configure ports <portlist> qosprofile <qosprofile> Description Configures one or more ports to use a particular QoS profile. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 389
configure qosprofile For ExtremeWare 4.0: • Only four priority levels are available (low, normal, medium, and high). Example The following command configures the QoS profile parameters of QoS profile qp5 for specific ports on an “i” series switch: configure qosprofile qp5 minbw 10% maxbw 80% priority highHi ports 5-7 The following command configures the buffer size for QoS profile qp5 on an “i”...
QoS Commands configure qostype priority configure qostype priority [source-mac | dest-mac | access-list | vlan | diffserv | dot1p] <priority> Description Configures the priority of the specified QoS traffic grouping. Syntax Description source-mac Specifies the priority of traffic groupings based on FDB source MAC addresses.
Page 391
configure qostype priority Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
QoS Commands configure red drop-probability configure red drop-probability <percent> Description Configures the Random Early Detect (RED) drop-probability. Syntax Description percent Specifies the RED drop probability as a percentage. Range is 0 -100. Default N/A. Usage Guidelines When the switch detects that traffic is filling up in any of the eight hardware queues, it performs a random discard on subsequent packets, based on the configured RED drop-probability.
configure vlan priority configure vlan priority configure vlan <vlan name> priority <priority> Description Configures the 802.1p priority value for traffic generated on the switch. Syntax Description vlan name Specifies a VLAN name. priority Specifies the 802.1p priority value. The value is an integer between 0 and 7. Default N/A.
QoS Commands configure vlan qosprofile configure vlan <vlan name> qosprofile <qosprofile> Description Configures a VLAN to use a particular QoS profile. Syntax Description vlan name Specifies a VLAN name. qosprofile Specifies a QoS profile. Default N/A. Usage Guidelines Extreme switches support eight QoS profiles (QP1 - QP8). Example The following command configures VLAN accounting to use QoS profile QP3: configure vlan accounting qosprofile QP3...
disable diffserv examination ports disable diffserv examination ports disable diffserv examination ports [<portlist> | all] Description Disables the examination of the Diffserv field in an IP packet. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
QoS Commands disable diffserv replacement ports disable diffserv replacement ports [<portlist> | all] Description Disables the replacement of diffserv code points in packets transmitted by the switch. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
disable dlcs disable dlcs disable dlcs {fast-ethernet-ports | ports [all | <port_number>]} Description This command disables WINS snooping for ports on this switch. Syntax Description fast-ethernet-ports Specifies that WINS packet snooping should be disabled on all Fast Ethernet ports. All specifies that WINS packet snooping should be disabled on all ports. port_number Specifies a port on which WINS packet snooping should be disabled.
QoS Commands disable dot1p replacement ports disable dot1p replacement ports [<portlist> | all] Description Disables the ability to overwrite 802.1p priority values for a given set of ports. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
disable qosmonitor disable qosmonitor disable qosmonitor Description Disables the QoS monitoring capability. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command disables QoS monitoring: disable qosmonitor History This command was available in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
QoS Commands disable red ports disable red ports <portlist> Description Disables Random Early Detection (RED) on the specified ports. Syntax Description portlist Specifies the port number(s). May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Disabled. Usage Guidelines None.
enable diffserv examination ports enable diffserv examination ports enable diffserv examination ports [<portlist> | all] Description Enables the Diffserv field of an ingress IP packet to be examined in order to select a QoS profile. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
QoS Commands enable diffserv replacement ports enable diffserv replacement ports [<portlist> | all] Description Enables the diffserv code point to be overwritten in packets transmitted by the switch. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
enable dlcs enable dlcs enable dlcs {fast-ethernet-ports | ports [all | <port_number>]} Description This command enables WINS snooping for ports on the switch. Syntax Description fast-ethernet-ports Specifies that WINS packets should be snooped on all Fast Ethernet ports. Specifies that WINS packets should be snooped on all ports. port_number Specifies a port on which WINS packets are to be snooped.
QoS Commands enable dot1p replacement ports enable dot1p replacement ports [<portlist> | all] Description Allows the 802.1p priority field to be overwritten on egress according to the QoS profile to 802.1p priority mapping for a given set of ports. Syntax Description portlist Specifies a list of ports or slots and ports.
Page 405
enable dot1p replacement ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
QoS Commands enable qosmonitor enable qosmonitor {port <port>} Description Enables the QoS monitoring capability on the switch. Syntax Description port Specifies a port. Default Disabled. Usage Guidelines When no port is specified, the QoS monitor automatically samples all the ports and records the sampled results.
enable red ports enable red ports enable red ports <portlist> Description Enables Random Early Detection (RED) on a port. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
QoS Commands show dlcs show dlcs Description Displays the status of DLCS (enabled or disabled) and the status of ports that are snooping WINS packets. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays DLCS status and data from the switch: show dlcs It produces output such as the following:...
show dot1p show dot1p show dot1p Description Displays the 802.1p-to-QoS profile mappings. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current 802.1p-to-QoS mappings on the switch: show dot1p Following is the output from this command: 802.1p Priority Value QOS Profile...
QoS Commands show ports qosmonitor show ports {mgmt | <portlist>} qosmonitor {egress | ingress} {discards} Description Displays real-time QoS statistics for egress packets on one or more ports. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port.
Page 411
show ports qosmonitor 0->Clear Counters U->page up D->page down R->rate screen ESC->exit History This command was available in ExtremeWare 2.0. This command was updated to support PoS in Extreme 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
QoS Commands show qosprofile show qosprofile {<qosprofile>} {port <portlist>} Description Displays QoS information on the switch. Syntax Description <qosprofile> Specifies a QoS profile name. portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 413
show qosprofile Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
QoS Commands show qostype priority show qostype priority Description Displays QoS traffic grouping priority settings. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the QoS traffic grouping priority settings for this switch: show qostype priority History This command was first available in ExtremeWare 6.2.
unconfigure diffserv examination ports unconfigure diffserv examination ports unconfigure diffserv examination ports [<portlist> | all] Description Removes the Diffserv examination code point from a port. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
QoS Commands unconfigure diffserv replacement ports unconfigure diffserv replacement ports [<portlist> | all] Description Removes the diffserv replacement mapping from a port. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
unconfigure qostype priority unconfigure qostype priority unconfigure qostype priority Description Resets all traffic grouping priority values to their defaults. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Resets the traffic grouping priorities to the following: access-list = 11 dest-mac = 8 source-mac = 7...
IP addresses, typically public Internet IP addresses. This conversion is done transparently by having a NAT device (any Extreme Networks switch using the “i” chipset) rewrite the source IP address and layer 4 port of the packets.
NAT Commands clear nat clear nat [connections | stats} Description Clears NAT connections or statistics. Syntax Description connections Specifies the current NAT connections table. stats Specifies the statistics counter. Default N/A. Usage Guidelines None. Example The following command clears NAT connections: clear nat connections History This command was first available in ExtremeWare 6.2.
Page 422
NAT Commands Usage Guidelines Four different modes are used to determine how the outside IP addresses and layer 4 ports are assigned: • Static mapping Dynamic mapping • • Port-mapping • Auto-constraining When static mapping is used, each inside IP address uses a single outside IP address. The layer 4 ports are not changed, and only the IP address is rewritten.
Page 423
configure nat add vlan map IP/mask, the rule will only match if the port(s) specified are the source layer 4-ports. If you use the command after the destination IP/mask, the rule will only match if the port(s) specified are the l4-port destination layer 4 ports.
Page 425
configure nat delete Example The following command deletes a portmap translation rule: configure nat delete out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp portmap 1024 - 8192 History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
NAT Commands configure nat finrst-timeout configure nat finrst-timeout <seconds> Description Configures the timeout for a TCP session that has been torn down or reset. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out.
configure nat icmp-timeout configure nat icmp-timeout configure nat icmp-timeout <seconds> Description Configures the timeout for an ICMP packet. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 3 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed-out.
NAT Commands configure nat syn-timeout configure nat syn-timeout <seconds> Description Configures the timeout for an entry with an unacknowledged TCP SYN state. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 60 seconds.
configure nat tcp-timeout configure nat tcp-timeout configure nat tcp-timeout <seconds> Description Configures the timeout for a fully setup TCP SYN session. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 120 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed-out.
NAT Commands configure nat timeout configure nat timeout <seconds> Description Configures the timeout for any IP packet that is not TCP, UDP, or ICMP. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out.
configure nat udp-timeout configure nat udp-timeout configure nat udp-timeout <seconds> Description Configures the timeout for a UDP session. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 120 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed-out.
NAT Commands configure nat vlan configure nat vlan <vlan name> [inside | outside | none] Description Configures a VLAN to participate in NAT. Syntax Description vlan name Specifies a VLAN name. inside Specifies that the VLAN is an inside VLAN. outside Specifies that the VLAN is an outside VLAN.
disable nat disable nat disable nat Description Disables network address translation on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command disables NAT functionality on the switch: disable nat History This command was first available in ExtremeWare 6.2.
NAT Commands enable nat enable nat Description Enables network address translation on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command enables NAT functionality on the switch: enable nat History This command was first available in ExtremeWare 6.2.
show nat show nat show nat {timeout | stats | connections | rules {vlan <outside_vlan>}} Description Displays NAT settings. Syntax Description timeout Specifies the display of NAT timeout settings. stats Specifies the display of statistics for NAT traffic. connections Specifies the display of the current NAT connection table. rules Specifies the display of NAT rules, optionally for a specific VLAN.
SLB Commands This chapter discusses server load balancing (SLB) and flow redirect commands. SLB transparently distributes client requests among several servers. The main use for SLB is for web hosting (using redundant servers to increase the performance and reliability of busy websites). You can use SLB to manage and balance traffic for client equipment such as web servers, cache servers, routers, and proxy servers.
clear slb persistence vip clear slb persistence vip clear slb persistence vip <vip name> Description Clears the connection information in the persistence table. Syntax Description vip name Specifies a virtual server. Default N/A. Usage Guidelines Use this command only during testing. Clearing persistence disables applications, such as shopping carts, that require persistence.
SLB Commands configure flow-redirect add next-hop configure flow-redirect <flow redirect> add next-hop <ip address> Description Adds the next hop host (gateway) that is to receive the packets that match the flow redirect policy. Syntax Description flow redirect Specifies a flow redirect policy. ip address Specifies an IP address.
SLB Commands configure flow-redirect service-check ftp configure flow-redirect <flow redirect> service-check ftp user <user name> <password> Description Configures the flow redirect FTP check. Syntax Description flow redirect Specifies a flow redirect policy. user name Specifies the user name for logging in to the FTP service. password Specifies the password for logging in to the FTP service.
5000 bytes. Extreme Networks recommends that you create a specific URL dedicated to this check. Do not include “http://” in the URL. To check a URL beyond the root directory, include the path in the specified URL.
SLB Commands configure flow-redirect service-check L4-port configure flow-redirect <flow redirect> service-check L4-port Description Configures the flow redirect layer 4 port check. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines This command automatically enables layer 4 port check. The layer 4 port check opens and closes the layer 4 port specified in the flow redirect policy.
SLB Commands configure flow-redirect service-check ping configure flow-redirect <flow redirect> service-check ping Description Configures the flow redirect ping check. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines This command automatically enables ping check. Ping check is also automatically enabled when you add a next hop using the following command: configure flow-redirect add next-hop In ExtremeWare 6.2.0 and prior, the frequency of the ping check is 10 seconds, the timeout of the ping check is 30 seconds, and you cannot configure these times.
configure flow-redirect service-check pop3 configure flow-redirect service-check pop3 configure flow-redirect <flow redirect> service-check pop3 user <user name> <password> Description Configures the flow redirect POP3 check. Syntax Description flow redirect Specifies a flow redirect policy. user name Specifies the user name for logging in to the POP3 service. password Specifies the password for logging in to the POP3 service.
configure flow-redirect service-check telnet configure flow-redirect service-check telnet configure flow-redirect <flow redirect> service-check telnet user <user name> <password> Description Configures the flow redirect Telnet check. Syntax Description flow redirect Specifies a flow redirect policy. user name Specifies the user name for logging in to the telnet service. password Specifies the password for logging in to the telnet service.
SLB Commands configure flow-redirect timer ping-check configure flow-redirect timer ping-check frequency <seconds> timeout <seconds> Description Configures the flow redirect ping-check frequency and timeout. Syntax Description frequency Specifies the ping-check frequency. The range is 1 to 60. timeout Specifies the ping-check timeout. The range is 1 to 60. Default The default frequency is 10 seconds.
configure flow-redirect timer service-check configure flow-redirect timer service-check configure flow-redirect timer service-check frequency <seconds> timeout <seconds> Description Configures the flow redirect service-check frequency and timeout. Syntax Description frequency Specifies the service-check frequency. The range is 15 to 300. timeout Specifies the service-check timeout. The range is 15 to 300. Default The default frequency is 60 seconds.
SLB Commands configure flow-redirect timer tcp-port-check configure flow-redirect timer tcp-port-check frequency <seconds> timeout <seconds> Description Configures the flow redirect TCP port check frequency and timeout. Syntax Description frequency Specifies the tcp-port-check frequency. The range is 5 to 120. timeout Specifies the tcp-port-check timeout. The range is 5 to 300. Default The default frequency is 10 seconds.
To set the unit number of a virtual server, use the following command: configure slb vip For simplicity, Extreme Networks recommends that you put client, server, and virtual server VLANs in the same ESRP group. Example The following command configures ESRP VLAN “servers”...
The default timeout is 3 seconds. Usage Guidelines The frequency must be less than the timeout. Extreme Networks recommends that you set the timout greater than an even multiple of the frequency. To enable active-active operation, use the following command:...
configure slb failover dead-frequency configure slb failover dead-frequency configure slb failover dead-frequency <seconds> Description Configures the frequency at which the local switch attempts to re-establish communication with the unresponsive remote switch. Syntax Description dead-frequency The frequency at which the local switch attempts to re-establish communication with the unresponsive remote switch.
SLB Commands configure slb failover failback-now configure slb failover failback-now Description Configures the local SLB to release the remote SLB resources if the remote SLB is alive. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines When an active SLB unit fails and recovers, and manual failback is enabled, use this command to force the recovered SLB unit to become the active unit.
configure slb failover ping-check configure slb failover ping-check configure slb failover ping-check <ip address> {frequency <seconds> timeout <seconds>} Description Configures the SLB device to actively determine if a remote gateway is reachable by performing a ping. Syntax Description ip address Specifies the IP address of the remote gateway.
To enable active-active operation, use the following command: enable slb failover Extreme Networks recommends that you use a dedicated layer 2 VLAN to connect the two active-active switches. Example The following command configures the local SLB switch (with an IP address of 10.10.10.22) to direct unit 2 virtual servers to failover to the SLB switch with an IP address of 10.10.10.21:...
configure slb global connection-block configure slb global connection-block configure slb global connection-block <number> Description Configures the number of SLB connections to allocate in memory, which improves performance. Syntax Description number Specifies the number of connection blocks. The range is 100 to 20,000. Default The default is 10,000.
SLB Commands configure slb global connection-timeout configure slb global connection-timeout <seconds> Description Configures the connection timeout for transparent and translation modes. Syntax Description seconds Specifies the number of seconds. The range is 1 to 180. Default The default is one second. Usage Guidelines None.
The default value for user and password is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The FTP service check provides a more thorough check than ping check, because the FTP service check logs into the service.
The HTTP service check provides a more thorough check than ping check, because the HTTP service check connects to a specific URL and checks for a specific text string. Extreme Networks recommends that you create a specific URL dedicated to this check.
Page 463
configure slb global http Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
SLB Commands configure slb global nntp configure slb global nntp <newsgroup> Description Configures the default parameters for layer 7 NNTP service checking. Syntax Description newsgroup Specifies a newsgroup. Default The default newsgroup is ebusiness. Usage Guidelines The NNTP service check provides a more thorough check than ping check, because the NNTP service check logs into the service.
configure slb global persistence-level configure slb global persistence-level configure slb global persistence-level [any-vip | same-vip-any-port | same-vip-same-port] Description Configures the persistence level globally. Syntax Description any-vip Specifies that an entry can match any port on any virtual server. same-vip-any-port Specifies that an entry must match virtual server, and can be any port. same-vip-same-port Specifies that an entry must match both virtual server and port for persistence.
SLB Commands configure slb global persistence-method configure slb global persistence-method [per-packet | per-session] Description Configures the behavior of the persistence timer. Syntax Description per-packet Resets the persistence timer at the receipt of each packet. per-session Resets the persistence timer at the beginning of the session. When the timer expires, persistence for the session ends.
configure slb global ping-check configure slb global ping-check configure slb global ping-check frequency <seconds> timeout <seconds> Description Configures default health checking frequency and timeout period using layer 3-based pinging of the physical node. Syntax Description frequency Specifies the frequency of the ping check. The range is 1 to 60 seconds. timeout Specifies the timeout of the ping check.
The default value for user and password is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The POP3 service check provides a more thorough check than ping check, because the POP3 service check logs into the service.
configure slb global service-check configure slb global service-check configure slb global service-check frequency <seconds> timeout <seconds> Description Configures default health checking frequency and timeout period using layer 7-based application-dependent checking. Syntax Description frequency Specifies the frequency of the service check. The range is 15 to 300 seconds. timeout Specifies the timeout of the service check.
SLB Commands configure slb global smtp configure slb global smtp <dns domain> Description Configures the default parameters for layer 7 SMTP service checking. Syntax Description dns domain Specifies the domain to check. Default The default value for is the switch’s domain. If the switch does not have a DNS domain dns domain configured, the value is “mydomain.com”.
configure slb global synguard configure slb global synguard configure slb global synguard max-unacknowledged-SYNs <number> Description Configures the the SYN-guard feature. Syntax Description max-unacknowledged-SYNs Specifies the number of half-open connections that the switch allows. The range is 10 to 4000. Default The default value is 50.
SLB Commands configure slb global tcp-port-check configure slb global tcp-port-check frequency <seconds> timeout <seconds> Description Configures default health checking frequency and timeout period using layer 4-based TCP port testing. Syntax Description frequency Specifies the frequency of the TCP port check. The range is 5 to 120 seconds. timeout Specifies the timeout of the TCP port check.
The default value for user and password is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The telnet service check provides a more thorough check than ping check, because the telnet service check logs into the service.
SLB Commands configure slb gogo-mode health-check configure slb gogo-mode <port number> health-check <ip address> Description Configures the health checker with the common IP addresses of the GoGo mode servers in this group. Syntax Description port number Specifies the GoGo mode master port. ip address Specifies an IP address.
configure slb gogo-mode ping-check configure slb gogo-mode ping-check configure slb gogo-mode <port number> ping-check frequency <seconds> timeout <seconds> Description Overrides the global default ping-check frequency and timeout values for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. frequency Specifies the frequency of the ping check.
Page 476
SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
This command accesses the specified URL and checks for the specified alphanumeric string in the first 1000 bytes. Extreme Networks recommends that you create a specific URL dedicated to this check. Do not include “http://” in the URL. To check a URL beyond the root directory, include the path in the specified URL.
Page 479
configure slb gogo-mode service-check http History This command was first available in ExtremeWare 6.1.5. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 490
SLB Commands Example The following command configures GoGo mode FTP TCP-port-check for the group with port 29 as the master port with a frequency of 15 seconds and a timeout of 45 seconds: configure slb gogo-mode 29 tcp-port-check timer ftp frequency 15 timeout 45 History This command was first available in ExtremeWare 6.1.5.
Page 492
SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 494
SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure slb node ping-check configure slb node ping-check configure slb node <ip address> ping-check frequency <seconds> timeout <seconds> Description Overrides the global default frequency and timeout values for this node. Syntax Description ip address Specifies the IP address of the node. frequency Specifies the frequency of the ping check.
Page 497
configure slb node tcp-port-check Example The following command sets the FTP TCP-port-check for the node with an IP address of 10.2.1.2 to a frequency of 30 seconds and a timeout of 90 seconds: configure slb node 10.2.1.2 : ftp tcp-port-check frequency 30 timeout 90 History This command was first available in ExtremeWare 6.1.
SLB Commands configure slb pool add configure slb pool <pool name> add <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] {ratio <number>...
Page 499
configure slb pool add configure the ratio, use the smallest common denominator. For example, to configure a ratio of 25% and 75%, use ratios of 1 and 3, instead of 25 and 75. To configure a pool to use the ratio load balancing method, use the following command: configure slb pool <pool name>...
SLB Commands configure slb pool delete configure slb pool <pool name> delete <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Deletes a node from a pool.
Page 501
configure slb pool delete History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
SLB Commands configure slb pool lb-method configure slb pool <pool name> lb-method [least-connections | priority | ratio | round-robin] Description Configures the SLB load balancing method. Syntax Description pool name Specifies a pool. least-connections Specifies the least connections load balancing method. priority Specifies the priority load balancing method.
configure slb pool member configure slb pool member configure slb pool <pool name> member <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP or UDP port number>] [ratio <number>...
Page 504
SLB Commands configure slb pool ftp member 10.2.1.2 : ftp priority 2 History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure slb proxy-client-persistence configure slb proxy-client-persistence configure slb proxy-client-persistence [add | delete] <ip address>/<netmask> Description Configures a client subnet that should be treated as one persistent entity. Syntax Description ip address/netmask Specifies an IP address and netmask. Default N/A. Usage Guidelines Use this command to force all clients from the specified proxy array to connect to the same physical server.
SLB Commands configure slb vip configure slb vip <vip name> unit [number] Description Configures the unit number for active-active failover. Syntax Description vip name Specifies a virtual server. unit Specifies a unit identifier on a virtual server. The range is 1 to 16. Default The default unit is 1.
The default is 3600. client-persistence-timeout Usage Guidelines Extreme Networks recommends that you specify a short client persistence timeout, because longer timeout values consume more memory. Example The following command configures the virtual server “ftp” with a client persistence timeout of 3000...
SLB Commands configure slb vip max-connections configure slb vip <vip name> max-connections <number> Description Configures the maximum connections allowed to a particular virtual server. Syntax Description vip name Specifies a virtual server. max-connections Specifies the maximum number of connections allowed to a virtual server. The range is 0 to 999,999,999.
configure slb vip service-check frequency configure slb vip service-check frequency configure slb vip <vip name> service-check frequency <seconds> timeout <seconds> Description Configures the layer 7 service check frequency and timeout for a particular virtual server. Syntax Description vip name Specifies a virtual server. frequency Specifies the frequency of the service check.
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The FTP service check provides a more thorough check than ping check, because the FTP service check logs into the service.
The HTTP service check provides a more thorough check than ping check, because the HTTP service check connects to a specific URL and checks for a specific text string. Extreme Networks recommends that you create a specific URL dedicated to this check.
Page 512
SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The POP3 service check provides a more thorough check than ping check, because the POP3 service check logs into the service.
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The telnet service check provides a more thorough check than ping check, because the telnet service check logs into the service.
configure vlan slb-type configure vlan slb-type configure vlan <vlan name> slb-type [both | client | none | server] Description Marks a VLAN as either a server VLAN or a client VLAN. Syntax Description both Configures the VLAN as both a server and a client VLAN. client Configures the VLAN as a client VLAN.
SLB Commands create slb pool create slb pool <pool name> {lb-method [least-connections | priority | ratio | round-robin]} Description Creates a server pool and optionally assigns a load-balancing method to the pool. Syntax Description pool name Specifies a pool. lb-method Specifies the load-balancing method.
SLB Commands delete flow-redirect delete flow-redirect <flow redirect> Description Deletes a flow redirect policy. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines To rename or modify a flow redirect policy, you must delete and recreate the flow redirect policy. Example The following command deletes a flow redirect policy named “http”: delete flow-redirect http...
delete slb pool delete slb pool delete slb pool [<pool name> | all] Description Deletes a server pool. Syntax Description pool name Specifies a pool. Specifies all pools. Default N/A. Usage Guidelines You must first delete all virtual servers before deleting the pool. To delete a virtual server, use the following command: delete slb vip Example...
SLB Commands delete slb vip delete slb vip [<vip name> | all] Description Deletes one or all virtual servers. Syntax Description vip name Specifies a virtual server. Specifies all virtual servers. Default N/A. Usage Guidelines You must use this command to delete all virtual servers from a pool before deleting the pool. Example The following command the virtual server named “http_vip”: delete slb pool http_vip...
disable flow-redirect disable flow-redirect disable flow-redirect [all | <flow redirect>] Description Disables flow redirect. Syntax Description Specifies all flow policies. flow redirect Specifies a single flow redirect policy. Default The default parameter is all. Flow redirect is disabled by default. Usage Guidelines When you create a new flow redirect policy, flow redirect is automatically enabled.
SLB Commands disable slb disable slb Description Disables SLB processing. Syntax Description This command has no arguments or variables. Default SLB is disabled by default. Usage Guidelines Disabling SLB causes the following to occur: • Closes all connections. • Withdraws virtual server routes or routes that do not respond with proxy ARP responses of virtual server addresses.
disable slb 3dns disable slb 3dns disable slb 3dns iquery-client Description Disables 3DNS support. Syntax Description This command has no arguments or variables. Default 3DNS is disabled by default. Usage Guidelines To enable 3DNS, use the following command: enable slb 3dns iquery-client Example The following command disables 3DNS: disable slb 3dns iquery-client...
SLB Commands disable slb failover disable slb failover Description Disables the SLB failover mechanism. Syntax Description This command has no arguments or variables. Default SLB failover is disabled by default. Usage Guidelines To enable SLB failover, use the following command: enable slb failover Example The following command disables SLB failover:...
disable slb failover manual-failback disable slb failover manual-failback disable slb failover manual-failback Description Disables manual failback. Syntax Description This command has no arguments or variables. Default Manual failback is disabled by default. Usage Guidelines To enable manual failback, use the following command: enable slb failover manual-failback Example The following command disables manual failback:...
SLB Commands disable slb failover ping-check disable slb failover ping-check Description Disables ping-check to an external gateway. Syntax Description This command has no arguments or variables. Default Ping-check is disabled by default. Usage Guidelines To enable ping-check, use the following command: enable slb failover ping-check Example The following command disables ping-check:...
disable slb global synguard disable slb global synguard disable slb global synguard Description Disables the TCP SYN-guard feature. Syntax Description This command has no arguments or variables. Default SYN-guard is disabled by default. Usage Guidelines To enable SYN-guard, use the following command: enable slb global synguard Example The following command disables SYN-guard:...
SLB Commands disable slb gogo-mode disable slb gogo-mode <port number> {all} Description Disables GoGo mode processing. Syntax Description port number Specifies the GoGo mode master port. Disables all health checking. Default GoGo mode is disabled by default. Usage Guidelines Before you disable GoGo mode, disconnect the servers, as they all have identical MAC and IP addresses, which can cause VLAN conflicts.
disable slb gogo-mode ping-check disable slb gogo-mode ping-check disable slb gogo-mode <port number> ping-check Description Disables layer-3 ping-check to this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. Default GoGo mode ping check is disabled by default. Usage Guidelines To enable ping-check for a GoGo mode group, use the following command: enable slb gogo-mode <port number>...
disable slb node disable slb node disable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {close-connections-now} Description Disables one or all nodes.
Page 540
SLB Commands Example The following command disables all nodes and immediately closes all open connections: disable slb node all close-connections-now History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
disable slb node ping-check disable slb node ping-check disable slb node [all | <ip address>] ping-check Description Disables layer 3 ping-check. Syntax Description Specifies all nodes. ip address Specifies the IP address of the node. Default Ping-check is disabled by default. Usage Guidelines Ping-check is automatically enabled when a node is added to a pool.
Page 543
disable slb node tcp-port-check Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
SLB Commands disable slb proxy-client-persistence disable slb proxy-client-persistence Description Disables proxy client persistence. Syntax Description This command has no arguments or variables. Default Proxy client persistence is disabled by default. Usage Guidelines To enable proxy client persistence, use the following command: enable slb proxy-client-persistence Example The following command disables proxy client persistence:...
disable slb vip disable slb vip disable slb vip [all | <vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {close-connections-now} Description Disables one or all virtual servers.
Page 546
SLB Commands disable slb vip ftp_vip close-connections-now History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
SLB Commands disable slb vip service-check disable slb vip [all | <vip name>] service-check Description Disables layer 7 service-check. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Service-check is disabled by default. Usage Guidelines To enable service-check, use the following command: enable slb vip service-check Example The following command disables service-check for the virtual server “ftp_vip”:...
SLB Commands disable slb vip svcdown-reset disable slb vip [all | <vip name>] svcdown-reset Description Disables svcdown-reset. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default The svcdown-reset feature is disabled by default. Usage Guidelines To enable svcdown-reset, use the following command: enable slb vip svcdown-reset Example The following command disables svcdown-reset for the virtual server “ftp_vip”:...
enable flow-redirect enable flow-redirect enable flow-redirect [all | <flow redirect>] Description Enables flow redirect. Syntax Description Specifies all flow policies. flow redirect Specifies a single flow redirect policy. Default The default parameter is all. Flow redirection is disabled by default. Usage Guidelines When you create a new flow redirect policy, flow redirect is automatically enabled.
SLB Commands enable slb enable slb Description Enables SLB processing. Syntax Description This command has no arguments or variables. Default SLB is disabled by default. Usage Guidelines This command activates the following functions for transparent, translational, and port translation modes: •...
enable slb 3dns enable slb 3dns enable slb 3dns iquery-client Description Enables 3DNS support. Syntax Description This command has no arguments or variables. Default 3DNS is disabled by default. Usage Guidelines The following 3DNS global balance modes are supported: • completion •...
SLB Commands enable slb failover enable slb failover Description Enables SLB failover. Syntax Description This command has no arguments or variables. Default Failover is disabled by default. Usage Guidelines When SLB failover is enabled, the primary SLB switch automatically resumes primary status when it becomes active.
enable slb failover manual-failback enable slb failover manual-failback enable slb failover manual-failback Description Enables manual failback. Syntax Description This command has no arguments or variables. Default Manual failback is disabled by default. Usage Guidelines When manual failback is enabled, the primary SLB switch does not automatically resume primary status until you use the following command: configure slb failover failback-now To disable manual failback, use the following command:...
SLB Commands enable slb failover ping-check enable slb failover ping-check Description Enables ping-check. Syntax Description This command has no arguments or variables. Default Ping-check is disabled by default. Usage Guidelines To disable ping-check, use the following command: disable slb failover ping-check Example The following command enables ping-check: enable slb failover ping-check...
enable slb global synguard enable slb global synguard enable slb global synguard Description Enables the TCP SYN-guard feature. Syntax Description This command has no arguments or variables. Default SYN-guard is disabled by default. Usage Guidelines To disable SYN-guard, use the following command: disable slb global synguard Example The following command enables SYN-guard:...
SLB Commands enable slb gogo-mode enable slb gogo-mode <port number> grouping <port list> Description Enables GoGo mode processing for a group of ports. Syntax Description port number Specifies the GoGo mode master port. port list Specifies a range or list of ports assigned to the group. Default GoGo mode is disabled by default.
enable slb gogo-mode ping-check enable slb gogo-mode ping-check enable slb gogo-mode <port number> ping-check <ip address> Description Enables layer-3 ping-check for the GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. ip address Specifies an IP address to be pinged. Default GoGo mode ping check is disabled by default.
enable slb node enable slb node enable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] Description Enables one or all nodes.
Page 566
SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
enable slb node ping-check enable slb node ping-check enable slb node [all | <ip address>] ping-check Description Enables layer 3 ping-check. Syntax Description Specifies all nodes. ip address Specifies the IP address of the node. Default Ping-check is enabled by default. Usage Guidelines Ping-check is automatically enabled when a node is added to a pool.
Page 569
enable slb node tcp-port-check Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
SLB Commands enable slb proxy-client-persistence enable slb proxy-client-persistence Description Enables proxy client persistence. Syntax Description This command has no arguments or variables. Default Proxy client persistence is disabled by default. Usage Guidelines To disable proxy client persistence, use the following command: disable slb proxy-client-persistence Example The following command enables proxy client persistence:...
enable slb vip enable slb vip enable slb vip [all | <vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] Description Enables one or all virtual servers.
Page 572
SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
SLB Commands enable slb vip service-check enable slb vip [all | <vip name>] service-check Description Enables layer 7 service check. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Service-check is disabled by default. Usage Guidelines The service checks are based on the following information: •...
SLB Commands enable slb vip svcdown-reset enable slb vip [all | <vip name>] svcdown-reset Description Enables svcdown-reset. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default The svcdown-reset feature is disabled by default. Usage Guidelines The svcdown-reset feature configures the switch to send TCP RST packets to both the clients and the virtual server if the virtual server fails a health-check.
show flow-redirect show flow-redirect show flow-redirect <flow redirect> Description Displays the current flow redirect configuration and statistics. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines If you do not specify a flow redirect policy, configuration and statistics for all flow redirect policies are displayed.
Page 578
SLB Commands Service Checking: Displays the configured service check type. • • http • L4-port • nntp • ping • pop3 • smtp • telnet IP Address Displays the IP address of the next hop. State Displays the status of the next hop, either up or down. Flow Info Displays hardware mapping information.
show slb 3dns members show slb 3dns members show slb 3dns members Description Displays the current connection information between the switch and the 3DNS querier. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current 3DNS information: show slb 3dns members History...
SLB Commands show slb esrp show slb esrp Description Displays SLB configuration for ESRP. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current ESRP configuration: show slb esrp Following is the output from this command: VLAN Name SLB Unit Status SLB Unit(s)
show slb failover show slb failover show slb failover Description Displays SLB failover configuration and status. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command also displays SLB failover configuration and status. show slb global Example The following command displays the current SLB failover configuration and status: show slb failover...
Page 584
SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show slb global show slb global show slb global Description Displays the current SLB global configuration information. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Displays the following: • Global enable/disable mode • Global modes •...
Page 586
SLB Commands Password: (not shown) SMTPDomain: "mydomain.com" NNTP Newsgroup: "ebusiness" User: anonymous Password: (not shown) POP3User: anonymous Password: (not shown) SLB Failover Configuration: Failover: Enabled Local unit ID: 1 Local IP address: 10.1.1.1 Remote IP address: 10.1.1.2 TCP port number: 1028 Remote Alive frequency: 1 Remote Dead frequency: 2 Keepalive Timeout: 3...
show slb gogo-mode show slb gogo-mode show slb gogo-mode <port number> {configuration} Description Displays GoGo mode ping-check, TCP-port-check, and service-check status. Syntax Description port number Specifies the GoGo mode master port. configuration Displays configuration instead of status. Default N/A. Usage Guidelines If you do not specify a master port, status for all GoGo mode groups with health checks configured is displayed.
show slb node show slb node show slb node {<ip address> [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]} Description Displays node configuration and status.
Page 590
SLB Commands Following is the output from this command: Freq/ TCP/UDP Frequency/Max Node IP Address Flags Timeout Port Flags Timeout#PoolsConns 1.111.1.1 E--H-- 10/30 E--- 30/90 2(no limit) 1.111.1.2 E--H-- 10/30 E--- 30/90 2(no limit) 1.111.1.3 E--H-- 10/30 E--- 30/90 2(no limit) Flags: E - Enable, U - Up, R - IP Route Up,...
show slb persistence show slb persistence show slb persistence Description Displays persistence status of existing clients. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current persistence status: show slb persistence History This command was first available in ExtremeWare 6.1.
SLB Commands show slb pool show slb pool <pool name> Description Displays the current SLB pool configuration and status. Syntax Description pool name Specifies a pool. Default N/A. Usage Guidelines If you do not specify a pool, configuration and status for all pools is displayed. Example The following command displays the current pool configuration and statistics for all pools, currently “rr_pool”...
show slb stats show slb stats show slb stats [pool <pool name> | vip <vip name>] Description Displays the current SLB pool connection status. Syntax Description pool name Specifies a pool. vip name Specifies a virtual server. Default N/A. Usage Guidelines If you specify but do not specify a specific pool, status for all pools is displayed.
SLB Commands show slb vip show slb vip [<vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {detail} Description Displays the current virtual server configuration and statistics.
Page 595
show slb vip Following is the output from this command: Unit Export # Servers Name IP Address Port -- Mode -- FlagsPool Up/Defined ratio_vip 4.1.1.100 EUA-----ratio_po0/3 rr_vip 10.1.1.10 EUA----!rr_pool0/3 Modes: TP - Transparent, TL - Translational, PT - Port Translational Automatically Exported via: PA - Proxy Arp, HR - Host Route, SR - Subnet Route Flags: E - Enable, U - Up,...
SLB Commands unconfigure slb all unconfigure slb all Description Resets SLB global defaults and clears the SLB configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command does not delete nodes, pools, or virtual servers. To delete all nodes and pools, use the following command: delete slb pool all To delete all virtual servers, use the following command:...
unconfigure slb gogo-mode health-check unconfigure slb gogo-mode health-check unconfigure slb gogo-mode <port number> health-check Description Disables and deletes all the ping-check, TCP-port-check, and service-check configurations for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. Default N/A.
Commands for Status Monitoring and Statistics This chapter describes: • Commands for configuring and managing the Event Management System/Logging • Commands for enabling and disabling NetFlow flow statistics collection • Commands for configuring flow-collection port and filtering options • Commands for configuring the flow-collector devices to which NetFlow datagrams are exported •...
Page 602
Commands for Status Monitoring and Statistics NetFlow Statistics NetFlow flow statistics provides a way for a switch to capture and export traffic classification or precedence information as data traverses, or flows, across portions of a network. A network flow is defined as a unidirectional sequence of packets between a particular source device and destination device that share the same protocol and transport-layer information.
clear counters clear counters clear counters Description Clears all switch statistics and port counters, including port packet statistics, bridging statistics, IP statistics, log event counters, and MPLS statistics. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines You should view the switch statistics and port counters before you clear them.
Commands for Status Monitoring and Statistics clear log clear log {diag-status | error-led | static | messages [memory-buffer | nvram]} Description Clears the log database. Syntax Description diag-status Clears the hardware error code. error-led Clears the ERR LED on the MSM. static Specifies that the messages in the NVRAM target are cleared, and the ERR LED on the MSM is cleared.
Page 605
clear log option was added in ExtremeWare 7.1.0 error-led option was added in ExtremeWare 7.1.0 messages Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics clear log counters clear log counters {<event condition> | [all | <event component>] {severity <severity> {only}}} Description Clears the incident counters for events. Syntax Description event condition Specifies the event condition counter to clear. Specifies that all events counters are to be cleared.
Page 607
clear log counters Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Specifies the slot where the I/O module is installed. Default N/A. Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can clear the Alpine diagnostics failures from the NVRAM using the following command: clear log diag error <slot number> Example...
Specifies the slot where the I/O module is installed. Default N/A. Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can clear the packet memory diagnostics failures from the EEPROM using the following command: clear log diag remap <slot number>...
Commands for Status Monitoring and Statistics clear transceiver-test clear transceiver-test Description Clears (resets) the transceiver test statistics. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines To display the transceiver test statistics, use the command. The show diagnostics sys-health-check following is sample output: Transceiver system health diag result...
configure flowstats export add port configure flowstats export add port configure flowstats export <group#> add [<ipaddress> | <hostname>] <udp_port> Description Adds a flow-collector device to an export group to which NetFlow datagrams are exported. Syntax Description group# Specifies the export group to which the specified flow-collector device should be added.
Page 612
Commands for Status Monitoring and Statistics Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure flowstats export delete port configure flowstats export delete port configure flowstats export <group#> delete [<ipaddress> | <hostname>] <udp_port> Description Removes a flow-collector device from an export group to which NetFlow datagrams are exported. Syntax Description group# Specifies the export group to which the specified flow-collector device belongs. The group number is an integer in the range of 1-32.
Commands for Status Monitoring and Statistics configure flowstats filter ports configure flowstats filter <filter#> {aggregation} {export <group#>} ports <portlist> [ingress | egress] <filterspec> Description Configures a flow record filter for the specified ports. Syntax Description filter# The filter# parameter is an integer in the range from 1 to 8 that identifies the filter being defined.
Page 615
configure flowstats filter ports Usage Guidelines Configuring a filter specification enables that filter for the specified ports. To specify all ports, you can use specify them as the range of all ports (such as 1-32 or 7:1-7:4) or in the form <slot>:* on a modular switch.
Commands for Status Monitoring and Statistics configure flowstats source configure flowstats source ipaddress <ipaddress> Description Configures the IP address that is to be used as the source IP address for NetFlow datagrams to be exported. Syntax Description ipaddress Specifies the IP address of a VLAN to be used as the source address for the Net FL ow datagrams.
configure flowstats timeout ports configure flowstats timeout ports configure flowstats timeout <minutes> ports [<portlist> | all] Description Configures the timeout value for flow records on the specified ports. Syntax Description minutes Specifies the number of minutes to use in deciding when to export flow records.
Commands for Status Monitoring and Statistics configure log display configure log display {<severity>} Description Configures the real-time log display. Syntax Description severity Specifies a message severity. Severities include critical, error, warning, notice, info, debug-summary, debug-verbose, and debug-data. Default If not specified, messages of all severities are displayed on the console display. Usage Guidelines You must enable the log display before messages are displayed on the log display.
Page 619
configure log display Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics configure log filter events configure log filter <filter name> [add | delete] {exclude} events [<event condition> | [all | <event component>] {severity <severity> {only}}] Description Configures a log filter by adding or deleting a specified set of events. Syntax Description filter name Specifies the filter to configure.
Page 621
configure log filter events Events, Components, and Subcomponents. As mentioned, a single event can be included or excluded by specifying the event’s name. Multiple events can be added or removed by specifying an ExtremeWare component name plus an optional severity. Some components, such as BGP, contain subcomponents, such as Keepalive, which is specified as BGP.Keepalive.
Page 622
Commands for Status Monitoring and Statistics configure log filter myFilter add events bgp.keepalive severity error only then the following exclude item actually results in no change to the filter item list: configure log filter myFilter add exclude events bgp.updatein severity all Since the newly created filter, myFilter, only includes some items from the subcomponent BGP.Keepalive, there are no BGP.UpdateIn events that need to be excluded.
configure log filter events match configure log filter events match configure log filter <filter name> [add | delete] {exclude} events [<event condition> | [all | <event component>] {severity <severity> {only}}] [match | strict-match] <type> <value> {and <type> <value> ...} Description Configures a log filter by adding or deleting a specified set of events and specific set of match parameter values.
Page 624
Commands for Status Monitoring and Statistics definitions (the event text and parameter types). The syntax for the parameter types (represented by <type> in the command syntax above) is: [bgp [neighbor | routerid] <ip address> | eaps <eaps domain name> | {destination | source} [ipaddress <ip address> | L4-port | mac-address ] | {egress | ingress} [slot <slot number>...
Page 625
configure log filter events match configure log bridgeFilter add events bridge severity notice match source mac-address 00:11:12:13:14:15 configure log bridgeFilter add events bridge severity notice match source mac-address 00:21:22:23:24:25 configure log bridgeFilter add events bridge severity notice match source mac-address 00:31:32:33:34:35 In order to exclude only incidents whose parameter values match the specified criteria, follow this two step process.
Page 626
Commands for Status Monitoring and Statistics Example By default, all log targets are associated with the built-in filter, DefaultFilter. Therefore, the most straightforward way to send additional messages to a log target is to modify DefaultFilter. In the following example, the command modifies the built-in filter to allow incidents in the STP component, and all subcomponents of STP, of severity critical, error, warning, notice and info.
configure log filter set severity configure log filter set severity configure log filter <filter name> set severity <severity> events [<event component> | all ] Description Sets the severity level of an existing filter item. Syntax Description filter name Specifies the filter to configure. severity Specifies the severity level to send.
Page 628
Commands for Status Monitoring and Statistics To see the current configuration of a filter, use the following command: show log configuration filter <filter name> Example To change the severity level of the filter item added with this command: configure log filter bgpFilter2 add events bgp.keepalive severity notice use the following command: configure log filter bgpFilter2 set severity info events bgp.keepalive History...
configure log filter set severity match configure log filter set severity match configure log filter <filter name> set severity <severity> events [<event condition> | [all | <event component>]] [match | strict-match] <type> <value> {and <type> <value> ...} Description Sets the severity level of an existing filter item. Syntax Description filter name Specifies the filter to configure.
Page 630
Commands for Status Monitoring and Statistics source ipaddress 10.1.2.0/24 Using the single command eliminates the possibility of missing an event of interest between the separate commands. delete See the command on page 713 for a detailed description of severity levels. show log To see the current configuration of a target, use the following command: show log configuration target {console-display | memory-buffer | nvram | session |...
Page 634
Commands for Status Monitoring and Statistics Default The following defaults apply to console display, memory buffer, NVRAM, and session targets: • timestamp—hundredths • date—mm-dd-yyyy • severity—on • event-name—condition • host-name—off • priority—off • tag-id—off • tag-name—off • sequence-number—off • process-name—off •...
Page 635
configure log target format When this command is applied to the target , the format specified is used in subsequent memory-buffer commands. The format configured for the internal memory buffer can be show log upload log overridden by specifying a format on the commands.
Page 636
Commands for Status Monitoring and Statistics Process Name. For providing detailed information to technical support, the (internal) ExtremeWare task names of the applications detecting the events can be displayed by specifying process-name on suppressed by specifying . The default setting is process-name off process-name off Process ID.
configure log target match configure log target match configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] match [any |<match-expression>] Description Associates a match expression to a target. Syntax Description console-display Specifies the console display.
Page 638
Commands for Status Monitoring and Statistics Example The following command sends log messages to the current session, that pass the current filter and severity level, and contain the string user5: configure log target session match user5 History This command was first available in ExtremeWare 7.1.0 Platform Availability This command is available on all platforms.
configure log target severity configure log target severity configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] {severity <severity> {only}} Description Sets the severity level of messages sent to the target. Syntax Description console-display Specifies the console display.
Page 640
Commands for Status Monitoring and Statistics show log configuration filter <filter name> Example The following command sends log messages to the current session, that pass the current filter at a severity level of info or greater, and contain the string user5: configure log target session severity info History This command was first available in ExtremeWare 7.1.0...
configure packet-mem-scan-recovery-mode configure packet-mem-scan-recovery-mode configure packet-mem-scan-recovery-mode [offline | online] [msm-a | msm-b | <slot number>] Description Configures packet memory scanning and the recovery mode setting on a BlackDiamond module. Syntax Description offline Specifies that a faulty BlackDiamond module is taken offline and kept offline if one of the following occurs: •...
Page 642
Commands for Status Monitoring and Statistics Example The following command enables packet memory scanning on slot 1, and specifies that the module be taken offline: configure packet-mem-scan-recovery mode offline slot 1 The following command enables packet memory scanning on the MSM module in slot B, and specifies that the module be kept online configure packet-mem-scan-recovery mode online slot msm-b History...
configure sflow agent configure sflow agent configure sflow agent <ip-address> Description Configures the sFlow agent source IP address used in the sFlow UDP datagrams sent to the sFlow collector. Syntax Description ip-address Specifies the IP address from which sFlow data is sent on the switch. Default The default IP address is 0.0.0.0.
Commands for Status Monitoring and Statistics configure sflow backoff-threshold configure sflow backoff-threshold <rate> Description Configures the maximum number of packets sent to the sFlow collector per second. Syntax Description rate Specifies the maximum number of packets sent to the sFlow collector per second.
configure sflow collector configure sflow collector configure sflow collector <ip-address> : <udp-port> Description Configures the IP address and UDP port number identifying the sFlow collector. Syntax Description ip-address Specifies the IP address to send the sFlow data. udp-port Specifies the UDP port number to send the sFlow data. Default UDP port number—6343 Usage Guidelines...
Commands for Status Monitoring and Statistics configure sflow poll-interval configure sflow poll-interval <seconds> Description Configures the sFlow counter polling interval at which the statistics counter values will be sent to the sFlow collector. Syntax Description seconds Specifies the number of seconds between polling each counter. The value can range from 1 to 3600 seconds.
configure sflow sample-rate configure sflow sample-rate configure sflow sample-rate <number> Description Configures the sample rate at which the sFlow agent collects network traffic samples. Syntax Description number Specifies the fraction (1/number) of packets to be sampled. Default 8192. Usage Guidelines This command configures the sample rate at which the sFlow agent collects network traffic samples.
Commands for Status Monitoring and Statistics configure sys-health-check alarm-level configure sys-health-check alarm-level [log | system-down | traps | default | auto-recovery <number of tries> [online | offline]] Description Configures the system health checker. Syntax Description Posts a CRIT message to the log. system-down Posts a CRIT message to the log, sends a trap, and turns off the system.
Page 649
configure sys-health-check alarm-level The alarm-level and auto-recovery options are mutually exclusive; configuring an alarm-level disables auto-recovery, and configuring auto-recovery overrides the alarm-level setting. In ExtremeWare versions prior to 6.2, you cannot use both mirroring and the system health checker at the same time.
Page 650
Commands for Status Monitoring and Statistics I/O module faults are permanently recorded on the module’s EEPROM. A module that has failed a system health check cannot be brought back online. To view the failure messages, use the command. show diagnostics If you configure the system health check mode to and no new errors are detected, the device offline...
configure sys-health-check auto-recovery configure sys-health-check auto-recovery configure sys-health-check auto-recovery <number> [offline | online] | alarm-level [card-down | default | log | system-down | traps] Description Configures the system health checker. Syntax Description number Specifies the number of times that the health checker attempts to auto-recover a faulty module.
Page 652
Commands for Status Monitoring and Statistics In ExtremeWare versions prior to 6.2, you cannot use both mirroring and the system health checker at the same time. If you configure mirroring with the system health checker enabled, the health checker will indicate that it has been disabled by sending a message to the syslog. In ExtremeWare 6.2 or later, this restriction does not apply.
Page 653
configure sys-health-check auto-recovery I/O module faults are permanently recorded on the module’s EEPROM. A module that has failed a system health check cannot be brought back online. If the faulty module is a master MSM, the slave MSM automatically becomes the master and sets the faulty MSM to .
Reset module and run diagnostics (remap). Usage Guidelines Extreme Networks support personnel can configure the action taken by the system health check if diagnostics are run or if checksum errors trigger diagnostics. If diagnostics are run or triggered in previous releases of ExtremeWare, the module is reset and diagnostics are run. Support personnel can...
Page 655
configure sys-health-check scan-recovery Platform Availability This command is not available on the BlackDiamond 6816 switch. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics configure sys-recovery-level configure sys-recovery-level [none | [all | critical] [msm-failover | reboot | shutdown | system-dump [maintenance-mode | msm-failover | reboot | shutdown]]] Description Configures a recovery option for instances where an exception occurs in ExtremeWare. Syntax Description none Configures the level to no recovery.
Page 657
configure sys-recovery-level For ExtremeWare 6.2.2 or later, if is specified on a BlackDiamond switch and there is a msm-failover software exception on the master MSM, the interrupt handler triggers the slave MSM to take over control of the switch. Example The following command configures a switch to reboot after a critical task exception occurs: configure sys-recovery-level critical reboot The following command configures the Master MSM to failover to the Slave MSM if a software...
Commands for Status Monitoring and Statistics configure syslog add configure syslog {add} <host name/ip> {: <udp-port>} [local0 ... local7] {<severity>} Description Configures the remote syslog server host address, and filters messages to be sent to the remote syslog target. Syntax Description host name/ip Specifies the remote syslog server host name or IP address.
Page 659
configure syslog add configure syslog 123.45.67.78 local1 critical History This command was first available in ExtremeWare 2.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics configure syslog delete configure syslog delete <host name/ip> {: <udp-port>} [local0 ... local7] Description Deletes a remote syslog server address. Syntax Description host name/ip Specifies the remote syslog server host name or IP address. udp-port Specifies the UDP port number for the syslog target.
configure transceiver-test failure-action configure transceiver-test failure-action configure transceiver-test failure-action [log | sys-health-check] Description Configures the action the switch takes if too many failures are detected within the specified window. Syntax Description Specifies that messages are sent to the syslog. sys-health-check Specifies the configured system health check action is taken.
Page 662
Commands for Status Monitoring and Statistics This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on modular switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
Use this feature when the switch can be brought off-line. Configuring the transceiver test period to 11 seconds or less can affect system performance; therefore, Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks.
3 errors. Usage Guidelines Use this feature when the switch can be brought off-line. Extreme Networks does not recommend changing the default transceiver test threshold parameter. The default parameter is adequate for most networks. Example The following command configures the switch to accept 4 errors before an action is taken:...
Extreme Networks does not recommend changing the default transceiver test window parameter. The default parameter is adequate for most networks. Example The following command configures the switch to check for errors within the last seven 20-second...
Commands for Status Monitoring and Statistics create log filter create log filter <name> {copy <filter name>} Description Create a log filter with the specified name. Syntax Description name Specifies the name of the filter to create. copy Specifies that the new filter is to be copied from an existing one. filter name Specifies the existing filter to copy.
delete log filter delete log filter delete log filter [<filter name> | all] Description Delete a log filter with the specified name. Syntax Description filter name Specifies the filter to delete. Specifies that all filters, except DefaultFilter, are to be deleted Default N/A.
Commands for Status Monitoring and Statistics disable cli-config-logging disable cli-config-logging Description Disables the logging of CLI configuration commands to the switch Syslog. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines command discontinues the recording of all switch configuration disable cli-config-logging changes and their sources that are made using the CLI via Telnet or the local console.
disable flowstats disable flowstats disable flowstats Description Disables the flow statistics feature on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When this feature is disabled, no flow records are exported. Example The following command disables the NetFlow statistics feature on this switch: disable flowstats History This command was first available in ExtremeWare 6.2.
Commands for Status Monitoring and Statistics disable flowstats filter ports disable flowstats filter <filter#> ports <portlist> {ingress | egress} Description Disables a specified flow record filter for the specified ports. Syntax Description filter# Specifies the flow record filter that should be disabled. portlist Specifies a list of ports or slots and ports for which the filter should be disabled.
Page 671
disable flowstats filter ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics disable flowstats ping-check disable flowstats ping-check {<group#> | all} Description Disables the flow statistics ping-check function for a specified group of collector devices. Syntax Description group# Specifies the export group for which the ping-check function should be disabled.
disable flowstats ports disable flowstats ports disable flowstats ports <portlist> Description Disables the flow statistics function on the specified ports. Syntax Description portlist Specifies a list of ports or slots and ports for which the flowstats function should be disabled. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
Commands for Status Monitoring and Statistics disable log debug-mode disable log debug-mode Description Disables debug mode. The switch stops logging events of severity debug-summary, debug-verbose, and debug-data. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command disables debug mode.
disable log display disable log display disable log display Description Disables the sending of messages to the console display. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines If the log display is disabled, log information is no longer written to the serial console. This command setting is saved to FLASH and determines the initial setting of the console display at boot up.
Commands for Status Monitoring and Statistics disable rmon disable rmon Description Disables the collection of RMON statistics on the switch. Syntax Description This command has no arguments or variables. Default By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON queries and sets for alarms and events.
disable sflow disable sflow disable sflow Description Globally disables sFlow statistical packet sampling. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command disables sFlow globally on the switch. This command will not disable sFlow if it is enabled on any ports.
Commands for Status Monitoring and Statistics disable sflow backoff-threshold disable sflow backoff-threshold Description Disables the sFlow backoff-threshold feature, which limits the maximum number of packets sent to the sFlow collector per second. Syntax Description This command has no arguments or variables. Default Disabled.
disable sflow ports disable sflow ports disable sflow ports <portlist> Description Disables sFlow statistical packet sampling on a particular list of ports. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Commands for Status Monitoring and Statistics disable sys-health-check disable sys-health-check Description Disables the BlackDiamond system health checker. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines If the system health checker is disabled, it does not test I/O modules, MSM modules, and the backplane for system faults.
disable syslog disable syslog disable syslog Description Disables logging to all remote syslog server targets. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Disables logging to all remote syslog server targets, not to the switch targets. This setting is saved in FLASH, and will be in effect upon boot up.
Commands for Status Monitoring and Statistics disable temperature-logging disable temperature-logging Description Stops recording the system temperature in celsius for the BlackDiamond and Alpine systems to the syslog. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Use this command to stop recording the system temperature to the syslog.
disable transceiver-test disable transceiver-test disable transceiver-test [all | slot <slot number> {backplane} | msm-a | msm-b] Description Disable the integrity testing of the transceivers used for communication between the ASICs and the CPU on an MSM or an SMMi module. Syntax Description Specifies all of the slots in the chassis.
Page 686
Commands for Status Monitoring and Statistics For ExtremeWare 6.2.2b108: The default for the transceiver test is enabled. The test is enabled two minutes after the switch boots or immediately after you enable the test. For ExtremeWare 6.2.2b134 and ExtremeWare 7.1.0: The default for the transceiver test is disabled.
enable cli-config-logging enable cli-config-logging enable cli-config-logging Description Enables the logging of CLI configuration commands to the Syslog for auditing purposes. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines ExtremeWare allows you to record all configuration changes and their sources that are made using the CLI by way of Telnet or the local console.
Commands for Status Monitoring and Statistics enable flowstats enable flowstats Description Enables the flow statistics feature on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command enables NetFlow statistics feature on this switch: enable flowstats History This command was first available in ExtremeWare 6.2.
enable flowstats filter ports enable flowstats filter ports enable flowstats filter <filter#> ports <portlist> {ingress | egress} Description Enables a specified flow record filter for the specified ports. Syntax Description filter# Specifies the flow record filter that should be enabled. portlist Specifies the ports or slots and ports for which the filter should be enabled.
Commands for Status Monitoring and Statistics enable flowstats ping-check enable flowstats ping-check {<group#>} Description Enables the flow statistics ping-check function for a specified group of collector devices. Syntax Description group# Specifies the export group for which the ping-check function should be enabled.
enable flowstats ports enable flowstats ports enable flowstats ports <portlist> Description Enables the flow statistics function on the specified ports. Syntax Description portlist Specifies a list of ports or slots and ports for which the flowstats function should be enabled. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Disabled.
Commands for Status Monitoring and Statistics enable log debug-mode enable log debug-mode Description Enables debug mode. The switch allows debug events included in log filters to be logged. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command enables debug mode.
enable log display enable log display enable log display Description Enables a running real-time display of log messages on the console display. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines If you enable the log display on a terminal connected to the console port, your settings will remain in effect even after your console session is ended (unless you explicitly disable the log display).
Commands for Status Monitoring and Statistics enable rmon enable rmon Description Enables the collection of RMON statistics on the switch. Syntax Description This command has no arguments or variables. Default By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON queries and sets for alarms and events.
Page 697
enable rmon To view the status of RMON polling on the switch, use the command. The show management show command displays information about the switch including the enable/disable state for management RMON polling. Example The following command enables the collection of RMON statistics on the switch: enable rmon History This command was first available in ExtremeWare 4.1.
Commands for Status Monitoring and Statistics enable sflow enable sflow Description Globally enables sFlow statistical packet sampling. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command enables sFlow globally on the switch. Sflow must be enabled globally before a “per data source”...
enable sflow backoff-threshold enable sflow backoff-threshold enable sflow backoff-threshold Description Enables the sFlow backoff-threshold feature, limiting the maximum number of packets sent to the sFlow collector per second. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command enables the backoff threshold feature, which is used to limit the number of packets sent to the sFlow collector in a second.
Commands for Status Monitoring and Statistics enable sflow ports enable sflow ports <portlist> Description Enables sFlow statistical packet sampling on one or more ports. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
enable sys-health-check enable sys-health-check enable sys-health-check Description Enables the BlackDiamond system health checker. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The system health checker tests I/O modules, MSM modules, and the backplane by forwarding packets every 4 seconds.
Page 702
Commands for Status Monitoring and Statistics Platform Availability This command is available on BlackDiamond switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
enable syslog enable syslog enable syslog Description Enables logging to all remote syslog host targets. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines In order to enable remote logging, you must do the following: • Configure the syslog host to accept and log messages. •...
Commands for Status Monitoring and Statistics enable temperature-logging enable temperature-logging Description Records the system temperature in celsius for the BlackDiamond and Alpine systems to the syslog. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When you enable temperature logging, the temperature is recorded every hour. To view the temperature of the system, use the command.
Page 705
enable temperature-logging The command was supported and the syntax changed from in ExtremeWare enable log temperature 7.1.0. Platform Availability This command is available on modular switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics enable transceiver-test enable transceiver-test [all | slot <slot number> {backplane} | msm-a | msm-b] Description Enables an integrity test of the transceivers used for communication between the ASICs and the CPU on an MSM or an SMMi module. Syntax Description Specifies all of the slots in the chassis.
Page 707
enable transceiver-test For ExtremeWare 6.2.2b108: The default for the transceiver test is enabled. The test is enabled two minutes after the switch boots or immediately after you enable the test. For ExtremeWare 6.2.2b134 and ExtremeWare 7.1.0: The default for the transceiver test is disabled. If you load your saved ExtremeWare 6.2.2b108 configurations onto a switch with ExtremeWare 6.2.2b134 or ExtremeWare 7.1.0 or later, the transceiver test is enabled.
Commands for Status Monitoring and Statistics show flowstats show flowstats {<portlist> | export {<group#>}} Description Displays status information for the flow statistics function. Syntax Description portlist Use this optional parameter to specify one or more ports or slots and ports for which status information is to be displayed.
Page 709
show flowstats Example command with no options, for a switch with NetFlow statistics enabled on ports show flowstats 1, 40, and 43, displays output similar to the following: Summit48i: show flowstats Flowstats enabled Port Filter proto timeout group OverflowPkts flags -------------------------------------------------------------------------------------- ------- DestIP:...
Commands for Status Monitoring and Statistics show flowstats export show flowstats export [ detail |{<group number> detail} ] Description Displays configuration information an export group. Syntax Description group number Specifies a group number for which configuration information should be displayed. Default N/A.
show flowstats show flowstats show flowstats <portlist> Description Displays status information for the flow statistics function. Syntax Description portlist Specifies a list of ports or slots and ports for which flow statistics should be displayed. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
Page 712
Commands for Status Monitoring and Statistics History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show log show log show log {messages [memory-buffer | nvram]} {severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]} {ending [date <date> time <time> | date <date> | time <time>]} {match <match-expression>} {format <format>} {chronological} Description Displays the current log messages.
Page 714
Commands for Status Monitoring and Statistics • Severity Level—indicates the urgency of a condition reported in the log. Table 15 describes the severity levels assigned to events. • Component, Subcomponent, and Condition Name—describes the subsystem in the software that generates the event. This provides a good indication of where a fault might lie. •...
Page 715
show log • Debug-Data—Data The three severity levels for extended debugging, , and debug-summary debug-verbose debug-data require that debug mode be enabled (which may cause a performance degradation). See the command on page 692. enable log debug-mode Table 15: Severity Levels Assigned by the Switch Level Description Critical...
Page 716
Commands for Status Monitoring and Statistics The following command displays messages with warning, error, or critical severity: show log warning The following command displays messages containing the string “slot 2”: show log match "slot 2" History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 6.2.2 to include the option.
show log components show log components show log components {<event component> | all} Description Display the name, description and default severity for all components. Syntax Description event component Specifies component to display. Displays all components. Default N/A. Usage Guidelines This command displays the name, description, and default severity defined for the specified components and subcomponents.
Page 718
Commands for Status Monitoring and Statistics Tracking ESRP Tracking Error Forwarding Data Base Error IP FDB Error IPMC IP Multicast FDB Error Replacement FDB Replacement Error IGMP Internet Group Management Protocol Error Snooping IGMP Snooping Error AccessList IP Access List Error Forwarding IP Forwarding...
show log configuration show log configuration show log configuration Description Displays the log configuration for switch log settings, and for certain targets. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command displays the log configuration for all targets. The state of the target, enabled or disabled is displayed.
Page 720
Commands for Status Monitoring and Statistics The additional EMS information was added in ExtremeWare 7.1.0 Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show log configuration filter show log configuration filter show log configuration filter {<filter name>} Description Displays the log configuration for the specified filter. Syntax Description filter name Specifies the filter to display. Default If no options are specified, the command displays the configuration for all filters. Usage Guidelines This command displays the configuration for filters.
Page 722
Commands for Status Monitoring and Statistics The third item includes the remaining events from the STP component. The severity value is show as “-”, indicating that the component’s default severity threshold controls which messages are passed. History This command was first available in ExtremeWare 7.1.0 Platform Availability This command is available on all platforms.
show log configuration target show log configuration target show log configuration target {console-display | memory-buffer | nvram | session | syslog <host name/ip> {: <udp-port>}[local0 ... local7]} Description Displays the log configuration for the specified target. Syntax Description console-display Show the log configuration for the console display. memory-buffer Show the log configuration for volatile memory.
Commands for Status Monitoring and Statistics show log counters show log counters {<event condition> | [all | <event component>] {severity <severity> {only}}} Description Displays the incident counters for events. Syntax Description event condition Specifies the event condition to display. Specifies that all events are to be displayed. event component Specifies that all the events associated with a particular component or subcomponent should be displayed.
Page 725
show log counters The output produced by the above command is similar to the following: Comp SubComp Condition Severity Rf Notified Occurred ------- ----------- ----------------------- ------------- -- -------- -------- InBPDU PDUDrop Error PDUIgn Debug-Summary PDUTrace Info The following command displays the event counters for the event condition PDUDrop in the component STP.InBPDU: show log counters "STP.InBPDU.PDUDrop"...
Commands for Status Monitoring and Statistics show log events show log events {<event condition> | [all | <event component>] {severity <severity> {only}}} {detail} Description Displays information about the individual events (conditions) that can be logged. Syntax Description event condition Specifies the event condition to display. Specifies that all events are to be displayed.
Page 727
show log events Comp SubComp Condition Severity Parameters ------- ----------- ----------------------- ------------- ---------- InBPDU PDUDrop Error PDUIgn Debug-Summary PDUTrace Info The following command displays the details of the event condition PDUTrace in the component STP.InBPDU: show log events stp.inbpdu.pdutrace detail The output produced by the above command is similar to the following: Comp SubComp...
Commands for Status Monitoring and Statistics show memory show memory {detail} Description Displays the current system memory information. Syntax Description detail Specifies task-specific memory usage. Default N/A. Usage Guidelines Your BlackDiamond or Summit switch must have 32MB of DRAM to support the features in ExtremeWare version 4.0 and above.
Page 729
show memory History This command was first available in ExtremeWare 2.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics show packet-mem-scan-recovery-mode show packet-mem-scan-recovery-mode Description Displays the recovery mode setting for slot’s that have packet memory scanning enabled. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the following information: show packet-mem-scan-recovery-mode •...
Default N/A. Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can capture corrupted packet data to help in troubleshooting problems using the following command: show packet miscompare <slot number> {verbose}...
Commands for Status Monitoring and Statistics show ports rxerrors show ports {mgmt | <portlist>} rxerrors Description Displays real-time receive error statistics. For PoS modules, displays the information for the PoS ports. Only a subset of the statistics rxerror displayed by this command are applicable to PoS ports. The fields that do not apply to PoS ports are displayed with values of all zeroes.
Page 733
show ports rxerrors • Receive Jabber Frames (RX Jabber)—The total number of frames received by the port that was of greater than the support maximum length and had a Cyclic Redundancy Check (CRC) error. • Receive Alignment Errors (RX Align)—The total number of frames received by the port that occurs if a frame has a CRC error and does not contain an integral number of octets.
Commands for Status Monitoring and Statistics show ports stats show ports {mgmt | <portlist>} stats {cable-diagnostics} Description Displays real-time port statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 735
show ports stats • Received Broadcast (RX Bcast)—The total number of frames received by the port that are addressed to a broadcast address. • Received Multicast (RX Mcast)—The total number of frames received by the port that are addressed to a multicast address. For version 2.0 and 4.0 •...
Page 736
Commands for Status Monitoring and Statistics History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was modified in Extreme 4.1 to discontinue support for the chassis link status indicator. This command was modified in ExtremeWare 7.3.0 to include the keyword.
show ports txerrors show ports txerrors show ports {mgmt | <portlist>} txerrors Description Displays real-time transmit error statistics. For PoS modules, displays the information for the PoS ports. txerror Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port.
Page 738
Commands for Status Monitoring and Statistics • Transmit Lost Frames (TX Lost)—The total number of frames transmitted by the port that were lost. • Transmit Parity Frames (TX Parity)—The bit summation has a parity mismatch. For version 2.0 and 4.0 •...
show sflow configuration show sflow configuration show sflow configuration Description Displays the current sFlow configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command displays all sFlow configuration information for the switch. The following fields are displayed: •...
Page 740
Commands for Status Monitoring and Statistics Collectors Collector IP 10.201.6.250, Port 6343 Collector IP 123.124.125.111 port 6344 SFLOW Port Configuration Port Status enabled 3:10 enabled 3:11 enabled 3:12 enabled 5:33 enabled 5:34 enabled 5:35 enabled 5:36 enabled History This command was first available in an ExtremeWare 7.3.0. Platform Availability This command is available on all available platforms.
show sflow statistics show sflow statistics show sflow statistics Description Displays sFlow statistics. Syntax Description This command has no arguments or variables Default N/A. Usage Guidelines This command displays sFlow statistics collected on all enabled ports. (No per port status is displayed.) The following fields are displayed: •...
Page 742
Commands for Status Monitoring and Statistics History This command was first available in an ExtremeWare 7.3.0. Platform Availability This command is available on all available platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show version show version show version {detail} Description Displays the hardware serial numbers and versions, and software versions currently running on the switch, and (if applicable) the modules. Syntax Description detail Specifies display of slot board name and chassis or platform name. Default N/A.
Page 744
Commands for Status Monitoring and Statistics Example The following command displays the hardware and software versions currently running on the switch: show version On a stackable switch, this command produces output similar to the following: System Serial Number: 800078-11-0035M02442 CPU Serial Number: 700027-11 0034M-01445 CPLD Rev 04 Daughtercard Serial Number: 703015-02 0029M-02701 CPLD Rev ÿ...
Page 745
show version Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Commands for Status Monitoring and Statistics unconfigure flowstats filter ports unconfigure flowstats filter <filter#> ports <portlist> Description Removes the filter specification for the specified ports. Syntax Description filter# Specifies the filter specification that should be removed. portlist Specifies a set of ports or slots and ports from which the filter specification is removed.
unconfigure flowstats ports unconfigure flowstats ports unconfigure flowstats ports [<portlist> | all] Description Resets the flow statistics configuration parameters for the specified ports to their default values. Syntax Description portlist Specifies a set of ports or slots and ports that should be reset. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Commands for Status Monitoring and Statistics unconfigure log filter unconfigure log filter <filter name> Description Resets the log filter to its default values; removes all filter items. Syntax Description filter name Specifies the log filter to unconfigure. Default N/A. Usage Guidelines If the filter name specified is DefaultFilter, this command restores the configuration of DefaultFilter back to its original settings.
unconfigure log target format unconfigure log target format unconfigure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] format Description Resets the log target format to its default values. Syntax Description console-display Specifies the console display format.
Page 750
Commands for Status Monitoring and Statistics • severity—on • event-name—none • host-name—off • priority—on • tag-id—off • tag-name—on • sequence-number—off • process-name—off • process-id—off • source-function—off • source-line—off Usage Guidelines Use this command to reset the target format to the default format. Example The following command sets the log format for the target (the current session) to the default:...
unconfigure packet-mem-scan-recovery-mode unconfigure packet-mem-scan-recovery-mode unconfigure packet-mem-scan-recovery-mode slot [msm-a | msm-b | <slot number>] Description Disables packet memory scanning and the recovery mode on a BlackDiamond module, and returns the system to the configured system health check behavior. Syntax Description msm-a Specifies the MSM module installed in slot A.
Commands for Status Monitoring and Statistics unconfigure sflow agent unconfigure sflow agent Description Resets the sFlow agent IP address to the default value. Syntax Description This command has no arguments or variables. Default The default IP address is 0.0.0.0. Usage Guidelines This command resets the sFlow agent IP address to its default value.
unconfigure sflow backoff-threshold unconfigure sflow backoff-threshold unconfigure sflow backoff-threshold Description Removes the configured value of the sFlow backoff threshold and resets it to 0 (zero). Syntax Description The command has no arguments or variables. Default The default backoff threshold rate is 0 packets per second. Usage Guidelines This command removes the configured sFlow backoff threshold value and resets it to 0 (zero).
Commands for Status Monitoring and Statistics unconfigure sflow collector unconfigure sflow collector [<ip-address> | all] Description Removes the IP addresses of a selected sFlow collector so that sampled flows are no longer sent to that collector. Syntax Description ip-address Specifies the IP address of configured collector to reset. Specifies the IP addresses of all configured collectors to reset.
unconfigure transceiver-test failure-action unconfigure transceiver-test failure-action unconfigure transceiver-test failure-action Description Returns the switch to its default of sending transceiver test messages to the syslog if too many failures are detected within the specified window. Syntax Description The command has no arguments or variables. Default N/A.
Use this feature when the switch can be brought off-line. Configuring the transceiver test period to 11 seconds or less can affect system performance; therefore, Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks.
N/A. Usage Guidelines Use this feature when the switch can be brought off-line. Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks. Example The following command returns the transceiver test threshold to 3 errors:...
This configuration provides a sliding window. When you return to the default window, the switch checks for errors within the last eight 20-second windows. Extreme Networks does not recommend changing the default transceiver test window. The default is adequate for most networks.
upload log upload log upload log <host name/ip> <filename> {messages [memory-buffer | nvram]} {severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]} {ending [date <date> time <time> | date <date> | time <time>]} {match <match-expression>} {format <format>} {chronological} Description Uploads the current log messages to a TFTP server.
Page 760
Commands for Status Monitoring and Statistics most of the options of this command, see the command on page 713, and for the show log format option see the command on page 633. configure log target format Example The following command uploads messages with a critical severity to the filename switch4critical.log on TFTP server at 10.31.8.25: upload log 10.31.8.25 switch4critical.log critical The following command uploads messages with warning, error, or critical severity to the filename...
Security Commands This chapter describes: • Commands for creating and configuring routing access policies • Commands for creating and configuring IP access lists • Commands for creating and configuring route maps • Commands for managing the switch using SSH2 • Commands related to switch user authentication through a RADIUS client •...
Security Commands 3 Add entries to the access profile. 4 Apply the access profile. Route maps are used to modify or filter routes redistributed between two routing domains. They are also used to modify or filter the routing information exchanged between the domains. To use route maps, follow these steps: 1 Create a route map.
Denial of Service • Campus mode, used when a port in a VLAN will move to another VLAN when authentication has been completed successfully. This mode is for the roaming user who will not always be using the same port for authentication. Campus mode requires a DHCP server and a RADIUS server configured for Extreme Network Login.
Security Commands clear netlogin state clear netlogin state port <portlist> vlan <vlan name> Description Clears and initializes the Network Login sessions on a VLAN port. Syntax Description portlist Specifies the ports to clear. vlan name Specifies a VLAN to clear. Default None.
clear netlogin state mac-address clear netlogin state mac-address clear netlogin state mac-address <hex-octet> Description Initialize/Reset the Network Login sessions for a specified supplicant. Syntax Description hex-octet Specifies the MAC address of the supplicant. Default N/A. Usage Guidelines This command is essentially equivalent to a particular supplicant logging out. The MAC address will be cleared from the FDB, the port is put back to its original VLAN (for Campus mode), and the port state is set to unauthenticated, if this was the last authenticated MAC on this port.
Page 767
configure access-profile add Usage Guidelines You can specify the sequence number for each access profile entry. If you do not specify a sequence number, entries are sequenced in the order they are added. Each entry is assigned a value of 5 more than the sequence number of the last entry.
Page 768
Security Commands History This form of the command was available in ExtremeWare 6.1. Support for IPX NetID and IPX SAP matching was first available in ExtremeWare 6.2. A limited version of this command was first available in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
configure access-profile delete configure access-profile delete configure access-profile <access profile> delete <seq_number> Description Deletes an access profile entry using the sequence number. Syntax Description access profile Specifies an access profile name. seq-number Specifies the order of the entry within the access profile. If no sequence number is specified, the new entry is added to the end of the access-profile and is automatically assigned a value of 5 more than the sequence number of the last entry.
configure auth mgmt-access radius configure auth mgmt-access radius configure auth mgmt-access radius primary <ipaddress> [secondary <ipaddress>] Description Configures authentication of management sessions for RADIUS servers. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The RADIUS server must be configured before this command is used.
Security Commands configure auth mgmt-access radius-accounting configure auth mgmt-access radius-accounting primary <ipaddress> [secondary <ipaddress>] Description Configures RADIUS accounting servers for accounting management sessions. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The RADIUS server must be configured before this command is used.
configure auth mgmt-access tacacs configure auth mgmt-access tacacs configure auth mgmt-access tacacs primary <ipaddress> [secondary <ipaddress>] Description Configures authentication of management sessions for TACACS servers. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The TACACS server must be configured before this command is used.
Security Commands configure auth mgmt-access tacacs-accounting configure auth mgmt-access tacacs-accounting primary <ipaddress> [secondary <ipaddress>] Description Configures TACACS accounting servers for accounting management sessions. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The TACACS server must be configured before this command is used.
configure auth netlogin radius configure auth netlogin radius configure auth netlogin radius primary <ipaddress> [secondary <ipaddress>] Description Configures authentication of netlogin sessions through RADIUS servers. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A. Usage Guidelines This command will fail if the given primary and secondary RADIUS servers are not configured.
Security Commands configure auth netlogin radius-accounting configure auth netlogin radius-accounting primary <ipaddress> [secondary <ipaddress>] Description Configure the use of RADIUS accounting servers for netlogin session accounting. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A.
configure auth netlogin tacacs configure auth netlogin tacacs configure auth netlogin tacacs primary <ipaddres> [secondary <ipaddress>] Description Configures authentication of netlogin sessions through TACACS servers. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A. Usage Guidelines This command will fail if the given primary and secondary TACACS servers are not configured.
Security Commands configure auth netlogin tacacs-accounting configure auth netlogin tacacs-accounting primary <ipaddress> [secondary <ipaddress>] Description Configure the use of TACACS accounting servers for netlogin session accounting. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A.
• filter-precedence—10 • filter-type-allowed—destination Usage Guidelines This command configures denial of service protection for Extreme Networks switches. When heavy traffic reaches the alert threshold, a hardware ACL is created that blocks the traffic for the timeout number of seconds. NOTE If you set the filter-precedence to 0, the ACLs created by DoS protection will be overwritten by the default VLAN QoS profile.
Page 780
Security Commands Example The following command configures denial of service protection to be invoked when 3000 or more packets per second are received by a port on the switch. This command configures logging to occur when the number of packets per second that the switch receives is 2000, the timeout is 15 seconds, and messages are on: configure cpu-dos-protect alert-threshold 3000 notice-threshold 2000 timeout 15 messages on filter-precedence 10...
configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports [add <port number> | delete <port number> | all | none] Description Configures ports as trusted, so that denial of service protection is not applied to port. Syntax Description port number Specifies a port.
Security Commands configure enhanced-dos-protect ipfdb agingtime configure enhanced-dos-protect ipfdb agingtime <aging> ports <portlist> Description Configures the aging time on untrusted ports for enhanced denial of service protection. Syntax Description aging Specifies the number of seconds for the aging time per port. The aging value is the software cache timeout: the duration of time to be considered to reach the threshold.
configure enhanced-dos-protect ipfdb cache-size configure enhanced-dos-protect ipfdb cache-size configure enhanced-dos-protect ipfdb cache-size <cache-size> Description Configures the cache size on untrusted ports for enhanced denial of service protection. Syntax Description cache-size Specifies the cache size limit in kilobytes. The default value is 256. The maximum value is 256000.
Security Commands configure enhanced-dos-protect ipfdb learn-limit configure enhanced-dos-protect ipfdb learn-limit <learn-limit> ports <portlist> Description Configures the learning limit on untrusted ports for enhanced denial of service protection. Syntax Description learn-limit Specifies the number of packets allowed on the selected ports within the learning window before the rate limit is applied;...
configure enhanced-dos-protect ipfdb learn-window configure enhanced-dos-protect ipfdb learn-window configure enhanced-dos-protect ipfdb learn-window <learn-window> ports <portlist> Description Configures the learning window on untrusted ports for the enhanced denial of service protection IPFDB learning qualifier. Syntax Description learn-window Specifies the number of seconds for the learning window per port. This value is the duration of time to be considered to reach the threshold.
Security Commands configure enhanced-dos-protect ports configure enhanced-dos-protect ports [trusted | untrusted] <portlist> Description Configures ports as trusted, so that enhanced denial of service protection is not applied to the ports; or configures ports as untrusted, so that enhanced denial of service protection is applied to the ports. Syntax Description trusted Specifies the selected ports as trusted, so that enhanced denial of service is...
configure enhanced-dos-protect rate-limit configure enhanced-dos-protect rate-limit configure enhanced-dos-protect rate-limit [threshold <threshold> | drop-probability <drop-probability> | learn-window <learn-window> | protocol [all | icmp]] ports <portlist> Description Configures rate limiting for enhanced denial of service protection. Syntax Description threshold Specifies the number of packets allowed on a given port within the learning window before the rate limit is applied.
Page 788
Security Commands The following command sets the rate limiting protocol to all packet types on ports 1 through 3: configure enhanced-dos-protect rate-limit protocol all ports 1-3 History This command was first available in ExtremeWare 7.3.0 Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure ip-subnet-lookup maskbits configure ip-subnet-lookup maskbits configure ip-subnet-lookup maskbits <length> Description This command changes length of IPDA SUBNET lookup mask. Syntax Description length Specifies the number of maskbits for the IPDA subnet lookup mask. Default N/A. Usage Guidelines For a new setting to be effective, system rebooting is needed. Example The following example changes the length of the IPDA subnet lookup mask to 18 bits: configure ip-subnet-lookup maskbits 18...
Security Commands configure netlogin base-url configure netlogin base-url <url> Description Configures the base URL for Network Login. Syntax Description Specifies the base URL for Network Login. Default The base URL default value is “network-access.net”. Usage Guidelines When you login using a web browser, you are redirected to the specified base URL, which is the DNS name for the switch.
configure netlogin redirect-page configure netlogin redirect-page configure netlogin redirect-page <url> Description Configures the redirect URL for Network Login. Syntax Description Specifies the redirect URL for Network Login. Default The redirect URL default value is “http://www.extremenetworks.com”. Usage Guidelines In ISP mode, you can configure netlogin to be redirected to a base page after successful login using this command.
Security Commands configure radius server configure radius [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port> <L4 port no>} client-ip [<ipaddress>] Description Configures the primary and secondary RADIUS authentication server. Syntax Description primary Configures the primary RADIUS authentication server. secondary Configures the secondary RADIUS authentication server. ipaddress Specifies the IP address of the server being configured.
configure radius shared-secret configure radius shared-secret configure radius [primary | secondary] shared-secret {encrypted} [<string>] Description Configures the authentication string used to communicate with the RADIUS authentication server. Syntax Description primary Configures the authentication string for the primary RADIUS server. secondary Configures the authentication string for the secondary RADIUS server.
Security Commands configure radius timeout configure radius timeout <seconds> Description Configures the timeout interval for RADIUS authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for RADIUS authentication requests.
configure radius server timeout configure radius server timeout configure radius (primary|secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for RADIUS authentication requests for the primary and secondary servers. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Security Commands configure radius-accounting server configure radius-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip [<ipaddress>] Description Configures the RADIUS accounting server. Syntax Description primary Configure the primary RADIUS accounting server. secondary Configure the secondary RADIUS accounting server. ipaddress The IP address of the accounting server being configured.
configure radius-accounting shared-secret configure radius-accounting shared-secret configure radius-accounting [primary | secondary] shared-secret {encrypted} [<string>] Description Configures the authentication string used to communicate with the RADIUS accounting server. Syntax Description primary Configures the authentication string for the primary RADIUS accounting server. secondary Configures the authentication string for the secondary RADIUS accounting server.
Security Commands configure radius-accounting timeout configure radius-accounting timeout <seconds> Description Configures the timeout interval for RADIUS-Accounting authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for RADIUS-Accounting authentication requests.
configure radius-accounting server timeout configure radius-accounting server timeout configure radius-accounting (primary|secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for RADIUS-Accounting authentication requests for the primary and secondary servers. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Security Commands configure route-map add configure route-map <route-map> add <seq_number> [permit | deny] {match-one | match-all} {set lpm-routing | set iphost-routing} Description Adds an entry in the route map with the specified sequence number and action. Syntax Description route-map The name of the route map to which this entry should be added. seq-number Specifies a sequence number that uniquely identifies the entry, and determines the position of the entry in the route map.
Page 801
configure route-map add The following command adds an entry to the route-map named bgp-out that will be evaluated after the previous entry, and that permits all matching routes: configure route-map bgp-out add 20 permit History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms.
Security Commands configure route-map add goto configure route-map <route_map> <seq_number> add goto <new_route_map> Description Configures a route map statement to transfer evaluation to another route map. goto Syntax Description route-map The name of the route map to which this statement should be added. seq-number Specifies the sequence number of the entry in the route map to which this statement should be added.
configure route-map add match configure route-map add match configure route-map <route-map> <seq_number> add match [nlri-list <access profile> | as-path [access-profile <access profile> | <as_number>] | community [access-profile <access profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | next-hop <ip address>...
Page 804
Security Commands Usage Guidelines A match operation specifies a criteria that must be matched in order for the route to be successful. If there are multiple statements in a route table entry, match statements are evaluated before set or goto statements.
configure route-map add set configure route-map add set configure route-map <route-map> <seq_number> add set [as-path <as_number> | community [[access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | remove | [add | delete] [access-profile <access-profile> | <as no> : <number> | number <community>...
Page 806
Security Commands remove Removes the MED attribute, if present. add | delete <med_number> Adds or deletes the specified value to or from the MED that is received. The final result is bound by 0 and 2147483647. local-preference <number> Sets the local preference in the path attribute to the specified local preference number.
configure route-map delete configure route-map delete configure route-map <route_map> delete <seq_number> Description Deletes an entry from the route map. Syntax Description route-map The name of the route map to which this entry should be added. seq-number Specifies a sequence number that uniquely identifies the entry, and determines the position of the entry in the route map.
Security Commands configure route-map delete goto configure route-map <route_map> <seq_number> delete goto <new_route_map> Description Deletes a route map statement. goto Syntax Description route-map The name of the route map from which this statement should be deleted. seq-number The sequence number of the entry in the route map from which this statement should be deleted.
configure route-map delete match configure route-map delete match configure route-map <route-map> <seq_number> delete match [nlri-list <access-profile> | as-path [access-profile <access-profile> | <as_number>] | community [access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | next-hop <ip address> | med <number> | tag <number> | origin [igp | egp | incomplete]] Description Deletes a route map...
Page 810
Security Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure route-map delete set configure route-map delete set configure route-map <route-map> <seq_number> delete set [as-path <as_number> | community [[access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | remove | [add | delete] [access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed]] | next-hop <ip address>...
Page 812
Security Commands origin [igp | egp | incomplete] Specifies the origin. tag <tag_number> Specifies the tag in the route to the specified number. accounting index Specifies the index number of an accounting index to be set. <index_number> value <value_number> Specifies a value for the accounting index. cost <number>...
configure security-profile default-user-vlan configure security-profile default-user-vlan configure security-profile <name> default-user-vlan <vlan> Description Configures the default data VLAN for wireless users. Syntax Description name Specifies the names of the security profile. vlan Specifies the name of the default VLAN for wireless users. Default Wireless management default VLAN.
Page 815
configure security-profile dot11-auth network-auth encryption Dot11 Authentication Network Authentication Encryption shared none Choices: • wep64 • wep128 shared web-based Choices: • wep64 • wep128 shared mac-radius Choices: • wep64 • wep128 Examples The following command sets the authentication and encryption: configure security-profile secure1 dot11-auth open network-auth wpa encryption aes History This command was first available in ExtremeWare 6.2a and added to the “i”...
Security Commands configure security-profile dot1x-wpa group-update-timer configure security-profile <name> dot1x-wpa group-update-timer <minutes> Description When the network-authentication is set to dot1x, WPA, or WPA-PSK, this command configures the interval when group keys for dot1x and WPA clients are updated. Syntax Description name Specifies the names of the security profile.
configure security-profile dot1x-wpa pairwise-update-timer configure security-profile dot1x-wpa pairwise-update-timer configure security-profile <name> dot1x-wpa pairwise-update-timer <minutes> Description When the network-authentication is set to dot1x, WPA, or WPA-PSK, this command configures the interval when pairwise keys for dot1x and WPA clients are updated. Syntax Description name Specifies the names of the security profile.
Security Commands configure security-profile dot1x-wpa reauth-period configure security-profile <name> dot1x-wpa reauth-period <seconds> Description When the network-authentication is set to dot1x or WPA, this command configures the interval when clients are re-authenticated. Syntax Description name Specifies the names of the security profile. seconds Specifies the interval in seconds.
configure security-profile ess-name configure security-profile ess-name configure security-profile <name> ess-name <ess_name> Description Sets the name of the wireless network for the 802.11 interface associated with the security profile. Syntax Description name Specifies the names of the security profile. ess_name Specifies the ESS name. Default N/A.
Security Commands configure security-profile ssid-in-beacon configure security-profile <name> ssid-in-beacon {on | off} Description Establishes whether the service set identifier (SSID) is advertised in the beacon frame. Syntax Description name Specifies the names of the security profile. Specifies that the beacon contains the SSID. Specifies that the beacon does not contain the SSID.
configure security-profile use-dynamic-vlan configure security-profile use-dynamic-vlan configure security-profile <name> use-dynamic-vlan {y | n} Description Determines whether the security profile uses the dynamic VLAN (VLAN pushed by the RADIUS server through a VSA (Vendor Specific Attribute)). Syntax Description name Specifies the names of the security profile. Specifies y for yes to use the dynamic VLAN.
Security Commands configure security-profile wep default-key-index configure security-profile <name> wep default-key-index <index> Description Sets the default key index for the security profile in case of static WEP encryption. Syntax Description name Specifies the names of the security profile. index Specifies the index of the WEP key. Valid ranges are 0-3 Default Zero (0).
configure security-profile wep key add configure security-profile wep key add configure security-profile <name> wep key add <index> [hex <hexoctet> | plaintext <string>] Description Adds the given WEP key at the specified index. Syntax Description name Specifies the names of the security profile. index Specifies the index.
Security Commands configure security-profile wep key delete configure security-profile <name> wep key delete <integer> Description Deletes the specified WEP key. Syntax Description name Specifies the names of the security profile. integer Specifies the numeric value identifying the WEP key. Default Zero (0).
Secure Copy Program (SCP) or the Secure File Transfer Protocol (SFTP). Before you can enable SSH2, you must first obtain a security license from Extreme Networks. After you receive the license, you must enable SSH2 and generate a host key. To enable SSH2, use the enable command.
Page 827
configure ssh2 Example The following command generates an authentication key for the SSH2 session: configure ssh2 key The command responds with the following messages: WARNING: Generating new server host key This will take approximately 10 minutes and cannot be canceled. Continue? (y/n) If you respond yes, the command prompts as follows: Enter some random characters.
Security Commands configure ssl certificate pregenerated configure ssl certificate pregenerated Description Obtains the pre-generated certificate from the user. Syntax Description This command has no parameters or variables. Default N/A. Usage Guidelines This command is also used when downloading/ uploading the configuration. The certificate information stored in the uploaded configuration file should not be modified, because it is signed using the issuer’s private key.
configure ssl certificate privkeylen country organization common-name configure ssl certificate privkeylen country organization common-name configure ssl certificate prikeylen <length> country <code> organization <org_name> common-name <name> Description Creates a self-signed certificate and private key that can be saved in NVRAM. Syntax Description length Specifies the private key length in bytes.
Page 830
Security Commands Platform Availability This command is available on Alpine 3800 series only. ExtremeWare Software 7.3.0 Command Reference Guide...
configure ssl privkey pregenerated configure ssl privkey pregenerated configure ssl privkey pregenerated Description Obtains the pre-generated private key from the user. Syntax Description This command has no parameters or variables. Default N/A. Usage Guidelines This command will also be used when downloading/uploading the configuration. The private key will be stored in the uploaded configuration file in an encrypted format using a hard coded passphrase.
Security Commands configure tacacs server configure tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<tcp_port> | <L4 port no>} client-ip <ipaddress> Description Configures the server information for a TACACS+ authentication server. Syntax Description primary Configures the primary TACACS+ server. secondary Configures the secondary TACACS+ server.
configure tacacs shared-secret configure tacacs shared-secret configure tacacs [primary | secondary] shared-secret {encrypted} <string> Description Configures the shared secret string used to communicate with the TACACS+ authentication server. Syntax Description primary Configures the authentication string for the primary TACACS+ server. secondary Configures the authentication string for the secondary TACACS+ server.
Security Commands configure tacacs timeout configure tacacs timeout <seconds> Description Configures the timeout interval for TACAS+ authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for TACACS+ authentication requests.
configure tacacs server timeout configure tacacs server timeout configure tacacs (primary |secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for TACAS+ authentication requests for the primary and secondary servers. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Security Commands configure tacacs-accounting server configure tacacs-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<tcp_port>} client-ip <ipaddress> Description Configures the TACACS+ accounting server. Syntax Description primary Configures the primary TACACS+ accounting server. secondary Configures the secondary TACACS+ accounting server. ipaddress Specifies the IP address of the TACACS+ server being configured.
Security Commands configure tacacs-accounting timeout configure tacacs-accounting timeout <seconds> Description Configures the timeout interval for TACACS+ accounting authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for TACACS+ accounting authentication requests.
configure tacacs-accounting server timeout configure tacacs-accounting server timeout configure tacacs-accounting (primary|secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for TACACS+ accounting authentication requests for the primary or secondary server. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Security Commands configure vlan access-profile configure vlan <vlan name> access-profile [<access profile> | none] Description Configures a BlackDiamond 6800 running ExtremeWare 4.1 to control the routing of traffic between VLANs. Syntax Description vlan name Specifies the name of an egress VLAN. access profile Specifies an access profile that contains a list of ingress VLANs.
configure vlan dhcp-address-range configure vlan dhcp-address-range configure vlan <vlan-name> dhcp-address-range <start-addr> - <end-addr> {<mask>} Description Configures a set of DHCP addresses for a VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be configured. start-addr Specifies the starting IP address in the configured range. end-addr Specifies the ending IP address in the configured range.
Page 842
Security Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure vlan dhcp-lease-timer configure vlan dhcp-lease-timer configure vlan <name> dhcp-lease-timer <lease-timer> Description Configures the timer value in seconds returned as part of the DHCP response. Syntax Description name Specifies the VLAN on whose ports netlogin should be disabled. lease-timer Specifies the timer value, in seconds. Default N/A.
Security Commands configure vlan dhcp-options configure vlan <vlan-name> dhcp-options [dhcp-gateway <gateway-addr> | dns-server <dns-server-ip> | wins-server <wins-server-ip>] {<start-addr>} Description Configures the DHCP options returned as part of the DHCP response by a switch configured as a DHCP server. Syntax Description vlan-name Specifies the name of the VLAN to be configured.
Page 845
configure vlan dhcp-options 40.0.0.40. Similarly, for the secondary subnet the DHCP address range is configured ranging from 50.0.0.5 - 50.0.0.40. To configure the DHCP gateway as 40.0.0.90 for the primary subnet, issue the following command: configure vlan test dhcp-options dhcp-gateway 40.0.0.90 To configure the DHCP gateway as 50.0.0.90 for the secondary subnet issue the following command: configure vlan test dhcp-options dhcp-gateway 50.0.0.90 50.0.0.5 NOTE...
Page 846
Security Commands NOTE You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command (50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If the last option is not specified, the command is applied for the primary subnet. History This command was first available in ExtremeWare 6.2.
configure vlan netlogin-lease-timer configure vlan netlogin-lease-timer configure vlan <vlan name> netlogin-lease-timer <seconds> Description Configures the timer value returned as part of the DHCP response for clients attached to Network Login-enabled ports. Syntax Description vlan name Specifies the VLAN to which this timer value applies. seconds Specifies the timer value, in seconds.
Security Commands create access-list icmp destination source create access-list <name> icmp destination [<dest_ipaddress>/<mask> | any] source [<src_ipaddress>/<source_mask> | any] type <icmp_type> code <icmp_code> [permit | deny] {<portlist>} {precedence <number>} Description Creates a named IP access list that applies to ICMP traffic. Syntax Description name Specifies the access list name.
Page 849
create access-list icmp destination source Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Security Commands create access-list ip destination source ports create access-list <name> ip destination [<dest_ipaddress>/<mask> | any] source [<src_ipaddress>/<src_mask> | any] [permit {<qosprofile>} | deny] ports [<portlist> | any] {precedence <prec_number>} Description Creates a named IP access list that applies to all IP traffic. Syntax Description name Specifies the access list name.
Page 851
create access-list ip destination source ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Security Commands create access-list tcp destination source ports create access-list <name> tcp destination [<dest_ipaddress>/<mask> | any] ip-port [<dst_port> | range <dst_port_min> <dst_port_max> | any] source [<src_ipaddress>/<src_mask> | any] ip-port [<src_port> | range <src_port_min> <src_port_max> | any] [permit <qosprofile> | permit-established | deny] ports [<portlist> | any] {precedence <precedence_num>} Description Creates a named IP access list that applies to TCP traffic.
Page 853
create access-list tcp destination source ports Usage Guidelines The access list is applied to all ingress packets. Example The following command defines an access-list rule named allow10_23 with precedence 30 that permits TCP port 23 traffic destined for other 10.x.x.x networks, and assigns QoS profile Qp4: create access-list allow10_23 tcp dest 10.0.0.0/8 ip-port 23 source any ip-port any permit qosprofile qp4 ports any precedence 30 History...
Page 855
create access-list udp destination source ports Example The following command defines an access-list rule named allow10_35 with precedence 70 that permits udp port 35 traffic destined for other 10.X.X.X networks, and assigns QoS profile Qp2: create access-list allow10_35 udp dest 10.0.0.0/8 ip-port 35 source any ip-port any permit qosprofile qp2 ports any precedence 70 History This command was first available in ExtremeWare 6.0, and replaced the...
Security Commands create access-profile create access-profile <access profile> type [ipaddress | ipx-node | ipx-net | ipx-sap | as-path | bgp-community | vlan] Description Creates an access profile. Syntax Description access profile Specifies an access profile name. ipaddress Specifies that the profile entries will be a list of IP address/mask pairs. ipx-node Specifies that the profile entries will be a list of IPX node addresses.
Page 857
create access-profile History This form of the command was available in ExtremeWare 6.1. Support for the IPX node, NetID and SAP advertisement types was added in ExtremeWare 6.2. A limited version of this command was first available in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
Security Commands create route-map create route-map <name> Description Creates a route map statement. Syntax Description name Specifies a route map name. Default N/A. Usage Guidelines Route maps are a mechanism that can be used to conditionally control the redistribution of routes between two routing domains, and to modify the routing information that is redistributed.
create security-profile create security-profile create security-profile <name> {copy <existing_profile>} Description Creates a new security profile. Syntax Description name Specifies the name of the security profile being created. existing_profile Specifies the name of an existing profile from which the system copies the initial values.
Security Commands create trusted-mac-address create trusted-mac-address {mac-addresss} <xx:yy:zz:aa:bb:cc> {mask <dd:ee:ff:gg:hh:kk>} vlan <vlan-name | all> {port <portlist>} {protocol[DHCP|ARP]} Description Configures a trusted MAC address. Syntax Description <xx:yy:zz:aa:bb:cc> Specifies a trusted MAC address. mask <dd:ee:ff:gg:hh:kk> Optionally specifies the mask. vlan-name Specifies the name of the VLAN to be configured. Specifies all VLANs.
Page 861
create trusted-mac-address Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Security Commands delete access-list delete access-list [<name> | all] Description Deletes an access list. Syntax Description name Specifies the name of the access list to be deleted. Specifies that all access lists should be deleted. Default N/A. Usage Guidelines None. Example The following command deletes access list allow102: delete access-list allow102...
delete access-profile delete access-profile delete access-profile <access profile> Description Deletes an access profile. Syntax Description access profile Specifies an access profile name. Default N/A. Usage Guidelines None. Example The following command deletes an access profile named nosales: delete access-profile nosales History This command was first available in ExtremeWare 4.0.
Security Commands delete route-map delete route-map <route map> Description Deletes a route map statement from the route map. Syntax Description route map Specifies a route map name. Default N/A. Usage Guidelines None. Example The following command deletes a route-map named bgp-out: delete route-map bgp-out History This command was first available in ExtremeWare 6.1.
delete security-profile delete security-profile delete security-profile <name> Description Deletes the named security profile. Syntax Description name Specifies the name of an existing RF profile to be deleted. Default N/A. Usage Guidelines Use this command to delete the named security profile. The named profile cannot be attached to any active ports.
Security Commands delete trusted-mac-address delete trusted-mac-address {mac-address} <xx:yy:zz:aa:bb:cc> {mask <dd:ee:ff:gg:hh:kk>} vlan <vlan-name | all> {port <portlist>} {protocol[DHCP|ARP]} Description Deletes a trusted MAC address. Syntax Description <xx:yy:zz:aa:bb:cc> Specifies a trusted MAC address. mask <dd:ee:ff:gg:hh:kk> Optionally specifies the mask. vlan-name Specifies the name of the VLAN to be configured. Specifies all VLANs.
disable access-list disable access-list disable access-list <name> [counter | log] Description Disables message logging or the collection of access-list statistics. Syntax Description name Specifies the name of the access list. counter Specifies that access-list statistics collection should be disable. Specifies that message logging to the Syslog facility for each packet that matches the access-list description should be disabled.
Security Commands disable arp-learning disable arp-learning Description Disables the ARP-learning feature on the switch. Syntax Description This command has no arguments or variables. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A. History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
disable arp-learning ports disable arp-learning ports disable arp-learning ports <portlist> Description Disables the ARP-learning feature on a port or ports. Syntax Description portlist Specifies the ingress port(s) on which this rule is applied. any specifies that the rule will be applied to all ports. Default By default, arp-learning is enabled.
Security Commands disable arp-learning vlan disable arp-learning vlan <vlan name> Description Disables the ARP-learning feature on a vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A.
disable arp-learning vlan ports disable arp-learning vlan ports disable arp-learning vlan <vlan name> port <portlist> Description Disables the ARP-learning feature on a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. portlist Specifies the ports to which the rule applies.
Security Commands disable cpu-dos-protect disable cpu-dos-protect Description Disables denial of service protection. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines None. Example The following command disables denial of service protection. disable cpu-dos-protect History This command was first available in ExtremeWare 6.2.2 Platform Availability...
disable dhcp ports vlan disable dhcp ports vlan disable dhcp ports <portlist> vlan <vlan name> Description Disables DHCP on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which DHCP should be disabled. vlan name Specifies the VLAN on whose ports DHCP should be disabled. Default N/A.
Security Commands disable enhanced-dos-protect disable enhanced-dos-protect {rate-limit | ipfdb} {ports [<portlist> | all]} Description Disables enhanced denial of service protection globally or for selected ports. Syntax Description rate-limit Disables software rate limiting. ipfdb Disables the IPFDB learning qualifier. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots a nd ports.
disable ip-subnet-lookup disable ip-subnet-lookup disable ip-subnet-lookup Description Disables IPDA SUBNET lookup feature in a switch. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines For a new setting to be effective, system rebooting is needed. Example The following command disables IPDA lookup: disable ip-subnet-lookup...
Security Commands disable netlogin disable netlogin [web-based |dot1x] Description Disables Network Login modes. Syntax Description web-based Specifies web-based authentication. dot1x Specifies 802.1x authenticating. Default Both types of authentication are enabled. Usage Guidelines Both types, either type, or no type of authentication can be enabled on the same switch. To enable an authentication mode, use the following command: enable netlogin [web-based | dot1x] This command was first introduced as...
disable netlogin logout-privilege disable netlogin logout-privilege disable netlogin logout-privilege Description Disables Network Login logout window pop-up. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines This command controls the logout window pop-up on the web-based network client. This command applies only to the web-based authentication mode of Network Login.
Security Commands disable netlogin ports disable netlogin ports <portlist> vlan <vlan name> Description Disables Network Login on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which netlogin should be disabled. vlan name Specifies the VLAN on whose ports netlogin should be disabled. Default N/A.
disable netlogin session-refresh disable netlogin session-refresh disable netlogin session-refresh Description Disables Network Login session refresh. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Network Login sessions can refresh themselves after a configured timeout. After the user has been logged in successfully, a logout window opens which can be used to close the connection by clicking on the LogOut link.
Security Commands disable radius disable radius Description Disables the RADIUS client. Syntax Description This command has no arguments or variables. Default RADIUS authentication is disabled by default. Usage Guidelines None. Example The following command disables RADIUS authentication for the switch: disable radius History This command was first available in ExtremeWare 4.1.
disable radius-accounting disable radius-accounting disable radius-accounting Description Disables RADIUS accounting. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command disables RADIUS accounting for the switch: disable radius-accounting History This command was first available in ExtremeWare 4.1. Platform Availability This command is available on all platforms.
Security Commands disable ssh2 disable ssh2 Description Disables the SSH2 server for incoming SSH2 sessions to switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SSH2 session options (access profile and non-default port setting) are not saved when SSH2 is disabled. To view the status of SSH2 Telnet sessions on the switch, use the command.
disable tacacs disable tacacs disable tacacs Description Disables TACACS+ authentication. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command disables TACACS+ authentication for the switch: disable tacacs History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms.
Security Commands disable tacacs-accounting disable tacacs-accounting Description Disables TACACS+ accounting. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command disables TACACS+ accounting: disable tacacs-accounting History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms.
disable tacacs-authorization disable tacacs-authorization disable tacacs-authorization Description Disables TACACS+ authorization. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This disable CLI command authorization but leaves user authentication enabled. Example The following command disables TACACS+ CLI command authorization: disable tacacs-authorization History This command was first available in ExtremeWare 6.1.
Security Commands disable trusted-mac-address disable trusted-mac-address {vlan <vlan-name>} Description Disables a trusted MAC address. Syntax Description vlan-name Specifies the name of the VLAN. Default Disabled. Usage Guidelines Use the command to disable trusted OUI or MAC addresses for disable trusted-mac-address port-specific configurations.
disable web http disable web http disable web http Description Disables HTTP access to the switch on the default HTTP port (80). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to disallow users from connecting with HTTP. Disabling HTTP access forces users to use a secured HTTPS connection if web HTTPS is enabled.
Security Commands disable web https disable web https Description Disables secured HTTP access (HTTPS) to the switch on the default HTTPS port (443). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to disable HTTPS before changing the certificate or private key. Example The following command disables HTTPS on the default port: disable web https...
download ssl certificate download ssl certificate download ssl <ip address> certificate <cert file> Description Permits downloading of a certificate key from files stored in a TFTP server. Syntax Description ip address Specifies the IP address of the TFTP server. cert file Specifies the name of certificate key.
Security Commands download ssl privkey download ssl <ip address> privkey <key file> Description Permits downloading of a private key from files in a TFTP server. Syntax Description ip address Specifies the IP address of the TFTP server. key file Specifies the name of private key file. Default N/A.
enable access-list enable access-list enable access-list <name> [counter | log] Description Enables message logging or the collection of access-list statistics. Syntax Description name Specifies the name of the access list. counter Specifies that access-list statistics should be collected. Specifies that a message should be logged to the Syslog facility for each packet that matches the access-list description.
Security Commands enable arp-learning enable arp-learning Description Enables the ARP-learning feature on the switch. Syntax Description This command has no arguments or variables. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A. History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
enable arp-learning ports enable arp-learning ports enable arp-learning ports <portlist> Description Enables the ARP-learning feature on a port or ports. Syntax Description portlist Specifies the ingress port(s) on which this rule is applied. any specifies that the rule will be applied to all ports. Default By default, arp-learning is enabled.
Security Commands enable arp-learning vlan enable arp-learning vlan <vlan name> Description Enables the ARP-learning feature on a vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A.
enable arp-learning vlan ports enable arp-learning vlan ports enable arp-learning vlan <vlan name> port <portlist> Description Enables the ARP-learning feature on a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. portlist Specifies the ports to which the rule applies.
Security Commands enable cpu-dos-protect enable cpu-dos-protect Description Enables denial of service protection. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines None. Example The following command enables denial of service protection. enable cpu-dos-protect History This command was first available in ExtremeWare 6.2.2 Platform Availability...
enable cpu-dos-protect simulated enable cpu-dos-protect simulated enable cpu-dos-protect simulated Description Enables simulated denial of service protection. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines When simulated denial of service protection is enabled, no ACLs are created. This mode is useful to gather information about normal traffic levels on a switch.
enable ip-subnet-lookup enable ip-subnet-lookup enable ip-subnet-lookup Description Enables IPDA SUBNET lookup feature in a switch. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines For a new setting to be effective, system rebooting is needed. If IPDA SUBNET lookup is enabled for the first time, IPDA SUBNET lookup mask length is 24 (255.255.255.0).
Security Commands enable netlogin enable netlogin [web-based | dot1x] Description Enables Network Login authentication modes. Syntax Description web-based Specifies web-based authentication. dot1x Specifies 802.1x authenticating. Default Both types of authentication are enabled. Usage Guidelines Both types, either type, or no type of authentication can be enabled on the same switch. To disable an authentication mode, use the following command: disable netlogin [web-based | dot1x] This command was first introduced as...
enable netlogin logout-privilege enable netlogin logout-privilege enable netlogin logout-privilege Description Enables Network Login logout pop-up window. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines This command controls the logout window pop-up on the web-based network client. This command applies only to the web-based authentication mode of Network Login.
Security Commands enable netlogin ports enable netlogin ports <portlist> vlan <vlan name> Description Enables Network Login on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which netlogin should be enabled. vlan name Specifies the VLAN on whose ports netlogin should be enabled. Default N/A.
enable netlogin session-refresh enable netlogin session-refresh enable netlogin session-refresh {<minutes>} Description Disables Network Login session refresh. Syntax Description minutes Specifies the session refresh time for Network Login in minutes. Default Disabled, with a value of three minutes for session refresh. Usage Guidelines Network Login sessions can refresh themselves after a configured timeout.
Security Commands enable radius enable radius Description Enables the RADIUS client on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When enabled, all web and CLI logins are sent to the RADIUS servers for authentication. When used with a RADIUS server that supports ExtremeWare CLI authorization, each CLI command is sent to the RADIUS server for authorization before it is executed.
enable radius-accounting enable radius-accounting enable radius-accounting Description Enables RADIUS accounting. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines The RADIUS client must also be enabled. Example The following command enables RADIUS accounting for the switch: enable radius-accounting History This command was first available in ExtremeWare 4.1.
Security License Key to enable the SSH2 feature. To obtain a Security License Key, access the Extreme Networks website. You can specify a list of predefined clients that are allowed SSH2 access to the switch. To do this, you must create an access profile that contains a list of allowed IP addresses.
enable tacacs enable tacacs enable tacacs Description Enables TACACS+ authentication. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines After they have been enabled, all web and CLI logins are sent to one of the two TACACS+ servers for login name authentication and accounting.
Security Commands enable tacacs-accounting enable tacacs-accounting Description Enables TACACS+ accounting. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines If accounting is used, the TACACS+ client must also be enabled. Example The following command enables TACACS+ accounting for the switch: enable tacacs-accounting History This command was first available in ExtremeWare 6.1.
enable tacacs-authorization enable tacacs-authorization enable tacacs-authorization Description Enables CLI command authorization. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When enabled, each command is transmitted to the remote TACACS+ server for authorization before the command is executed. Example The following command enables TACACS+ command authorization for the switch: enable tacacs-authorization...
Security Commands enable trusted-mac-address enable trusted-mac-address {vlan <vlan-name>} Description Enables a trusted MAC address. Syntax Description vlan-name Specifies the name of the VLAN. Default Disabled. Usage Guidelines Use the command to enable trusted OUI or MAC addresses for enable trusted-mac-address port-specific configurations.
enable web http enable web http enable web http Description Enables HTTP access to the switch on the default HTTP port (80). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to enable HTTP access to the switch web pages. Example The following command enables HTTP on the default port: enable web http...
Security Commands enable web http access-profile enable web http access-profile [none | <access-profile>] port <port number> Description Allows HTTP access on the specified (non-default) port. Syntax Description none Specifies to not to use an access-profile when accessing HTTP. access-profile Specifies the name of an access-profile to use when accessing HTTP. port number Specifies the port number to use to access HTTP.
enable web https access-profile enable web https access-profile enable web https access-profile [none | <access-profile>] port <port number> Description Allows HTTPS access on the specified (non-default) port. Syntax Description none Specifies to not to use an access-profile when accessing HTTPS. access-profile Specifies the name of an access-profile to use when accessing HTTPS.
Security Commands enable web https enable web https Description Enables secure HTTP access (HTTPS) to the switch on the default HTTPS port (443). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to allow users to connect using a more secure HTTPS connection. Example The following command enables HTTPS on the default port: enable web https...
scp2 scp2 scp2 {cipher [3des | blowfish]} {port <portnum>} {debug <debug_level>} <user>@ [<hostname> | <ipaddress>] :<remote_file> [configuration {incremental} | image [primary | secondary] | bootrom] Description Initiates an SCP2 client session to a remote SCP2 server and copies a file from the remote system to the switch.
Page 916
Security Commands CAUTION You can download a configuration to an Extreme Networks switch using SCP. If you do this, you cannot save this configuration. If you save this configuration and reboot the switch, the configuration will be corrupted. Example The following command copies a configuration file from the file configpart1.save on host system1 to the switch as an incremental configuration: scp2 admin@system1:configpart1.save configuration incremental...
scp2 configuration scp2 configuration scp2 {cipher [3des | blowfish]} {port <portnum>} {debug <debug_level>} configuration <user>@ [<hostname> | <ipaddress>]:<remote_file> Description Copies the configuration file from the switch to a remote system using SCP2. Syntax Description 3des Specifies that the 3des cipher should be used for encryption. This is the default.
Security Commands show access-list show access-list {<name> | port <portlist>} Description Displays access list information and real-time statistics. Syntax Description name Specifies the name of an access list to be displayed. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 919
show access-list The command generates output similar to the following: test1 Protocol: ip Action: permit qp1 Destination: 0.0.0.0/0 any Source: any Precedence: 0 Rule Number: 0 Hit Count: 4566 Flags: ac Ports: History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms.
Security Commands show access-list-fdb show access-list-fdb Description Displays the hardware access control list mapping. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the hardware access control list mapping: show access-list-fdb History This command was first available in ExtremeWare 6.0.
show access-list-monitor show access-list-monitor show access-list-monitor Description Initiates the access-list information display, and refreshes it until discontinued. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command initiates a display of real-time access list information. Use the keys as shown in Table 17 to change the view of the data.
Security Commands show access-profile show access-profile {<access profile>} Description Displays access-profile related information for the switch. Syntax Description access profile Specifies an access profile. Default Shows all access profile information for the switch. Usage Guidelines None. Example The following command displays access-profile related information for access profile nosales: show access-profile nosales History This command was first available in ExtremeWare 4.0.
show arp-learning vlan show arp-learning vlan show arp-learning vlan <vlan name> Description Displays the ARP-learning feature on a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. Default By default, arp-learning is enabled. Usage Guidelines None.
Security Commands show arp-learning vlan ports show arp-learning vlan <vlan name> port <portlist> Description Displays the ARP-learning configuration for a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. portlist Specifies the ports to which the rule applies. Default By default, arp-learning is enabled.
show auth show auth show auth Description Displays the authentication servers configured for mgmt-access/netlogin type of sessions. Syntax Description There are no arguments or variables for this command. Default Shows all authentication server information for the switch. Usage Guidelines None. Example show auth History...
Security Commands show cpu-dos-protect show cpu-dos-protect Description Displays the status of denial of service protection. Syntax Description There are no arguments or variables for this command. Default N/A. Usage Guidelines None. Example The following command displays the status of denial of service protection. show cpu-dos-protect Following is the output from this command: Denial-of-service protection to CPU is ENABLED...
show enhanced-dos-protect show enhanced-dos-protect show enhanced-dos-protect [rate-limit | ipfdb] ports [<portlist> | all] Description Displays the status of the enhanced denial of service protection feature. Syntax Description rate-limit Displays rate limiting configuration. ipfdb Displays IPFDB learning qualifier configuration. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots a nd ports.
Security Commands show ip-subnet-lookup show ip-subnet-lookup Description Displays all IPDA SUBNET forwarding entries Syntax Description There are no arguments or variables for this command. Default N/A. Usage Guidelines None. Example. # show ip-subnet-lookup Dest IP Addr TblIdx MacIdx Flag Flow MAC Address VLAN Port --------------- ------ ------...
show netlogin show netlogin show netlogin {port <portlist> vlan <vlan name>} Description Shows status information for Network Login. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 930
Security Commands Quiet Period secs Client Response Timeout secs Default Reauthentication Timeout 3600 secs Max. Number Authentication Failure Periodic Reauthentication ENABLED --------------------------------- Port: 1:13, Vlan: Default, State: Unauthenticated IP address Auth Type ReAuth-Timer User 00:B0:D0:90:2F:72 0.0.0.0 802.1x Unknown ------------------------------- Total Number of Authenticated MACs : 0 The following command shows the detailed Network Login information for the port 1:13 in the VLAN Default: show netlogin ports 1:13 "Default"...
show radius show radius show radius {<ipaddress>} Description Displays the current RADIUS client configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines The output from this command displays the status of the RADIUS and RADIUS accounting (enabled or disabled) and the primary and secondary servers for RADIUS and RADIUS accounting.
Page 932
Security Commands Primary radius accounting server: Server name: 172.17.1.104 Client address: 172.17.1.221 Shared secret: lf|nki Secondary radius accounting server: Server name: 172.17.1.123 Client address: 172.17.1.221 Shared secret: lf|nki History This command was first available in ExtremeWare 4.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show radius-accounting show radius-accounting show radius-accounting {<ipaddress>} Description Displays the current RADIUS accounting client configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines The output from this command displays information about the status and configuration of RADIUS accounting Example The following command displays RADIUS accounting client configuration and statistics:...
Security Commands show route-map show route-map <route map> Description Displays route map information. Syntax Description route map Specifies a route map name. Default N/A. Usage Guidelines If you do not specify a route map name, information for all the route maps will be displayed. Example The following command displays the route-map named bgp-out: show route-map bgp-out...
show security-profile show security-profile show security-profile {<name>} Description Displays the configured parameters of the security profile. Syntax Description name Specifies the name of an existing RF profile to be deleted. Default All. Usage Guidelines Use this command to show security profiles currently configured on the platform and all values associated with each security profile.
Security Commands show ssl show ssl {detail} Description Displays the Secure Sockets Layer (SSL) configuration. Syntax Description detail Specifies to display the information in detailed format. Default N/A. Usage Guidelines Displays the following information: • HTTPS port configured. This is the port on which the clients will connect. •...
Page 939
show ssl The following command displays the SSL configuration with the complete certificate. show ssl detail The output of the command is similar to: HTTPS Port Number: Private Key matches the Certificate's public key. RSA Key Length: 1026 Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption...
Page 940
Security Commands zFvvBiX8TQaYvp9sL/Oia7yTeZna4jeY1q+HOJo5t3EuvJyRwjSJVnTNN5FaytnJ 6OndxHIE4Umj6kWHnjuSoQJBAJO53Wz8PztTHl5wkTiQ7Y/L7V41jCpDz0W4Kt0k Ywn1pvjSPV9dIbqVhHgDMi5KdAF5ny2f8vgNZp8ZdwCrTCw= -----END RSA PRIVATE KEY----- History This command was first available in ExtremeWare 6.2a and added to the “i” series in 7.3.0. Platform Availability This command is available on Alpine 3800 series only. ExtremeWare Software 7.3.0 Command Reference Guide...
show tacacs show tacacs show tacacs {<ipaddress>} Description Displays the current TACACS+ configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines None. Example The following command displays TACACS+ client configuration and statistics: show tacacs Following is the output from this command: TACACS+: enabled...
Page 942
Security Commands Shared secret: lf|nki History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show tacacs-accounting show tacacs-accounting show tacacs-accounting {<ipaddress>} Description Displays the current TACACS+ accounting client configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines None: Example The following command displays TACACS+ accounting client configuration and statistics: show tacacs-accounting Following is the output from this command: TACACS+ Accounting: enabled...
Security Commands show trusted-mac-address show trusted-mac-address {vlan <vlan-name>} {port <portlist>} Description Displays the status of the enable/disable keywords and then displays all of the configured trusted MAC addresses. Syntax Description vlan-name Specifies the name of the VLAN . portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
show wireless ports interface clients show wireless ports interface clients show wireless ports [<portlist> | all] interface [1 | 2] clients {detail} Description Displays wireless client state. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Security Commands show wireless ports interface pae-diagnostics show wireless ports [<portlist> | all] interface [1 | 2] pae-diagnostics Description Displays Port Authentication Entity (PAE) diagnostics for the selected port and interface. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
show wireless ports interface pae-statistics show wireless ports interface pae-statistics show wireless ports [<portlist> | all] interface [1 | 2] pae-statistics Description Displays Port Authentication Entity (PAE) statistics for the selected port and interface. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
When you terminate the remote session, commands will then resume being executed on the original switch. The remote command option cannot be used with Extreme Networks switches. If you include a remote command, you will receive an error message.
Page 949
ssh2 Example The following command establishes an SSH2 session on switch engineering1: ssh2 admin@engineering1 The following command establishes an SSH2 session with the switch summit48i over TCP port 2050 with compression enabled: ssh2 port 2050 compression on admin@summit48i History This command was first available in ExtremeWare 6.2.1 Platform Availability This command is available on all platforms.
Security Commands unconfigure auth mgmt-access unconfigure auth mgmt-access Description Disables the remote authentication for management sessions. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines N/A. Example unconfigure auth mgmt-access History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
unconfigure auth netlogin unconfigure auth netlogin unconfigure auth netlogin Description Disables the remote authentication for netlogin sessions. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines N/A. Example unconfigure auth netlogin History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
Security Commands unconfigure cpu-dos-protect unconfigure cpu-dos-protect Description Resets denial of service protection configuration to default parameter values. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command will not change whether denial of service protection is enabled or disabled. To enable or disable denial of service protection, use the following commands: enable cpu-dos-protect disable cpu-dos-protect...
unconfigure enhanced-dos-protect ipfdb agingtime unconfigure enhanced-dos-protect ipfdb agingtime unconfigure enhanced-dos-protect ipfdb agingtime ports <portlist> Description Resets aging time configuration for enhanced denial of service protection to default values for the selected ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Security Commands unconfigure enhanced-dos-protect ipfdb cache-size unconfigure enhanced-dos-protect ipfdb cache-size Description Resets the cache size for enhanced denial of service protection to default parameter values. Syntax Description This command has no arguments or variables. Default The default cache size value is 256 (in kilobytes). Usage Guidelines Enhanced DoS Protection maintains the number of IPFDB entries according to the cache-size limit.
unconfigure enhanced-dos-protect ipfdb learn-limit unconfigure enhanced-dos-protect ipfdb learn-limit unconfigure enhanced-dos-protect ipfdb learn-limit ports <portlist> Description Resets the learning limit for enhanced denial of service protection to default parameter values for the selected ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Security Commands unconfigure enhanced-dos-protect ipfdb learn-window unconfigure enhanced-dos-protect ipfdb learn-window ports <portlist> Description Resets the learning window on untrusted ports for the enhanced denial of service protection IPFDB learning qualifier to default values for the selected ports. Syntax Description portlist Specifies one or more ports or slots and ports.
unconfigure enhanced-dos-protect ports unconfigure enhanced-dos-protect ports unconfigure enhanced-dos-protect ports <portlist> Description Resets the enhanced denial of service protection to the default trusted value for selected ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Security Commands unconfigure enhanced-dos-protect rate-limit unconfigure enhanced-dos-protect rate-limit [threshold | drop-probability | learn-window | protocol] ports <portlist> Description Removes ports from rate limiting or resets the rate limiting configuration for enhanced denial of service protection to default parameter values for the selected ports. Syntax Description threshold Resets to the default value the number of packets allowed on a given port within the...
Page 959
unconfigure enhanced-dos-protect rate-limit The following command resets the rate limiting learn window on ports 2 and 3 to the default value, 10 seconds: unconfigure enhanced-dos-protect rate-limit learn-window ports 2,3 The following command resets the rate limiting protocol to the default value, ICMP packet types, on ports 1 through 3: unconfigure enhanced-dos-protect rate-limit protocol ports 1-3 The following command removes ports 1 through 4 from rate limiting:...
Security Commands unconfigure radius unconfigure radius {server [primary | secondary]} Description Unconfigures the RADIUS client configuration. Syntax Description primary Unconfigures the primary RADIUS server. secondary Unconfigures the secondary RADIUS server. Default Unconfigures both primary and secondary servers. Usage Guidelines None. Example The following command unconfigures the secondary RADIUS server for the client: unconfigure radius server secondary...
Security Commands unconfigure vlan dhcp-address-range unconfigure vlan <vlan-name> dhcp-address-range {<start-addr>} Description Clears the specified DHCP address range in the a VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be unconfigured. dhcp-address-range Specifies that DHCP address range to be unconfigured. start-addr (Optional) Specifies the starting address of the DHCP address range to be unconfigured.
Page 965
unconfigure vlan dhcp-address-range History This command has been modified so that clearing of the secondary or remote address ranges is possible (through the addition of the parameter ). This enhanced command was made available in start-addr ExtremeWare 7.3.0. Platform Availability This command is available on all platforms.
Security Commands unconfigure vlan dhcp-options unconfigure vlan <vlan-name> dhcp-options {<start-addr>} Description Clears the DHCP options for the specified address range in a VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be unconfigured. dhcp-options Specifies that DHCP options are to be unconfigured. start-addr (Optional) Specifies the starting address of the range for which DHCP options are to be unconfigured.
Page 967
unconfigure vlan dhcp-options NOTE You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command (50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If the last option is not specified, the command is applied for the primary subnet. History This command has been modified so that clearing the DHCP options for secondary or remote subnets is possible (through the addition of the parameter...
EAPS Commands This chapter describes commands for configuring and monitoring Ethernet Automatic Protection Switching (EAPS). To use EAPS, you must enable EDP on the switch and the EAPS ring ports. The EAPS protocol provides fast protection switching to layer 2 switches interconnected in an Ethernet ring topology, such as a metropolitan area network (MAN) or large campuses.
EAPS Commands configure eaps add control vlan configure eaps <name> add control vlan <vlan_name> Description Adds the specified control VLAN to the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the control VLAN. Default N/A.
configure eaps add protect vlan configure eaps add protect vlan configure eaps <name> add protect vlan <vlan_name> Description Adds the specified protected VLAN to the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the protected VLAN. Default N/A.
EAPS Commands configure eaps delete control vlan configure eaps <name> delete control vlan <vlan_name> Description Deletes the specified control VLAN from the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the control VLAN. Default N/A.
configure eaps delete protect vlan configure eaps delete protect vlan configure eaps <name> delete protect vlan <vlan_name> Description Deletes the specified protected VLAN from the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the protected VLAN. Default N/A.
EAPS Commands configure eaps failtime configure eaps <name> failtime [<seconds>] Description Configures the value of the failtimer the master node uses for EAPS health-check packets. Syntax Description name Specifies the name of an EAPS domain. seconds Specifies the number of seconds the master node waits to receive a health-check packet before the failtimer expires.
configure eaps failtime expiry-action configure eaps failtime expiry-action configure eaps <name> failtime expiry-action [ open-secondary-port | send-alert] Description Configures the action taken when the failtimer expires. Syntax Description name Specifies the name of an EAPS domain. open-secondary-port Specifies to open the secondary port when the failtimer expires. send-alert Specifies that a critical message is sent to the syslog when the failtimer expires.
Page 976
EAPS Commands Example The following command configures the failtimer expiry-action for EAPS domain “eaps_1”: configure eaps eaps_1 failtime expiry-action open-secondary-port History This command was first available in ExtremeWare 7.1. Platform Availability This command is available on the “i” series platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
configure eaps fast-convergence configure eaps fast-convergence configure eaps fast-convergence [on | off] Description Enables EAPS to converge more quickly. Syntax Description Turns fast-convergence on. Turns fast-convergence off. Default is off. Default Default is off. Usage Guidelines In certain environments to keep packet loss to a minimum, configure EAPS with fast-convergence turned on.
EAPS Commands configure eaps hellotime configure eaps <name> hellotime <seconds> Description Configures the value of the hello timer the master node used for the EAPS health-check packet. Syntax Description name Specifies the name of an EAPS domain. seconds Specifies the number of seconds to wait between transmission of the health-check packets on the control VLAN.
configure eaps mode configure eaps mode configure eaps <name> mode [master | transit] Description Configures the switch as either the EAPS master node or as an EAPS transit node for the specified domain. Syntax Description name Specifies the name of an EAPS domain. master Specifies that this switch should be the master node for the named EAPS domain.
EAPS Commands configure eaps name configure eaps <old_name> name <new_name> Description Renames an existing EAPS domain. Syntax Description old_name Specifies the current name of an EAPS domain. new_name Specifies a new name for the EAPS domain. Default N/A. Usage Guidelines None.
configure eaps port configure eaps port configure eaps <name> [primary | secondary] port <port number> Description Configures a node port as the primary or secondary port for the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. primary Specifies that the port is to be configured as the primary port.
EAPS Commands configure eaps shared-port link-id configure eaps shared-port <port> link-id <id> Description Configures the link ID of the shared port. Syntax Description port Specifies the port number of the common link port. Specifies the link ID of the port. Default N/A.
configure eaps shared-port mode configure eaps shared-port mode configure eaps shared-port <port> mode <controller | partner> Description Configures the mode of the shared port. Syntax Description port Specifies the port number of the shared port. controller Specifies the controller mode. The controller is the end of the common link responsible for blocking ports when the common link fails thereby preventing the superloop.
EAPS Commands create eaps create eaps <name> Description Creates an EAPS domain with the specified name. Syntax Description name Specifies the name of an EAPS domain to be created. May be up to 32 characters in length. Default N/A. Usage Guidelines parameter is a character string of up to 32 characters that identifies the EAPS domain to be name created.
create eaps shared-port create eaps shared-port create eaps shared-port <port> Description Creates an EAPS shared port on the switch. Syntax Description port Specifies the port number of the common link port. Default N/A. Usage Guidelines To configure a common link, you must create a shared port on each switch of the common link. Example The following command creates a shared port on the EAPS domain.
EAPS Commands delete eaps delete eaps <name> Description Deletes the EAPS domain with the specified name. Syntax Description name Specifies the name of an EAPS domain to be deleted. Default N/A. Usage Guidelines An EAPS domain must be disabled first before it can be deleted. (See the disable eaps {<name>} command.) Example...
delete eaps shared-port delete eaps shared-port delete eaps shared-port <port> Description Deletes an EAPS shared port on a switch. Syntax Description port Specifies the port number of the Common Link port. Default N/A. Usage Guidelines None. Example The following command deletes shared port 1:1. delete eaps shared-port 1:1 History This command was first available in ExtremeWare 7.1.
EAPS Commands disable eaps disable eaps {<name>} Description Disables the EAPS function for a named domain or for an entire switch. Syntax Description name Specifies the name of an EAPS domain. Default Disabled for the entire switch. Usage Guidelines None. Example The following command disables the EAPS function for entire switch: disable eaps...
enable eaps enable eaps enable eaps {<name>} Description Enables the EAPS function for a named domain or for an entire switch. Syntax Description name Specifies the name of an EAPS domain. Default Disabled. Default command enables for the entire switch. Usage Guidelines EDP must be enabled on the switch and EAPS ring ports.
EAPS Commands show eaps show eaps {<name>} {detail} Description Displays EAPS status information. Syntax Description name Specifies the name of an EAPS domain. detail Specifies all available detail for each domain. Default N/A. Usage Guidelines If you enter the command without a keyword, the command displays less than with the show eaps keyword.
Page 991
show eaps State: On a transit node, the command displays one of the following states: • Idle—The EAPS domain has been enabled, but the configuration is not complete. • Links-Up—This EAPS domain is running, and both its ports are up and in the FORWARDING state.
Page 992
EAPS Commands Failtimer expiry action: Displays the action taken when the failtimer expires: • Send-alert—Sends a critical message to the syslog when the failtimer expires. • Open-secondary-port—Opens the secondary port when the failtimer expires. Displays only for master nodes. Preforwarding Timer interval: The configured value of the timer.
Page 993
show eaps Primary port: 13 Port status: Up Tag status: Tagged Secondary port: 14 Port status: Up Tag status: Tagged Hello Timer interval: 1 sec Fail Timer interval: 3 sec Preforwarding Timer interval: 3 sec Last update: From Master Id 00:01:30:B9:4B:E0, at Tue May 6 12:49:25 2003 Eaps Domain has following Controller Vlan: Vlan Name QosProfile...
Page 994
EAPS Commands Platform Availability This command is available on the “i” series platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
show eaps shared-port show eaps shared-port show eaps shared-port [detail] Description Displays shared-port information for one or more EAPS domains. Syntax Description detail Specifies to display the status of all segments and VLANs. Default N/A. Usage Guidelines If you enter the command without an argument or keyword, the command show eaps shared-port displays a summary of status information for all configured EAPS shared ports.
Page 996
EAPS Commands Field Description • Yes—Indicates that the EAPS instance on the other end of the common link is configured with matching link ID and opposite modes. For example, if one end of the common link is configured as a controller, the other end must be configured as a partner. •...
show eaps summary show eaps summary show eaps summary Description Displays summary information on one or more EAPS domains. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Displays EAPS domains and associated info such as Domain Name, Domain State, EAPS Mode, Enabled State, Control VLAN and VLAN ID and the Number of Protect VLANs in the domain.
Page 998
EAPS Commands History This command was first available in ExtremeWare 6.2. option was added in ExtremeWare 6.2.2. summary This command was modified in ExtremeWare 7.1 to show shared-port statistics. Platform Availability This command is available on the “i” series platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
unconfigure eaps shared-port link-id unconfigure eaps shared-port link-id unconfigure eaps shared-port <port> link-id Description Unconfigures an EAPS link ID on a shared port on the switch. Syntax Description port Specifies the port number of the Common Link port. Default N/A. Usage Guidelines None.
EAPS Commands unconfigure eaps shared-port mode unconfigure eaps shared-port <port> mode Description Unconfigures the EAPS shared port mode. Syntax Description port Specifies the port number of the Common Link port. Default N/A. Usage Guidelines None. Example The following command unconfigures the shared port mode on port 1:1. unconfigure eaps shared-port 1:1 mode History This command was first available in ExtremeWare 7.1.