Page 1 ExtremeWare Software Command Reference Guide Software Version 7.3.0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: March, 2005 Part number: 100160-00 Rev. 04...
Page 2 Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
Page 3: Table Of Contents
Contents Preface Chapter 1 Command Reference Overview Chapter 2 Commands for Accessing the Switch clear session configure account configure banner configure banner netlogin configure dns-client add configure dns-client add domain-suffix configure dns-client add name-server configure dns-client default-domain configure dns-client delete configure dns-client delete domain-suffix configure dns-client delete name-server configure idletimeouts...
Page 4 Contents enable license history reboot show accounts pppuser show banner show dns-client show switch traceroute Chapter 3 Commands for Managing the Switch configure snmp access-profile readonly configure snmp access-profile readwrite configure snmp add community configure snmp add trapreceiver configure snmp community configure snmp delete community configure snmp delete trapreceiver configure snmp sysContact...
Page 5 Contents configure snmpv3 delete filter-profile configure snmpv3 delete group user configure snmpv3 delete mib-view configure snmpv3 delete notify configure snmpv3 delete target-addr configure snmpv3 delete target-params configure snmpv3 delete user configure snmpv3 engine-boots configure snmpv3 engine-id configure snmpv3 target-addr-ext configure sntp-client server configure sntp-client update-interval configure web login-timeout disable alt-queue-management...
Page 6 Contents enable telnet enable web exit logout quit show snmpv3 context show snmpv3 engine-info show management show odometer show session show snmpv3 access show snmpv3 counters show snmpv3 filter show snmpv3 filter-profile show snmpv3 group show snmpv3 mib-view show snmpv3 notify show snmpv3 target-addr show snmpv3 target-addr-ext show snmpv3 target-params...
Page 7 Contents configure msm-failover link-action configure msm-failover slave-config configure msm-failover timeout configure port aggregate-bandwidth percent configure ports configure ports auto off configure ports auto on configure ports auto-polarity configure ports display-string configure port interpacket-gap configure ports link-detection-level configure ports redundant configure ports vdsl configure sharing address-based configure slot disable edp ports...
Page 8 Contents enable smartredundancy restart ports run msm-failover show edp show mirroring show msm-failover show ports collisions show ports configuration show ports info show ports packet show ports sharing show ports utilization show ports vlan info show sharing address-based show slot unconfigure msm-failover unconfigure port aggregate-bandwidth unconfigure ports display string...
Page 9 Contents configure vlan delete port configure vlan delete secondary-ip configure vlan ipaddress configure vlan name configure vlan protocol configure vlan tag create protocol create vlan delete protocol delete vlan disable gvrp disable mac-vlan port enable gvrp enable mac-vlan mac-group port show gvrp show mac-vlan show protocol...
Page 10 Contents unconfigure fdb-scan failure-action unconfigure fdb-scan period Chapter 7 QoS Commands clear dlcs configure diffserv examination code-point qosprofile ports configure diffserv replacement priority configure dot1p type configure ports qosprofile configure qosprofile configure qostype priority configure red drop-probability configure vlan priority configure vlan qosprofile disable diffserv examination ports disable diffserv replacement ports...
Page 11 Contents Chapter 8 NAT Commands clear nat configure nat add vlan map configure nat delete configure nat finrst-timeout configure nat icmp-timeout configure nat syn-timeout configure nat tcp-timeout configure nat timeout configure nat udp-timeout configure nat vlan disable nat enable nat show nat Chapter 9 SLB Commands...
Page 12 Contents configure slb failover failback-now configure slb failover ping-check configure slb failover unit configure slb global connection-block configure slb global connection-timeout configure slb global ftp configure slb global http configure slb global nntp configure slb global persistence-level configure slb global persistence-method configure slb global ping-check configure slb global pop3 configure slb global service-check...
Page 13 Contents configure slb pool lb-method configure slb pool member configure slb proxy-client-persistence configure slb vip configure slb vip client-persistence-timeout configure slb vip max-connections configure slb vip service-check frequency configure slb vip service-check ftp configure slb vip service-check http configure slb vip service-check nntp configure slb vip service-check pop3 configure slb vip service-check smtp configure slb vip service-check telnet...
Page 14 Contents disable slb node tcp-port-check disable slb proxy-client-persistence disable slb vip disable slb vip client-persistence disable slb vip service-check disable slb vip sticky-persistence disable slb vip svcdown-reset enable flow-redirect enable slb enable slb 3dns enable slb failover enable slb failover manual-failback enable slb failover ping-check enable slb global synguard enable slb gogo-mode...
Page 15 Contents show slb gogo-mode show slb L4-port show slb node show slb persistence show slb pool show slb stats show slb vip unconfigure slb all unconfigure slb gogo-mode health-check unconfigure slb gogo-mode service-check unconfigure slb vip service-check Chapter 10 Commands for Status Monitoring and Statistics clear counters clear log clear log counters...
Page 16 Contents configure sflow agent configure sflow backoff-threshold configure sflow collector configure sflow poll-interval configure sflow sample-rate configure sys-health-check alarm-level configure sys-health-check auto-recovery configure sys-health-check scan-recovery configure sys-recovery-level configure syslog add configure syslog delete configure transceiver-test failure-action configure transceiver-test period configure transceiver-test threshold configure transceiver-test window create log filter delete log filter...
Page 17 Contents enable flowstats enable flowstats filter ports enable flowstats ping-check enable flowstats ports enable log debug-mode enable log display enable log target enable rmon enable sflow enable sflow backoff-threshold enable sflow ports enable sys-health-check enable syslog enable temperature-logging enable transceiver-test show flowstats show flowstats export show flowstats...
Page 18 Contents unconfigure flowstats filter ports unconfigure flowstats ports unconfigure log filter unconfigure log target format unconfigure packet-mem-scan-recovery-mode unconfigure sflow agent unconfigure sflow backoff-threshold unconfigure sflow collector unconfigure transceiver-test failure-action unconfigure transceiver-test period unconfigure transceiver-test threshold unconfigure transceiver-test window upload log Chapter 11 Security Commands clear netlogin state...
Page 19 Contents configure enhanced-dos-protect ports configure enhanced-dos-protect rate-limit configure ip-subnet-lookup maskbits configure netlogin base-url configure netlogin redirect-page configure radius server configure radius shared-secret configure radius timeout configure radius server timeout configure radius-accounting server configure radius-accounting shared-secret configure radius-accounting timeout configure radius-accounting server timeout configure route-map add configure route-map add goto configure route-map add match...
Page 20 Contents configure ssl certificate pregenerated configure ssl certificate privkeylen country organization common-name configure ssl privkey pregenerated configure tacacs server configure tacacs shared-secret configure tacacs timeout configure tacacs server timeout configure tacacs-accounting server configure tacacs-accounting shared-secret configure tacacs-accounting timeout configure tacacs-accounting server timeout configure vlan access-profile configure vlan dhcp-address-range configure vlan dhcp-lease-timer...
Page 21 Contents disable cpu-dos-protect disable dhcp ports vlan disable enhanced-dos-protect disable ip-subnet-lookup disable netlogin disable netlogin logout-privilege disable netlogin ports disable netlogin session-refresh disable radius disable radius-accounting disable ssh2 disable tacacs disable tacacs-accounting disable tacacs-authorization disable trusted-mac-address disable web http disable web https download ssl certificate download ssl privkey enable access-list...
Page 22 Contents enable ssh2 enable tacacs enable tacacs-accounting enable tacacs-authorization enable trusted-mac-address enable web http enable web http access-profile enable web https access-profile enable web https scp2 scp2 configuration show access-list show access-list-fdb show access-list-monitor show access-profile show arp-learning vlan show arp-learning vlan ports show auth show cpu-dos-protect show enhanced-dos-protect...
Page 23 Contents unconfigure auth mgmt-access unconfigure auth netlogin unconfigure cpu-dos-protect unconfigure enhanced-dos-protect ipfdb agingtime unconfigure enhanced-dos-protect ipfdb cache-size unconfigure enhanced-dos-protect ipfdb learn-limit unconfigure enhanced-dos-protect ipfdb learn-window unconfigure enhanced-dos-protect ports unconfigure enhanced-dos-protect rate-limit unconfigure radius unconfigure radius-accounting unconfigure tacacs unconfigure tacacs-accounting unconfigure vlan dhcp-address-range unconfigure vlan dhcp-options Chapter 12 EAPS Commands...
Page 24 Contents disable eaps enable eaps show eaps show eaps shared-port show eaps summary unconfigure eaps shared-port link-id unconfigure eaps shared-port mode 1000 unconfigure eaps port 1001 Chapter 13 STP Commands configure stpd add vlan 1005 configure stpd delete vlan 1007 configure stpd forwarddelay 1008 configure stpd hellotime...
Page 25 Contents enable stpd ports 1035 show stpd 1036 show stpd ports 1038 show vlan stpd 1040 unconfigure stpd 1042 Chapter 14 ESRP Commands clear elrp stats 1045 clear elsm auto-restart ports 1046 clear elsm counters ports 1048 configure debug elsm-port 1049 configure debug elsm-system 1051...
Page 26 Contents configure vlan delete track-environment 1082 configure vlan delete track-iproute 1083 configure vlan delete track-ospf 1084 configure vlan delete track-ping 1085 configure vlan delete track-rip 1086 configure vlan delete track-vlan 1087 configure vlan esrp elrp-master-poll disable 1088 configure vlan esrp elrp-master-poll enable 1089 configure vlan esrp elrp-premaster-poll disable 1090...
Page 27 Contents Chapter 15 VRRP Commands configure vrrp add vlan 1129 configure vrrp delete 1130 configure vrrp vlan add 1131 configure vrrp vlan authentication 1132 configure vrrp vlan delete vrid 1133 configure vrrp vlan vrid 1134 disable vrrp 1136 enable vrrp 1137 show vrrp 1138...
Page 28 Contents configure iproute delete blackhole 1168 configure iproute delete blackhole default 1169 configure iproute delete default 1170 configure iproute priority 1171 configure iproute route-map 1173 configure irdp 1175 configure irdp 1176 configure udp-profile add 1177 configure udp-profile delete 1178 configure vlan subvlan address range 1179 configure vlan upd-profile 1180...
Page 29 Contents disable iproute sharing 1205 disable irdp 1206 disable loopback-mode vlan 1207 disable multinetting 1208 disable subvlan-proxy-arp vlan 1209 disable udp-echo-server 1210 enable bootp vlan 1211 enable bootprelay 1212 enable icmp address-mask 1213 enable icmp parameter-problem 1214 enable icmp port-unreachables 1215 enable icmp redirects 1216...
Page 30 Contents show iparp proxy 1239 show ipconfig 1240 show ipfdb 1242 show iproute 1244 show ipstats 1246 show udp-profile 1249 unconfigure bootprelay dhcp-agent information check 1250 unconfigure bootprelay dhcp-agent information option 1251 unconfigure bootprelay dhcp-agent information policy 1252 unconfigure icmp 1253 unconfigure iparp 1254...
Page 31 Contents configure isis vlan cost 1278 configure isis vlan hello-multiplier 1279 configure isis vlan priority 1280 configure isis vlan timer 1281 configure ospf cost 1283 configure ospf priority 1284 configure ospf virtual-link authentication password 1285 configure ospf timer 1286 configure ospf add virtual-link 1288 configure ospf add vlan area 1289...
Page 32 Contents configure rip delete vlan 1317 configure rip garbagetime 1318 configure rip routetimeout 1319 configure rip rxmode 1320 configure rip txmode 1321 configure rip updatetime 1322 configure rip vlan cost 1323 configure rip vlan export-filter 1324 configure rip vlan import-filter 1325 configure rip vlan trusted-gateway 1326...
Page 33 Contents enable isis originate-default 1353 enable isis overload 1354 enable ospf 1355 enable ospf capability opaque-lsa 1356 enable ospf export 1357 enable ospf export direct 1359 enable ospf export rip 1361 enable ospf export static 1362 enable ospf export vip 1363 enable ospf originate-default 1365...
Page 34 Contents Chapter 18 BGP Commands clear bgp neighbor counters 1395 clear bgp neighbor flap-statistics 1396 configure bgp add aggregate-address 1398 configure bgp add confederation-peer sub-AS-number 1399 configure bgp add network 1400 configure bgp AS-number 1401 configure bgp cluster-id 1402 configure bgp confederation-id 1403 configure bgp delete aggregate-address 1404...
Page 35 Contents configure bgp peer-group no-dampening 1434 configure bgp peer-group route-reflector-client 1435 configure bgp peer-group send-community 1436 configure bgp peer-group password 1437 configure bgp peer-group remote-AS-number 1438 configure bgp peer-group route-map-filter 1439 configure bgp peer-group soft-reset 1440 configure bgp peer-group source-interface 1441 configure bgp peer-group timer 1442...
Page 36 Contents enable bgp neighbor soft-in-reset 1470 enable bgp peer-group 1471 enable bgp synchronization 1472 show bgp 1473 show bgp neighbor 1474 show bgp peer-group 1476 show bgp routes 1477 Chapter 19 IP Multicast Commands clear igmp group 1481 clear igmp snooping 1482 clear ipmc cache 1483...
Page 37 Contents configure pim crp static 1509 configure pim crp timer 1510 configure pim crp vlan access profile 1511 configure pim delete vlan 1512 configure pim register-rate-limit-interval 1513 configure pim register-suppress-interval register-probe-interval 1514 configure pim register-checksum-to 1515 configure pim spt-threshold 1516 configure pim timer vlan 1517 configure pim vlan trusted-gateway...
Page 38 Contents show igmp snooping filter 1545 show igmp snooping static group 1546 show ipmc cache 1547 show ipmc fdb 1548 show l2stats 1549 show mroute 1550 show pim 1551 show pim snooping 1552 unconfigure dvmrp 1553 unconfigure igmp 1554 unconfigure pim 1555 Chapter 20 IPX Commands...
Page 39 Contents configure ipxservice delete 1579 configure vlan xnetid 1580 disable ipxrip 1581 disable ipxsap 1582 disable ipxsap gns-reply 1583 disable type20 forwarding 1584 enable ipxrip 1585 enable ipxsap 1586 enable ipxsap gns-reply 1587 enable type20 forwarding 1588 show ipxconfig 1589 show ipxfdb 1590 show ipxrip...
Page 40 Contents show lpm 1615 Chapter 22 ATM Commands configure atm add pvc 1618 configure atm delete pvc 1620 configure atm scrambling 1622 show atm 1623 show atm pvc 1625 Chapter 23 PoS Commands configure aps 1628 configure aps add 1629 configure aps authenticate 1631 configure aps delete...
Page 41 Contents configure red 1662 configure red min-threshold ports 1664 configure sonet clocking ports 1665 configure sonet framing ports 1666 configure sonet loop 1667 configure sonet signal label ports 1668 configure sonet threshold signal degrade ports 1669 configure sonet threshold signal fail ports 1670 configure sonet trace path ports 1671...
Page 42 Contents configure ports e1 timeslots 1701 configure ports snmp alert 1702 configure ports t1 cablelength 1703 configure ports t1 fdl 1704 configure ports t1 framing 1705 configure ports t1 lbdetect 1706 configure ports t1 linecoding 1707 configure ports t1 yellow 1708 configure ports t3 cablelength 1709...
Page 43 Contents show multilink alarms 1737 show multilink e1 errors 1738 show multilink stats 1739 show multilink t1 errors 1740 show ports alarms 1741 show ports configuration 1742 show ports errors 1743 show ports e1 errors 1744 show ports info 1745 show ports stats 1746 show ppp...
Page 44 Contents configure mpls ldp advertise vlan 1781 configure mpls php 1782 configure mpls propagate-ip-ttl 1783 configure mpls qos-mapping 1785 configure mpls rsvp-te add lsp 1787 configure mpls rsvp-te add path 1788 configure mpls rsvp-te add profile 1790 configure mpls rsvp-te delete lsp 1793 configure mpls rsvp-te delete path 1794...
Page 45 Contents show mpls ldp acl 1832 show mpls 1833 show mpls forwarding 1834 show mpls interface 1836 show mpls label 1837 show mpls ldp 1839 show mpls qos-mapping 1841 show mpls rsvp-te 1842 show mpls rsvp-te lsp 1843 show mpls rsvp-te path 1844 show mpls rsvp-te profile 1845...
Page 46 Contents disable flow-control ports 1876 enable application examination ports 1877 enable diagnostics cable 1878 enable diffserv ingress replacement ports 1879 enable flow-control ports 1881 run diagnostics cable 1882 show application examination 1884 show diagnostics cable 1885 show ports egress-rate-limit 1888 show ports ingress stats 1890 show qosprofile ingress...
Page 47 Contents reset inline-power ports 1918 show inline-power 1919 show inline-power configuration port 1921 show inline-power configuration slot 1923 show inline-power info 1925 show inline-power slot 1928 show inline-power stats ports 1929 show inline-power stats slot 1931 unconfig inline-power backup-source slot 1932 unconfig inline-power detection ports 1933...
Page 48 Contents configure mpls vpls 1964 configure mpls vpls add 1966 configure mpls vpls add peer 1968 configure mpls vpls delete 1971 configure mpls vpls delete peer 1972 configure mpls vpls peer 1973 mplsping 1974 mplstrace 1976 show fdb vpls 1978 show mpls health-check mplsping 1979 show mpls health-check vplsping...
Page 49 Contents configure wireless ports detected-station-timeout 2008 configure wireless ports force-disassociation 2009 configure wireless ports health-check 2010 configure wireless ports interface ap-scan added-trap 2011 configure wireless ports interface ap-scan off-channel 2012 configure wireless ports interface ap-scan off-channel max-wait 2013 configure wireless ports interface ap-scan off-channel min-wait 2014 configure wireless ports interface ap-scan probe-interval 2015...
Page 50 Contents disable wireless ports interface 2044 disable wireless ports interface ap-scan 2045 disable wireless ports interface ap-scan off-channel 2046 disable wireless ports interface client-history 2047 disable wireless ports interface client-scan 2048 disable wireless ports interface iapp 2049 disable wireless ports interface svp 2050 disable wireless ports time 2051...
Page 51 Contents show wireless ports interface client-scan results mac-address 2092 show wireless ports interface client-scan status 2093 show wireless ports interface configuration 2095 show wireless ports interface rf-status 2098 show wireless ports interface security-status 2100 show wireless ports interface stats 2102 show wireless ports interface status 2103 show wireless ports log...
Page 52 Contents configure debug-trace dvmrp-hello 2142 configure debug-trace dvmrp-message 2144 configure debug-trace dvmrp-neighbor 2145 configure debug-trace dvmrp-route 2146 configure debug-trace dvmrp-timer 2148 configure debug-trace eaps-system 2149 configure debug-trace flow-redirect 2151 configure debug-trace flowstats 2153 configure debug-trace health-check 2154 configure debug-trace iparp 2157 configure debug-trace ipxgns-message 2159...
Page 53 Contents configure debug-trace slb-failover 2193 configure debug-trace transceiver-test 2194 configure debug-trace udp-forwarding 2196 configure debug-trace vrrp 2197 configure debug-trace vrrp-hello 2198 configure diagnostics 2200 configure reboot-loop-protection 2202 configure system-dump server 2203 configure system-dump timeout 2204 disable log debug-mode 2205 enable log debug-mode 2206 nslookup 2207...
Page 54 Contents ExtremeWare Software 7.3.0 Command Reference Guide...
Page 55 This guide is intended for use as a reference by network administrators who are responsible for installing and setting up network equipment. It assumes knowledge of Extreme Networks switch configuration. For conceptual information and guidance on configuring Extreme Networks switches, see the ExtremeWare Software User Guide for your version of the ExtremeWare software.
Page 56: Related Publications
The publications related to this one are: • ExtremeWare release notes • ExtremeWare Software User Guide • Extreme Networks Consolidated “i” Series Hardware Installation Guide Documentation for Extreme Networks products is available on the World Wide Web at the following location: http://www.extremenetworks.com/ Using ExtremeWare Publications Online You can access ExtremeWare publications by downloading them from the Extreme Networks World Wide Web location or from your ExtremeWare product CD.
Page 57 Related Publications NOTE ® If you are using Adobe Reader or Adobe Acrobat Version 6.0 or later to view PDF files, see “Using Adobe Reader Version 6.0” in this section for important information on making a configuration adjustment to ensure proper viewing and linking of PDF files. The following two ExtremeWare publications are available as PDF files that are designed to be used online together: •...
Page 58 Preface Open cross-document links in same window To deselect this option, make sure that the check box next to it is unchecked. 5 Click OK. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 59 ExtremeWare version 7.3.0. NOTE ExtremeWare 7.3.0 only supports Extreme Networks products that contain the “i” or “3” series chipset. This includes the BlackDiamond, Alpine, and Summit “i” series platforms, but does not include the Summit e-series and Summit 200 series platforms.
Page 60 Command Reference Overview • Server Load Balancing (SLB) concepts • Simple Network Management Protocol (SNMP) This guide also assumes that you have read the Installation and User Guide for your product. Structure of this Guide This guide documents each ExtremeWare command. Related commands are grouped together and organized into chapters based on their most common usage.
Page 61: Understanding The Command Syntax
Understanding the Command Syntax Understanding the Command Syntax When entering a command at the prompt, ensure that you have the appropriate privilege level. Most configuration commands require you to have the administrator privilege level. You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself.
Page 62: Command Shortcuts
Command Reference Overview Abbreviated Syntax Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command or parameter. Typically, this is the first three letters of the command. If you do not enter enough letters to allow the switch to determine which command you mean, the syntax helper will provide a list of the options based on the portion of the command you have entered.
Page 63 Line-Editing Keys You can specify all ports on a particular slot. For example, port 3:* indicates all ports on slot 3. You can specify a range of slots and ports. For example, port 2:3-4:5 indicates slot 2, port 3 through slot 4, port 5. Stand-alone Switch Numerical Ranges Commands that require you to enter one or more port numbers on a stand-alone switch use the parameter...
Page 64: Command History
Command Reference Overview Command History ExtremeWare “remembers” the last 49 commands you entered. You can display a list of these commands by using the following command: history ExtremeWare Software 7.3.0 Command Reference Guide...
Page 65: Commands For Accessing The Switch
Commands for Accessing the Switch This chapter describes: • Commands used for accessing and configuring the switch including how to set up user accounts, passwords, date and time settings, and software licenses • Commands used for configuring the Domain Name Service (DNS) client •...
Page 66: Clear Session
Commands for Accessing the Switch clear session clear session <number> Description Terminates a Telnet, SSH, NetLogin, or Console session from the switch. Syntax Description number Specifies a session number from show session output to terminate. Default N/A. Usage Guidelines An administrator-level account can disconnect a management session that has been established by way of a Telnet connection.
Page 67: Configure Account
configure account configure account configure account <user account> {encrypted} {<password>} Description Configures a user account password. Syntax Description user account Specifies a user account name. encrypted This option is for use only by the switch when generating an ASCII configuration file. Specifies that the password should be encrypted when the configuration is uploaded to a file.
Page 68 Commands for Accessing the Switch Example The following command defines a new password for the account admin: configure account admin The switch responds with a password prompt: password: Your keystrokes will not be echoed as you enter the new password. After you enter the password, the switch will then prompt you to reenter it.
Page 69: Configure Banner
configure banner configure banner configure banner Description Configures the banner string that is displayed at the beginning of each login prompt of each session. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Press [Return] at the beginning of a line to terminate the command and apply the banner. To clear the banner, press [Return] at the beginning of the first line.
Page 70: Configure Banner Netlogin
Commands for Accessing the Switch configure banner netlogin configure banner netlogin Description Configures the network login banner that is displayed at the beginning of each login prompt of each session. Syntax Description This command has no arguments or variables. Default N/A.
Page 71: Configure Dns-Client Add
configure dns-client add configure dns-client add configure dns-client add <ipaddress> Description Adds a DNS name server to the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines Up to three DNS name servers can be configured in ExtremeWare versions prior to 6.2.1. In ExtremeWare 6.2.1 and later, eight DNS name servers can be configured.
Page 72: Configure Dns-Client Add Domain-Suffix
Commands for Accessing the Switch configure dns-client add domain-suffix configure dns-client add domain-suffix <domain_name> Description Adds a domain name to the domain suffix list. Syntax Description domain_name Specifies a domain name. Default N/A. Usage Guidelines The domain suffix list can include up to six items. If the use of all previous names fails to resolve a name, the most recently added entry on the domain suffix list will be the last name used during name resolution.
Page 73: Configure Dns-Client Add Name-Server
configure dns-client add name-server configure dns-client add name-server configure dns-client add name-server <ipaddress> Description Adds a DNS name server to the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines Up to three DNS name servers can be configured in ExtremeWare versions prior to 6.2.1. In ExtremeWare 6.2.1 and later, eight DNS name servers can be configured.
Page 74: Configure Dns-Client Default-Domain
Commands for Accessing the Switch configure dns-client default-domain configure dns-client default-domain <domain_name> Description Configures the domain that the DNS client uses if a fully qualified domain name is not entered. Syntax Description domain_name Specifies a default domain name. Default N/A. Usage Guidelines Sets the DNS client default domain name to .
Page 75: Configure Dns-Client Delete
configure dns-client delete configure dns-client delete configure dns-client delete <ipaddress> Description Removes a DNS name server from the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines None Example The following command removes a DNS server from the list: configure dns-client delete 10.1.2.1 History This command was first available in ExtremeWare 4.0.
Page 76: Configure Dns-Client Delete Domain-Suffix
Commands for Accessing the Switch configure dns-client delete domain-suffix configure dns-client delete domain-suffix <domain_name> Description Deletes a domain name from the domain suffix list. Syntax Description domain_name Specifies a domain name. Default N/A. Usage Guidelines This command randomly removes an entry from the domain suffix list. If the deleted item was not the last entry in the list, all items that had been added later are moved up in the list.
Page 77: Configure Dns-Client Delete Name-Server
configure dns-client delete name-server configure dns-client delete name-server configure dns-client delete name-server <ipaddress> Description Removes a DNS name server from the available server list for the DNS client. Syntax Description ipaddress Specifies an IP address. Default N/A. Usage Guidelines None. Example The following command removes a DNS server from the list: configure dns-client delete name-server 10.1.2.1...
Page 78: Configure Idletimeouts
Commands for Accessing the Switch configure idletimeouts configure idletimeouts <minutes> Description Configures the time-out for idle HTTP, console, and Telnet sessions. Syntax Description minutes Specifies the time-out interval, in minutes. Range is 1 to 240 (1 minute to 4 hours). Default Default time-out is 20 minutes.
Page 79: Configure Time
configure time configure time configure time <date> <time> Description Configures the system date and time. Syntax Description date Specifies the date in mm/dd/yyyy format. time Specifies the time in hh:mm:ss format. Default N/A. Usage Guidelines The format for the system date and time is as follows: mm/dd/yyyy hh:mm:ss The time uses a 24-hour clock format.
Page 80: Configure Timezone
Commands for Accessing the Switch configure timezone configure timezone {name <std_timezone_ID>} <GMT_offset> {autodst {name <dst_timezone_ID>} {<dst_offset>} {begins [every <floatingday> | on <absoluteday>] {at <time_of_day>} {ends [every <floatingday> | on <absoluteday>] {at <time_of_day>}}} | noautodst} Description Configures the Greenwich Mean Time (GMT) offset and Daylight Saving Time (DST) preference. Syntax Description GMT_offset Specifies a Greenwich Mean Time (GMT) offset, in + or - minutes.
Page 81 configure timezone Usage Guidelines Network Time Protocol (NTP) server updates are distributed using GMT time. To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to GMT based on geographic location. is specified in +/- minutes from the GMT time.
Page 82 Commands for Accessing the Switch Table 5: Greenwich Mean Time Offsets (Continued) GMT Offset GMT Offset in Hours in Minutes Common Time Zone References Cities -5:00 -300 EST - Eastern Standard Bogota, Columbia; Lima, Peru; New York, NY, Trevor City, MI USA -6:00 -360 CST - Central Standard...
Page 83 configure timezone Example The following command configures GMT offset for Mexico City, Mexico and disables automatic DST: configure timezone -360 noautodst The following four commands are equivalent, and configure the GMT offset and automatic DST adjustment for the US Eastern timezone, with an optional timezone ID of EST: configure timezone name EST -300 autodst name EDT 60 begins every first sunday april at 2:00 ends every last sunday october at 2:00 configure timezone name EST -300 autodst name EDT 60 begins every 1 1 4 at 2:00 ends...
Page 84: Create Account
Commands for Accessing the Switch create account create account [admin | user] <username> {encrypted} {<password>} Description Creates a new user account. Syntax Description admin Specifies an access level for account type admin. user Specifies an access level for account type user. username Specifies a new user account name.
Page 85 create account For ExtremeWare 4.x and higher: • Admin-level users and users with RADIUS command authorization can use the create account command. For ExtremeWare 4.x: • User account name specifications are not available. • Passwords must have a minimum of 4 characters and can have a maximum of 12 characters. •...
Page 86: Delete Account
Commands for Accessing the Switch delete account delete account <username> Description Deletes a specified user account. Syntax Description username Specifies a user account name. Default N/A. Usage Guidelines Use the command to determine which account you want to delete from the system. The show accounts show accounts output displays the following information in a tabular format: •...
Page 87 delete account Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 88: Disable Clipaging
Commands for Accessing the Switch disable clipaging disable clipaging Description Disables pausing at the end of each show screen. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The command line interface (CLI) is designed for use in a VT100 environment. Most command show output will pause when the display reaches the end of a page.
Page 89: Disable Idletimeouts
disable idletimeouts disable idletimeouts disable idletimeouts Description Disables the timer that disconnects idle sessions from the switch. Syntax Description This command has no arguments or variables. Default Enabled. Timeout 20 minutes. Usage Guidelines When idle time-outs are disabled, console sessions remain open until the switch is rebooted or you logoff.
Page 90: Enable Clipaging
Commands for Accessing the Switch enable clipaging enable clipaging Description Enables the pause mechanism and does not allow the display to print continuously to the screen. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The command line interface (CLI) is designed for use in a VT100 environment. Most command show output will pause when the display reaches the end of a page.
Page 91: Enable Idletimeouts
enable idletimeouts enable idletimeouts enable idletimeouts Description Enables a timer that disconnects Telnet and console sessions after 20 minutes of inactivity. Syntax Description This command has no arguments or variables. Default Enabled. Timeout 20 minutes. Usage Guidelines You can use this command to ensure that a Telnet, HTTP, or console session is disconnected if it has been idle for the required length of time.
Page 92: Enable License
Commands for Accessing the Switch enable license enable license [basic_L3 | advanced_L3 | full_L3 ] <license_key> Description Enables a particular software feature license. Syntax Description basic_L3 Specifies a basic L3 license. (4.x only) advanced_L3 Specifies an advanced L3 license. (4.x only) full_L3 Specifies a full L3 license.
Page 93: History
history history history Description Displays a list of the previous 49 commands entered on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines ExtremeWare “remembers” the last 49 commands you entered on the switch. Use the history command to display a list of these commands.
Page 94: Reboot
Commands for Accessing the Switch reboot reboot {time <date> <time> | cancel} {slot <slot number> | msm-a | msm-b} Description Reboots the switch or the module in the specified slot at a specified date and time. Syntax Description date Specifies a reboot date in mm/dd/yyyy format. time Specifies a reboot time in hh:mm:ss format.
Page 95 reboot reboot time 10/04/2001 10,46,00 slot 5 History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 7.0.0 to include the option. slot This command was modified in ExtremeWare 7.1.0 to include the options. msm-a msm-b Platform Availability This command is available on all platforms.
Page 96: Show Accounts Pppuser
Commands for Accessing the Switch show accounts pppuser show accounts pppuser Description Displays user account information for all users on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines You need to create a user account using the command before you can display user create account account information.
Page 97 show accounts pppuser Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 98: Show Banner
Use this command to view the banner that is displayed before the login prompt. Example The following command displays the switch banner: show banner Output from this command looks similar to the following: Extreme Networks Summit48i Layer 3 Switch ######################################################### Unauthorized Access is strictly prohibited. Violators will be persecuted ######################################################### History This command was first available in ExtremeWare 2.0.
Page 99: Show Dns-Client
show dns-client show dns-client show dns-client Description Displays the DNS configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the DNS configuration: show dns-client Output from this command looks similar to the following: Number of domain suffixes: 2 Domain Suffix 1: njudah.local...
Page 100: Show Switch
Commands for Accessing the Switch show switch show switch Description Displays the current switch information. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Viewing statistics on a regular basis allows you to see how well your network is performing. If you keep simple daily records, you will see trends emerging and notice problems arising before they cause major network faults.
Page 101 Example The following command displays current switch information: show switch Output from this command looks similar to the following: SysName: Alpine3804 SysLocation: Extreme Networks HQ SysContact: Carlos_Beronio System MAC: 00:01:30:23:C1:00 License: Full L3 System Mode: 802.1Q EtherType is 8100 (Hex).
Page 102 Commands for Accessing the Switch Secondary EW Ver: 7.1.0b34 [non-ssh] Module Image Selected Image Booted ------ -------------- ------------ Secondary Secondary Slot 2 (WM4T1) Secondary Secondary Config Selected: Primary Config Booted: Primary Primary Config: Created by EW Version: 7.1.0 Build 34 [38] 7928 bytes saved on Wed Jun 4 11:54:03 2003 Secondary Config: Created by EW Version:...
Page 103: Traceroute
traceroute traceroute traceroute <host name/ip> {from <source IP address>} {ttl <number>} {port <port number>} Description Enables you to trace the routed path between the switch and a destination endstation. Syntax Description host name/ip Specifies the hostname or IP address of the destination endstation. from <source IP address>...
Page 104 Commands for Accessing the Switch ExtremeWare Software 7.3.0 Command Reference Guide...
Page 105: Commands For Managing The Switch
Commands for Managing the Switch This chapter describes: • Commands for configuring Simple Network Management Protocol (SNMP) parameters on the switch • Commands for managing the switch using Telnet and web access • Commands for configuring Simple Network Time Protocol (SNTP) parameters on the switch SNMP Any network manager running the Simple Network Management Protocol (SNMP) can manage the switch, if the Management Information Base (MIB) is installed correctly on the management station.
Page 106: Simple Network Time Protocol
Commands for Managing the Switch • SNMP read access—The ability to read SNMP information can be restricted through the use of an access profile. An access profile permits or denies a named list of IP addresses and subnet masks. • SNMP read/write access—The ability to read and write SNMP information can be restricted through the use of an access profile.
Page 107: Configure Snmp Access-Profile Readonly
configure snmp access-profile readonly configure snmp access-profile readonly configure snmp access-profile readonly [<access-profile> | none] Description Assigns an access profile that limits which stations have read-only access to the switch. Syntax Description access-profile Specifies a user defined access profile. none Cancels a previously configured access profile.
Page 108 Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 109: Configure Snmp Access-Profile Readwrite
configure snmp access-profile readwrite configure snmp access-profile readwrite configure snmp access-profile readwrite [<access-profile> | none] Description Assigns an access profile that limits which stations have read/write access to the switch. Syntax Description access-profile Specifies a user defined access profile. none Cancels a previously configured access profile.
Page 110 Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 111: Configure Snmp Add Community
configure snmp add community configure snmp add community configure snmp add community [readonly | readwrite] {encrypted} <alphanumeric string> Description Adds an SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies encryption, for use only by the switch when uploading or downloading a configuration.
Page 112 Commands for Managing the Switch History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 113: Configure Snmp Add Trapreceiver
Specifies that BGP traps will be sent to the trap receiver. extreme-traps Specifies that Extreme Networks specific traps will be sent to the trap receiver. link-up-down-traps Specifies that link state traps will be sent to the trap receiver. ospf-traps Specifies that OSPF traps will be sent to the trap receiver.
Page 114 Commands for Managing the Switch specific trap group. If no trap groups are specified, all traps will be sent to the receiver. Entries in this list can be created, modified, and deleted using the RMON2 trapDestTable MIB variable, as described in RFC 2021.
Page 115 The following command adds port 9990 at the IP address 10.203.0.22 as a trap receiver with the community string public, and the receiver should be sent standard traps for the trap groups for BGP and Extreme Networks: ExtremeWare Software 7.3.0 Command Reference Guide...
Page 116 Commands for Managing the Switch configure snmp add trapreceiver ipaddress 10.203.0.22 port 9990 community public mode standard trap-group extreme-traps, bgp-traps History This command was first available in ExtremeWare 1.0. This command was modified in ExtremeWare 6.2.1 to support the , and source ( port community from...
Page 117: Configure Snmp Community
configure snmp community configure snmp community configure snmp community [readonly | readwrite] {encrypted} <alphanumeric string> Description Configures the value of the default SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies encryption, for use only by the switch when uploading or downloading a configuration.
Page 118 Commands for Managing the Switch History This command was first available in ExtremeWare 1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 119: Configure Snmp Delete Community
configure snmp delete community configure snmp delete community configure snmp delete community [readonly | readwrite] {encrypted} [all | <alphanumeric string>] Description Deletes an SNMP read or read/write community string. Syntax Description readonly Specifies read-only access to the system. readwrite Specifies read and write access to the system. encrypted Specifies an encrypted option.
Page 120 Commands for Managing the Switch Example The following command deletes a read/write community string named extreme: configure snmp delete community readwrite extreme History This command was first available in ExtremeWare 2.0. Support for the parameter was discontinued in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
Page 121: Configure Snmp Delete Trapreceiver
configure snmp delete trapreceiver configure snmp delete trapreceiver configure snmp delete trapreceiver [{<ip address> {port <number>}} | {all}] Description Deletes a specified trap receiver or all authorized trap receivers. Syntax Description ip address Specifies an SNMP trap receiver IP address. port <number>...
Page 122: Configure Snmp Syscontact
Commands for Managing the Switch configure snmp sysContact configure snmp syscontact <alphanumeric string> Description Configures the name of the system contact. Syntax Description alphanumeric string Specifies a system contact name. Default N/A. Usage Guidelines The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch.
Page 123: Configure Snmp Syslocation
configure snmp sysLocation configure snmp sysLocation configure snmp syslocation <alphanumeric string> Description Configures the location of the switch. Syntax Description alphanumeric string Specifies the switch location. Default N/A. Usage Guidelines Use this command to indicate the location of the switch. A maximum of 255 characters is allowed. To view the location of the switch on the switch, use the command.
Page 124: Configure Snmp Sysname
Commands for Managing the Switch configure snmp sysName configure snmp sysname <alphanumeric string> Description Configures the name of the switch. Syntax Description alphanumeric string Specifies a device name. Default The default is the model name of the device (for example, sysname Summit1 Usage Guidelines...
Page 125: Configure Snmpv3 Add Access
configure snmpv3 add access configure snmpv3 add access configure snmpv3 add access {hex} <group name> {sec-model [snmpv1 | snmpv2 | usm]} {sec-level [noauth | authnopriv | authpriv]} {read-view {hex} <view name>} { write-view {hex} <view name>} {notify-view {hex} <view name>} {volatile} Description Create (and modify) a group and its access rights.
Page 126 Commands for Managing the Switch • The default groups defined (permanent) are v1v2c_ro for security names snmpv1 and snmpv2c, v1v2c_rw for security names snmpv1 and snmpv2c, admin for security name admin, and initial for security names initial, initialmd5, initialsha, initialmd5Priv and initialshaPriv. •...
Page 127: Configure Snmpv3 Add Community
configure snmpv3 add community configure snmpv3 add community configure snmpv3 add community {hex} <community index> name {hex} <community name> user {hex} <user name> {tag {hex} <transport tag>} {volatile} Description Add an SNMPv3 community entry. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 128: Configure Snmpv3 Add Filter
Commands for Managing the Switch configure snmpv3 add filter configure snmpv3 add filter {hex} <profile name> subtree <object identifier> {/<subtree mask>} type [included | excluded] {volatile} Description Add a filter to a filter profile. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 129: Configure Snmpv3 Add Filter-Profile
configure snmpv3 add filter-profile configure snmpv3 add filter-profile configure snmpv3 add filter-profile {hex} <profile name> param {hex} <param name> {volatile} Description Associate a filter profile with a parameter name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 130: Configure Snmpv3 Add Group User
Commands for Managing the Switch configure snmpv3 add group user configure snmpv3 add group {hex} <group name> user {hex} <user name> {sec-model [snmpv1| snmpv2 | usm]} {volatile} Description Add a user name (security name) to a group. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 131 configure snmpv3 add group user History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 132: Configure Snmpv3 Add Mib-View
Commands for Managing the Switch configure snmpv3 add mib-view configure snmpv3 add mib-view {hex} <view name> subtree <object identifier> {/<subtree mask>} {type [included | excluded]} {volatile} Description Add (and modify) a MIB view. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 133 configure snmpv3 add mib-view History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 134: Configure Snmpv3 Add Notify
Commands for Managing the Switch configure snmpv3 add notify configure snmpv3 add notify {hex} <notify name> tag {hex} <tag> {volatile} Description Add an entry to the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 135: Configure Snmpv3 Add Target-Addr
configure snmpv3 add target-addr configure snmpv3 add target-addr configure snmpv3 add target-addr {hex} <addr name> param {hex} <param name> ipaddress <ip address> {transport-port <port>} {from <source IP address>} {tag-list {hex} <tag>, {hex} <tag>, ...} {volatile} Description Add and configure an SNMPv3 target address and associate filtering, security, and notifications with that address.
Page 136 Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 137: Configure Snmpv3 Add Target-Params
configure snmpv3 add target-params configure snmpv3 add target-params configure snmpv3 add target-params {hex} <param name> user {hex} <user name> mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile} Description Add and configure SNMPv3 target parameters. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 138 Commands for Managing the Switch configure snmpv3 add target-params P1 user guest mp-model snmpv2c sec-model snmpv2c sec-level noauth History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 139: Configure Snmpv3 Add User
configure snmpv3 add user configure snmpv3 add user configure snmpv3 add user {hex} <user name> {authentication [md5 | sha] [hex <hex octet> | <password>]} {privacy [hex <hex octet> | <password>]} {volatile} Description Add (and modify) an SNMPv3 user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 140 Commands for Managing the Switch Use the following command to configure the user authMD5 to use authentication with the password palertyu:· configure snmpv3 add user authMD5 authentication md5 palertyu Use the following command to configure the user authSHApriv to use authentication with the hex key shown below, the privacy password palertyu, and storage:...
Page 141: Configure Snmpv3 Add User Clone-From
configure snmpv3 add user clone-from configure snmpv3 add user clone-from configure snmpv3 add user {hex} <user name> clone-from {hex} <user name> Description Create a new user by cloning from an existing SNMPv3 user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 142: Configure Snmpv3 Delete Access
Commands for Managing the Switch configure snmpv3 delete access configure snmpv3 delete access [all-non-defaults | {{hex} <group name> {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv | priv]}}] Description Delete access rights for a group. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) security groups are to be deleted.
Page 143 configure snmpv3 delete access The following command deletes the group userGroup with the security model and security level snmpv1 of authentication and no privacy ( authnopriv configure snmpv3 delete access userGroup sec-model snmpv1 sec-level authnopriv History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
Page 144: Configure Snmpv3 Delete Community
Commands for Managing the Switch configure snmpv3 delete community configure snmpv3 delete community [all-non-defaults | {{hex} <community index>} | {name {hex} <community name> }] Description Delete an SNMPv3 community entry. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 145: Configure Snmpv3 Delete Filter
configure snmpv3 delete filter configure snmpv3 delete filter configure snmpv3 delete filter [all | [{hex} <profile name> {subtree <object identifier>}]] Description Delete a filter from a filter profile. Syntax Description Specifies all filters. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 146: Configure Snmpv3 Delete Filter-Profile
Commands for Managing the Switch configure snmpv3 delete filter-profile configure snmpv3 delete filter-profile [all |[{hex}<profile name> {param {hex}<param name>}]] Description Remove the association of a filter profile with a parameter name. Syntax Description Specifies all filter profiles. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 147: Configure Snmpv3 Delete Group User
configure snmpv3 delete group user configure snmpv3 delete group user configure snmpv3 delete group {{hex} <group name>} user [all-non-defaults | {{hex} <user name> {sec-model [snmpv1|snmpv2c|usm]}}] Description Delete a user name (security name) from a group. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 148 Commands for Managing the Switch Use the following command to delete the user guest from the group userGroup with the security model configure snmpv3 delete group userGroup user guest History This command was first available in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
Page 149: Configure Snmpv3 Delete Mib-View
configure snmpv3 delete mib-view configure snmpv3 delete mib-view configure snmpv3 delete mib-view [all-non-defaults | {{hex} <view name> {subtree <object identifier>}}] Description Delete a MIB view. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) MIB views are to be deleted. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 150: Configure Snmpv3 Delete Notify
Commands for Managing the Switch configure snmpv3 delete notify configure snmpv3 delete notify [{{hex} <notify name>} | all-non-defaults] Description Delete an entry from the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 151: Configure Snmpv3 Delete Target-Addr
configure snmpv3 delete target-addr configure snmpv3 delete target-addr configure snmpv3 delete target-addr [{{hex} <addr name>} | all] Description Delete SNMPv3 target addresses. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. addr name Specifies a string identifier for the target address.
Page 152: Configure Snmpv3 Delete Target-Params
Commands for Managing the Switch configure snmpv3 delete target-params configure snmpv3 delete target-params [{{hex} <param name>} | all] Description Delete SNMPv3 target parameters. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 153: Configure Snmpv3 Delete User
configure snmpv3 delete user configure snmpv3 delete user configure snmpv3 delete user [all-non-defaults | {hex} <user name>] Description Delete an existing SNMPv3 user. Syntax Description all-non-defaults Specifies that all non-default (non-permanent) users are to be deleted. Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 154: Configure Snmpv3 Engine-Boots
Commands for Managing the Switch configure snmpv3 engine-boots configure snmpv3 engine-boots <(1-2147483647)> Description Configures the SNMPv3 Engine Boots value. Syntax Description (1-2147483647) Specifies the value of engine boots. Default N/A. Usage Guidelines Use this command if the Engine Boots value needs to be explicitly configured. Engine Boots and Engine Time will be reset to zero if the Engine ID is changed.
Page 155: Configure Snmpv3 Engine-Id
Use this command if the needs to be explicitly configured. The first four octets of the ID snmpEngineID are fixed to 80:00:07:7C,which represents Extreme Networks Vendor ID. Once the snmpEngineID changed, default users will be reverted back to their original passwords/keys, while non-default users will be reset to the security level of no authorization, no privacy.
Page 156: Configure Snmpv3 Target-Addr-Ext
Commands for Managing the Switch configure snmpv3 target-addr-ext configure snmpv3 target-addr-ext {hex} <addr name> mode [standard | enhanced] {ignore-mp-model} {ignore-event-community} Description Configure an entry in the extremeTargetAddrExtTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 157 configure snmpv3 target-addr-ext Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 158: Configure Sntp-Client Server
Commands for Managing the Switch configure sntp-client server configure sntp-client [primary | secondary] server <host name/ip>] Description Configures an NTP server for the switch to obtain time information. Syntax Description primary Specifies a primary server name. secondary Specifies a secondary server name. host name/ip Specifies a host name or IP address.
Page 159: Configure Sntp-Client Update-Interval
configure sntp-client update-interval configure sntp-client update-interval configure sntp-client update-interval <seconds> Description Configures the interval between polls for time information from SNTP servers. Syntax Description seconds Specifies an interval in seconds. Default 64 seconds. Usage Guidelines None. Example The following command configures the interval timer: configure sntp-client update-interval 30 History This command was first available in ExtremeWare 4.0.
Page 160: Configure Web Login-Timeout
Commands for Managing the Switch configure web login-timeout configure web login-timeout <seconds> Description Configures the timeout for user to enter username/password in the pop-up window. Syntax Description seconds Specifies an interval in seconds, where <seconds> can range from 30 seconds to 10 minutes (600 seconds). Default 30 seconds.
Page 161: Disable Alt-Queue-Management
disable alt-queue-management disable alt-queue-management disable alt-queue-management Description Disables the Alternative Queue Management (Alt-Queue Management). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines The following command enables Alt-Queue Management: enable alt-queue-management To disable the Alt-Queue Management feature for the next boot, use the following command: disable alt-queue-management Example The following command disables Alt-Queue Management:...
Page 162: Disable Snmp Access
Commands for Managing the Switch disable snmp access disable snmp access {snmp-v1v2c} Description Selectively disables SNMP on the switch. Syntax Description snmp-v1v2c Disables SNMPv1/v2c access only; does not affect SNMPv3 access. Default Enabled. Usage Guidelines Disabling SNMP access does not affect the SNMP configuration (for example, community strings). However, if you disable SNMP access, you will be unable to access the switch using SNMP.
Page 163: Disable Snmp Dot1Dtpfdbtable
disable snmp dot1dTpFdbTable disable snmp dot1dTpFdbTable disable snmp dot1dTpFdbTable Description Disables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SNMP Get responses are not affected by this command. To view the configuration of the dot1dTpFdb table on the switch, use the command.
Page 164: Disable Snmp Traps
Commands for Managing the Switch disable snmp traps disable snmp traps Description Prevents SNMP traps from being sent from the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines This command does not clear the SNMP trap receivers that have been configured. The command prevents SNMP traps from being sent from the switch even if trap receivers are configured.
Page 165: Disable Snmp Traps Exceed-Committed-Rate Ports
disable snmp traps exceed-committed-rate ports disable snmp traps exceed-committed-rate ports disable snmp traps exceed-committed-rate ports <portlist> {<Ingress QOS Profile>} Description Prevents SNMP traps from being sent from the indicated ports on the switch. Syntax Description “3” portlist Specifies a list of series I/O module ports (in the form 2:*, 2:5, or 2:6-2:8).
Page 166: Disable Snmp Traps Port-Up-Down
Commands for Managing the Switch disable snmp traps port-up-down disable snmp traps port-up-down ports [all | mgmt | <portlist>] Description Prevents SNMP port up/down traps (also known as link up and link down traps) from being sent from the switch for the indicated ports. Syntax Description Specifies that no link up/down traps should be sent for all ports.
Page 167: Disable Snmp Traps Mac-Security
disable snmp traps mac-security disable snmp traps mac-security disable snmp traps mac-security Description Prevents SNMP mac-security traps from being sent from the switch for all ports. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the configure ports <portlist> limit-learning command. That command configures a limit on the number of MAC addresses that can be learned on a port(s).
Page 168: Disable Sntp-Client
Commands for Managing the Switch disable sntp-client disable sntp-client Description Disables the SNTP client. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server.
Page 169: Disable System-Watchdog
disable system-watchdog disable system-watchdog disable system-watchdog Description Disables the system watchdog timer. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to the system log.
Page 170: Disable Telnet
Commands for Managing the Switch disable telnet disable telnet Description Disables Telnet services on the system. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines You must be logged in as an administrator to enable or disable Telnet. Example With administrator privilege, the following command disables Telnet services on the switch: disable telnet...
Page 171: Disable Web
disable web disable web disable web Description Disables web access to the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines You can use this command to disable web access to the switch. If you are using ExtremeWare Vista for web access, you must create and configure an access profile before you can use this option.
Page 172: Enable Alt-Queue-Management
Commands for Managing the Switch enable alt-queue-management enable alt-queue-management Description Enables the Alternative Queue Management (Alt-Queue Management). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Use this command to enable the Alt-Queue Management feature for the next boot. Configuring the feature does not affect the queue management of the current boot.
Page 173 enable alt-queue-management Use the following command to disable Alt-Queue Management: disable alt-queue-management Example The following command configures Alt-Queue Management: enable alt-queue-management History This command was available in ExtremeWare 7.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 174: Enable Dhcp Ports Vlan
Commands for Managing the Switch enable dhcp ports vlan enable dhcp ports <portlist> vlan <vlan name> Description Enables DHCP on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which DHCP should be enabled. vlan_name Specifies the VLAN on whose ports DHCP should be enabled. Default N/A.
Page 175: Enable Snmp Access
enable snmp access enable snmp access enable snmp access Description Turns on SNMP support for SNMPv3 and v1/v2c on the switch. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address assigned to it.
Page 176 Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 177: Enable Snmp Dot1Dtpfdbtable
enable snmp dot1dTpFdbTable enable snmp dot1dTpFdbTable enable snmp dot1dTpFdbTable Description Enables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SNMP Get responses are not affected by this command. To view the configuration of the dot1dTpFdb table on the switch, use the command.
Page 178: Enable Snmp Traps
Commands for Managing the Switch enable snmp traps enable snmp traps Description Turns on SNMP trap support. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines An authorized trap receiver can be one or more network management stations on your network. The switch sends SNMP traps to all trap receivers.
Page 179: Enable Snmp Traps Exceed-Committed-Rate Ports
enable snmp traps exceed-committed-rate ports enable snmp traps exceed-committed-rate ports enable snmp traps exceed-committed-rate ports <portlist> {<Ingress QOS Profile>} Description Enables SNMP traps for the condition when ingress traffic has exceeded the configured committed-rate and is either being dropped, or is in danger of being dropped, on the indicated ports. Syntax Description “3”...
Page 180 Commands for Managing the Switch History This command was first available in ExtremeWare 7.2. Platform Availability This command is available on “3” series I/O modules only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 181: Enable Snmp Traps Port-Up-Down
enable snmp traps port-up-down enable snmp traps port-up-down enable snmp traps port-up-down ports [all | mgmt | <portlist>] Description Enables SNMP port up/down traps (also known as link up and link down traps) for the indicated ports. Syntax Description Specifies that link up/down traps should be sent for all ports. This does not include the management port which must be explicitly specified.
Page 182: Enable Snmp Traps Mac-Security
Commands for Managing the Switch enable snmp traps mac-security enable snmp traps mac-security Description Enables SNMP mac-security traps for all ports to be sent by the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command should be used in conjunction with the configure ports <portlist>...
Page 183: Enable Sntp-Client
enable sntp-client enable sntp-client enable sntp-client Description Enables the SNTP client. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server.
Page 184: Enable System-Watchdog
Commands for Managing the Switch enable system-watchdog enable system-watchdog Description Enables the system watchdog timer. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to the system log.
Page 185: Enable Telnet
enable telnet enable telnet enable telnet {access-profile [<access_profile> | none]} {port <tcp_port_number>} Description Enables Telnet access to the switch. Syntax Description access profile Specifies an access profile. (6.0, 6.1) none Cancels a previously configured access profile. (6.0, 6.1) port Specifies a TCP port number. (6.0, 6.1) Default Telnet is enabled with no access profile and uses TCP port number 23.
Page 186 Commands for Managing the Switch History This command was first available in ExtremeWare 2.0. Support for the , and parameters was introduced in ExtremeWare 6.0. access profile none port Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 187: Enable Web
enable web enable web enable web {access-profile [<access_profile> | none]} {port <tcp_port_number>} Description Enables ExtremeWare Vista web access to the switch. Syntax Description access profile Specifies an access profile. (6.0, 6.1) none Cancels a previously configured access profile. (6.0, 6.1) port Specifies a TCP port number.
Page 188: Exit
Commands for Managing the Switch exit exit Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: exit...
Page 189: Logout
logout logout logout Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: logout...
Page 190: Quit
Commands for Managing the Switch quit quit Description Logs out the session of a current user for CLI or Telnet. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Use this command to log out of a CLI or Telnet session. Example The following command logs out the session of a current user for CLI or Telnet: quit...
Page 191: Show Snmpv3 Context
show snmpv3 context show snmpv3 context show snmpv3 context Description Displays information about the SNMPv3 contexts on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: This command displays the entries in the View-based Access Control Model (VACM) context table (VACMContextTable).
Page 192: Show Snmpv3 Engine-Info
Commands for Managing the Switch show snmpv3 engine-info show snmpv3 engine-info Description Displays information about the SNMPv3 engine on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: The following show engine-info output is displayed: •...
Page 193: Show Management
show management show management show management Description Displays the SNMP settings configured on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines: The following show management output is displayed: • Enable/disable state for Telnet, SNMP, and web access •...
Page 194 Commands for Managing the Switch CLI idle timeouts: disabled CLI Paging: enabled CLI configuration logging: enabled Telnet access: enabled tcp port: 23 Web access: enabled tcp port: 80 Web access login timeout : 30 secs SSH Access: key invalid, disabled tcp port: 22 UDP Echo Server: disabled udp port: 7 SNMP Access:...
Page 195 show management Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 196: Show Odometer
Commands for Managing the Switch show odometer show odometer Description Displays a counter for each component of a switch that shows how long it has been functioning since it was manufactured. Syntax Description This command has no arguments or variables. Default N/A.
Page 197 show odometer History This command was first available in ExtremeWare 6.2.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 198: Show Session
Commands for Managing the Switch show session show session Description Displays the currently active Telnet, console, and web sessions communicating with the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the username and IP address of the incoming Telnet session, show session whether a console session is currently active, and the login time.
Page 199 show session History This command was first available in ExtremeWare 2.0. Support for the CLI Auth command field definition was introduced in ExtremeWare 6.0. Support for the Auth command field definition was introduced in ExtremeWare 4.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 200: Show Snmpv3 Access
Commands for Managing the Switch show snmpv3 access show snmpv3 access {{hex} <group name>} Description Displays SNMPv3 access rights. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. group name Specifies the name of the group to display.
Page 201: Show Snmpv3 Counters
show snmpv3 counters show snmpv3 counters show snmpv3 counters Description Displays SNMPv3 counters. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the following SNMPv3 counters: show snmpv3 counters • snmpUnknownSecurityModels • snmpInvalidMessages • snmpUnknownPDUHandlers •...
Page 202: Show Snmpv3 Filter
Commands for Managing the Switch show snmpv3 filter show snmpv3 filter {{hex} <profile name> {{subtree} <object identifier>} Description Display the filters that belong a filter profile. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 203: Show Snmpv3 Filter-Profile
show snmpv3 filter-profile show snmpv3 filter-profile show snmpv3 filter-profile {{hex} <profile name>} {param {hex} <param name>} Description Display the association between parameter names and filter profiles. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 204: Show Snmpv3 Group
Commands for Managing the Switch show snmpv3 group show snmpv3 group {{hex} <group name> {user {hex} <user name>}} Description Displays the user name (security name) and security model association with a group name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 205: Show Snmpv3 Mib-View
show snmpv3 mib-view show snmpv3 mib-view show snmpv3 mib-view {{hex} <view name> {subtree <object identifier>}} Description Displays a MIB view. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. view name Specifies the name of the MIB view to display.
Page 206: Show Snmpv3 Notify
Commands for Managing the Switch show snmpv3 notify show snmpv3 notify {{hex} <notify name>} Description Display the notifications that are set. This command displays the snmpNotifyTable. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 207: Show Snmpv3 Target-Addr
show snmpv3 target-addr show snmpv3 target-addr show snmpv3 target-addr {{hex} <addr name>} Description Display information about SNMPv3 target addresses. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. addr name Specifies a string identifier for the target address.
Page 208: Show Snmpv3 Target-Addr-Ext
Commands for Managing the Switch show snmpv3 target-addr-ext show snmpv3 target-addr-ext {hex} <addr name> Description Display information about SNMPv3 target addresses enhanced or standard mode. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 209: Show Snmpv3 Target-Params
show snmpv3 target-params show snmpv3 target-params show snmpv3 target-params {{hex} <param name>} Description Display the information about the options associated with the parameter name. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Page 210: Show Snmpv3 User
Commands for Managing the Switch show snmpv3 user show snmpv3 user {{hex} <user name>} Description Displays detailed information about the user. Syntax Description Specifies that the value to follow is to be supplied as a colon separated string of hex octets. user name Specifies the user name to display.
Page 211: Show Sntp-Client
show sntp-client show sntp-client show sntp-client Description Displays the DNS configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Displays configuration and statistics information of SNTP client. Example The following command displays the DNS configuration: show sntp-client Following is the output from this command: SNTP client is enabled...
Page 212 Commands for Managing the Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 213: Show Vlan Dhcp-Address-Allocation
show vlan dhcp-address-allocation show vlan dhcp-address-allocation show vlan <vlan name> dhcp-address-allocation Description Displays DHCP address allocation information about VLANs. Syntax Description vlan name Specifies a VLAN name. Default Summary information for all VLANs on the device. Usage Guidelines Display the IP address, MAC address, and time assigned to each end device. Example The following command displays DHCP address allocation information about VLAN vlan1: show vlan vlan1 dhcp-address-allocation...
Page 214: Show Vlan Dhcp-Config
Commands for Managing the Switch show vlan dhcp-config show vlan <vlan-name> dhcp-config Description Displays the DHCP configuration for a specified VLAN. Syntax Description vlan-name Specifies the name of the VLAN for which the DHCP configuration is to be displayed. If no VLAN name is specified, summary configuration information is shown for all VLANs on the device.
Page 215 show vlan dhcp-config Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 216: Telnet
Commands for Managing the Switch telnet telnet [<ipaddress> | <hostname>] {<port_number>} Description Allows you to Telnet from the current command-line interface session to another host. Syntax Description ipaddress Specifies the IP address of the host. hostname Specifies the name of the host. (4.x and higher) port_number Specifies a TCP port number.
Page 217 telnet History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.x to support the hostname port number parameters. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 218: Unconfigure Management
Commands for Managing the Switch unconfigure management unconfigure management Description Restores default values to all SNMP-related entries. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command restores default values to all SNMP-related entries on the switch: unconfigure management History This command was first available in ExtremeWare 2.0.
Page 219: Commands For Configuring Slots And Ports On A Switch
Commands for Configuring Slots and Ports on a Switch This chapter describes: • Commands related to enabling, disabling, and configuring individual ports • Commands related to configuring port speed (Fast Ethernet ports only) and half- or full-duplex mode • Commands related to creating load-sharing groups on multiple ports •...
Page 220 Commands for Configuring Slots and Ports on a Switch Load sharing is most useful in cases where the traffic transmitted from the switch to the load-sharing group is sourced from an equal or greater number of ports on the switch. For example, traffic transmitted to a two-port load-sharing group should originate from a minimum of two other ports on the same switch.
Page 221: Clear Slot
clear slot clear slot clear slot <slot> Description Clears a slot of a previously assigned module type. Syntax Description slot Specifies a modular switch slot number. Default N/A. Usage Guidelines All configuration information related to the slot and the ports on the module is erased. If a module is present when you issue this command, the module is reset to default settings.
Page 222: Configure Backplane-Ls-Policy
Commands for Configuring Slots and Ports on a Switch configure backplane-ls-policy configure backplane-ls-policy [address-based | port-based | round-robin] Description Selects a load-sharing policy for the backplane on a BlackDiamond switch. Syntax Description address-based Specifies address-based algorithm. port-based Specifies port-based algorithm. round-robin Specifies round-robin algorithm.
Page 223: Configure Ip-Mtu Vlan
configure ip-mtu vlan configure ip-mtu vlan configure ip-mtu <number> vlan <vlan name> Description Sets the maximum transmission unit (MTU) for the VLAN. Syntax Description IP MTU number Specifies the value. Range is from 1500 to 9194. vlan name Specifies a VLAN name. Default The default IP MTU size is 1500.
Page 224 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 225: Configure Jumbo-Frame Size
configure jumbo-frame size configure jumbo-frame size configure jumbo-frame size <number> Description Sets the maximum jumbo frame size for the switch chassis. Syntax Description number Specifies a maximum transmission unit (MTU) size for a jumbo frame. Default The default setting is 9216. Usage Guidelines Jumbo frames are used between endstations that support larger frame sizes for more efficient transfers of bulk data.
Page 226 Commands for Configuring Slots and Ports on a Switch configure jumbo-frame size 5500 History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 227: Configure Mirroring Add
configure mirroring add configure mirroring add configure mirroring add [<mac_address> | vlan <vlan name> {ports <port number>} | ports <portnumber> {vlan <vlan name>}] Description Adds a particular mirroring filter definition on the switch. Syntax Description mac_address Specifies a MAC address. (Supported in versions 2.0 - 4x only) vlan name Specifies a VLAN name.
Page 228 Commands for Configuring Slots and Ports on a Switch For MAC mirroring to work correctly, the MAC address must already be present in the forwarding database (FDB). You need to enable and configure FDB for MAC mirroring to work correctly. See “FDB Commands”...
Page 229: Configure Mirroring Delete
configure mirroring delete configure mirroring delete configure mirroring delete [<mac_address> | vlan <vlan name> {ports <portnumber>} | ports <portnumber> {vlan <vlan name>}] Description Deletes a particular mirroring filter definition on the switch. Syntax Description mac_address Specifies a MAC address. (Supported in versions 4.0 and 6.0 only) vlan name Specifies a VLAN name.
Page 230: Configure Msm-Failover Link-Action
Commands for Configuring Slots and Ports on a Switch configure msm-failover link-action configure msm-failover link-action [keep-links-up {preserve-state [l2 | l2_l3]} | take-links-down] Description Configures external port response when MSM failover occurs. Syntax Description keep-links-up Configures the external ports to not be reset when MSM failover occurs. This option is available on the “i”...
Page 231 configure msm-failover link-action Example The following command prevents external ports from being reset when an MSM failover occurs: configure msm-failover link-action keep-links-up History This command was first available in ExtremeWare 6.2.2. This command was modified to add the preserve-state option in ExtremeWare 7.1.1. Platform Availability This command is available on the BlackDiamond switch only.
Page 232: Configure Msm-Failover Slave-Config
Commands for Configuring Slots and Ports on a Switch configure msm-failover slave-config configure msm-failover slave-config [inherited | flash] Description Configures the slave MSM-3 to inherit the software configuration from the master MSM-3. Syntax Description inherited Specifies that the slave MSM-3 inherits the software configuration maintained by the current master MSM-3 (this supports hitless failover).
Page 233: Configure Msm-Failover Timeout
configure msm-failover timeout configure msm-failover timeout configure msm-failover timeout <time> Description Configures the failover timer. Syntax Description time Specifies the failover time. By default, the failover time is 60 seconds, and the range is 30 to 300 seconds. Default 60 seconds. Usage Guidelines For switch management functions to hitlessly transition between the master and the slave, timer expiration is required.
Page 234: Configure Port Aggregate-Bandwidth Percent
Commands for Configuring Slots and Ports on a Switch configure port aggregate-bandwidth percent configure port <portnumber> aggregate-bandwidth percent <bandwidth> Description Controls the egress bandwidth of a particular port by restricting it to the specified percentage. Syntax Description portnumber Specifies a port or slot and port. bandwidth Specifies a percentage number (1-99) of restricted aggregate bandwidth.
Page 235: Configure Ports
configure ports configure ports configure ports [<portlist> vlan <vlan name> | all] [limit-learning <number> | lock-learning | unlimited-learning | unlock-learning] Description Configures virtual ports for limited or locked MAC address learning. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 236 Commands for Configuring Slots and Ports on a Switch • Broadcast traffic • EDP traffic Traffic from the permanent MAC and any other non-blackholed MACs will still flow from the virtual port. If you configure a MAC address limit on VLANS that have ESRP enabled, you should add an additional back-to-back link (that has no MAC address limit on these ports) between the ESRP-enabled switches.
Page 237 configure ports History This command was first available in ExtremeWare 6.2.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 238: Configure Ports Auto Off
Commands for Configuring Slots and Ports on a Switch configure ports auto off configure ports [<portlist> | all | mgmt] auto off {speed [10 | 100 | 1000]} duplex [half | full] Description Manually configures port speed and duplex setting configuration on one or more ports on a switch. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 239 configure ports auto off For version 6.1: • The parameter specifies all ports on the switch. • The parameter specifies 1000 Mbps ports. 1000 Example The following example turns autonegotiation off for port 4 (a Gigabit Ethernet port) on a stand-alone switch: configure ports 4 auto off duplex full The following example turns autonegotiation off for slot 2, port 1 on a modular switch:...
Page 240: Configure Ports Auto On
Commands for Configuring Slots and Ports on a Switch configure ports auto on configure ports [<portlist> | mgmt | all] auto on Description Enables autonegotiation for the particular port type. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 241 configure ports auto on History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 6.1 to support the parameter. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 242: Configure Ports Auto-Polarity
Commands for Configuring Slots and Ports on a Switch configure ports auto-polarity configure ports [<portlist> | all] auto-polarity [off | on] Description Configures the autopolarity detection feature on the specified Ethernet ports. Syntax Description portlist Specifies one or more ports on the switch. May be in the form 1, 2, 3-5. Specifies all of the ports on the switch.
Page 243: Configure Ports Display-String
configure ports display-string configure ports display-string configure ports [<portlist> | mgmt] display-string <alphanumeric string> Description Configures a user-defined string for a port or group of ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 244: Configure Port Interpacket-Gap
10 Gigabit Ethernet interfaces drop packets when packets are transmitted using a value of 12. Thus, by increasing the Interpacket Gap, packet transmission is slowed and packet loss can be minimized or prevented. The Interpacket Gap value need not be modified when interconnecting Extreme Networks switches over 10 Gigabit Ethernet links.
Page 245: Configure Ports Link-Detection-Level
configure ports link-detection-level configure ports link-detection-level configure ports <portlist> link-detection-level <link-detection-level> Description Configures the link detection level. Syntax Description portlist Specifies one or more primary ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers. May be in the form 1, 2, 3-5, 2:*, 2:5, 2:6-2:8.
Page 246: Configure Ports Redundant
Commands for Configuring Slots and Ports on a Switch configure ports redundant configure ports [<portlist> | <portid>] redundant [<portlist> | <portid>] Description Configures a software-controlled redundant port. Syntax Description portlist Specifies one or more primary ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 247 configure ports redundant • Software redundant ports are not supported on 1000BASE-T ports. Software redundant port only cover failures where both the TX and RX paths fail. If a single strand of fiber is pulled, the software redundant port cannot correctly recover from the failure. Example The following command configures a software-controlled redundant port on a stand-alone switch: configure ports 3 redundant 4...
Page 248: Configure Ports Vdsl
Commands for Configuring Slots and Ports on a Switch configure ports vdsl configure ports <portlist> vdsl [5meg | 10meg | etsi] Description Configures VDSL ports. Syntax Description portlist Specifies one or more slots and ports. Can specify a list of slots and ports, and may be in the form 2:*, 2:5, 2:6-2:8.
Page 249: Configure Sharing Address-Based
configure sharing address-based configure sharing address-based configure sharing address-based [L2 | L2_L3 | L2_L3_L4] Description Configures the part of the packet examined by the switch when selecting the egress port for transmitting load-sharing data. Syntax Description Indicates that the switch should examine the MAC source and destination address.
Page 250: Configure Slot
Commands for Configuring Slots and Ports on a Switch configure slot configure slot <slot> module <module name> Description Configures a slot for a particular I/O module card in a modular switch. Syntax Description slot Specifies the slot number. module name Specifies the type of module for which the slot should be configured.
Page 251 configure slot wm4t1—Specifies a T1 WAN module. (6.1 or later) wm4e1—Specifies an E1 WAN module. wm1t3—Specifies a T3 WAN module. Default If a slot has not been configured for a particular type of I/O module, then any type of module is accepted in that slot, and a default port and VLAN configuration is automatically generated.
Page 252 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on modular switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 253: Disable Edp Ports
Numerical Ranges” or “Stand-alone Switch Numerical Ranges” in Chapter 1. You can use the command to disable EDP on one or more ports when you no disable edp ports longer need to locate neighbor Extreme Networks switches. For version 6.1: • The parameter specifies all ports on the switch.
Page 254 Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was modified in ExtremeWare 6.1 to support the parameter. Platform Availability This command is available on all platforms.
Page 255: Disable Flooding Ports
disable flooding ports disable flooding ports disable flooding ports <portlist> Description Disables packet flooding on one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 256: Disable Jumbo-Frame Ports
Commands for Configuring Slots and Ports on a Switch disable jumbo-frame ports disable jumbo-frame ports [<portlist> | all] Description Disables jumbo frame support on a port. For PoS modules, this command applies to PoS ports when disabling jumbo-frame support changes the negotiated maximum receive unit (MRU) size.
Page 257: Disable Lbdetect Port
disable lbdetect port disable lbdetect port disable lbdetect port <portlist> Description Disables the detection of loops between ports. Syntax Description portlist Specifies one or more ports or slots and ports to be grouped to the master port. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 258: Disable Learning Ports
Commands for Configuring Slots and Ports on a Switch disable learning ports disable learning ports <portlist> Description Disables MAC address learning on one or more ports for security purposes. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 259 disable learning ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 260: Disable Mirroring
Commands for Configuring Slots and Ports on a Switch disable mirroring disable mirroring Description Disables port-mirroring. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines Use the command to stop configured copied traffic associated with one or more disable mirroring ports.
Page 261: Disable Ports
disable ports disable ports disable ports [<portlist> | all] Description Disables one or more ports on the switch. For PoS modules, brings down the PPP link on the specified port and changes the port status LED to blinking green. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 262: Disable Sharing
Commands for Configuring Slots and Ports on a Switch disable sharing disable sharing [<port>] Description Disables a load-sharing group of ports. Syntax Description port Specifies the master port of a load-sharing group. On a modular switch, is a combination of the slot and port number, in the format <slot>:<port>. Default Disabled.
Page 263: Disable Slot
disable slot disable slot disable slot [<slot number> | all] Description Disables one or all slots on a BlackDiamond or Alpine switch, and leaves the blade in a power down state. Syntax Description slot number Specifies the slot to be disabled. Species that all slots in the device should be disabled.
Page 264: Disable Smartredundancy
For a detailed explanation of port specification, see “Modular Switch Numerical Ranges” or “Stand-alone Switch Numerical Ranges” in Chapter 1. Use with Extreme Networks switches that support privacy and backup uplinks. When smartredundancy is disabled, the switch changes the active link only when the current active link becomes inoperable.
Page 265: Enable Edp Ports
EDP is useful when Extreme Networks switches are attached to a port. The EDP is used to locate neighbor Extreme Networks switches and exchange information about switch configuration. When running on a normal switch port, EDP is used to by the switches to exchange topology information with each other.
Page 266 Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 267: Enable Flooding Ports
enable flooding ports enable flooding ports enable flooding ports <portlist> Description Enables packet flooding on one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 268: Enable Jumbo-Frame Ports
Commands for Configuring Slots and Ports on a Switch enable jumbo-frame ports enable jumbo-frame ports [<portlist> | all] Description Enables support on the physical ports that will carry jumbo frames. For PoS modules, enables jumbo-frame support to specific PoS ports when jumbo-frame support changes the negotiated maximum receive unit (MRU) size.
Page 269: Enable Lbdetect Port
enable lbdetect port enable lbdetect port enable lbdetect port <portlist> [retry-timeout<seconds>] Description Enables the system to detect loops between ports. If a port is looped, it disables the port. Every N seconds, it re-enables the port and tries again, unless “none” is specified Syntax Description portlist Specifies one or more ports or slots and ports to be grouped to the master...
Page 270: Enable Learning Ports
Commands for Configuring Slots and Ports on a Switch enable learning ports enable learning ports <portlist> Description Enables MAC address learning on one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 271: Enable Mirroring To Port
enable mirroring to port enable mirroring to port enable mirroring to port [<port>] [tagged | untagged] Description Dedicates a port on the switch to be the mirror output port. Syntax Description port Specifies the port to be the mirror output port. tagged Configures the port as tagged.
Page 272 Commands for Configuring Slots and Ports on a Switch Example The following example selects port 3 as a tagged mirror port on a stand-alone switch: enable mirroring to port 3 tagged The following example selects slot 1, port 3 as the mirror port on a modular switch: enable mirroring to port 1:3 History This command was first available in ExtremeWare 2.0.
Page 273: Enable Ports
enable ports enable ports enable ports [<portlist> | all] Description Enables a port. For PoS modules, enables the PPP link on the specified port, and changes the port status LED to solid green (if no other problems exist). Syntax Description portlist Specifies one or more ports or slots and ports.
Page 274: Enable Sharing Grouping
Load sharing must be enabled on both ends of the link, or a network loop will result. While LACP is based on industry standard, this feature is supported between Extreme Networks switches only. However, it may be compatible with third-party “trunking” or sharing algorithms. Check with an Extreme Networks technical representative for more information.
Page 275 Additionally, you can choose the load-sharing algorithm used by the group. This feature is supported between Extreme Networks switches only, but may be compatible with third-party trunking or link-aggregation algorithms.
Page 276 Commands for Configuring Slots and Ports on a Switch enable sharing 9 grouping 9-12 The following example defines a load-sharing group that contains ports 9 through 12 on slot 3, ports 7 through 10 on slot 5, and uses the first port on slot 3 as the master logical port 9 on a modular switch: enable sharing 3:9 grouping 3:9-3:12, 5:7-5:10 In this example, logical port 3:9 represents physical ports 3:9 through 3:12 and 5:7 through 5:10.
Page 277: Enable Slot
enable slot enable slot enable slot [<slot number> | all] Description Enables one or all slots on a BlackDiamond or Alpine switch. Syntax Description slot number Specifies the slot to be enabled. Species that all slots in the device should be enabled. Default Enabled.
Page 278: Enable Smartredundancy
Commands for Configuring Slots and Ports on a Switch enable smartredundancy enable smartredundancy <portlist> Description Enables the Smart Redundancy feature on the redundant Gigabit Ethernet port. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 279: Restart Ports
restart ports restart ports restart ports [<portlist> Description Resets autonegotiation for one or more ports by resetting the physical link. For PoS modules, causes the PPP link to be renegotiated. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 280: Run Msm-Failover
Commands for Configuring Slots and Ports on a Switch run msm-failover run msm-failover Description Causes a user-specified MSM failover. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command causes a user-specified MSM failover: run msm-failover History This command was first available in ExtremeWare 6.2.2.
Page 281: Show Edp
This is most effective show edp with Extreme Networks switches. Example The following command displays the connectivity and configuration of neighboring Extreme Networks switches: show edp Following is the output from this command:...
Page 282 Commands for Configuring Slots and Ports on a Switch Remote-Vlans: Mgmt(4094, 10.45.208.226) Default(1) MacVlanDiscover(0) History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 283: Show Mirroring
show mirroring show mirroring show mirroring Description Displays the port-mirroring configuration on the switch. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines You must configure mirroring on the switch to display mirroring statistics. Use the show mirroring command to configure mirroring.
Page 284: Show Msm-Failover
— ready—The subsystem has received its state download. In the ready state, it may receive updates to its internal states. — failed—The subsystem encountered a failure. To clear the failure, reboot the slave MSM. — unknown—If this state is displayed, contact Extreme Networks ® Technical Support.
Page 285 show msm-failover After a reboot or insertion of a slave MSM-3, use this command to ensure that the slave is ready before initiating a hitless failover. History This command was first available in ExtremeWare 7.1.1. Platform Availability This command is available on the BlackDiamond switch only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 286: Show Ports Collisions
Commands for Configuring Slots and Ports on a Switch show ports collisions show ports {mgmt | <portlist>} collisions Description Displays real-time collision statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 287 show ports collisions ============================================================================== Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback 0->Clear Counters U->page up D->page down ESC->exit History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms.
Page 288: Show Ports Configuration
Commands for Configuring Slots and Ports on a Switch show ports configuration show ports {mgmt | <portlist>} configuration Description Displays port configuration statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 289 show ports configuration Following is the output from this command: Port Configuration Monitor Thu Oct 24 16:22:08 2002 Port Port Link Auto Speed Duplex Flow Ld Share Media State Status Neg Cfg Actual Cfg Actual Ctrl Master Pri ENABLED R AUTO 1000 AUTO FULL NONE...
Page 290: Show Ports Info
Commands for Configuring Slots and Ports on a Switch show ports info show ports {mgmt | <portlist>} info {detail} Description Displays detailed system-related information. For PoS modules, displays port information that includes new DiffServ and RED configuration parameters. “3” series modules, if you specify the keyword, the output displays the flow control state detail and the ingress QoS profile, ingress IPTOS replacement, and egress rate limiting configurations.
Page 291 show ports info — QoS profiles If you do not specify a port number or range of ports, detailed system-related information is displayed for all ports. The data is displayed in a table format. On a modular switch, can be a list of slots and ports. On a stand-alone switch, <portlist>...
Page 292 Commands for Configuring Slots and Ports on a Switch Flags: (a) Load Sharing Algorithm address-based, (d) DLCS Enabled (D) Port Disabled, (dy) Dynamic Load Sharing (e) Extreme Discovery Protocol Enabled, (E) Port Enabled (f) Flooding Enabled, (g) Egress TOS Enabled, (G) SLB GoGo Mode (h) Hardware Redundant Phy, (j) Jumbo Frame Enabled (l) Load Sharing Enabled, (m) MAC Learning Enabled (n) Ingress TOS Enabled, (o) Dot1p Vlan Priority Replacement Enabled...
Page 293 show ports info 08->QP2 09->QP2 10->QP2 11->QP2 12->QP2 13->QP2 14->QP2 15->QP2 16->QP3 17->QP3 18->QP3 19->QP3 20->QP3 21->QP3 22->QP3 23->QP3 24->QP4 25->QP4 26->QP4 27->QP4 28->QP4 29->QP4 30->QP4 31->QP4 32->QP5 33->QP5 34->QP5 35->QP5 36->QP5 37->QP5 38->QP5 39->QP5 40->QP6 41->QP6 42->QP6 43->QP6 44->QP6 45->QP6 46->QP6 47->QP6 48->QP7 49->QP7 50->QP7 51->QP7 52->QP7 53->QP7 54->QP7 55->QP7 56->QP8 57->QP8 58->QP8 59->QP8 60->QP8 61->QP8 62->QP8 63->QP8 Egress IPTOS:...
Page 294: Show Ports Packet
Commands for Configuring Slots and Ports on a Switch show ports packet show ports {mgmt | <portlist>} packet Description Displays a histogram of packet statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 295 show ports packet =============================================================================== Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback 0->Clear Counters U->page up D->page down ESC->exit History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms.
Page 296: Show Ports Sharing
Commands for Configuring Slots and Ports on a Switch show ports sharing show ports <portlist> sharing Description Displays port loadsharing groups. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 297 show ports sharing Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 298: Show Ports Utilization
Commands for Configuring Slots and Ports on a Switch show ports utilization show ports {mgmt | <portlist>} utilization Description Displays real-time port utilization information. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports.
Page 299 show ports utilization The following examples show the output from the show ports utilization command for all ports on the switch. The three displays show the information presented when you use the spacebar to toggle through the display types. The first display shows utilization in terms of packets: Link Utilization Averages Wed Jan 23 21:29:45 2002 Port...
Page 300 Commands for Configuring Slots and Ports on a Switch History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 301: Show Ports Vlan Info
show ports vlan info show ports vlan info show ports <portlist> vlan info Description Displays port VLAN information. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 302 Commands for Configuring Slots and Ports on a Switch Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 303: Show Sharing Address-Based
show sharing address-based show sharing address-based show sharing address-based Description Displays the address-based load sharing configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This feature is available using the address-based load-sharing algorithm only. The address-based load-sharing algorithm uses addressing information to determine which physical port in the load-sharing group to use for forwarding traffic out of the switch.
Page 304: Show Slot
Commands for Configuring Slots and Ports on a Switch show slot show slot <slot number> Description Displays the slot-specific information. For ARM, ATM, MPLS, PoS, and WAN modules, displays information that includes data about the software images loaded on the module, as well as status information on the module’s processors. Syntax Description slot number Specifies a slot on a modular switch.
Page 305 show slot As the module progresses through its initialization, the command displays the show slot <slot> general purpose processor (GPP) subsystem change state to OPERATIONAL, and then each of the network processors will change state to OPERATIONAL. When the GPP subsystem completes its initialization cycle and the subsystem state is OPERATIONAL, use the command to check the results of the show diagnostics {<slot>}...
Page 306 Commands for Configuring Slots and Ports on a Switch Link Active: Link Down: 01 02 03 04 05 06 07 08 09 10 11 12 Slot 4 information: State: Operational Network Processor 1 : Operational Network Processor 2 : Operational General Purpose Proc: Operational Serial number: 701039-04-0128F07843...
Page 307 show slot Configured Type: Not configured Slot 8 information: State: Empty HW Module Type: Empty Configured Type: Not configured History This command was first available in ExtremeWare 4.0. This command was modified in ExtremeWare 6.1 to support PoS modules. This command was modified in ExtremeWare 7.0.0 to support WAN modules. Platform Availability This command is available on modular switches only.
Page 308: Unconfigure Msm-Failover
Commands for Configuring Slots and Ports on a Switch unconfigure msm-failover unconfigure msm-failover Description Disables hitless failover. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines The following occurs after you execute this command: • The external ports are reset when an MSM failover occurs •...
Page 309: Unconfigure Port Aggregate-Bandwidth
unconfigure port aggregate-bandwidth unconfigure port aggregate-bandwidth unconfigure port <portnumber> aggregate-bandwidth Description Restores the egress bandwidth of a particular port to 100%. Syntax Description portnumber Specifies a port or slot and port. Default None. Usage Guidelines None. Example The following command restores the egress bandwidth of port 3 on slot 1 to 100%. unconfigure port 1:3 aggregate-bandwidth History This command was first available in ExtremeWare 7.3.0...
Page 310: Unconfigure Ports Display String
Commands for Configuring Slots and Ports on a Switch unconfigure ports display string unconfigure ports <portlist> display-string Description Clears the user-defined display string from one or more ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 311: Unconfigure Ports Redundant
unconfigure ports redundant unconfigure ports redundant unconfigure ports [<portlist> | <port id>] redundant Description Clears a previously configured software-controlled redundant port. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 312: Unconfigure Slot
Commands for Configuring Slots and Ports on a Switch unconfigure slot unconfigure slot <slot number> Description Clears a slot of a previously assigned module type. Syntax Description slot number Specifies a slot on a modular switch. Default N/A. Usage Guidelines None.
Page 313: Chapter 5 Vlan Commands
VLAN Commands This chapter describes the following commands: • Commands for creating and deleting VLANs and performing basic VLAN configuration • Commands for defining protocol filters for use with VLANs • Commands for enabling or disabling the use of Generic VLAN Registration Protocol (GVRP) information on a switch and its ports VLANs can be created according to the following criteria: •...
Page 314: Configure Dot1Q Ethertype
Use this command if you need to communicate with a switch that supports 802.1Q, but uses an Ethertype value other than 8100. This feature is useful for VMAN tunneling. Extreme Networks recommends the use of IEEE registered ethertype 0x88a8 for deploying vMANs.
Page 315: Configure Gvrp
configure gvrp configure gvrp configure gvrp {listen | send | both | none} port <portlist> Description Configures the sending and receiving of Generic VLAN Registration Protocol (GVRP) information on a port. Syntax Description listen Enables the receipt of GVRP packets on the specified port(s). send Enables sending of GVRP packets on the specified port(s).
Page 316 VLAN Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 317: Configure Mac-Vlan Add Mac-Address
configure mac-vlan add mac-address configure mac-vlan add mac-address configure mac-vlan add mac-address [any | <mac_address>] mac-group [any | <group_number>] vlan <vlan name> Description Adds a MAC address as a potential member of a MAC-based VLAN. Syntax Description mac_address The MAC address to be added to the specified VLAN. Specified in the form nn:nn:nn:nn:nn:nn.
Page 318 VLAN Commands History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 319: Configure Mac-Vlan Delete
configure mac-vlan delete configure mac-vlan delete configure mac-vlan delete [all | mac-address [<mac_address> | any]] Description Removes a MAC address from any MAC-based VLANs with which it was associated. Syntax Description Indicates that all MAC addresses should be removed from all VLANs. mac_address The MAC address to be removed.
Page 320: Configure Ports Monitor Vlan
VLAN Commands configure ports monitor vlan configure ports <portlist> monitor vlan <vlan name> Description Configures VLAN statistic monitoring on a per-port basis. Syntax Description portlist Specifies one or more ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. vlan name Specifies a VLAN name.
Page 321: Configure Protocol Add
configure protocol add configure protocol add configure protocol <protocol_name> add <protocol_type> <hex_value> {<protocol_type> <hex_value>} ... Description Configures a user-defined protocol filter. Syntax Description protocol_name Specifies a protocol filter name. protocol_type Specifies a protocol type. Supported protocol types include: • etype – IEEE Ethertype. •...
Page 322: Configure Protocol Delete
VLAN Commands configure protocol delete configure protocol <protocol_name> delete <protocol_type> <hex_value> {<protocol_type> <hex_value>} ... Description Deletes the specified protocol type from a protocol filter. Syntax Description protocol_name Specifies a protocol filter name. protocol_type Specifies a protocol type. Supported protocol types include: •...
Page 323: Configure Vlan Add Member-Vlan
configure vlan add member-vlan configure vlan add member-vlan configure vlan <translation vlan name> add member-vlan <vlan name> Description Adds a member VLAN to a translation VLAN. Syntax Description translation vlan name Specifies a translation VLAN. vlan name Specifies a VLAN to add to the translation VLAN. Default N/A.
Page 324: Configure Vlan Add Ports
VLAN Commands configure vlan add ports configure vlan <vlan name> add ports <portlist> {tagged | untagged} {nobroadcast} {soft-rate-limit} Description Adds one or more ports in a VLAN. Syntax Description vlan name Specifies a VLAN name. portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 325 configure vlan add ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 326: Configure Vlan Add Ports Loopback-Vid
VLAN Commands configure vlan add ports loopback-vid configure vlan <vlan name> add ports <portlist> loopback-vid <vlan-id> Description Adds a loopback port to a VLAN. Syntax Description vlan name Specifies a VLAN name. port Specifies a loopback port for the VLAN. vlan-id Specifies a unique loopback VLAN tag.
Page 327: Configure Vlan Add Secondary-Ip
configure vlan add secondary-ip configure vlan add secondary-ip configure vlan <vlan-name> add secondary-ip <sec-ip-address> {<sec-ip-mask> | <mask-length>} Description Configures the secondary IP address for the selected VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be configured. add-secondary-ip Specifies that the secondary IP address is to be configured.
Page 328 VLAN Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 329: Configure Vlan Delete Member-Vlan
configure vlan delete member-vlan configure vlan delete member-vlan configure vlan <translation vlan name> delete member-vlan [<vlan name> | all] Description Deletes a member VLAN from a translation VLAN. Syntax Description translation vlan name Specifies a translation VLAN. vlan name Specifies a VLAN to add to the translation VLAN. Default N/A.
Page 330: Configure Vlan Delete Port
VLAN Commands configure vlan delete port configure vlan <vlan name> delete port <portlist> Description Deletes one or more ports in a VLAN. Syntax Description vlan name Specifies a VLAN name. portlist A list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
Page 331: Configure Vlan Delete Secondary-Ip
configure vlan delete secondary-ip configure vlan delete secondary-ip configure vlan <vlan-name> delete secondary-ip {<sec-ip-address> | all} Description Deletes a secondary IP address from the specified VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be configured. delete secondary-ip Specifies that a secondary IP address is to be deleted.
Page 332: Configure Vlan Ipaddress
VLAN Commands configure vlan ipaddress configure vlan <vlan name> ipaddress <ipaddress> {<netmask> | <mask length>} Description Assigns an IP address and an optional subnet mask to the VLAN. Syntax Description vlan name Specifies a VLAN name. ipaddress Specifies an IP address. netmask Specifies a subnet mask in dotted-quad notation (e.g.
Page 333: Configure Vlan Name
configure vlan name configure vlan name configure vlan <old_name> name <new_name> Description Renames a previously configured VLAN. Syntax Description old_name Specifies the current (old) VLAN name. new_name Specifies a new name for the VLAN. Default N/A. Usage Guidelines You cannot change the name of the default VLAN “Default” Example The following command renames VLAN vlan1 to engineering: configure vlan vlan1 name engineering...
Page 334: Configure Vlan Protocol
VLAN Commands configure vlan protocol configure vlan <vlan name> protocol [<protocol_name> | any] Description Configures a VLAN to use a specific protocol filter. Syntax Description vlan name Specifies a VLAN name. protocol_name Specifies a protocol filter name. This can be the name of a predefined protocol filter, or one you have defined.
Page 335: Configure Vlan Tag
configure vlan tag configure vlan tag configure vlan <vlan name> tag <vlan tag> Description Assigns a unique 802.1Q tag to the VLAN. Syntax Description vlan name Specifies a VLAN name. vlan tag Specifies a value to use as an 802.1Q tag. The valid range is from 2 to 4,095. Default The default VLAN uses an 802.1Q tag (and an internal VLANid) of 1.
Page 336: Create Protocol
VLAN Commands create protocol create protocol <protocol_name> Description Creates a user-defined protocol filter. Syntax Description protocol_name Specifies a protocol filter name. The protocol filter name can have a maximum of 31 characters. Usage Guidelines Protocol-based VLANs enable you to define packet filters that the switch can use as the matching criteria to determine if a particular packet belongs to a particular VLAN.
Page 337: Create Vlan
create vlan create vlan create vlan <vlan name> Description Creates a named VLAN. Syntax Description vlan name Specifies a VLAN name (up to 32 characters). Default A VLAN named Default exists on all new or initialized Extreme switches: • It initially contains all ports on a new or initialized switch, except for the management port(s), if there are any.
Page 338 VLAN Commands Example The following command creates a VLAN named accounting: create vlan accounting History This command was first available in ExtremeWare 1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 339: Delete Protocol
delete protocol delete protocol delete protocol <protocol_name> Description Deletes a user-defined protocol. Syntax Description protocol_name Specifies a protocol name. Default N/A. Usage Guidelines If you delete a protocol that is in use by a VLAN, the protocol associated with than VLAN will become “None.”...
Page 340: Delete Vlan
VLAN Commands delete vlan delete vlan <vlan name> Description Deletes a VLAN. Syntax Description vlan name Specifies a VLAN name. Default N/A. Usage Guidelines If you delete a VLAN that has untagged port members, and you want those ports to be returned to the default VLAN, you must add them back explicitly using the command.
Page 341: Disable Gvrp
disable gvrp disable gvrp disable gvrp Description Disables the Generic VLAN Registration Protocol (GVRP). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command globally disables GVRP functionality on the switch. It does not change the GVRP configuration of individual ports, but GVRP will no longer function on these ports.
Page 342: Disable Mac-Vlan Port
VLAN Commands disable mac-vlan port disable mac-vlan port <portlist> Description Disables a port from using the MAC-based VLAN algorithm. Syntax Description portlist A list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
Page 343: Enable Gvrp
enable gvrp enable gvrp enable gvrp Description Enables the Generic VLAN Registration Protocol (GVRP). Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines The GVRP protocol allows switches to automatically discover some of the VLAN information that would otherwise have to be manually configured in each switch.
Page 344: Enable Mac-Vlan Mac-Group Port
VLAN Commands enable mac-vlan mac-group port enable mac-vlan mac-group [any | <group_number>] port <portlist> Description Enables a port to use the MAC-based VLAN algorithm. Syntax Description group_number A group number that should be associated with a specific set of ports. Specified as an integer.
Page 345: Show Gvrp
show gvrp show gvrp show gvrp Description Displays the current configuration and status of GVRP. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines GVRP is not supported in ExtremeWare version 6.1 or later. Example The following shows results of this command: GVRP running (866422): JoinTime 20 LeaveTime 200...
Page 346: Show Mac-Vlan
VLAN Commands show mac-vlan show mac-vlan {configuration | database} Description Displays the MAC-based VLAN configuration and MAC address database content. Syntax Description configuration Specifies display of the MAC-based VLAN configuration only. database Specifies display of the MAC address database content only. Default Shows both configuration and database information.
Page 347: Show Protocol
show protocol show protocol show protocol {<protocol>} Description Displays protocol filter definitions. Syntax Description protocol Specifies a protocol filter name. Default Displays all protocol filters. Usage Guidelines Displays the defined protocol filter(s) with the types and values of its component protocols. Example The following is an example of the command:...
Page 348: Show Vlan
VLAN Commands show vlan show vlan {<vlan name> | detail | stats {vlan} <vlan-name>} Description Displays configuration information about specified VLANs. Syntax Description vlan-name Specifies the name of the VLAN whose configuration is to be displayed. detail Specifies that detailed information should be displayed for each VLAN. stats Specifies a real-time display of utilization statistics (packets transmitted and received) for a specific VLAN.
Page 349 show vlan Example The following is an example of the command: show vlan MSM64:1 # show vlan Name Protocol Addr Flags Proto Ports Default 0.0.0.0 /BP -----T-------- ANY MacVlanDiscover 4095 ------------------ ------ Mgmt 4094 10.5.4.80 /24 -------------- ANY 4093 192.168.11.1 /24 ------f------- ANY 4092 192.168.12.1 /24 ------f------- ANY...
Page 350 VLAN Commands Priority: 802.1P Priority 7 10.222.0.2/255.255.255.0 STPD: s0(Disabled,Auto-bind) Protocol: Match all unfiltered protocols. Loopback: Disable RateShape: Disable QosProfile:QP1 QosIngress:IQP1 Ports: (Number of active ports=4) Flags: * - Active, ! - Disabled B - BcastDisabled, R - RateLimited, L - Loopback (g) Load Share Group, (c) Cross Module Trunk Untag: *1:25...
Page 351: Unconfigure Ports Monitor Vlan
unconfigure ports monitor vlan unconfigure ports monitor vlan unconfigure ports <portlist> monitor vlan <vlan name> Description Removes port-based VLAN monitoring. Syntax Description portlist Specifies one or more ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. vlan name Specifies a VLAN name.
Page 352: Unconfigure Vlan Ipaddress
VLAN Commands unconfigure vlan ipaddress unconfigure vlan <vlan name> ipaddress Description Removes the primary IP address of a VLAN. Syntax Description vlan-name Specifies the name of the VLAN for which the primary IP address is to be unconfigured. ip-address Specifies that the VLAN primary IP address is to be cleared. Default N/A.
Page 353: Fdb Commands
FDB Commands This chapter describes commands for: • Configuring FDB entries • Displaying FDB entries • Configuring and enabling FDB scanning The switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered. Each FDB entry consists of the MAC address of the device, an identifier for the port on which it was received, and an identifier for the VLAN to which the device belongs.
Page 354: Clear Fdb
FDB Commands clear fdb clear fdb {<mac_address> | blackhole | ports <portlist> | remap | vlan <vlan name>} Description Clears dynamic FDB entries that match the filter. Syntax Description mac_address Specifies a MAC address, using colon-separated bytes. blackhole Specifies the blackhole entries. portlist Specifies one or more ports.
Page 355 clear fdb The following command clears any FDB entries associated with VLAN corporate: clear fdb vlan corporate The following command clears all questionable and remapped entries from the FDB: clear fdb remap History This command was available in ExtremeWare 2.0. The command was modified in ExtremeWare 6.2.1 to support the broadcast-mac keyword and to support clearing locked-static entries.
Page 356: Configure Fdb Agingtime
FDB Commands configure fdb agingtime configure fdb agingtime <seconds> Description Configures the FDB aging time for dynamic entries. Syntax Description seconds Specifies the aging time in seconds. Range is 15 through 1,000,000. A value of 0 indicates that the entry should never be aged out. Default 300 seconds.
Page 357: Configure Fdb-Scan Failure-Action
configure fdb-scan failure-action configure fdb-scan failure-action configure fdb-scan failure-action [log | sys-health-check] Description Configures the action the switch takes if too many failures are detected within the specified FDB scan period. Syntax Description Specifies that messages are sent to the syslog. sys-health-check Specifies the configured system health check action is taken.
Page 358 FDB Commands This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 359: Configure Fdb-Scan Period
Do you wish to do this? (yes, no, cancel) 06/19/2003 10:29.28 <INFO:SYST> serial admin: configure fdb-scan period 1 Extreme Networks recommends an interval period of at least 15 seconds. This setting is independent of and does not affect the system health check configurations.
Page 360: Create Fdbentry Vlan Blackhole
FDB Commands create fdbentry vlan blackhole create fdbentry <mac_address> vlan <vlan name> blackhole {source-mac | dest-mac | both} Description Creates a blackhole FDB entry. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes. vlan name Specifies a VLAN name associated with a MAC address. blackhole Configures the MAC address as a blackhole entry.
Page 361 create fdbentry vlan blackhole Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 362: Create Fdbentry Vlan Dynamic
FDB Commands create fdbentry vlan dynamic create fdbentry [<mac_address> | broadcast-mac | any-mac] vlan <vlan name> dynamic [qosprofile <qosprofile> {ingress-qosprofile <inqosprofile>} | ingress-qosprofile <inqosprofile> {qosprofile <qosprofile>}] Description Creates a permanent dynamic FDB entry, and associates it with an ingress and/or egress QoS profile. Syntax Description mac_address Specifies a device MAC address, using colon separated bytes.
Page 363 create fdbentry vlan dynamic • A port goes down (link down). Using the keyword, you can enable traffic from a QoS VLAN to have higher priority than any-mac 802.1p traffic. Normally, an 802.1p packet has a higher priority over the VLAN classification. To use this feature, you must create a wildcard permanent FDB entry named and apply the QoS profile to any-mac...
Page 364: Create Fdbentry Vlan Ports
FDB Commands create fdbentry vlan ports create fdbentry <mac_address> vlan <vlan name> ports [<portlist> | all] {qosprofile <qosprofile>} {ingress-qosprofile <inqosprofile>} Description Creates a permanent static FDB entry, and optionally associates it with an ingress and/or egress QoS profile. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes.
Page 365 create fdbentry vlan ports Permanent static entries are designated by “spm” in the flags field of the output. You can use show fdb command to display permanent FDB entries, including their QoS profile show fdb permanent associations. Example The following example adds a permanent, static entry to the FDB for MAC address is 00 E0 2B 12 34 56, in VLAN marketing on port 4: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 4 History...
Page 366: Delete Fdbentry
FDB Commands delete fdbentry delete fdbentry [[<mac_address> | broadcast-mac] vlan <vlan name> | all] Description Deletes one or all permanent FDB entries. Syntax Description mac_address Specifies a device MAC address, using colon-separated bytes. broadcast-mac Specifies the broadcast MAC address. May be used as an alternate to the colon-separated byte form of the address ff:ff:ff:ff:ff:ff.
Page 367: Disable Fdb-Scan
disable fdb-scan disable fdb-scan disable fdb-scan [all | slot {{backplane} | <slot number> | msm-a | msm-b}] Description Disables FDB scanning on a stand-alone switch or on a per slot or backplane basis on a modular switch. Syntax Description Specifies all of the slots in the chassis. This is available on modular switches only.
Page 368 FDB Commands History This command was first available in ExtremeWare 6.2.2b108. The default for this command was changed to disabled in ExtremeWare 6.2.2b134. This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
Page 369: Enable Fdb-Scan
enable fdb-scan enable fdb-scan enable fdb-scan [all | slot {{backplane} | <slot number> | msm-a | msm-b}] Description Enables FDB scanning on a stand-alone switch or on a per slot or backplane basis on a modular switch. Syntax Description Specifies all of the slots in the chassis. This is available on modular switches only.
Page 370 FDB Commands History This command was first available in ExtremeWare 6.2.2b108. The default for this command was changed to disabled in ExtremeWare 6.2.2b134 This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on all platforms.
Page 371: Run Fdb-Check
run fdb-check run fdb-check run fdb-check [index <bucket> <entry> | [<mac_address> | broadcast-mac] {<vlan name>}] {extended} {detail} Description Checks MAC FDB entries for consistency. Syntax Description bucket Specifies the bucket portion of the FDB hash index. entry Specifies the entry portion of the FDB hash index. mac-address Specifies a MAC address (hex octet).
Page 372 FDB Commands History This command was first available in ExtremeWare 6.1.9 This command was modified in ExtremeWare 6.2.1 to support the keyword. broadcast-mac Platform Availability This command is available on all platforms. option is available on the Black Diamond 6800 chassis-based system only. extended ExtremeWare Software 7.3.0 Command Reference Guide...
Page 373: Show Fdb
show fdb show fdb show fdb {<mac_address> | broadcast-mac | permanent | ports <portlist> | remap | vlan <vlan name>} Description Displays FDB entries. Syntax Description mac_address Specifies a MAC address, using colon-separated bytes, for which FDB entries should be displayed. broadcast-mac Specifies the broadcast MAC address.
Page 374 FDB Commands Flags Flags that define the type of entry: • B - Egress Blackhole • b - Ingress Blackhole • d - Dynamic • s - Static • p - Permanent • m - MAC • S - secure MAC •...
Page 375 show fdb Total: 33 Static: 16 Perm: 0 Locked: 0 Secure: 0 Dynamic: 17 Dropped: 0 Questionable: 0 Remapped: 0 FDB Aging time: 300 seconds The following command displays information about the permanent entries in the FDB: show fdb permanent It produces output similar to the following: EQP IQP Index Vlan...
Page 376: Unconfigure Fdb-Scan Failure-Action
FDB Commands unconfigure fdb-scan failure-action unconfigure fdb-scan failure-action Description Returns the switch to its default of sending FDB scan messages to the syslog if too many failures are detected within the specified scan period. Syntax Description The command has no arguments or variables. Default N/A.
Page 377: Unconfigure Fdb-Scan Period
unconfigure fdb-scan period unconfigure fdb-scan period unconfigure fdb-scan period Description Returns the FDB scan interval to the factory default of 30 seconds. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This setting is independent of and does not affect the system health check configurations. Example The following command returns the FDB scan interval to 30 seconds: unconfigure fdb-scan period...
Page 378 FDB Commands ExtremeWare Software 7.3.0 Command Reference Guide...
Page 379: Chapter 7 Qos Commands
QoS Commands This chapter describes the following commands: • Commands for configuring Quality of Service (QoS) profiles • Commands creating traffic groupings and assigning the groups to QoS profiles • Commands for configuring, enabling and disabling explicit class-of-service traffic groupings (802.1p and Diffserv) •...
Page 380 QoS Commands • Traffic grouping—A method of classifying or grouping traffic that has one or more attributes in common. • QoS policy—The combination that results from assigning a QoS profile to a traffic grouping. QoS profiles are assigned to traffic groupings to modify switch-forwarding behavior. When assigned to a traffic grouping, the combination of the traffic grouping and the QoS profile comprise an example of a single policy that is part of Policy-Based QoS.
Page 381: Clear Dlcs
clear dlcs clear dlcs clear dlcs Description Clears all learned DLCS data. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines If the IP address of an end-station changes, and the end-station is not immediately rebooted, the old host-to-IP mapping is not deleted.
Page 382: Configure Diffserv Examination Code-Point Qosprofile Ports
QoS Commands configure diffserv examination code-point qosprofile ports configure diffserv examination code-point <code_point> qosprofile <qosprofile> ports [<portlist> | all] {low-drop-probability | high-drop-probability} Description Configures the default ingress Diffserv code points (DSCP) to QoS profile mapping. Syntax Description code_point Specifies a DiffServ code point (a 6-bit value in the IP-TOS byte in the IP header).
Page 383 configure diffserv examination code-point qosprofile ports with the weighted RED (WRED) implementation provided by SONET ports. This implementation supports two different drop probabilities; one for DSCPs designated as having low drop-probability and another for DSCPs designated as having high drop-probability. These keywords enable complete flexibility in assigning DSCPs to the two different drop-probability levels.
Page 384: Configure Diffserv Replacement Priority
QoS Commands configure diffserv replacement priority configure diffserv replacement priority <value> code-point <code_point> ports [<portlist> | all] Description Configures the default egress Diffserv replacement mapping. Syntax Description value Specifies the 802.1p priority value. code_point Specifies a 6-bit value to be used as the replacement code point in the IP-TOS byte in the IP header.
Page 385 configure diffserv replacement priority History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 386: Configure Dot1P Type
QoS Commands configure dot1p type configure dot1p type <dot1p_priority> qosprofile <qosprofile> Description Configures the default QoS profile to 802.1p priority mapping. Syntax Description dot1p_priority Specifies the 802.1p priority value. The value is an integer between 0 and 7. qosprofile Specifies a QoS profile. Default N/A.
Page 387: Configure Ports Qosprofile
configure ports qosprofile configure ports qosprofile configure ports <portlist> qosprofile <qosprofile> Description Configures one or more ports to use a particular QoS profile. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 388: Configure Qosprofile
QoS Commands configure qosprofile configure qosprofile <qosprofile> minbw <min_percent> maxbw <max_percent> priority <level> {[minbuf <percent> maxbuf <number> [K | M] | maxbuff <number> [K | M] | <portlist>]} Description Modifies the default QoS profile parameters. Syntax Description qosprofile Specifies a QoS profile name. min_percent Specifies a minimum bandwidth percentage for this queue.
Page 389 configure qosprofile For ExtremeWare 4.0: • Only four priority levels are available (low, normal, medium, and high). Example The following command configures the QoS profile parameters of QoS profile qp5 for specific ports on an “i” series switch: configure qosprofile qp5 minbw 10% maxbw 80% priority highHi ports 5-7 The following command configures the buffer size for QoS profile qp5 on an “i”...
Page 390: Configure Qostype Priority
QoS Commands configure qostype priority configure qostype priority [source-mac | dest-mac | access-list | vlan | diffserv | dot1p] <priority> Description Configures the priority of the specified QoS traffic grouping. Syntax Description source-mac Specifies the priority of traffic groupings based on FDB source MAC addresses.
Page 391 configure qostype priority Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 392: Configure Red Drop-Probability
QoS Commands configure red drop-probability configure red drop-probability <percent> Description Configures the Random Early Detect (RED) drop-probability. Syntax Description percent Specifies the RED drop probability as a percentage. Range is 0 -100. Default N/A. Usage Guidelines When the switch detects that traffic is filling up in any of the eight hardware queues, it performs a random discard on subsequent packets, based on the configured RED drop-probability.
Page 393: Configure Vlan Priority
configure vlan priority configure vlan priority configure vlan <vlan name> priority <priority> Description Configures the 802.1p priority value for traffic generated on the switch. Syntax Description vlan name Specifies a VLAN name. priority Specifies the 802.1p priority value. The value is an integer between 0 and 7. Default N/A.
Page 394: Configure Vlan Qosprofile
QoS Commands configure vlan qosprofile configure vlan <vlan name> qosprofile <qosprofile> Description Configures a VLAN to use a particular QoS profile. Syntax Description vlan name Specifies a VLAN name. qosprofile Specifies a QoS profile. Default N/A. Usage Guidelines Extreme switches support eight QoS profiles (QP1 - QP8). Example The following command configures VLAN accounting to use QoS profile QP3: configure vlan accounting qosprofile QP3...
Page 395: Disable Diffserv Examination Ports
disable diffserv examination ports disable diffserv examination ports disable diffserv examination ports [<portlist> | all] Description Disables the examination of the Diffserv field in an IP packet. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 396: Disable Diffserv Replacement Ports
QoS Commands disable diffserv replacement ports disable diffserv replacement ports [<portlist> | all] Description Disables the replacement of diffserv code points in packets transmitted by the switch. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 397: Disable Dlcs
disable dlcs disable dlcs disable dlcs {fast-ethernet-ports | ports [all | <port_number>]} Description This command disables WINS snooping for ports on this switch. Syntax Description fast-ethernet-ports Specifies that WINS packet snooping should be disabled on all Fast Ethernet ports. All specifies that WINS packet snooping should be disabled on all ports. port_number Specifies a port on which WINS packet snooping should be disabled.
Page 398: Disable Dot1P Replacement Ports
QoS Commands disable dot1p replacement ports disable dot1p replacement ports [<portlist> | all] Description Disables the ability to overwrite 802.1p priority values for a given set of ports. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 399: Disable Qosmonitor
disable qosmonitor disable qosmonitor disable qosmonitor Description Disables the QoS monitoring capability. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command disables QoS monitoring: disable qosmonitor History This command was available in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
Page 400: Disable Red Ports
QoS Commands disable red ports disable red ports <portlist> Description Disables Random Early Detection (RED) on the specified ports. Syntax Description portlist Specifies the port number(s). May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Disabled. Usage Guidelines None.
Page 401: Enable Diffserv Examination Ports
enable diffserv examination ports enable diffserv examination ports enable diffserv examination ports [<portlist> | all] Description Enables the Diffserv field of an ingress IP packet to be examined in order to select a QoS profile. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 402: Enable Diffserv Replacement Ports
QoS Commands enable diffserv replacement ports enable diffserv replacement ports [<portlist> | all] Description Enables the diffserv code point to be overwritten in packets transmitted by the switch. Syntax Description portlist Specifies a list of ports or slots and ports to which the parameters apply. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 403: Enable Dlcs
enable dlcs enable dlcs enable dlcs {fast-ethernet-ports | ports [all | <port_number>]} Description This command enables WINS snooping for ports on the switch. Syntax Description fast-ethernet-ports Specifies that WINS packets should be snooped on all Fast Ethernet ports. Specifies that WINS packets should be snooped on all ports. port_number Specifies a port on which WINS packets are to be snooped.
Page 404: Enable Dot1P Replacement Ports
QoS Commands enable dot1p replacement ports enable dot1p replacement ports [<portlist> | all] Description Allows the 802.1p priority field to be overwritten on egress according to the QoS profile to 802.1p priority mapping for a given set of ports. Syntax Description portlist Specifies a list of ports or slots and ports.
Page 405 enable dot1p replacement ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 406: Enable Qosmonitor
QoS Commands enable qosmonitor enable qosmonitor {port <port>} Description Enables the QoS monitoring capability on the switch. Syntax Description port Specifies a port. Default Disabled. Usage Guidelines When no port is specified, the QoS monitor automatically samples all the ports and records the sampled results.
Page 407: Enable Red Ports
enable red ports enable red ports enable red ports <portlist> Description Enables Random Early Detection (RED) on a port. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 408: Show Dlcs
QoS Commands show dlcs show dlcs Description Displays the status of DLCS (enabled or disabled) and the status of ports that are snooping WINS packets. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays DLCS status and data from the switch: show dlcs It produces output such as the following:...
Page 409: Show Dot1P
show dot1p show dot1p show dot1p Description Displays the 802.1p-to-QoS profile mappings. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current 802.1p-to-QoS mappings on the switch: show dot1p Following is the output from this command: 802.1p Priority Value QOS Profile...
Page 410: Show Ports Qosmonitor
QoS Commands show ports qosmonitor show ports {mgmt | <portlist>} qosmonitor {egress | ingress} {discards} Description Displays real-time QoS statistics for egress packets on one or more ports. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port.
Page 411 show ports qosmonitor 0->Clear Counters U->page up D->page down R->rate screen ESC->exit History This command was available in ExtremeWare 2.0. This command was updated to support PoS in Extreme 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 412: Show Qosprofile
QoS Commands show qosprofile show qosprofile {<qosprofile>} {port <portlist>} Description Displays QoS information on the switch. Syntax Description <qosprofile> Specifies a QoS profile name. portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 413 show qosprofile Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 414: Show Qostype Priority
QoS Commands show qostype priority show qostype priority Description Displays QoS traffic grouping priority settings. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the QoS traffic grouping priority settings for this switch: show qostype priority History This command was first available in ExtremeWare 6.2.
Page 415: Unconfigure Diffserv Examination Ports
unconfigure diffserv examination ports unconfigure diffserv examination ports unconfigure diffserv examination ports [<portlist> | all] Description Removes the Diffserv examination code point from a port. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 416: Unconfigure Diffserv Replacement Ports
QoS Commands unconfigure diffserv replacement ports unconfigure diffserv replacement ports [<portlist> | all] Description Removes the diffserv replacement mapping from a port. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 417: Unconfigure Qostype Priority
unconfigure qostype priority unconfigure qostype priority unconfigure qostype priority Description Resets all traffic grouping priority values to their defaults. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Resets the traffic grouping priorities to the following: access-list = 11 dest-mac = 8 source-mac = 7...
Page 418 QoS Commands ExtremeWare Software 7.3.0 Command Reference Guide...
Page 419: Nat Commands
IP addresses, typically public Internet IP addresses. This conversion is done transparently by having a NAT device (any Extreme Networks switch using the “i” chipset) rewrite the source IP address and layer 4 port of the packets.
Page 420: Clear Nat
NAT Commands clear nat clear nat [connections | stats} Description Clears NAT connections or statistics. Syntax Description connections Specifies the current NAT connections table. stats Specifies the statistics counter. Default N/A. Usage Guidelines None. Example The following command clears NAT connections: clear nat connections History This command was first available in ExtremeWare 6.2.
Page 421: Configure Nat Add Vlan Map
configure nat add vlan map configure nat add vlan map configure nat add vlan <vlan name> map source [any | <source_ipaddress>/<mask>] {l4-port [any | <port> {- <port>}]} {destination <dest_ipaddress>/<mask> {l4-port [any | <port> {- <port>}]}} to <ip address> [/<mask> | - <ip address>] [tcp | udp | both] [portmap {<min>...
Page 422 NAT Commands Usage Guidelines Four different modes are used to determine how the outside IP addresses and layer 4 ports are assigned: • Static mapping Dynamic mapping • • Port-mapping • Auto-constraining When static mapping is used, each inside IP address uses a single outside IP address. The layer 4 ports are not changed, and only the IP address is rewritten.
Page 423 configure nat add vlan map IP/mask, the rule will only match if the port(s) specified are the source layer 4-ports. If you use the command after the destination IP/mask, the rule will only match if the port(s) specified are the l4-port destination layer 4 ports.
Page 424: Configure Nat Delete
NAT Commands configure nat delete configure nat delete [all | vlan <vlan name> map source [any | <ip address>/<mask>] {l4-port [any | <port> {- <port>}]} {destination <ip address>/<mask> {l4-port [any | <port> {- <port>}]}} to <ip address> [/<mask> | - <ip address>] [tcp | udp | both] [portmap {<min>...
Page 425 configure nat delete Example The following command deletes a portmap translation rule: configure nat delete out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp portmap 1024 - 8192 History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 426: Configure Nat Finrst-Timeout
NAT Commands configure nat finrst-timeout configure nat finrst-timeout <seconds> Description Configures the timeout for a TCP session that has been torn down or reset. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out.
Page 427: Configure Nat Icmp-Timeout
configure nat icmp-timeout configure nat icmp-timeout configure nat icmp-timeout <seconds> Description Configures the timeout for an ICMP packet. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 3 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed-out.
Page 428: Configure Nat Syn-Timeout
NAT Commands configure nat syn-timeout configure nat syn-timeout <seconds> Description Configures the timeout for an entry with an unacknowledged TCP SYN state. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 60 seconds.
Page 429: Configure Nat Tcp-Timeout
configure nat tcp-timeout configure nat tcp-timeout configure nat tcp-timeout <seconds> Description Configures the timeout for a fully setup TCP SYN session. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 120 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed-out.
Page 430: Configure Nat Timeout
NAT Commands configure nat timeout configure nat timeout <seconds> Description Configures the timeout for any IP packet that is not TCP, UDP, or ICMP. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out.
Page 431: Configure Nat Udp-Timeout
configure nat udp-timeout configure nat udp-timeout configure nat udp-timeout <seconds> Description Configures the timeout for a UDP session. Syntax Description seconds Specifies the number of seconds to wait before the session table entry times out. Default Default timeout is 120 seconds. Usage Guidelines Setting the timeout to zero specifies that session table entries should not be timed-out.
Page 432: Configure Nat Vlan
NAT Commands configure nat vlan configure nat vlan <vlan name> [inside | outside | none] Description Configures a VLAN to participate in NAT. Syntax Description vlan name Specifies a VLAN name. inside Specifies that the VLAN is an inside VLAN. outside Specifies that the VLAN is an outside VLAN.
Page 433: Disable Nat
disable nat disable nat disable nat Description Disables network address translation on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command disables NAT functionality on the switch: disable nat History This command was first available in ExtremeWare 6.2.
Page 434: Enable Nat
NAT Commands enable nat enable nat Description Enables network address translation on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command enables NAT functionality on the switch: enable nat History This command was first available in ExtremeWare 6.2.
Page 435: Show Nat
show nat show nat show nat {timeout | stats | connections | rules {vlan <outside_vlan>}} Description Displays NAT settings. Syntax Description timeout Specifies the display of NAT timeout settings. stats Specifies the display of statistics for NAT traffic. connections Specifies the display of the current NAT connection table. rules Specifies the display of NAT rules, optionally for a specific VLAN.
Page 436 NAT Commands ExtremeWare Software 7.3.0 Command Reference Guide...
Page 437: Slb Commands
SLB Commands This chapter discusses server load balancing (SLB) and flow redirect commands. SLB transparently distributes client requests among several servers. The main use for SLB is for web hosting (using redundant servers to increase the performance and reliability of busy websites). You can use SLB to manage and balance traffic for client equipment such as web servers, cache servers, routers, and proxy servers.
Page 438: Clear Slb Connections
SLB Commands clear slb connections clear slb connections {ipaddress <ip address> : <port> | vip <vip name>} Description Clears all existing SLB connections. Syntax Description ip address Specifies an IP address. port Specifies a port. vip name Specifies a virtual server. Default N/A.
Page 439: Clear Slb Persistence Vip
clear slb persistence vip clear slb persistence vip clear slb persistence vip <vip name> Description Clears the connection information in the persistence table. Syntax Description vip name Specifies a virtual server. Default N/A. Usage Guidelines Use this command only during testing. Clearing persistence disables applications, such as shopping carts, that require persistence.
Page 440: Configure Flow-Redirect Add Next-Hop
SLB Commands configure flow-redirect add next-hop configure flow-redirect <flow redirect> add next-hop <ip address> Description Adds the next hop host (gateway) that is to receive the packets that match the flow redirect policy. Syntax Description flow redirect Specifies a flow redirect policy. ip address Specifies an IP address.
Page 441: Configure Flow-Redirect Delete Next-Hop
configure flow-redirect delete next-hop configure flow-redirect delete next-hop configure flow-redirect <flow redirect> delete next-hop <ip address> Description Deletes the next hop host (gateway). Syntax Description flow redirect Specifies a flow redirect policy. ip address Specifies an IP address. Default N/A. Usage Guidelines None.
Page 442: Configure Flow-Redirect Service-Check Ftp
SLB Commands configure flow-redirect service-check ftp configure flow-redirect <flow redirect> service-check ftp user <user name> <password> Description Configures the flow redirect FTP check. Syntax Description flow redirect Specifies a flow redirect policy. user name Specifies the user name for logging in to the FTP service. password Specifies the password for logging in to the FTP service.
Page 443: Configure Flow-Redirect Service-Check Http
5000 bytes. Extreme Networks recommends that you create a specific URL dedicated to this check. Do not include “http://” in the URL. To check a URL beyond the root directory, include the path in the specified URL.
Page 444: Configure Flow-Redirect Service-Check L4-Port
SLB Commands configure flow-redirect service-check L4-port configure flow-redirect <flow redirect> service-check L4-port Description Configures the flow redirect layer 4 port check. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines This command automatically enables layer 4 port check. The layer 4 port check opens and closes the layer 4 port specified in the flow redirect policy.
Page 445: Configure Flow-Redirect Service-Check Nntp
configure flow-redirect service-check nntp configure flow-redirect service-check nntp configure flow-redirect <flow redirect> service-check nntp <newsgroup> Description Configures the flow redirect NNTP check. Syntax Description flow redirect Specifies a flow redirect policy. newsgroup Specifies the news group to be checked. Default N/A.
Page 446: Configure Flow-Redirect Service-Check Ping
SLB Commands configure flow-redirect service-check ping configure flow-redirect <flow redirect> service-check ping Description Configures the flow redirect ping check. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines This command automatically enables ping check. Ping check is also automatically enabled when you add a next hop using the following command: configure flow-redirect add next-hop In ExtremeWare 6.2.0 and prior, the frequency of the ping check is 10 seconds, the timeout of the ping check is 30 seconds, and you cannot configure these times.
Page 447: Configure Flow-Redirect Service-Check Pop3
configure flow-redirect service-check pop3 configure flow-redirect service-check pop3 configure flow-redirect <flow redirect> service-check pop3 user <user name> <password> Description Configures the flow redirect POP3 check. Syntax Description flow redirect Specifies a flow redirect policy. user name Specifies the user name for logging in to the POP3 service. password Specifies the password for logging in to the POP3 service.
Page 448: Configure Flow-Redirect Service-Check Smtp
SLB Commands configure flow-redirect service-check smtp configure flow-redirect <flow redirect> service-check smtp <dns domain> Description Configures the flow redirect SMTP check. Syntax Description flow redirect Specifies a flow redirect policy. dns domain Specifies the DNS domain of the mail server. Default N/A.
Page 449: Configure Flow-Redirect Service-Check Telnet
configure flow-redirect service-check telnet configure flow-redirect service-check telnet configure flow-redirect <flow redirect> service-check telnet user <user name> <password> Description Configures the flow redirect Telnet check. Syntax Description flow redirect Specifies a flow redirect policy. user name Specifies the user name for logging in to the telnet service. password Specifies the password for logging in to the telnet service.
Page 450: Configure Flow-Redirect Timer Ping-Check
SLB Commands configure flow-redirect timer ping-check configure flow-redirect timer ping-check frequency <seconds> timeout <seconds> Description Configures the flow redirect ping-check frequency and timeout. Syntax Description frequency Specifies the ping-check frequency. The range is 1 to 60. timeout Specifies the ping-check timeout. The range is 1 to 60. Default The default frequency is 10 seconds.
Page 451: Configure Flow-Redirect Timer Service-Check
configure flow-redirect timer service-check configure flow-redirect timer service-check configure flow-redirect timer service-check frequency <seconds> timeout <seconds> Description Configures the flow redirect service-check frequency and timeout. Syntax Description frequency Specifies the service-check frequency. The range is 15 to 300. timeout Specifies the service-check timeout. The range is 15 to 300. Default The default frequency is 60 seconds.
Page 452: Configure Flow-Redirect Timer Tcp-Port-Check
SLB Commands configure flow-redirect timer tcp-port-check configure flow-redirect timer tcp-port-check frequency <seconds> timeout <seconds> Description Configures the flow redirect TCP port check frequency and timeout. Syntax Description frequency Specifies the tcp-port-check frequency. The range is 5 to 120. timeout Specifies the tcp-port-check timeout. The range is 5 to 300. Default The default frequency is 10 seconds.
Page 453: Configure Slb Esrp Vlan
To set the unit number of a virtual server, use the following command: configure slb vip For simplicity, Extreme Networks recommends that you put client, server, and virtual server VLANs in the same ESRP group. Example The following command configures ESRP VLAN “servers”...
Page 454: Configure Slb Failover Alive-Frequency
The default timeout is 3 seconds. Usage Guidelines The frequency must be less than the timeout. Extreme Networks recommends that you set the timout greater than an even multiple of the frequency. To enable active-active operation, use the following command:...
Page 455: Configure Slb Failover Dead-Frequency
configure slb failover dead-frequency configure slb failover dead-frequency configure slb failover dead-frequency <seconds> Description Configures the frequency at which the local switch attempts to re-establish communication with the unresponsive remote switch. Syntax Description dead-frequency The frequency at which the local switch attempts to re-establish communication with the unresponsive remote switch.
Page 456: Configure Slb Failover Failback-Now
SLB Commands configure slb failover failback-now configure slb failover failback-now Description Configures the local SLB to release the remote SLB resources if the remote SLB is alive. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines When an active SLB unit fails and recovers, and manual failback is enabled, use this command to force the recovered SLB unit to become the active unit.
Page 457: Configure Slb Failover Ping-Check
configure slb failover ping-check configure slb failover ping-check configure slb failover ping-check <ip address> {frequency <seconds> timeout <seconds>} Description Configures the SLB device to actively determine if a remote gateway is reachable by performing a ping. Syntax Description ip address Specifies the IP address of the remote gateway.
Page 458: Configure Slb Failover Unit
To enable active-active operation, use the following command: enable slb failover Extreme Networks recommends that you use a dedicated layer 2 VLAN to connect the two active-active switches. Example The following command configures the local SLB switch (with an IP address of 10.10.10.22) to direct unit 2 virtual servers to failover to the SLB switch with an IP address of 10.10.10.21:...
Page 459: Configure Slb Global Connection-Block
configure slb global connection-block configure slb global connection-block configure slb global connection-block <number> Description Configures the number of SLB connections to allocate in memory, which improves performance. Syntax Description number Specifies the number of connection blocks. The range is 100 to 20,000. Default The default is 10,000.
Page 460: Configure Slb Global Connection-Timeout
SLB Commands configure slb global connection-timeout configure slb global connection-timeout <seconds> Description Configures the connection timeout for transparent and translation modes. Syntax Description seconds Specifies the number of seconds. The range is 1 to 180. Default The default is one second. Usage Guidelines None.
Page 461: Configure Slb Global Ftp
The default value for user and password is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The FTP service check provides a more thorough check than ping check, because the FTP service check logs into the service.
Page 462: Configure Slb Global Http
The HTTP service check provides a more thorough check than ping check, because the HTTP service check connects to a specific URL and checks for a specific text string. Extreme Networks recommends that you create a specific URL dedicated to this check.
Page 463 configure slb global http Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 464: Configure Slb Global Nntp
SLB Commands configure slb global nntp configure slb global nntp <newsgroup> Description Configures the default parameters for layer 7 NNTP service checking. Syntax Description newsgroup Specifies a newsgroup. Default The default newsgroup is ebusiness. Usage Guidelines The NNTP service check provides a more thorough check than ping check, because the NNTP service check logs into the service.
Page 465: Configure Slb Global Persistence-Level
configure slb global persistence-level configure slb global persistence-level configure slb global persistence-level [any-vip | same-vip-any-port | same-vip-same-port] Description Configures the persistence level globally. Syntax Description any-vip Specifies that an entry can match any port on any virtual server. same-vip-any-port Specifies that an entry must match virtual server, and can be any port. same-vip-same-port Specifies that an entry must match both virtual server and port for persistence.
Page 466: Configure Slb Global Persistence-Method
SLB Commands configure slb global persistence-method configure slb global persistence-method [per-packet | per-session] Description Configures the behavior of the persistence timer. Syntax Description per-packet Resets the persistence timer at the receipt of each packet. per-session Resets the persistence timer at the beginning of the session. When the timer expires, persistence for the session ends.
Page 467: Configure Slb Global Ping-Check
configure slb global ping-check configure slb global ping-check configure slb global ping-check frequency <seconds> timeout <seconds> Description Configures default health checking frequency and timeout period using layer 3-based pinging of the physical node. Syntax Description frequency Specifies the frequency of the ping check. The range is 1 to 60 seconds. timeout Specifies the timeout of the ping check.
Page 468: Configure Slb Global Pop3
The default value for user and password is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The POP3 service check provides a more thorough check than ping check, because the POP3 service check logs into the service.
Page 469: Configure Slb Global Service-Check
configure slb global service-check configure slb global service-check configure slb global service-check frequency <seconds> timeout <seconds> Description Configures default health checking frequency and timeout period using layer 7-based application-dependent checking. Syntax Description frequency Specifies the frequency of the service check. The range is 15 to 300 seconds. timeout Specifies the timeout of the service check.
Page 470: Configure Slb Global Smtp
SLB Commands configure slb global smtp configure slb global smtp <dns domain> Description Configures the default parameters for layer 7 SMTP service checking. Syntax Description dns domain Specifies the domain to check. Default The default value for is the switch’s domain. If the switch does not have a DNS domain dns domain configured, the value is “mydomain.com”.
Page 471: Configure Slb Global Synguard
configure slb global synguard configure slb global synguard configure slb global synguard max-unacknowledged-SYNs <number> Description Configures the the SYN-guard feature. Syntax Description max-unacknowledged-SYNs Specifies the number of half-open connections that the switch allows. The range is 10 to 4000. Default The default value is 50.
Page 472: Configure Slb Global Tcp-Port-Check
SLB Commands configure slb global tcp-port-check configure slb global tcp-port-check frequency <seconds> timeout <seconds> Description Configures default health checking frequency and timeout period using layer 4-based TCP port testing. Syntax Description frequency Specifies the frequency of the TCP port check. The range is 5 to 120 seconds. timeout Specifies the timeout of the TCP port check.
Page 473: Configure Slb Global Telnet
The default value for user and password is anonymous. Usage Guidelines If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The telnet service check provides a more thorough check than ping check, because the telnet service check logs into the service.
Page 474: Configure Slb Gogo-Mode Health-Check
SLB Commands configure slb gogo-mode health-check configure slb gogo-mode <port number> health-check <ip address> Description Configures the health checker with the common IP addresses of the GoGo mode servers in this group. Syntax Description port number Specifies the GoGo mode master port. ip address Specifies an IP address.
Page 475: Configure Slb Gogo-Mode Ping-Check
configure slb gogo-mode ping-check configure slb gogo-mode ping-check configure slb gogo-mode <port number> ping-check frequency <seconds> timeout <seconds> Description Overrides the global default ping-check frequency and timeout values for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. frequency Specifies the frequency of the ping check.
Page 476 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 477: Configure Slb Gogo-Mode Service-Check Ftp
configure slb gogo-mode service-check ftp configure slb gogo-mode service-check ftp configure slb gogo-mode <port number> service-check ftp {L4-port <L4-port>} {user <user> | password {encrypted} <password>} Description Configures the FTP service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 478: Configure Slb Gogo-Mode Service-Check Http
This command accesses the specified URL and checks for the specified alphanumeric string in the first 1000 bytes. Extreme Networks recommends that you create a specific URL dedicated to this check. Do not include “http://” in the URL. To check a URL beyond the root directory, include the path in the specified URL.
Page 479 configure slb gogo-mode service-check http History This command was first available in ExtremeWare 6.1.5. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 480: Configure Slb Gogo-Mode Service-Check Pop3
SLB Commands configure slb gogo-mode service-check pop3 configure slb gogo-mode <port number> service-check pop3 {L4-port <L4-port>} {userid <userid> | password {encrypted} <password>} Description Configures the service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. L4-port Specifies a layer 4 port.
Page 481: Configure Slb Gogo-Mode Service-Check Smtp
configure slb gogo-mode service-check smtp configure slb gogo-mode service-check smtp configure slb gogo-mode <port number> service-check smtp {L4-port <L4-port>} {<dns domain>} Description Configures the service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. L4-port Specifies a layer 4 port.
Page 482: Configure Slb Gogo-Mode Service-Check Telnet
SLB Commands configure slb gogo-mode service-check telnet configure slb gogo-mode <port number> service-check telnet {L4-port <L4-port>} {user <user name> | password {encrypted} <password>} Description Configures the service check parameters for a GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. L4-port Specifies a layer 4 port.
Page 483: Configure Slb Gogo-Mode Service-Check Timer
configure slb gogo-mode service-check timer configure slb gogo-mode service-check timer configure slb gogo-mode <port number> service-check timer [all | ftp | http | telnet | smtp | nntp | pop3 | <TCP port number>] frequency <seconds> timeout <seconds> Description Overrides the global service-check frequency and timeout values. Syntax Description port number Specifies the GoGo mode master port.
Page 484 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 485: Configure Slb Gogo-Mode Tcp-Port-Check Add
configure slb gogo-mode tcp-port-check add configure slb gogo-mode tcp-port-check add configure slb gogo-mode <port number> tcp-port-check add [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Adds the specified layer 4 port.
Page 486 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 487: Configure Slb Gogo-Mode Tcp-Port-Check Delete
configure slb gogo-mode tcp-port-check delete configure slb gogo-mode tcp-port-check delete configure slb gogo-mode <port number> tcp-port-check delete [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Deletes the specified layer 4 port.
Page 488 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 489: Configure Slb Gogo-Mode Tcp-Port-Check Timer
configure slb gogo-mode tcp-port-check timer configure slb gogo-mode tcp-port-check timer configure slb gogo-mode <port number> tcp-port-check timer [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] frequency <seconds>...
Page 490 SLB Commands Example The following command configures GoGo mode FTP TCP-port-check for the group with port 29 as the master port with a frequency of 15 seconds and a timeout of 45 seconds: configure slb gogo-mode 29 tcp-port-check timer ftp frequency 15 timeout 45 History This command was first available in ExtremeWare 6.1.5.
Page 491: Configure Slb L4-Port
configure slb L4-port configure slb L4-port configure slb L4-port [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] [treaper-timeout <seconds>...
Page 492 SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 493: Configure Slb Node Max-Connections
configure slb node max-connections configure slb node max-connections configure slb node <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] max-connections <number>...
Page 494 SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 495: Configure Slb Node Ping-Check
configure slb node ping-check configure slb node ping-check configure slb node <ip address> ping-check frequency <seconds> timeout <seconds> Description Overrides the global default frequency and timeout values for this node. Syntax Description ip address Specifies the IP address of the node. frequency Specifies the frequency of the ping check.
Page 496: Configure Slb Node Tcp-Port-Check
SLB Commands configure slb node tcp-port-check configure slb node <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] tcp-port-check frequency <seconds>...
Page 497 configure slb node tcp-port-check Example The following command sets the FTP TCP-port-check for the node with an IP address of 10.2.1.2 to a frequency of 30 seconds and a timeout of 90 seconds: configure slb node 10.2.1.2 : ftp tcp-port-check frequency 30 timeout 90 History This command was first available in ExtremeWare 6.1.
Page 498: Configure Slb Pool Add
SLB Commands configure slb pool add configure slb pool <pool name> add <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] {ratio <number>...
Page 499 configure slb pool add configure the ratio, use the smallest common denominator. For example, to configure a ratio of 25% and 75%, use ratios of 1 and 3, instead of 25 and 75. To configure a pool to use the ratio load balancing method, use the following command: configure slb pool <pool name>...
Page 500: Configure Slb Pool Delete
SLB Commands configure slb pool delete configure slb pool <pool name> delete <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Deletes a node from a pool.
Page 501 configure slb pool delete History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 502: Configure Slb Pool Lb-Method
SLB Commands configure slb pool lb-method configure slb pool <pool name> lb-method [least-connections | priority | ratio | round-robin] Description Configures the SLB load balancing method. Syntax Description pool name Specifies a pool. least-connections Specifies the least connections load balancing method. priority Specifies the priority load balancing method.
Page 503: Configure Slb Pool Member
configure slb pool member configure slb pool member configure slb pool <pool name> member <ip address>:[ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP or UDP port number>] [ratio <number>...
Page 504 SLB Commands configure slb pool ftp member 10.2.1.2 : ftp priority 2 History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 505: Configure Slb Proxy-Client-Persistence
configure slb proxy-client-persistence configure slb proxy-client-persistence configure slb proxy-client-persistence [add | delete] <ip address>/<netmask> Description Configures a client subnet that should be treated as one persistent entity. Syntax Description ip address/netmask Specifies an IP address and netmask. Default N/A. Usage Guidelines Use this command to force all clients from the specified proxy array to connect to the same physical server.
Page 506: Configure Slb Vip
SLB Commands configure slb vip configure slb vip <vip name> unit [number] Description Configures the unit number for active-active failover. Syntax Description vip name Specifies a virtual server. unit Specifies a unit identifier on a virtual server. The range is 1 to 16. Default The default unit is 1.
Page 507: Configure Slb Vip Client-Persistence-Timeout
The default is 3600. client-persistence-timeout Usage Guidelines Extreme Networks recommends that you specify a short client persistence timeout, because longer timeout values consume more memory. Example The following command configures the virtual server “ftp” with a client persistence timeout of 3000...
Page 508: Configure Slb Vip Max-Connections
SLB Commands configure slb vip max-connections configure slb vip <vip name> max-connections <number> Description Configures the maximum connections allowed to a particular virtual server. Syntax Description vip name Specifies a virtual server. max-connections Specifies the maximum number of connections allowed to a virtual server. The range is 0 to 999,999,999.
Page 509: Configure Slb Vip Service-Check Frequency
configure slb vip service-check frequency configure slb vip service-check frequency configure slb vip <vip name> service-check frequency <seconds> timeout <seconds> Description Configures the layer 7 service check frequency and timeout for a particular virtual server. Syntax Description vip name Specifies a virtual server. frequency Specifies the frequency of the service check.
Page 510: Configure Slb Vip Service-Check Ftp
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The FTP service check provides a more thorough check than ping check, because the FTP service check logs into the service.
Page 511: Configure Slb Vip Service-Check Http
The HTTP service check provides a more thorough check than ping check, because the HTTP service check connects to a specific URL and checks for a specific text string. Extreme Networks recommends that you create a specific URL dedicated to this check.
Page 512 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 513: Configure Slb Vip Service-Check Nntp
configure slb vip service-check nntp configure slb vip service-check nntp configure slb vip <vip name> service-check nntp <newsgroup> Description Configures layer 7 NNTP service checking for a specific virtual server. Syntax Description vip name Specifies a virtual server. newsgroup Specifies a newsgroup. Default N/A.
Page 514: Configure Slb Vip Service-Check Pop3
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The POP3 service check provides a more thorough check than ping check, because the POP3 service check logs into the service.
Page 515: Configure Slb Vip Service-Check Smtp
configure slb vip service-check smtp configure slb vip service-check smtp configure slb vip <vip name> service-check smtp {<dns domain>} Description Configures layer 7 SMTP service checking for a specific virtual server. Syntax Description vip name Specifies a virtual server. dns domain Specifies the domain to check.
Page 516: Configure Slb Vip Service-Check Telnet
Usage Guidelines This command automatically enables service checking. If you do not enter a password, you are prompted for the password twice. Extreme Networks recommends that you use a password. The telnet service check provides a more thorough check than ping check, because the telnet service check logs into the service.
Page 517: Configure Vlan Slb-Type
configure vlan slb-type configure vlan slb-type configure vlan <vlan name> slb-type [both | client | none | server] Description Marks a VLAN as either a server VLAN or a client VLAN. Syntax Description both Configures the VLAN as both a server and a client VLAN. client Configures the VLAN as a client VLAN.
Page 518: Create Flow-Redirect
SLB Commands create flow-redirect create flow-redirect <flow redirect> [any | tcp | tup | udp] destination [<ip address> / <mask> [ip-port <number> | src-ip-port <number>] | any] source [<ip address> / <mask> | any] Description Creates a flow redirect policy. Syntax Description flow redirect Specifies a flow redirect policy.
Page 519 create flow-redirect Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 520: Create Slb Pool
SLB Commands create slb pool create slb pool <pool name> {lb-method [least-connections | priority | ratio | round-robin]} Description Creates a server pool and optionally assigns a load-balancing method to the pool. Syntax Description pool name Specifies a pool. lb-method Specifies the load-balancing method.
Page 521: Create Slb Vip
create slb vip create slb vip create slb vip <vip name> pool <pool name> mode [transparent | translation | port-translation] <ip address> {- <upper range>} : <L4 port> {unit <number>} Description Creates one or more new virtual servers. Syntax Description vip name Specifies a virtual server.
Page 522: Delete Flow-Redirect
SLB Commands delete flow-redirect delete flow-redirect <flow redirect> Description Deletes a flow redirect policy. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines To rename or modify a flow redirect policy, you must delete and recreate the flow redirect policy. Example The following command deletes a flow redirect policy named “http”: delete flow-redirect http...
Page 523: Delete Slb Pool
delete slb pool delete slb pool delete slb pool [<pool name> | all] Description Deletes a server pool. Syntax Description pool name Specifies a pool. Specifies all pools. Default N/A. Usage Guidelines You must first delete all virtual servers before deleting the pool. To delete a virtual server, use the following command: delete slb vip Example...
Page 524: Delete Slb Vip
SLB Commands delete slb vip delete slb vip [<vip name> | all] Description Deletes one or all virtual servers. Syntax Description vip name Specifies a virtual server. Specifies all virtual servers. Default N/A. Usage Guidelines You must use this command to delete all virtual servers from a pool before deleting the pool. Example The following command the virtual server named “http_vip”: delete slb pool http_vip...
Page 525: Disable Flow-Redirect
disable flow-redirect disable flow-redirect disable flow-redirect [all | <flow redirect>] Description Disables flow redirect. Syntax Description Specifies all flow policies. flow redirect Specifies a single flow redirect policy. Default The default parameter is all. Flow redirect is disabled by default. Usage Guidelines When you create a new flow redirect policy, flow redirect is automatically enabled.
Page 526: Disable Slb
SLB Commands disable slb disable slb Description Disables SLB processing. Syntax Description This command has no arguments or variables. Default SLB is disabled by default. Usage Guidelines Disabling SLB causes the following to occur: • Closes all connections. • Withdraws virtual server routes or routes that do not respond with proxy ARP responses of virtual server addresses.
Page 527: Disable Slb 3Dns
disable slb 3dns disable slb 3dns disable slb 3dns iquery-client Description Disables 3DNS support. Syntax Description This command has no arguments or variables. Default 3DNS is disabled by default. Usage Guidelines To enable 3DNS, use the following command: enable slb 3dns iquery-client Example The following command disables 3DNS: disable slb 3dns iquery-client...
Page 528: Disable Slb Failover
SLB Commands disable slb failover disable slb failover Description Disables the SLB failover mechanism. Syntax Description This command has no arguments or variables. Default SLB failover is disabled by default. Usage Guidelines To enable SLB failover, use the following command: enable slb failover Example The following command disables SLB failover:...
Page 529: Disable Slb Failover Manual-Failback
disable slb failover manual-failback disable slb failover manual-failback disable slb failover manual-failback Description Disables manual failback. Syntax Description This command has no arguments or variables. Default Manual failback is disabled by default. Usage Guidelines To enable manual failback, use the following command: enable slb failover manual-failback Example The following command disables manual failback:...
Page 530: Disable Slb Failover Ping-Check
SLB Commands disable slb failover ping-check disable slb failover ping-check Description Disables ping-check to an external gateway. Syntax Description This command has no arguments or variables. Default Ping-check is disabled by default. Usage Guidelines To enable ping-check, use the following command: enable slb failover ping-check Example The following command disables ping-check:...
Page 531: Disable Slb Global Synguard
disable slb global synguard disable slb global synguard disable slb global synguard Description Disables the TCP SYN-guard feature. Syntax Description This command has no arguments or variables. Default SYN-guard is disabled by default. Usage Guidelines To enable SYN-guard, use the following command: enable slb global synguard Example The following command disables SYN-guard:...
Page 532: Disable Slb Gogo-Mode
SLB Commands disable slb gogo-mode disable slb gogo-mode <port number> {all} Description Disables GoGo mode processing. Syntax Description port number Specifies the GoGo mode master port. Disables all health checking. Default GoGo mode is disabled by default. Usage Guidelines Before you disable GoGo mode, disconnect the servers, as they all have identical MAC and IP addresses, which can cause VLAN conflicts.
Page 533: Disable Slb Gogo-Mode Ping-Check
disable slb gogo-mode ping-check disable slb gogo-mode ping-check disable slb gogo-mode <port number> ping-check Description Disables layer-3 ping-check to this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. Default GoGo mode ping check is disabled by default. Usage Guidelines To enable ping-check for a GoGo mode group, use the following command: enable slb gogo-mode <port number>...
Page 534: Disable Slb Gogo-Mode Service-Check
SLB Commands disable slb gogo-mode service-check disable slb gogo-mode <port number> service-check [all | ftp | http | nntp | pop3 | smtp | telnet | <TCP port number>] Description Disables layer 7 service check to this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 535: Disable Slb Gogo-Mode Tcp-Port-Check
disable slb gogo-mode tcp-port-check disable slb gogo-mode tcp-port-check disable slb gogo-mode <port number> tcp-port-check [all | ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Disables layer 4 TCP-port-check to this GoGo mode group.
Page 536 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 537: Disable Slb L4-Port
disable slb L4-port disable slb L4-port disable slb L4-port [all | ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Disables one or all SLB ports.
Page 538 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 539: Disable Slb Node
disable slb node disable slb node disable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {close-connections-now} Description Disables one or all nodes.
Page 540 SLB Commands Example The following command disables all nodes and immediately closes all open connections: disable slb node all close-connections-now History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 541: Disable Slb Node Ping-Check
disable slb node ping-check disable slb node ping-check disable slb node [all | <ip address>] ping-check Description Disables layer 3 ping-check. Syntax Description Specifies all nodes. ip address Specifies the IP address of the node. Default Ping-check is disabled by default. Usage Guidelines Ping-check is automatically enabled when a node is added to a pool.
Page 542: Disable Slb Node Tcp-Port-Check
SLB Commands disable slb node tcp-port-check disable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] tcp-port-check Description Disables layer 4 TCP-port-checking.
Page 543 disable slb node tcp-port-check Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 544: Disable Slb Proxy-Client-Persistence
SLB Commands disable slb proxy-client-persistence disable slb proxy-client-persistence Description Disables proxy client persistence. Syntax Description This command has no arguments or variables. Default Proxy client persistence is disabled by default. Usage Guidelines To enable proxy client persistence, use the following command: enable slb proxy-client-persistence Example The following command disables proxy client persistence:...
Page 545: Disable Slb Vip
disable slb vip disable slb vip disable slb vip [all | <vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {close-connections-now} Description Disables one or all virtual servers.
Page 546 SLB Commands disable slb vip ftp_vip close-connections-now History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 547: Disable Slb Vip Client-Persistence
disable slb vip client-persistence disable slb vip client-persistence disable slb vip [all | <vip name>] client-persistence Description Disables client persistence. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Client persistence is disabled by default. Usage Guidelines To enable client persistence, use the following command: enable slb vip client-persistence Example...
Page 548: Disable Slb Vip Service-Check
SLB Commands disable slb vip service-check disable slb vip [all | <vip name>] service-check Description Disables layer 7 service-check. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Service-check is disabled by default. Usage Guidelines To enable service-check, use the following command: enable slb vip service-check Example The following command disables service-check for the virtual server “ftp_vip”:...
Page 549: Disable Slb Vip Sticky-Persistence
disable slb vip sticky-persistence disable slb vip sticky-persistence disable slb vip [all | <vip name>] sticky-persistence Description Disables sticky persistence. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Sticky persistence is disabled by default. Usage Guidelines To enable sticky persistence, use the following command: enable slb vip sticky-persistence Example...
Page 550: Disable Slb Vip Svcdown-Reset
SLB Commands disable slb vip svcdown-reset disable slb vip [all | <vip name>] svcdown-reset Description Disables svcdown-reset. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default The svcdown-reset feature is disabled by default. Usage Guidelines To enable svcdown-reset, use the following command: enable slb vip svcdown-reset Example The following command disables svcdown-reset for the virtual server “ftp_vip”:...
Page 551: Enable Flow-Redirect
enable flow-redirect enable flow-redirect enable flow-redirect [all | <flow redirect>] Description Enables flow redirect. Syntax Description Specifies all flow policies. flow redirect Specifies a single flow redirect policy. Default The default parameter is all. Flow redirection is disabled by default. Usage Guidelines When you create a new flow redirect policy, flow redirect is automatically enabled.
Page 552: Enable Slb
SLB Commands enable slb enable slb Description Enables SLB processing. Syntax Description This command has no arguments or variables. Default SLB is disabled by default. Usage Guidelines This command activates the following functions for transparent, translational, and port translation modes: •...
Page 553: Enable Slb 3Dns
enable slb 3dns enable slb 3dns enable slb 3dns iquery-client Description Enables 3DNS support. Syntax Description This command has no arguments or variables. Default 3DNS is disabled by default. Usage Guidelines The following 3DNS global balance modes are supported: • completion •...
Page 554: Enable Slb Failover
SLB Commands enable slb failover enable slb failover Description Enables SLB failover. Syntax Description This command has no arguments or variables. Default Failover is disabled by default. Usage Guidelines When SLB failover is enabled, the primary SLB switch automatically resumes primary status when it becomes active.
Page 555: Enable Slb Failover Manual-Failback
enable slb failover manual-failback enable slb failover manual-failback enable slb failover manual-failback Description Enables manual failback. Syntax Description This command has no arguments or variables. Default Manual failback is disabled by default. Usage Guidelines When manual failback is enabled, the primary SLB switch does not automatically resume primary status until you use the following command: configure slb failover failback-now To disable manual failback, use the following command:...
Page 556: Enable Slb Failover Ping-Check
SLB Commands enable slb failover ping-check enable slb failover ping-check Description Enables ping-check. Syntax Description This command has no arguments or variables. Default Ping-check is disabled by default. Usage Guidelines To disable ping-check, use the following command: disable slb failover ping-check Example The following command enables ping-check: enable slb failover ping-check...
Page 557: Enable Slb Global Synguard
enable slb global synguard enable slb global synguard enable slb global synguard Description Enables the TCP SYN-guard feature. Syntax Description This command has no arguments or variables. Default SYN-guard is disabled by default. Usage Guidelines To disable SYN-guard, use the following command: disable slb global synguard Example The following command enables SYN-guard:...
Page 558: Enable Slb Gogo-Mode
SLB Commands enable slb gogo-mode enable slb gogo-mode <port number> grouping <port list> Description Enables GoGo mode processing for a group of ports. Syntax Description port number Specifies the GoGo mode master port. port list Specifies a range or list of ports assigned to the group. Default GoGo mode is disabled by default.
Page 559: Enable Slb Gogo-Mode Ping-Check
enable slb gogo-mode ping-check enable slb gogo-mode ping-check enable slb gogo-mode <port number> ping-check <ip address> Description Enables layer-3 ping-check for the GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. ip address Specifies an IP address to be pinged. Default GoGo mode ping check is disabled by default.
Page 560: Enable Slb Gogo-Mode Service-Check
SLB Commands enable slb gogo-mode service-check enable slb gogo-mode <port number> service-check [all | ftp | http | nntp | pop3 | smtp | telnet | <TCP port number>] Description Enables layer 7 service checking for the GoGo mode group. Syntax Description port number Specifies the GoGo mode master port.
Page 561: Enable Slb Gogo-Mode Tcp-Port-Check
enable slb gogo-mode tcp-port-check enable slb gogo-mode tcp-port-check enable slb gogo-mode <port number> tcp-port-check [all | ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | www | <TCP port number>] Description Enables layer 4 TCP-port-check for the GoGo mode group.
Page 562 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 563: Enable Slb L4-Port
enable slb L4-port enable slb L4-port enable slb L4-port [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Enables an SLB port.
Page 564 SLB Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 565: Enable Slb Node
enable slb node enable slb node enable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] Description Enables one or all nodes.
Page 566 SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 567: Enable Slb Node Ping-Check
enable slb node ping-check enable slb node ping-check enable slb node [all | <ip address>] ping-check Description Enables layer 3 ping-check. Syntax Description Specifies all nodes. ip address Specifies the IP address of the node. Default Ping-check is enabled by default. Usage Guidelines Ping-check is automatically enabled when a node is added to a pool.
Page 568: Enable Slb Node Tcp-Port-Check
SLB Commands enable slb node tcp-port-check enable slb node [all | <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] tcp-port-check Description Enables layer 4 TCP-port-check.
Page 569 enable slb node tcp-port-check Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 570: Enable Slb Proxy-Client-Persistence
SLB Commands enable slb proxy-client-persistence enable slb proxy-client-persistence Description Enables proxy client persistence. Syntax Description This command has no arguments or variables. Default Proxy client persistence is disabled by default. Usage Guidelines To disable proxy client persistence, use the following command: disable slb proxy-client-persistence Example The following command enables proxy client persistence:...
Page 571: Enable Slb Vip
enable slb vip enable slb vip enable slb vip [all | <vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] Description Enables one or all virtual servers.
Page 572 SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 573: Enable Slb Vip Client-Persistence
enable slb vip client-persistence enable slb vip client-persistence enable slb vip [all | <vip name>] client-persistence {netmask <netmask>} Description Enables client persistence. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. netmask Specifies a netmask. Default The default is disabled. Usage Guidelines To disable client persistence, use the following command: disable slb vip client-persistence...
Page 574: Enable Slb Vip Service-Check
SLB Commands enable slb vip service-check enable slb vip [all | <vip name>] service-check Description Enables layer 7 service check. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default Service-check is disabled by default. Usage Guidelines The service checks are based on the following information: •...
Page 575: Enable Slb Vip Sticky-Persistence
enable slb vip sticky-persistence enable slb vip sticky-persistence enable slb vip [all | ipaddress <ip address> | <vip name>] sticky-persistence {netmask <netmask>} Description Enables the sticky persistence feature and specifies the client address mask. Syntax Description Specifies all virtual servers. ip address Specifies an IP address.
Page 576: Enable Slb Vip Svcdown-Reset
SLB Commands enable slb vip svcdown-reset enable slb vip [all | <vip name>] svcdown-reset Description Enables svcdown-reset. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default The svcdown-reset feature is disabled by default. Usage Guidelines The svcdown-reset feature configures the switch to send TCP RST packets to both the clients and the virtual server if the virtual server fails a health-check.
Page 577: Show Flow-Redirect
show flow-redirect show flow-redirect show flow-redirect <flow redirect> Description Displays the current flow redirect configuration and statistics. Syntax Description flow redirect Specifies a flow redirect policy. Default N/A. Usage Guidelines If you do not specify a flow redirect policy, configuration and statistics for all flow redirect policies are displayed.
Page 578 SLB Commands Service Checking: Displays the configured service check type. • • http • L4-port • nntp • ping • pop3 • smtp • telnet IP Address Displays the IP address of the next hop. State Displays the status of the next hop, either up or down. Flow Info Displays hardware mapping information.
Page 579: Show Slb 3Dns Members
show slb 3dns members show slb 3dns members show slb 3dns members Description Displays the current connection information between the switch and the 3DNS querier. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current 3DNS information: show slb 3dns members History...
Page 580: Show Slb Connections
SLB Commands show slb connections show slb connections [ipaddress <ip address>: [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] | vip <vip name>] Description Displays information on current connections.
Page 581 show slb connections Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 582: Show Slb Esrp
SLB Commands show slb esrp show slb esrp Description Displays SLB configuration for ESRP. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current ESRP configuration: show slb esrp Following is the output from this command: VLAN Name SLB Unit Status SLB Unit(s)
Page 583: Show Slb Failover
show slb failover show slb failover show slb failover Description Displays SLB failover configuration and status. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command also displays SLB failover configuration and status. show slb global Example The following command displays the current SLB failover configuration and status: show slb failover...
Page 584 SLB Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 585: Show Slb Global
show slb global show slb global show slb global Description Displays the current SLB global configuration information. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Displays the following: • Global enable/disable mode • Global modes •...
Page 586 SLB Commands Password: (not shown) SMTPDomain: "mydomain.com" NNTP Newsgroup: "ebusiness" User: anonymous Password: (not shown) POP3User: anonymous Password: (not shown) SLB Failover Configuration: Failover: Enabled Local unit ID: 1 Local IP address: 10.1.1.1 Remote IP address: 10.1.1.2 TCP port number: 1028 Remote Alive frequency: 1 Remote Dead frequency: 2 Keepalive Timeout: 3...
Page 587: Show Slb Gogo-Mode
show slb gogo-mode show slb gogo-mode show slb gogo-mode <port number> {configuration} Description Displays GoGo mode ping-check, TCP-port-check, and service-check status. Syntax Description port number Specifies the GoGo mode master port. configuration Displays configuration instead of status. Default N/A. Usage Guidelines If you do not specify a master port, status for all GoGo mode groups with health checks configured is displayed.
Page 588: Show Slb L4-Port
SLB Commands show slb L4-port show slb L4-port [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>] Description Displays the SLB configuration for the active layer 4 ports.
Page 589: Show Slb Node
show slb node show slb node show slb node {<ip address> [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]} Description Displays node configuration and status.
Page 590 SLB Commands Following is the output from this command: Freq/ TCP/UDP Frequency/Max Node IP Address Flags Timeout Port Flags Timeout#PoolsConns 1.111.1.1 E--H-- 10/30 E--- 30/90 2(no limit) 1.111.1.2 E--H-- 10/30 E--- 30/90 2(no limit) 1.111.1.3 E--H-- 10/30 E--- 30/90 2(no limit) Flags: E - Enable, U - Up, R - IP Route Up,...
Page 591: Show Slb Persistence
show slb persistence show slb persistence show slb persistence Description Displays persistence status of existing clients. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the current persistence status: show slb persistence History This command was first available in ExtremeWare 6.1.
Page 592: Show Slb Pool
SLB Commands show slb pool show slb pool <pool name> Description Displays the current SLB pool configuration and status. Syntax Description pool name Specifies a pool. Default N/A. Usage Guidelines If you do not specify a pool, configuration and status for all pools is displayed. Example The following command displays the current pool configuration and statistics for all pools, currently “rr_pool”...
Page 593: Show Slb Stats
show slb stats show slb stats show slb stats [pool <pool name> | vip <vip name>] Description Displays the current SLB pool connection status. Syntax Description pool name Specifies a pool. vip name Specifies a virtual server. Default N/A. Usage Guidelines If you specify but do not specify a specific pool, status for all pools is displayed.
Page 594: Show Slb Vip
SLB Commands show slb vip show slb vip [<vip name> | ipaddress <ip address> : [ftp | http | https | imap4 | ldap | nntp | pop3 | smtp | socks | telnet | tftp | web | wildcard | www | <TCP or UDP port number>]] {detail} Description Displays the current virtual server configuration and statistics.
Page 595 show slb vip Following is the output from this command: Unit Export # Servers Name IP Address Port -- Mode -- FlagsPool Up/Defined ratio_vip 4.1.1.100 EUA-----ratio_po0/3 rr_vip 10.1.1.10 EUA----!rr_pool0/3 Modes: TP - Transparent, TL - Translational, PT - Port Translational Automatically Exported via: PA - Proxy Arp, HR - Host Route, SR - Subnet Route Flags: E - Enable, U - Up,...
Page 596: Unconfigure Slb All
SLB Commands unconfigure slb all unconfigure slb all Description Resets SLB global defaults and clears the SLB configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command does not delete nodes, pools, or virtual servers. To delete all nodes and pools, use the following command: delete slb pool all To delete all virtual servers, use the following command:...
Page 597: Unconfigure Slb Gogo-Mode Health-Check
unconfigure slb gogo-mode health-check unconfigure slb gogo-mode health-check unconfigure slb gogo-mode <port number> health-check Description Disables and deletes all the ping-check, TCP-port-check, and service-check configurations for this GoGo mode group. Syntax Description port number Specifies the GoGo mode master port. Default N/A.
Page 598: Unconfigure Slb Gogo-Mode Service-Check
SLB Commands unconfigure slb gogo-mode service-check unconfigure slb gogo-mode <port number> service-check [all | ftp | http | nntp | pop3 | smtp | telnet | <TCP port number>] Description Disables and deletes the GoGo mode service-check configuration. Syntax Description port number Specifies the GoGo mode master port.
Page 599: Unconfigure Slb Vip Service-Check
unconfigure slb vip service-check unconfigure slb vip service-check unconfigure slb vip [all | <vip name>] service-check Description Disables and deletes the service check configuration. Syntax Description Specifies all virtual servers. vip name Specifies a virtual server. Default N/A. Usage Guidelines None.
Page 600 SLB Commands ExtremeWare Software 7.3.0 Command Reference Guide...
Page 601: Commands For Status Monitoring And Statistics
Commands for Status Monitoring and Statistics This chapter describes: • Commands for configuring and managing the Event Management System/Logging • Commands for enabling and disabling NetFlow flow statistics collection • Commands for configuring flow-collection port and filtering options • Commands for configuring the flow-collector devices to which NetFlow datagrams are exported •...
Page 602 Commands for Status Monitoring and Statistics NetFlow Statistics NetFlow flow statistics provides a way for a switch to capture and export traffic classification or precedence information as data traverses, or flows, across portions of a network. A network flow is defined as a unidirectional sequence of packets between a particular source device and destination device that share the same protocol and transport-layer information.
Page 603: Clear Counters
clear counters clear counters clear counters Description Clears all switch statistics and port counters, including port packet statistics, bridging statistics, IP statistics, log event counters, and MPLS statistics. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines You should view the switch statistics and port counters before you clear them.
Page 604: Clear Log
Commands for Status Monitoring and Statistics clear log clear log {diag-status | error-led | static | messages [memory-buffer | nvram]} Description Clears the log database. Syntax Description diag-status Clears the hardware error code. error-led Clears the ERR LED on the MSM. static Specifies that the messages in the NVRAM target are cleared, and the ERR LED on the MSM is cleared.
Page 605 clear log option was added in ExtremeWare 7.1.0 error-led option was added in ExtremeWare 7.1.0 messages Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 606: Clear Log Counters
Commands for Status Monitoring and Statistics clear log counters clear log counters {<event condition> | [all | <event component>] {severity <severity> {only}}} Description Clears the incident counters for events. Syntax Description event condition Specifies the event condition counter to clear. Specifies that all events counters are to be cleared.
Page 607 clear log counters Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 608: Clear Log Diag Error
Specifies the slot where the I/O module is installed. Default N/A. Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can clear the Alpine diagnostics failures from the NVRAM using the following command: clear log diag error <slot number> Example...
Page 609: Clear Log Diag Remap
Specifies the slot where the I/O module is installed. Default N/A. Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can clear the packet memory diagnostics failures from the EEPROM using the following command: clear log diag remap <slot number>...
Page 610: Clear Transceiver-Test
Commands for Status Monitoring and Statistics clear transceiver-test clear transceiver-test Description Clears (resets) the transceiver test statistics. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines To display the transceiver test statistics, use the command. The show diagnostics sys-health-check following is sample output: Transceiver system health diag result...
Page 611: Configure Flowstats Export Add Port
configure flowstats export add port configure flowstats export add port configure flowstats export <group#> add [<ipaddress> | <hostname>] <udp_port> Description Adds a flow-collector device to an export group to which NetFlow datagrams are exported. Syntax Description group# Specifies the export group to which the specified flow-collector device should be added.
Page 612 Commands for Status Monitoring and Statistics Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 613: Configure Flowstats Export Delete Port
configure flowstats export delete port configure flowstats export delete port configure flowstats export <group#> delete [<ipaddress> | <hostname>] <udp_port> Description Removes a flow-collector device from an export group to which NetFlow datagrams are exported. Syntax Description group# Specifies the export group to which the specified flow-collector device belongs. The group number is an integer in the range of 1-32.
Page 614: Configure Flowstats Filter Ports
Commands for Status Monitoring and Statistics configure flowstats filter ports configure flowstats filter <filter#> {aggregation} {export <group#>} ports <portlist> [ingress | egress] <filterspec> Description Configures a flow record filter for the specified ports. Syntax Description filter# The filter# parameter is an integer in the range from 1 to 8 that identifies the filter being defined.
Page 615 configure flowstats filter ports Usage Guidelines Configuring a filter specification enables that filter for the specified ports. To specify all ports, you can use specify them as the range of all ports (such as 1-32 or 7:1-7:4) or in the form <slot>:* on a modular switch.
Page 616: Configure Flowstats Source
Commands for Status Monitoring and Statistics configure flowstats source configure flowstats source ipaddress <ipaddress> Description Configures the IP address that is to be used as the source IP address for NetFlow datagrams to be exported. Syntax Description ipaddress Specifies the IP address of a VLAN to be used as the source address for the Net FL ow datagrams.
Page 617: Configure Flowstats Timeout Ports
configure flowstats timeout ports configure flowstats timeout ports configure flowstats timeout <minutes> ports [<portlist> | all] Description Configures the timeout value for flow records on the specified ports. Syntax Description minutes Specifies the number of minutes to use in deciding when to export flow records.
Page 618: Configure Log Display
Commands for Status Monitoring and Statistics configure log display configure log display {<severity>} Description Configures the real-time log display. Syntax Description severity Specifies a message severity. Severities include critical, error, warning, notice, info, debug-summary, debug-verbose, and debug-data. Default If not specified, messages of all severities are displayed on the console display. Usage Guidelines You must enable the log display before messages are displayed on the log display.
Page 619 configure log display Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 620: Configure Log Filter Events
Commands for Status Monitoring and Statistics configure log filter events configure log filter <filter name> [add | delete] {exclude} events [<event condition> | [all | <event component>] {severity <severity> {only}}] Description Configures a log filter by adding or deleting a specified set of events. Syntax Description filter name Specifies the filter to configure.
Page 621 configure log filter events Events, Components, and Subcomponents. As mentioned, a single event can be included or excluded by specifying the event’s name. Multiple events can be added or removed by specifying an ExtremeWare component name plus an optional severity. Some components, such as BGP, contain subcomponents, such as Keepalive, which is specified as BGP.Keepalive.
Page 622 Commands for Status Monitoring and Statistics configure log filter myFilter add events bgp.keepalive severity error only then the following exclude item actually results in no change to the filter item list: configure log filter myFilter add exclude events bgp.updatein severity all Since the newly created filter, myFilter, only includes some items from the subcomponent BGP.Keepalive, there are no BGP.UpdateIn events that need to be excluded.
Page 623: Configure Log Filter Events Match
configure log filter events match configure log filter events match configure log filter <filter name> [add | delete] {exclude} events [<event condition> | [all | <event component>] {severity <severity> {only}}] [match | strict-match] <type> <value> {and <type> <value> ...} Description Configures a log filter by adding or deleting a specified set of events and specific set of match parameter values.
Page 624 Commands for Status Monitoring and Statistics definitions (the event text and parameter types). The syntax for the parameter types (represented by <type> in the command syntax above) is: [bgp [neighbor | routerid] <ip address> | eaps <eaps domain name> | {destination | source} [ipaddress <ip address> | L4-port | mac-address ] | {egress | ingress} [slot <slot number>...
Page 625 configure log filter events match configure log bridgeFilter add events bridge severity notice match source mac-address 00:11:12:13:14:15 configure log bridgeFilter add events bridge severity notice match source mac-address 00:21:22:23:24:25 configure log bridgeFilter add events bridge severity notice match source mac-address 00:31:32:33:34:35 In order to exclude only incidents whose parameter values match the specified criteria, follow this two step process.
Page 626 Commands for Status Monitoring and Statistics Example By default, all log targets are associated with the built-in filter, DefaultFilter. Therefore, the most straightforward way to send additional messages to a log target is to modify DefaultFilter. In the following example, the command modifies the built-in filter to allow incidents in the STP component, and all subcomponents of STP, of severity critical, error, warning, notice and info.
Page 627: Configure Log Filter Set Severity
configure log filter set severity configure log filter set severity configure log filter <filter name> set severity <severity> events [<event component> | all ] Description Sets the severity level of an existing filter item. Syntax Description filter name Specifies the filter to configure. severity Specifies the severity level to send.
Page 628 Commands for Status Monitoring and Statistics To see the current configuration of a filter, use the following command: show log configuration filter <filter name> Example To change the severity level of the filter item added with this command: configure log filter bgpFilter2 add events bgp.keepalive severity notice use the following command: configure log filter bgpFilter2 set severity info events bgp.keepalive History...
Page 629: Configure Log Filter Set Severity Match
configure log filter set severity match configure log filter set severity match configure log filter <filter name> set severity <severity> events [<event condition> | [all | <event component>]] [match | strict-match] <type> <value> {and <type> <value> ...} Description Sets the severity level of an existing filter item. Syntax Description filter name Specifies the filter to configure.
Page 630 Commands for Status Monitoring and Statistics source ipaddress 10.1.2.0/24 Using the single command eliminates the possibility of missing an event of interest between the separate commands. delete See the command on page 713 for a detailed description of severity levels. show log To see the current configuration of a target, use the following command: show log configuration target {console-display | memory-buffer | nvram | session |...
Page 631: Configure Log Target Filter
configure log target filter configure log target filter configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] filter <filter name> {severity <severity> {only}} Description Associates a filter to a target. Syntax Description target Specifies the device to send the log entries.
Page 632 Commands for Status Monitoring and Statistics Table 14: Default Target Log Characteristics Target Enabled Severity Level Pre-7.1.0 Command to Set Log Severity console display no info configure log display {<severity>} memory buffer debug-data NVRAM warning session info syslog debug-data configure syslog add <host name/ip> {: <udp-port>} [local0 ...
Page 633: Configure Log Target Format
configure log target format configure log target format configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] format [timestamp [seconds | hundredths | none] | date [dd-mm-yyyy | dd-Mmm-yyyy | mm-dd-yyyy | Mmm-dd | yyyy-mm-dd | none] | severity [on | off] | event-name [component | condition | none | subcomponent] | host-name [on | off]...
Page 634 Commands for Status Monitoring and Statistics Default The following defaults apply to console display, memory buffer, NVRAM, and session targets: • timestamp—hundredths • date—mm-dd-yyyy • severity—on • event-name—condition • host-name—off • priority—off • tag-id—off • tag-name—off • sequence-number—off • process-name—off •...
Page 635 configure log target format When this command is applied to the target , the format specified is used in subsequent memory-buffer commands. The format configured for the internal memory buffer can be show log upload log overridden by specifying a format on the commands.
Page 636 Commands for Status Monitoring and Statistics Process Name. For providing detailed information to technical support, the (internal) ExtremeWare task names of the applications detecting the events can be displayed by specifying process-name on suppressed by specifying . The default setting is process-name off process-name off Process ID.
Page 637: Configure Log Target Match
configure log target match configure log target match configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] match [any |<match-expression>] Description Associates a match expression to a target. Syntax Description console-display Specifies the console display.
Page 638 Commands for Status Monitoring and Statistics Example The following command sends log messages to the current session, that pass the current filter and severity level, and contain the string user5: configure log target session match user5 History This command was first available in ExtremeWare 7.1.0 Platform Availability This command is available on all platforms.
Page 639: Configure Log Target Severity
configure log target severity configure log target severity configure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] {severity <severity> {only}} Description Sets the severity level of messages sent to the target. Syntax Description console-display Specifies the console display.
Page 640 Commands for Status Monitoring and Statistics show log configuration filter <filter name> Example The following command sends log messages to the current session, that pass the current filter at a severity level of info or greater, and contain the string user5: configure log target session severity info History This command was first available in ExtremeWare 7.1.0...
Page 641: Configure Packet-Mem-Scan-Recovery-Mode
configure packet-mem-scan-recovery-mode configure packet-mem-scan-recovery-mode configure packet-mem-scan-recovery-mode [offline | online] [msm-a | msm-b | <slot number>] Description Configures packet memory scanning and the recovery mode setting on a BlackDiamond module. Syntax Description offline Specifies that a faulty BlackDiamond module is taken offline and kept offline if one of the following occurs: •...
Page 642 Commands for Status Monitoring and Statistics Example The following command enables packet memory scanning on slot 1, and specifies that the module be taken offline: configure packet-mem-scan-recovery mode offline slot 1 The following command enables packet memory scanning on the MSM module in slot B, and specifies that the module be kept online configure packet-mem-scan-recovery mode online slot msm-b History...
Page 643: Configure Sflow Agent
configure sflow agent configure sflow agent configure sflow agent <ip-address> Description Configures the sFlow agent source IP address used in the sFlow UDP datagrams sent to the sFlow collector. Syntax Description ip-address Specifies the IP address from which sFlow data is sent on the switch. Default The default IP address is 0.0.0.0.
Page 644: Configure Sflow Backoff-Threshold
Commands for Status Monitoring and Statistics configure sflow backoff-threshold configure sflow backoff-threshold <rate> Description Configures the maximum number of packets sent to the sFlow collector per second. Syntax Description rate Specifies the maximum number of packets sent to the sFlow collector per second.
Page 645: Configure Sflow Collector
configure sflow collector configure sflow collector configure sflow collector <ip-address> : <udp-port> Description Configures the IP address and UDP port number identifying the sFlow collector. Syntax Description ip-address Specifies the IP address to send the sFlow data. udp-port Specifies the UDP port number to send the sFlow data. Default UDP port number—6343 Usage Guidelines...
Page 646: Configure Sflow Poll-Interval
Commands for Status Monitoring and Statistics configure sflow poll-interval configure sflow poll-interval <seconds> Description Configures the sFlow counter polling interval at which the statistics counter values will be sent to the sFlow collector. Syntax Description seconds Specifies the number of seconds between polling each counter. The value can range from 1 to 3600 seconds.
Page 647: Configure Sflow Sample-Rate
configure sflow sample-rate configure sflow sample-rate configure sflow sample-rate <number> Description Configures the sample rate at which the sFlow agent collects network traffic samples. Syntax Description number Specifies the fraction (1/number) of packets to be sampled. Default 8192. Usage Guidelines This command configures the sample rate at which the sFlow agent collects network traffic samples.
Page 648: Configure Sys-Health-Check Alarm-Level
Commands for Status Monitoring and Statistics configure sys-health-check alarm-level configure sys-health-check alarm-level [log | system-down | traps | default | auto-recovery <number of tries> [online | offline]] Description Configures the system health checker. Syntax Description Posts a CRIT message to the log. system-down Posts a CRIT message to the log, sends a trap, and turns off the system.
Page 649 configure sys-health-check alarm-level The alarm-level and auto-recovery options are mutually exclusive; configuring an alarm-level disables auto-recovery, and configuring auto-recovery overrides the alarm-level setting. In ExtremeWare versions prior to 6.2, you cannot use both mirroring and the system health checker at the same time.
Page 650 Commands for Status Monitoring and Statistics I/O module faults are permanently recorded on the module’s EEPROM. A module that has failed a system health check cannot be brought back online. To view the failure messages, use the command. show diagnostics If you configure the system health check mode to and no new errors are detected, the device offline...
Page 651: Configure Sys-Health-Check Auto-Recovery
configure sys-health-check auto-recovery configure sys-health-check auto-recovery configure sys-health-check auto-recovery <number> [offline | online] | alarm-level [card-down | default | log | system-down | traps] Description Configures the system health checker. Syntax Description number Specifies the number of times that the health checker attempts to auto-recover a faulty module.
Page 652 Commands for Status Monitoring and Statistics In ExtremeWare versions prior to 6.2, you cannot use both mirroring and the system health checker at the same time. If you configure mirroring with the system health checker enabled, the health checker will indicate that it has been disabled by sending a message to the syslog. In ExtremeWare 6.2 or later, this restriction does not apply.
Page 653 configure sys-health-check auto-recovery I/O module faults are permanently recorded on the module’s EEPROM. A module that has failed a system health check cannot be brought back online. If the faulty module is a master MSM, the slave MSM automatically becomes the master and sets the faulty MSM to .
Page 654: Configure Sys-Health-Check Scan-Recovery
Reset module and run diagnostics (remap). Usage Guidelines Extreme Networks support personnel can configure the action taken by the system health check if diagnostics are run or if checksum errors trigger diagnostics. If diagnostics are run or triggered in previous releases of ExtremeWare, the module is reset and diagnostics are run. Support personnel can...
Page 655 configure sys-health-check scan-recovery Platform Availability This command is not available on the BlackDiamond 6816 switch. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 656: Configure Sys-Recovery-Level
Commands for Status Monitoring and Statistics configure sys-recovery-level configure sys-recovery-level [none | [all | critical] [msm-failover | reboot | shutdown | system-dump [maintenance-mode | msm-failover | reboot | shutdown]]] Description Configures a recovery option for instances where an exception occurs in ExtremeWare. Syntax Description none Configures the level to no recovery.
Page 657 configure sys-recovery-level For ExtremeWare 6.2.2 or later, if is specified on a BlackDiamond switch and there is a msm-failover software exception on the master MSM, the interrupt handler triggers the slave MSM to take over control of the switch. Example The following command configures a switch to reboot after a critical task exception occurs: configure sys-recovery-level critical reboot The following command configures the Master MSM to failover to the Slave MSM if a software...
Page 658: Configure Syslog Add
Commands for Status Monitoring and Statistics configure syslog add configure syslog {add} <host name/ip> {: <udp-port>} [local0 ... local7] {<severity>} Description Configures the remote syslog server host address, and filters messages to be sent to the remote syslog target. Syntax Description host name/ip Specifies the remote syslog server host name or IP address.
Page 659 configure syslog add configure syslog 123.45.67.78 local1 critical History This command was first available in ExtremeWare 2.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 660: Configure Syslog Delete
Commands for Status Monitoring and Statistics configure syslog delete configure syslog delete <host name/ip> {: <udp-port>} [local0 ... local7] Description Deletes a remote syslog server address. Syntax Description host name/ip Specifies the remote syslog server host name or IP address. udp-port Specifies the UDP port number for the syslog target.
Page 661: Configure Transceiver-Test Failure-Action
configure transceiver-test failure-action configure transceiver-test failure-action configure transceiver-test failure-action [log | sys-health-check] Description Configures the action the switch takes if too many failures are detected within the specified window. Syntax Description Specifies that messages are sent to the syslog. sys-health-check Specifies the configured system health check action is taken.
Page 662 Commands for Status Monitoring and Statistics This command was not supported in ExtremeWare 7.0. This command is supported in ExtremeWare 7.1.0. Platform Availability This command is available on modular switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 663: Configure Transceiver-Test Period
Use this feature when the switch can be brought off-line. Configuring the transceiver test period to 11 seconds or less can affect system performance; therefore, Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks.
Page 664: Configure Transceiver-Test Threshold
3 errors. Usage Guidelines Use this feature when the switch can be brought off-line. Extreme Networks does not recommend changing the default transceiver test threshold parameter. The default parameter is adequate for most networks. Example The following command configures the switch to accept 4 errors before an action is taken:...
Page 665: Configure Transceiver-Test Window
Extreme Networks does not recommend changing the default transceiver test window parameter. The default parameter is adequate for most networks. Example The following command configures the switch to check for errors within the last seven 20-second...
Page 666: Create Log Filter
Commands for Status Monitoring and Statistics create log filter create log filter <name> {copy <filter name>} Description Create a log filter with the specified name. Syntax Description name Specifies the name of the filter to create. copy Specifies that the new filter is to be copied from an existing one. filter name Specifies the existing filter to copy.
Page 667: Delete Log Filter
delete log filter delete log filter delete log filter [<filter name> | all] Description Delete a log filter with the specified name. Syntax Description filter name Specifies the filter to delete. Specifies that all filters, except DefaultFilter, are to be deleted Default N/A.
Page 668: Disable Cli-Config-Logging
Commands for Status Monitoring and Statistics disable cli-config-logging disable cli-config-logging Description Disables the logging of CLI configuration commands to the switch Syslog. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines command discontinues the recording of all switch configuration disable cli-config-logging changes and their sources that are made using the CLI via Telnet or the local console.
Page 669: Disable Flowstats
disable flowstats disable flowstats disable flowstats Description Disables the flow statistics feature on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When this feature is disabled, no flow records are exported. Example The following command disables the NetFlow statistics feature on this switch: disable flowstats History This command was first available in ExtremeWare 6.2.
Page 670: Disable Flowstats Filter Ports
Commands for Status Monitoring and Statistics disable flowstats filter ports disable flowstats filter <filter#> ports <portlist> {ingress | egress} Description Disables a specified flow record filter for the specified ports. Syntax Description filter# Specifies the flow record filter that should be disabled. portlist Specifies a list of ports or slots and ports for which the filter should be disabled.
Page 671 disable flowstats filter ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 672: Disable Flowstats Ping-Check
Commands for Status Monitoring and Statistics disable flowstats ping-check disable flowstats ping-check {<group#> | all} Description Disables the flow statistics ping-check function for a specified group of collector devices. Syntax Description group# Specifies the export group for which the ping-check function should be disabled.
Page 673: Disable Flowstats Ports
disable flowstats ports disable flowstats ports disable flowstats ports <portlist> Description Disables the flow statistics function on the specified ports. Syntax Description portlist Specifies a list of ports or slots and ports for which the flowstats function should be disabled. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
Page 674: Disable Log Debug-Mode
Commands for Status Monitoring and Statistics disable log debug-mode disable log debug-mode Description Disables debug mode. The switch stops logging events of severity debug-summary, debug-verbose, and debug-data. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command disables debug mode.
Page 675: Disable Log Display
disable log display disable log display disable log display Description Disables the sending of messages to the console display. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines If the log display is disabled, log information is no longer written to the serial console. This command setting is saved to FLASH and determines the initial setting of the console display at boot up.
Page 676: Disable Log Target
Commands for Status Monitoring and Statistics disable log target disable log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] Description Stop sending log messages to the specified target. Syntax Description console-display Specifies the console display. memory-buffer Specifies the switch memory buffer.
Page 677 disable log target Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 678: Disable Rmon
Commands for Status Monitoring and Statistics disable rmon disable rmon Description Disables the collection of RMON statistics on the switch. Syntax Description This command has no arguments or variables. Default By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON queries and sets for alarms and events.
Page 679: Disable Sflow
disable sflow disable sflow disable sflow Description Globally disables sFlow statistical packet sampling. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command disables sFlow globally on the switch. This command will not disable sFlow if it is enabled on any ports.
Page 680: Disable Sflow Backoff-Threshold
Commands for Status Monitoring and Statistics disable sflow backoff-threshold disable sflow backoff-threshold Description Disables the sFlow backoff-threshold feature, which limits the maximum number of packets sent to the sFlow collector per second. Syntax Description This command has no arguments or variables. Default Disabled.
Page 681: Disable Sflow Ports
disable sflow ports disable sflow ports disable sflow ports <portlist> Description Disables sFlow statistical packet sampling on a particular list of ports. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 682: Disable Sys-Health-Check
Commands for Status Monitoring and Statistics disable sys-health-check disable sys-health-check Description Disables the BlackDiamond system health checker. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines If the system health checker is disabled, it does not test I/O modules, MSM modules, and the backplane for system faults.
Page 683: Disable Syslog
disable syslog disable syslog disable syslog Description Disables logging to all remote syslog server targets. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Disables logging to all remote syslog server targets, not to the switch targets. This setting is saved in FLASH, and will be in effect upon boot up.
Page 684: Disable Temperature-Logging
Commands for Status Monitoring and Statistics disable temperature-logging disable temperature-logging Description Stops recording the system temperature in celsius for the BlackDiamond and Alpine systems to the syslog. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Use this command to stop recording the system temperature to the syslog.
Page 685: Disable Transceiver-Test
disable transceiver-test disable transceiver-test disable transceiver-test [all | slot <slot number> {backplane} | msm-a | msm-b] Description Disable the integrity testing of the transceivers used for communication between the ASICs and the CPU on an MSM or an SMMi module. Syntax Description Specifies all of the slots in the chassis.
Page 686 Commands for Status Monitoring and Statistics For ExtremeWare 6.2.2b108: The default for the transceiver test is enabled. The test is enabled two minutes after the switch boots or immediately after you enable the test. For ExtremeWare 6.2.2b134 and ExtremeWare 7.1.0: The default for the transceiver test is disabled.
Page 687: Enable Cli-Config-Logging
enable cli-config-logging enable cli-config-logging enable cli-config-logging Description Enables the logging of CLI configuration commands to the Syslog for auditing purposes. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines ExtremeWare allows you to record all configuration changes and their sources that are made using the CLI by way of Telnet or the local console.
Page 688: Enable Flowstats
Commands for Status Monitoring and Statistics enable flowstats enable flowstats Description Enables the flow statistics feature on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines None. Example The following command enables NetFlow statistics feature on this switch: enable flowstats History This command was first available in ExtremeWare 6.2.
Page 689: Enable Flowstats Filter Ports
enable flowstats filter ports enable flowstats filter ports enable flowstats filter <filter#> ports <portlist> {ingress | egress} Description Enables a specified flow record filter for the specified ports. Syntax Description filter# Specifies the flow record filter that should be enabled. portlist Specifies the ports or slots and ports for which the filter should be enabled.
Page 690: Enable Flowstats Ping-Check
Commands for Status Monitoring and Statistics enable flowstats ping-check enable flowstats ping-check {<group#>} Description Enables the flow statistics ping-check function for a specified group of collector devices. Syntax Description group# Specifies the export group for which the ping-check function should be enabled.
Page 691: Enable Flowstats Ports
enable flowstats ports enable flowstats ports enable flowstats ports <portlist> Description Enables the flow statistics function on the specified ports. Syntax Description portlist Specifies a list of ports or slots and ports for which the flowstats function should be enabled. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default Disabled.
Page 692: Enable Log Debug-Mode
Commands for Status Monitoring and Statistics enable log debug-mode enable log debug-mode Description Enables debug mode. The switch allows debug events included in log filters to be logged. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command enables debug mode.
Page 693: Enable Log Display
enable log display enable log display enable log display Description Enables a running real-time display of log messages on the console display. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines If you enable the log display on a terminal connected to the console port, your settings will remain in effect even after your console session is ended (unless you explicitly disable the log display).
Page 694: Enable Log Target
Commands for Status Monitoring and Statistics enable log target enable log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] Description Start sending log messages to the specified target. Syntax Description console-display Specifies the console display. memory-buffer Specifies the switch memory buffer.
Page 695 enable log target Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 696: Enable Rmon
Commands for Status Monitoring and Statistics enable rmon enable rmon Description Enables the collection of RMON statistics on the switch. Syntax Description This command has no arguments or variables. Default By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON queries and sets for alarms and events.
Page 697 enable rmon To view the status of RMON polling on the switch, use the command. The show management show command displays information about the switch including the enable/disable state for management RMON polling. Example The following command enables the collection of RMON statistics on the switch: enable rmon History This command was first available in ExtremeWare 4.1.
Page 698: Enable Sflow
Commands for Status Monitoring and Statistics enable sflow enable sflow Description Globally enables sFlow statistical packet sampling. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command enables sFlow globally on the switch. Sflow must be enabled globally before a “per data source”...
Page 699: Enable Sflow Backoff-Threshold
enable sflow backoff-threshold enable sflow backoff-threshold enable sflow backoff-threshold Description Enables the sFlow backoff-threshold feature, limiting the maximum number of packets sent to the sFlow collector per second. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines This command enables the backoff threshold feature, which is used to limit the number of packets sent to the sFlow collector in a second.
Page 700: Enable Sflow Ports
Commands for Status Monitoring and Statistics enable sflow ports enable sflow ports <portlist> Description Enables sFlow statistical packet sampling on one or more ports. Syntax Description portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 701: Enable Sys-Health-Check
enable sys-health-check enable sys-health-check enable sys-health-check Description Enables the BlackDiamond system health checker. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines The system health checker tests I/O modules, MSM modules, and the backplane by forwarding packets every 4 seconds.
Page 702 Commands for Status Monitoring and Statistics Platform Availability This command is available on BlackDiamond switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 703: Enable Syslog
enable syslog enable syslog enable syslog Description Enables logging to all remote syslog host targets. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines In order to enable remote logging, you must do the following: • Configure the syslog host to accept and log messages. •...
Page 704: Enable Temperature-Logging
Commands for Status Monitoring and Statistics enable temperature-logging enable temperature-logging Description Records the system temperature in celsius for the BlackDiamond and Alpine systems to the syslog. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When you enable temperature logging, the temperature is recorded every hour. To view the temperature of the system, use the command.
Page 705 enable temperature-logging The command was supported and the syntax changed from in ExtremeWare enable log temperature 7.1.0. Platform Availability This command is available on modular switches only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 706: Enable Transceiver-Test
Commands for Status Monitoring and Statistics enable transceiver-test enable transceiver-test [all | slot <slot number> {backplane} | msm-a | msm-b] Description Enables an integrity test of the transceivers used for communication between the ASICs and the CPU on an MSM or an SMMi module. Syntax Description Specifies all of the slots in the chassis.
Page 707 enable transceiver-test For ExtremeWare 6.2.2b108: The default for the transceiver test is enabled. The test is enabled two minutes after the switch boots or immediately after you enable the test. For ExtremeWare 6.2.2b134 and ExtremeWare 7.1.0: The default for the transceiver test is disabled. If you load your saved ExtremeWare 6.2.2b108 configurations onto a switch with ExtremeWare 6.2.2b134 or ExtremeWare 7.1.0 or later, the transceiver test is enabled.
Page 708: Show Flowstats
Commands for Status Monitoring and Statistics show flowstats show flowstats {<portlist> | export {<group#>}} Description Displays status information for the flow statistics function. Syntax Description portlist Use this optional parameter to specify one or more ports or slots and ports for which status information is to be displayed.
Page 709 show flowstats Example command with no options, for a switch with NetFlow statistics enabled on ports show flowstats 1, 40, and 43, displays output similar to the following: Summit48i: show flowstats Flowstats enabled Port Filter proto timeout group OverflowPkts flags -------------------------------------------------------------------------------------- ------- DestIP:...
Page 710: Show Flowstats Export
Commands for Status Monitoring and Statistics show flowstats export show flowstats export [ detail |{<group number> detail} ] Description Displays configuration information an export group. Syntax Description group number Specifies a group number for which configuration information should be displayed. Default N/A.
Page 711: Show Flowstats
show flowstats show flowstats show flowstats <portlist> Description Displays status information for the flow statistics function. Syntax Description portlist Specifies a list of ports or slots and ports for which flow statistics should be displayed. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8. Default N/A.
Page 712 Commands for Status Monitoring and Statistics History This command was first available in ExtremeWare 6.2. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 713: Show Log
show log show log show log {messages [memory-buffer | nvram]} {severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]} {ending [date <date> time <time> | date <date> | time <time>]} {match <match-expression>} {format <format>} {chronological} Description Displays the current log messages.
Page 714 Commands for Status Monitoring and Statistics • Severity Level—indicates the urgency of a condition reported in the log. Table 15 describes the severity levels assigned to events. • Component, Subcomponent, and Condition Name—describes the subsystem in the software that generates the event. This provides a good indication of where a fault might lie. •...
Page 715 show log • Debug-Data—Data The three severity levels for extended debugging, , and debug-summary debug-verbose debug-data require that debug mode be enabled (which may cause a performance degradation). See the command on page 692. enable log debug-mode Table 15: Severity Levels Assigned by the Switch Level Description Critical...
Page 716 Commands for Status Monitoring and Statistics The following command displays messages with warning, error, or critical severity: show log warning The following command displays messages containing the string “slot 2”: show log match "slot 2" History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 6.2.2 to include the option.
Page 717: Show Log Components
show log components show log components show log components {<event component> | all} Description Display the name, description and default severity for all components. Syntax Description event component Specifies component to display. Displays all components. Default N/A. Usage Guidelines This command displays the name, description, and default severity defined for the specified components and subcomponents.
Page 718 Commands for Status Monitoring and Statistics Tracking ESRP Tracking Error Forwarding Data Base Error IP FDB Error IPMC IP Multicast FDB Error Replacement FDB Replacement Error IGMP Internet Group Management Protocol Error Snooping IGMP Snooping Error AccessList IP Access List Error Forwarding IP Forwarding...
Page 719: Show Log Configuration
show log configuration show log configuration show log configuration Description Displays the log configuration for switch log settings, and for certain targets. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command displays the log configuration for all targets. The state of the target, enabled or disabled is displayed.
Page 720 Commands for Status Monitoring and Statistics The additional EMS information was added in ExtremeWare 7.1.0 Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 721: Show Log Configuration Filter
show log configuration filter show log configuration filter show log configuration filter {<filter name>} Description Displays the log configuration for the specified filter. Syntax Description filter name Specifies the filter to display. Default If no options are specified, the command displays the configuration for all filters. Usage Guidelines This command displays the configuration for filters.
Page 722 Commands for Status Monitoring and Statistics The third item includes the remaining events from the STP component. The severity value is show as “-”, indicating that the component’s default severity threshold controls which messages are passed. History This command was first available in ExtremeWare 7.1.0 Platform Availability This command is available on all platforms.
Page 723: Show Log Configuration Target
show log configuration target show log configuration target show log configuration target {console-display | memory-buffer | nvram | session | syslog <host name/ip> {: <udp-port>}[local0 ... local7]} Description Displays the log configuration for the specified target. Syntax Description console-display Show the log configuration for the console display. memory-buffer Show the log configuration for volatile memory.
Page 724: Show Log Counters
Commands for Status Monitoring and Statistics show log counters show log counters {<event condition> | [all | <event component>] {severity <severity> {only}}} Description Displays the incident counters for events. Syntax Description event condition Specifies the event condition to display. Specifies that all events are to be displayed. event component Specifies that all the events associated with a particular component or subcomponent should be displayed.
Page 725 show log counters The output produced by the above command is similar to the following: Comp SubComp Condition Severity Rf Notified Occurred ------- ----------- ----------------------- ------------- -- -------- -------- InBPDU PDUDrop Error PDUIgn Debug-Summary PDUTrace Info The following command displays the event counters for the event condition PDUDrop in the component STP.InBPDU: show log counters "STP.InBPDU.PDUDrop"...
Page 726: Show Log Events
Commands for Status Monitoring and Statistics show log events show log events {<event condition> | [all | <event component>] {severity <severity> {only}}} {detail} Description Displays information about the individual events (conditions) that can be logged. Syntax Description event condition Specifies the event condition to display. Specifies that all events are to be displayed.
Page 727 show log events Comp SubComp Condition Severity Parameters ------- ----------- ----------------------- ------------- ---------- InBPDU PDUDrop Error PDUIgn Debug-Summary PDUTrace Info The following command displays the details of the event condition PDUTrace in the component STP.InBPDU: show log events stp.inbpdu.pdutrace detail The output produced by the above command is similar to the following: Comp SubComp...
Page 728: Show Memory
Commands for Status Monitoring and Statistics show memory show memory {detail} Description Displays the current system memory information. Syntax Description detail Specifies task-specific memory usage. Default N/A. Usage Guidelines Your BlackDiamond or Summit switch must have 32MB of DRAM to support the features in ExtremeWare version 4.0 and above.
Page 729 show memory History This command was first available in ExtremeWare 2.0. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 730: Show Packet-Mem-Scan-Recovery-Mode
Commands for Status Monitoring and Statistics show packet-mem-scan-recovery-mode show packet-mem-scan-recovery-mode Description Displays the recovery mode setting for slot’s that have packet memory scanning enabled. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines command displays the following information: show packet-mem-scan-recovery-mode •...
Page 731: Show Packet Miscompare
Default N/A. Usage Guidelines Use this command only at the direction of Extreme Networks personnel. Extreme Networks support personnel can capture corrupted packet data to help in troubleshooting problems using the following command: show packet miscompare <slot number> {verbose}...
Page 732: Show Ports Rxerrors
Commands for Status Monitoring and Statistics show ports rxerrors show ports {mgmt | <portlist>} rxerrors Description Displays real-time receive error statistics. For PoS modules, displays the information for the PoS ports. Only a subset of the statistics rxerror displayed by this command are applicable to PoS ports. The fields that do not apply to PoS ports are displayed with values of all zeroes.
Page 733 show ports rxerrors • Receive Jabber Frames (RX Jabber)—The total number of frames received by the port that was of greater than the support maximum length and had a Cyclic Redundancy Check (CRC) error. • Receive Alignment Errors (RX Align)—The total number of frames received by the port that occurs if a frame has a CRC error and does not contain an integral number of octets.
Page 734: Show Ports Stats
Commands for Status Monitoring and Statistics show ports stats show ports {mgmt | <portlist>} stats {cable-diagnostics} Description Displays real-time port statistics. Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 735 show ports stats • Received Broadcast (RX Bcast)—The total number of frames received by the port that are addressed to a broadcast address. • Received Multicast (RX Mcast)—The total number of frames received by the port that are addressed to a multicast address. For version 2.0 and 4.0 •...
Page 736 Commands for Status Monitoring and Statistics History This command was first available in ExtremeWare 2.0. This command was modified in ExtremeWare 4.0 to support modular switches. This command was modified in Extreme 4.1 to discontinue support for the chassis link status indicator. This command was modified in ExtremeWare 7.3.0 to include the keyword.
Page 737: Show Ports Txerrors
show ports txerrors show ports txerrors show ports {mgmt | <portlist>} txerrors Description Displays real-time transmit error statistics. For PoS modules, displays the information for the PoS ports. txerror Syntax Description mgmt Specifies the management port. Supported only for switches that provide a management port.
Page 738 Commands for Status Monitoring and Statistics • Transmit Lost Frames (TX Lost)—The total number of frames transmitted by the port that were lost. • Transmit Parity Frames (TX Parity)—The bit summation has a parity mismatch. For version 2.0 and 4.0 •...
Page 739: Show Sflow Configuration
show sflow configuration show sflow configuration show sflow configuration Description Displays the current sFlow configuration. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command displays all sFlow configuration information for the switch. The following fields are displayed: •...
Page 740 Commands for Status Monitoring and Statistics Collectors Collector IP 10.201.6.250, Port 6343 Collector IP 123.124.125.111 port 6344 SFLOW Port Configuration Port Status enabled 3:10 enabled 3:11 enabled 3:12 enabled 5:33 enabled 5:34 enabled 5:35 enabled 5:36 enabled History This command was first available in an ExtremeWare 7.3.0. Platform Availability This command is available on all available platforms.
Page 741: Show Sflow Statistics
show sflow statistics show sflow statistics show sflow statistics Description Displays sFlow statistics. Syntax Description This command has no arguments or variables Default N/A. Usage Guidelines This command displays sFlow statistics collected on all enabled ports. (No per port status is displayed.) The following fields are displayed: •...
Page 742 Commands for Status Monitoring and Statistics History This command was first available in an ExtremeWare 7.3.0. Platform Availability This command is available on all available platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 743: Show Version
show version show version show version {detail} Description Displays the hardware serial numbers and versions, and software versions currently running on the switch, and (if applicable) the modules. Syntax Description detail Specifies display of slot board name and chassis or platform name. Default N/A.
Page 744 Commands for Status Monitoring and Statistics Example The following command displays the hardware and software versions currently running on the switch: show version On a stackable switch, this command produces output similar to the following: System Serial Number: 800078-11-0035M02442 CPU Serial Number: 700027-11 0034M-01445 CPLD Rev 04 Daughtercard Serial Number: 703015-02 0029M-02701 CPLD Rev ÿ...
Page 745 show version Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 746: Unconfigure Flowstats Filter Ports
Commands for Status Monitoring and Statistics unconfigure flowstats filter ports unconfigure flowstats filter <filter#> ports <portlist> Description Removes the filter specification for the specified ports. Syntax Description filter# Specifies the filter specification that should be removed. portlist Specifies a set of ports or slots and ports from which the filter specification is removed.
Page 747: Unconfigure Flowstats Ports
unconfigure flowstats ports unconfigure flowstats ports unconfigure flowstats ports [<portlist> | all] Description Resets the flow statistics configuration parameters for the specified ports to their default values. Syntax Description portlist Specifies a set of ports or slots and ports that should be reset. May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
Page 748: Unconfigure Log Filter
Commands for Status Monitoring and Statistics unconfigure log filter unconfigure log filter <filter name> Description Resets the log filter to its default values; removes all filter items. Syntax Description filter name Specifies the log filter to unconfigure. Default N/A. Usage Guidelines If the filter name specified is DefaultFilter, this command restores the configuration of DefaultFilter back to its original settings.
Page 749: Unconfigure Log Target Format
unconfigure log target format unconfigure log target format unconfigure log target [console-display | memory-buffer | nvram | session | syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] format Description Resets the log target format to its default values. Syntax Description console-display Specifies the console display format.
Page 750 Commands for Status Monitoring and Statistics • severity—on • event-name—none • host-name—off • priority—on • tag-id—off • tag-name—on • sequence-number—off • process-name—off • process-id—off • source-function—off • source-line—off Usage Guidelines Use this command to reset the target format to the default format. Example The following command sets the log format for the target (the current session) to the default:...
Page 751: Unconfigure Packet-Mem-Scan-Recovery-Mode
unconfigure packet-mem-scan-recovery-mode unconfigure packet-mem-scan-recovery-mode unconfigure packet-mem-scan-recovery-mode slot [msm-a | msm-b | <slot number>] Description Disables packet memory scanning and the recovery mode on a BlackDiamond module, and returns the system to the configured system health check behavior. Syntax Description msm-a Specifies the MSM module installed in slot A.
Page 752: Unconfigure Sflow Agent
Commands for Status Monitoring and Statistics unconfigure sflow agent unconfigure sflow agent Description Resets the sFlow agent IP address to the default value. Syntax Description This command has no arguments or variables. Default The default IP address is 0.0.0.0. Usage Guidelines This command resets the sFlow agent IP address to its default value.
Page 753: Unconfigure Sflow Backoff-Threshold
unconfigure sflow backoff-threshold unconfigure sflow backoff-threshold unconfigure sflow backoff-threshold Description Removes the configured value of the sFlow backoff threshold and resets it to 0 (zero). Syntax Description The command has no arguments or variables. Default The default backoff threshold rate is 0 packets per second. Usage Guidelines This command removes the configured sFlow backoff threshold value and resets it to 0 (zero).
Page 754: Unconfigure Sflow Collector
Commands for Status Monitoring and Statistics unconfigure sflow collector unconfigure sflow collector [<ip-address> | all] Description Removes the IP addresses of a selected sFlow collector so that sampled flows are no longer sent to that collector. Syntax Description ip-address Specifies the IP address of configured collector to reset. Specifies the IP addresses of all configured collectors to reset.
Page 755: Unconfigure Transceiver-Test Failure-Action
unconfigure transceiver-test failure-action unconfigure transceiver-test failure-action unconfigure transceiver-test failure-action Description Returns the switch to its default of sending transceiver test messages to the syslog if too many failures are detected within the specified window. Syntax Description The command has no arguments or variables. Default N/A.
Page 756: Unconfigure Transceiver-Test Period
Use this feature when the switch can be brought off-line. Configuring the transceiver test period to 11 seconds or less can affect system performance; therefore, Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks.
Page 757: Unconfigure Transceiver-Test Threshold
N/A. Usage Guidelines Use this feature when the switch can be brought off-line. Extreme Networks does not recommend changing the default transceiver test period. The default is adequate for most networks. Example The following command returns the transceiver test threshold to 3 errors:...
Page 758: Unconfigure Transceiver-Test Window
This configuration provides a sliding window. When you return to the default window, the switch checks for errors within the last eight 20-second windows. Extreme Networks does not recommend changing the default transceiver test window. The default is adequate for most networks.
Page 759: Upload Log
upload log upload log upload log <host name/ip> <filename> {messages [memory-buffer | nvram]} {severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]} {ending [date <date> time <time> | date <date> | time <time>]} {match <match-expression>} {format <format>} {chronological} Description Uploads the current log messages to a TFTP server.
Page 760 Commands for Status Monitoring and Statistics most of the options of this command, see the command on page 713, and for the show log format option see the command on page 633. configure log target format Example The following command uploads messages with a critical severity to the filename switch4critical.log on TFTP server at 10.31.8.25: upload log 10.31.8.25 switch4critical.log critical The following command uploads messages with warning, error, or critical severity to the filename...
Page 761: Chapter 11 Security Commands
Security Commands This chapter describes: • Commands for creating and configuring routing access policies • Commands for creating and configuring IP access lists • Commands for creating and configuring route maps • Commands for managing the switch using SSH2 • Commands related to switch user authentication through a RADIUS client •...
Page 762: User Authentication
Security Commands 3 Add entries to the access profile. 4 Apply the access profile. Route maps are used to modify or filter routes redistributed between two routing domains. They are also used to modify or filter the routing information exchanged between the domains. To use route maps, follow these steps: 1 Create a route map.
Page 763: Denial Of Service
Denial of Service • Campus mode, used when a port in a VLAN will move to another VLAN when authentication has been completed successfully. This mode is for the roaming user who will not always be using the same port for authentication. Campus mode requires a DHCP server and a RADIUS server configured for Extreme Network Login.
Page 764: Clear Netlogin State
Security Commands clear netlogin state clear netlogin state port <portlist> vlan <vlan name> Description Clears and initializes the Network Login sessions on a VLAN port. Syntax Description portlist Specifies the ports to clear. vlan name Specifies a VLAN to clear. Default None.
Page 765: Clear Netlogin State Mac-Address
clear netlogin state mac-address clear netlogin state mac-address clear netlogin state mac-address <hex-octet> Description Initialize/Reset the Network Login sessions for a specified supplicant. Syntax Description hex-octet Specifies the MAC address of the supplicant. Default N/A. Usage Guidelines This command is essentially equivalent to a particular supplicant logging out. The MAC address will be cleared from the FDB, the port is put back to its original VLAN (for Campus mode), and the port state is set to unauthenticated, if this was the last authenticated MAC on this port.
Page 766: Configure Access-Profile Add
Security Commands configure access-profile add configure access-profile <access profile> add {<seq_number>} {permit | deny} [ipaddress <ip address> <mask> {exact} | as-path <path-expression> | bgp-community [internet | no-export | no-advertise | no-export-subconfed | <as_no:number> | number <community>] | ipxnet <netid> <netid mask> | ipxsap <sap_type>...
Page 767 configure access-profile add Usage Guidelines You can specify the sequence number for each access profile entry. If you do not specify a sequence number, entries are sequenced in the order they are added. Each entry is assigned a value of 5 more than the sequence number of the last entry.
Page 768 Security Commands History This form of the command was available in ExtremeWare 6.1. Support for IPX NetID and IPX SAP matching was first available in ExtremeWare 6.2. A limited version of this command was first available in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
Page 769: Configure Access-Profile Delete
configure access-profile delete configure access-profile delete configure access-profile <access profile> delete <seq_number> Description Deletes an access profile entry using the sequence number. Syntax Description access profile Specifies an access profile name. seq-number Specifies the order of the entry within the access profile. If no sequence number is specified, the new entry is added to the end of the access-profile and is automatically assigned a value of 5 more than the sequence number of the last entry.
Page 770: Configure Access-Profile Mode
Security Commands configure access-profile mode configure access-profile <access profile> mode [permit | deny | none] Description Configures the access profile mode to permit or deny access, or to require per-entry access control. Syntax Description access profile Specifies an access profile name. permit Allows the addresses that match the access profile description.
Page 771: Configure Auth Mgmt-Access Radius
configure auth mgmt-access radius configure auth mgmt-access radius configure auth mgmt-access radius primary <ipaddress> [secondary <ipaddress>] Description Configures authentication of management sessions for RADIUS servers. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The RADIUS server must be configured before this command is used.
Page 772: Configure Auth Mgmt-Access Radius-Accounting
Security Commands configure auth mgmt-access radius-accounting configure auth mgmt-access radius-accounting primary <ipaddress> [secondary <ipaddress>] Description Configures RADIUS accounting servers for accounting management sessions. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The RADIUS server must be configured before this command is used.
Page 773: Configure Auth Mgmt-Access Tacacs
configure auth mgmt-access tacacs configure auth mgmt-access tacacs configure auth mgmt-access tacacs primary <ipaddress> [secondary <ipaddress>] Description Configures authentication of management sessions for TACACS servers. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The TACACS server must be configured before this command is used.
Page 774: Configure Auth Mgmt-Access Tacacs-Accounting
Security Commands configure auth mgmt-access tacacs-accounting configure auth mgmt-access tacacs-accounting primary <ipaddress> [secondary <ipaddress>] Description Configures TACACS accounting servers for accounting management sessions. Syntax Description ipaddress Specifies the IP addresses of the primary or secondary servers. Default N/A. Usage Guidelines The TACACS server must be configured before this command is used.
Page 775: Configure Auth Netlogin Radius
configure auth netlogin radius configure auth netlogin radius configure auth netlogin radius primary <ipaddress> [secondary <ipaddress>] Description Configures authentication of netlogin sessions through RADIUS servers. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A. Usage Guidelines This command will fail if the given primary and secondary RADIUS servers are not configured.
Page 776: Configure Auth Netlogin Radius-Accounting
Security Commands configure auth netlogin radius-accounting configure auth netlogin radius-accounting primary <ipaddress> [secondary <ipaddress>] Description Configure the use of RADIUS accounting servers for netlogin session accounting. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A.
Page 777: Configure Auth Netlogin Tacacs
configure auth netlogin tacacs configure auth netlogin tacacs configure auth netlogin tacacs primary <ipaddres> [secondary <ipaddress>] Description Configures authentication of netlogin sessions through TACACS servers. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A. Usage Guidelines This command will fail if the given primary and secondary TACACS servers are not configured.
Page 778: Configure Auth Netlogin Tacacs-Accounting
Security Commands configure auth netlogin tacacs-accounting configure auth netlogin tacacs-accounting primary <ipaddress> [secondary <ipaddress>] Description Configure the use of TACACS accounting servers for netlogin session accounting. Syntax Description ipaddress Specifies the IP addresses of the primary and secondary servers. Default N/A.
Page 779: Configure Cpu-Dos-Protect
• filter-precedence—10 • filter-type-allowed—destination Usage Guidelines This command configures denial of service protection for Extreme Networks switches. When heavy traffic reaches the alert threshold, a hardware ACL is created that blocks the traffic for the timeout number of seconds. NOTE If you set the filter-precedence to 0, the ACLs created by DoS protection will be overwritten by the default VLAN QoS profile.
Page 780 Security Commands Example The following command configures denial of service protection to be invoked when 3000 or more packets per second are received by a port on the switch. This command configures logging to occur when the number of packets per second that the switch receives is 2000, the timeout is 15 seconds, and messages are on: configure cpu-dos-protect alert-threshold 3000 notice-threshold 2000 timeout 15 messages on filter-precedence 10...
Page 781: Configure Cpu-Dos-Protect Trusted-Ports
configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports configure cpu-dos-protect trusted-ports [add <port number> | delete <port number> | all | none] Description Configures ports as trusted, so that denial of service protection is not applied to port. Syntax Description port number Specifies a port.
Page 782: Configure Enhanced-Dos-Protect Ipfdb Agingtime
Security Commands configure enhanced-dos-protect ipfdb agingtime configure enhanced-dos-protect ipfdb agingtime <aging> ports <portlist> Description Configures the aging time on untrusted ports for enhanced denial of service protection. Syntax Description aging Specifies the number of seconds for the aging time per port. The aging value is the software cache timeout: the duration of time to be considered to reach the threshold.
Page 783: Configure Enhanced-Dos-Protect Ipfdb Cache-Size
configure enhanced-dos-protect ipfdb cache-size configure enhanced-dos-protect ipfdb cache-size configure enhanced-dos-protect ipfdb cache-size <cache-size> Description Configures the cache size on untrusted ports for enhanced denial of service protection. Syntax Description cache-size Specifies the cache size limit in kilobytes. The default value is 256. The maximum value is 256000.
Page 784: Configure Enhanced-Dos-Protect Ipfdb Learn-Limit
Security Commands configure enhanced-dos-protect ipfdb learn-limit configure enhanced-dos-protect ipfdb learn-limit <learn-limit> ports <portlist> Description Configures the learning limit on untrusted ports for enhanced denial of service protection. Syntax Description learn-limit Specifies the number of packets allowed on the selected ports within the learning window before the rate limit is applied;...
Page 785: Configure Enhanced-Dos-Protect Ipfdb Learn-Window
configure enhanced-dos-protect ipfdb learn-window configure enhanced-dos-protect ipfdb learn-window configure enhanced-dos-protect ipfdb learn-window <learn-window> ports <portlist> Description Configures the learning window on untrusted ports for the enhanced denial of service protection IPFDB learning qualifier. Syntax Description learn-window Specifies the number of seconds for the learning window per port. This value is the duration of time to be considered to reach the threshold.
Page 786: Configure Enhanced-Dos-Protect Ports
Security Commands configure enhanced-dos-protect ports configure enhanced-dos-protect ports [trusted | untrusted] <portlist> Description Configures ports as trusted, so that enhanced denial of service protection is not applied to the ports; or configures ports as untrusted, so that enhanced denial of service protection is applied to the ports. Syntax Description trusted Specifies the selected ports as trusted, so that enhanced denial of service is...
Page 787: Configure Enhanced-Dos-Protect Rate-Limit
configure enhanced-dos-protect rate-limit configure enhanced-dos-protect rate-limit configure enhanced-dos-protect rate-limit [threshold <threshold> | drop-probability <drop-probability> | learn-window <learn-window> | protocol [all | icmp]] ports <portlist> Description Configures rate limiting for enhanced denial of service protection. Syntax Description threshold Specifies the number of packets allowed on a given port within the learning window before the rate limit is applied.
Page 788 Security Commands The following command sets the rate limiting protocol to all packet types on ports 1 through 3: configure enhanced-dos-protect rate-limit protocol all ports 1-3 History This command was first available in ExtremeWare 7.3.0 Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 789: Configure Ip-Subnet-Lookup Maskbits
configure ip-subnet-lookup maskbits configure ip-subnet-lookup maskbits configure ip-subnet-lookup maskbits <length> Description This command changes length of IPDA SUBNET lookup mask. Syntax Description length Specifies the number of maskbits for the IPDA subnet lookup mask. Default N/A. Usage Guidelines For a new setting to be effective, system rebooting is needed. Example The following example changes the length of the IPDA subnet lookup mask to 18 bits: configure ip-subnet-lookup maskbits 18...
Page 790: Configure Netlogin Base-Url
Security Commands configure netlogin base-url configure netlogin base-url <url> Description Configures the base URL for Network Login. Syntax Description Specifies the base URL for Network Login. Default The base URL default value is “network-access.net”. Usage Guidelines When you login using a web browser, you are redirected to the specified base URL, which is the DNS name for the switch.
Page 791: Configure Netlogin Redirect-Page
configure netlogin redirect-page configure netlogin redirect-page configure netlogin redirect-page <url> Description Configures the redirect URL for Network Login. Syntax Description Specifies the redirect URL for Network Login. Default The redirect URL default value is “http://www.extremenetworks.com”. Usage Guidelines In ISP mode, you can configure netlogin to be redirected to a base page after successful login using this command.
Page 792: Configure Radius Server
Security Commands configure radius server configure radius [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port> <L4 port no>} client-ip [<ipaddress>] Description Configures the primary and secondary RADIUS authentication server. Syntax Description primary Configures the primary RADIUS authentication server. secondary Configures the secondary RADIUS authentication server. ipaddress Specifies the IP address of the server being configured.
Page 793: Configure Radius Shared-Secret
configure radius shared-secret configure radius shared-secret configure radius [primary | secondary] shared-secret {encrypted} [<string>] Description Configures the authentication string used to communicate with the RADIUS authentication server. Syntax Description primary Configures the authentication string for the primary RADIUS server. secondary Configures the authentication string for the secondary RADIUS server.
Page 794: Configure Radius Timeout
Security Commands configure radius timeout configure radius timeout <seconds> Description Configures the timeout interval for RADIUS authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for RADIUS authentication requests.
Page 795: Configure Radius Server Timeout
configure radius server timeout configure radius server timeout configure radius (primary|secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for RADIUS authentication requests for the primary and secondary servers. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Page 796: Configure Radius-Accounting Server
Security Commands configure radius-accounting server configure radius-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip [<ipaddress>] Description Configures the RADIUS accounting server. Syntax Description primary Configure the primary RADIUS accounting server. secondary Configure the secondary RADIUS accounting server. ipaddress The IP address of the accounting server being configured.
Page 797: Configure Radius-Accounting Shared-Secret
configure radius-accounting shared-secret configure radius-accounting shared-secret configure radius-accounting [primary | secondary] shared-secret {encrypted} [<string>] Description Configures the authentication string used to communicate with the RADIUS accounting server. Syntax Description primary Configures the authentication string for the primary RADIUS accounting server. secondary Configures the authentication string for the secondary RADIUS accounting server.
Page 798: Configure Radius-Accounting Timeout
Security Commands configure radius-accounting timeout configure radius-accounting timeout <seconds> Description Configures the timeout interval for RADIUS-Accounting authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for RADIUS-Accounting authentication requests.
Page 799: Configure Radius-Accounting Server Timeout
configure radius-accounting server timeout configure radius-accounting server timeout configure radius-accounting (primary|secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for RADIUS-Accounting authentication requests for the primary and secondary servers. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Page 800: Configure Route-Map Add
Security Commands configure route-map add configure route-map <route-map> add <seq_number> [permit | deny] {match-one | match-all} {set lpm-routing | set iphost-routing} Description Adds an entry in the route map with the specified sequence number and action. Syntax Description route-map The name of the route map to which this entry should be added. seq-number Specifies a sequence number that uniquely identifies the entry, and determines the position of the entry in the route map.
Page 801 configure route-map add The following command adds an entry to the route-map named bgp-out that will be evaluated after the previous entry, and that permits all matching routes: configure route-map bgp-out add 20 permit History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms.
Page 802: Configure Route-Map Add Goto
Security Commands configure route-map add goto configure route-map <route_map> <seq_number> add goto <new_route_map> Description Configures a route map statement to transfer evaluation to another route map. goto Syntax Description route-map The name of the route map to which this statement should be added. seq-number Specifies the sequence number of the entry in the route map to which this statement should be added.
Page 803: Configure Route-Map Add Match
configure route-map add match configure route-map add match configure route-map <route-map> <seq_number> add match [nlri-list <access profile> | as-path [access-profile <access profile> | <as_number>] | community [access-profile <access profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | next-hop <ip address>...
Page 804 Security Commands Usage Guidelines A match operation specifies a criteria that must be matched in order for the route to be successful. If there are multiple statements in a route table entry, match statements are evaluated before set or goto statements.
Page 805: Configure Route-Map Add Set
configure route-map add set configure route-map add set configure route-map <route-map> <seq_number> add set [as-path <as_number> | community [[access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | remove | [add | delete] [access-profile <access-profile> | <as no> : <number> | number <community>...
Page 806 Security Commands remove Removes the MED attribute, if present. add | delete <med_number> Adds or deletes the specified value to or from the MED that is received. The final result is bound by 0 and 2147483647. local-preference <number> Sets the local preference in the path attribute to the specified local preference number.
Page 807: Configure Route-Map Delete
configure route-map delete configure route-map delete configure route-map <route_map> delete <seq_number> Description Deletes an entry from the route map. Syntax Description route-map The name of the route map to which this entry should be added. seq-number Specifies a sequence number that uniquely identifies the entry, and determines the position of the entry in the route map.
Page 808: Configure Route-Map Delete Goto
Security Commands configure route-map delete goto configure route-map <route_map> <seq_number> delete goto <new_route_map> Description Deletes a route map statement. goto Syntax Description route-map The name of the route map from which this statement should be deleted. seq-number The sequence number of the entry in the route map from which this statement should be deleted.
Page 809: Configure Route-Map Delete Match
configure route-map delete match configure route-map delete match configure route-map <route-map> <seq_number> delete match [nlri-list <access-profile> | as-path [access-profile <access-profile> | <as_number>] | community [access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | next-hop <ip address> | med <number> | tag <number> | origin [igp | egp | incomplete]] Description Deletes a route map...
Page 810 Security Commands History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 811: Configure Route-Map Delete Set
configure route-map delete set configure route-map delete set configure route-map <route-map> <seq_number> delete set [as-path <as_number> | community [[access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed] | remove | [add | delete] [access-profile <access-profile> | <as_number>:<number> | number <community> | no-advertise | no-export | no-export-subconfed]] | next-hop <ip address>...
Page 812 Security Commands origin [igp | egp | incomplete] Specifies the origin. tag <tag_number> Specifies the tag in the route to the specified number. accounting index Specifies the index number of an accounting index to be set. <index_number> value <value_number> Specifies a value for the accounting index. cost <number>...
Page 813: Configure Security-Profile Default-User-Vlan
configure security-profile default-user-vlan configure security-profile default-user-vlan configure security-profile <name> default-user-vlan <vlan> Description Configures the default data VLAN for wireless users. Syntax Description name Specifies the names of the security profile. vlan Specifies the name of the default VLAN for wireless users. Default Wireless management default VLAN.
Page 814: Configure Security-Profile Dot11-Auth Network-Auth Encryption
Security Commands configure security-profile dot11-auth network-auth encryption configure security-profile <name> dot11-auth [open | shared] network-auth [none | dot1x |mac-radius |web-based | wpa | wpa-psk] encryption [none | aes |tkip | wep64 | wep128] Description Configures dot11 authentication, network authentication, and encryption type. Syntax Description name Specifies the names of the security profile.
Page 815 configure security-profile dot11-auth network-auth encryption Dot11 Authentication Network Authentication Encryption shared none Choices: • wep64 • wep128 shared web-based Choices: • wep64 • wep128 shared mac-radius Choices: • wep64 • wep128 Examples The following command sets the authentication and encryption: configure security-profile secure1 dot11-auth open network-auth wpa encryption aes History This command was first available in ExtremeWare 6.2a and added to the “i”...
Page 816: Configure Security-Profile Dot1X-Wpa Group-Update-Timer
Security Commands configure security-profile dot1x-wpa group-update-timer configure security-profile <name> dot1x-wpa group-update-timer <minutes> Description When the network-authentication is set to dot1x, WPA, or WPA-PSK, this command configures the interval when group keys for dot1x and WPA clients are updated. Syntax Description name Specifies the names of the security profile.
Page 817: Configure Security-Profile Dot1X-Wpa Pairwise-Update-Timer
configure security-profile dot1x-wpa pairwise-update-timer configure security-profile dot1x-wpa pairwise-update-timer configure security-profile <name> dot1x-wpa pairwise-update-timer <minutes> Description When the network-authentication is set to dot1x, WPA, or WPA-PSK, this command configures the interval when pairwise keys for dot1x and WPA clients are updated. Syntax Description name Specifies the names of the security profile.
Page 818: Configure Security-Profile Dot1X-Wpa Reauth-Period
Security Commands configure security-profile dot1x-wpa reauth-period configure security-profile <name> dot1x-wpa reauth-period <seconds> Description When the network-authentication is set to dot1x or WPA, this command configures the interval when clients are re-authenticated. Syntax Description name Specifies the names of the security profile. seconds Specifies the interval in seconds.
Page 819: Configure Security-Profile Ess-Name
configure security-profile ess-name configure security-profile ess-name configure security-profile <name> ess-name <ess_name> Description Sets the name of the wireless network for the 802.11 interface associated with the security profile. Syntax Description name Specifies the names of the security profile. ess_name Specifies the ESS name. Default N/A.
Page 820: Configure Security-Profile Ssid-In-Beacon
Security Commands configure security-profile ssid-in-beacon configure security-profile <name> ssid-in-beacon {on | off} Description Establishes whether the service set identifier (SSID) is advertised in the beacon frame. Syntax Description name Specifies the names of the security profile. Specifies that the beacon contains the SSID. Specifies that the beacon does not contain the SSID.
Page 821: Configure Security-Profile Use-Dynamic-Vlan
configure security-profile use-dynamic-vlan configure security-profile use-dynamic-vlan configure security-profile <name> use-dynamic-vlan {y | n} Description Determines whether the security profile uses the dynamic VLAN (VLAN pushed by the RADIUS server through a VSA (Vendor Specific Attribute)). Syntax Description name Specifies the names of the security profile. Specifies y for yes to use the dynamic VLAN.
Page 822: Configure Security-Profile Wep Default-Key-Index
Security Commands configure security-profile wep default-key-index configure security-profile <name> wep default-key-index <index> Description Sets the default key index for the security profile in case of static WEP encryption. Syntax Description name Specifies the names of the security profile. index Specifies the index of the WEP key. Valid ranges are 0-3 Default Zero (0).
Page 823: Configure Security-Profile Wep Key Add
configure security-profile wep key add configure security-profile wep key add configure security-profile <name> wep key add <index> [hex <hexoctet> | plaintext <string>] Description Adds the given WEP key at the specified index. Syntax Description name Specifies the names of the security profile. index Specifies the index.
Page 824: Configure Security-Profile Wep Key Delete
Security Commands configure security-profile wep key delete configure security-profile <name> wep key delete <integer> Description Deletes the specified WEP key. Syntax Description name Specifies the names of the security profile. integer Specifies the numeric value identifying the WEP key. Default Zero (0).
Page 825: Configure Security-Profile Wpa-Psk
configure security-profile wpa-psk configure security-profile wpa-psk configure security-profile <name> wpa-psk [hex <hexadecimal_digit> | passphrase <alphanumeric_string>] Description Configures the WPA pre-shared key. Syntax Description name Specifies the names of the security profile. Specifies the WPA pre-shared key type as hex. hexadecimal digit Specifies a 64-byte hexadecimal key.
Page 826: Configure Ssh2
Secure Copy Program (SCP) or the Secure File Transfer Protocol (SFTP). Before you can enable SSH2, you must first obtain a security license from Extreme Networks. After you receive the license, you must enable SSH2 and generate a host key. To enable SSH2, use the enable command.
Page 827 configure ssh2 Example The following command generates an authentication key for the SSH2 session: configure ssh2 key The command responds with the following messages: WARNING: Generating new server host key This will take approximately 10 minutes and cannot be canceled. Continue? (y/n) If you respond yes, the command prompts as follows: Enter some random characters.
Page 828: Configure Ssl Certificate Pregenerated
Security Commands configure ssl certificate pregenerated configure ssl certificate pregenerated Description Obtains the pre-generated certificate from the user. Syntax Description This command has no parameters or variables. Default N/A. Usage Guidelines This command is also used when downloading/ uploading the configuration. The certificate information stored in the uploaded configuration file should not be modified, because it is signed using the issuer’s private key.
Page 829: Configure Ssl Certificate Privkeylen Country Organization Common-Name
configure ssl certificate privkeylen country organization common-name configure ssl certificate privkeylen country organization common-name configure ssl certificate prikeylen <length> country <code> organization <org_name> common-name <name> Description Creates a self-signed certificate and private key that can be saved in NVRAM. Syntax Description length Specifies the private key length in bytes.
Page 830 Security Commands Platform Availability This command is available on Alpine 3800 series only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 831: Configure Ssl Privkey Pregenerated
configure ssl privkey pregenerated configure ssl privkey pregenerated configure ssl privkey pregenerated Description Obtains the pre-generated private key from the user. Syntax Description This command has no parameters or variables. Default N/A. Usage Guidelines This command will also be used when downloading/uploading the configuration. The private key will be stored in the uploaded configuration file in an encrypted format using a hard coded passphrase.
Page 832: Configure Tacacs Server
Security Commands configure tacacs server configure tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<tcp_port> | <L4 port no>} client-ip <ipaddress> Description Configures the server information for a TACACS+ authentication server. Syntax Description primary Configures the primary TACACS+ server. secondary Configures the secondary TACACS+ server.
Page 833: Configure Tacacs Shared-Secret
configure tacacs shared-secret configure tacacs shared-secret configure tacacs [primary | secondary] shared-secret {encrypted} <string> Description Configures the shared secret string used to communicate with the TACACS+ authentication server. Syntax Description primary Configures the authentication string for the primary TACACS+ server. secondary Configures the authentication string for the secondary TACACS+ server.
Page 834: Configure Tacacs Timeout
Security Commands configure tacacs timeout configure tacacs timeout <seconds> Description Configures the timeout interval for TACAS+ authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for TACACS+ authentication requests.
Page 835: Configure Tacacs Server Timeout
configure tacacs server timeout configure tacacs server timeout configure tacacs (primary |secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for TACAS+ authentication requests for the primary and secondary servers. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Page 836: Configure Tacacs-Accounting Server
Security Commands configure tacacs-accounting server configure tacacs-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<tcp_port>} client-ip <ipaddress> Description Configures the TACACS+ accounting server. Syntax Description primary Configures the primary TACACS+ accounting server. secondary Configures the secondary TACACS+ accounting server. ipaddress Specifies the IP address of the TACACS+ server being configured.
Page 837: Configure Tacacs-Accounting Shared-Secret
configure tacacs-accounting shared-secret configure tacacs-accounting shared-secret configure tacacs-accounting [primary | secondary] shared-secret {encrypted} <string> Description Configures the shared secret string used to communicate with the TACACS+ accounting server. Syntax Description primary Configures the authentication string for the primary TACACS+ accounting server.
Page 838: Configure Tacacs-Accounting Timeout
Security Commands configure tacacs-accounting timeout configure tacacs-accounting timeout <seconds> Description Configures the timeout interval for TACACS+ accounting authentication requests. Syntax Description seconds Specifies the number of seconds for authentication requests. Range is 3 to 120 seconds Default The default is 3 seconds. Usage Guidelines This command configures the timeout interval for TACACS+ accounting authentication requests.
Page 839: Configure Tacacs-Accounting Server Timeout
configure tacacs-accounting server timeout configure tacacs-accounting server timeout configure tacacs-accounting (primary|secondary) server <ipaddress> timeout <seconds> Description Configures the timeout interval for TACACS+ accounting authentication requests for the primary or secondary server. Syntax Description ipaddress Specifies the IP address of the primary or secondary server. seconds Specifies the number of seconds for authentication requests.
Page 840: Configure Vlan Access-Profile
Security Commands configure vlan access-profile configure vlan <vlan name> access-profile [<access profile> | none] Description Configures a BlackDiamond 6800 running ExtremeWare 4.1 to control the routing of traffic between VLANs. Syntax Description vlan name Specifies the name of an egress VLAN. access profile Specifies an access profile that contains a list of ingress VLANs.
Page 841: Configure Vlan Dhcp-Address-Range
configure vlan dhcp-address-range configure vlan dhcp-address-range configure vlan <vlan-name> dhcp-address-range <start-addr> - <end-addr> {<mask>} Description Configures a set of DHCP addresses for a VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be configured. start-addr Specifies the starting IP address in the configured range. end-addr Specifies the ending IP address in the configured range.
Page 842 Security Commands Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 843: Configure Vlan Dhcp-Lease-Timer
configure vlan dhcp-lease-timer configure vlan dhcp-lease-timer configure vlan <name> dhcp-lease-timer <lease-timer> Description Configures the timer value in seconds returned as part of the DHCP response. Syntax Description name Specifies the VLAN on whose ports netlogin should be disabled. lease-timer Specifies the timer value, in seconds. Default N/A.
Page 844: Configure Vlan Dhcp-Options
Security Commands configure vlan dhcp-options configure vlan <vlan-name> dhcp-options [dhcp-gateway <gateway-addr> | dns-server <dns-server-ip> | wins-server <wins-server-ip>] {<start-addr>} Description Configures the DHCP options returned as part of the DHCP response by a switch configured as a DHCP server. Syntax Description vlan-name Specifies the name of the VLAN to be configured.
Page 845 configure vlan dhcp-options 40.0.0.40. Similarly, for the secondary subnet the DHCP address range is configured ranging from 50.0.0.5 - 50.0.0.40. To configure the DHCP gateway as 40.0.0.90 for the primary subnet, issue the following command: configure vlan test dhcp-options dhcp-gateway 40.0.0.90 To configure the DHCP gateway as 50.0.0.90 for the secondary subnet issue the following command: configure vlan test dhcp-options dhcp-gateway 50.0.0.90 50.0.0.5 NOTE...
Page 846 Security Commands NOTE You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command (50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If the last option is not specified, the command is applied for the primary subnet. History This command was first available in ExtremeWare 6.2.
Page 847: Configure Vlan Netlogin-Lease-Timer
configure vlan netlogin-lease-timer configure vlan netlogin-lease-timer configure vlan <vlan name> netlogin-lease-timer <seconds> Description Configures the timer value returned as part of the DHCP response for clients attached to Network Login-enabled ports. Syntax Description vlan name Specifies the VLAN to which this timer value applies. seconds Specifies the timer value, in seconds.
Page 848: Create Access-List Icmp Destination Source
Security Commands create access-list icmp destination source create access-list <name> icmp destination [<dest_ipaddress>/<mask> | any] source [<src_ipaddress>/<source_mask> | any] type <icmp_type> code <icmp_code> [permit | deny] {<portlist>} {precedence <number>} Description Creates a named IP access list that applies to ICMP traffic. Syntax Description name Specifies the access list name.
Page 849 create access-list icmp destination source Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 850: Create Access-List Ip Destination Source Ports
Security Commands create access-list ip destination source ports create access-list <name> ip destination [<dest_ipaddress>/<mask> | any] source [<src_ipaddress>/<src_mask> | any] [permit {<qosprofile>} | deny] ports [<portlist> | any] {precedence <prec_number>} Description Creates a named IP access list that applies to all IP traffic. Syntax Description name Specifies the access list name.
Page 851 create access-list ip destination source ports Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 852: Create Access-List Tcp Destination Source Ports
Security Commands create access-list tcp destination source ports create access-list <name> tcp destination [<dest_ipaddress>/<mask> | any] ip-port [<dst_port> | range <dst_port_min> <dst_port_max> | any] source [<src_ipaddress>/<src_mask> | any] ip-port [<src_port> | range <src_port_min> <src_port_max> | any] [permit <qosprofile> | permit-established | deny] ports [<portlist> | any] {precedence <precedence_num>} Description Creates a named IP access list that applies to TCP traffic.
Page 853 create access-list tcp destination source ports Usage Guidelines The access list is applied to all ingress packets. Example The following command defines an access-list rule named allow10_23 with precedence 30 that permits TCP port 23 traffic destined for other 10.x.x.x networks, and assigns QoS profile Qp4: create access-list allow10_23 tcp dest 10.0.0.0/8 ip-port 23 source any ip-port any permit qosprofile qp4 ports any precedence 30 History...
Page 854: Create Access-List Udp Destination Source Ports
Security Commands create access-list udp destination source ports create access-list <name> udp destination [<dest_ipaddress>/<mask> | any] ip-port [<dst_port> | range <dst_port_min> <dst_port_max> | any] source [<src_ipaddress>/<src_mask> | any] ip-port [<src_port> | range <src_port_min> <src_port_max> | any] [permit <qosprofile> | deny] ports [<portlist>...
Page 855 create access-list udp destination source ports Example The following command defines an access-list rule named allow10_35 with precedence 70 that permits udp port 35 traffic destined for other 10.X.X.X networks, and assigns QoS profile Qp2: create access-list allow10_35 udp dest 10.0.0.0/8 ip-port 35 source any ip-port any permit qosprofile qp2 ports any precedence 70 History This command was first available in ExtremeWare 6.0, and replaced the...
Page 856: Create Access-Profile
Security Commands create access-profile create access-profile <access profile> type [ipaddress | ipx-node | ipx-net | ipx-sap | as-path | bgp-community | vlan] Description Creates an access profile. Syntax Description access profile Specifies an access profile name. ipaddress Specifies that the profile entries will be a list of IP address/mask pairs. ipx-node Specifies that the profile entries will be a list of IPX node addresses.
Page 857 create access-profile History This form of the command was available in ExtremeWare 6.1. Support for the IPX node, NetID and SAP advertisement types was added in ExtremeWare 6.2. A limited version of this command was first available in ExtremeWare 4.0. Platform Availability This command is available on all platforms.
Page 858: Create Route-Map
Security Commands create route-map create route-map <name> Description Creates a route map statement. Syntax Description name Specifies a route map name. Default N/A. Usage Guidelines Route maps are a mechanism that can be used to conditionally control the redistribution of routes between two routing domains, and to modify the routing information that is redistributed.
Page 859: Create Security-Profile
create security-profile create security-profile create security-profile <name> {copy <existing_profile>} Description Creates a new security profile. Syntax Description name Specifies the name of the security profile being created. existing_profile Specifies the name of an existing profile from which the system copies the initial values.
Page 860: Create Trusted-Mac-Address
Security Commands create trusted-mac-address create trusted-mac-address {mac-addresss} <xx:yy:zz:aa:bb:cc> {mask <dd:ee:ff:gg:hh:kk>} vlan <vlan-name | all> {port <portlist>} {protocol[DHCP|ARP]} Description Configures a trusted MAC address. Syntax Description <xx:yy:zz:aa:bb:cc> Specifies a trusted MAC address. mask <dd:ee:ff:gg:hh:kk> Optionally specifies the mask. vlan-name Specifies the name of the VLAN to be configured. Specifies all VLANs.
Page 861 create trusted-mac-address Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 862: Delete Access-List
Security Commands delete access-list delete access-list [<name> | all] Description Deletes an access list. Syntax Description name Specifies the name of the access list to be deleted. Specifies that all access lists should be deleted. Default N/A. Usage Guidelines None. Example The following command deletes access list allow102: delete access-list allow102...
Page 863: Delete Access-Profile
delete access-profile delete access-profile delete access-profile <access profile> Description Deletes an access profile. Syntax Description access profile Specifies an access profile name. Default N/A. Usage Guidelines None. Example The following command deletes an access profile named nosales: delete access-profile nosales History This command was first available in ExtremeWare 4.0.
Page 864: Delete Route-Map
Security Commands delete route-map delete route-map <route map> Description Deletes a route map statement from the route map. Syntax Description route map Specifies a route map name. Default N/A. Usage Guidelines None. Example The following command deletes a route-map named bgp-out: delete route-map bgp-out History This command was first available in ExtremeWare 6.1.
Page 865: Delete Security-Profile
delete security-profile delete security-profile delete security-profile <name> Description Deletes the named security profile. Syntax Description name Specifies the name of an existing RF profile to be deleted. Default N/A. Usage Guidelines Use this command to delete the named security profile. The named profile cannot be attached to any active ports.
Page 866: Delete Trusted-Mac-Address
Security Commands delete trusted-mac-address delete trusted-mac-address {mac-address} <xx:yy:zz:aa:bb:cc> {mask <dd:ee:ff:gg:hh:kk>} vlan <vlan-name | all> {port <portlist>} {protocol[DHCP|ARP]} Description Deletes a trusted MAC address. Syntax Description <xx:yy:zz:aa:bb:cc> Specifies a trusted MAC address. mask <dd:ee:ff:gg:hh:kk> Optionally specifies the mask. vlan-name Specifies the name of the VLAN to be configured. Specifies all VLANs.
Page 867: Disable Access-List
disable access-list disable access-list disable access-list <name> [counter | log] Description Disables message logging or the collection of access-list statistics. Syntax Description name Specifies the name of the access list. counter Specifies that access-list statistics collection should be disable. Specifies that message logging to the Syslog facility for each packet that matches the access-list description should be disabled.
Page 868: Disable Arp-Learning
Security Commands disable arp-learning disable arp-learning Description Disables the ARP-learning feature on the switch. Syntax Description This command has no arguments or variables. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A. History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
Page 869: Disable Arp-Learning Ports
disable arp-learning ports disable arp-learning ports disable arp-learning ports <portlist> Description Disables the ARP-learning feature on a port or ports. Syntax Description portlist Specifies the ingress port(s) on which this rule is applied. any specifies that the rule will be applied to all ports. Default By default, arp-learning is enabled.
Page 870: Disable Arp-Learning Vlan
Security Commands disable arp-learning vlan disable arp-learning vlan <vlan name> Description Disables the ARP-learning feature on a vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A.
Page 871: Disable Arp-Learning Vlan Ports
disable arp-learning vlan ports disable arp-learning vlan ports disable arp-learning vlan <vlan name> port <portlist> Description Disables the ARP-learning feature on a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. portlist Specifies the ports to which the rule applies.
Page 872: Disable Cpu-Dos-Protect
Security Commands disable cpu-dos-protect disable cpu-dos-protect Description Disables denial of service protection. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines None. Example The following command disables denial of service protection. disable cpu-dos-protect History This command was first available in ExtremeWare 6.2.2 Platform Availability...
Page 873: Disable Dhcp Ports Vlan
disable dhcp ports vlan disable dhcp ports vlan disable dhcp ports <portlist> vlan <vlan name> Description Disables DHCP on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which DHCP should be disabled. vlan name Specifies the VLAN on whose ports DHCP should be disabled. Default N/A.
Page 874: Disable Enhanced-Dos-Protect
Security Commands disable enhanced-dos-protect disable enhanced-dos-protect {rate-limit | ipfdb} {ports [<portlist> | all]} Description Disables enhanced denial of service protection globally or for selected ports. Syntax Description rate-limit Disables software rate limiting. ipfdb Disables the IPFDB learning qualifier. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots a nd ports.
Page 875: Disable Ip-Subnet-Lookup
disable ip-subnet-lookup disable ip-subnet-lookup disable ip-subnet-lookup Description Disables IPDA SUBNET lookup feature in a switch. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines For a new setting to be effective, system rebooting is needed. Example The following command disables IPDA lookup: disable ip-subnet-lookup...
Page 876: Disable Netlogin
Security Commands disable netlogin disable netlogin [web-based |dot1x] Description Disables Network Login modes. Syntax Description web-based Specifies web-based authentication. dot1x Specifies 802.1x authenticating. Default Both types of authentication are enabled. Usage Guidelines Both types, either type, or no type of authentication can be enabled on the same switch. To enable an authentication mode, use the following command: enable netlogin [web-based | dot1x] This command was first introduced as...
Page 877: Disable Netlogin Logout-Privilege
disable netlogin logout-privilege disable netlogin logout-privilege disable netlogin logout-privilege Description Disables Network Login logout window pop-up. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines This command controls the logout window pop-up on the web-based network client. This command applies only to the web-based authentication mode of Network Login.
Page 878: Disable Netlogin Ports
Security Commands disable netlogin ports disable netlogin ports <portlist> vlan <vlan name> Description Disables Network Login on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which netlogin should be disabled. vlan name Specifies the VLAN on whose ports netlogin should be disabled. Default N/A.
Page 879: Disable Netlogin Session-Refresh
disable netlogin session-refresh disable netlogin session-refresh disable netlogin session-refresh Description Disables Network Login session refresh. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines Network Login sessions can refresh themselves after a configured timeout. After the user has been logged in successfully, a logout window opens which can be used to close the connection by clicking on the LogOut link.
Page 880: Disable Radius
Security Commands disable radius disable radius Description Disables the RADIUS client. Syntax Description This command has no arguments or variables. Default RADIUS authentication is disabled by default. Usage Guidelines None. Example The following command disables RADIUS authentication for the switch: disable radius History This command was first available in ExtremeWare 4.1.
Page 881: Disable Radius-Accounting
disable radius-accounting disable radius-accounting disable radius-accounting Description Disables RADIUS accounting. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command disables RADIUS accounting for the switch: disable radius-accounting History This command was first available in ExtremeWare 4.1. Platform Availability This command is available on all platforms.
Page 882: Disable Ssh2
Security Commands disable ssh2 disable ssh2 Description Disables the SSH2 server for incoming SSH2 sessions to switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines SSH2 session options (access profile and non-default port setting) are not saved when SSH2 is disabled. To view the status of SSH2 Telnet sessions on the switch, use the command.
Page 883: Disable Tacacs
disable tacacs disable tacacs disable tacacs Description Disables TACACS+ authentication. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command disables TACACS+ authentication for the switch: disable tacacs History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms.
Page 884: Disable Tacacs-Accounting
Security Commands disable tacacs-accounting disable tacacs-accounting Description Disables TACACS+ accounting. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command disables TACACS+ accounting: disable tacacs-accounting History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms.
Page 885: Disable Tacacs-Authorization
disable tacacs-authorization disable tacacs-authorization disable tacacs-authorization Description Disables TACACS+ authorization. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This disable CLI command authorization but leaves user authentication enabled. Example The following command disables TACACS+ CLI command authorization: disable tacacs-authorization History This command was first available in ExtremeWare 6.1.
Page 886: Disable Trusted-Mac-Address
Security Commands disable trusted-mac-address disable trusted-mac-address {vlan <vlan-name>} Description Disables a trusted MAC address. Syntax Description vlan-name Specifies the name of the VLAN. Default Disabled. Usage Guidelines Use the command to disable trusted OUI or MAC addresses for disable trusted-mac-address port-specific configurations.
Page 887: Disable Web Http
disable web http disable web http disable web http Description Disables HTTP access to the switch on the default HTTP port (80). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to disallow users from connecting with HTTP. Disabling HTTP access forces users to use a secured HTTPS connection if web HTTPS is enabled.
Page 888: Disable Web Https
Security Commands disable web https disable web https Description Disables secured HTTP access (HTTPS) to the switch on the default HTTPS port (443). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to disable HTTPS before changing the certificate or private key. Example The following command disables HTTPS on the default port: disable web https...
Page 889: Download Ssl Certificate
download ssl certificate download ssl certificate download ssl <ip address> certificate <cert file> Description Permits downloading of a certificate key from files stored in a TFTP server. Syntax Description ip address Specifies the IP address of the TFTP server. cert file Specifies the name of certificate key.
Page 890: Download Ssl Privkey
Security Commands download ssl privkey download ssl <ip address> privkey <key file> Description Permits downloading of a private key from files in a TFTP server. Syntax Description ip address Specifies the IP address of the TFTP server. key file Specifies the name of private key file. Default N/A.
Page 891: Enable Access-List
enable access-list enable access-list enable access-list <name> [counter | log] Description Enables message logging or the collection of access-list statistics. Syntax Description name Specifies the name of the access list. counter Specifies that access-list statistics should be collected. Specifies that a message should be logged to the Syslog facility for each packet that matches the access-list description.
Page 892: Enable Arp-Learning
Security Commands enable arp-learning enable arp-learning Description Enables the ARP-learning feature on the switch. Syntax Description This command has no arguments or variables. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A. History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
Page 893: Enable Arp-Learning Ports
enable arp-learning ports enable arp-learning ports enable arp-learning ports <portlist> Description Enables the ARP-learning feature on a port or ports. Syntax Description portlist Specifies the ingress port(s) on which this rule is applied. any specifies that the rule will be applied to all ports. Default By default, arp-learning is enabled.
Page 894: Enable Arp-Learning Vlan
Security Commands enable arp-learning vlan enable arp-learning vlan <vlan name> Description Enables the ARP-learning feature on a vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. Default By default, arp-learning is enabled. Usage Guidelines None. Example N/A.
Page 895: Enable Arp-Learning Vlan Ports
enable arp-learning vlan ports enable arp-learning vlan ports enable arp-learning vlan <vlan name> port <portlist> Description Enables the ARP-learning feature on a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. portlist Specifies the ports to which the rule applies.
Page 896: Enable Cpu-Dos-Protect
Security Commands enable cpu-dos-protect enable cpu-dos-protect Description Enables denial of service protection. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines None. Example The following command enables denial of service protection. enable cpu-dos-protect History This command was first available in ExtremeWare 6.2.2 Platform Availability...
Page 897: Enable Cpu-Dos-Protect Simulated
enable cpu-dos-protect simulated enable cpu-dos-protect simulated enable cpu-dos-protect simulated Description Enables simulated denial of service protection. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines When simulated denial of service protection is enabled, no ACLs are created. This mode is useful to gather information about normal traffic levels on a switch.
Page 898: Enable Enhanced-Dos-Protect
Security Commands enable enhanced-dos-protect enable enhanced-dos-protect {rate-limit | ipfdb} {ports [<portlist> | all]} Description Enables enhanced denial of service protection globally or for selected ports. Syntax Description rate-limit Enables software rate limiting. ipfdb Enables the IPFDB learning qualifier, resulting in reduction of IPFDB thrashing.
Page 899: Enable Ip-Subnet-Lookup
enable ip-subnet-lookup enable ip-subnet-lookup enable ip-subnet-lookup Description Enables IPDA SUBNET lookup feature in a switch. Syntax Description There are no arguments or variables for this command. Default Default is disabled. Usage Guidelines For a new setting to be effective, system rebooting is needed. If IPDA SUBNET lookup is enabled for the first time, IPDA SUBNET lookup mask length is 24 (255.255.255.0).
Page 900: Enable Netlogin
Security Commands enable netlogin enable netlogin [web-based | dot1x] Description Enables Network Login authentication modes. Syntax Description web-based Specifies web-based authentication. dot1x Specifies 802.1x authenticating. Default Both types of authentication are enabled. Usage Guidelines Both types, either type, or no type of authentication can be enabled on the same switch. To disable an authentication mode, use the following command: disable netlogin [web-based | dot1x] This command was first introduced as...
Page 901: Enable Netlogin Logout-Privilege
enable netlogin logout-privilege enable netlogin logout-privilege enable netlogin logout-privilege Description Enables Network Login logout pop-up window. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines This command controls the logout window pop-up on the web-based network client. This command applies only to the web-based authentication mode of Network Login.
Page 902: Enable Netlogin Ports
Security Commands enable netlogin ports enable netlogin ports <portlist> vlan <vlan name> Description Enables Network Login on a specified port in a VLAN. Syntax Description portlist Specifies the ports for which netlogin should be enabled. vlan name Specifies the VLAN on whose ports netlogin should be enabled. Default N/A.
Page 903: Enable Netlogin Session-Refresh
enable netlogin session-refresh enable netlogin session-refresh enable netlogin session-refresh {<minutes>} Description Disables Network Login session refresh. Syntax Description minutes Specifies the session refresh time for Network Login in minutes. Default Disabled, with a value of three minutes for session refresh. Usage Guidelines Network Login sessions can refresh themselves after a configured timeout.
Page 904: Enable Radius
Security Commands enable radius enable radius Description Enables the RADIUS client on the switch. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When enabled, all web and CLI logins are sent to the RADIUS servers for authentication. When used with a RADIUS server that supports ExtremeWare CLI authorization, each CLI command is sent to the RADIUS server for authorization before it is executed.
Page 905: Enable Radius-Accounting
enable radius-accounting enable radius-accounting enable radius-accounting Description Enables RADIUS accounting. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines The RADIUS client must also be enabled. Example The following command enables RADIUS accounting for the switch: enable radius-accounting History This command was first available in ExtremeWare 4.1.
Page 906: Enable Ssh2
Security License Key to enable the SSH2 feature. To obtain a Security License Key, access the Extreme Networks website. You can specify a list of predefined clients that are allowed SSH2 access to the switch. To do this, you must create an access profile that contains a list of allowed IP addresses.
Page 907: Enable Tacacs
enable tacacs enable tacacs enable tacacs Description Enables TACACS+ authentication. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines After they have been enabled, all web and CLI logins are sent to one of the two TACACS+ servers for login name authentication and accounting.
Page 908: Enable Tacacs-Accounting
Security Commands enable tacacs-accounting enable tacacs-accounting Description Enables TACACS+ accounting. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines If accounting is used, the TACACS+ client must also be enabled. Example The following command enables TACACS+ accounting for the switch: enable tacacs-accounting History This command was first available in ExtremeWare 6.1.
Page 909: Enable Tacacs-Authorization
enable tacacs-authorization enable tacacs-authorization enable tacacs-authorization Description Enables CLI command authorization. Syntax Description This command has no arguments or variables. Default Disabled. Usage Guidelines When enabled, each command is transmitted to the remote TACACS+ server for authorization before the command is executed. Example The following command enables TACACS+ command authorization for the switch: enable tacacs-authorization...
Page 910: Enable Trusted-Mac-Address
Security Commands enable trusted-mac-address enable trusted-mac-address {vlan <vlan-name>} Description Enables a trusted MAC address. Syntax Description vlan-name Specifies the name of the VLAN. Default Disabled. Usage Guidelines Use the command to enable trusted OUI or MAC addresses for enable trusted-mac-address port-specific configurations.
Page 911: Enable Web Http
enable web http enable web http enable web http Description Enables HTTP access to the switch on the default HTTP port (80). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to enable HTTP access to the switch web pages. Example The following command enables HTTP on the default port: enable web http...
Page 912: Enable Web Http Access-Profile
Security Commands enable web http access-profile enable web http access-profile [none | <access-profile>] port <port number> Description Allows HTTP access on the specified (non-default) port. Syntax Description none Specifies to not to use an access-profile when accessing HTTP. access-profile Specifies the name of an access-profile to use when accessing HTTP. port number Specifies the port number to use to access HTTP.
Page 913: Enable Web Https Access-Profile
enable web https access-profile enable web https access-profile enable web https access-profile [none | <access-profile>] port <port number> Description Allows HTTPS access on the specified (non-default) port. Syntax Description none Specifies to not to use an access-profile when accessing HTTPS. access-profile Specifies the name of an access-profile to use when accessing HTTPS.
Page 914: Enable Web Https
Security Commands enable web https enable web https Description Enables secure HTTP access (HTTPS) to the switch on the default HTTPS port (443). Syntax Description This command has no parameters or variables. Default Enabled. Usage Guidelines Use this command to allow users to connect using a more secure HTTPS connection. Example The following command enables HTTPS on the default port: enable web https...
Page 915: Scp2
scp2 scp2 scp2 {cipher [3des | blowfish]} {port <portnum>} {debug <debug_level>} <user>@ [<hostname> | <ipaddress>] :<remote_file> [configuration {incremental} | image [primary | secondary] | bootrom] Description Initiates an SCP2 client session to a remote SCP2 server and copies a file from the remote system to the switch.
Page 916 Security Commands CAUTION You can download a configuration to an Extreme Networks switch using SCP. If you do this, you cannot save this configuration. If you save this configuration and reboot the switch, the configuration will be corrupted. Example The following command copies a configuration file from the file configpart1.save on host system1 to the switch as an incremental configuration: scp2 admin@system1:configpart1.save configuration incremental...
Page 917: Scp2 Configuration
scp2 configuration scp2 configuration scp2 {cipher [3des | blowfish]} {port <portnum>} {debug <debug_level>} configuration <user>@ [<hostname> | <ipaddress>]:<remote_file> Description Copies the configuration file from the switch to a remote system using SCP2. Syntax Description 3des Specifies that the 3des cipher should be used for encryption. This is the default.
Page 918: Show Access-List
Security Commands show access-list show access-list {<name> | port <portlist>} Description Displays access list information and real-time statistics. Syntax Description name Specifies the name of an access list to be displayed. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 919 show access-list The command generates output similar to the following: test1 Protocol: ip Action: permit qp1 Destination: 0.0.0.0/0 any Source: any Precedence: 0 Rule Number: 0 Hit Count: 4566 Flags: ac Ports: History This command was first available in ExtremeWare 6.0. Platform Availability This command is available on all platforms.
Page 920: Show Access-List-Fdb
Security Commands show access-list-fdb show access-list-fdb Description Displays the hardware access control list mapping. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines None. Example The following command displays the hardware access control list mapping: show access-list-fdb History This command was first available in ExtremeWare 6.0.
Page 921: Show Access-List-Monitor
show access-list-monitor show access-list-monitor show access-list-monitor Description Initiates the access-list information display, and refreshes it until discontinued. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command initiates a display of real-time access list information. Use the keys as shown in Table 17 to change the view of the data.
Page 922: Show Access-Profile
Security Commands show access-profile show access-profile {<access profile>} Description Displays access-profile related information for the switch. Syntax Description access profile Specifies an access profile. Default Shows all access profile information for the switch. Usage Guidelines None. Example The following command displays access-profile related information for access profile nosales: show access-profile nosales History This command was first available in ExtremeWare 4.0.
Page 923: Show Arp-Learning Vlan
show arp-learning vlan show arp-learning vlan show arp-learning vlan <vlan name> Description Displays the ARP-learning feature on a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. Default By default, arp-learning is enabled. Usage Guidelines None.
Page 924: Show Arp-Learning Vlan Ports
Security Commands show arp-learning vlan ports show arp-learning vlan <vlan name> port <portlist> Description Displays the ARP-learning configuration for a port in the given vlan. Syntax Description vlan name Specifies the vlan to which the rule applies. portlist Specifies the ports to which the rule applies. Default By default, arp-learning is enabled.
Page 925: Show Auth
show auth show auth show auth Description Displays the authentication servers configured for mgmt-access/netlogin type of sessions. Syntax Description There are no arguments or variables for this command. Default Shows all authentication server information for the switch. Usage Guidelines None. Example show auth History...
Page 926: Show Cpu-Dos-Protect
Security Commands show cpu-dos-protect show cpu-dos-protect Description Displays the status of denial of service protection. Syntax Description There are no arguments or variables for this command. Default N/A. Usage Guidelines None. Example The following command displays the status of denial of service protection. show cpu-dos-protect Following is the output from this command: Denial-of-service protection to CPU is ENABLED...
Page 927: Show Enhanced-Dos-Protect
show enhanced-dos-protect show enhanced-dos-protect show enhanced-dos-protect [rate-limit | ipfdb] ports [<portlist> | all] Description Displays the status of the enhanced denial of service protection feature. Syntax Description rate-limit Displays rate limiting configuration. ipfdb Displays IPFDB learning qualifier configuration. portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots a nd ports.
Page 928: Show Ip-Subnet-Lookup
Security Commands show ip-subnet-lookup show ip-subnet-lookup Description Displays all IPDA SUBNET forwarding entries Syntax Description There are no arguments or variables for this command. Default N/A. Usage Guidelines None. Example. # show ip-subnet-lookup Dest IP Addr TblIdx MacIdx Flag Flow MAC Address VLAN Port --------------- ------ ------...
Page 929: Show Netlogin
show netlogin show netlogin show netlogin {port <portlist> vlan <vlan name>} Description Shows status information for Network Login. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports. On a stand-alone switch, can be one or more port numbers.
Page 930 Security Commands Quiet Period secs Client Response Timeout secs Default Reauthentication Timeout 3600 secs Max. Number Authentication Failure Periodic Reauthentication ENABLED --------------------------------- Port: 1:13, Vlan: Default, State: Unauthenticated IP address Auth Type ReAuth-Timer User 00:B0:D0:90:2F:72 0.0.0.0 802.1x Unknown ------------------------------- Total Number of Authenticated MACs : 0 The following command shows the detailed Network Login information for the port 1:13 in the VLAN Default: show netlogin ports 1:13 "Default"...
Page 931: Show Radius
show radius show radius show radius {<ipaddress>} Description Displays the current RADIUS client configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines The output from this command displays the status of the RADIUS and RADIUS accounting (enabled or disabled) and the primary and secondary servers for RADIUS and RADIUS accounting.
Page 932 Security Commands Primary radius accounting server: Server name: 172.17.1.104 Client address: 172.17.1.221 Shared secret: lf|nki Secondary radius accounting server: Server name: 172.17.1.123 Client address: 172.17.1.221 Shared secret: lf|nki History This command was first available in ExtremeWare 4.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 933: Show Radius-Accounting
show radius-accounting show radius-accounting show radius-accounting {<ipaddress>} Description Displays the current RADIUS accounting client configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines The output from this command displays information about the status and configuration of RADIUS accounting Example The following command displays RADIUS accounting client configuration and statistics:...
Page 934: Show Route-Map
Security Commands show route-map show route-map <route map> Description Displays route map information. Syntax Description route map Specifies a route map name. Default N/A. Usage Guidelines If you do not specify a route map name, information for all the route maps will be displayed. Example The following command displays the route-map named bgp-out: show route-map bgp-out...
Page 935: Show Security-Profile
show security-profile show security-profile show security-profile {<name>} Description Displays the configured parameters of the security profile. Syntax Description name Specifies the name of an existing RF profile to be deleted. Default All. Usage Guidelines Use this command to show security profiles currently configured on the platform and all values associated with each security profile.
Page 936 Security Commands 1:26:2, 1:26:2, 1:27:1, 1:27:2, 1:27:2, 1:28:1, 1:28:2, 1:28:2, 1:29:1, 1:29:2, 1:29:2, 1:30:1, 1:30:2, 1:30:2, 1:31:1, 1:31:2, 1:31:2, 1:32:1, 1:32:2, 1:32:2, 2:1:1, 2:1:2, 2:2:2, 2:3:2, 2:4:1, 2:4:2, 2:4:2, 2:5:2, 2:5:2, 2:6:1, 2:6:2, 2:6:2, 2:7:1, 2:7:2, 2:7:2, 2:8:1, 2:8:2, 2:8:2, 2:9:1, 2:9:2, 2:9:2, 2:10:1, 2:10:2, 2:10:2, 2:11:1, 2:11:2, 2:11:2, 2:12:1, 2:12:2, 2:12:2, 2:13:1, 2:13:2, 2:13:2, 2:14:1, 2:14:2,...
Page 937 show security-profile Encryption: wep64 User VLAN: VSA-DKSP Use Dynamic VLAN: WEP Key 3>:>?75<;5 Default WEP Key: SSID in Beacon: Interfaces: 1:2:1, Profile Name: shared128wep ESS Name: fz-shared-wep-128 Dot11 Authentication: shared Network Authentication: none Encryption: wep128 User VLAN: VSA-DKSP Use Dynamic VLAN: WEP Key 3>:>?75<;50>?=6343:2=;9>44 Default WEP Key:...
Page 938: Show Ssl
Security Commands show ssl show ssl {detail} Description Displays the Secure Sockets Layer (SSL) configuration. Syntax Description detail Specifies to display the information in detailed format. Default N/A. Usage Guidelines Displays the following information: • HTTPS port configured. This is the port on which the clients will connect. •...
Page 939 show ssl The following command displays the SSL configuration with the complete certificate. show ssl detail The output of the command is similar to: HTTPS Port Number: Private Key matches the Certificate's public key. RSA Key Length: 1026 Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption...
Page 940 Security Commands zFvvBiX8TQaYvp9sL/Oia7yTeZna4jeY1q+HOJo5t3EuvJyRwjSJVnTNN5FaytnJ 6OndxHIE4Umj6kWHnjuSoQJBAJO53Wz8PztTHl5wkTiQ7Y/L7V41jCpDz0W4Kt0k Ywn1pvjSPV9dIbqVhHgDMi5KdAF5ny2f8vgNZp8ZdwCrTCw= -----END RSA PRIVATE KEY----- History This command was first available in ExtremeWare 6.2a and added to the “i” series in 7.3.0. Platform Availability This command is available on Alpine 3800 series only. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 941: Show Tacacs
show tacacs show tacacs show tacacs {<ipaddress>} Description Displays the current TACACS+ configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines None. Example The following command displays TACACS+ client configuration and statistics: show tacacs Following is the output from this command: TACACS+: enabled...
Page 942 Security Commands Shared secret: lf|nki History This command was first available in ExtremeWare 6.1. Platform Availability This command is available on all platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 943: Show Tacacs-Accounting
show tacacs-accounting show tacacs-accounting show tacacs-accounting {<ipaddress>} Description Displays the current TACACS+ accounting client configuration and statistics. Syntax Description ipaddress Specifies the IP address of the RADIUS server (optional). Default N/A. Usage Guidelines None: Example The following command displays TACACS+ accounting client configuration and statistics: show tacacs-accounting Following is the output from this command: TACACS+ Accounting: enabled...
Page 944: Show Trusted-Mac-Address
Security Commands show trusted-mac-address show trusted-mac-address {vlan <vlan-name>} {port <portlist>} Description Displays the status of the enable/disable keywords and then displays all of the configured trusted MAC addresses. Syntax Description vlan-name Specifies the name of the VLAN . portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 945: Show Wireless Ports Interface Clients
show wireless ports interface clients show wireless ports interface clients show wireless ports [<portlist> | all] interface [1 | 2] clients {detail} Description Displays wireless client state. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 946: Show Wireless Ports Interface Pae-Diagnostics
Security Commands show wireless ports interface pae-diagnostics show wireless ports [<portlist> | all] interface [1 | 2] pae-diagnostics Description Displays Port Authentication Entity (PAE) diagnostics for the selected port and interface. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 947: Show Wireless Ports Interface Pae-Statistics
show wireless ports interface pae-statistics show wireless ports interface pae-statistics show wireless ports [<portlist> | all] interface [1 | 2] pae-statistics Description Displays Port Authentication Entity (PAE) statistics for the selected port and interface. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 948: Ssh2
When you terminate the remote session, commands will then resume being executed on the original switch. The remote command option cannot be used with Extreme Networks switches. If you include a remote command, you will receive an error message.
Page 949 ssh2 Example The following command establishes an SSH2 session on switch engineering1: ssh2 admin@engineering1 The following command establishes an SSH2 session with the switch summit48i over TCP port 2050 with compression enabled: ssh2 port 2050 compression on admin@summit48i History This command was first available in ExtremeWare 6.2.1 Platform Availability This command is available on all platforms.
Page 950: Unconfigure Auth Mgmt-Access
Security Commands unconfigure auth mgmt-access unconfigure auth mgmt-access Description Disables the remote authentication for management sessions. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines N/A. Example unconfigure auth mgmt-access History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
Page 951: Unconfigure Auth Netlogin
unconfigure auth netlogin unconfigure auth netlogin unconfigure auth netlogin Description Disables the remote authentication for netlogin sessions. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines N/A. Example unconfigure auth netlogin History This command was first available in ExtremeWare 7.3. Platform Availability This command is available on all platforms.
Page 952: Unconfigure Cpu-Dos-Protect
Security Commands unconfigure cpu-dos-protect unconfigure cpu-dos-protect Description Resets denial of service protection configuration to default parameter values. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines This command will not change whether denial of service protection is enabled or disabled. To enable or disable denial of service protection, use the following commands: enable cpu-dos-protect disable cpu-dos-protect...
Page 953: Unconfigure Enhanced-Dos-Protect Ipfdb Agingtime
unconfigure enhanced-dos-protect ipfdb agingtime unconfigure enhanced-dos-protect ipfdb agingtime unconfigure enhanced-dos-protect ipfdb agingtime ports <portlist> Description Resets aging time configuration for enhanced denial of service protection to default values for the selected ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 954: Unconfigure Enhanced-Dos-Protect Ipfdb Cache-Size
Security Commands unconfigure enhanced-dos-protect ipfdb cache-size unconfigure enhanced-dos-protect ipfdb cache-size Description Resets the cache size for enhanced denial of service protection to default parameter values. Syntax Description This command has no arguments or variables. Default The default cache size value is 256 (in kilobytes). Usage Guidelines Enhanced DoS Protection maintains the number of IPFDB entries according to the cache-size limit.
Page 955: Unconfigure Enhanced-Dos-Protect Ipfdb Learn-Limit
unconfigure enhanced-dos-protect ipfdb learn-limit unconfigure enhanced-dos-protect ipfdb learn-limit unconfigure enhanced-dos-protect ipfdb learn-limit ports <portlist> Description Resets the learning limit for enhanced denial of service protection to default parameter values for the selected ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 956: Unconfigure Enhanced-Dos-Protect Ipfdb Learn-Window
Security Commands unconfigure enhanced-dos-protect ipfdb learn-window unconfigure enhanced-dos-protect ipfdb learn-window ports <portlist> Description Resets the learning window on untrusted ports for the enhanced denial of service protection IPFDB learning qualifier to default values for the selected ports. Syntax Description portlist Specifies one or more ports or slots and ports.
Page 957: Unconfigure Enhanced-Dos-Protect Ports
unconfigure enhanced-dos-protect ports unconfigure enhanced-dos-protect ports unconfigure enhanced-dos-protect ports <portlist> Description Resets the enhanced denial of service protection to the default trusted value for selected ports. Syntax Description portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of slots and ports.
Page 958: Unconfigure Enhanced-Dos-Protect Rate-Limit
Security Commands unconfigure enhanced-dos-protect rate-limit unconfigure enhanced-dos-protect rate-limit [threshold | drop-probability | learn-window | protocol] ports <portlist> Description Removes ports from rate limiting or resets the rate limiting configuration for enhanced denial of service protection to default parameter values for the selected ports. Syntax Description threshold Resets to the default value the number of packets allowed on a given port within the...
Page 959 unconfigure enhanced-dos-protect rate-limit The following command resets the rate limiting learn window on ports 2 and 3 to the default value, 10 seconds: unconfigure enhanced-dos-protect rate-limit learn-window ports 2,3 The following command resets the rate limiting protocol to the default value, ICMP packet types, on ports 1 through 3: unconfigure enhanced-dos-protect rate-limit protocol ports 1-3 The following command removes ports 1 through 4 from rate limiting:...
Page 960: Unconfigure Radius
Security Commands unconfigure radius unconfigure radius {server [primary | secondary]} Description Unconfigures the RADIUS client configuration. Syntax Description primary Unconfigures the primary RADIUS server. secondary Unconfigures the secondary RADIUS server. Default Unconfigures both primary and secondary servers. Usage Guidelines None. Example The following command unconfigures the secondary RADIUS server for the client: unconfigure radius server secondary...
Page 961: Unconfigure Radius-Accounting
unconfigure radius-accounting unconfigure radius-accounting unconfigure radius-accounting {server [primary | secondary]} Description Unconfigures the RADIUS accounting client configuration. Syntax Description primary Unconfigures the primary RADIUS accounting server. secondary Unconfigures the secondary RADIUS accounting server. Default Unconfigures both the primary and secondary accounting servers. Usage Guidelines None.
Page 962: Unconfigure Tacacs
Security Commands unconfigure tacacs unconfigure tacacs {server [primary | secondary]} Description Unconfigures the TACACS+ client configuration. Syntax Description primary Unconfigures the primary TACACS+ server. secondary Unconfigures the secondary TACACS+ server. Default Unconfigures both the primary and secondary TACACS+ servers. Usage Guidelines None.
Page 963: Unconfigure Tacacs-Accounting
unconfigure tacacs-accounting unconfigure tacacs-accounting unconfigure tacacs-accounting {server [primary | secondary]} Description Unconfigures the TACACS+ accounting client configuration. Syntax Description primary Unconfigures the primary TACACS+ accounting server. secondary Unconfigures the secondary TACACS+ accounting server. Default Unconfigures both the primary and secondary TACACS+ accounting servers. Usage Guidelines None.
Page 964: Unconfigure Vlan Dhcp-Address-Range
Security Commands unconfigure vlan dhcp-address-range unconfigure vlan <vlan-name> dhcp-address-range {<start-addr>} Description Clears the specified DHCP address range in the a VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be unconfigured. dhcp-address-range Specifies that DHCP address range to be unconfigured. start-addr (Optional) Specifies the starting address of the DHCP address range to be unconfigured.
Page 965 unconfigure vlan dhcp-address-range History This command has been modified so that clearing of the secondary or remote address ranges is possible (through the addition of the parameter ). This enhanced command was made available in start-addr ExtremeWare 7.3.0. Platform Availability This command is available on all platforms.
Page 966: Unconfigure Vlan Dhcp-Options
Security Commands unconfigure vlan dhcp-options unconfigure vlan <vlan-name> dhcp-options {<start-addr>} Description Clears the DHCP options for the specified address range in a VLAN. Syntax Description vlan-name Specifies the name of the VLAN to be unconfigured. dhcp-options Specifies that DHCP options are to be unconfigured. start-addr (Optional) Specifies the starting address of the range for which DHCP options are to be unconfigured.
Page 967 unconfigure vlan dhcp-options NOTE You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command (50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If the last option is not specified, the command is applied for the primary subnet. History This command has been modified so that clearing the DHCP options for secondary or remote subnets is possible (through the addition of the parameter...
Page 968 Security Commands ExtremeWare Software 7.3.0 Command Reference Guide...
Page 969: Eaps Commands
EAPS Commands This chapter describes commands for configuring and monitoring Ethernet Automatic Protection Switching (EAPS). To use EAPS, you must enable EDP on the switch and the EAPS ring ports. The EAPS protocol provides fast protection switching to layer 2 switches interconnected in an Ethernet ring topology, such as a metropolitan area network (MAN) or large campuses.
Page 970: Configure Eaps Add Control Vlan
EAPS Commands configure eaps add control vlan configure eaps <name> add control vlan <vlan_name> Description Adds the specified control VLAN to the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the control VLAN. Default N/A.
Page 971: Configure Eaps Add Protect Vlan
configure eaps add protect vlan configure eaps add protect vlan configure eaps <name> add protect vlan <vlan_name> Description Adds the specified protected VLAN to the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the protected VLAN. Default N/A.
Page 972: Configure Eaps Delete Control Vlan
EAPS Commands configure eaps delete control vlan configure eaps <name> delete control vlan <vlan_name> Description Deletes the specified control VLAN from the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the control VLAN. Default N/A.
Page 973: Configure Eaps Delete Protect Vlan
configure eaps delete protect vlan configure eaps delete protect vlan configure eaps <name> delete protect vlan <vlan_name> Description Deletes the specified protected VLAN from the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. vlan_name Specifies the name of the protected VLAN. Default N/A.
Page 974: Configure Eaps Failtime
EAPS Commands configure eaps failtime configure eaps <name> failtime [<seconds>] Description Configures the value of the failtimer the master node uses for EAPS health-check packets. Syntax Description name Specifies the name of an EAPS domain. seconds Specifies the number of seconds the master node waits to receive a health-check packet before the failtimer expires.
Page 975: Configure Eaps Failtime Expiry-Action
configure eaps failtime expiry-action configure eaps failtime expiry-action configure eaps <name> failtime expiry-action [ open-secondary-port | send-alert] Description Configures the action taken when the failtimer expires. Syntax Description name Specifies the name of an EAPS domain. open-secondary-port Specifies to open the secondary port when the failtimer expires. send-alert Specifies that a critical message is sent to the syslog when the failtimer expires.
Page 976 EAPS Commands Example The following command configures the failtimer expiry-action for EAPS domain “eaps_1”: configure eaps eaps_1 failtime expiry-action open-secondary-port History This command was first available in ExtremeWare 7.1. Platform Availability This command is available on the “i” series platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 977: Configure Eaps Fast-Convergence
configure eaps fast-convergence configure eaps fast-convergence configure eaps fast-convergence [on | off] Description Enables EAPS to converge more quickly. Syntax Description Turns fast-convergence on. Turns fast-convergence off. Default is off. Default Default is off. Usage Guidelines In certain environments to keep packet loss to a minimum, configure EAPS with fast-convergence turned on.
Page 978: Configure Eaps Hellotime
EAPS Commands configure eaps hellotime configure eaps <name> hellotime <seconds> Description Configures the value of the hello timer the master node used for the EAPS health-check packet. Syntax Description name Specifies the name of an EAPS domain. seconds Specifies the number of seconds to wait between transmission of the health-check packets on the control VLAN.
Page 979: Configure Eaps Mode
configure eaps mode configure eaps mode configure eaps <name> mode [master | transit] Description Configures the switch as either the EAPS master node or as an EAPS transit node for the specified domain. Syntax Description name Specifies the name of an EAPS domain. master Specifies that this switch should be the master node for the named EAPS domain.
Page 980: Configure Eaps Name
EAPS Commands configure eaps name configure eaps <old_name> name <new_name> Description Renames an existing EAPS domain. Syntax Description old_name Specifies the current name of an EAPS domain. new_name Specifies a new name for the EAPS domain. Default N/A. Usage Guidelines None.
Page 981: Configure Eaps Port
configure eaps port configure eaps port configure eaps <name> [primary | secondary] port <port number> Description Configures a node port as the primary or secondary port for the specified EAPS domain. Syntax Description name Specifies the name of an EAPS domain. primary Specifies that the port is to be configured as the primary port.
Page 982: Configure Eaps Shared-Port Link-Id
EAPS Commands configure eaps shared-port link-id configure eaps shared-port <port> link-id <id> Description Configures the link ID of the shared port. Syntax Description port Specifies the port number of the common link port. Specifies the link ID of the port. Default N/A.
Page 983: Configure Eaps Shared-Port Mode
configure eaps shared-port mode configure eaps shared-port mode configure eaps shared-port <port> mode <controller | partner> Description Configures the mode of the shared port. Syntax Description port Specifies the port number of the shared port. controller Specifies the controller mode. The controller is the end of the common link responsible for blocking ports when the common link fails thereby preventing the superloop.
Page 984: Create Eaps
EAPS Commands create eaps create eaps <name> Description Creates an EAPS domain with the specified name. Syntax Description name Specifies the name of an EAPS domain to be created. May be up to 32 characters in length. Default N/A. Usage Guidelines parameter is a character string of up to 32 characters that identifies the EAPS domain to be name created.
Page 985: Create Eaps Shared-Port
create eaps shared-port create eaps shared-port create eaps shared-port <port> Description Creates an EAPS shared port on the switch. Syntax Description port Specifies the port number of the common link port. Default N/A. Usage Guidelines To configure a common link, you must create a shared port on each switch of the common link. Example The following command creates a shared port on the EAPS domain.
Page 986: Delete Eaps
EAPS Commands delete eaps delete eaps <name> Description Deletes the EAPS domain with the specified name. Syntax Description name Specifies the name of an EAPS domain to be deleted. Default N/A. Usage Guidelines An EAPS domain must be disabled first before it can be deleted. (See the disable eaps {<name>} command.) Example...
Page 987: Delete Eaps Shared-Port
delete eaps shared-port delete eaps shared-port delete eaps shared-port <port> Description Deletes an EAPS shared port on a switch. Syntax Description port Specifies the port number of the Common Link port. Default N/A. Usage Guidelines None. Example The following command deletes shared port 1:1. delete eaps shared-port 1:1 History This command was first available in ExtremeWare 7.1.
Page 988: Disable Eaps
EAPS Commands disable eaps disable eaps {<name>} Description Disables the EAPS function for a named domain or for an entire switch. Syntax Description name Specifies the name of an EAPS domain. Default Disabled for the entire switch. Usage Guidelines None. Example The following command disables the EAPS function for entire switch: disable eaps...
Page 989: Enable Eaps
enable eaps enable eaps enable eaps {<name>} Description Enables the EAPS function for a named domain or for an entire switch. Syntax Description name Specifies the name of an EAPS domain. Default Disabled. Default command enables for the entire switch. Usage Guidelines EDP must be enabled on the switch and EAPS ring ports.
Page 990: Show Eaps
EAPS Commands show eaps show eaps {<name>} {detail} Description Displays EAPS status information. Syntax Description name Specifies the name of an EAPS domain. detail Specifies all available detail for each domain. Default N/A. Usage Guidelines If you enter the command without a keyword, the command displays less than with the show eaps keyword.
Page 991 show eaps State: On a transit node, the command displays one of the following states: • Idle—The EAPS domain has been enabled, but the configuration is not complete. • Links-Up—This EAPS domain is running, and both its ports are up and in the FORWARDING state.
Page 992 EAPS Commands Failtimer expiry action: Displays the action taken when the failtimer expires: • Send-alert—Sends a critical message to the syslog when the failtimer expires. • Open-secondary-port—Opens the secondary port when the failtimer expires. Displays only for master nodes. Preforwarding Timer interval: The configured value of the timer.
Page 993 show eaps Primary port: 13 Port status: Up Tag status: Tagged Secondary port: 14 Port status: Up Tag status: Tagged Hello Timer interval: 1 sec Fail Timer interval: 3 sec Preforwarding Timer interval: 3 sec Last update: From Master Id 00:01:30:B9:4B:E0, at Tue May 6 12:49:25 2003 Eaps Domain has following Controller Vlan: Vlan Name QosProfile...
Page 994 EAPS Commands Platform Availability This command is available on the “i” series platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 995: Show Eaps Shared-Port
show eaps shared-port show eaps shared-port show eaps shared-port [detail] Description Displays shared-port information for one or more EAPS domains. Syntax Description detail Specifies to display the status of all segments and VLANs. Default N/A. Usage Guidelines If you enter the command without an argument or keyword, the command show eaps shared-port displays a summary of status information for all configured EAPS shared ports.
Page 996 EAPS Commands Field Description • Yes—Indicates that the EAPS instance on the other end of the common link is configured with matching link ID and opposite modes. For example, if one end of the common link is configured as a controller, the other end must be configured as a partner. •...
Page 997: Show Eaps Summary
show eaps summary show eaps summary show eaps summary Description Displays summary information on one or more EAPS domains. Syntax Description This command has no arguments or variables. Default N/A. Usage Guidelines Displays EAPS domains and associated info such as Domain Name, Domain State, EAPS Mode, Enabled State, Control VLAN and VLAN ID and the Number of Protect VLANs in the domain.
Page 998 EAPS Commands History This command was first available in ExtremeWare 6.2. option was added in ExtremeWare 6.2.2. summary This command was modified in ExtremeWare 7.1 to show shared-port statistics. Platform Availability This command is available on the “i” series platforms. ExtremeWare Software 7.3.0 Command Reference Guide...
Page 999: Unconfigure Eaps Shared-Port Link-Id
unconfigure eaps shared-port link-id unconfigure eaps shared-port link-id unconfigure eaps shared-port <port> link-id Description Unconfigures an EAPS link ID on a shared port on the switch. Syntax Description port Specifies the port number of the Common Link port. Default N/A. Usage Guidelines None.
Page 1000: Unconfigure Eaps Shared-Port Mode
EAPS Commands unconfigure eaps shared-port mode unconfigure eaps shared-port <port> mode Description Unconfigures the EAPS shared port mode. Syntax Description port Specifies the port number of the Common Link port. Default N/A. Usage Guidelines None. Example The following command unconfigures the shared port mode on port 1:1. unconfigure eaps shared-port 1:1 mode History This command was first available in ExtremeWare 7.1.

This manual is also suitable for:

Extremeware 7.3.0

Extreme Networks ExtremeWare Command Reference Manual

Chapter 1 Command Reference Overview

Chapter 2 Commands for Accessing the Switch

Chapter 3 Commands for Managing the Switch

Chapter 4 Commands for Configuring Slots and Ports on a Switch

Chapter 5 VLAN Commands

Chapter 6 FDB Commands

Chapter 7 Qos Commands

Chapter 8 NAT Commands

Chapter 9 SLB Commands

Quick Links

Related Manuals for Extreme Networks ExtremeWare

Summary of Contents for Extreme Networks ExtremeWare