Page 1
FortiSwitch-100 Version 4.0 MR1 User Guide...
Page 2
FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
2.4.3 Quick Start up User Account Management ... 31 2.4.4 Quick Start up IP Address... 32 2.4.5 Quick Start up Uploading from Switch to Out-of-Band PC (Only XMODEM) ... 33 2.4.6 Quick Start up Downloading from Out-of-Band PC to Switch (Only XMODEM)... 34 2.4.7 Quick Start up Downloading from TFTP Server ...
Page 13
5.12.3.2 drop...266 5.12.3.3 redirect...266 5.12.3.4 conform-color...267 5.12.3.5 mark cos ...267 5.12.3.6 class...268 5.12.3.7 no class ...268 5.12.3.8 mark ip-dscp ...268 5.12.3.9 mark ip-precedence...269 5.12.3.10 police-simple...269 5.12.3.11 policy-map ...270 5.12.3.12 policy-map rename ...270 5.12.4 Service Commands...271 5.12.4.1 service-policy...271 5.12.4.2 no service-policy...272 5.12.5 Show Commands...272 5.12.5.1 show class-map...273 5.12.5.2 show diffserv...274...
Page 15
6.2.1.7 show ip route precedence ...311 6.2.1.8 show ip traffic...312 6.2.2 Configuration Commands ...312 6.2.2.1 routing...312 6.2.2.2 ip routing...313 6.2.2.3 ip address ...313 6.2.2.4 ip route...313 6.2.2.5 ip route default-next-hop ...314 6.2.2.6 ip route precedence...314 6.2.2.7 ip forwarding ...315 6.2.2.8 ip directed-broadcast ...315 6.2.2.9 ip mtu ...316 6.2.2.10 encapsulation ...316 6.3 Open Shortest Path First (OSPF) Commands ...
Page 16
6.3.2.10 area nssa translator-role ...330 6.3.2.11 area nssa translator-stab-intv...331 6.3.2.12 area range ...331 6.3.2.13 area stub...332 6.3.2.14 area stub summarylsa ...332 6.3.2.15 area virtual-link authentication...333 6.3.2.16 area virtual-link dead-interval ...333 6.3.2.17 area virtual-link hello-interval...334 6.3.2.18 area virtual-link retransmit-interval ...335 6.3.2.19 area virtual-link transmit-delay ...335 6.3.2.20 default-information originate...336 6.3.2.21 default-metric...336 6.3.2.22 distance ospf ...337...
Page 17
6.5 Domain Name Server Relay Commands ... 350 6.5.1 Show Commands...350 6.5.1.1 show hosts...350 6.5.1.2 show dns ...350 6.5.1.3 show dns cache...351 6.5.2 Configuration Commands ...352 6.5.2.1 ip hosts ...352 6.5.2.2 clear hosts ...352 6.5.2.3 ip domain-name...353 6.5.2.4 ip domain-list ...353 6.5.2.5 ip name-server...354 6.5.2.6 ip domain-lookup ...354 6.5.2.7 clear domain-list ...355...
Page 18
6.7.2 ip irdp ...367 6.7.3 ip irdp broadcast...368 6.7.4 ip irdp holdtime...368 6.7.5 ip irdp maxadvertinterval...369 6.7.6 ip irdp minadvertinterval...369 6.7.7 ip irdp preference ...370 6.8 VLAN Routing Commands... 370 6.8.1 show ip vlan ...370 6.8.2 vlan routing...371 6.9 Virtual Router Redundancy Protocol (VRRP) Commands ... 371 6.9.1 Show Commands...371 6.9.1.1 show ip vrrp ...371 6.9.1.2 show ip vrrp brief ...372...
Page 19
7.2.1 Show Commands...385 7.2.1.1 show ip igmp...385 7.2.1.2 show ip igmp groups...385 7.2.1.3 show ip igmp interface...386 7.2.1.4 show ip igmp interface membership...387 7.2.1.5 show ip igmp interface stats ...388 7.2.2 Configuration Commands ...389 7.2.2.1 ip igmp ...389 7.2.2.2 ip igmp version ...389 7.2.2.3 ip igmp last-member-query-count...390 7.2.2.4 ip igmp last-member-query-interval...390 7.2.2.5 ip igmp query-interval ...391...
Page 20
7.4.1.1 show ip pimdm...406 7.4.1.2 show ip pimdm interface...407 7.4.1.3 show ip pimdm interface stats ...407 7.4.1.4 show ip pimdm neighbor...408 7.4.2 Configuration Commands ...408 7.4.2.1 ip pimdm ...408 7.4.2.2 ip pimdm mode ...409 7.4.2.3 ip pimdm query-interval ...409 7.5 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands ... 410 7.5.1 Show Commands...410 7.5.1.1 show ip pimsm...410 7.5.1.2 show ip pimsm componenttable ...411...
1 Introduction 1.1 Switch Description The Fortinet FortiSwitch-100 Ethernet Switch is a modular Gigabit Ethernet backbone switch designed for adaptability and scalability. The switch can utilize up to forty-eight Gigabit Ethernet ports to function as a central distribution hub for other switches, switch groups, or routers.
Page 24
• TraceRoute support • Traffic Segmentation • TFTP upgrade • SysLog support • Simple Network Time Protocol • Web GUI Traffic Monitoring • SSH Secure Shell version 1 and 2 support • SSL Secure HTTP TLS Version 1 and SSL version 3 support •...
Telnet, a Web Browser, or SNMP. 1.7 Web-based Management Interface After you have successfully installed the switch, you can configure the switch, monitor the LED panel, and display statistics graphically using a Web browser, such as Netscape Navigator (version 6.2 and higher) or Microsoft® Internet Explorer (version 5.0).
2. Set the switch on a flat surface and check for proper ventilation. Allow at least 5 cm (2 inches) on each side of the switch and 15 cm (6 inches) at the back for the power cable.
You can install the switch in most standard 19-inch (48.3-cm) racks. Refer to the illustrations below. 1. Use the supplied screws to attach a mounting bracket to each side of the switch. 2. Align the holes in the mounting bracket with the holes in the rack.
2.3 Quick Starting the Switch 1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access to the FortiSwitch- 100 switch locally or from a remote workstation. The device must be configured with IP information (IP address, subnet mask, and default gateway).
User Access Mode - Shows whether the user is able to change parameters on the switch (Read/Write) or is only able to view (Read Only). As a factory default, admin has Read/Write access and guest has Read Only access.
This will save passwords and all other changes to the device. If you do not save the running config, all changes will be lost when a power cycle is performed on the switch or when the switch is reset. Notes •...
2.4.5 Quick Start up Uploading from Switch to Out-of-Band PC (Only XMODEM) Table 2-5. Quick Start up Uploading from Switch to Out-of-Band PC (XMODEM) Command copy startup-config <filename> xmodem Displays the Network Configurations IP Address - IP Address of the interface Default IP is 0.0.0.0...
2.4.6 Quick Start up Downloading from Out-of-Band PC to Switch (Only XMODEM) Table 2-6 Quick Start up Downloading from Out-of-Band PC to Switch copy xmodem startup-config <filename> 2.4.7 Quick Start up Downloading from TFTP Server Before starting a TFTP server download, the operator must complete the Quick Start up for the IPAddress.
Note: Images are loaded onto the switch from your local TFTP server, so start by downloading the appropriate image file from the Fortinet support portal to your local TFTP server, then follow the steps below. 1. Ensure that there is room on the switch for the updated image file:...
Page 36
If you are not using DHCP to automatically assign an IP address to the FortiSwitch, follow the steps below to configure a static IP address on the switch, substituting the appropriate IP address for the example shown. If you do not know what IP address to assign to the switch, contact your IT department.
Page 37
Note: When configuring a static IP address, you must also configure a default gateway. Use the following commands, substituting the appropriate default gateway address for the example: (FortiSwitch-100_238) (if-vlan 1)#exit (FortiSwitch-100_238) (Config)#ip default-gateway 172.18.20.1 (FortiSwitch-100_238) (Config)#ex (FortiSwitch-100_238) #show ip interface IP Address...
Page 38
2008/05/20 ---------- -------------------------------- -------------- ------- ----------- Total: 5 files. Now you are finished with the upgrade procedure! Please reload the switch and configure as desired. Troubleshooting the Download Procedure If you have configured an IP address (statically or via DHCP) on the FortiSwitch and still cannot download the image file, try the following: •...
These components include a CPU, memory for data storage, other related hardware, and SNMP agent firmware. Activities on the switch can be monitored with these components, while the switch can be manipulated to carry out specific tasks.
2.6 Set Up your Switch Using Telnet Access Once you have set an IP address for your switch, you can use a Telnet program (in a VT-100 compatible terminal mode) to access and control the switch. Most of the screens are identical,...
Web interface. When you configure the switch for the first time from the console, you can assign an IP address and subnet mask to the switch. Thereafter, you can access the switch’s Web interface directly using your Web browser by entering the switch’s IP address into the address bar.
4. Type the default user name of admin and default of no password, or whatever password you have set up. Once you have entered your access point name, your Web browser automatically finds the FortiSwitch-100 Managed Switch and display the home page, as shown below. 3.3 Web-Based Management Menu Figure 4-3: System Information page This above page displays system information, such as: •...
Page 43
The Secondary Menus under the Main Menu contain a host of options that you can use to configure your switch. The online help contains a detailed description of the features on each screen. You can click the ‘help’ or the question mark at the top right of each screen to view the help menu topics.
Page 44
• IGMP — see “IGMP Commands” • Multicast — see “Multicast Commands” • MDebug — see “Multicast Commands” • PIM-DM — see “PIM-DM Commands” • PIM-SM — see “PIM-SM Commands” System-Wide Popup Menus The FortiSwitch-100 Managed Switch also provides several popup menus.
Page 45
Figure 4-5: System-wide menus You can also access the main navigation menu by right clicking on the image of the switch and browsing to the menu you want to use. Port-Specific Popup Menus The FortiSwitch-100 Managed Switch also provides several popup menus for each port.
4 Command Line Interface Structure and Mode-based CLI The Command Line Interface (CLI) syntax, conventions, and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. 4.1 CLI Command Format Commands are followed by values, parameters, or both. Example 1 IP address <ipaddr>...
Page 47
The {} curly braces indicate that a parameter must be chosen from the list of choices. Values ipaddr This parameter is a valid IP address, made up of four decimal bytes ranging from 0 to 255. The default for all IP parameters consists of zeros (that is, 0.0.0.0). The interface IP address of 0.0.0.0 is invalid.
Page 48
Empty strings (““) are not valid user defined strings. Command completion finishes spelling the command when enough letters of a command are typed to uniquely identify the command word. The command may be executed by typing <enter> (command abbreviation) or the command word may be completed by typing the <tab> or <space bar> (command completion).
Privileged Exec Display Message MAC Address: A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons. For example: 00:23:45:67:89:AB IP Address: The IP address assigned to each interface.
File: The file in which the event originated. Line: The line number of the event. Task Id: The task ID of the event. Code: The event code. Time: The time this event occurred. Note: Event log information is retained across a switch reset.
The output is displayed in script format, which can be used to configure another switch with the same configuration. When a script name is provided, the output is redirected to a configuration script. The option [all] will also enable the display/capture of all commands with settings/configurations that include values that are same as the default values.
Boot Rom Version: The release version maintenance number of the boot ROM code currently running on the switch. For example, if the release was 1, the version was 2, and the maintenance number was 4, the format would be '1.2.4'.
User Name: The name the user will use to login using the serial port or Telnet. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to 8 characters, and is not case sensitive.
<slot/port> - is the desired interface number. all - This parameter displays information for all interfaces. Default Setting None Command Mode Privileged Exec Display Message Intf: The physical slot and physical port. Type: If not blank, this field indicates that this port is a special type of port. The possible values are: Source - This port is a monitoring port.
Page 55
This command displays detailed statistics for a specific port or for all CPU traffic based upon the argument. Syntax show interface counters detailed {<slot/port> | switchport} <slot/port> - is the desired interface number. switchport - This parameter specifies whole switch or all interfaces. Default Setting None...
Page 56
Command Mode Privileged Exec Display Message The display parameters when the argument is ' <slot/port>' are as follows: Total Packets Received (Octets): The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization.
Page 57
Total Packets Received Without Errors Unicast Packets Received: The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received: The total number of good packets received that were directed to a multicast address. Note that this number does not include packets directed to the broadcast address. Broadcast Packets Received: The total number of good packets received that were directed to the broadcast address.
Page 58
Broadcast Packets Transmitted: The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent. Total Transmit Errors FCS Errors: The total number of packets transmitted that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad FCS with an integral number of octets Tx Oversized: The total number of frames that exceeded the max permitted frame size.
Address Table for this switch. Maximum VLAN Entries: The maximum number of Virtual LANs (VLANs) allowed on this switch. Most VLAN Entries Ever Used: The largest number of VLANs that have been active on this switch since the last reboot.
Address Entries Currently In Use: The total number of Forwarding Database Address Table entries now active on the switch, including learned and static entries. VLAN Entries Currently In Use: The number of VLAN entries presently occupying the VLAN table.
speed-duplex {10 | 100} {full-duplex | half-duplex} 100 - 100BASE-T 10 - 10BASE-T full-duplex - Full duplex half-duplex - Half duplex Default Setting None Command Mode Interface Config This command is used to set the speed and duplex mode for all interfaces. Syntax speed-duplex all {10 | 100} {full-duplex | half-duplex} 100 - 100BASE-T...
negotiate no negotiate no - This command disables automatic negotiation on a port. Default Setting Enable Command Mode Interface Config This command enables automatic negotiation on all interfaces. The default value is enabled. Syntax negotiate all no negotiate all all - This command represents all interfaces. no - This command disables automatic negotiation on all interfaces.
- This command removes the advertised capability with using parameter Default Setting 10 half-duplex, 10 full-duplex, 100 half-duplex, 100 full-duplex, and 1000 full-duplex Command Mode Global Config 5.2.1.8 storm-control flowcontrol This command enables 802.3x flow control for the switch.
Note: This command only applies to full-duplex mode ports. Syntax storm-control flowcontrol no storm-control flowcontrol no - This command disables 802.3x flow control for the switch. Default Setting Disabled Command Mode Global Config This command enables 802.3x flow control for the specific interface.
Page 65
Syntax shutdown no shutdown no - This command enables a port. Default Setting Enabled Command Mode Interface Config This command is used to disable all ports. Syntax shutdown all no shutdown all all - This command represents all ports. no - This command enables all ports. Default Setting Enabled Command Mode...
It is identified with interface 3/1 and is currently used when enabling VLANs for routing. Self: The value of the corresponding instance is the address of one of the switch’s physical interfaces (the system’s own MAC address).
Privileged Exec Display Message Mac Address: A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. In an SVL system, the MAC address will be displayed as 6 bytes.
Privileged Exec Display Message Mac Address: A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. In an SVL system, the MAC address will be displayed as 6 bytes.
5.2.2.5 show mac-address-table stats This command displays the MFDB statistics. Syntax show mac-address-table stats Default Setting None Command Mode Privileged Exec Display Message Max MFDB Table Entries: This displays the total number of entries that can possibly be in the MFDB. Most MFDB Entries Since Last Reset: This displays the largest number of entries that have been present in the Multicast Forwarding Database table.
Syntax mac-address-table aging-time <10-1000000> no mac-address-table aging-time <10-1000000> <10-1000000> - aging-time (Range: 10-1000000) in seconds no - This command sets the forwarding database address aging timeout to 300 seconds. Default Setting Command Mode Global Config 5.2.3 VLAN Management 5.2.3.1 show vlan This command displays brief information on a list of all configured VLANs.
5.2.3.2 show vlan id This command displays detailed information, including interface information, for a specific VLAN. Syntax show vlan {id <vlanid> | name <vlanname>} <vlanid> - VLAN ID (Range: 1 – 3965) <vlanname> - vlan name (up to 16 alphanumeric characters) Default Setting None Command Mode...
5.2.3.3 show protocol group This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated Group. Syntax show protocol group {<group-name> | all} <group-name> - The group name of an entry in the Protocol-based VLAN table. all –...
Command Mode Privileged Exec Display Message Slot/port: Indicates by slot id and port number which port is controlled by the fields on this line. It is possible to set the parameters for all ports by using the selectors on the top line. Port VLAN ID: The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port.
vlan <vlanid> [<name>] no vlan <vlanid> <vlanid> - VLAN ID (Range: 2 –3965). <name> - Configure an optional VLAN Name (a character string of 1 to 32 alphanumeric characters). no - This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN).
5.2.3.8 vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-3965. Syntax vlan makestatic <vlanid>...
5.2.3.10 switchport acceptable-frame-type This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port.
interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. Default Setting Admit all Command Mode Global Config 5.2.3.11 switchport ingress-filtering This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
no switchport ingress-filtering all all - All interfaces. no - This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
<vlanid> - VLAN ID (Range: 1 –3965). all - All interfaces. no - This command sets the VLAN ID for all interfaces to 1. Default Setting Command Mode Global Config 5.2.3.13 switchport allowed vlan This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number.
switchport allowed vlan {add {tagged | untagged} | remove} all <vlanid> <vlanid> - VLAN ID (Range: 1 –3965). all - All interfaces. add - The interface is always a member of this VLAN. This is equivalent to registration fixed. tagged - all frames transmitted for this VLAN will be tagged. untagged - all frames transmitted for this VLAN will be untagged.
This command configures the tagging behavior for all interfaces in a VLAN to be enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Syntax switchport tagging all <vlanid>...
This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. Any subsequent per port configuration will override this configuration setting. Syntax switchport priority all <0-7> <0-7> - The range for the priority is 0-7. all –...
Page 83
This command adds a protocol-based VLAN group to the system. The <group-name> is a character string of 1 to 16 characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands. Syntax switchport protocol group <group-name>...
Default Setting None Command Mode Global Config This command adds the <protocol> to the protocol-based VLAN identified by <group-name>. A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail, and the protocol will not be added to the group.
Syntax switchport forbidden vlan {add | remove} <vlanid> no switchport forbidden <vlanid> - VLAN ID (Range: 1 –3965). add - VLAND ID to add. remove - VLAND ID to remove. no - Remove the list of forbidden VLANs. Default Setting None Command Mode Interface Config...
5.2.4.2 show gvrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Syntax show gvrp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: This displays the slot/port of the interface that this row in the table describes.
5.2.4.3 show gmrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or All interfaces. Syntax show gmrp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: This displays the slot/port of the interface that this row in the table describes.
Syntax show garp configuration {<slot/port> | all} <slot/port> - An interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: This displays the slot/port of the interface that this row in the table describes. GVRP Mode: Indicates the GVRP administrative mode for the port.
5.2.4.6 bridge-ext gmrp This command enables GARP Multicast Registration Protocol (GMRP) on the system. The default value is disabled. Syntax bridge-ext gmrp no bridge-ext gmrp no - This command disables GARP Multicast Registration Protocol (GMRP) on the system. Default Setting Disabled Command Mode Global Config...
This command enables GVRP (GARP VLAN Registration Protocol) for all ports. Syntax switchport gvrp all no switchport gvrp all all - All interfaces. no - This command disables GVRP (GARP VLAN Registration Protocol) for all ports. If GVRP is disabled, Join Time, Leave Time, and Leave All Time have no effect.
Interface Config This command enables GMRP Multicast Registration Protocol on all interfaces. If an interface which has GMRP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GMRP functionality will be disabled on that interface. GMRP functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GMRP enabled.
Page 92
no - This command sets the GVRP join time per port and per GARP to 20 centiseconds (0.2 seconds). This command has an effect only when GVRP and GMRP are enabled. Default Setting 20 centiseconds (0.2 seconds) Command Mode Interface Config This command sets the GVRP join time for all ports and per GARP.
Page 93
Note: This command has an effect only when GVRP and GMRP are enabled. Syntax garp timer leave < 20-600 > no garp timer leave <20-600> - leave time (Range: 20 – 600) in centiseconds. no - This command sets the GVRP leave time per port to 60 centiseconds (0.6 seconds). Note: This command has an effect only when GVRP and GMRP are enabled.
Page 94
Default Setting 60 centiseconds (0.6 seconds) Command Mode Global Config This command sets how frequently Leave All PDUs are generated per port. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration.
Syntax garp timer leaveall all < 200-6000 > no garp timer leaveall all <200-6000> - leave time (Range: 200 – 6000) in centiseconds. all - All interfaces. no - This command sets how frequently Leave All PDUs are generated for all ports to 1000 centiseconds (10 seconds).
Display Message Admin Mode: This indicates whether or not IGMP Snooping is active on the switch. Multicast Control Frame Count: This displays the number of multicast control frames that are processed by the CPU. Interfaces Enabled for IGMP Snooping: This is the list of interfaces on which IGMP Snooping is enabled.
Group Membership Interval Time The Group Membership Interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating in the VLAN, before deleting the interface from the entry.This value may be configured...
Max Response Time This displays the amount of time the switch will wait after sending a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured.
Page 99
Default Setting 260 seconds Command Mode Global Config, Interface Config ip igmp snooping interfacemode This command enables IGMP Snooping on a selected interface. If an interface which has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), IGMP Snooping functionality will be disabled on that interface.
This command sets the Multicast Router Present Expiration time on the system. This is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 0 to 3600 seconds.
Page 101
This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface or on all interfaces. Enabling fastleave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface(s).
ip igmp snooping mrouter This command configures a selected interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Syntax ip igmp snooping mrouter interface no ip igmp snooping mrouter interface no - This command disables the status of the interface as a statically configured multicast router interface.
Command Mode Interface Config. ip igmp snooping vlan static This command is used to add a port to a multicast group. Syntax ip igmp snooping vlan <vlanid> static <macaddr> interface <slot/port> <vlanid> - VLAN ID (Range: 1 – 3965). <macaddr> - Multicast group MAC address. <slot/port>...
This command sets the IGMP Group Membership Interval on a particular VLAN. The Group Membership Interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating in the VLAN, before deleting the interface from the entry.
This command sets the Multicast Router Present Expiration time on a particular VLAN. This is the amount of time in seconds that a switch will wait for a query to be received on an interface, which is participating in the VLAN, before the interface is removed from the list of interfaces with multicast routers attached.
Page 106
This command enables or disables IGMP Snooping fast-leave admin mode on a selected VLAN. Enabling fastleave allows the switch to immediately remove the layer 2 LAN interface, participating in the VLAN, from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface.
Mbr Ports: This field lists the ports that are members of this port-channel, in slot/port notation. Active Ports: This field lists the ports that are actively participating in this port-channel. This command displays an overview of all port-channels (LAGs) on the switch. Syntax show port-channel {<logical slot/port>...
Display Message Log. Intf: The logical slot and the logical port. Port-Channel Name: The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric characters. Link : Indicates whether the Link is up or down. Admin Mode: May be enabled or disabled.
Command Usage 1. Max number of port-channels could be created by user are 6 and Max. Number of members for each port-channel are 8. 5.2.6.3 port-channel adminmode all This command sets every configured port-channel with the same administrative mode setting. Syntax port-channel adminmode all no port-channel adminmode all...
Default Setting Disabled Command Mode Interface Config 5.2.6.5 port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting. Syntax port-channel linktrap {<logical slot/port>...
port-channel name {<logical slot/port> | all} <name> <logical slot/port> - Port-Channel Interface number. all - all Port-Channel interfaces. <name> - Configured Port-Channel name (up to 15 characters). Default Setting None Command Mode Global Config 5.2.6.7 adminmode This command enables a port-channel (LAG) members. The interface is a logical slot and port for a configured port-channel.
Syntax lacp no lacp no - This command disables Link Aggregation Control Protocol (LACP) on a port. Default Setting Enabled Command Mode Interface Config This command enables Link Aggregation Control Protocol (LACP) on all ports. Syntax lacp all no lacp all all - All interfaces.
Note: Before adding a port to a port-channel, set the physical mode of the port. See ‘speed’ command. Syntax channel-group <logical slot/port> <logical slot/port> - Port-Channel Interface number. Default Setting None Command Mode Interface Config Command Usage 1. The maximum number of members for each Port-Channel is 6. 5.2.6.10 delete-channel-group This command deletes the port from the port-channel (LAG).
Syntax delete-channel-group <logical slot/port> all <logical slot/port> - Port-Channel Interface number. all - All members for specific Port-Channel. Default Setting None Command Mode Global Config 5.2.7 Storm Control 5.2.7.1 show storm-control This command is used to display broadcast storm control information. Syntax show storm-control broadcast Default Setting...
Page 115
This command is used to display multicast storm control information. Syntax show storm-control multicast Default Setting None Command Mode Privileged Exec Display Message Intf: Displays interface number. Mode: Displays status of storm control multicast. Level: Displays level for storm control multicast Rate: Displays rate for storm control multicast.
(as represented in “Broadcast Storm Recovery Thresholds” table) of the link speed, the switch discards the broadcasts traffic until the broadcast traffic returns to the threshold percentage or less. The full implementation is depicted in the “Broadcast Storm Recovery Thresholds”...
5.2.7.4 storm-control unicast This command enables unicast storm recovery mode on the selected interface. Syntax storm-control unicast no storm-control unicast no - This command disables unicast storm recovery mode on the selected interface. Default Setting None Command Mode Interface Config This command enables unicast storm recovery mode on all interfaces.
5.2.7.5 switchport broadcast packet-rate This command will protect your network from broadcast storms by setting a threshold level for broadcast traffic on each port. Syntax switchport broadcast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port.
Level 4 Command Mode Global Config 5.2.7.6 switchport multicast packet-rate This command will protect your network from multicast storms by setting a threshold level for multicast traffic on each port. Syntax switchport multicast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port.
all - This command represents all interfaces. Note: pps (packet per second) Default Setting Level 4 Command Mode Global Config 5.2.7.7 switchport unicast packet-rate This command will protect your network from unicast storms by setting a threshold level for unicast traffic on each port. Syntax switchport unicast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port.
switchport unicast all packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port. 3 - Threshold level represents 256 pps for 1G Port or 3124 pps for 10G port.
5.2.8.2 queue cos-map This command is used to assign class of service (CoS) value to the CoS priority queue. Syntax queue cos-map <priority> <queue-id> no queue cos-map <queue-id> - The queue id of the CoS priority queue (Range: 0 - 7 ). <priority>...
Default Setting None Command Mode Privileged Exec Display Message Session ID: indicates the session ID. Admin Mode: indicates whether the Port Monitoring feature is enabled or disabled. The possible values are enabled and disabled. Probe Port: is the slot/port that is configured as the probe port. If this value has not been configured, 'Not Configured' will be displayed.
5.3.1.1 show ip interface This command displays configuration settings associated with the switch's network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
Web Port: This field is used to set the HTTP Port Number. The value must be in the range of 1 to 65535. Port 80 is the default value. Java Mode: Specifies if the switch should allow access to the Java applet in the header frame. Enabled means the applet can be viewed. The factory default is disabled.
5.3.1.3 show ip ipv6 This command displays the IPv6 forwarding status of all ports. Syntax show ip ipv6 Default Setting None Command Mode Privileged Exec Display Message Intf: Interface number Type: Status of each interface for IPv6. 5.3.1.4 mtu This command sets the maximum transmission unit (MTU) size (in bytes) for physical and port-channel (LAG) interfaces.
5.3.1.5 interface vlan This command is used to enter Interface-vlan configuration mode. Syntax interface vlan <vlanid> <vlanid> - VLAN ID (Range: 1 - 3965). Default Setting None Command Mode Global Config 5.3.1.6 ip address This command sets the IP Address, and subnet mask. The IP Address and the gateway must be on the same subnet.
Interface-Vlan Config Command Usage Once the IP address is set, the VLAN ID’s value will be assigned to management VLAN. 5.3.1.7 ip default-gateway This command sets the IP Address of the default gateway. Syntax ip default-gateway <gateway> no ip default-gateway <...
<dhcp> - Obtains IP address from DHCP. <none> - Obtains IP address by setting configuration. Default Setting None Command Mode Interface-Vlan Config 5.3.1.9 ip filter This command is used to enable the IP filter function. Syntax ip filter no ip filter no –...
Default Setting None Command Mode Global Config 5.3.1.10 ip ipv6 This command is used to enable the Ipv6 function on specific interface. Syntax ip ipv6 no ip ipv6 no - disable IPv6. Default Setting Enabled Command Mode Interface Config This command is used to enable the Ipv6 function on all interfaces. Syntax ip ipv6 all no ip ipv6 all...
Serial Port Login Timeout (minutes): Specifies the time, in minutes, of inactivity on a Serial port connection, after which the switch will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5. A value of 0 disables the timeout.
Syntax line console Default Setting None Command Mode Global Config 5.3.2.3 baudrate This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Syntax baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200} no baudrate no - This command sets the communication rate of the terminal interface to 115200.
<0-160> - max connect time (Range: 0 -160). no - This command sets the maximum connect time (in minutes) without console activity to 5. Default Setting Command Mode Line Config 5.3.2.5 password-threshold This command is used to set the password instruction threshold limiting the number of failed login attempts.
<0-65535> - silent time (Range: 0 - 65535) in seconds. no - This command sets the maximum value to the default. Default Setting Command Mode Line Config 5.3.3 Telnet Session Commands 5.3.3.1 telnet This command establishes a new outbound telnet connection to a remote host. Syntax telnet <host>...
Syntax show line vty Default Setting None Command Mode Privileged Exec Display Message Remote Connection Login Timeout (minutes): This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off. A zero means there will be no timeout.
5.3.3.4 exec-timeout This command sets the remote connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. A value of 0 indicates that a session remains active indefinitely. The time is a decimal value from 0 to 160. Note: Changing the timeout value for active sessions does not become effective until the session is reaccessed.
Command Mode Telnet Config 5.3.3.6 maxsessions This command specifies the maximum number of remote connection sessions that can be established. A value of 0 indicates that no remote connection can be established. The range is 0 to 5. Syntax maxsessions <0-5> no maxsessions <0-5>...
no - This command disables telnet sessions. If sessions are disabled, no new telnet sessions are established. Default Setting Enabled Command Mode Telnet Config 5.3.3.8 telnet sessions This command regulates new outbound telnet connections. If enabled, new outbound telnet sessions can be established until it reaches the maximum number of simultaneous outbound telnet sessions allowed.
Syntax telnet maxsessions <0-5> no maxsessions <0-5> - max sessions (Range: 0 - 5). no - This command sets the maximum value to be 5. Default Setting Command Mode Global Config 5.3.3.10 telnet exec-timeout This command sets the outbound telnet session timeout value in minute. Note: Changing the timeout value for active sessions does not become effective until the session is reaccessed.
The SNMP agent of the switch complies with SNMP versions 1, 2c, and 3 (for more about the SNMP specification, see the SNMP RFCs). The SNMP agent sends traps through TCP/IP to an external SNMP manager based on the SNMP configuration (the trap receiver and other SNMP community parameters).
If a trap condition is enabled and the condition is detected, the switch's SNMP agent sends the trap to all enabled trap receivers. The switch does not have to be reset to implement the changes. Cold and warm start traps are always generated and cannot be disabled.
Multiple Users Flag: May be enabled or disabled. The factory default is enabled. Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time (either via telnet or serial port).
This command adds (and names) a new SNMP community. A community name is a name associated with the switch and with a set of SNMP managers that manage it with a specified privilege level. The length of the name can be up to 16 case-sensitive characters.
Page 145
This command activates an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the switch according to its access right. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
Page 146
The community name may be up to 16 alphanumeric characters. Default Setting 0.0.0.0 Command Mode Global Config This command restricts access to switch information. The access mode is read-only (also called public) or read/write (also called private). Syntax snmp-server community {ro | rw} <name> <name> - community name.
<ro> - access mode is read-only. <rw> - access mode is read/write. Default Setting None Command Mode Global Config 5.3.4.7 snmp-server host This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device.
Page 148
Enabled Command Mode Global Config This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled (see ‘snmp trap link-status’ command). Syntax...
Page 149
Default Setting Enabled Command Mode Global Config This command enables Multiple User traps. When the traps are enabled, a Multiple User Trap is sent when a user logs in to the terminal interface (EIA 232 or telnet) and there is an existing terminal interface session.
Page 150
Global Config This command enables PIM traps. Syntax snmp-server enable traps pim no snmp-server enable traps pim no - This command disables PIM trap. Default Setting Enabled Command Mode Global Config This command enables the sending of new root traps and topology change notification traps. Syntax snmp-server enable traps stpmode no snmp-server enable traps stpmode...
This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap receivers are simultaneously supported. Syntax...
Page 152
no snmp trap link-status no - This command disables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. (See ‘snmpserver enable traps linkmode’ command.) Default Setting Disabled Command Mode Interface Config This command enables link status traps for all interfaces.
5.3.5.3 snmptrap <name> <ipaddr> This command adds an SNMP trap name. The maximum length of the name is 16 case-sensitive alphanumeric characters. Syntax snmptrap <name> <ipaddr> no snmptrap <name> <ipaddr> <name> - SNMP trap name (Range: up to 16 case-sensitive alphanumeric characters). <ipaddr>...
- This command deactivates an SNMP trap. Trap receivers are inactive (not able to receive traps). Default Setting None Command Mode Global Config 5.3.6 HTTP commands 5.3.6.1 show ip http This command displays the http settings for the switch. Syntax show ip http...
TSL1. 5.3.6.2 ip javamode This command specifies whether the switch should allow access to the Java applet in the header frame of the Web interface. When access is enabled, the Java applet can be viewed from the Web interface. When access is disabled, the user cannot view the Java applet.
Disabling the Web interface takes effect immediately. All interfaces are affected. Syntax ip http server no ip http server no - This command disables access to the switch through the Web interface. When access is disabled, the user cannot login to the switch's Web server. Default Setting Enabled...
5.3.6.5 ip http secure-port This command is used to set the SSLT port where port can be 1-65535 and the default is port 443. Syntax ip http secure-port <portid> no ip http secure-port <portid> - SSLT Port value. no - This command is used to reset the SSLT port to the default value. Default Setting Command Mode Global Config...
5.3.6.7 ip http secure-protocol This command is used to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. Syntax ip http secure-protocol <protocollevel1> [protocollevel2] no ip http secure-protocol <protocollevel1> [protocollevel2] <protocollevel1 - 2>...
Max SSH Sessions Allowed: The maximum number of inbound SSH sessions allowed on the switch. SSH Timeout: This field is the inactive timeout value for incoming SSH sessions to the switch. 5.3.7.2 ip ssh This command is used to enable SSH.
5.3.7.4 ip ssh maxsessions This command specifies the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ssh connection can be established. The range is 0 to 5. Syntax ip ssh maxsessions <0-5> no ip ssh maxsessions <0-5>...
None Command Mode Global Config 5.3.8.2 ip dhcp client-identifier This command is used to specify the DCHP client identifier for this switch. Use the no form to restore to default value. Syntax ip dhcp client-identifier {text <text> | hex <hex>}...
no ip dhcp client-identifier <text> - A text string. (Range: 1-15 characters). <hex> - The hexadecimal value (00:00:00:00:00:00). no - This command is used to restore to default value. Default Setting System Burned In MAC Address Command Mode Global Config 5.3.9 DHCP Relay Commands 5.3.9.1 Show bootpdhcprelay This command is used to display the DHCP relay agent configuration information on the...
Packets Discarded - The total number of BOOTP/DHCP packets discarded by this Relay Agent since the last time the switch was reset. 5.3.9.2 Bootpdhcprelay maxhopcount This command is used to set the maximum relay agent hops for BootP/DHCP Relay on the system.
Show commands display spanning tree settings, statistics, and other information. Configuration Commands configure features and options of the switch. For every configuration command there is a show command that displays the configuration setting. 5.4.1 Show Commands 5.4.1.1 show spanning-tree...
Time Since Topology Change: In seconds. Topology Change Count: Number of times changed. Topology Change in progress: Boolean value of the Topology Change parameter for the switch indicating if a topology change is in progress on any port assigned to the common and internal spanning tree.
Privileged Exec Display Message Port Mode: The administration mode of spanning tree. Port Up Time Since Counters Last Cleared: Time since the port was reset, displayed in days, hours, minutes, and seconds. STP BPDUs Transmitted: Spanning Tree Protocol Bridge Protocol Data Units sent. STP BPDUs Received: Spanning Tree Protocol Bridge Protocol Data Units received.
Page 167
Associated FIDs: List of forwarding database identifiers associated with this instance. Associated VLANs: List of VLAN IDs associated with this instance. This command displays summary information about all multiple spanning tree instances in the switch. On execution, the following details are displayed. Syntax show spanning-tree mst summary...
Page 168
If 0 (defined as the default CIST ID) is passed as the <0-4094>, then this command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <slot/port> is the desired switch port. In this case, the following are displayed.
Page 169
The parameter <0-4094> indicates a particular MST instance. The parameter {<slot/port> | all} indicates the desired switch port or all ports. If 0 (defined as the default CIST ID) is passed as the <0-4094>, then the status summary is displayed for one or all ports within the common and internal spanning tree.
STP State: The forwarding state of the port in the specified spanning tree instance. Port Role: The role of the specified port within the spanning tree. 5.4.1.5 show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. Syntax...
Default Setting None Command Mode Privileged Exec Display Message Bridge Priority: Configured value. Bridge Identifier: The bridge ID of current Spanning Tree. Bridge Max Age: Configured value. Bridge Hello Time: Configured value. Bridge Forward Delay: Configured value. Bridge Hold Time: Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs).
Global Config 5.4.2.3 spanning-tree configuration This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using. The <name> is a string of at most 32 alphanumeric characters. Syntax spanning-tree configuration name <name>...
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535. Syntax spanning-tree configuration revision <0-65535>...
Command Mode Global Config 5.4.2.5 spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1".
<1-10> - hellotime value (Range: 1 – 10). no - This command sets the Hello Time parameter for the common and internal spanning tree to the default value, that is, 2. Default Setting Command Mode Global Config 5.4.2.7 spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree.
<1-4094> - multiple spanning tree instance ID. no - This command removes a multiple spanning tree instance from the switch and reallocates all VLANs allocated to the deleted instance to the common and internal spanning tree. The instance <1-4094> is a number that corresponds to the desired existing multiple spanning tree instance to be removed.
Page 177
This command sets the bridge priority for a specific multiple spanning tree instance. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The priority value is a number within a range of 0 to 61440 in increments of 4096. If 0 (defined as the default CIST ID) is passed as the <mstid>, then this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree.
Page 178
spanning-tree mst vlan <0-4094> <1-3965> no spanning-tree mst vlan <0-4094> <1-3965> <0-4094> - multiple spanning tree instance ID. <1-3965> - VLAN ID (Range: 1 – 3965). no - This command removes an association between a multiple spanning tree instance and a VLAN. The VLAN will again be associated with the common and internal spanning tree.
Page 179
If the ‘cost’ token is specified, this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the <0-4094> parameter, to the default value, that is, a pathcost value based on the Link Speed. Default Setting Cost : auto Command Mode...
This command sets the Administrative Switch Port State for this port to enabled. Syntax spanning-tree port mode no spanning-tree port mode no - This command sets the Administrative Switch Port State for this port to disabled. Default Setting Disabled Command Mode Interface Config This command sets the Administrative Switch Port State for all ports to enabled.
5.4.2.11 spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay. Syntax spanning-tree edgeport no spanning-tree edgeport no - This command specifies that this port is not an Edge Port within the common and internal spanning tree.
Log Messages Relayed The number of messages that are relayed. Log Messages Ignored The number of messages that are ignored. 5.5.2 show logging buffered This command displays the message log maintained by the switch. The message log contains system trace information. Syntax...
Trap Log Capacity: The maximum number of traps that could be stored in the switch. Log: The sequence number of this trap. System Up Time: The relative time since the last reboot of the switch at which this trap occurred. Trap: The relevant information of this trap.
5.5.4 Configuration Commands 5.5.4.1 logging buffered This command enables logging to in-memory log where up to 128 logs are kept. Syntax logging buffered no logging buffered no - This command disables logging to in-memory log. Default Setting None Command Mode Privileged Exec This command enables wrapping of in-memory logging when full capacity reached.
5.5.4.2 logging console This command enables logging to the console. Syntax logging console [<severitylevel> | <0-7>] no logging console [<severitylevel> | <0-7>] - The value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7).
Page 186
Default Setting None Command Mode Privileged Exec This command disables logging to hosts. Syntax logging host remove <hostindex> < hostindex > - Index of the log server. Default Setting None Command Mode Privileged Exec This command reconfigures the IP address of the log server. Syntax logging host reconfigure <hostindex>...
Privileged Exec 5.5.4.4 logging syslog This command enables syslog logging. Syntax logging syslog no logging syslog no - Disables syslog logging. Default Setting None Command Mode Privileged Exec This command sets the local port number of the LOG client for logging messages. Syntax logging syslog port <portid>...
5.6 Script Management Commands 5.6.1 script apply This command applies the commands in the configuration script to the switch. The apply command backs up the running configuration and then starts applying the commands in the script file. Application of the commands stops at the first failure of a command.
- Delete all scripts presented in the switch Default Setting None Command Mode Privileged Exec 5.6.3 script list This command lists all scripts present on the switch as well as the total number of files present. Syntax script list...
Default Setting None Command Mode Privileged Exec 5.6.4 script show This command displays the content of a script file. Syntax script show <scriptname> <scriptname> - Name of the script file. Default Setting None Command Mode Privileged Exec 5.7 User Account Management Commands 5.7.1 Show Commands 5.7.1.1 show users This command displays the configured user names and their settings.
User Name: The name the user will use to login using the serial port, Telnet or Web. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to eight characters, and is not case sensitive. Two users are included as the factory default, admin, and guest.
no username <username> <username> - is a new user name (Range: up to 8 characters). no - This command removes a user name created before. Note: The admin user account cannot be deleted. nopassword - This command sets the password of an existing operator to blank. When a password is changed, a prompt will ask for the operator's former password.
Global Config 5.7.2.3 username snmpv3 encryption This command specifies the encryption protocol and key to be used for the specified login user. The valid encryption protocols are none or des. The des protocol requires a key, which can be specified on the command line. The key may be up to 16 characters. If the des protocol is specified but a key is not provided, the user will be prompted to enter the key.
Syntax show users authentication Default Setting None Command Mode Privileged Exec Display Message User: This field lists every user that has an authentication login list assigned. System Login: This field displays the authentication login list assigned to the user for system login. 802.1x: This field displays the authentication login list assigned to the user for 802.1x port security.
5.8.1.4 show dot1x This command is used to show the status of the dot1x Administrative mode. Syntax show dot1x Default Setting None Command Mode Privileged Exec Display Message Administrative mode: Indicates whether authentication control on the switch is enabled or disabled.
5.8.1.5 show dot1x detail This command is used to show a summary of the global dot1x configuration and the detailed dot1x configuration for a specified port. Syntax show dot1x detail <slot/port> <slot/port> - is the desired interface number. Default Setting None Command Mode Privileged Exec...
5.8.1.6 show dot1x statistics This command is used to show a summary of the global dot1x configuration and the dot1x statistics for a specified port. Syntax show dot1x statistics <slot/port> <slot/port> - is the desired interface number. Default Setting None Command Mode Privileged Exec Display Message...
5.8.1.7 show dot1x summary This command is used to show a summary of the global dot1x configuration and summary information of the dot1x configuration for a specified port or all ports. Syntax show dot1x summary {<slot/port> | all} <slot/port> - is the desired interface number. all - All interfaces.
Type: Primary or secondary Secret Configured: Yes / No Message Authenticator: The message authenticator attribute configured for the radius server. 5.8.1.10 show radius This command is used to display the various RADIUS configuration items for the switch. Syntax show radius Default Setting...
Command Mode Privileged Exec Display Message Current Server IP Address: Indicates the configured server currently in use for authentication Number of configured servers: The configured IP address of the authentication server Number of retransmits: The configured value of the maximum number of times a request packet is retransmitted Timeout Duration: The configured timeout value, in seconds, for request re-transmissions RADIUS Accounting Mode: Disable or Enabled...
Requests: The number of RADIUS Accounting-Request packets sent to this accounting server. This number does not include retransmissions. Retransmission: The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server. Responses: The number of RADIUS packets received on the accounting port from this server. Malformed Responses: The number of malformed RADIUS Accounting-Response packets received from this server.
Access Requests: The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. Access Retransmission: The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server. Access Accepts: The number of RADIUS Access-Accept packets, including both valid and invalid packets, which were received from this server.
Server 1 Retry: Retry count if TACACS server has no response Server 1 Mode: Current TACACS server admin mode (disable, master or slave) Server 2 Port: TACACS packet port number Server 2 Key: Secret Key between TACACS server and client Server 2 IP: Second TACACS Server IP address Server 2 Timeout (sec): Timeout value in seconds while TACACS server has no response Server 2 Retry: Retry count if TACACS server has no response...
Page 204
Syntax show port-security { <slot/port> | all } Default Setting None Command Mode Privileged Exec Display Message Intf Interface Number. Interface Admin Mode Port Locking mode for the Interface. Dynamic Limit Maximum dynamically allocated MAC Addresses. Static Limit Maximum statically allocated MAC Addresses. Violation Trap Mode Whether violation traps are enabled.
Up to 10 authentication login lists can be configured on the switch. When a list is created, the authentication method “local” is set as the first method. When the optional parameters “method1”, “method 2”, and/or “method 3” are used, an ordered list of methods are set in the authentication login list.
The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates that the user is never authenticated.
CLI, web, and telnet sessions will be blocked until the authentication is complete. Note that the login list associated with the ‘admin’ user cannot be changed to prevent accidental lockout from the switch. Syntax username login <user> <listname>...
5.8.3 Dot1x Configuration Commands 5.8.3.1 dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
Global Config 5.8.3.4 dot1x system-auth-control This command is used to enable the dot1x authentication support on the switch. By default, the authentication support is disabled. While disabled, the dot1x configuration is retained and can be changed, but is not activated.
Global Config 5.8.3.5 dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The <username> parameter must be a configured user. Syntax dot1x user <user> {<slot/port> | all} no dot1x user <user>...
Page 211
dot1x port-control all {auto | force-authorized | force-unauthorized} no dot1x port-control all all - All interfaces. no - This command sets the authentication mode to be used on all ports to 'auto'. Default Setting auto Command Mode Global Config This command sets the authentication mode to be used on the specified port. The control mode may be one of the following.
5.8.3.7 dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <1-10> value must be in the range 1 - 10. Syntax dot1x max-req <1-10>...
5.8.3.9 dot1x re-reauthenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x re-authenticate <slot/port>...
server-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535. Syntax dot1x timeout {quiet-period | reauth-period | server-timeout | supp-timeout | tx-period} <seconds>...
no - This command is used to set the RADIUS accounting function to the default value - that is, the RADIUS accounting function is disabled. Default Setting Disabled Command Mode Global Config 5.8.4.2 radius-server host This command is used to configure the RADIUS authentication and accounting server. If the 'auth' token is used, the command configures the IP address to use to connect to a RADIUS authentication server.
Default Setting None Command Mode Global Config 5.8.4.3 radius-sever key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret will be configured for the RADIUS authentication or RADIUS accounting server.
no radius-server retransmit <retries> - the maximum number of times (Range: 1 - 15). no - This command sets the maximum number of times a request packet is re-transmitted, when no response is received from the RADIUS server, to the default value, that is, 10. Default Setting Command Mode Global Config...
Syntax radius-server msgauth <ipaddr> <ipaddr> - is a IP address. Default Setting None Command Mode Global Config 5.8.4.7 radius-server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client. The primary server is the one that is used by default for handling RADIUS requests.
5.8.5 TACACS Configuration Commands 5.8.5.1 tacacs This command is used to enable /disable the TACACS function. Syntax tacacs no tacacs no - This command is used to disable the TACACS function. Default Setting Disabled Command Mode Global Config 5.8.5.2 tacacs mode This command is used to enable/select/disable the TACACS server administrative mode Syntax tacacs mode <1-3>...
5.8.5.3 tacacs server-ip This command is used to configure the TACACS server IP address. Syntax tacacs server-ip <1-3> <ipaddr> no tacacs server-ip <1-3> <ipaddr> - An IP address. <1-3> - The valid value of index is 1, 2, and 3. no - This command is used to remove the TACACS server IP address.
Command Mode Global Config 5.8.5.5 tacacs key This command is used to configure the TACACS server shared secret key. Syntax tacacs key <1-3> no tacacs key <1-3> Note that the length of the secret key is up to 32 characters. <1-3>...
Default Setting Command Mode Global Config 5.8.5.7 tacacs timeout This command is used to configure the TACACS request timeout of an instance. Syntax tacacs timeout <1-3> <1-255> no tacacs timeout <1-3> <1-255> - max timeout (Range: 1 to 255). <1-3> - The valid value of index is 1, 2, and 3. no - This command is used to reset the timeout value to the default value.
port-security no port-security Default Setting None Command Mode Global Config, Interface Config 5.8.6.2 port-security max-dynamic This command sets the maximum of dynamically locked MAC addresses allowed on a specific port. Syntax port-security max-dynamic [<0-600>] no port-security max-dynamic no - This command resets the maximum of dynamically locked MAC addresses allowed on a specific port to its default value.
Syntax port-security max-static [<0-20>] no port-security max-static no - This command resets the maximum number of statically locked MAC addresses allowed on a specific port to its default value. Default Setting Command Mode Interface Config 5.8.6.4 port-security mac-address This command adds a MAC address to the list of statically locked MAC addresses. Syntax port-security mac-address <mac-addr>...
Capability: Describes the device's functional capability in the form of a device type, for example, a switch. Platform: Describes the hardware platform name of the device, for example, Fortinet FortiSwitch-100. Port Id: Identifies the port on which the CDP packet is sent.
5.9.1.3 show cdp traffic This command displays the CDP traffic counters information. Syntax show cdp traffic Default Setting None Command Mode Privileged Exec Display Message Incoming packet number: Received legal CDP packets number from neighbors. Outgoing packet number: Transmitted CDP packets number from this device. Error packet number: Received illegal CDP packets number from neighbors.
5.9.2.2 cdp run This command is used to enable CDP on a specified interface. Syntax cdp run no cdp run no - This command is used to disable CDP on a specified interface. Default Setting Enabled Command Mode Interface Config This command is used to enable CDP for all interfaces.
5.9.2.3 cdp timer This command is used to configure an interval time (seconds) of the sending CDP packet. Syntax cdp timer <5-254> no cdp timer <5-254> - interval time (Range: 5 – 254). no - This command is used to reset the interval time to the default value. Default Setting Command Mode Global Config...
5.10 SNTP (Simple Network Time Protocol) Commands 5.10.1 Show Commands 5.10.1.1 show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether the local time has been properly updated. Syntax show sntp Default Setting None Command Mode Privileged Exec...
Page 231
Command Mode Privileged Exec Display Message Client Supported Modes Supported SNTP Modes (Broadcast, Unicast, or Multicast). SNTP Version The highest SNTP version the client supports. Port SNTP Client Port Client Mode: Configured SNTP Client Mode. Unicast Poll Interval Poll interval value for SNTP clients in seconds as a power of two. Poll Timeout (Seconds) Poll timeout value in seconds for SNTP clients.
5.10.2 Configuration Commands 5.10.2.1 sntp broadcast client poll-interval This command will set the poll interval for SNTP broadcast clients in seconds as a power of two where <poll-interval> can be a value from 6 to 16. Syntax sntp broadcast client poll-interval <6-10> no sntp broadcast client poll-interval <6-10>...
Default Setting None Command Mode Global Config 5.10.2.3 sntp client port This command will set the SNTP client port id and polling interval in seconds. Syntax sntp client port <portid> [<6-10>] no sntp client port <portid> - SNTP client port id. <6-10>...
no sntp unicast client poll-interval <6-10> - Polling interval. It's 2^(value) seconds where value is 6 to 10. no - This command will reset the poll interval for SNTP unicast clients to its default value. Default Setting The default value is 6. Command Mode Global Config 5.10.2.5 sntp unicast client poll-timeout...
Syntax sntp unicast client poll-retry <poll-retry> no sntp unicast client poll-retry < poll-retry> - Polling retry in seconds. The range is 0 to 10. no - This command will reset the poll retry for SNTP unicast clients to its default value. Default Setting The default value is 1.
Command Mode Global Config 5.10.2.8 sntp clock timezone This command sets the time zone for the switch’s internal clock. Syntax sntp clock timezone <name> <0-12> <0-59> {before-utc | after-utc} <name> - Name of the time zone, usually an acronym. (Range: 1-15 characters) <0-12>...
Syntax clear arp Default Setting None Command Mode Privileged Exec 5.11.1.2 clear traplog This command clears the trap log. Syntax clear traplog Default Setting None Command Mode Privileged Exec 5.11.1.3 clear eventlog This command is used to clear the event log, which contains error messages from the system.
Command Mode Privileged Exec 5.11.1.4 clear logging buffered This command is used to clear the message log maintained by the switch. The message log contains system trace information. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 5.11.1.5 clear config This command resets the configuration to the factory defaults without powering off the switch.
5.11.1.6 clear pass This command resets all user passwords to the factory defaults without powering off the switch. You are prompted to confirm that the password reset should proceed. Syntax clear pass Default Setting None Command Mode Privileged Exec 5.11.1.7 clear counters This command clears the stats for a specified <slot/port>...
Syntax clear dns counter Default Setting None Command Mode Privileged Exec 5.11.1.9 clear dns cache This command clears all entries from the DNS cache. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 5.11.1.10 clear cdp This command is used to clear the CDP neighbors information and the CDP packet counters. Syntax clear cdp [traffic] traffic - this command is used to clear the CDP packet counters.
5.11.1.13 clear igmp snooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database. Syntax clear igmp snooping Default Setting None Command Mode Privileged Exec 5.11.1.14 clear port-channel This command clears all port-channels (LAGs).
clear ip filter Default Setting None Command Mode Privileged Exec 5.11.1.16 clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. Syntax clear dot1x statistics {all | <slot/port>} <slot/port> - is the desired interface number. all - All interfaces.
Privileged Exec 5.11.2 copy This command uploads and downloads to/from the switch. Local URLs can be specified using tftp or xmodem. The following can be specified as the source file for uploading from the switch: startup config (startup-config), event log (eventlog), message log (msglog) and trap log (traplog).
Page 245
copy startup-config <sourcefilename> <url> copy {errorlog | log | traplog} <url> copy script <sourcefilename> <url> where <url>={xmodem | tftp://ipaddr/path/file} <sourcefilename> - The filename of a configuration file or a script file. <url> - xmodem or tftp://ipaddr/path/file. errorlog - event Log file. log - message Log file.
no clibanner <url> - xmodem or tftp://ipaddr/path/file. no - Delete CLI banner. Default Setting None Command Mode Privileged Exec 5.11.3 delete This command is used to delete a configuration or image file. Syntax delete <filename> <filename> - name of the configuration or image file. Default Setting None Command Mode...
<filename> - name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operation code. Default Setting None Command Mode Privileged Exec Display Message Column Headin date file name file type startup size 5.11.5 whichboot This command is used to display which files were booted when the system powered up.
FASTPATH 2402/ 4802 Hardware User Guide). The source and target devices must have the ping utility enabled and running on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation.
None Command Mode Privileged Exec 5.11.9 logging cli-command This command enables the CLI command Logging feature. The Command Logging component enables the switch to log all Command Line Interface (CLI) commands issued on the system. Syntax logging cli-command Default Setting...
Privileged Exec 5.11.11 reload This command resets the switch without powering it off. Reset means that all network connections are terminated and the boot code executes. The switch uses the stored configuration to initialize the switch. You are prompted to confirm that the reset should proceed.
5.11.15 quit This command is used to exit a CLI session. Syntax quit Default Setting None Command Mode Privileged Exec 5.12 Differentiated Service Command Note: This Switching Command function can only be used on the QoS software version. This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ) package.
The exception to this is when the 'exclude' option is specified, in which case this restriction does not apply to the excluded fields. The following class restrictions are imposed by the FortiSwitch-100 Switch DiffServ design: • nested class support limited to: •...
Syntax Diffserv Command Mode Global Config 5.12.1.2 no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated. Syntax no diffserv Command Mode...
5.12.2.1 class-map This command defines a new DiffServ class of type match-all, match-any or match-access-group. Syntax class-map [ match-all ] <class-map-name> <class-map-name> is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class. Note: The class name 'default' is reserved and must not be used here. When used without any match condition, this command enters the class-map mode.
<class-map-name> is the name of an existing DiffServ class. Note: The class name 'default' is reserved and is not allowed here. This command may be issued at any time; if the class is currently referenced by one or more policies or by any other class, this deletion attempt shall fail.
Command Mode Class-Map Config 5.12.2.5 match class-map This command adds to the specified class definition the set of match conditions defined for another class. Syntax match class-map <refclassname> <refclassname> is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition.
no match class-map <refclassname> <refclassname> is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: There is no [not] option for this match command. Default None Command Mode Class-Map Config 5.12.2.7 match dstip This command adds to the specified class definition a match condition based on the destination IP address of a packet.
echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number, which is used as both the start and end of a port range. To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535.
5.12.2.10 match ip precedence This command adds to the specified class definition a match condition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in the IP header (the low-order five bits are not checked). The precedence value is an integer from 0 to 7.
Note: In essence, this the “free form” version of the IP DSCP/Precedence/TOS match specification in that the user has complete control of specifying which bits of the IP Service Type field are checked. Default None Command Mode Class-Map Config 5.12.2.12 match protocol This command adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation.
<ipaddr> specifies an IP address. <ipmask> specifies an IP address bit mask; note that although it resembles a standard subnet mask, this bit mask need not be contiguous. Default None Command Mode Class-Map Config 5.12.2.14 match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation or a numeric range notation.
5.12.3 Policy Commands The 'policy' command set is used in DiffServ to define: Traffic Conditioning Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes Service Provisioning Specify bandwidth and queue depth management requirements of service levels (EF, AF, etc.) The policy commands are used to associate a traffic class, which was defined by the class command set, with one or more QoS policy attributes.
5.12.3.2 drop This command specifies that all packets for the associated traffic stream are to be dropped at ingress. Syntax drop Command Mode Policy-Class-Map Config 5.12.3.3 redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel).
5.12.3.4 conform-color This command is used to enable color-aware traffic policing and define the conform-color class maps used. Used in conjunction with the police command where the fields for the conform level (for simple, single-rate, and two-rate policing) are specified. The <class-map-name>...
Policy-Class-Map Config Policy Type 5.12.3.6 class This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. Syntax class <classname> <classname> is the name of an existing DiffServ class. Note that this command causes the specified policy to create a reference to the class definition.
mark ip-dscp <value> <value> is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. Command Mode Policy-Class-Map Config Policy Type In...
from 0-7. <set-dscp-transmit> is required and is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. <set-prec-transmit>, an IP Precedence value is required and is specified as an integer from 0-7.
policy-map rename <policyname> <newpolicyname> <policyname> - Old Policy name. <newpolicyname> - New policy name. Command Mode Global Config Policy Type In 5.12.4 Service Commands The 'service' command set is used in DiffServ to define: Traffic Conditioning Assign a DiffServ traffic conditioning policy (as specified by the policy Service Provisioning Assign a DiffServ service provisioning policy (as specified by the policy The service commands attach a defined policy to a directional interface.
Note: This command effectively enables DiffServ on an interface (in a particular direction). There is no separate interface administrative 'mode' command for DiffServ. Note: This command shall fail if any attributes within the policy definition exceed the capabilities of the interface. Once a policy is successfully attached to an interface, any attempt to change the policy definition such that it would result in a violation of said interface capabilities shall cause the policy change attempt to fail.
• Classes • Policies • Services This information can be displayed in either summary or detailed formats. The status information is only shown when the DiffServ administrative mode is enabled; it is suppressed otherwise. There is also a 'show' command for general DiffServ information that is available at any time.
Precedence, IP TOS, Protocol Keyword, Reference Class, Source IP Address, Source Layer 4 Port, Source MAC Address, and VLAN. Values This field displays the values of the Match Criteria. Excluded This field indicates whether this Match Criteria is excluded. If the Class Name is not specified, this command displays a list of all defined DiffServ classes.
Class Rule Table Size Current/Max The current or maximum number of entries (rows) in the Class Rule Table. Policy Table Size Current/Max The current or maximum number of entries (rows) in the Policy Table. Policy Instance Table Size Current/Max The current or maximum number of entries (rows) in the Policy Instance Table.
Mark IP Precedence Denotes the mark/re-mark value used as the IP Precedence for traffic matching this class. This is not displayed if either mark DSCP or policing is in use for the class under this policy. Policing Style This field denotes the style of policing, if any, used simple. Committed Rate (Kbps) This field displays the committed rate, used in simple policing, single-rate policing, and two-rate policing.
Syntax show diffserv service <slot/port> in <slot/port> specifies a valid slot number and port number for the system. The direction parameter indicates the interface direction of interest. Default Setting None Command Mode Privileged EXEC Display Message DiffServ Admin Mode The current setting of the DiffServ administrative mode. An attached policy is only in effect on an interface while DiffServ is in an enabled mode.
DiffServ Admin Mode The current setting of the DiffServ administrative mode. An attached policy is only active on an interface while DiffServ is in an enabled mode. The following information is repeated for interface and direction (only those interfaces configured with an attached policy are shown): Interface The slot number and port number of the interface (slot/port).
The following information is repeated for each class instance within this policy: Class Name The name of this class instance. In Offered Octets/Packets A count of the octets/packets offered to this class instance before the defined DiffServ treatment is applied. Only displayed for the 'in' direction. In Discarded Octets/Packets A count of the octets/packets discarded for this class instance for any reason due to DiffServ treatment of the traffic class.
Page 280
Privileged EXEC Display Message The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Interface The slot number and port number of the interface (slot/port). Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface.
5.13 ACL Command 5.13.1 Show Commands 5.13.1.1 show mac access-lists This command displays a MAC access list and all of the rules that are defined for the ACL. <name> parameter is used to identify a specific MAC ACL to display. Syntax show mac access-list <name>...
5.13.1.2 show mac access-lists This command displays a summary of all defined MAC access lists in the system. Syntax show mac access-list Default Setting None Command Mode Privileged EXEC Display Message Current number of all ACLs The number of user-configured rules defined for this ACL. Maximum number of all ACLs The maximum number of ACL rules.
Default Setting None Command Mode Privileged EXEC Display Message Current number of ACLs The number of user-configured rules defined for this ACL. Maximum number of ACLs The maximum number of ACL rules. ACL ID The identifier of this ACL. Rule This displays the number identifier for each rule that is defined for the ACL. Action This displays the action associated with each rule.
ACL Type This displays ACL type is IP or MAC. ACL ID This displays the ACL ID. Sequence Number This indicates the order of this access list relative to other access lists already assigned to this interface and direction. A lower number indicates higher precedence order. 5.13.2 Configuration Commands 5.13.2.1 mac access-list extended This command creates a MAC Access Control List (ACL) identified by <name>, consisting of...
Syntax mac access-list extended rename <name> <newname> <name> - Old name which uniquely identifies the MAC access list. <newname> - New name which uniquely identifies the MAC access list. Default Setting None Command Mode Global Config 5.13.2.3 mac access-list This command creates a new rule for the current MAC access list. Each rule is appended to the list of configured rules for the list.
Default Setting None Command Mode Mac Access-list Config 5.13.2.4 mac access-group in This command attaches a specific MAC Access Control List (ACL) identified by <name> to interface in a given direction. The <name> parameter must be the name of an exsiting MAC ACL.
no access-list {<1-99> | <100-199>} Note: The ACL number is an integer from 1 to 199. The range 1 to 99 is for the normal ACL List and 100 to 199 is for the extended ACL List. Default Setting None Command Mode Global Config 5.13.2.7 ip access-group...
support independent per-port class of service mappings. If specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Syntax show queue cos-map <slot/port> < slot/port > The interface number. Default Setting None Command Mode Privileged EXEC, User EXEC...
Command Mode Privileged EXEC, User EXEC Display Message The following information is repeated for each user priority. IP Precedence The IP Precedence value. Traffic Class The traffic class internal queue identifier to which the IP Precedence value is mapped. 5.14.1.3 show queue trust This command displays the current trust mode setting for a specific interface.
5.14.1.4 show queue cos-queue This command displays the class-of-service queue configuration for the specified interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the class-of-service queue configuration of the interface is displayed.
5.14.2 Configuration Commands 5.14.2.1 queue cos-map This command maps an 802.1p priority to an internal traffic class on a "per-port" basis. Syntax queue cos-map <0-7> <0-6> no queue cos-map < 0-7 > - The range of queue priority is 0 to 7. <...
5.14.2.2 queue ip-precedence-mapping This command maps an IP precedence value to an internal traffic class on a "per-port" basis. Syntax queue ip-precedence-mapping <0-7> <0-6> no queue ip-precedence-mapping < 0-7 > - The range of IP precedence is 0 to 7. <...
None Command Mode Global Config. 5.14.2.3 queue trust This command sets the class of service trust mode of an interface. The mode can be set to trust one of the Dot1p (802.1p), IP Precedence. Syntax queue trust {dot1p | ip-precedence | ip-dscp} no queue trust no - This command sets the interface mode to untrusted.
no - This command sets the class of service trust mode to untrusted for all interfaces. Default Setting None Command Mode Global Config. 5.14.2.4 queue cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue. Syntax queue cos-queue min-bandwidth <bw-0>...
Syntax queue cos-queue min-bandwidth all <bw-0> <bw-1> … <bw-6> no queue cos-queue min-bandwidth all <bw-0> <bw-1> … <bw-6>- Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100. no - This command restores the default for each queue's minimum bandwidth value in the device.
Command Mode Interface Config. This command activates the strict priority scheduler mode for each specified queue on a device. Syntax queue cos-queue strict all <queue-id-0> [<queue-id-1> … <queue-id-6>] no queue cos-queue strict all <queue-id-0> [<queue-id-1> … <queue-id-6>] no - This command restores the default weighted scheduler mode for each specified queue on a device.
Page 298
<bw> - Valid range is (0 to 100) in increments 5. no - This command restores the default shaping rate value. Default Setting None Command Mode Interface Config. This command specifies the maximum transmission bandwidth limit for all interfaces. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded.
CLI Examples The diagram in this section shows a Layer 3 switch configured for port routing. It connects two VLANs, with two ports participating in one VLAN, and one port in the other. The script shows the commands you would use to configure the FortiSwitch-100 software to provide the...
Page 300
Figure 1. VLAN Routing Example Network Diagram Step 1: Create Two VLANs The following code sequence shows an example of creating two VLANs , and next specifies the VLAN ID assigned to untagged frames received on the ports. config vlan database vlan 10 vlan 20 exit...
Page 301
Step 2: Set Up VLAN Routing for the VLANs and the Switch. The following code sequence shows how to enable routing for the VLANs: config vlan database vlan routing 10 vlan routing 20 exit # show ip vlan This returns the logical interface IDs that will be used instead of slot/port in subsequent routing commands.
6.1 Address Resolution Protocol (ARP) Commands 6.1.1 Show Commands 6.1.1.1 show ip arp This command displays the Address Resolution Protocol (ARP) cache. Syntax show ip arp Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out. This value was configured into the unit. Age time is measured in seconds.
show ip arp brief Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out. This value was configured into the unit. Age time is measured in seconds. Response Time: Is the time it takes for an ARP request timeout.
6.1.2 Configuration Commands 6.1.2.1 arp This command creates an ARP entry. The value for <ipaddress> is the IP address of a device on a subnet attached to an existing routing interface. The value for <macaddress> is a unicast MAC address for that device. Syntax arp <ipaddr>...
6.1.2.3 arp cachesize This command configures the maximum number of entries in the ARP cache. Syntax arp cachesize <256-1920> no arp cachesize <256-1920> - The range of cache size is 256 to 1920. no - This command configures the default ARP cache size. Default Setting The default cache size is 1920.
<ipaddr> - The IP address to be removed from the ARP table. Default Setting None Command Mode Privileged Exec 6.1.2.6 arp resptime This command configures the ARP request response timeout. Syntax arp resptime <1-10> no arp resptime <1-10> - The range of default response time is 1 to 10 seconds. no - This command configures the default response timeout time.
6.1.2.8 arp timeout This command configures the ARP entry ageout time. Syntax arp timeout <15-21600> no arp timeout <15-21600> - Represents the IP ARP entry ageout time in seconds. The range is 15 to 21600 seconds. no - This command configures the default ageout time for IP ARP entry. Default Setting The default value is 1200.
Routing Mode: Show whether the routing mode is enabled or disabled. IP Forwarding Mode: Disable or enable the forwarding of IP frames. Maximum Next Hops: The maximum number of hops supported by this switch. 6.2.1.2 show ip interface port This command displays all pertinent information about the IP interfaces.
Link Speed Data Rate: Is an integer representing the physical link data rate of the specified interface. This is measured in Megabits per second (Mbps). MAC Address: Is the physical address of the specified interface. Encapsulation Type: Is the encapsulation type for the specified interface. IP Mtu: Is the Maximum Transmission Unit size of the IP packet.
Command Mode Privileged Exec Display Message Total Number of Routes: The total number of routes. for each next hop Network Address: Is an IP address identifying the network on the specified interface. Subnet Mask: Is a mask of the network and host portion of the IP address for the router interface. Protocol: Tells which protocol added the specified route.
Syntax show ip route entry <networkaddress> <networkaddress> - Is a valid network address identifying the network on the specified interface. Default Setting None Command Mode Privileged Exec Display Message Network Address: Is a valid network address identifying the network on the specified interface. Subnet Mask: Is a mask of the network and host portion of the IP address for the attached network.
Static: This field displays the static route preference value. OSPF Intra: This field displays the OSPF intra route preference value. OSPF Inter: This field displays the OSPF inter route preference value. OSPF Ext T1: This field displays the OSPF Type-1 route preference value. OSPF Ext T2: This field displays the OSPF Type-2 route preference value.
6.2.2.2 ip routing This command enables the IP Router Admin Mode for the master switch. Syntax ip routing no ip routing no - Disable the IP Router Admin Mode for the master switch. Default Setting Enabled Command Mode Global Config 6.2.2.3...
Syntax ip route <networkaddr> <subnetmask> [ <nexthopip> [<1-255 >] ] no ip route <networkaddr> <subnetmask> [ { <nexthopip> | <1-255 > } ] <ipaddr> - A valid IP address . <subnetmask> - A valid subnet mask. <nexthopip> - IP address of the next hop router. <1-255>...
the default precedence does not update the precedence of existing static routes, even if they were assigned the original default precedence. The new default precedence will only be applied to static routes created after invoking the "ip route precedence" command. Syntax ip route precedence <1-255>...
no ip directed-broadcast no - Drop network directed broadcast packets. Default Setting Enabled Command Mode Interface Config 6.2.2.9 ip mtu This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation.
The default value is ethernet. Command Mode Interface Config Restrictions Routed frames are always Ethernet encapsulated when a frame is routed to a VLAN. 6.3 Open Shortest Path First (OSPF) Commands 6.3.1 Show Commands 6.3.1.1 show ip ospf This command displays information relevant to the OSPF router Syntax show ip ospf Default Setting...
External LSA Checksum A number which represents the sum of the LS checksums of external link-state advertisements contained in the link-state database. New LSAs Originated The number of new link-state advertisements that have been originated. LSAs Received The number of link-state advertisements received determined to be new instantiations. External LSDB Limit The maximum number of non-default AS-external-LSAs entries that can be stored in the link-state database.
Syntax show ip ospf database Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID Is a 32 bit dotted decimal number representing the LSDB interface. Area ID Is the IP address identifying the router ID. LSA Type The types are: router, network, ipnet sum, asbr sum, as external, group member, tmp 1, tmp 2, opaque link, opaque area.
Router Priority A number representing the OSPF Priority for the specified interface. This is a configured value. Retransmit Interval A number representing the OSPF Retransmit Interval for the specified interface. This is a configured value. Hello Interval A number representing the OSPF Hello Interval for the specified interface. This is a configured value.
6.3.1.6 show ip ospf interface stats This command displays the statistics for a specific interface. Syntax show ip ospf interface stats <slot/port> <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec, User Exec Display Messages OSPF Area ID The area id of this OSPF interface. Spf Runs The number of times that the intra-area route table has been calculated using this area's link-state database.
<ipaddr> - IP address of the neighbor. <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Interface Is the interface number. Router Id Is a 4-digit dotted-decimal number identifying neighbor router. Options An integer value that indicates the optional OSPF capabilities supported by the neighbor. The neighbor's optional OSPF capabilities are also listed in its Hello packets.
Syntax show ip ospf neighbor brief {<slot/port> | all} Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID A 4 digit dotted decimal number representing the neighbor interface. IP Address An IP address representing the neighbor interface. Neighbor Interface Index Is a slot/port identifying the neighbor interface index.
Advertisement The status of the advertisement. Advertisement has two possible settings: enabled or disabled. 6.3.1.10 show ip ospf stub table This command displays the OSPF stub table. The information will only be displayed if OSPF is initialized on the switch. Syntax show ip ospf stub table Default Setting...
Syntax show ip ospf virtual-link <areaid> <neighbor> <areaid> - Area ID. <neighbor> - Neighbor's router ID. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Area ID The area id of the requested OSPF area. Neighbor Router ID The input neighbor Router ID. Hello Interval The configured hello interval for the OSPF virtual interface.
Neighbor Is the neighbor interface of the OSPF virtual interface. Hello Interval Is the configured hello interval for the OSPF virtual interface. Dead Interval Is the configured dead interval for the OSPF virtual interface. Retransmit Interval Is the configured retransmit interval for the OSPF virtual interface. Transit Delay Is the configured transit delay for the OSPF virtual interface.
None Command Mode Router OSPF Config 6.3.2.3 ip ospf This command enables OSPF on a router interface. Syntax ip ospf no ip ospf <no> - This command disables OSPF on a router interface. Default Setting Disabled Command Mode Interface Config 6.3.2.4 1583compatibility This command enables OSPF 1583 compatibility.
Router OSPF Config 6.3.2.5 area default-cost This command configures the monetary default cost for the stub area. Syntax area <areaid> default-cost <1-16777215> <areaid> - Area ID <1-16777215> - The default cost value. The range is 1 to 16777215. Default Setting None Command Mode Router OSPF Config...
6.3.2.7 area nssa default-info-originate This command configures the metric value and type for the default route advertised into the NSSA. Syntax area <areaid> nssa default-info-originate [<1-16777215>] [{comparable | non-comparable}] <areaid> - Area ID. <1-16777215> - The metric of the default route. The range is 1 to 16777215. comparable - It's NSSA-External 1.
6.3.2.9 area nssa no-summary This command configures the NSSA so that summary LSAs are not advertised into the NSSA Syntax area <areaid> nssa no- summary <areaid> - Area ID. Default Setting None Command Mode Router OSPF Config 6.3.2.10 area nssa translator-role This command configures the translator role of the NSSA.
6.3.2.11 area nssa translator-stab-intv This command configures the translator stability interval of the NSSA. The <stabilityinterval> is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. Syntax area <areaid>...
Router OSPF Config 6.3.2.13 area stub This command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area.
Disabled Command Mode Router OSPF Config 6.3.2.15 area virtual-link authentication This command configures the authentication type and key for the OSPF virtual interface identified by <areaid> and <neighborid>. Syntax area <areaid> virtual-link <neighborid> authentication [{none | {simple <key>} | {encrypt <key>...
Syntax area <areaid> virtual-link <neighborid> dead-interval <1-65535> no area <areaid> virtual-link <neighborid> dead-interval <areaid> - Area ID. <neighbor> - Router ID of the neighbor. <1-65535> - The range of the dead interval is 1 to 65535. <no> - This command deletes the OSPF virtual interface from the given interface, identified by <areaid> and <neighborid>.
6.3.2.18 area virtual-link retransmit-interval This command configures the retransmit interval for the OSPF virtual interface on the interface identified by <areaid> and <neighborid>. Syntax area <areaid> virtual-link <neighborid> retransmit-interval <0-3600> no area <areaid> virtual-link <neighborid> retransmit-interval <areaid> - Area ID. <neighborid>...
The default value of hello interval is 1 second. Command Mode Router OSPF Config 6.3.2.20 default-information originate This command is used to control the advertisement of default routes. Syntax default-information originate [always] [metric <1-16777215>] [metric-type {1 | 2}] no default-information originate [metric] [metric-type] [always] - Sets the router advertise 0.0.0.0/0.0.0.0.
<1-16777215> - The range of default metric is 1 to 16777215. <no> - This command configures the default advertisement of default routes. Default Setting None Command Mode Router OSPF Config 6.3.2.22 distance ospf This command sets the route preference value of OSPF in the router. Lower route preference values are preferred when determining the best route.
Syntax distribute-list <1-199> out {rip | static | connected} no distribute-list <1-199> out {rip | static | connected} <1-199> - The range of default list id is 1 to 199. <no> - This command is used to specify the access list to filter routes received from the source protocol. Default Setting None Command Mode...
6.3.2.25 external-lsdb-limit This command configures the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external-LSAs in it database.
Default Setting None Command Mode Interface Config 6.3.2.27 ip ospf authentication This command sets the OSPF Authentication Type and Key for the specified interface. The value of <type> is either none, simple or encrypt. If the type is encrypt a <keyid> in the range of 0 and 255 must be specified.
Syntax ip ospf cost <1-65535> no ip ospf cost < 1-65535 > - The range of the cost is 1 to 65535. <no> - This command configures the default cost on an OSPF interface. Default Setting The default cost value is 10. Command Mode Interface Config 6.3.2.29...
6.3.2.30 ip ospf hello -interval This command sets the OSPF hello interval for the specified interface. Syntax ip ospf hello-interval <1-65535> no ip ospf hello-interval < 1-65535 > - Is a valid positive integer, which represents the length of time in seconds. The value for the length of time must be the same for all routers attached to a network.
Interface Config 6.3.2.32 ip ospf retransmit-interval This command sets the OSPF retransmit Interval for the specified interface. The retransmit interval is specified in seconds. Syntax ip ospf retransmit-interval <0-3600> no ip ospf retransmit-interval < 0-3600 > - The value is the number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface.
< 1-3600 > - The range of transmit delay is 1 to 3600. <no> - This command sets the default OSPF Transit Delay for the specified interface. Default Setting The default transmit delay is 1 second. Command Mode Interface Config 6.3.2.34 ip ospf mtu-ignore This command disables OSPF maximum transmission unit (MTU) mismatch detection.
6.3.2.37 maximum-paths This command sets the number of paths that OSPF can report for a given destination where <maxpaths> is platform dependent. Syntax maximum-paths <1-1> no maximum-paths < 1-1 > - The maximum number of paths that OSPF can report for a given destination. The range of the value is 1 to 1.
Maximum Hop Count: Is the maximum allowable relay agent hops. Minimum Wait Time (Seconds) Is the minimum wait time. Admin Mode Represents whether relaying of requests is enabled or disabled. Server IP Address Is the IP Address for the BootP/DHCP Relay server. Circuit Id Option Mode Is the DHCP circuit Id option which may be enabled or disabled.
6.4.4 bootpdhcprelay maxhopcount This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system. Syntax bootpdhcprelay maxhopcount <1-16> no bootpdhcprelay maxhopcount <count> - The range of maximum hop count is 1 to 16. no - Set the maximum hop count to 4. Default Setting The default value is 4.
Submit a BootP or DHCP client request. Syntax ip dhcp restart Default Setting None Command Mode Global Config 6.4.8 ip dhcp client-identifier This commands specifies the DHCP client identifier for the switch. Syntax ip dhcp client-identifier {text <text> | hex <hex>}...
<text> - A text string which length is 1 to 15. <hex> - A hex string which format is XX:XX:XX:XX:XX:XX (X is 0-9, A-F). Default Setting The default value for client-identifier is a text string "fortinet". Command Mode Global Config 6.5 Domain Name Server Relay Commands...
show dns Default Setting None Command Mode Privileged Exec Display Message Domain Lookup Status: Enable or disable the IP Domain Naming System (DNS)-based host name-to-address translation function. Default Domain Name: The default domain name that will be used for querying the IP address of a host. Domain Name List: A list of domain names that will be used for querying the IP address of a host.
6.5.2 Configuration Commands 6.5.2.1 ip hosts This command creates a static entry in the DNS table that maps a host name to an IP address. Syntax ip host <name> <ipaddr> no ip host <name> <name> - Host name. <ipaddr> - IP address of the host. <no>...
(Range: 1-64 characters) Note - When an incomplete host name is received by the DNS server on this switch, it will work through the domain name list, append each domain name in the list to the host name, and check with the specified name servers for a match.
Default Setting None Command Mode Privileged Exec 6.5.2.5 ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution. There are maximum 6 entries in the Domain Name Server Table. Syntax ip name-server <ipaddr> no ip name-server <ipaddr>...
<no> - This command disables the IP Domain Naming System (DNS)-based host name-to-address translation. Default Setting None Command Mode Privileged Exec 6.5.2.7 clear domain-list This command clears all entries in the domain name list table. Syntax clear domain-list Default Setting None Command Mode Privileged Exec...
Default Setting None Command Mode Privileged Exec 6.5.2.9 clear dns cache This command clears all entries in the DNS cache table. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 6.5.2.10 clear dns counter This command clears the statistics of all entries in the DNS cache table. Syntax clear dns cache Default Setting...
RIP Admin Mode: Select enable or disable from the pulldown menu. If you select enable RIP will be enabled for the switch. The default is disabled. Split Horizon Mode: Select none, simple or poison reverse from the pulldown menu. Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned.
6.6.1.2 show ip rip interface This command displays information related to a particular RIP interface. Syntax show ip rip interface <slot/port> < slot/port > - Interface number Default Setting None Command Mode Privileged Exec Display Message Interface: Valid slot and port number separated by a forward slash. This is a configured value. IP Address: The IP source address used by the specified RIP interface.
Syntax show ip rip interface brief Default Setting None Command Mode Privileged Exec Display Message Interfacet: Valid slot and port number separated by a forward slash. IP Address: The IP source address used by the specified RIP interface. Send Version: The RIP version(s) used when sending updates on the specified interface. The types are none, RIP-1, RIP-1c, RIP-2.
6.6.2.2 ip rip This command enables RIP on a router interface. Syntax Ip rip no ip rip no - This command disables RIP on a router interface. Default Setting Disabled Command Mode Interface Config 6.6.2.3 auto-summary This command enables the RIP auto-summarization mode. Syntax auto-summary no auto-summary...
6.6.2.4 default-information originate This command is used to set the advertisement of default routes. Syntax default-information originate no default-information originate no - This command is used to cancel the advertisement of default routes. Default Setting Not configured Command Mode Router RIP Config 6.6.2.5 default-metric This command is used to set a default for the metric of distributed routes.
6.6.2.6 distance rip This command sets the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Syntax distance rip <1-255> no distance rip <1 - 255> - the value for distance. no - This command sets the default route preference value of RIP in the router.
6.6.2.8 split-horizon This command sets the RIP split horizon mode. None mode will not use RIP split horizon mode. Simple mode will be that a route is not advertised on the interface over which it is learned. Poison mode will be that routes learned over this interface should be re-advertised on the interface with a metric of infinity (16).
Command Mode Router RIP Config 6.6.2.10 redistribute This command configures RIP protocol to redistribute routes from the specified source protocol/routers. There are five possible match options. When you submit the command redistribute ospf match <matchtype> the match-type or types specified are added to any match types presently being redistributed.
The value for authentication key [key] must be 16 bytes or less. The [key] is composed of standard displayable, non-control keystrokes from a Standard 101/102-key keyboard. If the value of <type> is encrypt, a keyid in the range of 0 and 255 must be specified. Syntax ip rip authentication {none | {simple <key>} | {encrypt <key>...
Default Setting Both Command Mode Interface Config 6.6.2.13 ip rip send version This command configures the interface to allow RIP control packets of the specified version to be sent. The value for <mode> is one of: rip1 to broadcast RIP version 1 formatted packets, rip1c (RIP version 1 compatibility mode) which sends RIP version 2 formatted packets via broadcast, rip2 for sending RIP version 2 using multicast, or none to not allow any RIP control packets to be sent.
show ip irdp {slot/port | all} <slot/port> - Show router discovery information for the specified interface. <all> - Show router discovery information for all interfaces. Default Setting None Command Mode Privileged Exec, User Exec Display Message Ad Mode Displays the advertise mode which indicates whether router discovery is enabled or disabled on this interface.
6.7.3 ip irdp broadcast This command configures the address to be used to advertise the router for the interface. Syntax ip irdp broadcast no ip irdp broadcast broadcast - The address used is 255.255.255.255. no - The address used is 224.0.0.1. Default Setting The default address is 224.0.0.1 Command Mode...
6.7.5 ip irdp maxadvertinterval This commands configures the maximum time, in seconds, allowed between sending router advertisements from the interface. Syntax ip irdp maxadvertinterval < minadvertinterval-1800 > no ip irdp maxadvertinterval < minadvertinterval-1800 > - The range is 4 to 1800 seconds. no - This command configures the default maximum time, in seconds.
6.7.7 ip irdp preference This command configures the preferability of the address as a default router address, relative to other router addresses on the same subnet. Syntax ip irdp preference < -2147483648-2147483647> no ip irdp preference < -2147483648-2147483647> - The range is -2147483648 to 2147483647. no - This command sets the preference to 0.
Logical Interface Indicates the logical slot/port associated with the VLAN routing interface. IP Address Displays the IP Address associated with this VLAN. Subnet Mask Indicates the subnet mask that is associated with this VLAN. 6.8.2 vlan routing This command creates routing on a VLAN. Syntax vlan routing <vlanid>...
Command Mode Privileged Exec, User Exec Display Message Admin Mode Displays the administrative mode for VRRP functionality on the switch. Router Checksum Errors Represents the total number of VRRP packets received with an invalid VRRP checksum value. Router Version Errors Represents the total number of VRRP packets received with Unknown or unsupported version number.
State Represents the state (Master/backup) of the specific virtual router 6.9.1.4 show ip vrrp interface stats This command displays the statistical information about each virtual router configured on the switch. Syntax show ip vrrp interface stats <slot/port> [ <vrid>] <slot/port> - Valid slot and port number separated by a forward slash.
Authentication Failure Represents the total number of VRRP packets received that don't pass the authentication check. IP TTL errors Represents the total number of VRRP packets received by the virtual router with IP TTL (time to live) not equal to 255. Zero Priority Packets Received Represents the total number of VRRP packets received by virtual router with a priority of '0'.
ip vrrp <1-255> no ip vrrp <1-255> <1-255> - The range of virtual router ID is 1 to 255. <no> - This command removes all VRRP configuration details of the virtual router configured on a specific interface. Default Setting None Command Mode Interface Config 6.9.2.2 ip vrrp ip...
Syntax ip vrrp <1-255> mode no ip vrrp <1-255> mode <1-255> - The range of virtual router ID is 1 to 255. <no> - Disable the virtual router configured on the specified interface. Disabling the status field stops a virtual router. Default Setting Disabled Command Mode...
Syntax ip vrrp <1-255> preempt no ip vrrp <1-255> preempt <1-255> - The range of virtual router ID is 1 to 255. <no> - This command sets the default preemption mode value for the virtual router configured on a specified interface. Default Setting Enabled Command Mode...
Page 378
Syntax ip vrrp <1-255> timers advertise <1-255> ip vrrp <1-255> timers advertise <1-255> - The range of virtual router ID is 1 to 255. < 1-255 > - The range of advertisement interval is 1 to 255. <no> - This command sets the default advertisement value for a virtual router. Default Setting The default value of advertisement interval is 1.
Show commands are used to display device settings, statistics and other information. Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting.
7.1.1.2 show ip dvmrp interface This command displays the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface <slot/port> <slot/port> - Valid slot and port number separated by a forward slash. Default Setting None Command Mode Privileged Exec User EXEC Display Message...
Nbr IP Addr This field indicates the IP Address of the DVMRP neighbor for which this entry contains information. State This field displays the state of the neighboring router. The possible value for this field are ACTIVE or DOWN. Up Time This field indicates the time since this neighboring router was learned. Expiry Time This field indicates the time remaining for the neighbor to age out.
Default Setting None Command Mode Privileged Exec User EXEC Display Message Group IP This field identifies the multicast Address that is pruned. Source IP This field displays the IP Address of the source that has pruned. Source Mask This field displays the network Mask for the prune source. It should be all 1s or both the prune source and prune mask must match.
7.1.2 Configuration Commands 7.1.2.1 ip dvmrp This command sets administrative mode of DVMRP in the router to active. IGMP must be enabled before DVMRP can be enabled. Syntax ip dvmrp no ip dvmrp no - This command sets administrative mode of DVMRP in the router to inactive. IGMP must be enabled before DVMRP can be enabled.
Show commands are used to display device settings, statistics and other information. Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting.
show ip igmp groups <slot/ports> [detail] <slot/port> - Valid slot and port number separated by a forward slash. [detail] - Display details of subscribed multicast groups. Default Setting None Command Mode Privileged Exec Display Message IP Address This displays the IP address of the interface participating in the multicast group. Subnet Mask This displays the subnet mask of the interface participating in the multicast group.
Privileged Exec User EXEC Display Message Slot/Port Valid slot and port number separated by a forward slash. IGMP Admin Mode This field displays the administrative status of IGMP. This is a configured value. Interface Mode This field indicates whether IGMP is enabled or disabled on the interface. This is a configured value.
IInterface Valid slot and port number separated by a forward slash. Interface IP This displays the IP address of the interface participating in the multicast group. State This displays whether the interface has IGMP in Querier mode or Non-Querier mode. Group Compatibility Mode The group compatibility mode (v1, v2 or v3) for the specified group on this interface.
Wrong Version Queries This field indicates the number of queries received whose IGMP version does not match the IGMP version of the interface. Number of Joins This field displays the number of times a group membership has been added on this interface.
Default Setting Command Mode Interface Config 7.2.2.3 ip igmp last-member-query-count This command sets the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface. Syntax ip igmp last-member-query-count <1-20> no ip igmp last-member-query-count <1-20>...
no - This command resets the Maximum Response Time being inserted into Group-Specific Queries sent in response to Leave Group messages on the interface to the default value. Default Setting 1 second Command Mode Interface Config 7.2.2.5 ip igmp query-interval This command configures the query interval for the specified interface.
no - This command resets the maximum response time interval for the specified interface, which is the maximum query response time advertised in IGMPv2 queries on this interface to the default value. The maximum response time interval is reset to the default time. Default Setting Command Mode Interface Config...
no - This command resets the number of Queries sent out on startup, separated by the Startup Query Interval on the interface to the default value. Default Setting Command Mode Interface Config 7.2.2.9 ip igmp startup-query-interval This command sets the interval between General Queries sent by a Querier on startup on the interface.
Syntax show ip mcast Default Setting None Command Mode Privileged Exec Display Message Admin Mode: This field displays the administrative status of multicast. This is a configured value. Protocol State: This field indicates the current state of the multicast protocol. Possible values are Operational or Non-Operational.
Interface: Valid slot and port number separated by a forward slash. Group IP: The group IP address. Mask: The group IP mask. 7.3.1.3 show ip mcast interface This command displays the multicast information for the specified interface. Syntax show ip mcast interface <slot/port> <...
Page 396
None Command Mode Privileged Exec Display Message If the “detail” parameter is specified, the following fields are displayed: Source IP: This field displays the IP address of the multicast data source. Group IP: This field displays the IP address of the destination of the multicast packet. Expiry Time (secs): This field displays the time of expiry of this entry in seconds.
Page 397
RPF Neighbor: This field displays the IP address of the RPF neighbor. Flags: This field displays the flags associated with this entry. If the summary parameter is specified the follow fields are displayed: Source IP: This field displays the IP address of the multicast data source. Group IP: This field displays the IP address of the destination of the multicast packet.
This command displays all the static routes configured in the static mcast table if is specified or displays the static route associated with the particular <sourceipaddr>. Syntax show ip mcast mroute static [<sourceipaddr>] < sourceipaddr > - the IP Address of the multicast data source. Default Setting None Command Mode...
Command Mode Privileged Exec Display Message Router Interface: The IP address of this neighbor. Neighbor: The neighbor associated with the router interface. Metric: The metric value associated with this neighbor. TTL: The TTL threshold associated with this neighbor. Flags: Status of the neighbor. 7.3.1.6 show mstat This command is used to display the results of packet rate and loss information from the results buffer pool of the router, subsequent to the execution/completion of a ‘mstat...
show mtrace Default Setting None Command Mode Privileged Exec Display Message Hops Away From Destination: The ordering of intermediate routers between the source and the destination. Intermediate Router Address: The address of the intermediate router at the specified hop distance. Mcast Protocol In Use: The multicast routing protocol used for the out interface of the specified intermediate router.
Disbale Command Mode Global Config 7.3.2.2 ip multicast staticroute This command creates a static route which is used to perform RPF checking in multicast packet forwarding. The combination of the <sourceipaddr> and the <mask> fields specify the network IP address of the multicast packet source. The <groupipaddr> is the IP address of the next hop toward the source.
The source parameter is used to clear the routes in the mroute table entries containing the specified <sourceipaddr> or <sourceipaddr> [groupipaddr] pair. The source address is the source IP address of the multicast packet. The group address is the Group Destination IP address of the multicast packet.
no - This command deletes an administrative scope multicast boundary specified by <groupipaddr> and <mask> for which this multicast administrative boundary is applicable. <groupipaddr> is a group IP address and <mask> is a group IP mask. Default Setting None Command Mode Interface Config 7.3.2.5 ip multicast ttl-threshold This command applies the given <ttlthreshold>...
Syntax mrinfo [<ipaddr>] <ipaddr> - the IP address of the multicast capable router. Default Setting None Command Mode Privileged Exec 7.3.2.7 mstat This command is used to find the packet rate and loss information path from a source to a receiver (unicast router id of the host running mstat).
7.3.2.8 mtrace This command is used to find the multicast path from a source to a receiver (unicast router ID of the host running mtrace). A trace query is passed hop-by-hop along the reverse path from the receiver to the source, collecting hop addresses, packet counts, and routing error conditions along the path, and then the response is returned to the requestor.
no disable ip multicast mdebug mtrace no - This command is used to enable the processing capability of mtrace query on this router. If the mode is enabled, the mtrace queries received by the router are processed and forwarded appropriately by the router.
7.4.1.2 show ip pimdm interface This command displays the interface information for PIM-DM on the specified interface. Syntax show ip pimdm interface <slot/port> < slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Interface Mode: This field indicates whether PIM-DM is enabled or disabled on the specified interface. This is a configured value.
Privileged Exec Display Message Interface: Valid slot and port number separated by a forward slash. IP Address: This field indicates the IP Address that represents the PIM-DM interface. Nbr Count: This field displays the neighbor count for the PIM-DM interface. Hello Interval: This field indicates the time interval between two hello messages sent from the router on the given interface.
Syntax ip pimdm no ip pimdm no - This command disables the administrative mode of PIM-DM in the router. IGMP must be enabled before PIM-DM can be enabled. Default Setting Disabled Command Mode Global Config 7.4.2.2 ip pimdm mode This command sets administrative mode of PIM-DM on an interface to enabled. Syntax ip pimdm mode no ip pimdm mode...
Syntax ip pimdm query-interval <10 - 3600> no ip pimdm query-interval <10 - 3600> - This is time interval in seconds. no - This command resets the transmission frequency of hello messages between PIM enabled neighbors to the default value. Default Setting Command Mode Interface Config...
Data Threshold Rate (Kbps): This field shows the data threshold rate for the PIM-SM router. This is a configured value. Register Threshold Rate (Kbps): This field indicates the threshold rate for the RP router to switch to the shortest path. This is a configured value.
< slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Slot/Port: Valid slot and port number separated by a forward slash. IP Address: This field indicates the IP address of the specified interface. Subnet Mask: This field indicates the Subnet Mask for the IP address of the PIM interface. Mode: This field indicates whether PIM-SM is enabled or disabled on the specified interface.
Subnet Mask: This field indicates the Subnet Mask of this PIM-SM interface. Designated Router: This indicates the IP Address of the Designated Router for this interface. Neighbor Count: This field displays the number of neighbors on the PIM-SM interface. 7.5.1.5 show ip pimsm neighbor This command displays the neighbor information for PIM-SM on the specified interface.
< group-mask > - the multicast group address mask. candidate - this command display PIM-SM candidate-RP table information. all - this command display all group addresses. Default Setting None Command Mode Privileged Exec Display Message Group Address: This field specifies the IP multicast group address. Group Mask: This field specifies the multicast group address subnet mask.
Group Mask: This field displays the group mask for the group address. 7.5.1.8 show ip pimsm staticrp This command displays the static RP information for the PIM-SM router. Syntax show ip pimsm staticrp Default Setting None Command Mode Privileged Exec Display Message Address: This field displays the IP address of the RP.
Global Config 7.5.2.3 ip pimsm register-rate-limit This command is used to configure the Threshold rate for the RP router to switch to the shortest path. The rate is specified in Kilobytes per second. The possible values are 0 to 2000.
- This command is used to reset the Threshold rate for the RP router to switch to the shortest path to the default value. Default Setting Command Mode Global Config 7.5.2.4 ip pimsm spt-threshold This command is used to configure the Threshold rate for the last-hop router to switch to the shortest path.
ip pimsm staticrp <rp-address> <group-address> <group-mask> no ip pimsm staticrp <rp-address> <group-address> <group-mask> < rp-address > - the IP Address of the RP. < group-address > - the group address supported by the RP. < group-mask > - the group mask for the group address. no - This command is used to delete RP IP address for the PIM-SM router.
7.5.2.7 ip pimsm query-interval This command configures the transmission frequency of hello messages in seconds between PIM enabled neighbors. This field has a range of 10 to 3600 seconds. Syntax ip pimsm query-interval <10 - 3600> no ip pimsm query-interval <10 - 3600>...
7.5.2.9 ip pimsm cbsrhashmasklength This command is used to configure the CBSR hash mask length to be advertised in bootstrap messages for a particular PIM-SM interface. This hash mask length will be used in the hash algorithm for selecting the RP for a particular group. The valid range is 0 - 32. The default value is 30.
Page 421
<-1 - 255> - The preference value for the local interface. no - This command is used to reset the Candidate Rendezvous Point (CRP) for a particular PIM-SM interface to the default value. Default Setting Command Mode Interface Config...
Web browser by entering the switch’s IP address into the address bar. In this way, you can use your Web browser to manage the Switch from any remote PC station, just as if you were directly connected to the Network Switch’s console port.
8.2 Main Menu 8.2.1 System Menu 8.2.1.1 View ARP Cache The Address Resolution Protocol (ARP) dynamically maps physical (MAC) addresses to Internet (IP) addresses. This panel displays the current contents of the ARP cache. For each connection, the following information is displayed: The physical (MAC) Address The associated IP address The identification of the port being used for the connection...
Base MAC Address - The burned-in universally administered MAC address of this switch. Hardware Version - The hardware version of this switch. It is divided into four parts. The first byte is the major version and the second byte represents the minor version.
Viewing System Description Page Configurable Data System Name - Enter the name you want to use to identify this switch. You may use up to 31 alpha-numeric characters. The factory default is blank. System Location - Enter the location of this switch. You may use up to 31 alpha-numeric characters.
Page 427
MIBs Supported - The list of MIBs supported by the management agent running on this switch. Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.
Page 429
Web browser. The factory default is enabled. Java Mode - Enable or disable the java applet that displays a picture of the switch at the top right of the screen.
Page 430
When this threshold is reached for Telnet, the Telnet logon interface closes. The default value is 3. Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.
Page 431
Serial Port Login Timeout (minutes) - Specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection. Enter a number between 0 and 160: the factory default is 5. Entering 0 disables the timeout.
Page 432
Stop Bits - The number of stop bits per character. It is always 1. Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.
Page 433
'Read/Write' access, and all other accounts have 'Read Only' access. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
Page 434
You use this screen to configure login lists. A login list specifies the authentication method(s) you want used to validate switch or port access for the users associated with the list. The pre-configured users, admin and guest, are assigned to a pre-configured list named defaultList, which you may not delete.
Page 435
Note that this parameter will not appear when you first create a new login list. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch. These changes will not be retained across a power cycle unless you perform a save.
Page 436
User Account screen, you should assign that user to a login list for the switch using this screen and, if necessary, to a login list for the ports using the Port Access Control User Login Configuration screen. If you need to create a new login list for the user, you would do so on the Login Configuration screen.
10 and 1000000. IEEE 802.1D recommends a default of 300 seconds, which is the factory default. Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.
Page 438
(greater) MAC addresses. An exact match is required. Non-Configurable Data MAC Address - A unicast MAC address for which the switch has forwarding and/or filtering information. The format is a two byte hexadecimal VLAN ID number followed by a six byte MAC address with each byte separated by colons.
Enable or Disable logging by selecting the corresponding line on the pulldown entry field. Behavior Indicates the behavior of the log when it is full. It can either wrap around or stop when the log space is filled. Command Buttons Submit - Update the switch with the values you entered.
Page 440
Viewing Buffered Log Page This help message applies to the format of all logged messages which are displayed for the buffered log, persistent log, or console log. Format of the messages <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry -The above example indicates a user-level message (1) with severity 7 (debug) generated by component MSTP running in thread id 2110 on Aug 24 05:34:05 by line 318 of file mstp_api.c.
Page 441
Admin Mode - Enable/Disable the operation of the CLI Command logging by selecting the corresponding pulldown field and clicking Submit. Command Buttons Submit - Update the switch with the values you entered. Configuring Console Log Page This allows logging to any serial device attached to the host.
Page 442
Use this panel to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in FLASH memory, the switch will be reset. The log can hold at least 2,000 entries (the actual number depends on the platform and OS), and is erased when an attempt is made to add an entry after it is full.
Page 443
-Informational(6): informational messages -Debug(7): debug-level messages Command Buttons Submit - Update the switch with the values you entered. Refresh - Refetch the database and display it again starting with the first entry in the table. Delete - Delete a configured host.
Messages Ignored - The count of syslog messages ignored. Command Buttons Submit - Update the switch with the values you entered. Refresh - Refetch the database and display it again starting with the first entry in the table. 8.2.1.6 Managing Switch Interface...
Page 445
- The ifIndex of the interface table entry associated with this port. Command Buttons Submit - Update the switch with the values you entered. If you want the switch to retain the new values across a power cycle you must perform a save.
Page 446
Viewing Switch Interface Configuration Page This screen displays the status for all ports in the box. Selection Criteria MST ID - Select the Multiple Spanning Tree instance ID from the list of all currently configured MST ID's to determine the values displayed for the Spanning Tree parameters. Changing the selected MST ID will generate a screen refresh.
Page 447
Disable - spanning tree is disabled for this port. Forwarding State - The port's current state Spanning Tree state. This state controls what action a port takes on receipt of a frame. If the bridge detects a malfunctioning port it will place that port into the broken state.
Destination Port - Acts as a probe port and will recieve all the traffic from configured mirrored port(s). Default value is blank. Command Buttons Submit - Send the updated screen to the switch and cause the changes to take effect on the switch. Delete - Remove the selected session configuration. 8.2.1.7 Defining SNMP...
Page 450
If you select disable, the Community Name will become invalid. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
Page 451
Disable - do not send traps to the receiver. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
Page 452
Viewing SNMP supported MIBs Page This is a list of all the MIBs supported by the switch. Non-configurable Data Name - The RFC number if applicable and the name of the MIB. Description - The RFC title or MIB description.
8.2.1.8 Viewing Statistics Viewing the whole Switch Detailed Statistics Page Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this switch. Octets Received - The total number of octets of data received by the processor (excluding framing bits but including FCS octets).
Page 454
Dynamic VLAN Entries - The number of presently active VLAN entries on this switch that have been created by GVRP registration. VLAN Deletes - The number of VLANs on this switch that have been created and then deleted since the last reboot.
Page 455
Clear Counters - Clear all the counters, resetting all switch summary and detailed statistics to default values. The discarded packets count cannot be cleared. Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing the whole Switch Summary Statistics Page...
Page 456
Clear Counters - Clear all the counters, resetting all summary and switch detailed statistics to defaults. The discarded packets count cannot be cleared. Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Each Port Detailed Statistics Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured.
Page 457
Packets RX and TX 128-255 Octets - The total number of packets (including bad packets) received or transmitted that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 256-511 Octets - The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
Page 458
Packets Received 1024-1518 Octets - The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets). Packets Received > 1522 Octets - The total number of packets received that were longer than 1522 octets (excluding framing bits, but including FCS octets) and were otherwise well formed.
Page 459
Packets Transmitted 65-127 Octets - The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 128-255 Octets - The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
Page 460
Tx Oversized - The total nummber of frames that exceeded the max permitted frame size. This counter has a max increment rate of 815 counts per sec at 10 Mb/s. Underrun Errors - The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission.
Page 461
Refresh - Refresh the data on the screen with the present state of the data in the switch.
Page 463
Clear Counters - Clears all the counters, resetting all statistics for this port to default values. Clear All Counters - Clears all the counters for all ports, resetting all statistics for all ports to default values. Refresh – Refreshes the data on the screen with the present state of the data in the switch.
Command Buttons Reset - Select this button to reboot the switch. Any configuration changes you have made since the last time you issued a save will be lost. You will be shown a confirmation screen after you select the button.
Page 465
32 characters. The factory default is blank. TFTP File Name (Target) - Enter the name on the switch of the file you want to save. You may enter up to 32 characters. The factory default is blank.
Page 466
32 characters. The factory default is blank. TFTP File Name (Source) - Specify the file which you want to upload from the switch. Start File Transfer - To initiate the upload you need to check this box and then select the submit button.
Page 467
Delete files in flash. If the file type is used for system startup, then this file cannot be deleted. Configurable Data Configuration File - Configuration files. Runtime File - Run-time operation codes. Script File - Configuration script files. Command Buttons Remove File - Send the updated screen to the switch and perform the file remove.
Page 468
: (send count = 5, receive count = n). Configurable Data IP Address - Enter the IP address of the station you want the switch to ping. The initial value is blank. The IP Address you enter is not retained across a power cycle.
Page 469
Port Authen. State - the CDP administration mode for all ports which are Enable and Disable. Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Page 471
Clear - Clear all the counters, resetting all switch summary and detailed statistics to default values. The discarded packets count cannot be cleared. Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Traffic Statistics Page Use this menu to display CDP traffic statistics.
The factory default is enabled. This trap is triggered when the same user ID is logged into the switch more than once at the same time (either via telnet or the serial port). Spanning Tree - Enable or disable activation of spanning tree traps by selecting the corresponding line on the pull down entry field.
Page 473
System Utilities, Upload File from Switch. Non-Configurable Data Number of Traps since last reset - The number of traps that have occurred since the switch were last reset. Trap Log Capacity - The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries.
8.2.1.11 Configuring SNTP Configuring SNTP Global Configuration Page Configurable Data Client Mode - Specifies the mode of operation of SNTP Client. An SNTP client may operate in one of the following modes. • Disable- SNTP is not operational. No SNTP requests are sent from the client nor are any received SNTP messages processed.
Page 475
Allowed range is (0 to 10). Default value is 1. Command Buttons Submit - Sends the updated configuration to the switch. Configuration changes take effect immediately. Viewing SNTP Global Status Page Non-Configurable Data Version - Specifies the SNTP Version the client supports.
Page 476
• Server Kiss Of DeathThe SNTP server indicated that no further queries were to be sent to this server. This is indicated by a stratum field equal to 0 in a message received from a server. Server IP Address - Specifies the IP address of the server for the last received valid packet. If no message has been received from any server, an empty string is shown.
Page 477
Command Buttons Submit - Sends the updated configuration to the switch. Configuration changes take effect immediately. Delete - Deletes the SNTP Server entry. Sends the updated configuration to the switch. Configuration changes take effect immediately. Viewing SNTP Server Status Page...
Page 478
Address - Specifies all the existing Server Addresses. If no Server configuration exists, a message saying "No SNTP server exists" flashes on the screen. Last Update Time - Specifies the local date and time (UTC) that the response from this server was used to update the system clock.
Page 479
Second - Second. (Range: 0 - 59). Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. 8.2.1.12 Defining DHCP Client Configuring DHCP Restart Page This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the IP address command.
Text String - A text string. Hex Value - The hexadecimal value. Command Buttons Submit - Send the updated screen to the switch perform the setting DHCP client identifier. 8.2.2 Switching Menu 8.2.2.1 Managing Port-based VLAN Configuring Port-based VLAN Configuration Page Selection Criteria VLAN ID and Name - You can use this screen to reconfigure an existing VLAN, or to create a new one.
Page 482
Status - Indicates the current value of the participation parameter for the port. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
Page 483
Port Priority - Specify the default 802.1p priority assigned to untagged packets arriving at the port. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
Page 484
Viewing VLAN Port Summary Page Non-Configurable Data Slot/Port - The interface. Port VLAN ID - The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. Acceptable Frame Types - Specifies the types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All'.
Page 485
All ports are configured to transmit only untagged frames. GVRP is disabled on all ports and all dynamic entries are cleared. GVRP is disabled for the switch and all dynamic entries are cleared. GMRP is disabled on all ports and all dynamic entries are cleared.
8.2.2.2 Managing Protocol-based VLAN Protocol-based VLAN Configuration Page You can use a protocol-based VLAN to define filtering criteria for untagged packets. By default, if you do not configure any port- (IEEE 802.1Q) or protocol-based VLANs, untagged packets will be assigned to VLAN 1. You can override this behavior by defining either port-based VLANs or protocol-based VLANs, or both.
Page 487
Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
Refresh - Update the screen with the latest information. 8.2.2.3 Defining GARP Viewing GARP Information Page This screen shows the GARP Status for the switch and for the individual ports. Note that the timers are only relevant when the status for a port shows as enabled. Non-Configurable Data Switch GVRP - Indicates whether the GARP VLAN Registration Protocol administrative mode for this switch is enabled or disabled.
Page 489
The factory default is disabled. Command Buttons Submit - Update the switch with the values you entered. If you want the switch to retain the new values across a power cycle you must perform a save.
Page 490
GARP participant for each port. Command Buttons Submit - Update the switch with the values you entered. If you want the switch to retain the new values across a power cycle you must perform a save.
Command Buttons Submit - Update the switch with the values you entered. If you want the switch to retain the new values across a power cycle you must perform a save. You will only see this button if you have Read/Write...
Page 492
The default is disable. Group Membership Interval - Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group. Enter a value between 1 and 3600 seconds.
Page 493
Command Buttons Submit - Update the switch with the values you entered. If you want the switch to retain the new values across a power cycle you must perform a save. You will only see this button if you have Read/Write access privileges.
Page 494
Multicast Router Expiry Time - Sets the value for multicast router expiry time of IGMP Snooping for the specified VLAN ID. Valid range is 0 to 3600. Command Buttons Submit - Update the switch with the values you entered.
Page 495
Slot/Port - The select box lists all Slot/Ports. Select the interface for which you want Multicast Router to be enabled . Multicast Router - Enable or disable Multicast Router on the selected Slot/Port. Command Buttons Submit - Update the switch with the values you entered.
Page 496
VLAN ID - VLAN ID for which the Multicast Router Mode is to be Enabled or Disabled. Multicast Router - For the Vlan ID, multicast router may be enabled or disabled using this. Command Buttons Submit - Update the switch with the values you entered.
Page 497
Solt/Port(s) - List the ports you want included into L2Mcast Group. Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.
Page 498
Non-Configurable Data VLAN - L2Mcast Group's VLAN ID value. MAC Address - A multicast MAC address for which the switch has forwarding information. The format is a six-byte MAC address. For example: 01:00:5E:00:11:11. Slot/Ports - the interface number belongs to this Multicast Group.
Page 499
Viewing L2 Multicast Router Port Information Page Use this panel to display information about entries in the L2Mcast Static/Dynamic router ports. These entries are used by the transparent bridging function to determine how to forward a received frame. Selection Criteria Static - Displays static unit for L2Mcast router port(s).
Channel. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save. Delete - Removes the currently selected configured Port Channel. All ports that were members of this Port Channel are removed from the Port Channel and included in the default VLAN.
Page 501
Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Port-Channel Information Page Non-Configurable Data Port Channel - The Slot/Port identification of the Port Channel. Port Channel Name - The name of the Port Channel.
Active Ports - A listing of the ports that are actively participating members of this Port Channel, in Slot/Port notation. There can be a maximum of 8 ports assigned to a Port Channel. 8.2.2.6 Viewing Multicast Forwarding Database Viewing All of Multicast Forwarding Database Tables Page The Multicast Forwarding Database holds the port membership information for all active multicast address entries.
Page 503
Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing GMRP MFDB Table Page This screen will display all of the entries in the Multicast Forwarding Database that were created for the GARP Multicast Registration Protocol.
Page 504
Slot/Port(s) - The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Clear Entries - Clicking this button tells the IGMP Snooping component to delete all of its entries from the multicast forwarding database.
Configuring Switch Spanning Tree Configuration Page Configurable Data Spanning Tree Mode - Specifies whether spanning tree operation is enabled on the switch. Value is enabled or disabled Force Protocol Version - Specifies the Force Protocol Version parameter for the switch. The options are IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s The default value is IEEE 802.1w.
Page 506
Topology change count - Number of times topology has changed for the CST. Topology change - The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the CST. It takes a value if True or False.
Page 507
4096 and (2*4096-1) it will be set to 4096 and so on. VLAN ID - This gives a list box of all VLANs on the switch. The VLANs associated with the MST instance which is selected are highlighted on the list. These can be selected or unselected for re-configuring the association of VLANs to MST instances.
Page 508
Topology change - The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance. It takes a value if True or False. Designated root - The bridge identifier of the root bridge. It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost - Path Cost to the Designated Root for this MST instance.
Page 509
Port Path Cost - Set the Path Cost to a new value for the specified port in the common and internal spanning tree. It takes a value in the range of 1 to 200000000. Non-Configurable Data Auto-calculate Port Path Cost - Displays whether the path cost is automatically calculated (Enabled) or not (Disabled).
Page 510
Configuring each Port MST Configuration Page Selection Criteria MST ID - Selects one MST instance from existing MST instances. Slot/Port - Selects one of the physical or LAG interfaces associated with VLANs associated with the selected MST instance. Configurable Data Port Priority - The priority for a particular port within the selected MST instance.
Page 511
Port ID - The port identifier for the specified port within the selected MST instance. It is made up from the port priority and the interface number of the port. Port Up Time Since Counters Last Cleared - Time since the counters were last cleared, displayed in Days, Hours, Minutes, and Seconds.
Viewing Spanning Tree Statistics Page Selection Criteria Slot/Port - Selects one of the physical or LAG interfaces of the switch. Non-Configurable Data STP BPDUs Received - Number of STP BPDUs received at the selected port. STP BPDUs Transmitted - Number of STP BPDUs transmitted from the selected port.
Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save. 8.2.2.9 Managing Port Security Configuring Port Security Administration Mode Page Configurable Data Allow Port Security - Used to enable or disable the Port Security feature.
Page 514
Slot/Port - Selects the interface to be configured. Configurable Data Allow Port Security - Used to enable or disable the Port Security feature for the selected interface. Maximum Dynamic MAC Addresses allowed - Sets the maximum number of dynamically locked MAC addresses on the selected interface.
Page 515
Deleting Port Security Statically Configured MAC Address Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. VLAN ID - selects the VLAN ID corresponding to the MAC address being deleted. Configurable data MAC Address - Accepts user input for the MAC address to be deleted. Non-configurable data MAC Address - Displays the user specified statically locked MAC address.
Number of Dynamic MAC addresses learned - Displays the number of dynamically learned MAC addresses on a specific port. Viewing Port Security Violation Status Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. Non-configurable data Last Violation MAC Address - Displays the source MAC address of the last packet that was discarded at a locked port.
Page 517
Configurable Data Age Time - Enter the value you want the switch to use for the ARP entry ageout time. You must enter a valid integer, which represents the number of seconds it will take for an ARP entry to age out. The range for this field is 15 to 21600 seconds.
Page 518
Maximum Static Entries - Maximum number of Static Entries that can be defined. IP Address - The IP address of a device on a subnet attached to one of the switch's routing interfaces. MAC Address - The unicast MAC address for the device. The format is six two-digit hexadecimal numbers separated by colons, for example 00:06:29:32:81:40.
Maximum Next Hops - The maximum number of hops supported by the switch. This is a compile-time constant. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
Viewing IP Statistics The statistics reported on this panel are as specified in RFC 1213. Non-Configurable Data IpInReceives - The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors - The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
Page 521
that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion. IpNoRoutes - The number of IP datagrams discarded because no route could be found to transmit them to their destination. Note that this counter includes any packets counted in ipForwDatagrams which meet this `no-route' criterion.
Page 522
IcmpOutAddrMasks - The number of ICMP Address Mask Request messages sent. IcmpOutAddrMaskReps - The number of ICMP Address Mask Reply messages sent. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch.
00:06:29:32:81:40. Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.
OSPF Admin Mode* - Select enable or disable from the pulldown menu. If you select enable OSPF will be activated for the switch. The default value is disable. You must configure a Router ID before OSPF can become operational. You do this on the IP Configuration page or by issuing the CLI command: config router id.
Page 526
This number does not include newer instantiations of self-originated LSAs. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 527
Configuring Area Selection Criteria Area ID - Select the area to be configured. Configurable Data Import Summary LSAs - Select enable or disable from the pulldown menu. If you select enable summary LSAs will be imported into stub areas. Metric Value - Enter the metric value you want applied for the default route advertised into the stub area.
Page 528
'Create Stub Area' button will be displayed. If you have configured the area as a stub area a 'Delete Stub Area' button will be displayed. Otherwise neither button will be displayed. Type of Service - The type of service associated with the stub metric. The switch supports Normal only.
Page 529
Delete NSSA - Delete the DSSA. The area will e returned to normal state. Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Non-Configurable Data Area ID - The Area ID of the Stub area Type of Service - The type of service associated with the stub metric. The switch supports Normal only. Metric Value - Set the metric value you want applied for the default route advertised into the area. Valid values range from 1 to 16,777,215.
Page 531
Advertisement - The Advertisement mode for the address range and area. Command Buttons Create - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. The new address range will be added to the display in the non-configurable data area.
Page 532
LSAs Received - The number of link-state advertisements that have been received that have been determined to be new instantiations. This number does not include newer instantiations of self-originated link-state advertisements. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch.
Page 533
Configuring OSPF Interface Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data OSPF Admin Mode* - You may select enable or disable from the pulldown menu. The default value is 'disable.' You can configure OSPF parameters without enabling OSPF Admin Mode, but they will have no effect until you enable Admin Mode.
Page 534
Retransmit Interval - Enter the OSPF retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. Valid values range from 1 to 3600 seconds (1 hour).
Page 535
LSA Ack Interval - The number of seconds between LSA Acknowledgment packet transmissions, which must be less than the Retransmit Interval. OSPF Interface Type - The OSPF interface type, which will always be broadcast. State - The current state of the selected router interface. One of: Down - This is the initial interface state.
Page 536
Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Viewing Neighbor Table Information This panel displays the OSPF neighbor table list. When a particular neighbor ID is specified, detailed information about a neighbor is given.
Neighbor Interface Index - A Slot/Port identifying the neighbor interface index. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Configuring OSPF Neighbor This panel displays the OSPF neighbor configuration for a selected neighbor ID. When a particular neighbor ID is specified, detailed information about a neighbor is given.
Page 538
Hellos Suppressed - This indicates whether Hellos are being suppressed to the neighbor. Retransmission Queue Length - The current length of the retransmission queue. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch.
Page 539
Viewing OSPF Link State Database Non-Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). The Router ID is set on the IP Configuration page. If you want to change the Router ID you must first disable OSPF.
O - This describes whether Opaque-LSAs are supported. V - This describes whether OSPF++ extensions for VPN/COS are supported. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Configuring OSPF Virtual Link Selection Criteria Create New Virtual Link - Select this option from the dropdown menu to define a new virtual link.
Page 541
Dead Interval - Enter the OSPF dead interval for the specified interface in seconds. This specifies how long a router will wait to see a neighbor router's Hello packets before declaring that the router is down. This parameter must be the same for all routers attached to a network. This value should a multiple of the Hello Interval (e.g.
Page 542
Configure Authentication - Display a new screen where you can select the authentication method for the virtual link. Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 543
Iftransit Delay Interval - The OSPF Transit Delay for the virtual link in units of seconds. It specifies the estimated number of seconds it takes to transmit a link state update packet over this interface. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch.
Configuring OSPF Route Redistribution This screen can be used to configure the OSPF Route Redistribution parameters. The allowable values for each fields are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values. Configurable Data Configured Source - This select box is a dynamic selector and would be populated by only those Source Routes that have already been configured for redistribute by OSPF.
Page 545
Viewing OSPF Route Redistribution Summary Information This screen displays the OSPF Route Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by OSPF. Metric- The Metric of redistributed routes for the given Source Route. Display "Unconfigured" when not configured.
Agent options will be added to requests before they are forwarded to the server and removed from replies before they are forwarded to clients. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 547
Requests Relayed - The total number of BOOTP/DHCP requests forwarded to the server since the last time the switch was reset. Packets Discarded - The total number of BOOTP/DHCP packets discarded by this Relay Agent since the last time the switch was reset.
IP addresses. When you configure DNS on your switch, you can substitute the host name for the IP address with all IP commands, such as ping, telnet, traceroute, and related Telnet support operations.
Page 549
Delete - Deletes the domain name entry. Sends the updated configuration to the switch. Configuration changes take effect immediately. Delete All - Deletes all the domain name entries. Sends the updated configuration to the switch. Configuration changes take effect immediately.
Page 550
Command Buttons Submit - Sends the updated configuration to the switch. Configuration changes take effect immediately. Delete - Deletes the domain name server entry. Sends the updated configuration to the switch. Configuration changes take effect immediately. Viewing DNS Cache Summary Information The Domain Name System (DNS) dynamically maps domain name to Internet (IP) addresses.
Page 551
Submit - Sends the updated configuration to the switch. Configuration changes take effect immediately. Delete - Deletes the host entry. Sends the updated configuration to the switch. Configuration changes take effect immediately. Delete All - Deletes all the host entries. Sends the updated configuration to the switch. Configuration changes take effect immediately.
Global queries - The number of responses sent to RIP queries from other systems. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 553
RIP Admin Mode - Whether RIP is enabled or disabled on the interface. Link State - Whether the RIP interface is up or down. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch.
Page 554
Defining The Routing Interface’s RIP Configuration Page Selection Criteria Slot/Port - Select the interface for which data is to be configured. Configurable Data Send Version - Select the version of RIP control packets the interface should send from the pulldown menu.
Page 555
Configure Authentication - Display a new screen where you can select the authentication method for the virtual link. Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed...
Page 556
Configuring Route Redistribution Configuration This screen can be used to configure the RIP Route Redistribution parameters. The allowable values for each field are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values. Configurable Data Configured Source - This select box is a dynamic selector and would be populated by only those Source Routes that have already been configured for redistribute by RIP.
Page 557
Viewing Route Redistribution Configuration This screen displays the RIP Route Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by RIP. Metric- The Metric of redistributed routes for the given Source Route. Displays "Unconfigured" when not configured.
Higher numbered addresses are preferred. You must enter an integer. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. The changes will not be retained across a power cycle unless a save is performed.
Page 559
Viewing Router Discovery Status Non-Configurable Data Slot/Port - The router interface for which data is displayed. Advertise Mode - The values are enable or disable. Enable denotes that Router Discovery is enabled on that interface. Advertise Address - The IP Address used to advertise the router. Maximum Advertise Interval - The maximum time (in seconds) allowed between router advertisements sent from the interface.
8.2.3.8 Managing Route Table Viewing Router Route Table Non-Configurable Data Network Address - The IP route prefix for the destination. Subnet Mask - Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network. Protocol - This field tells which protocol created the specified route.
Page 561
Total Number of Routes - The total number of routes in the route table. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Router Best Route Table Non-Configurable Data Network Address - The IP route prefix for the destination.
Page 562
Total Number of Routes - The total number of routes in the route table. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Configuring Router Static Route Entry Selection Criteria Network Address - Specifies the IP route prefix for the destination.
Page 563
OSPF Intra OSPF Inter OSPF Type-1 OSPF Type-2 BGP4Local Next Hop Slot/Port - The outgoing router interface to use when forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination.
Page 564
Preference - Specifies a preference value for the configured next hop. Command Buttons Add Route - Go to a separate page where a route can be created. Configuring Router Route Preference Use this panel to configure the default preference for each protocol (e.g. 60 for static routes, 170 for BGP).
Local - This field displays the local route preference value. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 566
Instructions for creating a VLAN Enter a new VLAN ID in the field labeled VLAN ID. Click on the Create button. The page will be updated to display the interface and MAC address assigned to this new VLAN. The IP address and Subnet Mask fields will be 0.0.0.0. Note the interface assigned to the VLAN.
Select enable or disable from the pulldown menu. The default is disable. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 568
Interface IP Address - Indicates the IP Address associated with the selected interface. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 569
Viewing Virtual Router Status Non-Configurable Data VRID - Virtual Router Identifier. Slot/Port - Indicates the interface associate with the VRID. Priority - The priority value used by the VRRP router in the election for the master virtual router. Pre-empt Mode - Enable - if the Virtual Router is a backup router it will preempt the master router if it has a priority greater than the master virtual router's priority provided the master is not the owner of the virtual router IP address.
Page 570
Inactive Active Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Virtual Router Statistics Selection Criteria VRID and Slot/Port - Select the existing Virtual Router, listed by interface number and VRID, for which you want to display statistical information.
Page 571
Router Checksum Errors - The total number of VRRP packets received with an invalid VRRP checksum value. Router Version Errors - The total number of VRRP packets received with an unknown or unsupported version number. Router VRID Errors - The total number of VRRP packets received with an invalid VRID for this virtual router.
Refresh - Refresh the data on the screen with the present state of the data in the switch. 8.2.4 Security Menu 8.2.4.1 Managing Access Control (802.1x) Defining Access Control Page Configurable Data Administrative Mode - This selector lists the two options for administrative mode: enable and disable.
Page 573
Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. Configuring each Port Access Control Configuration Page Selection Criteria Port - Selects the port to be configured.
Page 574
It is not required to press the Submit button for the action to occur. Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Page 575
Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data Control Mode - Displays the configured control mode for the specified port. Options are: force unauthorized: The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized force authorized: The authenticator PAE unconditionally sets the controlled port to authorized.
Page 576
"Initialize" "Disconnected" "Connecting" "Authenticating" "Authenticated" "Aborting" "Held" "ForceAuthorized" "ForceUnauthorized". Backend State - This field displays the current state of the backend authentication state machine. Possible values are: "Request" "Response" "Success" "Fail" "Timeout" "Initialize" "Idle" Command Buttons Refresh - Update the information on the page.
Page 577
Viewing Access Control Summary Page Non-Configurable Data Port - Specifies the port whose settings are displayed in the current table row. Control Mode - This field indicates the configured control mode for the port. Possible values are: Force Unauthorized: The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized.
Page 578
Viewing each Port Access Control Statistics Page Selection Criteria Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data EAPOL Frames Received - This displays the number of valid EAPOL frames of any type that have been received by this authenticator.
Page 579
Last EAPOL Frame Source - This displays the source MAC address carried in the most recently received EAPOL frame. EAP Response/Id Frames Received - This displays the number of EAP response/identity frames that have been received by this authenticator. EAP Response Frames Received - This displays the number of valid EAP response frames (other than resp/id frames) that have been received by this authenticator.
Page 580
Login - Selects the login to apply to the specified user. All configured logins are displayed. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Port - Displays the port in Slot/Port format. Users - Displays the users that have access to the port. Command Buttons Refresh - Update the information on the page. 8.2.4.2 Managing RADIUS Configuring RADIUS Configuration Page Configurable Data Max Number of Retransmits - The value of the maximum number of times a request packet is retransmitted.
Page 582
0 and 3. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Page 583
Secret Configured - Indicates if the shared secret for this server has been configured. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Page 584
RADIUS Server IP Address - Selects the IP address of the RADIUS server for which to display statistics. Non-Configurable Data Round Trip Time (secs) - The time interval, in hundredths of a second, between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server.
Page 585
Secret Configured - Indicates if the secret has been configured for this accounting server. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Page 586
Viewing RADIUS Accounting Server Statistics Page Non-Configurable Statistics Accounting Server IP Address - Identifies the accounting server associated with the statistics. Round Trip Time (secs) - Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server.
Resetting All RADIUS Statistics Page Command Buttons Clear All RADIUS Statistics - This button will clear the accounting server, authentication server, and RADIUS statistics. 8.2.4.3 Defining TACACS Configuration Configuring TACACS Configuration Page Use this menu to configure the parameters for TACACS+, which is used to verify the login user's authentication.
Share Secret - The key only transmit between TACACS+ client and server.. Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. 8.2.4.5 Defining Secure Http Configuration Secure HTTP Configuration Page Configurable Data Admin Mode - This field is used to enable or disable the Administrative Mode of Secure HTTP.
SSH Connections in Use - Displays the number of SSH connections currently in use in the system. Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Table - Displays the current and maximum number of IP ACLs. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 592
Viewing IP Access Control List Summary Page Non-Configurable Data IP ACL ID - The IP ACL identifier. Rules - The number of rules currently configured for the IP ACL. Direction - The direction of packet traffic affected by the IP ACL. Direction can only be: Inbound Slot/Port(s) - The interfaces to which the IP ACL applies.
Page 593
Selection Criteria IP ACL ID - Use the pulldown menu to select the IP ACL for which to create or update a rule. Rule - Select an existing rule from the pulldown menu, or select 'Create New Rule.' ACL as well as an option to add a new Rule.
Page 594
Destination IP Address - Enter an IP address using dotted-decimal notation to be compared to a packet's destination IP Address as a match criteria for the selected extended IP ACL rule. Destination IP Mask - Specify the IP Mask in dotted-decimal notation to be used with the Destination IP Address value.
Page 595
MAC ACL if the ACL has already been created. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 596
Viewing MAC Access Control List Summary Page Non-Configurable Data MAC ACL Name - MAC ACL identifier. Rules - The number of rules currently configured for the MAC ACL. Direction - The direction of packet traffic affected by the MAC ACL. Valid Directions Inbound Slot/Port - The interfaces to which the MAC ACL applies.
Page 597
Configurable Data Rule - Enter a whole number in the range of (1 to 8) that will be used to identify the rule. Action - Specify what action should be taken if a packet matches the rule's criteria. The choices are permit or deny.
Page 598
Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Delete - Remove the currently selected Rule from the selected ACL. These changes will not be retained across a power cycle unless a save configuration is performed.
ACLs assigned to selected interface and direction. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. 8.2.5.2 Managing Differentiated Services...
Page 600
Class table - Displays the number of configured DiffServ classes out of the total allowed on the switch. Class Rule table - Displays the number of configured class rules out of the total allowed on the switch. Policy table - Displays the number of configured policies out of the total allowed on the switch.
Page 601
Class Selector - Along with an option to create a new class, this lists all the existing DiffServ class names, from which one can be selected. The content of this screen varies based on the selection of this field. If an existing class is selected then the screen will display the configured class. If '--create--' is selected, another screen appears to facilitate creation of a new class.
Page 602
Class Type - Displays types of the configured classes as 'all', 'any', or 'acl'. Class types are platform dependent. Reference Class/ACL Number - Displays name of the configured class of type 'all' or 'any' referenced by the specified class of the same type. For the specified class type of 'acl', the ACL number attached to the specified class is displayed.
Page 603
Viewing DiffServ Policy Summary Page Non-Configurable Data Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as 'In'. Member Classes - Displays name of each class instance within the policy. Configuring DiffServ Policy Class Definition Page Selection Criteria Policy Selector - This lists all the existing DiffServ policy names, from which one can be selected.
Page 604
Viewing DiffServ Policy Attribute Summary Page Non-Configurable Data Policy Name - Displays name of the specified DiffServ policy. Policy Type - Displays type of the specified policy as 'In’ or 'Out'. Class Name - Displays name of the DiffServ class to which this policy is attached. Attribute - Displays the attributes attached to the policy class instances.
Page 605
Slot/Port - Shows the Slot/Port that uniquely specifies an interface. Direction - Shows the traffic direction of this service interface. Oper. Status - Shows the operational status of this service interface, either Up or Down. Policy Name - Shows the name of the attached policy. Viewing DiffServ Service Summary Page Non-Configurable Data Slot/Port - Shows the Slot/Port that uniquely specifies an interface.
Page 606
Viewing DiffServ Service Detailed Statistics Page This screen displays class-oriented statistical information for the policy, which is specified by the interface and direction. The 'Member Classes' drop down list is populated on the basis of the specified interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy-class instance for the specified interface and direction.
8.2.5.3 Configuring Diffserv Wizard Page Operation The DiffServ Wizard enables DiffServ on the switch by creating a traffic class, adding the traffic class to a policy, and then adding the policy to the ports selected on DiffServ Wizard page. The DiffServ Wizard will: Create a DiffServ Class and define match criteria used as a filter to determine if incoming traffic meets the requirements to be a member of the class.
8.2.5.4 Managing Class of Service Managing Table Configuration Page Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Configurable Data Interface Trust Mode - Specifies whether or not to trust a particular packet marking at ingress. Interface Trust Mode can only be one of the following: untrusted trust dot1p...
Page 609
IP Precedence Value - Displays IP Precedence value. Valid Range is (0 to 7). Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 610
Command Buttons Restore Defaults - Restores default settings. Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Configuring CoS interface queue Selection Criteria Slot/Port - Specifies all CoS configurable interfaces.
Page 611
Restore Defaults for All Queues - Restores default settings for all queues on the selected interface. Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Minimum Bandwidth - Specifies the minimum guaranteed bandwidth allotted to this queue. The value 0 means no guaranteed minimum. Sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed defined maximum (100). Scheduler Type - Specifies the type of scheduling used for this queue. Scheduler Type can only be one of the following: strict weighted...
Page 613
Reachable Routes - The number of routes in the DVMRP routing table that have a non-infinite metric. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Page 614
Viewing DVMRP Configuration Summary Selection Criteria Slot/Port - Select the interface for which data is to be displayed. You must configure at least one router interface before you can display data for a DVMRP interface. Otherwise you will see a message telling you that no router interfaces are available, and the configuration summary screen will not be displayed.
Page 615
Neighbor Expiry Time - The DVMRP expiry time for the specified neighbor on the selected interface. This is the time left before this neighbor entry will age out, and is not applicable if the neighbor router's state is down. Generation ID - The DVMRP generation ID for the specified neighbor on the selected interface. Major Version - The DVMRP Major Version for the specified neighbor on the selected interface.
Page 616
Viewing DVMRP Next Hop Configuration Summary Non-Configurable Data Source IP - The IP address used with the source mask to identify the source network for this table entry. Source Mask - The network mask used with the source IP address. Next Hop Interface - The outgoing interface for this next hop.
Page 617
Viewing DVMRP Prune Summary Non-Configurable Data Group IP - The group address which has been pruned. Source IP - The address of the source or source network which has been pruned. Source Mask - The subnet mask to be combined with the source IP address to identify the source or source network which has been pruned.
Source Mask - The subnet mask to be combined with the source address to identify the sources for this entry. Upstream Neighbor - The address of the upstream neighbor (e.g., RPF neighbor) from which IP datagrams from these sources are received. Interface - The interface on which IP datagrams sent by these sources are received.
Page 619
Configuring IGMP Interface Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured from the pulldown menu. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for an IGMP interface, otherwise an error message will be displayed.
Page 620
Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Viewing IGMP Configuration Summary Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed. Slot 0 is the base unit. Non-Configurable Data Interface Mode - The administrative status of IGMP on the selected interface.
Page 621
Query Max Response Time - The maximum query response time advertised in IGMPv2 queries sent from the selected interface. Robustness - The robustness parameter for the selected interface. This variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the robustness variable may be increased.
Page 622
Viewing IGMP Cache Information Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed. Slot 0 is the base unit. Multicast Group IP - Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you will not be able to make this selection, and none of the non-configurable data will be displayed.
Page 623
Version 1 Host Timer - The time remaining until the local router will assume that there are no longer any IGMP version 1 members on the IP subnet attached to this interface. When an IGMPv1 membership report is received, this timer is reset to the group membership timer. While this timer is non-zero, the local router ignores any IGMPv2 leave messages for this group that it receives on the selected interface.
Source Filter Mode - The source filter mode (Include/Exclude/NA) for the specified group on this interface. Source Hosts - This parameter shows source addresses which are members of this multicast address. Expiry Time - This parameter shows expiry time interval against each source address which are members of this multicast group.
Page 625
Configuring Interface’s Multicast Configuration Page Selection Criteria Slot/Port - Select the routing interface you want to configure from the dropdown menu. Configurable Data TTL Threshold - Enter the TTL threshold below which a multicast data packet will not be forwarded from the selected interface.
Page 626
Source IP - Enter the IP address of the multicast packet source to be combined with the Group IP to fully identify a single route whose Mroute table entry you want to display or clear. You may leave this field blank.
Page 627
Configurable Data Source IP - Enter the IP Address that identifies the multicast packet source for the entry you are creating. Source Mask - Enter the subnet mask to be applied to the Source IP address. RPF Neighbor - Enter the IP address of the neighbor router on the path to the source. Metric - Enter the link state cost of the path to the multicast source.
Page 628
Configuring Multicast Admin Boundary Configuration Page The definition of an administratively scoped boundary is a mechanism is a way to stop the ingress and egress of multicast traffic for a given range of multicast addresses on a given routing interface. Selection Criteria Group IP - Select 'Create Boundary' from the pulldown menu to create a new admin scope boundary, or select one of the existing boundary specifications to display or update its configuration.
Slot/Port - The router interface to which the administratively scoped address range is applied. Group IP - The multicast group address for the start of the range of addresses to be excluded. Group Mask - The mask that is applied to the multicast group address. The combination of the mask and the Group IP gives the range of administratively scoped addresses for the selected interface.
Page 630
Non-Configurable Data Router Interface - The IP address of the router interface for which configuration information was requested. Neighboring router's IP Address - The IP address of the neighboring router. Metric - The routing metric for this router. TTL Threshold - The time-to-live threshold on this hop. Flags - The flags indicating whether the router is an IGMP querier or whether or not it has neighbors (leaf router).
Page 631
Viewing Mstat Summary Page This screen is used to display the results of an mstat command. Non-Configurable Data This screen shows the path taken by multicast traffic between the specified IP addresses. Forward data flow is indicated by arrows pointing downward and the query path is indicated by arrows pointing upward. For each hop, both the entry and exit addresses of the router are shown if different, along with the initial TTL required for packets to be forwarded at this hop and the propagation delay across the hop.
Page 632
Admin Mode - Select enable or disable from the pulldown menu. If you select enable the router will process and forward mtrace requests received from other routers, otherwise received mtrace requests will be discarded. This field is non-configurable for read-only users. Command Buttons Submit - Send the updated configuration to the router.
Viewing Mtrace Summary Page This screen displays the results of an mtrace command. The mtrace command is used to trace the path from source to a destination branch for a multicast distribution tree. Non-Configurable Data Number of hops away from destination - The number of hops away from the destination. IP address of intermediate router - The IP address of the intermediate router in the path being traced between source and destination for the hop number in the previous field.
Page 634
Configuring Interface’s PIM-DM Configuration Page Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed or configured. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for a PIM-DM interface, otherwise an error message will be displayed.
Protocol State - The operational state of the PIM-DM protocol on this interface. Hello Interval - The frequency at which PIM hello messages are transmitted on the selected interface. IP Address - The IP address of the selected interface. Neighbor Count - The number of PIM neighbors on the selected interface. Designated Router - The designated router on the selected PIM interface.
Page 636
Data Threshold Rate - Enter the minimum source data rate in K bits/second above which the last-hop router will switch to a source-specific shortest path tree. The valid values are from (0 to 2000 K bits/sec) . The default value is 50.
Page 637
Configuring Interface’s PIM-SM Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured. Slot 0 is the base unit. Configurable Data Mode - Select enable or disable from the pulldown menu to set the administrative status of PIM-SM in the router.
Page 638
Protocol State - The operational state of the PIM-SM protocol on this interface. IP Address - The IP address of the selected PIM interface. Net Mask - The network mask for the IP address of the selected PIM interface. Designated Router - The Designated Router on the selected PIM interface. For point-to- point interfaces, this object has the value 0.0.0.0.
Page 639
Component Index - Unique number identifying the component index. Component BSR Address - Displays the IP address of the bootstrap router (BSR) for the local PIM region. Component BSR Expiry Time - Displays the minimum time remaining before the bootstrap router in the local domain will be declared.
Page 640
Group Address - The group address transmitted in Candidate-RP-Advertisements. Group Mask - The group address mask transmitted in Candidate-RP-Advertisements to fully identify the scope of the group which the router will support if elected as a Rendezvous Point. Address - Displays the unicast address of the interface which will be advertised as a Candidate RP. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the router.