Page 1 ProSAFE M7100 Managed Switches Comman d-Lin e Inter face ( C LI ) Refe re n ce Manua l Sof twa re Versio n 10 .1.0 Mod e l M7100-24X October 2013 202-11332-01 350 East Plumeria Drive San Jose, CA 95134...
Page 2 Trademarks NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © NETGEAR, Inc. All rights reserved.
Page 3 ProSAFE M7100 Managed Switches (continued) (continued) (continued) (continued) • IPv6 MLD-Proxy Commands • PoE Commands • Priority-Based Flow Control Commands • Energy Detect Mode Commands In addition, this revision includes multiple individual command additions, command changes, and command removals. 202-11166-02 February 2013 Updated document.
Page 4: Table Of Contents
Contents Chapter 1 Use the Command-Line Interface Command Syntax ............9 Command Conventions .
Page 5 ProSAFE M7100 Managed Switches MAC Database Commands ..........155 ISDP Commands .
Page 6 ProSAFE M7100 Managed Switches Chapter 7 Utility Commands Auto Install Commands ..........364 Dual Image Commands .
Page 7 ProSAFE M7100 Managed Switches Chapter 9 Green Ethernet Commands Energy Efficient Ethernet (EEE) Commands ....... . 583 Chapter 10 Log Messages Core .
Page 8: Chapter 1 Use The Command-Line Interface
Use the Command-Line Interface The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes.
Page 9: Command Syntax
ProSAFE M7100 Managed Switches Command Syntax A command is one or more words that might be followed by one or more parameters. Parameters can be required or optional values. Some commands, such as show network and clear vlan, do not require parameters. Other commands, such as network parms, require that you supply a value after the command.
Page 10: Common Parameter Values
ProSAFE M7100 Managed Switches Table 1. Parameter Conventions Symbol Example Description <value> <> angle brackets Indicates that you must enter a value in place of the brackets and text inside them. [] square brackets Indicates an optional parameter that you can enter in place [<value>] of the brackets and text inside them.
Page 11: Slot/Port Naming Convention
ProSAFE M7100 Managed Switches Table 2. Parameter Descriptions (continued) Parameter Description Logical Interface Represents a logical slot and port number. This is applicable in the case of a port-channel (LAG). You can use the logical slot/port to configure the port-channel. Character strings Use double quotation marks to identify character strings, for example, “System Name with Spaces”.
Page 12: Using A Command's "No" Form
ProSAFE M7100 Managed Switches Using a Command’s “No” Form The no keyword is a specific form of an existing command and does not represent a new or distinct command. Almost every configuration command has a no form. In general, use the no form to reverse the action of a command or reset a value back to the default.
Page 13 ProSAFE M7100 Managed Switches Note: The command modes available on your switch depend on the software modules that are installed. For example, a switch that does not support BGPv4 does not have the Router BGPv4 Command Mode. Table 5. CLI Command Modes Command Mode Prompt Mode Description...
Page 14 ProSAFE M7100 Managed Switches Table 5. CLI Command Modes (continued) Command Mode Prompt Mode Description ARP Access-List Contains commands to add ARP ACL rules in an Switch (Config-arp-access-list)# Config Mode ARP Access List. VPC Domain Config Contains the VPC domain configuration Switch (Config-VPC 1)# Mode commands.
Page 15: Special Command-Mode Independent Commands
ProSAFE M7100 Managed Switches Table 6. CLI Mode Access and Exit (continued) Command Mode Access Method Exit or Access Previous Mode TACACS Config From the Global Config mode, enter To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. tacacs-server host <ip-addr>, in which <ip-addr>...
Page 16: Command Completion And Abbreviation
ProSAFE M7100 Managed Switches In other words, to execute a command that is normally supported only in Privileged EXEC mode, you do not need to switch to Privileged EXEC mode as long as you place the do command before the command that is normally supported only in Privileged EXEC mode. Format do <command in Privileged EXEC mode>...
Page 17: Cli Error Messages
ProSAFE M7100 Managed Switches CLI Error Messages If you enter a command and the system is unable to execute it, an error message appears. Table 7 describes the most common CLI error messages. Table 7. CLI Error Messages Message Text Description % Invalid input detected at '^' marker.
Page 18: Using Cli Help
ProSAFE M7100 Managed Switches Table 8. CLI Editing Conventions (continued) Key Sequence Description Ctrl-Y Prints last deleted character Ctrl-Q Enables serial flow Ctrl-S Disables serial flow Ctrl-Z Return to root command prompt Tab, <SPACE> Command-line completion Exit Go to next lower command prompt List available commands, keywords, or parameters Using CLI Help Enter a question mark (?) at the command prompt to display the commands available in the...
Page 19: Accessing The Cli
ProSAFE M7100 Managed Switches If there are no additional command keywords or parameters, or if more parameters are optional, the following message appears in the output: <cr> Press Enter to execute the command You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example: (switch) #show m? mac-addr-table...
Page 20: Chapter 2 Switching Commands
Switching Commands This chapter describes the switching commands available in the managed switch CLI. This chapter contains the following sections: • Port Configuration Commands • Loopback Interface Commands • Spanning Tree Protocol (STP) Commands • VLAN Commands • Double VLAN Commands •...
Page 21 ProSAFE M7100 Managed Switches The commands in this chapter are in three functional groups: • Show commands display switch settings, statistics, and other information. • Configuration commands configure features and options of the switch. Every switch command has a show command that displays the configuration setting. •...
Page 22: Port Configuration Commands
ProSAFE M7100 Managed Switches Port Configuration Commands interface This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port). Format interface <slot/port> Mode Global Config interface vlan This command gives you access to the vlan virtual interface mode, which allows certain port configurations (for example, the IP address) to be applied to the VLAN interface.
Page 23: Auto-Negotiate All
ProSAFE M7100 Managed Switches no auto-negotiate This command disables automatic negotiation on a port. Note: Automatic sensing is disabled when automatic negotiation is disabled. auto-negotiate all This command enables automatic negotiation on all ports. Default enabled Format auto-negotiate all Mode Global Config no auto-negotiate all This command disables automatic negotiation on all ports.
Page 24: Shutdown All
ProSAFE M7100 Managed Switches Default 1518 (untagged) Format mtu <1518-9216> Mode Interface Config no mtu This command sets the default MTU size (in bytes) for the interface. Format no mtu Mode Interface Config shutdown This command disables a port. Note: You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces.no shutdown Format...
Page 25: Show Port Advertise
ProSAFE M7100 Managed Switches no shutdown all This command enables all ports. Format no shutdown all Mode Global Config speed This command sets the speed and duplex setting for the interface. Format speed [auto] [{<100 | 10 | 10G> {half-duplex | full-duplex>}}] Mode Interface Config speed all...
Page 26: Show Port
Admin Local Link Advertisement no yes no Oper Local Link Advertisement yes no Oper Peer Advertisement yes yes Priority Resolution (Netgear Switch)#show port advertise Port Type Operational Link Advertisement --------- ------------------------------ ----------- ------------------------------ Gigabit - Level Enabled 1000f, 100f, 100h, 10f, 10h...
Page 27: Show Port Protocol
ProSAFE M7100 Managed Switches Term Definition Link Trap This object determines whether to send a trap when link status changes. The factory default is enabled. LACP Mode LACP is enabled or disabled on this port. show port protocol This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.
Page 28: Loopback Interface Commands
ProSAFE M7100 Managed Switches Term Definition Interface Valid slot and port number separated by forward slashes. Media Type “Copper” or “Fiber” for combo port. STP Mode Indicate the spanning tree mode of the port. Physical Mode Either “Auto” or fixed speed and duplex mode. Physical Status The actual speed and duplex mode.
Page 29: Show Interface Loopback
ProSAFE M7100 Managed Switches show interface loopback This command displays information about configured loopback interfaces. Format show interface loopback [<loopback-id>] Mode Privileged EXEC If you do not specify a loopback ID, the following information appears for each loopback interface on the system: Term Definition Loopback ID...
Page 30: Spanning Tree Protocol (Stp) Commands
ProSAFE M7100 Managed Switches Spanning Tree Protocol (STP) Commands This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability. spanning-tree This command sets the spanning-tree operational mode to enabled. Default enabled Format...
Page 31: Spanning-Tree Bpdufilter
ProSAFE M7100 Managed Switches spanning-tree bpdufilter Use this command to enable BPDU Filter on an interface or range of interfaces. Default disabled Format spanning-tree bpdufilter Mode Interface Config no spanning-tree bpdufilter Use this command to disable BPDU Filter on the interface or range of interfaces. Default disabled Format...
Page 32: Spanning-Tree Bpduguard
ProSAFE M7100 Managed Switches no spanning-tree bpduflood Use this command to disable BPDU Flood on the interface. Format no spanning-tree bpduflood Mode Interface Config spanning-tree bpduguard Use this command to enable BPDU Guard on the switch. Default disabled Format spanning-tree bpduguard Mode Global Config no spanning-tree bpduguard...
Page 33: Spanning-Tree Configuration Revision
ProSAFE M7100 Managed Switches no spanning-tree configuration name This command resets the Configuration Identifier Name to its default. Format no spanning-tree configuration name Mode Global Config spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using.
Page 34: Spanning-Tree Edgeport
ProSAFE M7100 Managed Switches spanning-tree edgeport This command specifies that this port is an edge port within the Common and Internal Spanning Tree. This allows this port to transition to Forwarding State without delay. enabled Default Format spanning-tree edgeport Mode Interface Config no spanning-tree edgeport This command specifies that this port is not an edge port within the Common and Internal...
Page 35: Spanning-Tree Forward-Time
ProSAFE M7100 Managed Switches spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the Common and Internal Spanning Tree. The forward-time value is in seconds within a range of 4–30, with the value being greater than or equal to “(Bridge Max Age / 2) + 1”. Default Format spanning-tree forward-time <4-30>...
Page 36: Spanning-Tree Transmit
ProSAFE M7100 Managed Switches no spanning-tree tcnguard This command disables the propagation of received topology change notifications and topology changes to other ports. Format no spanning-tree tcnguard Mode Interface Config spanning-tree transmit This command specifies the bridge transmit hold count parameter, which is a number from 1 to Default Format spanning-tree transmit <hold-count>...
Page 37: Spanning-Tree Mst
ProSAFE M7100 Managed Switches no spanning-tree max-hops This command sets the Bridge Max Hops parameter for the Common and Internal Spanning Tree to the default value. Format no spanning-tree max-hops Mode Global Config spanning-tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the Common and Internal Spanning Tree.
Page 38: Spanning-Tree Mst Instance
ProSAFE M7100 Managed Switches If you specify external-cost, this command sets the external path cost for this port for mst ‘0’ instance, to the default value, that is, a path cost value based on the Link Speed. If you specify port-priority, this command sets the priority for this port within a specific multiple spanning tree instance or the Common and Internal Spanning Tree instance, depending on the <mstid>...
Page 39: Spanning-Tree Mst Vlan
ProSAFE M7100 Managed Switches no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the default value. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. If 0 (defined as the default CIST ID) is passed as the <mstid>, this command sets the Bridge Priority parameter for the Common and Internal Spanning Tree to the default value.
Page 40: Spanning-Tree Port Mode All
ProSAFE M7100 Managed Switches no spanning-tree port mode This command sets the Administrative Switch Port State for this port to disabled. Format no spanning-tree port mode Mode Interface Config spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to enabled. Default enabled Format...
Page 41: Show Spanning-Tree Brief
ProSAFE M7100 Managed Switches Term Definition Designated Root The bridge identifier of the root bridge. It is made up from the bridge priority and the base MAC address of the bridge. Root Path Cost Value of the Root Path Cost parameter for the Common and Internal Spanning Tree. Root Port Identifier of the port to access the Designated Root for the CST Identifier...
Page 42: Show Spanning-Tree Interface
ProSAFE M7100 Managed Switches show spanning-tree interface This command displays the settings and parameters for a specific switch port within the Common and Internal Spanning Tree. The <slot/port> is the desired switch port. The following details are displayed on execution of the command. Format show spanning-tree interface <slot/port>...
Page 43: Show Spanning-Tree Mst Port Detailed
ProSAFE M7100 Managed Switches show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <slot/port> is the desired switch port.
Page 44 ProSAFE M7100 Managed Switches If you specify 0 (defined as the default CIST ID) as the <mstid>, this command displays the settings and parameters for a specific switch port within the Common and Internal Spanning Tree. The <slot/port> is the desired switch port. In this case, the following are displayed. Term Definition Port Identifier...
Page 45: Show Spanning-Tree Mst Port Summary
ProSAFE M7100 Managed Switches Term Definition Loop Inconsistent The current loop inconsistent state of this port in this MST instance. When in loop State inconsistent state, the port has failed to receive BPDUs while configured with loop guard enabled. Loop inconsistent state maintains the port in a "blocking" state until a subsequent BPDU is received.
Page 46: Show Spanning-Tree Mst Summary
ProSAFE M7100 Managed Switches Term Definition mstid The ID of the existing MST instance. Interface slot/port STP Mode Indicates whether spanning tree is enabled or disabled on the port. Type Currently not used. STP State The forwarding state of the port in the specified spanning tree instance. Port Role The role of the specified port within the spanning tree.
Page 47: Show Spanning-Tree Vlan
ProSAFE M7100 Managed Switches Term Definition Spanning Tree Enabled or disabled. Adminmode Spanning Tree Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based Version upon the Force Protocol Version parameter. BPDU Guard Enabled or disabled. Mode BPDU Filter Mode Enabled or disabled.
Page 48: Vlan Commands
ProSAFE M7100 Managed Switches VLAN Commands This section describes the commands you use to configure VLAN settings. vlan database This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format vlan database Mode Privileged EXEC network mgmt_vlan This command configures the Management VLAN ID.
Page 49: Vlan Acceptframe
ProSAFE M7100 Managed Switches no vlan This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range; Use '-' for range. Format no vlan <vlan-list>...
Page 50: Vlan Makestatic
ProSAFE M7100 Managed Switches no vlan ingressfilter This command disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Format no vlan ingressfilter Mode...
Page 51: Vlan Participation
ProSAFE M7100 Managed Switches no vlan name This command sets the name of a VLAN to a blank string. Format no vlan name <1-4093> Mode VLAN Config vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number.
Page 52: Vlan Port Acceptframe All
ProSAFE M7100 Managed Switches vlan port acceptframe all This command sets the frame acceptance mode for all interfaces. Default Format vlan port acceptframe all {vlanonly | all} Mode Global Config The modes defined as follows: Mode Definition VLAN Only mode Untagged frames or priority frames received on this interface are discarded.
Page 53: Vlan Port Pvid All
ProSAFE M7100 Managed Switches no vlan port ingressfilter all This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Format no vlan port ingressfilter all Mode...
Page 54: Vlan Protocol Group
ProSAFE M7100 Managed Switches vlan protocol group This command adds protocol-based VLAN groups to the system. When it is created, the protocol group will be assigned a unique number (1-128) that will be used to identify the group in subsequent commands. Format vlan protocol group <1-128>...
Page 55: Protocol Group
ProSAFE M7100 Managed Switches no vlan protocol group add protocol This command removes the <protocol> from this protocol-based VLAN group that is identified by this <groupid>. The possible values for protocol are ip, arp, and ipx. Format no vlan protocol group add protocol <groupid> ethertype {<protocol-list>...
Page 56: Vlan Pvid
ProSAFE M7100 Managed Switches no protocol vlan group This command removes the interface from this protocol-based VLAN group that is identified by this <groupid>. Format no protocol vlan group <groupid> Mode Interface Config protocol vlan group all This command adds all physical interfaces to the protocol-based VLAN identified by <groupid>. You can associate multiple interfaces with a group, but you can only associate each interface and protocol combination with one group.
Page 57: Vlan Tagging
ProSAFE M7100 Managed Switches vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range;...
Page 58: Show Vlan
ProSAFE M7100 Managed Switches no vlan association mac This command removes the association of a MAC address to a VLAN. Format no vlan association mac <macaddr> Mode VLAN Config show vlan This command displays a list of all configured VLAN. Format show vlan Mode...
Page 59: Show Vlan Internal Usage
ProSAFE M7100 Managed Switches Term Definition Current The degree of participation of this port in this VLAN. The permissible values are: • Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard. •...
Page 60: Show Vlan Association Subnet
ProSAFE M7100 Managed Switches Term Definition Interface Valid slot and port number separated by forward slashes. It is possible to set the parameters for all ports by using the selectors on the top line. Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port.
Page 61: Double Vlan Commands
ProSAFE M7100 Managed Switches Term Definition MAC Address A MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. VLAN ID A VLAN Identifier (VID) is associated with each VLAN.
Page 62: Mode Dvlan-Tunnel
ProSAFE M7100 Managed Switches mode dvlan-tunnel Use this command to enable Double VLAN Tunneling on the specified interface. Note: When you use the mode dvlan-tunnel command on an interface, it becomes a service provider port. Ports that do not have double VLAN tunneling enabled are customer ports.
Page 63: Voice Vlan Commands
ProSAFE M7100 Managed Switches show dvlan-tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces. Format show dvlan-tunnel [interface {<slot/port>...
Page 64: Voice Vlan Data Priority
ProSAFE M7100 Managed Switches no voice vlan (Global Config) Use this command to disable the Voice VLAN capability on the switch. Format no voice vlan Mode Global Config voice vlan (Interface Config) Use this command to enable the Voice VLAN capability on the interface. Default disabled Format...
Page 65: Provisioning (Ieee 802.1P) Commands
ProSAFE M7100 Managed Switches show voice vlan Format show voice vlan [interface {<slot/port> | all}] Mode Privileged EXEC When the interface parameter is not specified, only the global mode of the Voice VLAN is displayed. Term Definition Administrative The Global Voice VLAN mode. Mode When the interface is specified: Term...
Page 66: Garp Commands
ProSAFE M7100 Managed Switches vlan priority This command configures the default 802.1p port priority assigned for untagged packets for a specific interface. The range for the priority is 0–7. Default Format vlan priority <priority> Mode Interface Config GARP Commands This section describes the commands you use to configure Generic Attribute Registration Protocol (GARP) and view GARP status.
Page 67: Set Garp Timer Leaveall
ProSAFE M7100 Managed Switches This can be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. The leave time is 20–600 (centiseconds). The value 60 centiseconds is 0.6 seconds. Default Format set garp timer leave <20-600>...
Page 68: Gvrp Commands
ProSAFE M7100 Managed Switches show garp This command displays GARP information. Format show garp Mode • Privileged EXEC • User EXEC Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system. GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system.
Page 69: Set Gvrp Interfacemode
ProSAFE M7100 Managed Switches set gvrp interfacemode This command enables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). Default disabled Format set gvrp interfacemode Mode • Interface Config • Global Config no set gvrp interfacemode This command disables GVRP on a single port (Interface Config mode) or all ports (Global Config mode).
Page 70: Gmrp Commands
ProSAFE M7100 Managed Switches Term Definition LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis.
Page 71: Show Gmrp Configuration
ProSAFE M7100 Managed Switches disabled on that interface. GARP functionality is subsequently re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled. Default disabled Format set gmrp interfacemode Mode • Interface Config •...
Page 72: Alternative Store And Forward Commands
ProSAFE M7100 Managed Switches Term Definition LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis.
Page 73: Flow Control Commands
ProSAFE M7100 Managed Switches no cut-through mode This command disables the cut-through mode. Format no cut-through mode Mode Global Config show cut-through mode Use this command to view the current and configured status of the cut-through mode. Format show cut-through mode Mode Global Config Flow Control Commands...
Page 74: Show Flowcontrol
ProSAFE M7100 Managed Switches no flowcontrol Format no flowcontrol Mode • Global Config • Interface Config show flowcontrol Use this command to display the IEEE 802.3 Annex 31B flow control settings and status for a specific interface or all interfaces. It also displays 802.3 Tx and Rx pause counts. Priority Flow Control frames counts are not displayed.
Page 75: Port-Channel/Lag (802.3Ad) Commands
ProSAFE M7100 Managed Switches Port-Channel/LAG (802.3ad) Commands This section describes the commands you use to configure port-channels, which are also known as link aggregation groups (LAGs). Link aggregation allows you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing.
Page 76: Deleteport (Global Config)
ProSAFE M7100 Managed Switches deleteport (Global Config) This command deletes all configured ports from the port-channel (LAG). The interface is a logical slot/port number of a configured port-channel. To clear the port channels, see clear port-channel on page 405 Format deleteport <logical slot/port>...
Page 77: Lacp Actor Admin State Individual
ProSAFE M7100 Managed Switches no lacp collector max delay Use this command to configure the default port-channel collector max delay. Format no lacp collector max-delay Mode Interface Config lacp actor admin key Use this command to configure the administrative value of the LACP actor admin key. The valid range for <key>...
Page 78: Lacp Actor Admin State Longtimeout
ProSAFE M7100 Managed Switches lacp actor admin state longtimeout Use this command to set LACP actor admin state to longtimeout. Format lacp actor admin state longtimeout Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout.
Page 79: Lacp Actor Port Priority
ProSAFE M7100 Managed Switches lacp actor port priority Use this command to configure the priority value assigned to the Aggregation Port. The valid range for <priority> is 0–255. Default 0x80 Format lacp actor port priority <priority> Mode Interface Config Note: This command is only applicable to physical interfaces.
Page 80: Lacp Partner Admin State Individual
ProSAFE M7100 Managed Switches lacp partner admin state individual Use this command to set LACP partner admin state to individual. Format lacp partner admin state individual Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner admin state individual Use this command to set the LACP partner admin state to aggregation.
Page 81: Lacp Partner Port Id
ProSAFE M7100 Managed Switches lacp partner admin state passive Use this command to set the LACP partner admin state to passive. Format lacp partner admin state passive Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner admin state passive Use this command to set the LACP partner admin state to active.
Page 82: Lacp Partner Port Priority
ProSAFE M7100 Managed Switches lacp partner port priority Use this command to configure the LACP partner port priority. The valid range for <priority> is 0–255. Default Format lacp partner port priority <priority> Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner port priority Use this command to configure the default LACP partner port priority.
Page 83: Lacp Partner System Priority
ProSAFE M7100 Managed Switches lacp partner system priority Use this command to configure the administrative value of the priority associated with the Partner’s System ID. The valid range for <priority> is 0–65535. Default Format lacp partner system priority <priority> Mode Interface Config Note: This command is applicable only to physical interfaces.
Page 84: Port Lacpmode
ProSAFE M7100 Managed Switches static mode for a new port-channel enabled, which means the port-channel is static. You can only use this command on port-channel interfaces. Default disabled Format port-channel static Mode Interface Config no port-channel static This command sets the static mode on a particular port-channel (LAG) interface to the default value.
Page 85: Port Lacptimeout (Global Config)
ProSAFE M7100 Managed Switches port lacptimeout (Interface Config) This command sets the time-out on a physical interface of a particular device type (actor or partner) to either a long or a short time-out. Default long Format port lacptimeout {actor | partner} {long | short} Mode Interface Config no port lacptimeout...
Page 86: Port-Channel Linktrap
ProSAFE M7100 Managed Switches no port-channel adminmode This command disables a port-channel (LAG). This command clears every configured port-channel with the same administrative mode setting. Format no port-channel adminmode [all] Mode Global Config port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a logical enables link trap notifications for all slot/port for a configured port-channel.
Page 87: Port-Channel Min-Links
ProSAFE M7100 Managed Switches Default Format port-channel load-balance {1 | 2 | 3 | 4 | 5 | 6 | 7} {<slot/port> | all} Mode Interface Config Global Config Term Definition Source MAC, VLAN, EtherType, and incoming port associated with the packet Destination MAC, VLAN, EtherType, and incoming port associated with the packet Source/Destination MAC, VLAN, EtherType, and incoming port associated with the packet...
Page 88: Show Lacp Actor
ProSAFE M7100 Managed Switches port-channel name This command defines a name for the port-channel (LAG). The interface is a logical slot/port for a configured port-channel, and <name> is an alphanumeric string up to 15 characters. Format port-channel name {<logical slot/port> | <name>} Mode Global Config port-channel system priority...
Page 89: Show Lacp Partner
ProSAFE M7100 Managed Switches show lacp partner Use this command to display LACP partner attributes. Format show lacp partner {<slot/port> | all} Mode Privileged EXEC The following output parameters are displayed. Parameter Description System Priority The administrative value of priority associated with the Partner’s System ID. System ID The value representing the administrative value of the Aggregation Port’s protocol Partner’s System ID.
Page 90: Show Port-Channel
ProSAFE M7100 Managed Switches show port-channel This command displays an overview of all port-channels (LAGs) on the switch. Format show port-channel {<logical slot/port> | all} Mode • Privileged EXEC • User EXEC Term Definition Logical Interface Valid slot and port number separated by forward slashes. Port-Channel The name of this port-channel (LAG).
Page 91 The number of times a port member is inactive, either because the link is down, or because Counters the admin state is disabled. The following CLI output is an example of the command output. (Netgear Switch) #show port-channel 0/3/1 counters Local Interface........ 3/1 Channel Name........... ch1 Link State........... Down Admin Mode..........
Page 92: Multichassis Lag Commands
ProSAFE M7100 Managed Switches Multichassis LAG Commands In a Layer 2 network, a multichassis link aggregation group (MLAG) can provide a better convergency period and bandwidth than STP. If a port-channel member goes down, the MLAG provides a quicker convergence period than STP. An MLAG also provides more bandwidth than STP because all links across multiple devices can be used to handle traffic.
Page 93: Role Priority
ProSAFE M7100 Managed Switches role priority This command configures the priority of the MLAG switch. This value of the priority is used for the MLAG role election. The priority value is sent to the peer in the MLAG keep-alive messages. The configurable range for priority is 1-255.
Page 94: Peer-Keepalive Enable
ProSAFE M7100 Managed Switches no peer-keepalive timeout This command resets the keep-alive timeout value to the default value of 5 seconds. Format no peer-keepalive timeout Mode VPC Domain Config peer-keepalive enable If MLAG is globally enabled, this command starts the keep-alive state machine on the MLAG switch.
Page 95: Peer Detection Enable
ProSAFE M7100 Managed Switches no peer-keepalive destination This command removes the IP addresses of the peer MLAG switches. Format no peer-keepalive destination <ip-address> source <ip-address> [udp-port <port>] Mode VPC Domain Config peer detection enable This command enables the dual control plane detection protocol (DCPDC) on an MLAG switch. For the DCPDP to start on an MLAG switch, you first have to configure the IP addresses of the peer MLAG switches with the peer-keepalive destination command.
Page 96: Show Vpc Brief
Format show vpc brief Mode Privileged EXEC The following CLI output is an example of the command output. (Netgear Switch) #show vpc brief VPC config Mode........ Enabled Keepalive config mode......Enabled VPC operational Mode......Enabled Self Role........Primary Peer Role........Secondary Peer detection.........
Page 97: Show Vpc Role
MLAG, and the member ports with their link status on the switch and the peer switch. Format show vpc <id> Mode Privileged EXEC The following CLI output is an example of the command output. (Netgear Switch) #show vpc 10 VPC id#10 ----------------- Config mode......Enabled Operational mode......Enabled Port channel......lag 1...
Page 98: Show Vpc Statistics
ProSAFE M7100 Managed Switches The following CLI output is an example of the command output. (Netgear Switch) #show vpc role Self ---- Keepalive config mode......Enabled Keepalive operational mode..... Enabled Priority........100 System MAC........00:10:18:82:18:63 Timeout........5 VPC State........Primary VPC Role........
Page 99: Clear Vpc Statistics
ProSAFE M7100 Managed Switches Example 1: The following shows example CLI display output for the command. (Netgear Switch) #show vpc statistics peer-keepalive Total trasmitted........123 Tx successful........118 Tx errors........5 Total received........115 Rx successful........108 Rx Errors.........7 Timeout counter........6 Example 2: The following shows another example CLI display output for the command.
Page 100: Port Mirroring Commands
ProSAFE M7100 Managed Switches Port Mirroring Commands Port mirroring, which is also known as port monitoring, selects network traffic that you can analyze with a network analyzer, such as a SwitchProbe device or other Remote Monitoring (RMON) probe. In additional to the port mirroring, VLAN-based mirroring, remote switched port analyzer (RSPAN)-based and flow-based mirroring are also supported.
Page 101: Monitor Session Destination
ProSAFE M7100 Managed Switches Using the following options, you can specify a specific source for the session. Parameters Description source interface Use the interface <unit/slot/port> parameter to specify the interface to monitor, the cpu parameter to specify the CPU to monitor, or the lag <lag-group-id>...
Page 102: Monitor Session Mode
ProSAFE M7100 Managed Switches Using the following options, you can specify a specific source for the session. Parameters Description destination interface Use the interface <unit/slot/port> parameter to specify the interface to receive the monitored traffic. destination remote vlan Create an RSPAN VLAN on the intermediate switch. Configure the ports that are connected to the source switch and destination switch as participants in the RSPAN VLAN.
Page 103: Show Monitor Session
ProSAFE M7100 Managed Switches no monitor session This command removes a specified mirrored port from the session. The <session-id> parameter is an integer value that is used to identify the session. However, you always need to enter 1 for the <session-id> parameter. Format no monitor session <session-id>...
Page 104: Dhcp L2 Relay Agent Commands
The IP ACL ID or name that is attached to the port mirroring session. MAC ACL The MAC ACL name that is attached to the port mirroring session. The following is an example of the CLI command output: (Netgear Switch) #show monitor session 1 Session Admin Probe Mirrored Ref.
Page 105: Dhcp L2Relay Vlan
ProSAFE M7100 Managed Switches dhcp l2relay circuit-id vlan Use this parameter to set the DHCP Option-82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Vlan-list range is 1–4093. Separate non-consecutive IDs with a comma (,), and do not insert spaces or zeros in between the range.
Page 106: Dhcp L2Relay Trust
DHCP L2 Relay is Enabled. Interface L2RelayMode TrustMode ---------- ----------- -------------- Enabled untrusted Disabled trusted VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Disabled Enabled --NULL— Enabled Enabled --NULL— Enabled Enabled netgear Enabled Disabled --NULL— Enabled Disabled --NULL— Switching Commands...
Page 107: Show Dhcp L2Relay Interface
ProSAFE M7100 Managed Switches Enabled Disabled --NULL— Enabled Disabled --NULL— show dhcp l2relay circuit-id vlan Use this command to display the DHCP circuit ID configuration that is specific to VLANs. For the <vlan-list> parameter, enter one or more VLAN IDs in the range of 1 to 4093. Use a dash (-) to specify a range or a comma(,) to separate VLAN IDs in a list.
Page 108: Show Dhcp L2Relay Vlan
DHCP L2 Relay is Enabled. VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Enabled Enabled --NULL— Enabled Enabled netgear Enabled Disabled --NULL— Enabled Disabled --NULL— Enabled Disabled --NULL— Enabled Disabled --NULL-- show dhcp l2relay vlan Use this command to display the DHCP configuration that is specific to VLANs. For the <vlan-list>...
Page 109: Dhcp Client Commands
ProSAFE M7100 Managed Switches DHCP Client Commands DHCP Client can include vendor and configuration information in DHCP client requests relayed to a DHCP server. This information is included in DHCP Option 60, Vendor Class Identifier. The information is a string of 128 octets. dhcp client vendor-id-option Use this command to enable the inclusion of DHCP Option-60, Vendor Class Identifier included in the requests transmitted to the DHCP server by the DHCP client operating in the switch.
Page 110: Igmp Snooping Configuration Commands
ProSAFE M7100 Managed Switches The following CLI output is an example of the command output. (switch) #show dhcp client vendor-id-option DHCP Client Vendor Identifier Option ... Enabled DHCP Client Vendor Identifier Option string ..Client. IGMP Snooping Configuration Commands This section describes the commands you use to configure IGMP snooping. The software supports IGMP Versions 1, 2, and 3.
Page 111: Set Igmp Interfacemode
ProSAFE M7100 Managed Switches no set igmp This command disables IGMP Snooping on the system, an interface, or a VLAN. Format no set igmp Mode • Global Config • Interface Config Format no set igmp <vlanid> Mode VLAN Config set igmp interfacemode This command enables IGMP Snooping on all interfaces.
Page 112: Set Igmp Groupmembership-Interval
ProSAFE M7100 Managed Switches Default disabled Format set igmp fast-leave Mode Interface Config Format set igmp fast-leave <vlan_id> Mode VLAN Config no set igmp fast-leave This command disables IGMP Snooping fast-leave admin mode on a selected interface. Format no set igmp fast-leave Mode Interface Config Format...
Page 113: Set Igmp Maxresponse
ProSAFE M7100 Managed Switches no set igmp groupmembership-interval This command sets the IGMPv3 Group Membership Interval time to the default value. Format no set igmp groupmembership-interval Mode • Interface Config • Global Config Format no set igmp groupmembership-interval <vlan_id> Mode VLAN Config set igmp maxresponse This command sets the IGMP Maximum Response time for the system, or on a particular...
Page 114: Set Igmp Mcrtrexpiretime
ProSAFE M7100 Managed Switches set igmp mcrtrexpiretime This command sets the Multicast Router Present Expiration time. The time is set for the system, on a particular interface or VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.
Page 115: Set Igmp Mrouter Interface
ProSAFE M7100 Managed Switches set igmp mrouter interface This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Default disabled Format set igmp mrouter interface Mode Interface Config...
Page 116: Show Igmpsnooping
ProSAFE M7100 Managed Switches Default Enabled Format set igmp header-validation Mode Global Config no set igmp header-validation This command disabled the IGMP IP header validation.. Format no set igmp header-validation Mode Global Config show igmpsnooping This command displays IGMP Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled.
Page 117: Show Igmpsnooping Mrouter Interface
ProSAFE M7100 Managed Switches Term Definition Group The amount of time in seconds that a switch will wait for a report from a particular group on Membership a particular interface before deleting the interface from the entry. This value may be Interval configured.
Page 118: Show Igmpsnooping Mrouter Vlan
ProSAFE M7100 Managed Switches show igmpsnooping mrouter vlan This command displays information about statically configured ports. Format show igmpsnooping mrouter vlan <slot/port> Mode Privileged EXEC Term Definition Interface The port on which multicast router information is being displayed. VLAN ID The list of VLANs of which the interface is a member.
Page 119: Show Igmpsnooping Ssm Groups
ProSAFE M7100 Managed Switches Term Definition Interfaces The displayed information depends on the Source Filter Mode: • The Source Filter Mode is Include. Specifies the list of interfaces on which an incoming packet is forwarded if the following conditions occur: - The source IP address of the incoming packet is equal to the source IP address of the database entry.
Page 120: Igmp Snooping Querier Commands
ProSAFE M7100 Managed Switches show igmpsnooping ssm stats This command displays the statistics of the IGMP snooping SSMFDB. Format show igmpsnooping ssm stats Mode Privileged EXEC Term Definition Total Entries The total number of entries that potentially can be in the IGMP snooping SSMFDB. Most SSMFDB The largest number of entries that have been present in the IGMP snooping SSMFDB.
Page 121: Set Igmp Querier Query-Interval
ProSAFE M7100 Managed Switches Note: The Querier IP Address assigned for a VLAN takes preference over global configuration. The IGMP Snooping Querier application supports sending periodic general queries on the VLAN to solicit membership reports. Default disabled Format set igmp querier [<vlan-id>] [address <ipv4_address>] Mode •...
Page 122: Set Igmp Querier Timer Expiry
ProSAFE M7100 Managed Switches set igmp querier timer expiry Use this command to set the IGMP Querier timer expiration period. It is the time period that the switch remains in Non-Querier mode once it has discovered that there is a Multicast Querier in the network.
Page 123: Show Igmpsnooping Querier
ProSAFE M7100 Managed Switches no set igmp querier election participate Use this command to set the Snooping Querier not to participate in querier election but go into non-querier mode as soon as it discovers the presence of another querier in the same VLAN. Format no set igmp querier election participate Mode...
Page 124: Mld Snooping Commands
ProSAFE M7100 Managed Switches Field Description Querier VLAN The IP address will be used in the IPv4 header while sending out IGMP queries on this VLAN. It Address can be configured using the appropriate command. Operational The version of IPv4 will be used while sending out IGMP queries on this VLAN. Version Last Querier Indicates the IP address of the most recent Querier from which a Query was received.
Page 125: Set Mld Interfacemode
ProSAFE M7100 Managed Switches Default disabled Format set mld <vlanid> Mode • Global Config • Interface Config • VLAN Mode no set mld Use this command to disable MLD Snooping on the system. Format no set mld <vlanid> Mode • Global Config •...
Page 126: Set Mld Groupmembership-Interval
ProSAFE M7100 Managed Switches Note: You should enable fast-leave admin mode only on VLANs where only one host is connected to each Layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving multicast traffic directed to that group.
Page 127: Set Mld Maxresponse
ProSAFE M7100 Managed Switches no set groupmembership-interval Use this command to set the MLDv2 Group Membership Interval time to the default value. Format no set mld groupmembership-interval Mode • Interface Config • Global Config • VLAN Mode set mld maxresponse Use this command to set the MLD Maximum Response time for the system, on a particular interface or VLAN.
Page 128: Set Mld Mrouter
ProSAFE M7100 Managed Switches no set mld mcrtexpiretime Use this command to set the Multicast Router Present Expiration time to 0. The time is set for the system, on a particular interface or a VLAN. Format no set mld mcrtexpiretime <vlanid> Mode •...
Page 129: Show Mldsnooping
ProSAFE M7100 Managed Switches show mac-address-table mldsnooping Use this command to display the MLD Snooping entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table mldsnooping Mode Privileged EXEC Term Definition VLAN ID The VLAN in which the MAC address is learned. MAC Address A multicast MAC address for which the switch has forwarding or filtering information.
Page 130: Show Mldsnooping Mrouter Interface
ProSAFE M7100 Managed Switches When you specify the <slot/port> value, the following information displays. Term Definition MLD Snooping Indicates whether MLD Snooping is active on the interface. Admin Mode Fast Leave Mode Indicates whether MLD Snooping Fast Leave is active on the VLAN. Group Shows the amount of time in seconds that a switch will wait for a report from a particular Membership...
Page 131: Show Mldsnooping Ssm Entries
ProSAFE M7100 Managed Switches Term Definition Interface Shows the interface on which multicast router information is being displayed. VLAN ID Displays the list of VLANs of which the interface is a member. show mldsnooping ssm entries This command displays the source specific multicast forwarding database that is built by MLD snooping.
Page 132: Show Mldsnooping Ssm Stats
ProSAFE M7100 Managed Switches show mldsnooping ssm entries This command displays the source specific multicast forwarding database that is built by MLD snooping. Format show mldsnooping ssm entries Mode Privileged EXEC Term Definition VLAN The VLAN on which the MLDv2 information is received. Group The IPv6 multicast group address.
Page 133: Mld Snooping Querier Commands
ProSAFE M7100 Managed Switches MLD Snooping Querier Commands In an IPv6 environment, MLD Snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the MLD Querier. The MLD query responses, known as MLD reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
Page 134: Set Mld Querier Timer Expiry
ProSAFE M7100 Managed Switches set mld querier query_interval Use this command to set the MLD Querier Query Interval time. This is the amount of time in seconds that the switch waits before sending another general query. Default disabled Format set mld querier query_interval <1-18000> Global Config Mode no set mld querier query_interval...
Page 135: Show Mldsnooping Querier
ProSAFE M7100 Managed Switches no set mld querier election participate Use this command to set the snooping querier not to participate in querier election, but go into a non-querier mode as soon as it discovers the presence of another querier in the same VLAN. Format no set mld querier election participate Mode...
Page 136: Lldp (802.1Ab) Commands
ProSAFE M7100 Managed Switches Field Description Querier VLAN The IP address will be used in the IPv6 header while sending out MLD queries on this VLAN. Address It can be configured using the appropriate command. This version of IPv6 will be used while sending out MLD queriers on this VLAN. Operational Version Last Querier...
Page 137: Lldp Timers
ProSAFE M7100 Managed Switches no lldp receive Use this command to return the reception of LLDPDUs to the default value. Format no lldp receive Mode Interface Config lldp timers Use this command to set the timing parameters for local data transmission on ports enabled for LLDP.
Page 138: Lldp Notification
ProSAFE M7100 Managed Switches no lldp transmit-tlv Use this command to remove an optional TLV from the LLDPDUs. Use the command without parameters to remove all optional TLVs from the LLDPDU. Format no lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] Mode Interface Config lldp transmit-mgmt Use this command to include transmission of the local system management address information in...
Page 139: Clear Lldp Statistics
ProSAFE M7100 Managed Switches lldp notification-interval Use this command to configure how frequently the system sends remote data change notifications. The <interval> parameter is the number of seconds to wait between sending notifications. The valid interval range is 5-3600 seconds. Default Format lldp notification-interval <interval>...
Page 140: Show Lldp Interface
ProSAFE M7100 Managed Switches Term Definition Re-initialization The delay before re-initialization, in seconds. Delay Notification How frequently the system sends remote data change notifications, in seconds. Interval show lldp interface Use this command to display a summary of the current LLDP configuration for a specific interface or for all interfaces.
Page 141: Show Lldp Remote-Device
ProSAFE M7100 Managed Switches Term Definition Total Drops Total number of times that the complete received remote data was not inserted because of insufficient resources. Total Ageouts Total number of times a complete remote data entry was deleted because the Time to Live interval expired.
Page 142 ProSAFE M7100 Managed Switches Term Definition Port ID The port number that transmitted the LLDPDU. System Name The system name of the remote device. The following shows example CLI display output for the command. (switch) #show lldp remote-device all LLDP Remote Device Summary Local Interface RemID Chassis ID...
Page 143 ProSAFE M7100 Managed Switches Term Definition Chassis ID The type of identification used in the Chassis ID field. Subtype Chassis ID The chassis of the remote device. Port ID Subtype The type of port on the remote device. Port ID The port number that transmitted the LLDPDU.
Page 144: Show Lldp Local-Device
ProSAFE M7100 Managed Switches show lldp local-device Use this command to display summary information about the advertised LLDP local data. This command can display summary information or detail for each interface. Format show lldp local-device {<slot/port> | all} Mode Privileged EXEC Term Definition Interface...
Page 145: Lldp-Med Commands
ProSAFE M7100 Managed Switches LLDP-MED Commands Link Layer Discovery Protocol - Media Endpoint Discovery (LLDP-MED) (ANSI-TIA-1057) provides an extension to the LLDP standard. Specifically, LLDP-MED provides extensions for network configuration and policy, device location, Power over Ethernet (PoE) management and inventory management.
Page 146: Lldp Med All
ProSAFE M7100 Managed Switches lldp med transmit-tlv Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set will be transmitted in the Link Layer Discovery Protocol Data Units (LLDPDUs). Default By default, the capabilities and network policy TLVs are included. Format lldp med transmit-tlv [capabilities] [ex-pd] [ex-pse] [inventory] [location] [network-policy]...
Page 147: Lldp Med Confignotification All
ProSAFE M7100 Managed Switches no lldp med all Use this command to remove LLDP-MD on all ports. Format no lldp med all Mode Global Config lldp med confignotification all Use this command to configure all the ports to send the topology change notification. lldp med confignotification all Format Mode...
Page 148: Show Lldp Med
ProSAFE M7100 Managed Switches lldp med transmit-tlv all Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set will be transmitted in the Link Layer Discovery Protocol Data Units (LLDPDUs). Default By default, the capabilities and network policy TLVs are included. Format lldp med transmit-tlv all [capabilities] [ex-pd] [ex-pse] [inventory] [location] [network-policy]...
Page 149: Show Lldp Med Interface
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (switch) #show lldp med LLDP MED Global Configuration Fast Start Repeat Count: Device Class: Network Connectivity (switch) # show lldp med interface Use this command to display a summary of the current LLDP MED configuration for a specific interface.
Page 150: Show Lldp Med Local-Device Detail
ProSAFE M7100 Managed Switches 0/10 Down Disabled Disabled Disabled 0/11 Down Disabled Disabled Disabled 0/12 Down Disabled Disabled Disabled 0/13 Down Disabled Disabled Disabled 0/14 Down Disabled Disabled Disabled TLV Codes: 0- Capabilities, 1- Network Policy 2- Location, 3- Extended PSE 4- Extended Pd, 5- Inventory --More-- or (q)uit...
Page 151 ProSAFE M7100 Managed Switches Term Definition Serial Num Shows the local serial number. Mfg Name Shows the manufacture name. Model Name Shows the model name. The following shows example CLI display output for the command. (Switch) #show lldp med local-device detail 0/8 LLDP MED Local Device Detail Interface: 0/8 Network Policies...
Page 152: Show Lldp Med Remote-Device
ProSAFE M7100 Managed Switches Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp med remote-device This command displays summary information about remote devices that transmit current LLDP MED data to the system.
Page 153: Show Lldp Med Remote-Device Detail
ProSAFE M7100 Managed Switches show lldp med remote-device detail Use this command to display detailed information about remote devices that transmit current LLDP MED data to an interface on the system. Format show lldp med remote-device detail <slot/port> Mode Privileged EXEC Term Definition Supported...
Page 154 ProSAFE M7100 Managed Switches Term Definition Device Type Shows the remote device’s PoE device type connected to this port. Available Shows the remote port’s PSE power value in tenths of a watt. Source Shows the remote port’s PSE power source. Priority Shows the remote port’s PSE priority.
Page 155: Mac Database Commands
ProSAFE M7100 Managed Switches Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low MAC Database Commands...
Page 156: Show Forwardingdb Agetime
ProSAFE M7100 Managed Switches show forwardingdb agetime This command displays the timeout for address aging. Format show forwardingdb agetime Mode Privileged EXEC Term Definition Address Aging This parameter displays the address aging timeout for the associated forwarding database. Timeout show mac-address-table multicast This command displays the Multicast Forwarding Database (MFDB) information.
Page 157: Isdp Commands
ProSAFE M7100 Managed Switches Term Definition Max MFDB Table The total number of entries that can possibly be in the Multicast Forwarding Database table. Entries Most MFDB The largest number of entries that have been present in the Multicast Forwarding Database Entries Since Last table.
Page 158: Isdp Timer
ProSAFE M7100 Managed Switches isdp timer This command sets the period of time between sending new ISDP packets. The range is given in seconds. Default 30 seconds Format isdp timer <5-254> Mode Global Config isdp advertise-v2 This command enables the sending of ISDP version 2 packets from the device. Default Enabled Format...
Page 159: Clear Isdp Counters
ProSAFE M7100 Managed Switches clear isdp counters This command clears ISDP counters. Format clear isdp counters Mode Privileged EXEC clear isdp table This command clears entries in the ISDP table. Format clear isdp table Mode Privileged EXEC show isdp This command displays global ISDP settings. Format show isdp Mode...
Page 160: Show Isdp Interface
ProSAFE M7100 Managed Switches show isdp interface This command displays ISDP settings for the specified interface. Format show isdp interface {all | <slot/port>} Mode Privileged EXEC Term Definition Mode ISDP mode enabled/disabled status for the interface(s). show isdp entry This command displays ISDP entries. If the device id is specified, then only entries for that device are shown.
Page 161: Show Isdp Traffic
ProSAFE M7100 Managed Switches Term Definition Device ID The device ID associated with the neighbor which advertised the information. IP Addresses The IP addresses associated with the neighbor. Capability ISDP functional capabilities advertised by the neighbor. Platform The hardware platform advertised by the neighbor. Interface The interface (slot/port) on which the neighbor's advertisement was received.
Page 162: Debug Isdp Packet
ProSAFE M7100 Managed Switches Term Definition ISDPv1 Packets Received Total number of ISDPv1 packets received ISDPv1 Packets Transmitted Total number of ISDPv1 packets transmitted ISDPv2 Packets Received Total number of ISDPv2 packets received ISDPv2 Packets Transmitted Total number of ISDPv2 packets transmitted ISDP Bad Header Number of packets received with a bad header ISDP Checksum Error...
Page 163: Chapter 3 Multicast Vlan Registration (Mvr)
Multicast VLAN Registration (MVR) This chapter contains the following sections: • About MVR • MVR Commands...
Page 164: About Mvr
ProSAFE M7100 Managed Switches About MVR Internet Group Management Protocol (IGMP) Layer 3 is widely used for IPv4 network multicasting. In Layer 2 networks, IGMP uses resources inefficiently. For example, a Layer 2 switch multicast traffic to all ports, even if there are receivers connected to only a few ports. To address this problem, the IGMP Snooping protocol was developed.
Page 165: Mvr Mode
ProSAFE M7100 Managed Switches no mvr group This command removes the MVR membership group. Format no mvr group <A.B.C.D> [count] Mode Global Config mvr mode This command changes the MVR mode type. If the mode is set to compatible, the switch does not learn multicast groups;...
Page 166: Mvr Vlan
ProSAFE M7100 Managed Switches mvr vlan This command sets the MVR multicast VLAN. Default Format mvr vlan <1-4094> Mode Global Config no mvr vlan This command sets the MVR multicast VLAN to the default value. Format no mvr vlan Mode Global Config mvr immediate This command enables MVR immediate leave mode.
Page 167: Mvr Type
ProSAFE M7100 Managed Switches mvr type This command sets the MVR port type. When a port is set as source, it is the port to which the multicast traffic flows using the multicast VLAN. When a port is set to receiver, it is the port where a listening host is connected to the switch.
Page 168: Show Mvr Members
ProSAFE M7100 Managed Switches Term Definition MVR Max Multicast Groups The maximum number of multicast groups supported by MVR. MVR Current multicast groups The current number of MVR groups allocated. MVR Query response time The current MVR query response time. MVR Mode The current MVR mode.
Page 169: Show Mvr Interface
ProSAFE M7100 Managed Switches show mvr interface This command displays the MVR-enabled interfaces configuration. Format show mvr interface [<interface-id> [members [vlan <vid>]]] Mode Privileged EXEC The following table explains the output parameters. Parameter Description Port Interface number Type The MVR port type. It can be none, receiver, or source type. Status The interface status.
Page 170 ProSAFE M7100 Managed Switches The following table explains the output parameters. Term Definition IGMP Query Received Number of received IGMP queries IGMP Report V1 Received Number of received IGMP reports V1 IGMP Report V2 Received Number of received IGMP reports V2 IGMP Leave Received Number of received IGMP leaves IGMP Query Transmitted...
Page 171: Chapter 4 Routing Commands
Routing Commands This chapter describes the routing commands available in the 7000 series CLI. This chapter contains the following sections: • Address Resolution Protocol (ARP) Commands • IP Routing Commands • Router Discovery Protocol Commands • Virtual LAN Routing Commands •...
Page 172: Address Resolution Protocol (Arp) Commands
ProSAFE M7100 Managed Switches Address Resolution Protocol (ARP) Commands This section describes the commands you use to configure ARP and to view ARP information about the switch. ARP associates IP addresses with MAC addresses and stores the information as ARP entries in the ARP cache. This command creates an ARP entry.
Page 173: Arp Cachesize
ProSAFE M7100 Managed Switches ip proxy-arp This command enables proxy ARP on a router interface. Without proxy ARP, a device only responds to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived. With proxy ARP, the device might also respond if the target IP address is reachable.
Page 174: Arp Purge
ProSAFE M7100 Managed Switches no arp dynamicrenew This command prevents dynamic ARP entries from renewing when they age out. Format no arp dynamicrenew Mode Privileged EXEC arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
Page 175: Arp Timeout
ProSAFE M7100 Managed Switches no arp retries This command configures the default ARP count of maximum request for retries. Format no arp retries Mode Global Config arp timeout This command configures the ARP entry ageout time. The value for <seconds> is a valid positive integer, which represents the IP ARP entry ageout time in seconds.
Page 176: Show Arp
ProSAFE M7100 Managed Switches show arp This command displays the Address Resolution Protocol (ARP) cache. The displayed results are not the total ARP entries. To view the total ARP entries, compare the output of the show arp command with the output of the show arp switch command. Format show arp Mode...
Page 177: Ip Routing Commands
ProSAFE M7100 Managed Switches Term Definition Age Time The time it takes for an ARP entry to age out. This value is configurable. Age time is measured (seconds) in seconds. Response Time The time it takes for an ARP request timeout. This value is configurable. Response time is (seconds) measured in seconds.
Page 178: Ip Routing
ProSAFE M7100 Managed Switches no routing This command disables routing for an interface. You can view the current value for this function with the show ip brief command. The value is labeled as “Routing Mode.” Format no routing Mode Interface Config ip routing This command enables the IP Router Admin Mode for the master switch.
Page 179: Ip Address Dhcp
ProSAFE M7100 Managed Switches Parameter Description The IP address of the interface. ipaddr subnetmask A four-digit dotted-decimal number that represents the subnet mask of the interface prefix-length Implements RFC 3021. Using the / notation of the subnet mask, this is an integer that indicates the length of the subnet mask.
Page 180: Release Dhcp
ProSAFE M7100 Managed Switches ip default-gateway Use this command to manually configure a default gateway for the switch. Only one default gateway can be configured. If you use this command multiple times, each command replaces the previous value. Format ip default-gateway <ipaddr> Mode Global Config no ip default-gateway...
Page 181: Ip Route
ProSAFE M7100 Managed Switches Term Definition IP address, Subnet The IP address and network mask leased from the DHCP server. mask DHCP Lease server The IPv4 address of the DHCP server that leased the address. State State of the DHCPv4 Client on this interface. DHCP transaction ID The transaction ID of the DHCPv4 Client.
Page 182: Ip Route Default
ProSAFE M7100 Managed Switches no ip route This command deletes a single next hop to a destination static route. If you use the <nexthopip> parameter, the next hop is deleted. If you use the <preference> value, the preference value of the static route is reset to its default. Format no ip route <ipaddr>...
Page 183: Ip Netdirbcast
ProSAFE M7100 Managed Switches no ip route distance This command sets the default static route preference value in the router. Lower route preference values are preferred when determining the best route. Format no ip route distance Mode Global Config ip netdirbcast This command enables the forwarding of network-directed broadcasts.
Page 184: Clear Ip Route All
ProSAFE M7100 Managed Switches Note: The IP MTU size refers to the maximum size of the IP packet (IP Header + IP payload). It does not include any extra bytes that might be required for Layer-2 headers. To receive and process packets, the Ethernet MTU (see on page 23) must take into account the size of the Ethernet header.
Page 185: Clear Ip Route Counters
ProSAFE M7100 Managed Switches clear ip route counters This command resets to zero the IPv4 routing table counters reported in show ip route summary. The command resets only the event counters. Counters that report the current state of the routing table, such as the number of routes of each type, are not reset. Format clear ip route counters Mode...
Page 186: Show Ip Interface
ProSAFE M7100 Managed Switches show ip interface This command displays all pertinent information about the IP interface. Format show ip interface {<slot/port> | vlan <1-4093> | loopback <0-7>} Modes • Privileged EXEC • User EXEC Term Definition Routing Interface Determine the operational status of IPv4 routing Interface. The possible values are Up or Status Down.
Page 187: Show Ip Interface Brief
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (Switch) >show ip interface 0/2 Routing Interface Status....... Down Method......... None Routing Mode........Disable Administrative Mode......Enable Forward Net Directed Broadcasts....Disable Proxy ARP........Enable Local Proxy ARP........ Disable Active State........
Page 188: Show Ip Protocols
ProSAFE M7100 Managed Switches show ip protocols This command lists a summary of the configuration and status for each unicast routing protocol. The command lists routing protocols that are configured and enabled. If a protocol is selected on the command line, the display is limited to that protocol. Format show ip protocols [ospf | rip] Mode...
Page 189: Show Ip Route
ProSAFE M7100 Managed Switches Parameter Description Default Metric The metric assigned to redistributed routes Whether this router is originating a default route Default Route Advertise Distance The administrative distance for RIP routes Redistribution A table showing information for each source protocol (connected, static, bgp, and ospf). For each of these sources the distribution list and metric are shown.
Page 190 ProSAFE M7100 Managed Switches The columns for the routing table display the following information: Term Definition Code The codes for the routing protocols that created the routes. IP-Address/Mask The IP-Address and mask of the destination network corresponding to this route. Preference The administrative distance associated with this route.
Page 191: Show Ip Route Summary
ProSAFE M7100 Managed Switches show ip route ecmp-groups This command reports all current ECMP groups in the IPv4 routing table. An ECMP group is a set of two or more next hops used in one or more routes. The groups are numbered arbitrarily from 1 to n.
Page 192 ProSAFE M7100 Managed Switches Term Definition Connected The total number of connected routes in the routing table. Routes Static Routes Total number of static routes in the routing table. RIP Routes Total number of routes installed by RIP protocol. OSPF Routes Total number of routes installed by OSPF protocol.
Page 193 ProSAFE M7100 Managed Switches Term Definition Truncated ECMP The number of ECMP routes that are currently installed in the forwarding table with just one Routes next hop. The forwarding table might limit the number of ECMP routes or the number of ECMP groups.
Page 194: Show Ip Route Preferences
ProSAFE M7100 Managed Switches show ip route preferences This command displays detailed information about the route preferences. Route preferences are used in determining the best route. Lower router preference values are preferred over higher router preference values. A route with a preference of 255 cannot be used to forward traffic. Format show ip route preferences Modes...
Page 195: Router Discovery Protocol Commands
The maximum memory in use since the system last rebooted. Mark The following shows example CLI display output for the command. (netgear switch) #show routing heap summary Heap Size....... 92594000 bytes Memory In Use....149598 bytes (0%) Memory on Free List..... 78721 bytes (0%) Memory Available in Heap..
Page 196: Ip Irdp Holdtime
ProSAFE M7100 Managed Switches no ip irdp multicast This command configures the address used to advertise the router to the Broadcast address (255.255.255.155). Format no ip irdp multicast Mode Interface Config ip irdp holdtime This command configures the value, in seconds, of the holdtime field of the router advertisement sent from this interface.
Page 197: Ip Irdp Minadvertinterval
ProSAFE M7100 Managed Switches ip irdp minadvertinterval This command configures the minimum time, in seconds, allowed between sending router advertisements from the interface. The range for minadvertinterval is three to the value of maxadvertinterval. Default 0.75 * maxadvertinterval Format ip irdp minadvertinterval <3-maxadvertinterval> Mode Interface Config no ip irdp minadvertinterval...
Page 198: Virtual Lan Routing Commands
ProSAFE M7100 Managed Switches Term Definition Interface The <slot/port> that matches the rest of the information in the row. Ad Mode The advertise mode, which indicates whether router discovery is enabled or disabled on this interface. Advertise Address The IP address to which the interface sends the advertisement. Max Int The maximum advertise interval, which is the maximum time, in seconds, allowed between sending router advertisements from the interface.
Page 199: Virtual Router Redundancy Protocol Commands
ProSAFE M7100 Managed Switches show ip vlan This command displays the VLAN routing information for all VLANs with routing enabled. Format show ip vlan Modes • Privileged EXEC • User EXEC Term Definition MAC Address The MAC Address associated with the internal bridge-router interface (IBRI). The same MAC used by Routing Address is used by all VLAN routing interfaces.
Page 200: Ip Vrrp (Interface Config)
ProSAFE M7100 Managed Switches ip vrrp (Interface Config) Use this command in Interface Config mode to create a virtual router associated with the interface. The parameter <vrid> is the virtual router ID, which has an integer value range from 1 to 255. Format ip vrrp <vrid>...
Page 201: Ip Vrrp Authentication
ProSAFE M7100 Managed Switches Default none Format ip vrrp <vrid> ip <ipaddr> [secondary] Mode Interface Config no ip vrrp ip Use this command in Interface Config mode to delete a secondary IP address value from the interface. To delete the primary IP address, you must delete the virtual router on the interface. Format no ip vrrp <vrid>...
Page 202: Ip Vrrp Priority
ProSAFE M7100 Managed Switches no ip vrrp preempt This command sets the default preemption mode value for the virtual router configured on a specified interface. Format no ip vrrp <vrid> preempt Mode Interface Config ip vrrp priority This command sets the priority of a router within a VRRP group. Higher values equal higher priority.
Page 203: Ip Vrrp Track Interface
ProSAFE M7100 Managed Switches no ip vrrp timers advertise This command sets the default virtual router advertisement value for an interface. Format no ip vrrp <vrid> timers advertise Mode Interface Config ip vrrp track interface Use this command to alter the priority of the VRRP router based on the availability of its interfaces.
Page 204: Ip Vrrp Accept-Mode
ProSAFE M7100 Managed Switches without giving the optional priority, the default priority will be set. The default priority decrement is 10. The default priority decrement is changed using the <priority> argument. Default priority: 10 Format ip vrrp <vrid> track ip route <ip-address/prefix-length> [decrement <priority>] Mode Interface Config...
Page 205: Show Ip Vrrp Interface Stats
ProSAFE M7100 Managed Switches no ip vrrp accept-mode This command is used to allow a router to respond to ICMP Echo Requests sent to an address on a VRRP virtual router. Format no ip vrrp <vrid> accept-mode Mode Interface Config show ip vrrp interface stats This command displays the statistical information about each virtual router configured on the switch.
Page 206: Show Ip Vrrp
ProSAFE M7100 Managed Switches Term Definition Authentication The total number of VRRP advertisements received for which 'auth type' not equal to locally Type Mismatch configured one for this virtual router. Packet Length The total number of VRRP packets received with packet length less than length of VRRP Errors header.
Page 207 ProSAFE M7100 Managed Switches Term Definition Priority The priority value for the specific virtual router, taking into account any priority decrements for tracked interfaces or routes. Configured The priority configured through the ip vrrp <vrid> priority <1-254> command. Priority Advertisement The advertisement interval in seconds for the specific virtual router.
Page 208: Dhcp And Bootp Relay Commands
ProSAFE M7100 Managed Switches Term Definition Interface Valid slot and port number separated by forward slashes. VRID The router ID of the virtual router. IP Address The virtual router IP address. Mode Indicates whether the virtual router is enabled or disabled. State The state (Master/backup) of the virtual router.
Page 209: Bootpdhcprelay Minwaittime
ProSAFE M7100 Managed Switches no bootpdhcprelay maxhopcount This command configures the default maximum allowable relay agent hops for BootP/DHCP Relay on the system. Format no bootpdhcprelay maxhopcount Mode Global Config bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP/DHCP Relay on the system.
Page 210: Ip Helper Commands
ProSAFE M7100 Managed Switches Term Definition Circuit Id Option The DHCP circuit Id option which might be enabled or disabled. Mode Requests The number or requests received. Received Requests Relayed The number of requests relayed. Packets The number of packets discarded. Discarded IP Helper Commands This section describes the commands to configure a DHCP relay agent with multiple DHCP server...
Page 211: Ip Helper Enable
ProSAFE M7100 Managed Switches Default Disabled Format ip helper-address <ip-address> {<1-65535> | dhcp | domain | isakmp | mobile-ip | nameserver | netbios-dgm | netbios-ns | ntp | pim-auto-rip | rip | tacacs | tftp | time} Mode Global Config no ip helper-address (Global Config) Use this command to remove the IP address from the previously configured list.
Page 212: Ip Helper-Address Discard
ProSAFE M7100 Managed Switches Format ip helper-address <ip-address> {<1-65535> | dhcp | domain | isakmp | mobile-ip | nameserver| netbios-dgm | netbios-ns | ntp | pim-auto-rip | rip | tacacs | tftp | time} Mode Interface Config no ip helper-address Use this command to remove the IP address from the previously configured list.
Page 213: Show Ip Helper Statistics
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (switch) #show ip helper-address 0/1 Helper IP Address......1.2.3.4 ..........1.2.3.5 show ip helper statistics Use this command to display the number of DHCP and other UDP packets processed and relayed by the UDP relay agent.
Page 214: Ip Event Dampening Commands
ProSAFE M7100 Managed Switches Term Definition Packets with expired The number of packets received with TTL of 0 or 1 that might otherwise have been relayed. Packets that matched a The number of packets ignored by the relay agent because they match a discard relay discard entry entry.
Page 215: Show Dampening Interface
Mode Privileged EXEC The following shows example CLI display output for the command. (netgear switch)# show dampening interface 2 interfaces are configured with dampening. 1 interface is being suppressed. show interface dampening This command displays the status and configured parameters of the interfaces configured with dampening.
Page 216: Icmp Throttling Commands
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (netgear switch)# show interface dampening Interface 0/2 Flaps Penalty Supp ReuseTm HalfL ReuseV SuppV MaxSTm MaxP Restart FALSE 1000 2000 16000 Interface 0/3 Flaps Penalty Supp...
Page 217: Ip Icmp Echo-Reply
ProSAFE M7100 Managed Switches no ip redirects Use this command to prevent the generation of ICMP Redirect messages by the router. Format no ip redirects Mode • Global Config • Interface Config ip icmp echo-reply Use this command to enable the generation of ICMP Echo Reply messages by the router. By default, the generation of ICMP Echo Reply messages is enabled.
Page 218 ProSAFE M7100 Managed Switches no ip icmp error-interval Use the no form of the command to return burst-interval and burst-size to their default values. Format no ip icmp error-interval Mode Global Config Routing Commands...
Page 219: Chapter 5 Quality Of Service (Qos) Commands
Quality of Service (QoS) Commands This chapter describes the Quality of Service (QoS) commands available in the managed switch CLI. This chapter contains the following sections: • Class of Service (CoS) Commands • Differentiated Services (DiffServ) Commands • DiffServ Class Commands •...
Page 220: Class Of Service (Cos) Commands
ProSAFE M7100 Managed Switches Class of Service (CoS) Commands This section describes the commands you use to configure and view Class of Service (CoS) settings for the switch. The commands in this section allow you to control the priority and transmission rate of traffic.
Page 221: Classofservice Trust
ProSAFE M7100 Managed Switches no classofservice ip-dscp-mapping This command maps each IP DSCP value to its default internal traffic class value. Format no classofservice ip-dscp-mapping Modes Global Config classofservice trust This command sets the Class of Service trust mode of an interface. You can set the mode to trust one of the Dot1p (802.1p), IP DSCP, or IP Precedence packet markings.
Page 222: Cos-Queue Strict
ProSAFE M7100 Managed Switches cos-queue strict This command activates the strict priority scheduler mode for each specified queue. Format cos-queue strict <queue-id-1> [<queue-id-2> ... <queue-id-n>] Modes • Global Config • Interface Config no cos-queue strict This command restores the default weighted scheduler mode for each specified queue. Format no cos-queue strict <queue-id-1>...
Page 223: Random-Detect Exponential Weighting-Constant
ProSAFE M7100 Managed Switches random-detect exponential weighting-constant Use this command to configure the WRED decay exponent for a CoS queue interface. Format random-detect exponential-weighting-constant <0-15> Modes • Global Config • Interface Config Default no random-detect exponential weighting-constant Use this command to reset the WRED decay exponent to the default value on all interfaces or one interface.
Page 224: Show Classofservice Dot1P-Mapping
ProSAFE M7100 Managed Switches no random-detect queue-parms Use this command to set the WRED configuration back to the default. Format no random-detect queue-parms <queue-id-1> [<queue-id-2> ... <queue-id-n>] Modes • Global Config • Interface Config traffic-shape This command specifies the maximum transmission bandwidth limit for the interface as a whole. Also known as rate shaping, traffic shaping has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded.
Page 225: Show Classofservice Trust
ProSAFE M7100 Managed Switches show classofservice ip-dscp-mapping This command displays the current IP DSCP mapping to internal traffic classes for the global configuration settings. Format show classofservice ip-dscp-mapping Mode Privileged EXEC The following information is repeated for each user priority. Term Definition IP DSCP...
Page 226: Show Interfaces Random-Detect
ProSAFE M7100 Managed Switches Term Definition Queue Id An interface supports n queues numbered 0 to (n-1). The specific n value is platform-dependent. Minimum The minimum transmission bandwidth guarantee for the queue, expressed as a percentage. A Bandwidth value of 0 means bandwidth is not guaranteed and the queue operates using best-effort. This is a configured value.
Page 227: Differentiated Services (Diffserv) Commands
ProSAFE M7100 Managed Switches Differentiated Services (DiffServ) Commands This section describes the commands you use to configure QOS Differentiated Services (DiffServ). You configure DiffServ in several stages by specifying three DiffServ components: Class a. Creating and deleting classes. b. Defining match criteria for a class. Policy a.
Page 228: Diffserv Class Commands
ProSAFE M7100 Managed Switches diffserv This command sets the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, DiffServ services are activated. Format diffserv Mode Global Config no diffserv This command sets the DiffServ operational mode to inactive.
Page 229: Class-Map Rename
ProSAFE M7100 Managed Switches Note: The class-map-name default is reserved and must not be used. The class type of match-all indicates all of the individual match conditions must be true for a packet to be considered a member of the class. This command might be used without specifying a class type to enter the Class-Map Config mode for an existing DiffServ class.
Page 230: Match Ethertype
ProSAFE M7100 Managed Switches match ethertype This command adds to the specified class definition a match condition based on the value of the ethertype. The <ethertype> value is specified as one of the following keywords: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF.
Page 231: Match Ip6Flowlbl
ProSAFE M7100 Managed Switches cases, each removal of a refclass rule reduces the maximum number of available rules in the class definition by one. no match class-map This command removes from the specified class definition the set of match conditions defined for another class.
Page 232: Match Dstip
ProSAFE M7100 Managed Switches match destination-address mac This command adds to the specified class definition a match condition based on the destination MAC address of a packet. The <macaddr> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (for example, 00:11:22:dd:ee:ff). The <macmask>...
Page 233: Match Ip Precedence
ProSAFE M7100 Managed Switches Default none Format match dstl4port {<portkey> | <0-65535>} Mode • Class-Map Config • Ipv6-Class-Map Config match ip dscp This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six bits of the Service Type octet in the IP header (the low-order two bits are not checked).
Page 234: Match Protocol
ProSAFE M7100 Managed Switches match ip tos This command adds to the specified class definition a match condition based on the value of the IP TOS field in a packet, which is defined as all eight bits of the Service Type octet in the IP header. The value of <tosbits>...
Page 235: Match Srcip
ProSAFE M7100 Managed Switches Default none Format match protocol {<protocol-name> | <0-255>} Mode • Class-Map Config • Ipv6-Class-Map Config match source-address mac This command adds to the specified class definition a match condition based on the source MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (for example, 00:11:22:dd:ee:ff).
Page 236: Match Srcl4Port
ProSAFE M7100 Managed Switches match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation. To specify the match condition as a single keyword notation, the value for <portkey>...
Page 237: Diffserv Policy Commands
ProSAFE M7100 Managed Switches DiffServ Policy Commands Use the DiffServ policy commands to specify traffic conditioning actions, such as policing and marking, to apply to traffic classes Use the policy commands to associate a traffic class that you define by using the class command set with one or more QoS policy attributes.
Page 238 ProSAFE M7100 Managed Switches mirror This command specifies that all incoming packets for the associated traffic stream are copied to a specific egress interface (physical port or LAG). Format mirror <slot/port> Mode Policy-Class-Map Config Incompatibilities Drop, Redirect redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel).
Page 239: Mark Cos
ProSAFE M7100 Managed Switches Note: The CLI mode is changed to Policy-Class-Map Config when this command is successfully executed. Format class <classname> Mode Policy-Map Config no class This command deletes the instance of a particular class and its defined treatment from the specified policy.
Page 240: Mark Ip-Dscp
ProSAFE M7100 Managed Switches mark ip-dscp This command marks all packets for the associated traffic stream with the specified IP DSCP value. The <dscpval> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
Page 241 ProSAFE M7100 Managed Switches Format police-simple {<1-4294967295> <1-128> conform-action {drop | set-prec-transmit <0-7> | set-dscp-transmit <0-63> | set-cos-transmit <0-7> | transmit} [violate-action {drop | set-prec-transmit <0-7> | set-dscp-transmit <0-63> | set-cos-transmit <0-7> | transmit}]} Mode Policy-Class-Map Config Incompatibilities Drop, Mark (all forms) police-single-rate This command is the single-rate form of the police command and is used to establish the traffic policing style for the specified class.
Page 242 ProSAFE M7100 Managed Switches police-two-rate This command is the two-rate form of the police command and is used to establish the traffic policing style for the specified class. For each outcome, the only possible actions are drop, set-cos-as-sec-cos, set-cos-transmit, set-sec-cos-transmit, set-dscp-transmit, set-prec-transmit, or transmit.
Page 243: Diffserv Service Commands
ProSAFE M7100 Managed Switches policy-map rename This command changes the name of a DiffServ policy. The <policyname> is the name of an existing DiffServ class. The <newpolicyname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy. Format policy-map rename <policyname>...
Page 244: Diffserv Show Commands
ProSAFE M7100 Managed Switches no service-policy This command detaches a policy from an interface in the inbound direction. The <policyname> parameter is the name of an existing DiffServ policy. Note: This command causes a service to remove its reference to the policy. This command effectively disables DiffServ on an interface in the inbound direction.
Page 245: Show Diffserv
ProSAFE M7100 Managed Switches Term Definition Match Criteria The Match Criteria fields are only displayed if they have been configured. Not all platforms support all match criteria values. They are displayed in the order entered by the user. The fields are evaluated in accordance with the class type. The possible Match Criteria fields are: Destination IP Address, Destination Layer 4 Port, Destination MAC Address, Ethertype, Source MAC Address, VLAN, Class of Service, Every, IP DSCP, IP Precedence, IP TOS, Protocol Keyword, Reference Class, Source IP Address, and Source Layer 4 Port.
Page 246: Show Policy-Map
ProSAFE M7100 Managed Switches Term Definition Policy Attribute Table Current number of entries (rows) and the maximum allowed entries (rows) in the Size Current /Max Policy Attribute Table. Service Table Size The current number of entries (rows) i and the maximum allowed entries (rows) in Current /Max the Service Table.
Page 247: Show Diffserv Service
ProSAFE M7100 Managed Switches Term Definition Mark CoS The Class of Service value that is set in the 802.1p header of inbound packets. This is not displayed if the mark cos was not specified. Mark IP DSCP The mark/re-mark value used as the DSCP for traffic matching this class. This is not displayed if mark ip description is not specified.
Page 248: Show Diffserv Service Brief
ProSAFE M7100 Managed Switches Term Definition DiffServ Admin The current setting of the DiffServ administrative mode. An attached policy is only in effect Mode on an interface while DiffServ is in an enabled mode. Interface Valid slot and port number separated by forward slashes. Direction The traffic direction of this interface service.
Page 249: Show Policy-Map Interface
ProSAFE M7100 Managed Switches show policy-map interface This command displays policy-oriented statistics information for the specified interface and direction. The <slot/port> parameter specifies a valid interface for the system. Note: This command is only allowed while the DiffServ administrative mode is enabled.
Page 250: Mac Access Control List (Acl) Commands
ProSAFE M7100 Managed Switches Term Definition Interface Valid slot and port number separated by forward slashes. Operational The current operational status of this DiffServ service interface. Status Policy Name The name of the policy attached to the interface. MAC Access Control List (ACL) Commands This section describes the commands you use to configure MAC ACL settings.
Page 251: Mac Access-List Extended Rename
ProSAFE M7100 Managed Switches mac access-list extended rename This command changes the name of a MAC access control list (ACL). The <name> parameter is the name of an existing MAC ACL. The <newname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. This command fails if a MAC ACL by the name <newname>...
Page 252: Mac Access-Group
ProSAFE M7100 Managed Switches Ethertype Keyword Corresponding Value appletalk 0x809B 0x0806 ibmsna 0x80D5 ipv4 0x0800 ipv6 0x86DD 0x8037 mplsmcast 0x8848 mplsucast 0x8847 netbios 0x8191 novell 0x8137, 0x8138 pppoe 0x8863, 0x8864 rarp 0x8035 The vlan and cos parameters refer to the VLAN identifier and 802.1p user priority fields, respectively, of the VLAN tag.
Page 253: Show Mac Access-Lists
ProSAFE M7100 Managed Switches An optional sequence number might be specified to indicate the order of this mac access list relative to other mac access lists already assigned to this interface and direction. A lower number indicates higher precedence order. If a sequence number is already in use for this interface and direction, the specified mac access list replaces the currently attached mac access list using that sequence number.
Page 254: Ip Access Control List (Acl) Commands
ProSAFE M7100 Managed Switches Term Definition Source MAC The source MAC address for this rule. Address Destination MAC The destination MAC address for this rule. Address Ethertype The Ethertype keyword or custom value for this rule. VLAN ID The VLAN identifier value or range for this rule. The COS (802.1p) value for this rule.
Page 255 ProSAFE M7100 Managed Switches access-list This command creates an IP access control list (ACL) that is identified by the access list number, which is 1-99 for standard ACLs or 100-199 for extended ACLs. For extended ACLs, note the following limitations: •...
Page 256 ProSAFE M7100 Managed Switches Parameter Description srcip srcmask, any, or host srcip Specifies a source IP address and source netmask for the match condition of the IP ACL rule. • srcip and srcmask. Enter the source IP address (scrip) and source netmask (srcmask).
Page 257 ProSAFE M7100 Managed Switches Parameter Description Note: This option is available only if the protocolkey is tcp. flag +fin or -fin Specifies that the IP ACL rule must match one or more flags. +syn or -syn If the flag name is preceded by a plus (for example, +fin), a match +rst or -rst occurs if the specified flag is set in the TCP header.
Page 258: Ip Access-List
ProSAFE M7100 Managed Switches Parameter Description mirror or redirect Specifies either the mirror interface or the redirect interface, which is the slot and port (unit/slot/port) to which packets that match this rule are copied or forwarded, respectively. rate-limit Specify traffic rate limiting by entering the allowed rate of traffic in kbps and the burst size in kbytes.
Page 259: Ip Access-List Rename
ProSAFE M7100 Managed Switches ip access-list rename This command changes the name of an IP access control list (ACL). The <name> parameter is the names of an existing IP ACL. The <newname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IP access list. If use the <newname>...
Page 260 ProSAFE M7100 Managed Switches Format {deny | permit} {every | {{<protolkey> | <0-255>} {<srcip> <srcmask> | any | host <srcip>} [{range {<portkey> | <startport>} {<portkey> | <endport>}} | {eq | neq | lt | gt} {<portkey> | <0-65535>}] {<dstip> <dstmask> | any | host <dstip>} [{range {<portkey> | <startport>} {<portkey>...
Page 261 ProSAFE M7100 Managed Switches Parameter Description Note: This option is available only if the protocolkey is either tcp or range udp. portkey or startport Specifies the layer 4 port match condition for the IP ACL rule if the portkey or endport layer 4 port number falls within the specified port range.
Page 262 ProSAFE M7100 Managed Switches Parameter Description Note: This option is available only if the protocolkey is icmp. icmp-type and icmp-code, or icmp-message Specifies a match condition for ICMP packets. Either specify the ICMP type and optional ICMP code, or specify the ICMP message.
Page 263: Ip Access-Group
ProSAFE M7100 Managed Switches ip access-group This command either attaches a specific IP ACL identified by <accesslistnumber> to an interface or associates with a VLAN ID in a given direction. The parameter <name> is the name of the access control list. An optional sequence number might be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction.
Page 264: Show Ip Access-Lists
ProSAFE M7100 Managed Switches show ip access-lists This command displays an IP ACL <accesslistnumber> is the number used to identify the IP ACL. Format show ip access-lists <accesslistnumber> Mode Privileged EXEC Note: Only the access list fields that you configure are displayed. Term Definition Rule Number...
Page 265: Ipv6 Access Control List (Acl) Commands
ProSAFE M7100 Managed Switches show access-lists This command displays IP ACLs, IPv6 ACLs, and MAC access control lists information for a designated interface and direction. Format show access-lists interface <slot/port> [in | out] Mode Privileged EXEC Term Definition ACL Type Type of access list (IP, IPv6, or MAC).
Page 266: Ipv6 Access-List Rename
ProSAFE M7100 Managed Switches Format ipv6 access-list <name> Mode Global Config no ipv6 access-list This command deletes the IPv6 ACL identified by <name> from the system. Format no ipv6 access-list <name> Mode Global Config ipv6 access-list rename This command changes the name of an IPv6 ACL. The <name> parameter is the name of an existing IPv6 ACL.
Page 267: Ipv6 Traffic-Filter
ProSAFE M7100 Managed Switches The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed <queue-id> value is 0-(n-1), where n is the number of user configurable queues available for the hardware platform. The assign-queue parameter is valid only for a permit rule.
Page 268: Show Ipv6 Access-Lists
ProSAFE M7100 Managed Switches Format ipv6 traffic-filter <name> {{control-plane | in | out} | vlan <vlan-id> {in | out}} [sequence <1-4294967295>] Modes • Global Config • Interface Config no ipv6 traffic-filter This command removes an IPv6 ACL identified by <name> from the interface(s) in a given direction.
Page 269: Time Range Commands For Time-Based Acls
ProSAFE M7100 Managed Switches Term Definition Assign Queue The queue identifier to which packets matching this rule are assigned. Mirror Interface The slot/port to which packets matching this rule are copied. Redirect Interface The slot/port to which packets matching this rule are forwarded. Time Range Name Displays the name of the time-range if the IPv6 ACL rule has referenced a time range.
Page 270 ProSAFE M7100 Managed Switches absolute Use this command to add an absolute time entry to a time range. Only one absolute time entry is allowed per time-range. The <time> parameter is based on the currently configured time zone. The start <time> <date> parameters indicate the time and date at which the configuration that referenced the time range starts going into effect.
Page 271: Periodic Time
ProSAFE M7100 Managed Switches Format periodic {<frequency> | {<days-of-the-week> <time>} {[<days-of-the-week>] <time>}} Mode Time-Range Config no periodic Use this command to delete a periodic time entry from a time range. Format no periodic {<days-of-the-week> <time>} {[<days-of-the-week>] <time>} Mode Time-Range Config periodic time Use this command to configure the start or end time for the time range.
Page 272: Autovoip Commands
ProSAFE M7100 Managed Switches AutoVoIP Commands AutoVoIP detects the VoIP streams and put the VoIP streams in the specific VLAN (auto-voip VLAN) and provides higher Class of Service to the VoIP streams automatically (both data and signaling). It detects the VoIP streams in two modes. •...
Page 273: Auto-Voip Oui
ProSAFE M7100 Managed Switches auto-voip oui This command is used to configure an OUI for Auto VoIP. The traffic from the configured OUI will get the highest priority over the other traffic. Default A list of known OUIs is present Format auto-voip oui <oui-prefix>...
Page 274: Auto-Voip Protocol-Based
ProSAFE M7100 Managed Switches no auto-voip oui-based priority This command is used to set the priority to the default value. Format no auto-voip oui-based priority <priority-value> Mode Global Config auto-voip protocol-based This command is used to configure the global protocol-based auto-VoIP remarking priority/traffic-class.
Page 275: Show Auto-Voip Oui-Table
Disabled Down Disabled Down Disabled Down Example: The following shows an example of a CLI display output for the command. (Netgear Switch)# show auto-voip oui-based interface all VoIP VLAN Id........2 Priority........7 Interface Auto VoIP Operational Status Mode ---------...
Page 276: Iscsi Commands
ProSAFE M7100 Managed Switches Term Definition OUI of the source MAC address Status Default or Configured entry. OUI Description Description of the OUI Example: (switch)# show auto-voip oui-table Status Description --------- ---------- --------- 00:01:E3 Default SIEMENS 00:03:6B Default CISCO1 00:01:01 Configured VoIP phone iSCSI Commands...
Page 277: Iscsi Target Port
ProSAFE M7100 Managed Switches no iscsi enable This command is to disable iSCSI awareness use the no form of this command. When User uses this command, iSCSI resources will be released. Default Disabled Format no iscsi enable Mode Global Config iscsi target port This command configures iSCSI port/s, target addresses, and names.
Page 278: Iscsi Cos
ProSAFE M7100 Managed Switches Term Definition tcp-port TCP port number or list of TCP port numbers on which iSCSI target/s listen to requests. Up to 16 TCP ports can be defined in the system in one command or by using multiple commands.
Page 279: Iscsi Aging Time
ProSAFE M7100 Managed Switches Term Definition traffic-class The traffic class used for assigning iSCSI traffic to a queue. vpt/dscp The VLAN Priority Tag or DSCP to assign iSCSI session packets. remark Mark the iSCSI frames with the configured VPT/DSCP when egressing the switch. no iscsi cos This command is to set the Quality of Service profile of SCSI flows to default.
Page 280: Show Iscsi
ProSAFE M7100 Managed Switches show iscsi This command displays the iSCSI settings. show iscsi Format Mode • Privileged EXEC • User EXEC The following example displays the iSCSI settings: Console # show iscsi iSCSI enabled iSCSI vpt is 5, remark Session aging time: 60 min Maximum number of sessions is 256 -----------------------------------------------------------...
Page 281 ProSAFE M7100 Managed Switches ----------------------------------------------------------- Target: iqn.103-1.com.storage-vendor:sn.43338. storage.tape:sys1.xyz Session 3: Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12 Session 4: Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 ----------------------------------------------------------- Console# show iscsi sessions detailed Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678 ----------------------------------------------------------- Session 1: Initiator: iqn.1992-04.com.os vendor.plan9:cdrom.12.storage:sys1.xyz ----------------------------------------------------------- Time started: 17-Jul-2008 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator...
Page 282: Chapter 6 Security Commands
Security Commands This chapter describes the security commands available in the managed switch CLI. This chapter contains the following sections: • Private VLAN Commands • Protected Ports Commands • Private Group Commands • Port-Based Network Access Control Commands • 802.1X Supplicant Commands •...
Page 283: Private Vlan Commands
ProSAFE M7100 Managed Switches Private VLAN Commands The Private VLANs feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation between ports of the same private VLAN.
Page 284: Switchport Mode Private-Vlan
ProSAFE M7100 Managed Switches Term Definition host-association Defines VLAN association for community or host ports. mapping Defines the private VLAN mapping for promiscuous ports. primary-vlan-id Primary VLAN ID of a private VLAN. secondary-vlan-id Secondary (isolated or community) VLAN ID of a private VLAN. Associates the secondary VLAN with the primary one.
Page 285: Vlan (For Private Vlans)
ProSAFE M7100 Managed Switches private-vlan This command is used to configure the private VLANs and to configure the association between the primary private VLAN and secondary VLANs. Format private-vlan {association [add | remove] <secondary-vlan-list> | community | isolated | primary} Mode VLAN Config Term...
Page 286: Show Interface Ethernet Switchport
ProSAFE M7100 Managed Switches show vlan (for private VLANs) This command displays information about the configured private VLANs including primary and secondary VLAN IDs, type (community, isolated, or primary) and the ports that belong to a private VLAN. Format show vlan private-vlan [type] Mode •...
Page 287: Protected Ports Commands
ProSAFE M7100 Managed Switches Protected Ports Commands This section describes commands you use to configure and view protected ports on a switch. Protected ports do not forward traffic to each other, even if they are on the same VLAN. However, protected ports can forward traffic to all unprotected ports in their group. Unprotected ports can forward traffic to both protected and unprotected ports.
Page 288: Show Switchport Protected
ProSAFE M7100 Managed Switches Note: Port protection occurs within a single switch. Protected port configuration does not affect traffic between ports on two different switches. No traffic forwarding is possible between two protected ports. Default unprotected Format switchport protected <groupid> Mode Interface Config no switchport protected (Interface Config)
Page 289: Private Group Commands
ProSAFE M7100 Managed Switches Term Definition Name A string associated with this group as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. This field is optional. Protected port Indicates whether the interface is protected or not. It shows TRUE or FALSE. If the group consists of multiple groups, TRUE displays under the Group ID.
Page 290: Show Private-Group
ProSAFE M7100 Managed Switches The optional mode for the group can be either isolated or community. If the private group is in isolated mode, the member port in the group cannot forward its egress traffic to any other members in the same group. By default, the mode for the private group is community mode, allowing each member port to forward traffic to other members in the same group, but not to members in other groups.
Page 291: Port-Based Network Access Control Commands
ProSAFE M7100 Managed Switches Port-Based Network Access Control Commands This section describes the commands you use to configure port-based network access control (802.1x). Port-based network access control allows you to permit access to network services only to and devices that are authorized and authenticated. clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports.
Page 292: Dot1X Initialize
ProSAFE M7100 Managed Switches no dot1x guest-vlan This command disables Guest VLAN on the interface. Default disabled Format no dot1x guest-vlan Mode Interface Config dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is “auto”...
Page 293: Dot1X Max-Users
ProSAFE M7100 Managed Switches no dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. Format no dot1x max-req Mode Interface Config dot1x max-users Use this command to set the maximum number of clients supported on the port when MAC-based dot1x authentication is enabled on the port.
Page 294: Dot1X Port-Control All
ProSAFE M7100 Managed Switches no dot1x port-control This command sets the 802.1x port control mode on the specified port to the default value. Format no dot1x port-control Mode Interface Config dot1x port-control all This command sets the authentication mode to use on all ports. Select force-unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized.
Page 295: Dot1X Timeout
ProSAFE M7100 Managed Switches dot1x re-authentication This command enables re-authentication of the supplicant for the specified port. Default disabled Format dot1x re-authentication Mode Interface Config no dot1x re-authentication This command disables re-authentication of the supplicant for the specified port. Format no dot1x re-authentication Mode Interface Config...
Page 296: No Dot1X Timeout
ProSAFE M7100 Managed Switches Default • guest-vlan-period: 90 seconds • reauth-period: 3600 seconds • quiet-period: 60 seconds • tx-period: 30 seconds • supp-timeout: 30 seconds • server-timeout: 30 seconds Format dot1x timeout {{guest-vlan-period <seconds>} |{reauth-period <seconds>} | {quiet-period <seconds>} | {tx-period <seconds>} | {supp-timeout <seconds>} | {server-timeout <seconds>}} Mode Interface Config...
Page 297: Dot1X User
ProSAFE M7100 Managed Switches dot1x unauthenticated-vlan Use this command to configure the unauthenticated VLAN associated with that port. The unauthenticated VLAN ID can be a valid VLAN ID from 0-Maximum supported VLAN ID (4093 for 7000 series). The unauthenticated VLAN must be statically configured in the VLAN database to be operational.
Page 298: Dot1X Dynamic-Vlan Enable
ProSAFE M7100 Managed Switches dot1x dynamic-vlan enable Use this command to enable the switch to create VLANs dynamically when a RADIUS assigned VLAN does not exist in the switch. Format dot1x dynamic-vlan enable Mode Global Config Default Disabled no dot1x dynamic-vlan enable Use this command to disable the switch from creating VLANs dynamically when a RADIUS assigned VLAN does not exist in the switch.
Page 299: Show Authentication Methods
ProSAFE M7100 Managed Switches show dot1x authentication-history This command displays 802.1X authentication events and information during successful and unsuccessful Dot1x authentication process for all interfaces or the specified interface. Use the optional keywords to display only failure authentication events in summary or in detail. Format show dot1x authentication-history {<slot/port>...
Page 300: Show Dot1X
ProSAFE M7100 Managed Switches https : Local dot1x : show dot1x This command is used to show a summary of the global dot1x configuration, summary information of the dot1x configuration for a specified port or all ports, the detailed dot1x configuration for a specified port and the dot1x statistics for a specified port - depending on the tokens used.
Page 301 ProSAFE M7100 Managed Switches If you use the optional parameter detail <slot/port>, the detailed dot1x configuration for the specified port is displayed. Term Definition Port The interface whose configuration is displayed. Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification.
Page 302 ProSAFE M7100 Managed Switches Term Definition Reauthentication Indicates if reauthentication is enabled on this port. Possible values are ‘True” or “False”. Enabled Key Transmission Indicates if the key is transmitted to the supplicant for the specified port. Possible values Enabled are True or False.
Page 303: Show Dot1X Clients
ProSAFE M7100 Managed Switches If you use the optional parameter statistics <slot/port>, the following dot1x statistics for the specified port appear. Term Definition Port The interface whose statistics are displayed. EAPOL Frames The number of valid EAPOL frames of any type that have been received by this Received authenticator.
Page 304: Show Dot1X Users
ProSAFE M7100 Managed Switches Term Definition Clients Indicates the number of the Dot1x clients authenticated using Monitor mode. Authenticated using Monitor Mode Clients Indicates the number of Dot1x clients authenticated using 802.1x authentication process. Authenticated using Dot1x Logical Interface The logical port number associated with a client. Interface The physical port to which the supplicant is associated.
Page 305: 802.1X Supplicant Commands
ProSAFE M7100 Managed Switches 802.1X Supplicant Commands 802.1X (“dot1x”) supplicant functionality is on point-to-point ports. The administrator can configure the user name and password used in authentication and capabilities of the supplicant port. dot1x pae Use this command to set the port’s dot1x role. The port can serve as either a supplicant or an authenticator.
Page 306: Dot1X Supplicant Max-Start
ProSAFE M7100 Managed Switches dot1x supplicant max-start Use this command to configure the number of attempts that the supplicant makes to find the authenticator before the supplicant assumes that there is no authenticator. Default Format dot1x supplicant max-start <1-10> Mode Interface Config no dot1x supplicant max-start Use this command to set the max-start value to the default.
Page 307: Storm-Control Commands
ProSAFE M7100 Managed Switches no dot1x supplicant timeout held-period Use this command to set the held-period value to the default value. Format no dot1x supplicant timeout held-period Mode Interface Config dot1x supplicant timeout auth-period Use this command to configure the authentication period timer interval to wait for the next EAP request challenge from the authenticator.
Page 308: Storm-Control Broadcast
ProSAFE M7100 Managed Switches multicast, or unicast traffic will be dropped. The Storm-Control feature allows you to limit the rate of specific types of packets through the switch on a per-port, per-type, basis. Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level (using the “no”...
Page 309: Storm-Control Broadcast Rate
ProSAFE M7100 Managed Switches If you select the shutdown keyword and the broadcast traffic increases beyond the threshold, the interface shuts down instead of dropping packets. To bring up the interface, enter the no shutdown command for the interface. Default Format storm-control broadcast level <0-100>...
Page 310: Storm-Control Broadcast (Global)
ProSAFE M7100 Managed Switches storm-control broadcast (Global) This command enables broadcast storm recovery mode for all interfaces. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold.
Page 311: Storm-Control Broadcast Rate (Global)
ProSAFE M7100 Managed Switches storm-control broadcast rate (Global) Use this command to configure the broadcast storm recovery threshold for all interfaces in packets per second. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped.
Page 312: Storm-Control Multicast Rate
ProSAFE M7100 Managed Switches Default Format storm-control multicast level <0-100> Mode Interface Config no storm-control multicast level This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery. Format no storm-control multicast level <0-100> Mode Interface Config storm-control multicast rate...
Page 313: Storm-Control Multicast Level (Global)
ProSAFE M7100 Managed Switches no storm-control multicast This command disables multicast storm recovery mode for all interfaces. Format no storm-control multicast Mode Global Config storm-control multicast level (Global) This command configures the multicast storm recovery threshold for all interfaces as a percentage of link speed and enables multicast storm recovery mode.
Page 314: Storm-Control Unicast
ProSAFE M7100 Managed Switches no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast rate Mode Global Config storm-control unicast This command enables unicast storm recovery mode for an interface. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 315: Storm-Control Unicast Rate
ProSAFE M7100 Managed Switches no storm-control unicast level This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast storm recovery. Format no storm-control unicast level Mode Interface Config storm-control unicast rate Use this command to configure the unicast storm recovery threshold for an interface in packets per second.
Page 316: Storm-Control Unicast Level (Global)
ProSAFE M7100 Managed Switches no storm-control unicast This command disables unicast storm recovery mode for all interfaces. Format no storm-control unicast Mode Global Config storm-control unicast level (Global) This command configures the unicast storm recovery threshold for all interfaces as a percentage of link speed, and enables unicast storm recovery.
Page 317: Show Storm-Control
ProSAFE M7100 Managed Switches no storm-control unicast rate This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery. Format no storm-control unicast rate Mode Global Config show storm-control This command displays switch configuration information. If you do not use any of the optional parameters, this command displays global storm control configuration parameters: •...
Page 318: Static Mac Filtering Commands
ProSAFE M7100 Managed Switches Static MAC Filtering Commands The commands in this section describe how to configure static MAC filtering. Static MAC filtering allows you to configure destination ports for a static multicast MAC filter irrespective of the platform. macfilter This command adds a static MAC filter entry for the MAC address <macaddr>...
Page 319: Macfilter Adddest
ProSAFE M7100 Managed Switches macfilter adddest Use this command to add the interface to the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN.
Page 320: Macfilter Addsrc
ProSAFE M7100 Managed Switches no macfilter adddest all This command removes all ports from the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN.
Page 321: Show Mac-Address-Table Static
ProSAFE M7100 Managed Switches The <vlanid> parameter must identify a valid VLAN. Format no macfilter addsrc all <macaddr> <vlanid> Mode Global Config show mac-address-table static This command displays the Static MAC Filtering information for all Static MAC Filters. If you select <all>, all the Static MAC Filters in the system are displayed.
Page 322: Dynamic Arp Inspection Commands
ProSAFE M7100 Managed Switches Dynamic ARP Inspection Commands Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station’s IP address to its own MAC address.
Page 323: Ip Arp Inspection Trust
ProSAFE M7100 Managed Switches no ip arp inspection validate Use this command to disable the additional validation checks on the received ARP packets. Format no ip arp inspection validate {[src-mac] [dst-mac] [ip]} Mode Global Config ip arp inspection vlan logging Use this command to enable logging of invalid ARP packets on a list of comma-separated VLAN ranges.
Page 324: Ip Arp Inspection Filter
ProSAFE M7100 Managed Switches Note: The user interface will accept a rate limit for a trusted interface, but the limit will not be enforced unless the interface is configured to be untrusted. Default 15 pps for rate and 1 second for burst interval Format ip arp inspection limit {rate <pps>...
Page 325: Permit Ip Host Mac Host
ProSAFE M7100 Managed Switches no arp access-list Use this command to delete a configured ARP ACL. Format no arp access-list <acl-name> Mode Global Config permit ip host mac host Use this command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation.
Page 326: Show Ip Arp Inspection Statistics
ProSAFE M7100 Managed Switches Term Definition Configuration Displays whether DAI is enabled or disabled on the VLAN. Log Invalid Displays whether logging of invalid ARP packets is enabled on the VLAN. ACL Name The ARP ACL Name, if configured on the VLAN. Static Flag If the ARP ACL is configured static on the VLAN.
Page 327: Clear Ip Arp Inspection Statistics
ProSAFE M7100 Managed Switches Term Definition Bad Src MAC The number of packets dropped due to Source MAC validation failure. Bad Dest MAC The number of packets dropped due to Destination MAC validation failure. Invalid IP The number of packets dropped due to invalid IP checks. The following shows example CLI display output for the show ip arp inspection statistics command, which lists the summary of forwarded and dropped ARP packets on all DAI-enabled VLANs:...
Page 328: Show Arp Access-List
ProSAFE M7100 Managed Switches Term Definition Interface The interface ID for each displayed row. Trust State Whether the interface is trusted or untrusted for DAI. Rate Limit The configured rate limit value in packets per second. Burst Interval The configured burst interval value in seconds. The following shows example CLI display output for the command.
Page 329: Dhcp Snooping Configuration Commands
ProSAFE M7100 Managed Switches DHCP Snooping Configuration Commands This section describes commands you use to configure DHCP Snooping. ip dhcp snooping Use this command to enable DHCP Snooping globally. Default disabled Format ip dhcp snooping Mode Global Config no ip dhcp snooping Use this command to disable DHCP Snooping globally.
Page 330: Ip Dhcp Snooping Database
ProSAFE M7100 Managed Switches no ip dhcp snooping verify mac-address Use this command to disable verification of the source MAC address with the client hardware address. Format no ip dhcp snooping verify mac-address Mode Global Config ip dhcp snooping database Use this command to configure the persistent location of the DHCP Snooping database.
Page 331: Ip Verify Binding
ProSAFE M7100 Managed Switches no ip dhcp snooping binding <mac-address> Use this command to remove the DHCP static entry from the DHCP Snooping database. Format no ip dhcp snooping binding <mac-address> Mode Global Config ip verify binding Use this command to configure static IP source guard (IPSG) entries. Format ip verify binding <mac-address>...
Page 332: Ip Verify Source
ProSAFE M7100 Managed Switches ip dhcp snooping log-invalid Use this command to control the logging DHCP messages filtration by the DHCP Snooping application. Default disabled Format ip dhcp snooping log-invalid Mode Interface Config no ip dhcp snooping log-invalid Use this command to disable the logging DHCP messages filtration by the DHCP Snooping application.
Page 333: Show Ip Dhcp Snooping
ProSAFE M7100 Managed Switches no ip verify source Use this command to disable the IPSG configuration in the hardware. You cannot disable port-security alone if it is configured. Format no ip verify source Mode Interface Config show ip dhcp snooping Use this command to display the DHCP Snooping global configurations and per port configurations.
Page 334: Show Ip Dhcp Snooping Binding
ProSAFE M7100 Managed Switches show ip dhcp snooping binding Use this command to display the DHCP Snooping binding entries. To restrict the output, use the following options: • Static: Restrict the output based on static entries. • Dynamic: Restrict the output based on DCHP snooping. •...
Page 335: Show Ip Dhcp Snooping Interfaces
ProSAFE M7100 Managed Switches Term Definition Agent URL Bindings database agent URL. Write Delay The maximum write time to write the database into local or remote. The following shows example CLI display output for the command. (switch) #show ip dhcp snooping database agent url: /10.131.13.79:/sai1.txt write-delay:...
Page 336: Clear Ip Dhcp Snooping Binding
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (switch) #show ip dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec'd ----------- ---------- ---------- ----------- 0/10 0/11 0/12 0/13 0/14 0/15 0/16 0/17...
Page 337: Show Ip Verify Source
ProSAFE M7100 Managed Switches show ip verify source Use this command to display the IPSG configurations on all ports. Format show ip verify source Mode • Privileged EXEC • User EXEC Term Definition Interface The interface address in the slot/port format. Filter Type One of the following filter types display: •...
Page 338: Dhcpv6 Snooping Configuration Commands
ProSAFE M7100 Managed Switches The following shows sample CLI display output for the command. (switch) #show ip source binding MAC Address IP Address Type Vlan Interface ----------------- --------------- ------------- ----- ------------- 00:00:00:00:00:08 1.2.3.4 dhcp-snooping 00:00:00:00:00:09 1.2.3.4 dhcp-snooping 00:00:00:00:00:0A 1.2.3.4 dhcp-snooping DHCPv6 Snooping Configuration Commands This section describes the commands you use to build the DHCPv6 snooping bindings database DHCPv6 snooping works only with a DHCPv6 stateful server.
Page 339: Ipv6 Dhcp Snooping Vlan
ProSAFE M7100 Managed Switches ipv6 dhcp snooping vlan This command enables DHCPv6 snooping on VLANs. Default Disabled Format ipv6 dhcp snooping vlan <vlan-list> Mode Global config no ipv6 dhcp snooping vlan This command disables DHCPv6 snooping on VLANs. Format no ipv6 dhcp snooping vlan <vlan-list> Mode Global config ipv6 dhcp snooping verify mac-address...
Page 340: Ipv6 Dhcp Snooping Database Write-Delay
ProSAFE M7100 Managed Switches ipv6 dhcp snooping database write-delay This command configures the interval in seconds at which the DHCPv6 snooping database is persisted. The write delay value ranges from 15 to 86400 seconds. Default 300 seconds Format ipv6 dhcp snooping database write-delay <seconds> Mode Global config no ipv6 dhcp snooping database write-delay...
Page 341: Ipv6 Dhcp Snooping Log-Invalid
ProSAFE M7100 Managed Switches no ipv6 dhcp snooping trust This command configures a port as an untrusted port. Format no ipv6 dhcp snooping trust Mode Interface config ipv6 dhcp snooping log-invalid This command controls filtration of the DHCPv6 logging messages for DHCPv6 snooping. Default Disabled Format...
Page 342: Ipv6 Verify Source
ProSAFE M7100 Managed Switches ipv6 verify source This command lets DHCPv6 snooping use the source ID attribute to verify and filter data traffic in the hardware. The source ID attribute is a combination of the IPv6 address and the MAC address. Enable the port-security option to allow filtration of data traffic based on IPv6 and MAC addresses.
Page 343: Show Ipv6 Dhcp Snooping Binding
[{static | dynamic}] [interface <interface-id> | vlan <vlan-id>] Mode Privileged EXEC The following CLI output is an example of the command output. (Netgear Switch) #show ipv6 dhcp snooping binding Total number of bindings: 2 MAC Address IPv6 Address VLAN...
Page 344: Show Ipv6 Dhcp Snooping Statistics
ProSAFE M7100 Managed Switches The following CLI output is an example of the command output. (Netgear Switch) #show ipv6 dhcp snooping database agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ipv6 dhcp snooping statistics This command displays filtration statistics for DHCPv6 snooping.
Page 345: Show Ipv6 Dhcp Snooping Interfaces
Burst Interval (pps) (seconds) ----------- ---------- ---------- -------------- The following CLI output is an example of the command output for a specific interface. (Netgear Switch) #show ip dhcp snooping interfaces 1/0/1 Interface Trust State Rate Limit Burst Interval (pps) (seconds) -----------...
Page 346: Show Ipv6 Verify Source
The interface for which the filter type is displayed. Filter Type Only IPv6 address filtering is configured on the interface. The following CLI output is an example of the command output. (Netgear Switch) #show ipv6 verify Interface Filter Type -----------...
Page 347: Show Ipv6 Source Binding
MAC Address field displays "permit-all." VLAN The VLAN ID for the binding rule. The following CLI output is an example of the command output. (Netgear Switch) #show ipv6 verify source Interface Filter Type IPv6 Address...
Page 348: Port Security Commands
ProSAFE M7100 Managed Switches Port Security Commands This section describes the commands you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a port. Packets with a matching source MAC address are forwarded normally, and all other packets are discarded.
Page 349: Port-Security Max-Static
ProSAFE M7100 Managed Switches no port-security max-dynamic This command resets the maximum number of dynamically locked MAC addresses allowed on a specific port to its default value. Format no port-security max-dynamic Mode Interface Config port-security max-static This command sets the maximum number of statically locked MAC addresses allowed on a port. Default Format port-security max-static <maxvalue>...
Page 350: Port-Security Mac-Address Sticky
ProSAFE M7100 Managed Switches port-security mac-address sticky This command enables sticky mode Port MAC Locking on a port. If accompanied by a MAC address and a VLAN id (for interface config mode only), it adds a sticky MAC address to the list of statically locked MAC addresses.
Page 351: Show Port-Security Dynamic
ProSAFE M7100 Managed Switches Term Definition Static Limit Maximum statically allocated MAC Addresses. Violation Trap Whether violation traps are enabled. Mode show port-security dynamic This command displays the dynamically locked MAC addresses for the port. Format show port-security dynamic [lag <lag-intf-num> | <slot/port>] Mode Privileged EXEC Term...
Page 352: Denial Of Service Commands
ProSAFE M7100 Managed Switches Denial of Service Commands This section describes the commands you use to configure Denial of Service (DoS) Control. The software provides support for classifying and blocking specific types of Denial of Service attacks. You can configure your system to monitor and block these types of attacks: •...
Page 353: Dos-Control Sipdip
ProSAFE M7100 Managed Switches no dos-control all This command disables Denial of Service prevention checks globally. Format no dos-control all Mode Global Config dos-control sipdip This command enables Source IP address = Destination IP address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SIP=DIP, the packets will be dropped if the mode is enabled.
Page 354: Dos-Control Tcpfrag
ProSAFE M7100 Managed Switches no dos-control firstfrag This command sets Minimum TCP Header Size Denial of Service protection to the default value of disabled. Format no dos-control firstfrag Mode Global Config dos-control tcpfrag This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
Page 355: Dos-Control L4Port
ProSAFE M7100 Managed Switches dos-control l4port This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having Source TCP/UDP Port Number equal to Destination TCP/UDP Port Number, the packets will be dropped if the mode is enabled.
Page 356: Dos-Control Tcpport
ProSAFE M7100 Managed Switches dos-control tcpport This command enables TCP L4 source = destination port number (Source TCP Port =Destination TCP Port) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with Source TCP Port =Destination TCP Port, the packets will be dropped if the mode is enabled.
Page 357: Dos-Control Tcpflagseq
ProSAFE M7100 Managed Switches dos-control tcpflagseq This command enables TCP Flag and Sequence Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP Flag SYN set and a source port less than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN, URG, and PSH set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will be dropped if the mode is enabled.
Page 358: Dos-Control Tcpsyn
ProSAFE M7100 Managed Switches dos-control tcpsyn This command enables TCP SYN and L4 source = 0-1023 Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP flag SYN set and an L4 source port from 0 to 1023, the packets will be dropped if the mode is enabled.
Page 359: Dos-Control Tcpfinurgpsh
ProSAFE M7100 Managed Switches dos-control tcpfinurgpsh This command enables TCP FIN and URG and PSH and SEQ=0 checking Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP FIN, URG, and PSH all set and TCP Sequence Number set to 0, the packets will be dropped if the mode is enabled.
Page 360: Dos-Control Icmpfrag
ProSAFE M7100 Managed Switches dos-control icmpv6 This command enables the maximum ICMPv6 packet size for denial of service protection. If the mode is enabled, denial of service prevention is active for this type of attack. If ingress ICMPv6 echo request (ping) packets have a size greater than the configured value, the packets are dropped if the mode is enabled.
Page 361 ProSAFE M7100 Managed Switches Note: Not all messages below are available in all 7000series managed switches. Term Definition First Fragment Might be enabled or disabled. The factory default is disabled. Mode Min TCP Hdr Size The factory default is 20. <0-255>...
Page 362: Chapter 7 Utility Commands
Utility Commands This chapter describes the utility commands available in the CLI. This chapter contains the following sections: • Auto Install Commands • Dual Image Commands • System Information and Statistics Commands • Logging Commands • Email Alerting and Mail Server Commands •...
Page 363 ProSAFE M7100 Managed Switches The commands in this chapter are divided in four functional groups: • Show commands display switch settings, statistics, and other information. • Configuration commands configure features and options of the switch. Every switch command has a show command that displays the configuration setting. •...
Page 364: Auto Install Commands
ProSAFE M7100 Managed Switches Auto Install Commands This section describes the Auto Install Commands. Auto Install is a software feature which provides for the configuration of a switch automatically when the device is initialized and no configuration file is found on the switch. The Auto Install process requires DHCP to be enabled by default in order for it to be completed.
Page 365: Boot Host Auto-Save
ProSAFE M7100 Managed Switches boot host auto-save This command is used to enable automatically saving the downloaded configuration on the switch. Default Disabled Format boot host auto-save Mode Privileged EXEC no boot host auto-save This command is used to disable automatically saving the downloaded configuration on the switch.
Page 366: Boot Host Dhcp
ProSAFE M7100 Managed Switches no boot host retry-count This command is used to reset the number to the default. The default number is 3. Format no boot host retry-count Mode Privileged EXEC boot host dhcp This command is used to enable AutoInstall on the switch for the next reboot cycle. The command does not change the current behavior of AutoInstall and saves the command to NVRAM.
Page 367: Dual Image Commands
ProSAFE M7100 Managed Switches Dual Image Commands The software supports a dual image feature that allows the switch to have two software images in the permanent storage. You can specify which image is the active image to be loaded in subsequent reboots.
Page 368: System Information And Statistics Commands
ProSAFE M7100 Managed Switches filedescr This command associates a given text description with an image. Any existing description will be replaced. For stacking, the optional <unit> parameter identifies the node on which this command must be executed. When this parameter is not supplied, the command is executed on all nodes in a Stack.
Page 369: Show Backup-Config
ProSAFE M7100 Managed Switches Parameter Description falling threshold The percentage of CPU resources that, when usage falls below this level for the configured interval, triggers a notification. The range is 1–100. The default is 0 (disabled). A notification is triggered when the total CPU utilization falls below this level for a configured period of time.
Page 370: Show Eventlog
ProSAFE M7100 Managed Switches show eventlog This command displays the event log, which contains error messages from the system. The event log is not cleared on a system reset. The optional <unit> parameter is the switch identifier. Format show eventlog [<unit>] Mode Privileged EXEC Term...
Page 371: Show Interface
ProSAFE M7100 Managed Switches The following CLI output is an example of the command output. (Netgear Switch) #show environment Temp (C)........30 Temperature traps range: 0 to 90 degrees (Celsius) Temperature Sensors: Unit Sensor Description Temp (C) State Max_Temp (C)
Page 372: Show Interface Counters
ProSAFE M7100 Managed Switches Parameters Definition Collisions Frames The best estimate of the total number of collisions on this Ethernet segment. Time Since The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were Counters Last last cleared.
Page 373: Show Interface Ethernet
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (Routing) #show interface counters Port InOctets InUcastPkts InMcastPkts InBcastPkts --------- ---------------- ---------------- ---------------- ---------------- 15098 0/10 0/11 show interface ethernet This command displays detailed statistics for a specific interface or for all CPU traffic based upon the argument.
Page 374 ProSAFE M7100 Managed Switches Term Definition (continued) • Packets Received 512–1023 Octets - The total number of packets (including bad packets) received that were from 512 through 1023 octets in length inclusive (excluding framing bits but including FCS octets). • Packets Received 1024–1518 Octets - The total number of packets (including bad packets) received that were from 1024 through 1518 octets in length inclusive (excluding framing bits but including FCS octets).
Page 375 ProSAFE M7100 Managed Switches Term Definition Receive Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible Discarded reason for discarding such a packet could be to free up buffer space. Packets Received •...
Page 376 ProSAFE M7100 Managed Switches Term Definition Packets • Total Packets Transmitted (Octets) - The total number of octets of data (including those Transmitted in bad packets) received on the network (excluding framing bits but including FCS octets). Octets This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
Page 377 ProSAFE M7100 Managed Switches Term Definition Transmit Discards • Total Transmit Packets Discards - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. • Single Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
Page 378 ProSAFE M7100 Managed Switches Term Definition Unicast Packets The number of subnetwork-unicast packets delivered to a higher-layer protocol. Received The total number of packets received that were directed to a multicast address. Note that this Multicast Packets Received number does not include packets directed to the broadcast address. Broadcast Packets The total number of packets received that were directed to the broadcast address.
Page 379: Show Fiber-Ports Optical-Transceiver
ProSAFE M7100 Managed Switches show fiber-ports optical-transceiver This command displays the diagnostics information of the small form-factor pluggable (SFP) optical transceiver. Diagnostic information that is displayed includes the temperature, voltage, current, input power, output power, Tx fault, and loss of signal (LoS). The values are derived from the diagnostics table of the SFP.
Page 380: Show Interfaces Status
ProSAFE M7100 Managed Switches Term Definition Vendor Name The vendor name is a 16-character field that contains ASCII characters, is left-aligned, and is padded on the right with ASCII spaces (20h). The vendor name is the full name of the corporation, a commonly accepted abbreviation of the name of the corporation, the SCSI company code for the corporation, or the stock exchange code for the operation.
Page 381: Show Mac-Addr-Table
ProSAFE M7100 Managed Switches Format show interfaces status [<interface>] Mode Privileged EXEC The following is an example of the CLI command output: (Netgear Switch) #show interfaces status 0/5 Link Physical Physical Media Flow Control Port Name State Mode Status Type...
Page 382: Show Mbuf Total
ProSAFE M7100 Managed Switches Term Definition Status The status of this entry. The meanings of the values are: • Static. The value of the corresponding instance was added by the system or a user when a static MAC filter was defined. It cannot be relearned. •...
Page 383: Show Process App-List
ProSAFE M7100 Managed Switches The following shows an example of CLI display output for the command. (switch) #show mbuf total mbufSize 9284 (0x2444) Current Time 0x1897fa MbufsFree MbufsRxUsed Total Rx Norm Alloc Attempts 26212 Total Rx Mid2 Alloc Attempts 4087 Total Rx Mid1 Alloc Attempts 188943 Total Rx High Alloc Attempts...
Page 384: Show Process Cpu
ProSAFE M7100 Managed Switches show process cpu This command provides the percentage utilization of the CPU by different tasks. Note: It is not necessarily the traffic to the CPU, but different tasks that keep the CPU busy. Format show process cpu Mode Privileged EXEC The following shows example CLI display output.
Page 385: Show Running-Config
Maximum virtual memory, in Kilobytes, that is consumed by the process. FD Count Number of file descriptors opened by this process. The following is an example of the CLI command output: (Netgear Switch) #show process proc-list Process Application VM Size...
Page 386: Show Running-Config Interface
ProSAFE M7100 Managed Switches Note: If you use a text-based configuration file, the show running-config command will only display configured physical interfaces, that is, if any interface only contains the default configuration, that interface will be skipped from the show running-config command output.
Page 387: Show Sysinfo
ProSAFE M7100 Managed Switches show sysinfo This command displays switch information. Format show sysinfo Mode Privileged EXEC Term Definition Switch Text used to identify this switch. Description System Name Name used to identify the switch. The factory default is blank. To configure the system name, see snmp-server on page 541.
Page 388: Logging Commands
ProSAFE M7100 Managed Switches show version This command displays inventory information for the switch. Note: The show version command will replace the show hardware command in future releases of the software. Format show version Mode Privileged EXEC Term Definition Switch Text used to identify the product name of this switch.
Page 389: Logging Buffered Wrap
ProSAFE M7100 Managed Switches no logging buffered This command disables logging to in-memory log. Format no logging buffered Mode Global Config logging buffered wrap This command enables wrapping of in-memory logging when the log file reaches full capacity. Otherwise when the log file reaches full capacity, logging stops. Default enabled Format...
Page 390: Logging Console
ProSAFE M7100 Managed Switches logging console This command enables logging to the console. You can specify the <severitylevel> value as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
Page 391: Logging Syslog
ProSAFE M7100 Managed Switches logging syslog This command enables syslog logging. The <portid> parameter is an integer with a range of 1-65535. Default disabled Format logging syslog [port <portid>] Mode Global Config no logging syslog This command disables syslog logging. Format no logging syslog Mode...
Page 392: Logging Host Reconfigure
ProSAFE M7100 Managed Switches Term Definition Log Messages Number of messages received by the log process. This includes messages that are dropped or Received ignored. Log Messages Number of messages that could not be processed due to error or lack of resources. Dropped Log Messages Number of messages sent to the collector/relay.
Page 393: Show Logging Persistent
ProSAFE M7100 Managed Switches Term Definition Host Index (Used for deleting hosts.) IP Address / IP address or hostname of the logging host. Hostname Severity Level The minimum severity to log to the specified address. The possible values are emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
Page 394: Email Alerting And Mail Server Commands
ProSAFE M7100 Managed Switches Term Definition System Time Up How long the system had been running at the time the trap was sent. Trap The text of the trap message. logging persistent Use this command to configure the persistent logging for the switch. The severity level of logging messages is specified at the severity level.
Page 395: Logging Email Urgent
ProSAFE M7100 Managed Switches no logging email This command disables email alerting. Format no logging email Mode Global Config logging email urgent This command sets the lowest severity level at which log messages are emailed immediately in a single email message. You can specify the <severitylevel> parameter either as an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
Page 396: Logging Email Logtime
ProSAFE M7100 Managed Switches logging email from-addr This command configures the email address of the sender (the switch). Default switch@netgear.com Format logging email from-addr <from-email-addr> Mode Global Config no logging email from-addr This command removes the configured email source address.
Page 397: Logging Traps
ProSAFE M7100 Managed Switches no logging email logtime This command resets the non-urgent log time to the default value. Format no logging email logtime Mode Global Config logging traps This command sets the severity at which SNMP traps are logged and sent in an email. You can specify the <severitylevel>...
Page 398: Show Logging Email Statistics
ProSAFE M7100 Managed Switches Term Definition Email Alert Urgent Severity The lowest severity level that is considered urgent. Messages of this type are sent Level immediately. Email Alert Non Urgent The lowest severity level that is considered non-urgent. Messages of this type, up Severity Level to the urgent level, are collected and sent in a batch email.
Page 399: Memory Free Low-Watermark Processor
ProSAFE M7100 Managed Switches mail-server Use this command to configure the SMTP server to which the switch sends email alert messages and change the mode to Mail Server Configuration mode. The server address can be in the IPv4, IPv6, or DNS name format. Format mail-server {<ip-address>...
Page 400: Show Mail-Server Config
ProSAFE M7100 Managed Switches port Use this command to configure the TCP port to use for communication with the SMTP server. The recommended port for TLSv1 is 465, and for no security (that is, none) it is 25. However, any nonstandard port in the range 1–65,535 is also allowed. Default Format port <1–65535>...
Page 401: System Utility And Clear Commands
ProSAFE M7100 Managed Switches Term Definition Email Alert The username the switch uses to authenticate with the SMTP server. Username Email Alert The password the switch uses to authenticate with the SMTP server. Password System Utility and Clear Commands This section describes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults.
Page 402 Hop Count = 3 Last TTL = 3 Test attempt = 9 Test Success = 9 The following is an example of the CLI command output when the traceroute fails: (Netgear Switch) #traceroute 10.40.1.1 initTtl 1 maxFail 0 interval 1 count 3 port 33434 size Traceroute to 10.40.1.1 ,30 hops max 43 byte packets: 1 10.240.4.1...
Page 403: Traceroute Ipv6
ProSAFE M7100 Managed Switches traceroute ipv6 Use the traceroute ipv6 command to discover, on a hop-by-hop basis, the route that IPv6 packets take when traveling through the network to an IPv6 address or a host name that resolves to an IPv6 address. A traceroute continues to provide a synchronous response when initiated from the CLI.
Page 404: Clear Config
The following is an example of the CLI command output when the traceroute is successful: (Netgear Switch) #traceroute ipv6 2001::2 initTtl 1 maxTtl 4 maxFail 0 interval 1 count 3 port 33434 size 43 Traceroute to 2001::2 hops max 43 byte packets:...
Page 405: Clear Logging Buffered
ProSAFE M7100 Managed Switches clear mac-addr-table This command clears the dynamically learned MAC addresses of the switch. Format clear mac-addr-table Mode Privileged EXEC clear logging buffered This command clears the messages maintained in the system log. Format clear logging buffered Mode Privileged EXEC clear counters...
Page 406: Clear Traplog
ProSAFE M7100 Managed Switches clear port-channel counters Use this command to clear and reset port-channel and member flap counters for either a specified port channel or a specified interface. Format clear port-channel {<lag-intf-num> | <unit/slot/port>} counters Mode Privileged EXEC clear port-channel all counters Use this command to clear and reset all port-channel and member flap counters for all interfaces.
Page 407 ProSAFE M7100 Managed Switches logout This command closes the current telnet connection or resets the current serial connection. Note: Save configuration changes before logging out. Format logout Modes • Privileged EXEC • User EXEC ping Use this command to determine whether a computer with an IPv4 address or a host name that resolves to an IPv4 address is on the network.
Page 408: Ping Ipv6
ProSAFE M7100 Managed Switches The following is an example of the CLI command output when a ping is successful: (Netgear Switch) #ping 10.130.135.120 count 3 size 10 Pinging 10.130.135.120 with 10 bytes of data: Reply From 10.130.135.120: icmp_seq = 0. time= 25368 usec.
Page 409: Ping Ipv6 Interface
The following is an example of the CLI command output when a ping fails because the destination is unreachable but a valid default router exists: (Netgear Switch) #ping ipv6 2001::4 Pinging 2001::4 with 64 bytes of data: Send count=3, Receive count=0 from 2001::4...
Page 410 ProSAFE M7100 Managed Switches Parameter Description size Use the size parameter to specify the datagram size, in bytes, of the payload of the echo requests sent. Range is 0–65,507 bytes. source Use the source parameter to specify the source IPv6 address, interface, VLAN ID, or network port interface to use when sending the echo requests packets.
Page 411 ProSAFE M7100 Managed Switches Replace the <source> and <destination> parameters with the options that are listed in the table on the following page. For the <url> source or destination (see the table on the following page), use one of the following values: tftp://{<ipaddr>...
Page 412 When you use this option, the copy command will not <destfilename> noval validate the downloaded script file. An example of the CLI command follows: (NETGEAR Switch) #copy tftp://1.1.1.1/file.scr nvram:script file.scr <url> nvram:sshkey-dsa Downloads an SSH key file. For more information, see Secure Shell (SSH) Commands on page 506.
Page 413: Write Memory
ProSAFE M7100 Managed Switches Source Destination Description <url> nvram:sslpem-root Downloads an HTTP secure-server certificate. For more information, see Hypertext Transfer Protocol (HTTP) Commands on page 510. <url> nvram:sslpem-server Downloads an HTTP secure-server certificate. <url> nvram:startup-config Downloads the startup configuration file to the system. <url>...
Page 414: Simple Network Time Protocol (Sntp) Commands
ProSAFE M7100 Managed Switches Simple Network Time Protocol (SNTP) Commands This section describes the commands you use to automatically configure the system time and date by using SNTP. sntp broadcast client poll-interval This command sets the poll interval for SNTP broadcast clients in seconds as a power of two where <poll-interval>...
Page 415: Sntp Client Port
ProSAFE M7100 Managed Switches sntp client port This command sets the SNTP client port id to a value from 1-65,535. Default Format sntp client port <portid> Mode Global Config no sntp client port This command resets the SNTP client port back to its default value. Format no sntp client port Mode...
Page 416: Sntp Server
ProSAFE M7100 Managed Switches no sntp unicast client poll-timeout This command will reset the poll timeout for SNTP unicast clients to its default value. Format no sntp unicast client poll-timeout Mode Global Config sntp unicast client poll-retry This command will set the poll retry for SNTP unicast clients to a value from 0 to 10. Default Format sntp unicast client poll-retry <poll-retry>...
Page 417: Clock Timezone
ProSAFE M7100 Managed Switches the source packets from a switch. If you do not use this command to specify a source interface, the primary IP address of the originating (outbound) interface is used as the source address. If the interface is down, the SNTP client falls back to its default behavior. Format sntp source-interface {<unit/slot/port>...
Page 418: Clock Set
ProSAFE M7100 Managed Switches no clock timezone This command sets the switch to UTC time. Format no clock timezone Mode Global Config clock set This command sets the system time and date. Format clock set {<hh:mm:ss> | <mm/dd/yyyy>} Mode Global Config clock summer-time recurring Use the clock summer-time recurring command to set the summertime offset to UTC recursively every year.
Page 419: Show Sntp
ProSAFE M7100 Managed Switches clock summer-time date Use the clock summer-time date command to set the summertime offset to UTC. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate. • date—Day of the month. (Range: 1-31) •...
Page 420: Show Sntp Client
ProSAFE M7100 Managed Switches Term Definition Last Update Time Time of last clock update. Last Unicast Time of last transmit query (in unicast mode). Attempt Time Last Attempt Status of the last SNTP request (in unicast mode) or unsolicited message (in broadcast Status mode).
Page 421: Show Sntp Source-Interface
ProSAFE M7100 Managed Switches Term Definition Server Reference Reference clock identifier of the server for the last received valid packet. Server Mode SNTP Server mode. Server Maximum Total number of SNTP Servers allowed. Entries Server Current Total number of SNTP configured. Entries For each configured server: Term...
Page 422: Dhcp Server Commands
ProSAFE M7100 Managed Switches show clock Use the show clock command in Privileged EXEC or User EXEC mode to display the time and date from the system clock. Use the show clock detail command to show the time zone and summertime configuration.
Page 423 ProSAFE M7100 Managed Switches client-identifier This command specifies the unique identifier for a DHCP client. Unique-identifier is a valid notation in hexadecimal format. In some systems, such as Microsoft DHCP clients, the client identifier is required instead of hardware addresses. The unique-identifier is a concatenation of the media type and the MAC address.
Page 424 ProSAFE M7100 Managed Switches default-router This command specifies the default router list for a DHCP client. The parameters <address1>, <address2>, and so on though <address8> are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Default none Format...
Page 425 ProSAFE M7100 Managed Switches no hardware-address This command removes the hardware address of the DHCP client. Format no hardware-address Mode DHCP Pool Config host This command specifies the IP address and network mask for a manual binding to a DHCP client. Address and Mask are valid IP addresses;...
Page 426: Network (Dhcp Pool Config)
ProSAFE M7100 Managed Switches network (DHCP Pool Config) Use this command to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255.
Page 427 ProSAFE M7100 Managed Switches no domain-name This command removes the domain name. Format no domain-name Mode DHCP Pool Config netbios-name-server This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to DHCP clients. One IP address is required, although one can specify up to eight addresses in one command line. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).
Page 428 ProSAFE M7100 Managed Switches no netbios-node-type This command removes the NetBIOS node Type. Format no netbios-node-type Mode DHCP Pool Config next-server This command configures the next server in the boot process of a DHCP client.The <address> parameter is the IP address of the next server in the boot process, which is typically a TFTP server.
Page 429: Ip Dhcp Excluded-Address
ProSAFE M7100 Managed Switches no option This command removes the DHCP Server options. The <code> parameter specifies the DHCP option code. Format no option <code> Mode DHCP Pool Config ip dhcp excluded-address This command specifies the IP addresses that a DHCP server should not assign to DHCP clients. Low-address and high-address are valid IP addresses;...
Page 430: Service Dhcp
ProSAFE M7100 Managed Switches no ip dhcp ping packets This command prevents the server from pinging pool addresses and sets the number of packets to 0. Default Format no ip dhcp ping packets Mode Global Config service dhcp This command enables the DHCP server. Default disabled Format...
Page 431: Ip Dhcp Conflict Logging
ProSAFE M7100 Managed Switches ip dhcp conflict logging This command enables conflict logging on DHCP server. Default enabled Format ip dhcp conflict logging Mode Global Config no ip dhcp conflict logging This command disables conflict logging on DHCP server. no ip dhcp conflict logging Format Mode Global Config...
Page 432: Show Ip Dhcp Binding
ProSAFE M7100 Managed Switches show ip dhcp binding This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed. Format show ip dhcp binding [<address>] Modes •...
Page 433: Show Ip Dhcp Server Statistics
ProSAFE M7100 Managed Switches Field Definition Pool Name The name of the configured pool. Pool Type The pool type. Lease Time The lease expiration time of the IP address assigned to the client. DNS Servers The list of DNS servers available to the DHCP client . Default Routers The list of the default routers available to the DHCP client The following additional field is displayed for Dynamic pool type:...
Page 434: Show Ip Dhcp Conflict
ProSAFE M7100 Managed Switches Message Received: Message Definition DHCP DISCOVER The number of DHCPDISCOVER messages the server has received. DHCP REQUEST The number of DHCPREQUEST messages the server has received. DHCP DECLINE The number of DHCPDECLINE messages the server has received. DHCP RELEASE The number of DHCPRELEASE messages the server has received.
Page 435: Dns Client Commands
ProSAFE M7100 Managed Switches DNS Client Commands These commands are used in the Domain Name System (DNS), an Internet directory service. DNS is how domain names are translated into IP addresses. When enabled, the DNS client provides a hostname lookup service to other components. ip domain lookup Use this command to enable the DNS client.
Page 436: Ip Domain List
ProSAFE M7100 Managed Switches ip domain list Use this command to define a list of default domain names to complete unqualified names. By default, the list is empty. Each name must be no more than 256 characters, and should not include an initial period.
Page 437: Ip Host
ProSAFE M7100 Managed Switches interface, the primary IP address of the originating (outbound) interface is used as the source address. If the interface is down, the DNS client falls back to its default behavior. Format ip name source-interface {<unit/slot/port> | loopback <loopback-id> | tunnel <tunnel-id>...
Page 438: Ipv6 Host
ProSAFE M7100 Managed Switches ipv6 host Use this command to define static host name-to-IPv6 address mapping in the host cache. The <name> parameter is the host name. The <ipv6-address> parameter is the IPv6 address of the host. Default none Format ipv6 host <name>...
Page 439: Clear Host
ProSAFE M7100 Managed Switches no ip domain timeout Use this command to return to the default setting. Format no ip domain timeout <seconds> Mode Global Config clear host Use this command to delete entries from the host name-to-address cache. This command clears the entries from the DNS cache maintained by the software.
Page 440: Packet Capture Commands
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. <Switch> show hosts Host name......Device Default domain....gm.com Default domain list....yahoo.com, Stanford.edu, rediff.com Domain Name lookup....Enabled Number of retries....5 Retry timeout period....1500 Name servers (Preference order)...
Page 441: Capture (Global Config Command)
ProSAFE M7100 Managed Switches The command is not persistent across a reboot cycle. Format capture {start | stop} {transmit | receive | all} Mode Privileged EXEC capture (Global Config command) Use this command to configure file capture options. The command is persistent across a reboot cycle.
Page 442: Capture Remote Port
ProSAFE M7100 Managed Switches capture remote port Use this command to configure file capture options. The command is persistent across a reboot cycle. Default 2002 Format capture remote port <port-id> Mode Global Config no capture remote port Use this command to reset the remote port to the default (2002). Format no capture report port Mode...
Page 443: Serviceability Packet Tracing Commands
ProSAFE M7100 Managed Switches no capture line wrap Use this command to disable the capture line wrap mode. Format no capture line wrap Mode Global Config show capture packets Use this command to display packets captured and saved to RAM. It is possible to capture and save into RAM, packets that are received or transmitted through the CPU.
Page 444: Debug Arp
ProSAFE M7100 Managed Switches debug aaa authorization This command is useful for debugging authorization configuration and functionality in User Manager. Format debug aaa authorization [commands | exec] Mode Privileged EXEC no debug aaa authorization Use this command to turn off debugging of User Manager authorization functionality. Format no debug aaa authorization Mode...
Page 445: Debug Clear
ProSAFE M7100 Managed Switches no debug auto-voip Use this command to disable Auto VOIP debug messages. Format no debug auto-voip Mode Privileged EXEC debug clear This command disables all previously enabled debug traces. Default disabled Format debug clear Mode Privileged EXEC debug console This command enables the display of debug trace output on the login session in which it is executed.
Page 446: Debug Debug-Config
ProSAFE M7100 Managed Switches • Persistent logging • System Information (output of sysapiMbufDump) • Message Queue Debug Information • Memory Debug Information • Memory Debug Status • OS Information (output of osapiShowTasks) • /proc information (meminfo, cpuinfo, interrupts, version and net/sockstat) Format debug crashlog {[kernel] <crashlog-number>...
Page 447 ProSAFE M7100 Managed Switches The commands in the sections are executed when any of the following events occur: • [boot_phase1]: This event occurs during configurator Phase1 initialization. • [boot_phase2]: This event occurs during configurator Phase2 initialization. • [boot_phase3]: This event occurs during configurator Phase3 initialization. •...
Page 448: Debug Dhcp Packet
ProSAFE M7100 Managed Switches [unconfig_phase1] [unconfig_phase2] [terminate] [suspend] [resume] [post_cfg] dev usl_private_group_db_dump(0) dev osapiDebugMallocSummary show process cpu show autoinstall dev debugRmtSessionTraceSet(1) dev debugConfigTraceFlagSet(4) [member_leave] show autoinstall [member_join] show autoinstall [test] clear config debug dhcp packet Use this command to display debug information about DHCPv4 client activities and trace DHCPv4 packets to and from the local DHCPv4 client.
Page 449: Debug Dot1X Packet
ProSAFE M7100 Managed Switches debug dot1x packet Use this command to enable dot1x packet debug trace. Default disabled Format debug dot1x Mode Privileged EXEC no debug dot1x packet Use this command to disable dot1x packet debug trace. no debug dot1x Format Mode Privileged EXEC...
Page 450: Debug Igmpsnooping Packet Receive
ProSAFE M7100 Managed Switches The following parameters are displayed in the trace message: Parameter Definition A packet transmitted by the device. Intf The interface that the packet went out on. Format used is slot/port (internal interface number). Unit is always shown as 1 for interfaces on a non-stacking device. Src_Mac Source MAC address of the packet.
Page 451: Debug Ip Acl
ProSAFE M7100 Managed Switches The following parameters are displayed in the trace message: Parameter Definition A packet received by the device. Intf The interface that the packet went out on. Format used is slot/port (internal interface number). Unit is always shown as 1 for interfaces on a non-stacking device. Src_Mac Source MAC address of the packet.
Page 452: Debug Ip Dvmrp Packet
ProSAFE M7100 Managed Switches debug ip dvmrp packet Use this command to trace DVMRP packet reception and transmission. receive traces only received DVMRP packets and transmit traces only transmitted DVMRP packets. When neither keyword is used in the command, then all DVMRP packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Page 453: Debug Ip Pimdm Packet
ProSAFE M7100 Managed Switches Default disabled Format debug ip mcache packet [receive | transmit] Mode Privileged EXEC no debug ip mcache packet Use this command to disable debug tracing of MDATA packet reception and transmission. Format no debug ip mcache packet [receive | transmit] Mode Privileged EXEC debug ip pimdm packet...
Page 454: Debug Ip Vrrp
ProSAFE M7100 Managed Switches Default disabled Format debug ip pimsm packet [receive | transmit] Mode Privileged EXEC no debug ip pimsm packet Use this command to disable debug tracing of PIMSM packet reception or transmission. Format no debug ip pimsm packet [receive | transmit] Mode Privileged EXEC debug ip vrrp...
Page 455: Debug Ipv6 Mcache Packet
ProSAFE M7100 Managed Switches debug ipv6 mcache packet Use this command for tracing MDATAv6 packet reception and transmission. receive traces only received data packets and transmit traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Page 456: Debug Ipv6 Pimsm Packet
ProSAFE M7100 Managed Switches Default disabled Format debug ipv6 pimdm packet [receive | transmit] Mode Privileged EXEC no debug ipv6 pimdm packet Use this command to disable debug tracing of PIMDMv6 packet reception and transmission. debug ipv6 pimsm packet Use this command to trace PIMSMv6 packet reception and transmission. receive traces only received PIMSMv6 packets and transmit traces only transmitted PIMSMv6 packets.
Page 457: Debug Mldsnooping Packet
ProSAFE M7100 Managed Switches no debug lacp packet This command disables tracing of LACP packets. Format no debug lacp packet Mode Privileged EXEC debug mldsnooping packet Use this command to trace MLD snooping packet reception and transmission. receive traces only received MLD snooping packets and transmit traces only transmitted MLD snooping packets.
Page 458 ProSAFE M7100 Managed Switches <15> JAN 02 11:03:36 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(293) 25435 % Pkt TX - Intf:2/0/48 Src Ip:10.50.50.1 DestIp:192.168.50.2 AreaId:0.0.0.0 Type:LS_UPD Length: 1500 <15> JAN 02 11:03:37 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(293) 25441 % Pkt TX - Intf:2/0/48 Src Ip:10.50.50.1 DestIp:224.0.0.6 AreaId:0.0.0.0 Type:LS_ACK Length: 1500 The following parameters are displayed in the trace message: Parameter Definition...
Page 459: Debug Ipv6 Ospfv3 Packet
ProSAFE M7100 Managed Switches Field Definition Flags Could be one or more of the following: • I – Init • M – More • MS – Master/Slave Sequence Number of the DD packet. LS_REQ packet field definitions. Field Definition Length Length of packet LS_UPD packet field definitions.
Page 460: Debug Ping Packet
ProSAFE M7100 Managed Switches no debug ipv6 ospfv3 packet Use this command to disable tracing of OSPFv3 packets. Format no debug ipv6 ospfv3 packet Mode Privileged EXEC debug ping packet This command enables tracing of ICMP echo requests and responses. The command traces pings on the network port/ serviceport for switching packages.
Page 461: Debug Rip Packet
ProSAFE M7100 Managed Switches debug rip packet This command turns on tracing of RIP requests and responses. This command takes no options. The output is directed to the log file. Default disabled Format debug rip packet Mode Privileged EXEC A sample output of the trace message is shown below. <15>...
Page 462: Debug Sflow Packet
ProSAFE M7100 Managed Switches no debug rip packet This command disables tracing of RIP requests and responses. Format no debug rip packet Mode Privileged EXEC debug sflow packet Use this command to enable sFlow debug packet trace. Default disabled Format debug sflow packet Mode Privileged EXEC...
Page 463: Debug Spanning-Tree Bpdu Receive
ProSAFE M7100 Managed Switches debug spanning-tree bpdu receive This command enables tracing of spanning tree BPDUs received by the switch. Spanning tree should be enabled on the device and on the interface in order to monitor packets for a particular interface.
Page 464: Debug Spanning-Tree Bpdu Transmit
ProSAFE M7100 Managed Switches debug spanning-tree bpdu transmit This command enables tracing of spanning tree BPDUs transmitted by the switch. Spanning tree should be enabled on the device and on the interface in order to monitor packets on a particular interface.
Page 465: Debug Transfer
ProSAFE M7100 Managed Switches no debug udld packet This command disables debugging on the received and transmitted UDLD PDU’s. Format debug udld packet receive Mode Privileged EXEC debug udld packet receive This command enables debugging on the received UDLD PDU’s. Format default udld packet receive Mode...
Page 466: Debug Vpc Core
ProSAFE M7100 Managed Switches no debug udld packet transmit This command enables debugging on the transmitted UDLD PDU’s. Format debug udld packet transmit Mode Privileged EXEC debug vpc core This command enables debug traces for VPC core functionality. Format debug vpc core Mode Privileged EXEC no debug vpc core...
Page 467: Show Debugging
Mode Privileged EXEC show debugging This command displays the packet tracing configuration. Format show debugging Mode Privileged EXEC The following CLI output is an example of the command output. (Netgear Switch) #show debugging Arp packet tracing enabled. Utility Commands...
Page 468: Cable Test Command
ProSAFE M7100 Managed Switches Cable Test Command The cable test feature enables you to determine the cable connection status on a selected port. Note: The cable test feature is supported only for copper cable. It is not supported for optical fiber cable. If the port has an active link while the cable test is run, the link can go down for the duration of the test.
Page 469: Sflow Receiver
ProSAFE M7100 Managed Switches sflow receiver Use this command to configure the sFlow collector parameters (owner string, receiver timeout, max datagram size, IP address, and port). Format sflow receiver <rcvr_idx> {ip <ipaddress> | max datagram <size> | port <port> | owner <owner-string> {timeout <rcvr_timeout> | notimeout}} Mode Global Config...
Page 470: Sflow Poller
ProSAFE M7100 Managed Switches Field Description Receiver Index The sFlow Receiver for this sFlow sampler to which flow samples are to be sent. A value of zero (0) means that no receiver is configured, no packets will be sampled. Only active receivers can be set.
Page 471: Show Sflow Agent
Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: • MIB Version: ‘1.3’, the version of this MIB. • Organization: Netgear. • Revision: 1.0 IP Address The IP address associated with this agent.
Page 472: Show Sflow Pollers
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command: (switch) #show sflow agent sFlow Version........1.3;Netgear;1.0 IP Address........10.131.12.66 show sflow pollers Use this command to display the sFlow polling instances created on the switch. Use “-” for range.
Page 473: Software License Commands
ProSAFE M7100 Managed Switches The following shows example CLI display output for the commands: (switch) #show sflow receivers 1 Receiver Index......... 1 Owner String........Time out........0 IP Address:........0.0.0.0 Address Type........1 Port........... 6343 Datagram Version....... 5 Maximum Datagram Size......1400 show sflow samplers Use this command to display the sFlow sampling instances created on the switch.
Page 474: Show License
ProSAFE M7100 Managed Switches show license This command displays the license status. The License date field indicates the date of the license. The License Status field indicates whether the license is active or inactive. Format show license Mode Privileged EXEC The following shows example CLI display output for the command.
Page 475: Ip Address Conflict Commands
ProSAFE M7100 Managed Switches IP Address Conflict Commands ip address-conflict-detect run This command triggers the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch. Note: This command takes effect only once after it is executed and cannot be saved across power cycles.
Page 476: Llpf Blockall
ProSAFE M7100 Managed Switches llpf blockall Use this command to block LLPF protocol(s) on a port. Use to filter all PDUs with a blockall DMAC of 01:00:00:0C:CC:CX on the interface. Use to filter the ISDP packets on the blockisdp interface. Use to filter the VTP packets on the interface.
Page 477: Rmon Stats And History Commands
ProSAFE M7100 Managed Switches RMON Stats and History Commands The various MIBs within RFC 2819, 3273, and 3434 are arranged into groups. The managed switch supports some of the groups in these RFCs but not all. The managed switch complies with MODULE-COMPLIANCE and OBJECT-GROUP definitions within these RFCs for supporting individual groups.
Page 478: Rfc 3434
ProSAFE M7100 Managed Switches RFC 3434 • Group 1 - High Capacity Alarm Control Group Controls the configuration of alarms for high capacity MIB object instances. • Group 2 - High Capacity Alarm Capabilities Group Describes the high capacity alarm capabilities provided by the agent. •...
Page 479: Rmon Hcalarm
ProSAFE M7100 Managed Switches no rmon alarm This command deletes the rmon alarm entry. Format no rmon alarm <alarm number> Mode Global Config rmon hcalarm This command sets the rmon hcalarm entry in the high capacity RMON alarm MIB group. Format rmon hcalarm <alarm number>...
Page 480: Rmon Event
ProSAFE M7100 Managed Switches Parameter Description High Capacity Alarm The index of the event entry that is used when a falling threshold is crossed. The range is Falling Event Index 1 to 65535. The default is 2. High capacity alarm that might be sent. Possible values are rising alarm (rising), falling Rising/Falling/ Rising-Falling alarm (falling), or both (rising-falling).
Page 481: Rmon Collection History
ProSAFE M7100 Managed Switches rmon collection history This command sets the history control parameters of the RMON historyControl MIB group. Format rmon collection history <index number> [buckets <1-65535>] [interval <1-3600>] [owner <owner>] Mode Interface Config no rmon collection history This command deletes the history control group entry with the specified index number. Format no rmon collection history <index number>...
Page 482: Show Rmon Collection History
ProSAFE M7100 Managed Switches show rmon collection history This command displays the entries in the RMON history control table. Format show rmon collection history Mode Privileged Exec show rmon events This command displays the entries in the RMON event table. Format show rmon events Mode...
Page 483: Udld Commands
ProSAFE M7100 Managed Switches Example: (Switch) # show rmon log Maximum table size: 100 Event Description Time ------------------------------------------------ show rmon statistics interface This command displays the RMON statistics for the given interface. Format show rmon statistics interface <slot/port> Mode Privileged Exec Example: (switch) # show rmon statistics interface 0/1 Interface: 0/1...
Page 484: Udld Timeout Interval
ProSAFE M7100 Managed Switches no udld enable This command disables udld globally on the switch. Format no udld enable Mode Global Config udld message time This command configures the interval between UDLD probe messages on ports that are in the advertisement phase.
Page 485: Udld Port
ProSAFE M7100 Managed Switches udld port This command selects the UDLD mode operating on this interface. If the keyword “aggressive” is not entered, the port operates in normal mode. Default normal Format udld port [aggressive] Mode Interface Config udld reset This command resets all interfaces that have been shut down by UDLD.
Page 486: Usb Commands
ProSAFE M7100 Managed Switches Term Definition UDLD Mode The UDLD mode configured on this interface: either Normal or Aggressive. UDLD Status The status of the link as determined by UDLD. The options are: • Undetermined. UDLD has not collected enough information to determine the state of the port.
Page 487: Dir Usb
ProSAFE M7100 Managed Switches The following is the output if the device is plugged into the USB slot. (switch) #show USB device Device Status………………………………………………… Active Manufacturer…………………………………………………… xxxx Serial Number………………………………………………… yyyyy USB Version Compliance………………………… 2.0 Class Code………………………………………………………… abc Subclass Code………………………………………………… acb Protocol………………………………………………………………...
Page 488: Mbuf Utilization Commands
ProSAFE M7100 Managed Switches MBUF Utilization Commands The MBUF utilization commands let you see which applications and client tasks consume and free up memory buffers (MBUFs). Viewing the count of low, medium, and large MBUFs can be useful during a debugging process. You can configure MBUF utilization thresholds that trigger an MBUF utilization notification when the thresholds are exceeded.
Page 489 (Netgear Switch) #show mbuf MBUF Utilization Monitoring Parameters Rising Threshold....... 0 % Falling Threshold......0 % Severity........5 (Netgear Switch) #show mbuf total Mbufs Total........246 Mbufs Free........246 Mbufs Rx Used........0 Total Rx Norm Alloc Attempts....1095 Total Rx Mid2 Alloc Attempts....15949 Total Rx Mid1 Alloc Attempts....
Page 490: Full Memory Dump Commands
ProSAFE M7100 Managed Switches Full Memory Dump Commands Full memory dump commands let you retrieve the memory dump from a switch. This option is particularly useful when a switch crashes. The memory dump (or core dump) can be analyzed in a debugger to determine the cause of the crash.
Page 491: Exception Core-File
ProSAFE M7100 Managed Switches exception core-file This command configures a prefix for a core dump file name. The maximum prefix length is 15 characters. If you do not specify that the host name must be used in the file name, the MAC address is used in the file name.
Page 492: Show Exception
ProSAFE M7100 Managed Switches show exception This command displays the configuration parameters for generating a core dump file. Format show exception Mode Privileged EXEC Term Description Protocol The configured protocol, which is usb or none. USB mount point The USB mount point configuration. Core File name The core file prefix configuration.
Page 493: Chapter 8 Management Commands
Management Commands This chapter describes the management commands available in the managed switch CLI. This chapter contains the following sections: • Configuring the Switch Management CPU • Network Interface Commands • Console Port Access Commands • Telnet Commands • Secure Shell (SSH) Commands •...
Page 494: Configuring The Switch Management Cpu
To manage the switch via the web GUI or telnet, an IP address needs to be assigned to the switch management CPU. Whereas there are CLI commands that can be used to do this, ezconfig simplifies the task. The tool is applicable to all NETGEAR 7000-series managed switches, and allows you to configure the following parameters: The administrator’s user password and administrator-enable password...
Page 495 ProSAFE M7100 Managed Switches The following is an example of an ezconfig session. NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you thru assigning the IP address for the switch management CPU. It will allow you to save the changes at the end. After the session, simply use the newly assigned IP address to access the Web GUI using any public domain Web browser.
Page 496: Network Interface Commands
ProSAFE M7100 Managed Switches Network Interface Commands This section describes the commands you use to configure a logical interface for management access. To configure the management VLAN, see network mgmt_vlan on page 48. enable (Privileged EXEC access) Use this command to access the Privileged EXEC mode. From the Privileged EXEC mode, you can configure the network interface.
Page 497: Network Javamode
ProSAFE M7100 Managed Switches A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0'). Format network mac-address <macaddr> Mode Privileged EXEC network mac-type Use this command to specify whether the switch uses the burned in MAC address or the locally administered MAC address.
Page 498: Show Network
ProSAFE M7100 Managed Switches show network Use this command to display configuration settings associated with the switch’s network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
Page 499: Console Port Access Commands
ProSAFE M7100 Managed Switches The following shows example CLI display output for the network port. (Netgear Switch) #show network Interface Status....... Always Up IP Address........10.250.3.1 Subnet Mask........255.255.255.0 Default Gateway........ 10.250.3.3 IPv6 Administrative Mode....... Enabled IPv6 Address/Length is ......FE80::210:18FF:FE82:337/64 IPv6 Address/Length is ......
Page 500: Serial Baudrate
ProSAFE M7100 Managed Switches serial baudrate Use this command to specify the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Default 115200 Format serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200} Mode Line Config...
Page 501: Enable Authentication
ProSAFE M7100 Managed Switches no login authentication Use this command to return to the default specified by the command. login authentication Format no login authentication {default | <list-name>} Mode Line Config enable authentication Use this command in line configuration mode to specify an authentication method list when the user accesses a higher privilege level in remote telnet or console.
Page 502: Telnet Commands
ProSAFE M7100 Managed Switches Telnet Commands This section describes the commands you use to configure and view Telnet settings. You can use Telnet to manage the device from a remote management host. ip telnet server enable Use this command to enable Telnet connections to the system and to enable the Telnet Server Admin Mode.
Page 503: Transport Output Telnet
ProSAFE M7100 Managed Switches Note: If the Telnet Server Admin Mode is disabled, Telnet sessions cannot be established. Use the ip telnet server enable command to enable Telnet Server Admin Mode. Default enabled Format transport input telnet Mode Line Config no transport input telnet Use this command to prevent new Telnet sessions from being established.
Page 504: Telnetcon Maxsessions
ProSAFE M7100 Managed Switches no session-limit Use this command to set the maximum number of simultaneous outbound Telnet sessions to the default value. Format no session-limit Mode Line Config session-timeout Use this command to set the Telnet session timeout value. The timeout value unit of time is minutes.
Page 505: Telnetcon Timeout
ProSAFE M7100 Managed Switches telnetcon timeout Use this command to set the Telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set. The time is a decimal value from 1 to 160.
Page 506: Secure Shell (Ssh) Commands
ProSAFE M7100 Managed Switches Term Definition Allow New Indicates whether outbound Telnet sessions will be allowed. Outbound Telnet Sessions show telnetcon Use this command to display the current inbound Telnet settings. In other words, these settings apply to Telnet connections initiated from a remote system to the switch. Format show telnetcon Modes...
Page 507: Ip Ssh Protocol
ProSAFE M7100 Managed Switches ip ssh protocol Use this command to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set. Default 1 and 2 Format ip ssh protocol [1] [2] Mode...
Page 508: Sshcon Timeout
ProSAFE M7100 Managed Switches sshcon timeout Use this command to set the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. The time is a decimal value from 1 to 160. Changing the timeout value for active sessions does not become effective until the session is re accessed.
Page 509: Management Security Commands
ProSAFE M7100 Managed Switches Management Security Commands This section describes commands you use to generate keys and certificates, which you can do in addition to loading them as before. crypto certificate generate Use this command to generate self-signed certificate for HTTPS. The generate RSA key for SSL has a length of 1024 bits.
Page 510: Hypertext Transfer Protocol (Http) Commands
ProSAFE M7100 Managed Switches no crypto key generate dsa Use this command to delete the DSA key files from the device. Format no crypto key generate dsa Mode Global Config Hypertext Transfer Protocol (HTTP) Commands This section describes the commands you use to configure HTTP and secure HTTP access to the switch.
Page 511: Ip Http Java
ProSAFE M7100 Managed Switches no ip http secure-server Use this command to disable the secure socket layer for secure HTTP. Format no ip http secure-server Mode Privileged EXEC ip http java Use this command to enable the Web Java mode. The Java mode applies to both secure and unsecure web connections.
Page 512: Ip Http Authentication
ProSAFE M7100 Managed Switches ip http authentication Use this command to specify the authentication methods for http server users. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 513: Ip Http Session Soft-Timeout
ProSAFE M7100 Managed Switches ip http session soft-timeout Use this command to configure the soft timeout for unsecure HTTP sessions in minutes. Configuring this value to zero will give an infinite soft-timeout. When this timeout expires the user will be forced to reauthenticate. This timer begins on initiation of the Web session and is restarted with each access to the switch.
Page 514: Ip Https Authentication
ProSAFE M7100 Managed Switches no ip http secure-session soft-timeout Use this command to restore the soft timeout for secure HTTP sessions to the default value. Format no ip http secure-session soft-timeout Mode Privileged EXEC ip http secure-session hard-timeout Use this command to configure the hard timeout for secure HTTP sessions in hours. When the timeout expires, the user is forced to reauthenticate.
Page 515: Show Ip Http
ProSAFE M7100 Managed Switches no ip https authentication Use this command to restore the authentication methods to the default for http server users. Format no ip https authentication <method1> [<method2> ...] Mode Global Config ip http secure-port Use this command to set the SSL port where port can be 1-65535 and the default is port 443. Default Format ip http secure-port <portid>...
Page 516: Access Commands
ProSAFE M7100 Managed Switches Term Definition Maximum Allowable HTTP The number of allowable unsecure http sessions. Sessions HTTP Session Hard Timeout The hard timeout for unsecure http sessions in hours. HTTP Session Soft Timeout The soft timeout for unsecure http sessions in minutes. HTTP Mode (Secure) The secure HTTP server administrative mode.
Page 517: User Account Commands
ProSAFE M7100 Managed Switches Term Definition Login Session ID. User Name The name the user entered to log on to the system. Connection From IP address of the remote client machine or EIA-232 for the serial port connection. Idle Time Time this session has been idle.
Page 518: Username Nopassword
ProSAFE M7100 Managed Switches Term Definition Username The name of the user, up to 32 characters. Password The password for the users 8-64 characters. This value can be zero if the no passwords min-length command has been executed. The special characters allowed in the password include: ! # $ % &...
Page 519: Username Unlock
ProSAFE M7100 Managed Switches username unlock Use this command to unlock a user’s account. Only a user with read/write access can reactivate a locked user account. Format username <username> unlock Mode Global Config username snmpv3 accessmode Use this command to specify the snmpv3 access privileges for the specified login user. The valid accessmode values are readonly or readwrite.
Page 520: Username Snmpv3 Encryption
ProSAFE M7100 Managed Switches no username snmpv3 authentication Use this command to set the authentication protocol to be used for the specified user to none. The <username> is the user name for which the specified authentication protocol is used. Format no username snmpv3 authentication <username>...
Page 521: Show Users Accounts
ProSAFE M7100 Managed Switches Term Definition User Name The name the user enters to log in using the serial port, Telnet, or web. Access Mode Shows whether the user is able to change parameters on the switch (Read/Write) or is only able to view them (Read Only).
Page 522: Show Users Long
ProSAFE M7100 Managed Switches (Switch) #show users accounts detail UserName........admin Privilege........15 Password Aging......... --- Password Expiry........ --- Lockout........False Override Complexity Check...... Disable Password Strength......--- UserName........guest Privilege........1 Password Aging......... --- Password Expiry........ --- Lockout........False Override Complexity Check......
Page 523: Passwords History
ProSAFE M7100 Managed Switches passwords min-length Use this command to enforce a minimum password length for local users. The value also applies to the enable password. The valid range is 0–64. Default Format passwords min-length <0-64> Mode Global Config no passwords min-length Use this command to set the minimum password length to the default value.
Page 524: Passwords Lock-Out
ProSAFE M7100 Managed Switches no passwords aging Use this command to set the password aging to the default value. no passwords aging Format Mode Global Config passwords lock-out Use this command to strengthen the security of the switch by locking user accounts that have failed login due to wrong passwords.
Page 525: Passwords Strength Minimum Uppercase-Letters
ProSAFE M7100 Managed Switches passwords strength minimum uppercase-letters Use this command to enforce a minimum number of uppercase letters that a password should contain. The valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Page 526: Passwords Strength Minimum Special-Characters
ProSAFE M7100 Managed Switches no passwords strength minimum numeric-characters Use this command to reset the minimum number of numeric characters to the default value. Format no passwords strength minimum numeric-characters Mode Global Config passwords strength minimum special-characters Use this command to enforce a minimum number of special characters that a password should contain.
Page 527: Passwords Strength Maximum Repeated-Characters
ProSAFE M7100 Managed Switches passwords strength maximum repeated-characters Use this command to enforce a maximum number of repeated characters that a password should contain. An example of repeated characters is aaaa. The valid range is 0-16. If a password has a repetition of characters more than the configured limit, it fails to configure.
Page 528: Show Passwords Configuration
ProSAFE M7100 Managed Switches no passwords strength exclude-keyword Use this command to remove the exclude-keyword. Format no passwords strength exclude-keyword Mode Global Config show passwords configuration Use this command to display the configured password management settings. Format show passwords configuration Mode Privileged EXEC Term...
Page 529: Aaa Authentication Login
ProSAFE M7100 Managed Switches Term Definition Last User Whose Shows the name of the user with the most recently set password. Password Is Set Password Strength Check Shows whether password strength checking is enabled. Last Password Set Result Shows whether the attempt to set a password was successful. If the attempt failed, the reason for the failure is included.
Page 530: Aaa Authentication Enable
ProSAFE M7100 Managed Switches Keyword Description radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS servers for authentication. Note: The local user database is checked. This has the same effect as the following command: aaa authentication login local.
Page 531: Aaa Authentication Dot1X
ProSAFE M7100 Managed Switches • default. Uses the listed authentication methods that follow this argument as the default list of methods when a user accesses a higher privilege level. • <list-name>. Character string used to name the list of authentication methods activated when a user accesses a higher privilege level.
Page 532: Aaa Accounting
ProSAFE M7100 Managed Switches Format aaa authentication dot1x default <method1> [<method2> ...] Mode Global Config method1: At least one from the following table: Keyword Description local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. Uses the internal authentication server users database for authentication.
Page 533: Accounting (Console/Telnet/Ssh)
ProSAFE M7100 Managed Switches • The start-stop and none keywords are the only supported record types for dot1x accounting. The start-stop keyword enables accounting. The none keyword disables accounting. • For the dot1x accounting type, RADIUS is the only accounting method type supported. Format aaa accounting {exec | commands | dot1x} {default | <list_name>} {start-stop | stop-only | none} <method1>...
Page 534: Show Accounting
ProSAFE M7100 Managed Switches Term Definition exec This causes accounting for an EXEC session. commands This causes accounting for each command execution attempt. If a user is enabling accounting for exec mode for the current line-configuration type, they will be logged out. no accounting (Console/Telnet/SSH) This command is used to remove accounting from a line config mode.
Page 535: Show Accounting Methods
ProSAFE M7100 Managed Switches The following shows the CLI display output for the command: (switch) #show accounting Number of Accounting Notifications sent at beginning of an EXEC session: Errors when sending Accounting Notifications beginning of an EXEC session: Number of Accounting Notifications at end of an EXEC session: Errors when sending Accounting Notifications at end of an EXEC session: Number of Accounting Notifications sent at beginning of a command execution: Errors when sending Accounting Notifications at beginning of a command execution:...
Page 536: Aaa Authorization
ProSAFE M7100 Managed Switches aaa authorization This command creates an authorization method list. This list is identified by the default keyword or the <list_name> parameter. If you specify the tacacs keyword as the authorization method, authorization commands are notified to a TACACS+ server. If you specify none is specified as the authorization method, command authorization is not applicable.
Page 537: Show Authorization Methods
ProSAFE M7100 Managed Switches no authorization (console/telnet/ssh) This command is used to remove command authorization from a line config mode. Format no authorization {commands| exec} Mode • Line console • Line telnet • Line SSH show authorization methods This command displays the configured authorization method lists. Format show authorization methods Mode...
Page 538: Domain-Name Enable
ProSAFE M7100 Managed Switches The domain can be enabled or disabled: • Domain enabled. In this case, when the user enters only the user name, then the managed switch sends the user name as the domain name (configured on switch)\username to the RADIUS server.
Page 539: Show Domain-Name
ProSAFE M7100 Managed Switches show domain-name This command displays the configured domain-name. Format show domain-name Mode Privileged EXEC Example: (switch) # (switch) #show domain-name Domain : Enable Domain-name :abc aaa ias-user username The Internal Authentication Server (IAS) database is a dedicated internal database used for local authentication of users for network access through the IEEE 802.1X feature.
Page 540: Password (Aaa Ias User Configuration)
ProSAFE M7100 Managed Switches no aaa session-id This command resets the AAA session identifier to its default. Format no aaa session-id [unique] Mode Global Config password (AAA IAS User Configuration) Use this command to specify a password for a user in the IAS database. Format password <password>...
Page 541: Snmp Commands
ProSAFE M7100 Managed Switches SNMP Commands This section describes the commands you use to configure Simple Network Management Protocol (SNMP) on the switch. You can configure the switch to act as an SNMP agent so that it can communicate with SNMP managers on your network. snmp-server Use this command to set the name and the physical location of the switch and the organization responsible for the network.
Page 542: Snmp-Server Community Ipaddr
ProSAFE M7100 Managed Switches snmp-server community ipaddr Use this command to set a client IP address for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients might use that community to access the device.
Page 543: Snmp-Server Community Mode
ProSAFE M7100 Managed Switches snmp-server community mode Use this command to activate an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the switch according to its access right. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
Page 544: Snmp-Server Enable Traps Violation
ProSAFE M7100 Managed Switches snmp-server enable traps violation Use this command to enable sending new violation traps designating when a packet with a disallowed MAC address is received on a locked port. Note: For other port security commands, see Protected Ports Commands page 287.
Page 545: Snmp-Server Enable Traps Linkmode
ProSAFE M7100 Managed Switches snmp-server enable traps linkmode Use this command to enable Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled. For more information, see snmp trap link-status on page 548...
Page 546: Snmptrap Snmpversion
<name> {ipaddr <ipaddr> | ip6addr <ip6addr>} [snmpversion <snmpversion>] Mode Global Config The following shows an example of the command. (Netgear Switch)# snmptrap mytrap ip6addr 3099::2 no snmptrap Use this command to delete trap receivers for a community. Format no snmptrap <name> {ipaddr <ipaddr> | ip6addr <ip6addr>}...
Page 547: Snmptrap Ipaddr
ProSAFE M7100 Managed Switches snmptrap ipaddr Use this command to assign an IP address to a specified community name. The name can use up to 16 case-sensitive alphanumeric characters. Note: IP addresses in the SNMP trap receiver table must be unique. If you make multiple entries using the same IP address, the first entry is retained and processed.
Page 548: Snmp Trap Link-Status
ProSAFE M7100 Managed Switches Parameter Description tunnel-id The tunnel interface that you want to use as the source IP address. The range of the tunnel ID is from 0 to 7. vlan-id The VLAN interface that you want to use as the source IP address. The range of the VLAN ID is from 1 to 4093.
Page 549: Show Snmpcommunity
ProSAFE M7100 Managed Switches snmp trap link-status all Use this command to enable link status traps for all interfaces. Note: This command is valid only when the Link Up/Down Flag is enabled. For more information, see snmp-server enable traps linkmode page 545.
Page 550: Show Snmptrap
The IPv6 address to receive SNMP traps from this device. SNMP Version SNMPv2 Status The receiver's status (enabled or disabled). The following shows an example of the CLI command. (Netgear Switch)#show snmptrap Community Name IpAddress IPv6 Address Snmp Version Mode Mytrap 0.0.0.0...
Page 551: Show Trapflags
ProSAFE M7100 Managed Switches show trapflags Use this command to display trap conditions. The command’s display shows all the enabled OSPFv2 and OSPFv3 trapflags. Configure which traps the switch should generate by enabling or disabling the trap condition. If a trap condition is enabled and the condition is detected, the SNMP agent on the switch sends the trap to all enabled trap receivers.
Page 552: Radius Commands
ProSAFE M7100 Managed Switches RADIUS Commands This section describes the commands you use to configure the switch to use a Remote Authentication Dial-In User Service (RADIUS) server on your network for authentication and accounting. authorization network radius Use this command to enable the switch to accept VLAN assignment by the radius server. Default disable Format...
Page 553: Radius Server Attribute 4
ProSAFE M7100 Managed Switches radius server attribute 4 Use this command to specify the RADIUS client to use the NAS-IP Address attribute 4 in the RADIUS requests. If the specific IP address is configured while enabling this attribute, the RADIUS client uses that IP address while sending NAS-IP-Address attribute 4 in RADIUS communication.
Page 554 ProSAFE M7100 Managed Switches Note: To reconfigure a RADIUS authentication server to use the default UDP <port>, set the <port> parameter to 1812. If you use the <acct> parameter, the command configures the IP address or hostname to use for the RADIUS accounting server. You can only configure one accounting server. If an accounting server is currently configured, use the “no”...
Page 555: Radius Server Key
ProSAFE M7100 Managed Switches The following shows an example of the command. (Switch) (Config) #radius server host acct 192.168.37.60 (Switch) (Config) #radius server host acct 192.168.37.60 port 1813 (Switch) (Config) #radius server host auth 192.168.37.60 name Network1_RADIUS_Auth_Server port 1813 (Switch) (Config) #radius server host acct 192.168.37.60 name Network2_RADIUS_Auth_Server (Switch) (Config) #no radius server host acct 192.168.37.60 radius server key Use this command to configure the key to be used in RADIUS client communication with the...
Page 556: Radius Server Msgauth
ProSAFE M7100 Managed Switches radius server msgauth Use this command to enable the message authenticator attribute to be used for the specified RADIUS Authenticating server. Format radius server msgauth {<ipaddr> | <dnsname>} Mode Global Config Field Description ip addr The IP address of the server. dnsname The DNS name of the server.
Page 557: Radius Server Retransmit
ProSAFE M7100 Managed Switches radius server retransmit Use this command to configure the global parameter for the RADIUS client that specifies the number of transmissions of the messages to be made before attempting the fall back server upon unsuccessful communication with the current RADIUS authenticating server. When the maximum number of retries are exhausted for the RADIUS accounting server and no response is received, the client does not communicate with any other server.
Page 558: Show Radius
ProSAFE M7100 Managed Switches show radius Use this command to display the values configured for the global parameters of the RADIUS client. Format show radius Mode Privileged EXEC Term Definition Number of Configured The number of RADIUS Authentication servers that have been configured. Authentication Servers Number of Configured The number of RADIUS Accounting servers that have been configured.
Page 559: Show Radius Servers
ProSAFE M7100 Managed Switches show radius servers Use this command to display the summary and details of a single or all RADIUS authenticating servers configured for the RADIUS client. Format show radius servers [<ipaddr> | <dnsname> | name [<servername>]] Mode Privileged EXEC Field Description...
Page 560 ProSAFE M7100 Managed Switches The following examples show CLI display output for the command. (Switch) #show radius servers Host Address Server Name Port Type rent ---- ----------------------- -------------------------------- ----- ---------- 192.168.37.200 Network1_RADIUS_Server 1813 Primary 192.168.37.201 Network2_RADIUS_Server 1813 Secondary 192.168.37.202 Network3_RADIUS_Server 1813 Primary 192.168.37.203...
Page 561: Show Radius Accounting
ProSAFE M7100 Managed Switches show radius accounting Use this command to display a summary of configured RADIUS accounting servers. Format show radius accounting name [<servername>] Mode Privileged EXEC Field Description servername An alias name to identify the server. RADIUS Accounting A global parameter to indicate whether the accounting mode for all the servers is Mode enabled or not.
Page 562: Show Radius Accounting Statistics
ProSAFE M7100 Managed Switches show radius accounting statistics Use this command to display a summary of statistics for the configured RADIUS accounting servers. Format show radius accounting statistics {<ipaddr> | <dnsname> | name <servername>} Mode Privileged EXEC Term Definition ipaddr The IP address of the server.
Page 563 ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (Switch) #show radius accounting statistics 192.168.37.200 RADIUS Accounting Server Name....Default_RADIUS_Server Host Address........192.168.37.200 Round Trip Time....... 0.00 Requests........0 Retransmissions....... 0 Responses........0 Malformed Responses......0 Bad Authenticators......
Page 564: Show Radius Statistics
ProSAFE M7100 Managed Switches show radius statistics Use this command to display the summary statistics of configured RADIUS Authenticating servers. Format show radius statistics {<ipaddr> | <dnsname> | name <servername>} Mode Privileged EXEC Term Definition ipaddr The IP address of the server. dnsname The DNS name of the server.
Page 565: Tacacs+ Commands
ProSAFE M7100 Managed Switches The following shows example CLI display output for the command. (Switch) #show radius statistics 192.168.37.200 RADIUS Server Name......Default_RADIUS_Server Server Host Address......192.168.37.200 Access Requests....... 0.00 Access Retransmissions......0 Access Accepts........ 0 Access Rejects........ 0 Access Challenges......0 Malformed Access Responses....
Page 566: Debug Tacacs Packet
ProSAFE M7100 Managed Switches debug tacacs packet Use the debug tacacs packet command to turn on TACACS+ packet debug. Default Disabled Format debug tacacs packet [receive | transmit] Mode Global Config no debug tacacs packet Use this command to turn off TACACS+ packet debug. Format no debug tacacs packet Mode...
Page 567: Tacacs-Server Keystring
ProSAFE M7100 Managed Switches keyword. In the show running config command’s display, these secret keys are displayed in encrypted format. You cannot show these keys in plain text format. Format tacacs-server key [<key-string> | encrypted <key-string>] Mode Global Config no tacacs-server key Use the no tacacs-server key command to disable the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon.
Page 568: Tacacs-Server Timeout
ProSAFE M7100 Managed Switches no tacacs-server source interface Use this command in Global Configuration mode to remove the global source interface (Source IP selection) for all TACACS+ communications between the TACACS+ client and the server. Format no tacacs-server source-interface Mode Privileged Exec tacacs-server timeout Use the tacacs-server timeout command to set the timeout value for communication with...
Page 569: Show Tacacs
ProSAFE M7100 Managed Switches port Use the port command in TACACS Configuration mode to specify a server port number. The server port-number range is 0–65535. Default Format port <port-number> Mode TACACS Config priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority.
Page 570: Configuration Scripting Commands
ProSAFE M7100 Managed Switches Configuration Scripting Commands Configuration Scripting allows you to generate text-formatted script files representing the current configuration of a system. You can upload these configuration script files to a computer or UNIX system and edit them. Then, you can download the edited files to the system and apply the new configuration.
Page 571: Script Apply
ProSAFE M7100 Managed Switches script apply Use this command to apply the commands in the script to the switch. The <scriptname> parameter is the name of the script to apply. Format script apply <scriptname> Mode Privileged EXEC script delete Use this command to delete a specified script, where the <scriptname> parameter is the name of the script to delete.
Page 572: Pre-Login Banner And System Prompt Commands
ProSAFE M7100 Managed Switches script validate Use this command to validate a script file by parsing each line in the script file, which you specify with the <scriptname> parameter. The validate option is intended to be used as a tool for script development.
Page 573: Set Clibanner
CLI prompt is displayed. By default, no CLI banner is displayed, that is, there is no text. Format show clibanner Mode Privileged EXEC The following CLI output is an example of the command output. (Netgear Switch) #show clibanner Banner Message configured: ========================= Test banner Management Commands...
Page 574: Switch Database Management (Sdm) Templates
ProSAFE M7100 Managed Switches Switch Database Management (SDM) Templates You can use SDM templates to configure system resources in the switch and optimize support for specific features depending on how the switch is used in the network. You can select a template to provide the maximum system usage for a specific function.
Page 575: Ipv6 Management Commands
ProSAFE M7100 Managed Switches Use the optional keywords to list the scaling parameters of a specific template. Format show sdm prefer [dual-ipv4-and-ipv6 default | ipv4-routing {default | data-center}] Mode Privileged EXEC Term Description ARP Entries The maximum number of entries in the IPv4 Address Resolution Protocol (ARP) cache for routing interfaces.
Page 576: Network Ipv6 Enable
ProSAFE M7100 Managed Switches network ipv6 enable Use this command to enable IPv6 operation on the network port. Default enabled Format network ipv6 enable Mode Privileged EXEC no network ipv6 enable Use this command to disable IPv6 operation on the network port. Format no network ipv6 enable Mode...
Page 577: Network Ipv6 Gateway
ProSAFE M7100 Managed Switches Format no network ipv6 address {<address>/<prefix-length> [eui64] | autoconfig | dhcp} Mode Privileged EXEC network ipv6 gateway Use this command to configure IPv6 gateway (default routers) information for the network port. The gateway address is in IPv6 global or link-local address format. Format network ipv6 gateway <gateway-address>...
Page 578: Network Port
The type of neighbor entry. The type is Static if the entry is manually configured and Dynamic if the entry is dynamically resolved. The following CLI output is an example of the command output. (Netgear Switch) #show network ipv6 neighbors Neighbor IPv6 Address...
Page 579: Clear Network Ipv6 Dhcp Statistics
ProSAFE M7100 Managed Switches Term Description Received DHCPv6 Reply The number of DHCPv6 Reply packets discarded on the network interface. Packets Discarded DHCPv6 Malformed The number of DHCPv6 packets that are received malformed on the network Packets Received interface. Total DHCPv6 Packets The total number of DHCPv6 packets received on the network interface.
Page 580: Terminal Display Commands
ProSAFE M7100 Managed Switches Terminal Display Commands Terminal displays commands let you configure the pagination length and number of lines of output to be displayed on the screen for Telnet, SSH, and console sessions. length Use this command to set the pagination length to value number of lines for the sessions specified by configuring on different Line Config modes (Telnet, SSH, and console) and is persistent.
Page 581: Show Terminal Length
ProSAFE M7100 Managed Switches show terminal length Use this command to display the value of the user-configured terminal length size. Format show terminal length Mode Privileged EXEC Management Commands...
Page 582: Chapter 9 Green Ethernet Commands
Green Ethernet Commands The NETGEAR managed switch supports the Energy Efficient Ethernet (EEE) Green Ethernet power saving mode.
Page 583: Energy Efficient Ethernet (Eee) Commands
ProSAFE M7100 Managed Switches Energy Efficient Ethernet (EEE) Commands Energy Efficient Ethernet (EEE) combines MAC with ports that support operation in a Low-Power Mode. This feature is defined by the IEEE 802.3az Energy Efficient Ethernet Task Force. Lower Power Mode enables both send and receive sides of a link to disable some port functionality to save power when the port is lightly loaded.
Page 584: Clear Green-Mode Statistics
ProSAFE M7100 Managed Switches clear green-mode statistics This command clears the following for a specified slot and port, or for all ports: • EEE LPI event count, and LPI duration • EEE LPI history table entries • Cumulative Power savings estimates Format clear green-mode statistics {<slot/port>...
Page 585 ProSAFE M7100 Managed Switches Term Definition Tw_sys_tx (microsec) Integer that indicates the value of Tw_sys that the local system can support. This value is updated by the EEE DLL Transmitter state diagram. This variable maps into the aLldpXdot3LocTxTwSys attribute. Tw_sys Echo (microsec) Integer that indicates the remote system's Transmit Tw_sys that was used by the local system to compute the Tw_sys that it wants to request from the remote system.
Page 586: Show Green-Mode (For The Switch)
ProSAFE M7100 Managed Switches Note: Executing clear green-mode statistics command only clears the EEE Transmit, Receive LPI event count, LPI duration, and Cumulative Energy Savings Estimates of the port. Other status parameters listed in above table will remain unaffected after 'clear green-mode statistics'.
Page 587 ProSAFE M7100 Managed Switches Term Definition Cumulative Energy Saving Estimated Cumulative energy saved per stack in (Watts * hours) due to all green modes per Stack enabled Current Power Power Consumption by all ports in stack in mWatts. Consumption per Stack Power Saving Estimated Percentage Power saved on all ports in stack due to Green mode(s) enabled.
Page 588: Green-Mode Eee-Lpi-History
ProSAFE M7100 Managed Switches 0/19 Disabled Inactive Disabled 0/20 Disabled Inactive Disabled --More-- or (q)uit Interface Energy-Detect Short-Reach-Config Short-Reach Config Auto Forced Config --------- --------- --------- --------- --------- ----------- -------- 0/21 Disabled Inactive Disabled 0/22 Disabled Inactive Disabled 0/23 Disabled Inactive Disabled 0/24...
Page 589: Show Green-Mode Eee-Lpi-History Interface
ProSAFE M7100 Managed Switches show green-mode eee-lpi-history interface This command displays the interface green-mode EEE LPI history. Format show green-mode eee-lpi-history interface <slot/port> Mode Privileged Exec Keyword Description Sampling Interval Interval at which EEE LPI statistics is collected. Total No. of Samples to Keep Maximum number of samples to keep Percentage LPI time per stack Percentage of Total time spent in LPI mode by all port in stack when...
Page 590: Chapter 10 Log Messages
There is no specific action that can be taken per message. When there is a problem being diagnosed, a set of these messages in the event log, along with an understanding of the system configuration and details of the problem will assist NETGEAR in determining the root cause of such a problem.
Page 591: Core
ProSAFE M7100 Managed Switches Core Table 9. BSP Log Messages Component Message Cause Event(0xaaaaaaaa) Switch has restarted. Starting code... BSP initialization complete, starting 7000 series application. Table 10. NIM Log Messages Component Message Cause NIM: L7_ATTACH out of order for Interface creation out of order intIfNum(x) unit x slot x port x NIM: Failed to find interface at unit x slot x...
Page 592: Utilities
ProSAFE M7100 Managed Switches Table 11. System Log Messages Component Message Cause SYSTEM Configuration file Switch CLI.cfg size is 0 The configuration file could not be read. This (zero) bytes message might occur on a system for which no configuration has ever been saved or for which configuration has been erased.
Page 593 ProSAFE M7100 Managed Switches Table 13. DHCP Filtering Log Messages Component Message Cause DHCP Filtering Unable to create r/w lock for DHCP Filtering Unable to create semaphore used for dhcp filtering configuration structure . DHCP Filtering Failed to register with nv Store. Unable to register save and restore functions for configuration save DHCP Filtering...
Page 594 ProSAFE M7100 Managed Switches Table 15. RADIUS Log Messages (continued) Component Message Cause RADIUS RADIUS: Could not allocate accounting Resource issue with RADIUS Client service. requestInfo RADIUS RADIUS: Could not allocate requestInfo Resource issue with RADIUS Client service. RADIUS RADIUS: osapiSocketRecvFrom returned Error while attempting to read data from the error RADIUS server.
Page 595: Management
ProSAFE M7100 Managed Switches Table 16. TACACS+ Log Messages (continued) Component Message Cause TACACS+ TACACS+: invalid major version in received Major version mismatch. packet. TACACS+ TACACS+: invalid minor version in received Minor version mismatch. packet. Table 17. LLDP Log Message Component Message Cause...
Page 596 ProSAFE M7100 Managed Switches Table 20. EmWeb Log Messages (continued) Component Message Cause EmWeb ConnectionType EmWeb socket accept() Socket accept failure for the specified failed: errno connection type. EmWeb ewsNetHTTPReceive failure in Socket receive failure. NetReceiveLoop() - closing connection. EmWeb EmWeb: connection allocation failed Memory allocation failure for the new connection.
Page 597 ProSAFE M7100 Managed Switches Table 22. WEB Log Messages Component Message Cause ewaFormServe_file_upload() - Unknown Unknown error returned while uploading file return code from tftp upload result using TFTP from web interface. Web UI Screen with unspecified access Failed to get application-specific attempted to be brought up authorization handle provided to EmWeb/Server by the application in...
Page 598 ProSAFE M7100 Managed Switches Table 25. SSLT Log Messages Component Message Cause SSLT SSLT: Can't connect to unsecure server at Failed to open connection to unsecure server. XXXX, result = YYYY, errno = ZZZZ XXXX is the unsecure server socket address. YYYY is the result returned from connect function and ZZZZ is the error code.
Page 599: Switching
ProSAFE M7100 Managed Switches Switching Table 27. Protected Ports Log Messages Component Message Cause Protected Ports Protected Port: failed to save configuration Appears when the protected port configuration cannot be saved Protected Ports protectedPortCnfgrInitPhase1Process: Appears when protectedPortCfgRWLock Unable to create r/w lock for protectedPort Fails Protected Ports protectedPortCnfgrInitPhase2Process:...
Page 600 ProSAFE M7100 Managed Switches Table 28. IP Subnet VLANS Log Messages Component Message Cause IPsubnet vlans vlanIpSubnetVlanChangeCallback: Failed to Appears when a dtl fails to add an entry for a add an Entry VLAN add notify event. IPsubnet vlans vlanIpSubnetVlanChangeCallback: Failed to Appears when a dtl fails to delete an entry for delete an Entry a VLAN delete notify event.
Page 601 ProSAFE M7100 Managed Switches Table 30. 802.1x Log Messages Component Message Cause 802.1X dot1xSendRespToServer: Failed sending message to RADIUS server dot1xRadiusAccessRequestSend failed 802.1X dot1xRadiusAcceptProcess: error calling Failed sending accounting start to RADIUS radiusAccountingStart, ifIndex=xxx server 802.1X function: failed sending terminate cause, intf Failed sending accounting stop to RADIUS server Table 31.
Page 602 ProSAFE M7100 Managed Switches Table 32. GARP/GVRP/GMRP Log Messages Component Message Cause GARP/GVRP/ garpMapIntfIsConfigurable, A default configuration does not exist for this gmrpMapIntfIsConfigurable: Error accessing interface. Typically a case when a new GMRP GARP/GMRP config data for interface %d in interface is created and has no garpMapIntfIsConfigurable.
Page 603 ProSAFE M7100 Managed Switches Table 36. IPv6 Provisioning Log Message Component Message Cause IPV6 Provisioning ipv6ProvIntfIsConfigurable: Error accessing A default configuration does not exist for this IPv6 Provisioning config data for interface interface. Typically a case when a new interface is created and has no pre-configuration.
Page 604 ProSAFE M7100 Managed Switches Table 39. 802.1S Log Messages Component Message Cause 802.1S dot1sIssueCmd: Dot1s Msg Queue is The message Queue is full. full!!!!Event: %u, on interface: %u, for instance: %u 802.1S dot1sStateMachineRxBpdu(): Rcvd BPDU The current conditions, like port is not Discarded enabled or we are currently not finished processing another BPDU on the same...
Page 605: Qos
ProSAFE M7100 Managed Switches Table 42. ACL Log Messages Component Message Cause Total number of ACL rules (x) exceeds max The combination of all ACLs applied to an (y) on intf i. interface has resulted in requiring more rules than the platform supports. ACL name, rule x: This rule is not being The ACL configuration has resulted in a logged...
Page 606: Routing And Ipv6 Routing
ProSAFE M7100 Managed Switches Routing and IPv6 Routing Table 45. DHCP Relay Log Messages Component Message Cause DHCP relay REQUEST hops field more than config value The DHCP relay agent has processed a DHCP request whose HOPS field is larger than the maximum value allowed.
Page 607 ProSAFE M7100 Managed Switches Table 46. OSPFv2 Log Messages (continued) Component Message Cause OSPFv2 Dropping the DD packet because of MTU OSPFv2 ignored a Database Description mismatch packet whose MTU is greater than the IP MTU on the interface where the DD was received.
Page 608 ProSAFE M7100 Managed Switches Table 48. Routing Table Manager Log Messages Component Message Cause Routing Table RTO is full. Routing table contains 8000 best The routing table manager, also called “RTO,” Manager routes, 8000 total routes. stores a limited number of best routes, based on hardware capacity.
Page 609: Multicast
ProSAFE M7100 Managed Switches Table 51. RIP Log Message Component Message Cause RIP : discard response from xxx via When RIP response is received with a source unexpected interface address not matching the incoming interface’s subnet. Table 52. DHCP6 Log Message Component Message Cause...
Page 610 ProSAFE M7100 Managed Switches Table 55. IGMP-Proxy Log Messages Component Message Cause IGMP-Proxy Error getting memory for igmp host group When we are unable to allocate memory for record the IGMP group record in the Host (Proxy) table IGMP-Proxy Error getting memory for source record When we are unable to allocate memory for the IGMP source record in the Host (Proxy) table...
Page 611: Stacking
ProSAFE M7100 Managed Switches Table 57. PIM-DM Log Messages Component Message Cause PIM-DM pim_interface_set: Could not give taskSema This message is logged when Task synchronization Semaphore release fails. PIM-DM Error initializing CACHE This message is logged when the PIM-DM (S,G) entry Cache table initialization fails. PIM-DM Error creating PIM-DM pipe This message is logged when the PIM-DM...
Page 612: Technologies
ProSAFE M7100 Managed Switches Technologies Table 60. System General Error Messages Component Message Cause Invalid USP unit = x, slot = x, port =x A port was not translated correctly. In hapiBroadSystemMacAddress call to Failed to add an L2 address to the MAC table. 'bcm_l2_addr_add' - FAILED : x This should only happen when a hash collision occurs or the table is full.
Page 613 ProSAFE M7100 Managed Switches Table 60. System General Error Messages Component Message Cause USL: A Trunk being destroyed doesn't exist in Possible synchronization issue between the application, hardware, and sync layer. USL: A Trunk being set doesn't exist in USL Possible synchronization issue between the application, hardware, and sync layer.
Page 614: O/S Support
ProSAFE M7100 Managed Switches Table 60. System General Error Messages Component Message Cause USL: failed to sync initiator table on unit=x Could not synchronize unit x due to a transport failure or API issue on remote unit. A synchronization retry will be issued USL: failed to sync terminator table on unit=x Could not synchronize unit x due to a transport failure or API issue on remote unit.
Page 615 ProSAFE M7100 Managed Switches Table 61. OSAPI Log Messages (continued) Component Message Cause OSAPI osapiCleanupIf: NetMaskGet During the call to remove the interface from the route table ,the attempt to get the ipv4 interface mask from the stack failed. OSAPI osapiCleanupIf: NetIpDel During the call to remove the interface from the route table, the attempt to delete the...
Page 616: Command List
Command List aaa accounting ............. 532 aaa authentication dot1x .
Page 617 ProSAFE M7100 Managed Switches bootpdhcprelay minwaittime ........... 209 bridge aging-time .
Page 618 ProSAFE M7100 Managed Switches clear vlan ..............406 clear vpc statistics .
Page 619 ProSAFE M7100 Managed Switches debug sflow packet ............462 debug spanning-tree bpdu .
Page 620 ProSAFE M7100 Managed Switches dos-control udpport ............356 dot1x dynamic-vlan enable .
Page 621 ProSAFE M7100 Managed Switches ip address ..............178 ip address dhcp .
Page 622 ProSAFE M7100 Managed Switches ip irdp maxadvertinterval ........... . . 196 ip irdp minadvertinterval .
Page 623 ProSAFE M7100 Managed Switches isdp advertise-v2 ............158 isdp enable .
Page 624 ProSAFE M7100 Managed Switches logging host remove ............390 logging persistent .
Page 625 ProSAFE M7100 Managed Switches mvr immediate ............. 166 mvr mode .
Page 626 ProSAFE M7100 Managed Switches policy-map ..............242 policy-map rename .
Page 627 ProSAFE M7100 Managed Switches script delete ............. . . 571 script list .
Page 628 ProSAFE M7100 Managed Switches show ..............16 show aaa ias-users .
Page 629 ProSAFE M7100 Managed Switches show fiber-ports optical-transceiver-info ......... . 379 show flowcontrol .
Page 630 ProSAFE M7100 Managed Switches show ip route ecmp-groups ........... 191 show ip route preferences .
Page 631 ProSAFE M7100 Managed Switches show loginsession ............516 show mac access-lists .
Page 632 ProSAFE M7100 Managed Switches show radius servers ............559 show radius source-interface .
Page 633 ProSAFE M7100 Managed Switches show users accounts detail ........... 521 show users login-history .
Page 634 ProSAFE M7100 Managed Switches spanning-tree bpdumigrationcheck ..........32 spanning-tree configuration name .
Page 635 ProSAFE M7100 Managed Switches telnetcon timeout ............505 terminal length .
Page 636 ProSAFE M7100 Managed Switches vpc peer-link ..............96 write core .

This manual is also suitable for:

Prosafe m7100 series

NETGEAR ProSAFE M7100-24X Reference Manual

Table of Contents

Chapter 1 Use the Command-Line Interface

Chapter 2 Switching Commands

Chapter 3 Multicast VLAN Registration (MVR)

Chapter 4 Routing Commands

Chapter 5 Quality of Service (Qos) Commands

Chapter 6 Security Commands

Chapter 7 Utility Commands

Chapter 8 Management Commands

Chapter 9 Green Ethernet Commands

Chapter 10 Log Messages

Quick Links

Chapters

Related Manuals for NETGEAR ProSAFE M7100-24X

Summary of Contents for NETGEAR ProSAFE M7100-24X