These modes are described in CLI Command Modes. Users are assigned privilege levels. Each user privilege level can access specific CLI modes. User levels are described in the section below. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 28
15, can create users at this level. Example—Create passwords for level 7 and 15 (by the administrator): switchxxxxxx#configure switchxxxxxx<conf># enable password level 7 level7@abc switchxxxxxx<conf># enable password level 15 level15@abc switchxxxxxx<conf># Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Entering a question mark at the console prompt displays a list of available commands for the current mode and for the level of the user. Specific commands are used to switch from one mode to another. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 30
Global Configuration mode prompt, consisting of the device host name followed by (config)#, is displayed: switchxxxxxx(config)# Use any of the following commands to return from Global Configuration mode to the Privileged EXEC mode: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 31
Interface—Contains commands that configure a specific interface (port, VLAN, port channel, or tunnel) or range of interfaces. The Global Configuration mode command interface is used to enter the Interface Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Using SSH from an application that supports SSH client running on a computer with a network connection to the switch. Telnet and SSH are disabled by default on the switch. NOTE Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 33
Click Enter twice, so that the device sets the serial port speed to match the PC's serial port speed. When the CLI appears, enter cisco at the User Name prompt and then enter cisco for the Password prompt. The switchxxxxxx# prompt is displayed. You can now enter CLI commands to manage the switch.
| character. One option must be selected. For example, flowcontrol {auto|on|off} means that for the flowcontrol command, either auto, on, or off must be selected. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
For example, to set a password for the administrator, enter: switchxxxxxx(config)# username admin password alansmith When working with the CLI, the command options are not displayed. The standard command to request help is ?. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
By default, the history buffer system is enabled, but it can be disabled at any time. For more information on enabling or disabling the history buffer, refer to the history command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Repeating the key sequence will recall successively more recent commands. Ctrl+A Moves the cursor to the beginning of the command line. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Gigabit Ethernet (10/100/1000 kbits) ports—These can be written as either GigabitEthernet or gi or GE. • —LAG (Port Channel)—Written as either Port-Channel or po. • VLAN—Written as VLAN • Tunnel—Written as tunnel or tu Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 39
]<first-port-channel-number>[ - <last-port-channel-number>] | tunnel[ ]<first-tunnel-number>[ - <last-tunnel-number>] | vlan[ ]<first-vlan-id>[ - <last-vlan-id>] A sample of this command is shown in the example below: switchxxxxxx#configure switchxxxxxx(config-if)#interface range gi1-5 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 40
If the egress interface is not specified, the default interface is selected. Specifying egress interface = 0 is equal to not defining an egress interface. The following combinations are possible: • ipv6_address%egress-interface—Refers to the IPv6 address on the interface specified. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This is the definition of the IP configuration when the device is in layer 2 mode: • Only one loopback interface is supported. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 42
Start output from the first line that has a sequence of characters matching the given regular expression pattern • include: Includes only lines that have a sequence of characters matching the given regular expression pattern. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 43
Matches 0 or more sequences of the pattern. Matches 1 or more sequences of the pattern. Matches 0 or 1 occurrences of the pattern. Matches the beginning of the string. Matches the end of the string. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 44
The following example matches any letter except the ones listed: [^a-dqsv] The following example matches anything except a right square bracket (]) or the letter d: [^\]d] Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 45
Matches 1 or more single-character or multiple-character patterns. Matches 0 or 1 occurrences of a single-character or multiple-character pattern. The following example matches any number of occurrences of the letter a, including none: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 46
(| ) . Only one of the alternatives can match the string. For example, the regular expression codex|telebit either matches the string codex or the string telebit, but not both codex and telebit. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 47
For example, the expression [^abcd] indicates a range that matches any single letter, as long as it is not the letters a, b, c, or d. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
An IPv4 ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy maps cannot have the same name. Example switchxxxxxx(config)# ip access-list extended server switchxxxxxx(config-ip-al)# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[log-input] icmp | source source-wildcard | destination no permit {any } {any destination-wildcard | icmp-type | icmp-code number | } [any ] [any ]] [dscp precedence number ][time-range time-range-name Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 50
—Specifies an ICMP message type for filtering ICMP packets. Enter a number or one of the following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 51
ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 53
—Wildcard bits to be applied to the source IP address. Use 1s in the bit position that you want to be ignored. • destination —Destination IP address of the packet. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 54
—List of TCP flags that should occur. If a flag should be set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”. Available Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 55
ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected. Example switchxxxxxx(config)# ip access-list extended server switchxxxxxx(config-ip-al)# deny ip 176.212.0.0 00.255.255 any Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(ARP), which is equivalent to the IPv6 neighbor discovery process, uses a separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly allow ARP packets to be sent and received on an interface. Example switchxxxxxx(config)# ipv6 access-list acl1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 59
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 62
ACE. If a range of ports is used for source port it is counted again if it is also used for destination port. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Command Mode Global Configuration mode User Guidelines A MAC ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy maps cannot have the same name Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
- Specify the priority of the access control entry (ACE) in the access control list (ACL). "1" value represents the highest priority and "2147483647" number represents the lowest priority.(Range: 1-2147483647) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 65
Default Configuration No MAC access list is defined. Command Mode MAC Access-list Configuration mode Example switchxxxxxx(config)# mac access-list extended server1 switchxxxxxx(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff any Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Ethernet interface is disabled if the condition is matched. • log-input—Specifies sending an informational syslog message about the packet that matches the entry. Because forwarding/dropping is done in Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[ ] [default-action {deny-any | permit-any}] no service-acl input Parameters • acl-name —Specifies an ACL to apply to the interface. See the user guidelines. (Range: 1–32 characters). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 68
1. • An ACL cannot be bound as input if it has been bound as output. Example switchxxxxxx(config)# mac access-list extended server-acl Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
A MAC ACL cannot be bound on an interface together with an IPv4 ACL or IPv6 ACL. Two ACLs of the same type cannot be added to a port. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of this command to remove the time range from the device. Syntax time-range time-range-name no time-range time-range-name Parameters time-range-name—Specifies the name for the time range. (Range: 1–32 characters) Default Configuration No time range is defined Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration There is no absolute time when the time range is in effect. Command Mode Time-range Configuration mode Example switchxxxxxx(config)# time-range http-allowed switchxxxxxx(config-time-range)# absolute start 12:00 1 jan 2005 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• list day-of-the-week1 —Specifies a list of days that the time range is in effect. Default Configuration There is no periodic time when the time range is in effect. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Command Mode User EXEC mode Example switchxxxxxx> show time-range http-allowed -------------- absolute start 12:00 1 Jan 2005 end 12:00 31 Dec 2005 periodic Monday 12:00 to Wednesday 12:00 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• VLAN—Specifies a VLAN Command Mode Privileged EXEC mode User Guidelines This command shows whether packets were trapped from ACE hits with logging enable on an interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The any value matches all IP addresses. If is not defined, a src-len value of 32 is applied. A value of must be in the interval 1-32. Default Configuration No access list is defined. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 79
10.29.2.64 to 10.29.2.127. All IP addresses not in this range will be rejected. switchxxxxxx(config)# ip access-list apo permit 10.29.2.64/26 Note: all other access is implicitly denied. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 address based on a matching condition. An implicit deny is applied to address that does not match any access-list entry. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 81
The following example of an access list allows only the one specified prefix: Any IPv6 address that does not match the access list statements will be rejected. switchxxxxxx(config)# ipv6 access-list 1 permit 3001::2/64 Note: all other access implicitly denied. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
You can select either authentication by a RADIUS server, no authentication (none), or both methods. If you require that authentication succeeds even if no RADIUS server response was received, specify none as the final method in the command line. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
In the mode the switch performs failure replies received from a Radius server as success. Example The following example enables open mode on interface gi11: switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# authentication open Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To specify web-based page customizing, the data command is used in Web-Based Page Customization Configuration mode. Syntax value data Parameters • value —String of hexadecimal digit characters up to 320 characters. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 85
Example 2 —The following example shows how Web-Based Page customization is displayed when running the show running-config command: switchxxxxxx# show running-config dot1x page customization data ******** exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (VLAN) Configuration mode User Guidelines The guest VLAN cannot be configured as unauthorized VLAN. Example The following example enables unauthorized devices access to VLAN 5. switchxxxxxx(config)# interface vlan switchxxxxxx(config-if)# dot1x auth-not-req Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If a dynamic MAC address authenticated by MAC-based authentication is changed to a static one, it will not be manually re-authenticated. b. Removing a dynamic MAC address authenticated by the MAC-based authentication causes its re-authentication. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
A device can have only one global guest VLAN. The guest VLAN must be a static VLAN and it cannot be removed. An unauthorized VLAN cannot be configured as guest VLAN. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command cannot be configured if the monitoring VLAN is enabled on the interface. If the port does not belong to the guest VLAN itThe port is added to the guest VLAN as an egress untagged port. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the time delay in seconds between enabling 802.1X (or port up) and adding the port to the guest VLAN. (Range: 30–180). Default Configuration The guest VLAN is applied immediately. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 92
(session-based mode). If the multi-sessions mode is configured on a port the port does have any authentication status. Any number of hosts can be Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 93
The MAC address will be removed after the aging timeout expires. Example switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# dot1x host-mode multi-host Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command is relevant only for multi-session mode. Example The following example limits the maximum number of authorized hosts on Ethernet port gi11 to 6: switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# dot1x max-hosts Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The command is applied only to the Web-based authentication. Example The following example sets maximum number of allowed login attempts to 5: switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# dot1x max-login-attempts 5 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example sets the maximum number of times that the device sends an EAP request/identity frame to 6. switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# dot1x max-req Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
A user must customize the web-based authentication pages by using the browser Interface. Example The following example shows part of a web-based page customization configuration: switchxxxxxx(config)# dot1x page customization switchxxxxxx(config-web-page)# data 1feabcde switchxxxxxx(config-web-page)# data 17645874 switchxxxxxx(config-web-page)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Note. It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1X edge ports in auto state that are connected to end Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
RADIUS server authorized the supplicant, but did not provide a supplicant VLAN, the supplicant is accepted. Default Configuration reject Command Mode Interface (Ethernet) Configuration mode User Guidelines If RADIUS provides invalid VLAN information, the authentication is rejected. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 100
To manually re-authenticate, use the dot1x re-authenticate command. The command cannot be configured on a port if it together with • WEB-Based authentication • Multicast TV-VLAN • Q-in-Q • Voice VLAN Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[ interface-id Parameters • interface-id —Specifies an Ethernet port. Default Configuration If no port is specified, command is applied to all ports. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
3.19 dot1x system-auth-control To enable 802.1X globally, use the dot1x system-auth-control command in Global Configuration mode. To restore the default configuration, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • seconds —Specifies the time interval in seconds that the device remains in a quiet state following a failed authentication exchange with a client. (Range: 10–65535 seconds). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To set the number of seconds between re-authentication attempts, use the dot1x timeout reauth-period command in Interface Configuration mode. To restore the default configuration, use the no form of this command. Syntax seconds dot1x timeout reauth-period Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • seconds server-timeout —Specifies the time interval in seconds during which the device waits for a response from the authentication server. (Range: 1–65535 seconds). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • seconds —Specifies the silence interval in seconds. The valid range is 60 - 65535. Default Configuration The silence period is not limited. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
EAP request frame from the client before resending the request. (Range: 1–65535 seconds). Default Configuration The default timeout period is 30 seconds. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the time interval in seconds during which the device waits for a response to an EAP-request/identity frame from the client before resending the request. (Range: 30–65535 seconds). Default Configuration The default timeout period is 30 seconds. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To disable the traps, use the no form of this command. Syntax dot1x traps authentication quiet no dot1x traps authentication quiet Parameters Default Configuration Quiet traps are disabled. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use this command to unlock a client that was locked after the maximum allowed authentication failed attempts and to end the quiet period. If the client is not in the quiet period, the command has no affect. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If seconds = 0 traps are disabled. If the parameter is not specified, it defaults to 1 second for the restrict mode and 0 for the other modes. Default Configuration Protect Command Mode Interface (Ethernet) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Display for all ports. If detailed is not used, only present ports are displayed. Command Mode Privileged EXEC mode Example The following example displays authentication information for all interfaces on which 802.1x is enabled: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 119
Number of seconds that the device waits for a response from the authentication server before resending the request. • — Session Time Amount of time (HH:MM:SS) that the user is logged in. • — MAC address Supplicant MAC address. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Examples The following example displays locked clients: Example 1 switchxxxxxx# show dot1x locked clients Port MAC Address Remaining Time -------------- -------------- ------- gi11 0008.3b79.8787 gi11 0008.3b89.3128 gi12 0008.3b89.3129 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 122
Packet Body Length field is invalid. LastEapolFrameVersion Protocol version number carried in the most recently received EAPOL frame. LastEapolFrameSource Source MAC address carried in the most recently received EAPOL frame. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Allan 0008.3b79.8787 Remote 00:11:12 gi12 John 0008.3baa.0022 Remote 00:27:16 gi12 Example 2. The following example displays 802.1X user with supplicant username Bob: switchxxxxxx# show dot1x users username Bob Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 124
802.1X Commands Port Udsername MAC Address Auth Auth Session VLAN Method Server Time ---------------- --------------- -------------------- ---------- --------- ---------- ------- 0008.3b71.1111 802.1x Remote 09:01:00 1020 gi11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
All registered Multicast addresses will be forwarded to the Multicast groups. There are two ways to manage Multicast groups, one is the IGMP Snooping feature, and the other is the bridge multicast forward-all command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (VLAN) Configuration mode User Guidelines Use the mac-group option when using a network management system that uses a MIB based on the Multicast MAC address. Otherwise, it is recommended to use Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 127
If an application on the device requests (*,G), the operating FDB mode is changed ipv4-group. Example The following example configures the Multicast bridging mode as an mac-group on VLAN 2. switchxxxxxx(config)# interface vlan 2 switchxxxxxx(config-if)# bridge multicast mode mac-group Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To register the group in the bridge database without adding or removing ports or port channels, specify the mac-multicast-address parameter only. Static Multicast addresses can be defined on static VLANs only. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • mac-multicast-address | ipv4-multicast-address—Specifies the group Multicast address. • add—Forbids adding ports to the group. • remove—Forbids removing ports from the group. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IInterface (VLAN) Configuration mode command. To unregister the IP address, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 131
Static Multicast addresses can be defined on static VLANs only. You can execute the command before the VLAN is created. Example The following example registers the specified IP address to the bridge table: switchxxxxxx(config)# interface vlan 8 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels. Default Configuration No forbidden addresses are defined. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IP Multicast address. • add—(Optional) Adds ports to the group for the specific source IP address. • remove—(Optional) Removes ports from the group for the specific source IP address. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The default mode is mac-group. Command Mode Interface (VLAN) Configuration mode User Guidelines Use the mac-group mode when using a network management system that uses a MIB based on the Multicast MAC address. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 137
You can execute the command before the VLAN is created. Example The following example configures the Multicast bridging mode as an ip-group on VLAN 2. switchxxxxxx(config)# interface vlan 2 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels. Default Configuration No Multicast addresses are defined. The default option is add. Command Mode Interface (VLAN) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To register a source IPv6 address - Multicast IPv6 address pair to the bridge table, and statically add or remove ports to or from the source-group, use the bridge Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 141
The default option is add. Command Mode Interface (VLAN) Configuration mode Example The following example registers a source IPv6 address - Multicast IPv6 address pair to the bridge table: switchxxxxxx(config)# interface vlan 8 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces; use a hyphen to designate a range of port channels. Default Configuration No forbidden addresses are defined. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Multicast packets. • interface-list ethernet —Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Multicast packets. • interface-list ethernet —Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (Ethernet, Port Channel) Configuration mode command. To restore the default configuration, use the no form of this command. Syntax bridge unicast unknown {filtering | forwarding} no bridge unicast unknown Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[ interface-id Parameters interface-id —(Optional) Specify an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel Command Mode Privileged EXEC mode Example Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• delete-on-reset—(Optional)The delete-on-reset static MAC address. • delete-on-timeout—(Optional)The delete-on-timeout static MAC address. • secure—(Optional)The secure MAC address. May be used only in a secure mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 149
A secure MAC address may be added only in a secure port mode. • dynamic— a MAC address learned by the switch in non-secure mode. A value of its time-to-live attribute is delete-on-timeout. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To remove learned or secure entries from the forwarding database (FDB), use the clear mac address-table Privileged EXEC mode command. Syntax interface-id clear mac address-table dynamic interface interface-id clear mac address-table secure interface Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To set the aging time of the address table, use the mac address-table aging-time Global configuration command. To restore the default, use the no form of this command. Syntax seconds mac address-table aging-time no mac address-table aging-time Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Sends SNMP traps and specifies the minimum time interval in seconds between consecutive traps. (Range: 1–1000000) Default Configuration The feature is disabled by default. The default mode is discard. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To configure the port security learning mode, use the port security mode Interface (Ethernet, Port Channel) Configuration mode command. To restore the default configuration, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 154
The static MAC addresses may be added on the port manually by the address-table static command. The command may be used only when the interface in the regular (non-secure with unlimited MAC learning) mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the maximum number of addresses that can be learned on the port. (Range: 0–256) Default Configuration This default maximum number of addresses is 1. Command Mode Interface (Ethernet, Port Channel) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Displays entries for a specific interface ID. The interface ID can be one of the following types: Ethernet port or port-channel. • mac-address address —(Optional) Displays entries for a specific MAC address. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 157
Example 2 - Displays address table entries containing the specified MAC address. switchxxxxxx# show mac address-table address 00:3f:bd:45:5a:b1 Aging time is 300 sec VLAN MAC Address Port Type -------- --------------------- ---------- ---------- 00:3f:bd:45:5a:b1 static gi14 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
4.27 show bridge multicast mode To display the Multicast bridging mode for all VLANs or for a specific VLAN, use the show bridge multicast mode Privileged EXEC mode command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 160
If VLAN ID is not entered, entries for all VLANs are displayed. If MAC or IP address is not supplied, entries for all addresses are displayed. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 161
Multicast address table for VLANs in IPv4-GROUP bridging mode: Vlan MAC Address Type Ports ---- ----------------- -------------- ----- 224.0.0.251 Dynamic gi12 Forbidden ports for Multicast addresses: Vlan MAC Address Ports ---- ----------------- ----- 232.5.6.5 233.22.2.6 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Specifies the source IPv4 address. ipv6-address—(Optional) Specifies the source IPv6 address. Default Configuration When all/mac/ip is not specified, all entries (MAC and IP) will be displayed. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Default Configuration Display for all interfaces. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Display for all interfaces. If detailed is not used, only present ports are displayed. Command Mode Privileged EXEC mode Example The following example displays the port-lock status of all ports. switchxxxxxx# show ports security Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel. • detailed—(Optional) Displays information for non-present ports in addition to present ports. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 170
MAC address. Specific configurations (that contain service type) have precedence over less specific configurations (contain only MAC address). The packets that are bridged are subject to security ACLs. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Keyword Description enable Uses the enable password for authentication. line Uses the line password for authentication. local Uses the locally-defined usernames for authentication. none Uses no authentication. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The aaa authentication enable Global Configuration mode command sets one or more authentication methods for accessing higher privilege levels. To restore the default authentication method, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 174
On a console, the enable password is used if a password exists. If no password is set, authentication still succeeds. This is the same as entering the command aaa authentication enable default enable none. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Telnet or console session. Use the no form of this command to restore the default authentication method. Syntax list-name login authentication {default | no login authentication Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Telnet or console. Use the no form of this command to restore the default authentication method. Syntax list-name} enable authentication {default | Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The ip http authentication Global Configuration mode command specifies authentication methods for HTTP server access. Use the no form of this command to restore the default authentication method. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 178
The command is relevant for HTTP and HTTPS server users. Example The following example specifies the HTTP access authentication methods. switchxxxxxx(config)# ip http authentication aaa login-authentication radius local none Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration No password is defined. Command Mode Line Configuration Mode Example The following example specifies the password ‘secret’ on a console. switchxxxxxx(config)# line console Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If the administrator wants to manually copy a password that was configured on one switch (for instance, switch B) to another switch (for instance, switch A), the Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following log message is generated to the terminal: “All the configuration and user files were removed”. Syntax service password-recovery no service password-recovery Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 183
Note that choosing to use Password recovery option in the Boot Menu during the boot process will remove the configuration files and the user files. Would you like to continue ? Y/N. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode Usage Guidelines The last level 15 user (regardless of whether it is the default user or any user) cannot be removed and cannot be a remote user. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The show users accounts Privileged EXEC mode command displays information about the users local database. Syntax show users accounts Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays information about the users local database: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • group radius—Uses a RADIUS server for accounting. • group tacacs+—Uses a TACACS+ server for accounting. Default Configuration Disabled Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 187
A unique accounting identifier. (44) Acct-Authentic (45) Indicates how the supplicant was authenticated. Acct-Session-Time Indicates how long the user was (46) logged in. Acct-Terminate-Cau Reports why the session was se (49) terminated. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Configuration mode command. Use the no form of this command to disable accounting. Syntax aaa accounting dot1x start-stop group radius no aaa accounting dot1x start-stop group radius Parameters Default Configuration Disabled Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 189
The arbitrary value that is included in all accounting packets for a specific session. Called-Station-ID (30) The switch MAC address. Calling-Station-ID (31) The supplicant MAC address. Acct-Session-ID (44) A unique accounting identifier. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The show accounting EXEC mode command displays information as to which type of accounting is enabled on the switch. Syntax show accounting Parameters Default Configuration Command Mode User EXEC mode Example The following example displays information about the accounting status. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Contains no character that is repeated more than 3 times consecutively. • Does not repeat or reverse the user name or any variant reached by changing the case of the characters. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of these commands to return to default. Syntax passwords complexity {min-length number } | {min-classes number } | not-current | number {no-repeat } | not-username | not-manufacturer-name Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 193
All the other controls are enabled by default. Command Mode Global Configuration mode Example The following example configures the minimal required password length to 8 characters. passwords complexity min-length 8 switchxxxxxx(config)# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example configures the aging time to be 24 days. passwords aging switchxxxxxx(config)# 5.18 show passwords configuration The show passwords configuration Privileged EXEC mode command displays information about the password management configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 195
New password must be different than the user name: Enabled New password must be different than the manufacturer name: Enabled Enable Passwords Level ----- Line Passwords Line ----- Console Telnet Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 196
Authentication, Authorization and Accounting (AAA) Commands Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(Range: 1-16 characters) Default Configuration Enabled by default with the auto option. Command Mode Global Configuration mode User Guidelines The TFTP or SCP protocol is used to download/upload a configuration file. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(Default)—Auto-configuration uses the TFTP or SCP protocol depending on the Indirect image file's extension. If this option is selected, the extension parameter may be specified or, if not, the default extension is used. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show boot Privilege EXEC mode command to show the status of the IP DHCP Auto Config process. Syntax show boot Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 200
Image Download via DHCP: enabled switchxxxxxx# show boot Auto Config ------------ Config Download via DHCP: enabled Download Protocol: scp Configuration file auto-save: enabled Auto Config State: Opening <hostname>-config file Auto Update Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 201
Auto Config State: Searching device hostname in indirect file Auto Update ----------- Image Download via DHCP: enabled switchxxxxxx# show boot Auto Config ------------ Config Download via DHCP: enabled Download Protocol: tftp Configuration file auto-save: enabled Auto Update Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The backup server can be a TFTP server or a SCP server. Examples Example 1. The example specifies the IPv4 address of TFTP server: ip dhcp tftp-server ip address 10.5.234.232 switchxxxxxx(config)# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
No file name Command Mode Global Configuration mode User Guidelines The backup server can be a TFTP server or an SCP server. Examples switchxxxxxx(config)# ip dhcp tftp-server file conf/conf-file Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show ip dhcp tftp-server EXEC mode command to display information about the backup server. Syntax show ip dhcp tftp-server Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 205
The backup server can be a TFTP server or a SCP server. Example show ip dhcp tftp-server server address active 1.1.1.1 from sname manual 2.2.2.2 file path on server active conf/conf-file from option 67 manual conf/conf-file1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To remove L2 interfaces from this list, use the no format of the command. Syntax interface-list bonjour interface range interface-list no bonjour interface range [ Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN 100-103 show bonjour To display Bonjour information, use the show bonjour command in Privileged EXEC mode. Syntax interface-id show bonjour [ Parameters • interface-id —Specifies an interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 208
Bonjour global status: enabled Bonjour L2 interfaces list: vlans 1 Service Admin Status Oper Status ------- ------------ -------------- csco-sb enabled enabled http enabled enabled https enabled disabled enabled disabled telnet enabled disabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable sending of the Appliance TLV, use the cdp appliance-tlv enable command in Global Configuration mode. To disable the sending of the Appliance TLV, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 210
Appliance VLAN-ID TLV; or, if the VVID is not supported on the port, this MIB object will not be configurable and will return 4096. Example switchxxxxxx(config)# cdp appliance-tlv enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Tp enable CDP on interface, use the cdp enable command in Interface (Ethernet) Configuration mode. To disable CDP on an interface, use the no form of the CLI command. Syntax cdp enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters seconds—Value of the Time-to-Live field in seconds. The value should be greater than the value of the Transmission Timer. Parameters range seconds—10 - 255. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
SYSLOG voip mismatch messages if they do not match, use the cdp log mismatch voip Global and Interface Configuration mode command in Global Configuration mode and Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
CDP frames, use the cdp mandatory-tlvs validation command in Global Configuration mode. To disables the validation, use the no form of this command. Syntax cdp mandatory-tlvs validation no cdp mandatory-tlvs validation Parameters Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
CDP is globally disabled, CDP packets are flooded to all the ports in the product that are in STP forwarding state, ignoring the VLAN filtering rules. Default Configuration bridging Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
CDP is a link layer protocols for directly-connected CDP/LLDP-capable devices to advertise themselves and their capabilities. In deployments where the CDP/LLDP capable devices are not directly connected and are separated with CDP/LLDP Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the cdp source-interface command to specify an interface whose minimal IP address will be advertised in the TVL instead of the minimal IP address of the outgoing interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 3. The example clears the CDP counters of Ethernet port switchxxxxxx# clear cdp couters interface gi11 8.15 clear cdp table To delete the CDP Cache tables, use the clear cdp table command in Privileged EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• version—Limits the display to information about the version of software running on the neighbors. Default Configuration Version Command Mode Privileged EXEC mode Example Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Compiled Mon 07-Apr-97 19:51 by dschwart 8.18 show cdp interface To display information about ports on which CDP is enabled, use the show cdp interface command in Privileged EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display information about neighbors kept in the main or secondary cache, use the show cdp neighbors command in Privileged EXEC mode. Syntax interface-id show cdp neighbors [ ] [detail | secondary] Parameters • interface-id—Displays the neighbors attached to this port. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 225
S I M ESW-520-8P ESW-540-8P gi48 S I M ESW-540-8P 003106131611 gi48 Company fa2/1 XX-23R-E 001828100211 gi48 Company fa2/2 XX-23R-E c47d4fed9302 gi48 Company fa2/5 XX-23R-E show cdp neighbors detail switchxxxxxx# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 226
IP address: 1.6.1.81 Platform: Company IP Phone x8810, Capabilities: Host Interface: gi11, Port ID (outgoing port): Port 1 Time To Live: 150 sec Version : P00303020204 Duplex: full sysName: a-switch Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 228
Interface—The protocol and port number of the port on the current device. • IP Network Prefix—It is used by On Demand Routing (ODR). When transmitted by a hub router, it is a default route (an IP address). When Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 229
Remote Port_ID—Identifies the port the CDP packet is sent on • sysName—An ASCII string containing the same value as the sending device's sysName MIB object. • sysObjectID—The OBJECT-IDENTIFIER value of the sending device's sysObjectID MIB object. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
CDP is really running on the port, i.e. CDP is enabled globally and on the port, which is UP. Examples: Example 1 - In this example, CDP is disabled and no information is displayed. switchxxxxxx# show cdp tlv Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 231
CDP is enabled who are up. switchxxxxxx# show cdp tlv interface cdp globally is enabled Capability Codes: R - Router,T - Trans Bridge, B - Source Route Bridge Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 232
CDP is enabled on gi13 Ethernet gi13 is down Example 5 - In this example, CDP is globally enabled and enabled on the PSE PoE port, which is up and information is displayed. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 233
4-pair PoE Supported: Yes Spare pair Detection/Classification required: Yes PD Spare Pair Desired State: Disabled PSE Spare Pair Operational State: Disabled Request-ID is 1 Power management-ID is 1; Available-Power is 15.4; Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 234
4-wire Power-via-MDI (UPOE) TLV: 4-pair PoE Supported: No Power Requested TLV: Request-ID is 1 Power management-ID is 1; Requested Power Level is 10; Requested Power Level is 8; Power Consumption TLV: 10 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 236
CDP version 2 advertisements output—The number of CDP Version 2 advertisements sent by the local device. • CDP version 2 advertisements Input—The number of CDP Version 2 advertisements received by the local device. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Month (first three letters by name). (Range: Jan...Dec) • year —Year (no abbreviation) (Range: 2000–2097) Default Configuration There is no absolute time when the time range is in effect. Command Mode Time-range Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The TimeZone and SummerTime remain effective after the IP address lease time has expired. The TimeZone and SummerTime that are taken from the DHCP server are cleared after reboot. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the current month using the first three letters of the month name. (Range: Jan–Dec) • year —Specifies the current year. (Range: 2000–2037) Default Configuration The time of the image creation. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
User Guidelines After boot the system clock is set to the time of the image creation. If no parameter is specified, SNTP will be configured as the time source. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • zone —The acronym of the time zone to be displayed when summer time is in effect. (Range: up to 4 characters) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 243
USA rules for Daylight Saving Time: • From 2007: Start: Second Sunday in March End: First Sunday in November Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—The acronym of the time zone. (Range: Up to 4 characters) • hours-offset —Hours difference from UTC. (Range: (-12)–(+13)) • minutes-offset —(Optional) Minutes difference from UTC. (Range: 0–59) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable the SNTP Anycast client, use the sntp anycast client enable command in Global Configuration mode. To restore the default configuration, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable authentication for received SNTP traffic from servers, use the sntp authenticate command in Global Configuration mode. To restore the default configuration, use the no form of this command. Syntax sntp authenticate no sntp authenticate Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If the parameter is not defined it is the default value. • ipv4—(Optional) Specifies the IPv4 SNTP Broadcast clients are enabled. • ipv6—(Optional) Specifies the IPv6 SNTP Broadcast clients are enabled. Default Configuration The SNTP Broadcast client is disabled. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies an interface ID, which can be one of the following types: Ethernet port, Port-channel or VLAN. Default Configuration The SNTP client is disabled. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface Configuration mode User Guidelines This command enables the SNTP Broadcast and Anycast client on an interface. Use the no form of this command to disable the SNTP client. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Specifies the Authentication key to use when sending packets to this peer. (Range:1–4294967295) Default Configuration The following servers with polling and without authentication are defined: • time-a.timefreq.bldrdoc.gov Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To restore the default configuration, use the no form of this command. Syntax interface-id sntp source-interface no sntp source-interface Parameters • interface-id —Specifies the source interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To restore the default configuration, use the no form of this command. Syntax interface-id sntp source-interface-ipv6 no sntp source-interface-ipv6 Parameters • interface-id —Specifies the source interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Configuration mode. To restore the default configuration, use the no form of this command. Syntax key-number sntp trusted-key key-number no sntp trusted-key Parameters • key-number —Specifies the key number of the authentication key to be trusted. (Range: 1–4294967295). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
SNTP Unicast clients, use the no form of this command. Syntax sntp unicast client enable no sntp unicast client enable Parameters Default Configuration The SNTP unicast clients are disabled. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1 - The following example displays the system time and date. switchxxxxxx# show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Time from Browser is enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Offset is 60 minutes. DHCP timezone: Enabled 9.21 show sntp configuration To display the SNTP configuration on the device, use the show sntp configuration command in Privileged EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 260
Alice456 ----------------------------------- Authentication is not required for synchronization. No trusted keys Unicast Clients: enabled Unicast Clients Polling: enabled Server: 1.1.1.121 Polling: disabled Encryption Key: disabled Server: 3001:1:1::1 Polling: enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the SNTP servers status, use the show sntp status command in Privileged EXEC mode. Syntax show sntp status Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays the SNTP servers status: switchxxxxxx# show sntp status Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Time-range Configuration mode in Global Configuration mode. To restore the default configuration, use the no form of this command. Syntax time-range-name time-range time-range-name no time-range Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 264
SNTP. If the software clock is not set by the user or by SNTP, the time range is not activated. Example switchxxxxxx(config)# time-range http-allowed switchxxxxxx(config-time-range)# periodic mon 12:00 to wed 12:00 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Fragmented packets are allowed from all interfaces. If mask is unspecified, the default is 255.255.255.255. If prefix-length is unspecified, the default is 32. Command Mode Interface (Ethernet, Port Channel) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IP address prefix. The prefix length must be preceded by a forward slash (/). Default Configuration Echo requests are allowed from all interfaces. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
{add | remove} ( security-suite deny martian-addresses Add/remove system-reserved IP addresses, see tables below) no security-suite deny martian-addresses (This command removes addresses reserved by security-suite deny martian-addresses {add {ip-address {mask | Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 268
Default Configuration Martian addresses are allowed. Command Mode Global Configuration mode User Guidelines For this command to work, show security-suite configuration must be enabled globally. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (Ethernet, Port Channel) Configuration mode command. This a complete block of these connections. To permit creation of TCP connections, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 270
IP addresses and destination TCP ports. Example The following example attempts to block the creation of TCP connections from an interface. It fails because security suite is enabled globally and not per interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The feature is disabled by default. Command Mode Global Configuration mode Example The following example blocks TCP packets in which both SYN and FIN flags are set. switchxxxxxx(config)# security-suite deny sin-fin Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode User Guidelines For this command to work, show security-suite configuration must be enabled globally. Example The following example protects the system from the Invasor Trojan DOS attack. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If prefix-length is unspecified, the default is 32. Command Mode Interface (Ethernet, Port Channel) Configuration mode User Guidelines For this command to work, show security-suite configuration must be enabled both globally and for interfaces. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
When security-suite is enabled, you can specify the types of protection required. The following commands can be used: • show security-suite configuration • show security-suite configuration • show security-suite configuration Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 275
Example 1—The following example enables the security suite feature and specifies that security suite commands are global commands only. When an attempt is made to configure security-suite on a port, it fails. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
SYN traffic from attacking ports destined to the local system is blocked, and a rate-limited SYSLOG message (one per minute) is generated Default Configuration The default mode is block. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode command. To set the time period to its default value, use the no form of this command. Syntax security-suite syn protection recovery timeout no security-suite syn protection recovery Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(number of packets per second) from each specific port that triggers identification of TCP SYN attack. (Range: 20-200) Default Configuration The default threshold is 80pps (packets per second). Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Protection Mode: Block Threshold: 40 Packets Per Second Period: 100 Seconds Interface Name Last Attack Current Status gi11 Attacked 19:58:22.289 PDT Feb 19 2012 Blocked and Reported Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 281
Denial of Service (DoS) Commands gi12 Attacked 19:58:22.289 PDT Feb 19 2012 Reported gi13 Attacked 19:58:22.289 PDT Feb 19 2012 Blocked and Reported Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration DHCP relay feature is disabled. Command Mode Global Configuration mode Example The following example enables the DHCP relay feature on the device. switchxxxxxx(config)# ip dhcp relay enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN, and option 82 is enabled. Example The following example enables DHCP Relay on VLAN 21. switchxxxxxx(config)# interface vlan switchxxxxxx(config-if)# ip dhcp relay enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The no form of the command without the argument deletes all global defined DHCP servers. Example The following example defines the DHCP server on the device. switchxxxxxx(config)# ip dhcp relay address 176.16.1.1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The no form of the command without the argument deletes all DHCP servers. Example The following example defines the DHCP server on the device. switchxxxxxx(config)# interface vlan switchxxxxxx(config-if)# ip dhcp relay address 176.16.1.1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Maximum number of supported VLANs without IP Address: 0 Number of DHCP Relays enabled on VLANs without IP Address: 4 DHCP relay is enabled on Ports: gi11,po1-2 Active: Inactive: gi11, po1-4 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 287
Maximum number of supported VLANs without IP Address is 4 Number of DHCP Relays enabled on VLANs without IP Address: 2 DHCP relay is enabled on Ports: gi11,po1-2 Active: gi11 Inactive: po1-2 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DHCP option-82 data insertion is disabled. Command Mode Global Configuration mode User Guidelines DHCP option 82 would be enabled only if DHCP snooping or DHCP relay are enabled. Example switchxxxxxx(config)# ip dhcp information option Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration Command Mode User EXEC mode Example The following example displays the DHCP Option 82 configuration. switchxxxxxx# show ip dhcp information option Relay agent Information option is Enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Bytes are separated by a period or colon. For example, 01b7.0813.8811.66. • mac-address —Specifies the client MAC address. Default Configuration No address are bound. Command Mode DHCP Pool Host Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
{ | low high prefix-length no address Parameters • network-number —Specifies the IP address of the DHCP address pool. • mask —Specifies the pool network mask. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable auto default router, use the auto-default-router command in DHCP Pool Network Configuration mode or in DHCP Pool Host Configuration mode. To disable auto default router, use the no form of this command. Syntax auto-default-router no auto-default-router Parameters Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Configuration mode. To delete the boot image file name, use the no form of this command. Syntax filename bootfile no bootfile Parameters • filename —Specifies the file name used as a boot image. (Length: 1–128 characters). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Typically, the address supplied denotes the client IP address. If the asterisk (*) character is specified as the address parameter, DHCP clears all dynamic bindings. Use the no ip dhcp pool Global Configuration mode command to delete a manual binding. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Command Mode DHCP Pool Host Configuration mode Default Configuration No client name is defined. Example The following example defines the string client1 as the client name. switchxxxxxx(config-dhcp)# client-name client1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DHCP client is directly connected. IP Routing is enabled. Default router was required by the client. Example The following example specifies 10.12.1.99 as the default router IP address. switchxxxxxx(config-dhcp)# 10.12.1.99 default-router Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If DNS IP servers are not configured for a DHCP client, the client cannot correlate host names to IP addresses. Example The following example specifies 10.12.1.99 as the client domain name server IP address. switchxxxxxx(config-dhcp)# dns-server 10.12.1.99 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To specify IP addresses that a DHCP server must not assign to DHCP clients, use the ip dhcp excluded-address command in Global Configuration mode. To remove the excluded IP addresses, use the no form of this command. Syntax low-address high-address ip dhcp excluded-address Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Host Configuration mode, use the ip dhcp pool host command in Global Configuration mode. To remove the address pool, use the no form of this command. Syntax name ip dhcp pool host name no ip dhcp pool host Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Network Configuration mode, use the ip dhcp pool network command in Global Configuration mode. To remove the address pool, use the no form of this command. Syntax name ip dhcp pool network name no ip dhcp pool network Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To disable the DHCP server, use the no form of this command. Syntax ip dhcp server no ip dhcp server Default Configuration The DHCP server is disabled. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• infinite—Specifies that the duration of the lease is unlimited. Default Configuration The default lease duration is 1 day. Command Mode DHCP Pool Network Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • ip-address ip-address2 ip-address8 ]—Specifies the IP addresses of NetBIOS WINS name servers. Up to eight addresses can be specified in one command line. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DHCP Pool Network Configuration mode DHCP Pool Host Configuration mode User Guidelines The client will connect, using the SCP/TFTP protocol, to this server in order to download the configuration file. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The client will connect, using the SCP/TFTP protocol, to this server in order to download the configuration file. Example The following example specifies www.bootserver.com as the name of the next server in the boot process of a DHCP client. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Each byte can be separated by a period, colon, or white space. • hex none—Specifies the zero-length hexadecimal string. • text description —User description Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 308
Enable/Disable Option" Example 2. The following example configures DHCP option 2, which specifies the offset of the client in seconds from Coordinated Universal Time (UTC): switchxxxxxx(config-dhcp)# option integer 3600 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the allocated address or all the allocated addresses on the DHCP server, use the show ip dhcp allocated command in User EXEC mode. Syntax ip-address show ip dhcp allocated [ Parameters • ip-address —(Optional) Specifies the IP address. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 310
172.16.3.254 DHCP server enabled The number of allocated entries is 2 IP address Hardware address Lease expiration Type ---------- ---------------- -------------------- ------- 172.16.3.254 02c7.f800.0422 Infinite Static Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The number of used (all types) entries is 6 The number of pre-allocated entries is 1 The number of allocated entries is 1 The number of expired entries is 1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 312
Server. Client Identifier The MAC address or client identifier of the host as recorded on the DHCP Server. Lease The lease expiration date of the host IP address. expiration Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The number of declined entries is 2 IP address Hardware address 172.16.1.11 00a0.9802.32de 172.16.3.254 02c7.f800.0422 switchxxxxxx# show ip dhcp declined 172.16.1.11 DHCP server enabled The number of declined entries is 2 IP address Hardware address Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DHCP server, use the show ip dhcp expired command in User EXEC mode. Syntax ip-address show ip dhcp expired [ Parameters • ip-address —(Optional) Specifies the IP. Command Mode User EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1—The following example displays configuration of all DHCP network pools: switchxxxxxx# show ip dhcp pool network The number of network pools is 2 Name Address range mask Lease ---------------------------------------------------- marketing 10.1.1.17-10.1.1.178 255.255.255.0 0d:12h:0m Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IP address Hardware address 172.16.1.11 00a0.9802.32de 172.16.3.254 02c7.f800.0422 switchxxxxxx# show ip dhcp pre-allocated 172.16.1.11 DHCP server enabled The number of pre-allocated entries is 1 IP address Hardware address 172.16.1.15 00a0.9802.32de Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To specify the time servers list for a DHCP client, use the time-server command in DHCP Pool Network Configuration mode or in DHCP Pool Host Configuration mode. To remove the time servers list, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 321
The time server’s IP address should be on the same subnet as the client subnet. Example The following example specifies 10.12.1.99 as the time server IP address. switchxxxxxx(config-dhcp)# time-server 10.12.1.99 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN is enabled by using the ip dhcp snooping vlan Global Configuration mode command. Example The following example enables DHCP Snooping on the device. switchxxxxxx(config)# ip dhcp snooping Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ip dhcp snooping trust Interface Configuration (Ethernet, Port-channel) mode command to configure a port as trusted for DHCP snooping purposes. Use the no form of this command to restore the default configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of this command to drop these packets from an untrusted port. Syntax ip dhcp snooping information option allowed-untrusted no ip dhcp snooping information option allowed-untrusted Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The switch verifies that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address in the packet. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To ensure that the lease time in the database is accurate, the Simple Network Time Protocol (SNTP) must be enabled and configured. The device writes binding changes to the binding database file only if the device system clock is synchronized with SNTP. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the time interval, in seconds, after which the binding entry is no longer valid. (Range: 10–4294967294). infinite—Specifies infinite lease time. Default Configuration No static binding exists. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DHCP snooping is configured on following VLANs: 21 DHCP snooping database is Enabled Relay agent Information option 82 is Enabled Option 82 on untrusted port is allowed Verification of hwaddr field is Enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies a VLAN ID. • interface-id —Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Command Mode User EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of this command to disable IP Source Guard on the device or on an interface. Syntax ip source-guard no ip source-guard Parameters Default Configuration IP Source Guard is disabled. Command Mode Interface (Ethernet, Port Channel) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Default Configuration No static binding exists. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the retries frequency in seconds. (Range: 10–600) • never—Disables automatic searching for TCAM resources. Default Configuration The default retries frequency is 60 seconds. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Since the IP Source Guard uses the Ternary Content Addressable Memory (TCAM) resources, there may be situations when IP Source Guard addresses are inactive because of a lack of TCAM resources. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[i Parameters • interface-id —Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Command Mode User EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies a VLAN ID. • interface-id —Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Command Mode User EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
TCAM space. Use the ip source-guard tcam locate command to manually retry locating TCAM resources for the inactive IP Source Guard addresses. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Display the statistics on this VLAN. Command Mode User EXEC mode Example switchxxxxxx# show ip source-guard statistics VLAN Statically Permitted Stations DHCP Snooping Permitted Stations ---- ------------------------------- -------------------------------- Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ip arp inspection vlan Global Configuration mode command to enable ARP inspection on a VLAN, based on the DHCP Snooping database. Use the no form of this command to disable ARP inspection on a VLAN. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Address Resolution Protocol (ARP) packets are inspected. Use the no form of this command to restore the default configuration. Syntax ip arp inspection trust no ip arp inspection trust Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Address Resolution Protocol (ARP) inspection. Use the no form of this command to restore the default configuration. Syntax ip arp inspection validate no ip arp inspection validate Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
ARP binding list and enters the ARP list configuration mode. Use the no form of this command to delete the list. Syntax ip arp inspection list create name no ip arp inspection list create name Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the IP address to be entered to the list. • mac-address —Specifies the MAC address associated with the IP address. Default Configuration No static ARP binding is defined. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
No static ARP binding list assignment exists. Command Mode Global Configuration mode Example The following example assigns the static ARP binding list Servers to VLAN 37. switchxxxxxx(config)# 37 servers ip arp inspection list assign Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show ip arp inspection EXEC mode command to display the ARP inspection configuration for all interfaces or for a specific interface. Syntax interface-id show ip arp inspection [ Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show ip arp inspection list Privileged EXEC mode command to display the static ARP binding list. Syntax show ip arp inspection list Parameters Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(for example, Domain Name System [DNS] servers). Example The following example restarts the DHCP for IPv6 client on VLAN 100: switchxxxxxx# clear ipv6 dhcp client vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the infinite keyword, to prevent refresh, if the server does not send an information refresh time option. Example The following example configures an upper limit of 2 days: switchxxxxxx(config)# interface vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command may be configured in the following situations: • In unstable environments where unexpected changes are likely to occur. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters This command has no arguments or keywords. Default Configuration Information request is disabled on an interface. Command Mode Interface Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 353
DHCPv6 client and relay functions are mutually exclusive on an interface. Example The following example enables the Stateless service: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ipv6 dhcp client stateless switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
RFC3315) with the Base MAC Address as a Link-layer Address. Use this command to change the DUID format to the Vendor Based on Enterprise Number. Examples Example 1. The following sets the DIID-EN format: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If this argument is configured, client messages are forwarded to the well-known link-local Multicast address All_DHCP_Relay_Agents_and_Servers (FF02::1:2) through the link to which the output interface is connected. Default Configuration There is no globally-defined relay destination. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 356
FE80::1:2 vlan 200 Example 2. The following example sets that client messages are forwarded to VLAN 200: switchxxxxxx(config)# ipv6 dhcp relay destination vlan 200 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Multicast address All_DHCP_Relay_Agents_and_Servers (FF02::1:2) through the link to which the output interface is connected. Default Configuration The relay function is disabled, and there is no relay destination on an interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 358
By default, the relay function is disabled, and there is no relay destination on an interface. Use the no form of the command with arguments to remove a specific address. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 359
100 ipv6 dhcp relay destination 3002::1:2 switchxxxxxx(config-if)# exit switchxxxxxx(config-if)# Example 4. The following example enables DHCPv6 relay on VLAN 100: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ipv6 dhcp relay destination Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1. The following is sample output from this command when the switch’s DUID format is vendor based on enterprise number: switchxxxxxx# show ipv6 dhcp The switch’s DHCPv6 unique identifier(DUID)is 0002000000090CC084D303000912 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 361
The switch’s DHCPv6 unique identifier(DUID)is 000300010024012607AA Format: 3 Hardware type: 1 MAC Address: 0024.0126.07AA Relay Destinations: 2001:001:250:A2FF:FEBF:A056 2001:1001:250:A2FF:FEBF:A056 2001:1011:250:A2FF:FEBF:A056 via VLAN 100 FE80::250:A2FF:FEBF:A056 via VLAN 100 FE80::250:A2FF:FEBF:A056 via VLAN 200 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Reconfigure service is enabled Information Refresh Minimum Time: 600 seconds Information Refresh Time: 86400 seconds Received Information Refresh Time: 3600 seconds Remain Information Refresh Time: 411 seconds DHCP server: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 363
Remain Information Refresh Time: 0 seconds VLAN 1010 is in relay mode DHCP Operational mode is enabled Relay source interface: VLAN 101 Relay destinations: 2001:001:250:A2FF:FEBF:A056 FE80::250:A2FF:FEBF:A056 via FastEthernet 1/0/10 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To define a static hostname-to-address mappings in the DNS hostname cache, use the ip host command. To delete a static hostname-to-address mappings in the DNS hostname cache, use the no ip host command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters Default Configuration Enabled. Command Mode Global Configuration mode Example The following example enables DNS-based host name-to-address translation. switchxxxxxx(config)# ip domain lookup Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(.) is used to separate labels. The maximum size of each domain level is 63 characters. The maximum name size is 158 bytes. Example The following example defines the default domain name as ‘www.website.com’. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DNS Request messages for the IP address using the polling interval. Example The following example shows how to configure the polling interval of 100 seconds: switchxxxxxx(config)# ip domain polling-interval 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
15.6 ip domain timeout Use the ip domain timeout command in Global Configuration mode to specify the amount of time to wait for a response to a DNS query. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ip host Global Configuration mode command to define the static host name-to-address mapping in the DNS host name cache. Use the no form of this command to remove the static host name-to-address mapping. Syntax hostname address1 address2...address8 ip host Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 370
The entry is deleted if all its addresses are deleted. Example The following example defines a static host name-to-address mapping in the host cache. switchxxxxxx(config)# accounting.website.com 176.10.23.1 ip host Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(if one existed). Example The following example shows how to specify IPv4 hosts 172.16.1.111, 172.16.1.2, and IPv6 host 2001:0DB8::3 as the name servers: switchxxxxxx(config)# ip name-server 172.16.1.111 172.16.1.2 2001:0DB8::3 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following is sample output with no parameters specified: switchxxxxxx# show hosts Name/address lookup is enabled Domain Timeout: 3 seconds Domain Retry: 4 times Domain Polling Interval: 10 seconds Default Domain Table Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If auto-negotiation is not enabled on the port and its speed is less than 1 Giga, the EEE operational status is disabled. Example switchxxxxxx(config)# eee enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable EEE support by LLDP on an Ethernet port, use the eee lldp enable Interface Configuration command. To disable the support, use the no format of the command. Syntax eee lldp enable no eee lldp enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
16.4 show eee Use the show eee EXEC command to display EEE information. Syntax [interface-id] show eee Parameters interface-id—(Optional) Specify an Ethernet port. Defaults None Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 377
Example 3 - The following is the information displayed when the port is in status DOWN. switchxxxxxx# show eee gi11 Port Status: DOWN EEE capabilities: Speed 10M: EEE not supported Speed 100M: EEE supported Speed : EEE supported Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 378
Current port speed: 1000Mbps EEE Remote status: disabled EEE Administrate status: enabled EEE Operational status: disabled (neighbor does not support) EEE LLDP Administrate status: enabled EEE LLDP Operational status: disabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 380
Example 9 - The following is the information displayed when EEE is running on the port, EEE LLDP is enabled but not synchronized with the remote link partner. switchxxxxxx# show eee gi14 Port Status: up EEE capabilities: Speed 10M: EEE not supported Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
17.3 shutdown To disable an interface, use the shutdown Interface Configuration mode command. To restart a disabled interface, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 385
If the switch shuts down a port channel it additionally shuts down all ports of the port channel too. Examples Example 1—The following example disables gi14 operations. switchxxxxxx(config)# interface gi14 switchxxxxxx(config-if)# shutdown switchxxxxxx(config-if)# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To control the time that the port is up, use the operation time Interface (Ethernet, Port Channel) Configuration mode command. To cancel the time range for the port operation time, use the no form of this command. Syntax time-range-name operation time Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
17.5 description To add a description to an interface, use the description Interface (Ethernet, Port Channel) Configuration mode command. To remove the description, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To restore the default configuration, use the no form of this command. Syntax speed {10 1000 } no speed Parameters • 10—Forces10 Mbps operation • 100—Forces 100 Mbps operation Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration The default setting is Auto. Command Mode Interface (Ethernet) Configuration mode Example The following example enables automatic crossover on port gi11. switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# mdix auto Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
17.12 port jumbo-frame To enable jumbo frames on the device, use the port jumbo-frame Global Configuration mode command. To disable jumbo frames, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode command. Use the no form of this command to restore the default configuration. Syntax link-flap prevention {enable | disable} no link-flap prevention Parameters enable—Enables Link-flap Prevention. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example enables link-flap prevention on the device. switchxxxxxx(config)# link-flap prevention 17.14 clear counters To clear counters on all or on a specific interface, use the clear counters Privileged EXEC mode command. Syntax [interface-id] clear counters Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Ethernet port or port-channel. Command Mode Privileged EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active, but were shut down by the system. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
UDLD Shutdown state. • storm-control—Enables the error recovery mechanism for the Storm Control Shutdown state. • link-flap—Enables the error recovery mechanism for the link-flap prevention Err-Disable state. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• link-flap—Reactivate all interfaces in the link-flap prevention Err-Disable state. • interface-id— interface Reactivate interfaces that were configured to be active, but were shut down by the system. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Privileged EXEC mode command. Syntax [interface-id | detailed show interfaces configuration Parameters • interface-id—(Optional) Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 401
State ------ ------ ----- -------- ------- ----- Disabled switchxxxxxx# show interfaces configuration Port Type Speed Flow Cont ------ ---- ----------- ----- ------- ---- 10G-Fiber 10000 10G-Fiber 10000 10G-Fiber 10000 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Link Back Mdix Port Type Duplex Speed Neg ctrl State Pressure Mode ------ --------- ------ ----- -------- ---- ------ -------- -- gi11 1G-Copper Full 1000 Disabled Off Disabled Off Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Displays information for non-present ports in addition to present ports. Default Configuration Display for all interfaces. If detailed is not used, only present ports are displayed. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Auto negotiation: disabled. 17.22 show interfaces description To display the description for all configured interfaces or for a specific interface, use the show interfaces description Privileged EXEC mode command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
----------- Output 17.23 show interfaces counters To display traffic seen by all the physical interfaces or by a specific interface, use the show interfaces counters Privileged EXEC mode command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 407
Ethernet Configuration Commands Carrier Sense Errors: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Symbol Errors: 0 Received Pause Frames: 0 Transmitted Pause Frames: 0 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 408
Number of frames received that exceed the maximum permitted frame size. Internal MAC Rx Errors Number of frames for which reception fails due to an internal MAC sublayer receive error. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Privileged EXEC mode Example The following example displays whether jumbo frames are enabled on the device. switchxxxxxx# show ports jumbo-frame Jumbo frames are disabled Jumbo frames will be enabled after reset Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the Err-Disable configuration of the device, use the show errdisable recovery Privileged EXEC mode command. Syntax show errdisable recovery Parameters This command has no arguments or keywords Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
17.27 show errdisable interfaces To display the Err-Disable state of all interfaces or of a specific interface, use the show errdisable interfaces Privileged EXEC mode command. Syntax [interface-id] show errdisable interfaces Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters interface-id-list—(Optional) Specifies a list of interface ID. The interface ID can be one of the following types: Ethernet port or port-channel. Default Configuration All monitored statistics are cleared. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—last 12 samples, sampled every 7 days (midnight saturday to midnight saturday according to system time). • utilization —shows per time frame the utilization calculated. • rx —shows received counters statistics. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 414
Weeks Rx/TX utilization utilization utilization utilization ------------ ----------- ----------- ----------- --------- gi11 Example 2—The following example displays monitored Tx statistics gathered in minutes time frame seen by interface gi11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 415
Time Unicast frames Broadcast frames Multicast frames Good Sent Sent Sent Octet Sent ---------- -------------- ----------- ----------- ------- 04:22:00(~) 04:23:00 (~) Not all samples are available. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 416
Number of frames received that are an Received integral number of octets in length but do not pass the FCS check. Rx Utilization Utilization in percentage for Received frames on the interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 417
Description Tx Utilization Utilization in percentage for Sent frames on the interface. Rx/Tx Utilization An average of the Rx Utilization and the Tx Utilization in percentage on the interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
< > ::= string up to 63 characters Filenames and directory names consist only of characters from the portable filename character set. The set includes the following characters: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 419
URL alias specifies the Startup Configuration File. This file has the following permissions: readable • localization. The predefined URL alias specifies the Secondary Language Dictionary file. This file has the following permissions: readable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 420
Example 3. The following example specifies a file on TFTP server using a DNS name: tftp://files.export.com/aaa/dat/file.txt Example 4. The following example specifies a file on FLASH: flash://aaa/dat/file.txt Example 5. The following example specifies files using the current directory: ./dat/file.txt Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The system files are divided to the following groups: • Inner System files. The files are created by the switch itself. For example the Syslog file. • Files installed/Uninstalled by user. This group includes the following files: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 422
Mirror Configuration files. • flash://system/localization/—The directory contains the Secondary Language Dictionary file. • flash://system/syslog/—The directory contains the Syslog file. • flash://system/applications/—The directory contains inner system files managed by the switch applications. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Configuration file is deleted. Use the boot config running-config command to install Startup Configuration from Running Configuration. Use the boot config mirror-config command to install Startup Configuration from the Mirror Configuration file. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To install a file as the Secondary Language Dictionary file, use the boot localization command in Privileged EXEC mode. To return to the default, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 425
Example 1. The following example installs the Secondary Language Dictionary file from a TFTP server: switchxxxxxx(config)# boot localization tftp://196.1.1.1/web-dictionaries/germany-dictionary.dat Example 2. The following example installs the Secondary Language Dictionary file from FLASH: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the boot system inactive-image command to set the inactive image as active one and the active image as inactive one. Use the show bootvar / show version command to display information about the active and inactive images. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 427
User EXEC mode User Guidelines When a terminal session is started the current directory of the session is set to flash://. Use the cd command to change the current directory. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[exclude | include-encrypted | include-plaintext] src-url copy running-config copy running-config startup-config Parameters • src-url —The location URL of the source file to be copied. The predefined URL aliases can be configured. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 429
Example Example 1. The following example copies file file1 from the TFTP server 172.16.101.101 to the flash://aaaa/file1 file: switchxxxxxx# copy tftp://172.16.101.101/file1 flash://aaa/file1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To delete a local file, use the delete command in Privileged EXEC mode. Syntax delete delete startup-config delete localization Parameters • —Specifies the local URL of the local file to be deleted. The predefined and network URLs cannot be configured. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• —Specifies the local URL of the directory to be displayed. The predefined and network URLs cannot be configured. If the argument is omitted the current directory is used. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Nov 29 2010 7:12:30 image1 -rw- 2014 Nov 20 2010 9:12:30 data 18.10 mkdir To create a new directory, use the mkdir command in Privileged EXEC mode. Syntax mkdir Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the contents of a file, use the more command in User EXEC mode. Syntax more Parameters • —Specifies the local URL or predefined file name of the file to display. Command Mode User EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To show the current directory, use the pwd command in User EXEC mode. Syntax pwd [usb: I flash:] Parameters • usb:—Display the current directory on the USB driver. • flash:—Display the current directory on the FLASH driver. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • —Schedules a reload of the image to take effect in the specified minutes or hours and minutes. The reload must take place within approximately 24 days. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 436
Use the reload cancel command to cancel the scheduled reload. To display information about a scheduled reload, use the show reload command. Example Example 1. The following example reloads the switch: switchxxxxxx# reload Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 5. The following example cancels a reload. switchxxxxxx# reload cancel Reload cancelled. 18.14 rename To rename a local file or directory, use the rename command in Privileged EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 438
./text1sav.txt Example 2. The following example renames the flash://a/b directory to the flash://e/g/h directory: switchxxxxxx# pwd flash://a/b/c/d switchxxxxxx> dir flash://a Permissions • d-directory • r-readable • w-writable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 439
134560K of 520000K are free Directory of flash://mng/ File Name Permission File Size Last Modified --------- ---------- --------- -------------------- switchxxxxxx> dir flash://e/g/h Permissions • d-directory • r-readable • w-writable • x-executable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1. The following example removes the directory called ‘backup/config/’ from FLASH: switchxxxxxx# rmdir flash://backup/config/ Remove flash://backup/config? [Y/N]Y Example 2. The following example removes the directory called ‘aaa/config’ from the mass-storage device connected to the USB port: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1 - The following example disables the mirror-configuration service: no service mirror-configuration switchxxxxxx(config)# This operation will delete the mirror-config file if exists. Do you want to continue? (Y/N) [N] Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example Example 1. The following example gives an example of the command output after reload: switchxxxxxx# show bootvar Active-image: flash://system/images/image_v12-03.ros Version: 12.03 MD5 Digest: 23FA000012857D8855AABC7577AB5562 Date: 04-Jul-2014 Time: 15:03:07 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 443
Example 3. This example continues the inactive one, after a system reload: switchxxxxxx# show bootvar Active-image: flash://system/images/image_v14-01.ros Version: 14.01 MD5 Digest: 23FA000012857D8855AABC7577AB5562 Date: 24-Jul-2014 Time: 23:11:17 Inactive-image: flash://system/images/image_v12-03.ros Version: 12.03 MD5 Digest: 6 3FA000012857D8855AABEA7451265456 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 444
Example 5. This example continues the inactive one, after a system reload: switchxxxxxx# show bootvar Active-image: flash://system/images/image_v12-03.ros Version: 12.03 MD5 Digest: 6 3FA000012857D8855AABEA7451265456 Date: 04-Jul-2014 Time: 15:03:07 Inactive-image: flash://system/images/_image_v12-03.ros Version: 12.03 MD5 Digest: 6 3FA000012857D8855AABEA7451265456 Date: 04-Jul-2014 Time: 15:03:07 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 445
MD5 Digest: 23FA000012857D8855AABC7577AB5562 Date: 24-Jul-2014 Time: 23:11:17 Active after reboot switchxxxxxx# boot system tftp://1.1.1.1/image_v14-04.ros switchxxxxxx# show bootvar Active-image: flash://system/images/image_v12-03.ros Version: 12.03 MD5 Digest: 6 3FA000012857D8855AABEA7451265456 Date: 04-Jul-2014 Time: 15:03:07 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
User EXEC mode. Syntax show mirror-configuration service Command Mode User EXEC mode Example The following example displays the status of the mirror-configuration service switchxxxxxx# show mirror-configuration service Mirror-configuration service is enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
No scheduled reload 18.20 show running-config To display the contents of the currently running configuration file, use the show running-config command in Privileged EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 449
/ R750_NIK_1_2_584_002 CLI v1.0 file SSD indicator encrypted ssd-control-start ssd config ssd file passphrase control unrestricted no ssd file integrity control ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 no spanning-tree interface range gi11-4 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Ethernet port or Port-channel. Default Configuration All GVRP statistics are cleared. Command Mode Privileged EXEC mode Example The following example clears all GVRP statistical information on switchxxxxxx# clear gvrp statistics gi14 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable GVRP on an interface, use the gvrp enable Interface (Ethernet, Port Channel) Configuration mode command. To disable GVRP on an interface, use the no form of this command. Syntax gvrp enable no gvrp enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To allow dynamic registration of VLANs on a port, use the no form of this command. Syntax gvrp registration-forbid no gvrp registration-forbid Parameters This command has no arguments or keywords. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters This command has no arguments or keywords. Default Configuration Enabled. Command Mode Interface (Ethernet, Port Channel) Configuration mode Example The following example disables dynamic VLAN creation on Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
: Leave All Received sJE : Join Empty Sent sJIn: Join In Sent sEmp: Empty Sent sLIn: Leave In Sent sLE : Leave Empty Sent sLA : Leave All Sent Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the green-ethernet energy-detect Interface configuration mode command to enable Green Ethernet-Energy-Detect mode on a port. Use the no form of this command, to disable it on a port. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the green-ethernet short-reach Global Configuration mode command to enable Green-Ethernet Short-Reach mode globally. Use the no form of this command to disabled it. Syntax green-ethernet short-reach no green-ethernet short-reach Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The VCT length check can be performed only on a copper port operating at a speed of 1000 Mbps. If the media is not copper or the link speed is not 1000, Mbps Short-Reach mode is not applied. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration None Command Mode Privileged EXEC mode Example green-ethernet power-meter reset switchxxxxxx# 20.6 show green-ethernet To display green-ethernet configuration and information, use the show green-ethernet Privileged EXEC mode command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 465
If there are a several reasons, then only the highest priority reason is displayed. Energy-Detect Non-Operational Reasons Priority Reason Description Port is not present Link Type is not supported (fiber, auto media select) Port Link is up – NA Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example clears the counters for VLAN 100: switchxxxxxx# clear ip igmp counters vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
3 switchxxxxxx(config-if)# exit 21.3 ip igmp last-member-query-interval To configure the Internet Group Management Protocol (IGMP) last member query interval, use the ip igmp last-member-query-interval command in Interface Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Management Protocol (IGMP) host-query messages from an interface, use the ip igmp query-interval command in Interface Configuration mode. To restore the default IGMP query interval, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To configure the maximum response time advertised in Internet Group Management Protocol (IGMP) queries, use the ip igmp query-max-response-time command in Interface Configuration mode. To restore the default value, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 471
Therefore, the hosts must know to respond faster than 10 seconds (or the value you configure). Example The following example configures a maximum response time of 8 seconds: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ip igmp query-max-response-time 8 switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To configure which version of Internet Group Management Protocol (IGMP) the router uses, use the ip igmp version command in Interface Configuration mode. To restore the default value, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
21.8 show ip igmp counters To display the Internet Group Management Protocol (IGMP) traffic counters, use the show ip igmp counters command in User EXEC mode. Syntax interface-id show ip igmp counters [ Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the multicast groups that are directly connected to the router and that were learned through Internet Group Management Protocol (IGMP), use the show ip igmp groups command in User EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 475
IGMP Connected Group Membership Expires: never - switch itself has joined the group Group Address Interface Expires 224.1.1.1 VLAN 100 00:01:30 224.10.12.79 VLAN 100 never 225.1.1.1 VLAN 100 00:00:27 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the number of (*, G) and (S, G) membership reports present in the Internet Group Management Protocol (IGMP) cache, use the show ip igmp groups summary command in User EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
No. of (S,G) routes = 0—Displays the number of include and exclude mode sources present in the IGMP cache. 21.11 show ip igmp interface To display multicast-related information about an interface, use the show ip igmp interface command in User EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 478
Administrative IGMP max query response time is 10 seconds Operational IGMP max query response time is 10 seconds Administrative Last member query response interval is 1000 milliseconds Operational Last member query response interval is 1000 milliseconds Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Examples Example 1. The following example adds a downstream interface to an IGMP Proxy process with vlan 200 as its Upstream interface: switchxxxxxx(config)# interface vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command has no arguments or keywords. Default Configuration Forwarding from downstream interfaces is allowed. Command Mode Global Configuration mode User Guidelines Use the ip igmp-proxy downstream protected command to block forwarding from downstream interfaces. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ip igmp-proxy downstream protected interface disabled command to block forwarding from the given downstream interface. Use the ip igmp-proxy downstream protected interface enabled command to allow forwarding from the given downstream interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the standard IP access list name defining the SSM range. Default Configuration The command is disabled. Command Mode Global Configuration mode User Guidelines A new ip igmp-proxy ssm command overrides the previous ip igmp-proxy ssm command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IGMP Proxy is enabled or to display the IGMP Proxy configuration for a given interface. Examples Example 1. The following example displays IGMP Proxy status on all interfaces where the IGMP Proxy is enabled: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 484
IGMP Proxy is enabled Global Downdtream interfaces protection is disabled SSM Access List Name: IP Multicast Tarffic Discarding from Downdtream interfaces is disabled vlan 100 is a Upstream interface Downstream interfaces: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 485
IGMP Proxy is disabled: switchxxxxxx# show ip igmp-proxy interface vlan 1 IP Forwarding is enabled IP Multicast Routing is enabled IGMP Proxy is disabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable IGMP snooping on a specific VLAN, use the ip igmp snooping vlan command in Global Configuration mode. To return to the default, use the no form of this command. Syntax vlan-id ip igmp snooping vlan Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • vlan-id —Specifies the VLAN. • interface-list —Specifies the list of interfaces. The interfaces can be one of the following types: Ethernet port or Port-channel. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the VLAN. • interface-list —Specifies a list of interfaces. The interfaces can be of one of the following types: Ethernet port or Port-channel. Default Configuration No ports defined. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Specifies a list of interfaces. The interfaces can be of one of the following types: Ethernet port or Port-channel. Default Configuration No Multicast addresses are defined. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Multicast IP address • count number —(Optional) Configures multiple contiguous Multicast IP addresses. If not specified, the default is 1. (Range: 1–256) Default Configuration No Multicast IP address is associated. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters Default Configuration Enabled Command Mode Global Configuration mode User Guidelines To run the IGMP Snooping querier on a VLAN, you have enable it globally and on the VLAN. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The IGMP Snooping querier can be enabled on a VLAN only if IGMP Snooping is enabled for that VLAN. Example The following example enables the IGMP Snooping querier on VLAN 1: switchxxxxxx(config)# ip igmp snooping vlan 1 querier Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable IGMP Querier election mechanism of an IGMP Snooping querier on a specific VLAN, use the ip igmp snooping vlan querier election command in Global Configuration mode. To disable Querier election mechanism, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 496
It is recommended to disable IGMP Querier election mechanism if there is an IPM Multicast router on the VLAN. Example The following example disables IGMP Snooping Querier election on VLAN 1: switchxxxxxx(config)# no ip igmp snooping vlan 1 querier election Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode command in Global Configuration mode. To return to the default, use the no form of this command. Syntax vlan-id ip igmp snooping vlan immediate-leave Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show ip igmp snooping groups command with parameters to see a needed subset of all Multicast groups learned by IGMP snooping To see the full Multicast address table (including static addresses), use the show bridge multicast address-table command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Specifies the VLAN ID. Command Mode User EXEC mode Example The following example displays information on dynamically learned Multicast router interfaces for VLAN 1000: switchxxxxxx# show ip igmp snooping mrouter interface 1000 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example displays the IP addresses associated with all Multicast TV VLANs. switchxxxxxx# show ip igmp snooping multicast-tv VLAN IP Address ---- ----------- 1000 239.255.0.0 1000 239.255.0.1 1000 239.255.0.2 1000 239.255.0.3 1000 239.255.0.4 1000 239.255.0.5 1000 239.255.0.6 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the network mask of the IP address. • prefix-length —Specifies the number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 8–30) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 505
1.1.1.1 255.0.0.0 ip address switchxxxxxx(config)# exit switchxxxxxx(config)# interface vlan switchxxxxxx(config-if)# ip address 1.2.1.1 255.255.0.0 switchxxxxxx(config)# This IP address overlaps IP address 1.1.1.1/8 on vlan1, are you sure? [Y/N]Y Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The default route (Default Gateway) received in DHCP Router option (Option 3) is assigned a metric of 8. Use the no form of the command to disable DHCP client on interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example renews an IP address on VLAN 19 that was acquired from a DHCP server: switchxxxxxx# renew dhcp vlan Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no ip default-gateway command to delete all default gateways. Example The following example defines default gateway 192.168.1.1. switchxxxxxx(config)# ip default-gateway 192.168.1.1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Enabled Valid 10.5.234.202/24 vlan 4 UP/DOWN Static disable Disabled Valid Example 2 - The following example displays the IP addresses configured on the given L2 interfaces and their types: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The software uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware (MAC) addresses. Because most hosts support dynamic address resolution, static ARP cache entries generally do not need to be specified. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The default ARP timeout is 60000 seconds, if IP Routing is enabled, and 300 seconds if IP Routing is disabled. Command Mode Global Configuration mode Example The following example configures the ARP timeout to 12000 seconds. switchxxxxxx(config)# arp timeout 12000 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
24.9 ip proxy-arp Use the ip proxy-arp Interface Configuration mode command to enable an ARP proxy on specific interfaces. Use the no form of this command disable it. Syntax ip proxy-arp Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the clear arp-cache Privileged EXEC mode command to delete all dynamic entries from the ARP cache. Syntax clear arp-cache Command Mode Privileged EXEC mode Example The following example deletes all dynamic entries from the ARP cache. switchxxxxxx# clear arp-cache Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Syntax ip-interface | address udp-port-list ip helper-address { all} ip-interface | address no ip helper-address { all} Parameters • ip-interface —Specifies the IP interface. • all—Specifies all IP interfaces. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 517
Forwarding of BOOTP/DHCP (ports 67, 68) cannot be enabled with this command. Use the DHCP relay commands to relay BOOTP/DHCP packets. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example displays the IP helper addresses configuration on the system: switchxxxxxx# show ip Interface Helper Address UDP Ports ------------ -------------- ------------------------ 192.168.1.1 172.16.8.8 37, 42, 49, 53, 137, 138 192.168.2.1 172.16.9.9 37, 49 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
ACL: • permit—The route specified by the set command Policy routing. • deny—The route specified by the IP Forwarding table (regular routing). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 522
20 switchxxxxxx(config-route-map)# match ip address access-list pr-acl2 switchxxxxxx(config-route-map)# set ip next-hop 50.1.1.1 switchxxxxxx(config-route-map)# exit switchxxxxxx(config)# interface vlan 1 switchxxxxxx(config-if)# ip policy route-map pbr switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
1.1.1.1 and re-enables the messages on IP interface 2.2.2.2: switchxxxxxx(config)# interface ip 1.1.1.1 switchxxxxxx(config-ip)# no ip redirects switchxxxxxx(config-ip)# exit switchxxxxxx(config)# interface ip 2.2.2.2 switchxxxxxx(config-ip)# ip redirects switchxxxxxx(config-ip)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no ip route comand with the parameter to remove only one static route to the given subnet via the given next hop. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
25.4 ip routing To enable IP routing, use the ip routing command in global configuration mode. To disable IP routing, use the no form of this command. Syntax ip routing Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—The value of the subnet mask. • longer-prefixes—Specifies that only routes matching the IP address and mask pair should be displayed. • connected—Displays connected routes. • icmp—Displays routes added by ICMP Direct. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 527
10.119.0.0/16 0.0.0.0 vlan2 C> 10.120.0.0/16 0.0.0.0 vlan3 Example 2. The following is sample output from the show ip route command when IP Routing is enabled: show ip route switchxxxxxx# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 528
Next Hop Status: Active VLAN 110 Route Map: BPR_20 Status: Not Active (VLAN 110 status is DOWN) ACL Name: ACLTCPHTTP Next Hop: 1.1.1.20 Next Hop Status: Active VLAN 200 Route Map: BPR_A0 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 529
Codes: > - best, C - connected, S - static Policy Routing VLAN 1 Route Map: BPR1 Status: Active ACL Name: ACLTCPHTTP Next Hop: 1.1.1.1 Next Hop Status: Active ACL Name: ACLTCPTELNET Next Hop: 2.2.2.2 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following is sample output from the show ip route summary command: switchxxxxxx# show ip route summary IP Routing Table Summary - 90 entries 35 connected, 25 static Number of prefixes: /16: 16, /18: 10, /22: 15, /24: 19 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 532
IP Routing Protocol-Independent Commands Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Timeout in milliseconds to wait for each reply, from 50 to 65535 milliseconds. The default is 2000 milliseconds (50–65535). • source-address source —Source address (Unicast IPv4 address or global Unicast IPv6 address). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 534
64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms ----10.1.1.1 PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 535
64 bytes from FF02::1: icmp_seq=1. time=0 ms 64 bytes from FF02::1: icmp_seq=1. time=70 ms 64 bytes from FF02::1: icmp_seq=2. time=0 ms 64 bytes from FF02::1: icmp_seq=1. time=1050 ms 64 bytes from FF02::1: icmp_seq=2. time=70 ms Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Specifies the decimal TCP port number. The default port is the SSH port (22). • keyword —Specifies the one or more keywords listed in the Keywords table in the User Guidelines. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 537
Telnet connection except that the connection is encrypted. With authentication and encryption, the SSH client allows for a secure communication over an insecure network. Only one SSH terminal connection can be active at the same time. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The telnet EXEC mode command logs on to a host that supports Telnet. Syntax telnet { ip-address hostname port keyword ...] Parameters • ip-address— Specifies the destination host IP address (IPv4 or IPv6). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 539
?/help A sample of this list follows. switchxxxxxx> /help [Special telnet escape help] ^^ B sends telnet BREAK ^^ C sends telnet IP Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 540
(UUCP) and other non-Telnet protocols. Ctrl-shift-6 x Returns to the System Command Prompt. Ports Table Keyword Description Port Number Border Gateway Protocol chargen Character generator Remote commands daytime Daytime discard Discard Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 541
Simple Mail Transport Protocol sunrpc Sun Remote Procedure Call syslog Syslog tacacs TAC Access Control System talk Talk telnet Telnet time Time uucp Unix-to-Unix Copy Program whois Nickname World Wide Web Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The default count is 3. (Range: 1–10) • time_out timeout —The number of seconds to wait for a response to a probe packet. The default is 3 seconds. (Range: 1–60) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To forward IPv4 Multicast packets on an interface, IPv4 Multicast forwarding must be enabled globally and an IPMv4 Routing protocol must be enabled on the interface. Example The following example enables IP Multicast routing using IGMP Proxy: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
TTL threshold value automatically become border routers. Example The following example sets the TTL threshold on a border router to 200: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ip multicast ttl-threshold 200 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IP Multicast routing table. “Expires” indicates per interface how long (in hours, minutes, and seconds) until the entry will be removed from the IP Multicast routing table. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 548
Example 2. The following is sample output from the show ip mroute command: show ip mroute switchxxxxxx# Timers: Uptime/Expires IP Multicast Routing Table (*, 224.0.255.3), 5:29:15/00:03:01 Incoming interface: vlan2 Outgoing interface list: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1. The following is sample output from the show ip multicast command without the interface keyword when no IP Multicast Routing protocol is enabled: show ip multicast switchxxxxxx# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 550
IGMP Proxy is enabled on the interface and the interface is an IGMP Proxy Downlink interface: show ip multicast interface vlan 100 switchxxxxxx# IP Unicast Forwarding: enabled IP Multicast Protocol: IGP Proxy vlan 200 TTL-threshold: 0 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 551
100 switchxxxxxx# IP Unicast Forwarding: enabled IP Multicast Protocol: IGMP Proxy vlan 200 IP Status: enabled hop-threshold: 100 IGMP Protocol: IGMPv3 IGMP Proxy: disabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 address based on an IPv6 general prefix and enable IPv6 processing on an interface. To remove the address from the interface, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 553
IPv6 addresses from an interface, including link local manually configured addresses. Example The following example defines the IPv6 global address 2001:DB8:2222:7272::72 on vlan 100: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ipv6 address 2001:DB8:2222:7272::72/64 switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Anycast address. Anycast addresses can be used only by a router, not a host, and Anycast addresses must not be used as the source address of an IPv6 packet. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Advertisement messages. To disable automatic configuration of IPv6 addresses and to remove the automatically configured address from the interface, use the no form of this command. Syntax ipv6 address autoconfig no ipv6 address autoconfig Parameters N/A. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
EUI-64 interface ID in the low order 64 bits of the address. To remove the address from the interface, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 557
64 then the following 64 bits are taken from the EUI-64 Interface ID. • prefix-length > 64 then the following (128- prefix-length ) bits are taken from prefix-length the last (64-( -64)) bits of the EUI-64 Interface ID. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
RFC4293 where the address is specified in hexadecimal using 16-bit values between colons. Default Configuration The default Link-local address is defined. Command Mode Interface Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • ipv6-address —Specifies the IPv6 address of an IPv6 router that can be used to reach a network. Default Configuration No default gateway is defined. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To disable IPv6 processing on an interface that has not been configured with an explicit IPv6 address, use the no form of this command. Syntax ipv6 enable no ipv6 enable Parameters N/A. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Syntax ipv6 hop-limit value no ipv6 hop-limit Parameters • value —Maximum number of hops. The acceptable range is from 1 to 255. Default Configuration The default is 64 hops. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
1 to 200. Default Configuration The default interval is 100ms and the default bucketsize is 10 i.e. 100 ICMP error messages per second. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Ipv6 link-local default zone Parameters • interface-id —Specifies the interface that is used as the egress interface for packets sent without a specified IPv6Z interface identifier or with the default 0 identifier. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ipv6 nd advertisement-interval command to indicate to a visiting mobile node the interval at which that node may expect to receive RAs. The node may use this information in its movement detection algorithm. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
0 to 600. Configuring a value of 0 disables duplicate address detection processing on the specified interface; a value of 1 configures a single transmission without follow-up transmissions. Default Configuration Command Mode Interface Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 566
SYSLOG message is issued. All configuration commands associated with the duplicate address remain as configured while the state of the address is set to DUPLICATE. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To return the hop limit to its default value, use the no form of this command. Syntax value ipv6 nd hop-limit no ipv6 nd hop-limit Parameters • value —Maximum number of hops. The acceptable range is from 1 to 255. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
“managed address configuration flag” in IPv6 router advertisements. To clear the flag from IPv6 router advertisements, use the no form of this command. Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Parameters N/A. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 neighbor solicitation retransmissions on an interface. To restore the default interval, use the no form of this command. Syntax milliseconds ipv6 nd ns-interval no ipv6 nd ns-interval Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Other Stateful configuration flag in IPv6 router advertisements. To clear the flag from IPv6 router advertisements, use the no form of this command. Syntax ipv6 nd other-config-flag no ipv6 nd other-config-flag Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ipv6 nd prefix command in Interface Configuration mode to configure which IPv6 prefixes are included in IPv6 Neighbor Discovery (ND) router advertisements. To remove the prefixes, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 572
(for example, because the prefix was also configured using the ipv6 address command), then it will be removed. • no-onlink—Configures the specified prefix as not on-link. The prefix will be advertised with the L-bit clear. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 573
Prefix table (changed (configured) by the ipv6 nd prefix command). • Advertise all prefixes configured by the ipv6 nd prefix command without the no-advertise keyword. Default Keyword Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 574
VLAN 1 with a valid lifetime of 1000 seconds and a preferred lifetime of 900 seconds. The prefix is inserted in the Routing table: switchxxxxxx(config)# interface vlan 1 switchxxxxxx(config-if)# ipv6 nd prefix 2001:0DB8::/35 1000 900 switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
User Guidelines The interval between transmissions should be less than or equal to the IPv6 router advertisement lifetime if you configure the route as a default router by using this Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • seconds —Remaining length of time, in seconds, that this router will continue to be useful as a default router (Router Lifetime value). A value of Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 router advertisement transmissions on an interface. To re-enable the sending of IPv6 router advertisement transmissions on an interface, use the no form of this command. Syntax ipv6 nd ra suppress no ipv6 nd ra suppress Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 578
Example 2. The following example enables the sending of IPv6 router advertisements on tunnel 1: switchxxxxxx(config)# interface tunnel 1 switchxxxxxx(config-if)# no ipv6 nd ra suppress switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
A value of 0 means indicates that the configured time is unspecified by this router. Example The following example configures an IPv6 reachable time of 1,700,000 milliseconds for VLAN 1: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
A DRP is useful when, for example, two routers on a link may provide equivalent, but not equal-cost, routing, and policy may dictate that hosts should prefer one of the routers. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Command Mode Global Configuration mode User Guidelines This command is similar to the command. Use the ipv6 neighbor command to add a static entry in the IPv6 neighbor discovery cache. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 582
Example 2. The following example deletes the static entry in the IPv6 neighbor discovery cache for a neighbor with the IPv6 address 2001:0DB8::45A and link-layer address 0002.7D1A.9472 on VLAN 1: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example disables the sending of ICMP IPv6 redirect messages on VLAN 100 and re-enables the messages on VLAN 2: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# no ipv6 redirects switchxxxxxx(config-if)# exit switchxxxxxx(config)# interface vlan 2 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Static route metric. Acceptable values are from 1 to 65535. The default value is 1. Default Configuration Static entries are not configured in the IPv6 neighbor discovery cache. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To disable the forwarding of IPv6 Unicast datagrams, use the no form of this command. Syntax ipv6 unicast-routing no ipv6 unicast-routing Parameters N/A. Default Configuration IPv6 Unicast routing is disabled. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If the switch receives a datagram that it cannot deliver to its ultimate destination because it knows of no route to the destination address, it replies to the originator of that datagram with an ICMP host unreachable message. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command also displays the parameters that IPv6 uses for operation on this interface and any configured features. If the interface’s hardware is usable, the interface is marked up. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 590
ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router maximum advertisement interval is 600 seconds ND router minimum advertisement interval is 198 seconds (DEFAULT) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 591
ND reachable time—Displays the neighbor discovery reachable time (in milliseconds) assigned to this interface. • ND advertised reachable time—Displays the neighbor discovery reachable time (in milliseconds) advertised on this interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 592
ND DAD is disabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 593
The type is manual or autoconfig. • Joined group address(es):—Indicates the Multicast groups to which this interface belongs. • —Maximum transmission unit of the interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 594
ISATAP Router DNS name is—The DNS name of the ISATAP Router Example 3. The following command with the brief keyword displays information about all interfaces that IPv6 is defined on: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 595
1 prefix IPv6 Prefix Advertisements VLAN 1 Codes: A - Address, P - Prefix is advertised, R is in Routing Table Code Prefix Flags Valid Lifetime Preferred Lifetime Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Link Local Default Zone is VLAN 1 Example 2. The following example displays the default zone when it is not defined: switchxxxxxx# show ipv6 link-local default zone Link Local Default Zone is not defined Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
16-bit values between colons. • ipv6-hostname —Specifies the IPv6 host name of the remote networking device. Default Configuration All IPv6 ND cache entries are listed. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 599
Age—Time (in minutes) since the address was confirmed to be reachable. A hyphen (-) indicates a static entry. • Link-layer Addr—MAC address. If the address is unknown, a hyphen (-) is displayed. • Interface—Interface which the neighbor is connected to. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• interface-id interface —Identifier of an interface. Default Configuration All IPv6 routing information for all active routing tables is displayed. Command Mode User EXEC mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 602
Status: Not Active (No IP interface on VLAN 100) ACL Name: ACLTCPHTTP Next Hop: 4214::10 Next Hop Status: Active VLAN 110 Route Map: BPR_20 Status: Not Active (VLAN 110 status is DOWN) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(the network portion of the address). A slash mark must precede the decimal value. • interface-id interface —Identifier of an interface. • detail—Specifies for invalid routes, the reason why the route is not valid. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 605
5000::/16, interface VLAN2, metric 1 * 5555::/16, via nexthop 4000::1, metric 1 5555::/16, via nexthop 9999::1, metric 1 * 5555::/16, via nexthop 4001:AF00::1, metric 1 * 6000::/16, via nexthop 2007::1, metric 1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 606
5000::/16, interface VLAN2, metric 1 Interface is down * 5555::/16, via nexthop 4000::1, metric 1 5555::/16, via nexthop 9999::1, metric 1 Route does not fully resolve * 5555::/16, via nexthop 4001:AF00::1, metric 1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
When a user-defined policy is attached to a port the default policy for that port is detached. If the user-define policy is detached from the port, the default policy is reattached. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN. If it is defined in a policy attached to a port in the VLAN, this value overrides the value in the policy attached to the VLAN. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Policy attached to port or port channel: the value configured in the policy attached to the VLAN. Policy attached to VLAN: global configured value. Command Mode Neighbor Binding Policy Configuration mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command clears port counters about packets handled by IPv6 First Hop Security. Use the interface keyword to clear all counters for the specific port. Use the command without keyword to clear all counters. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If the ndp keyword and the dhcp keyword is not defined, the entries are removed regardless their origin. If no keywords or arguments are entered, all dynamic entries are deleted. All keyword and argument combinations are allowed. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN. IPv6 DHCP Guard discards the following DHCPv6 messages sent by DHCPv6 servers/relays and received on ports configured as client: • ADVERTISE Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 First Hop Security. Default Configuration Policy attached to port or port channel: Value configured in the policy attached to the VLAN. Policy attached to VLAN: Perimeter. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To specify the role of the device attached to the port within an IPv6 ND Inspection policy, use the device-role command in ND Inspection Policy Configuration mode. To disable this function, use the no form of this command. Syntax device-role {host | router} Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 618
The following example defines an ND Inspection policy named policy 1 and configures the port role as router: switchxxxxxx(config)# ipv6 nd inspection policy policy1 switchxxxxxx(config-nd-inspection)# device-role router switchxxxxxx(config-nd-inspection)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example defines an RA Guard policy named policy 1 and configures the port role as router: switchxxxxxx(config)# ipv6 nd raguard policy policy1 switchxxxxxx(config-ra-guard)# device-role router Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN. If it is defined in a policy attached to a port in the VLAN, this value overrides the value in the policy attached to the VLAN. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration Policy attached to port or port channel: the value configured in the policy attached to the VLAN. Policy attached to VLAN: global configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable the DHCPv6 guard feature on a VLAN, use the ipv6 dhcp guard command in VLAN Configuration mode. To return to the default, use the no form of this command. Syntax ipv6 dhcp guard Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 623
100 switchxxxxxx(config-if)# ipv6 dhcp guard switchxxxxxx(config-if)# exit Example 2—The following example enables DHCPv6 Guard on VLANs 100-107: switchxxxxxx(config)# interface range vlan 100-107 switchxxxxxx(config-if-range)# ipv6 dhcp guard switchxxxxxx(config-if-range)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The set of rules that is applied to an input packet is built in the following way: • The rules, configured in the policy attached to the port on the VLAN on which the packet arrived are added to the set. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of the command to detach the current policy and to re-attach the default policy. The the no form of the command has no effect if the default policy was attached. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command defines the DHCPv6 Guard policy name, and places the router in DHCPv6 Guard Policy Configuration mode. The following commands can be configured in IPv6 DHCP Guard Policy Configuration mode: • device-role (IPv6 DHCP Guard) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Range 0-255. The value of the high boundary must be equal to or greater than the value of the low boundary. • value minimum —Advertised preference value is greater than or equal to the value argument. Range 0-255. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 630
Example 1—The following example defines a global minimum preference value of 10 and a global maximum preference value of 102 using two commands: switchxxxxxx(config)# ipv6 dhcp guard preference minimum 10 switchxxxxxx(config)# ipv6 dhcp guard preference maximum 102 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ipv6 first hop security command to enable IPv6 First Hop Security on a VLAN. Examples Example 1—The following example enables IPv6 First Hop Security on VLAN 100: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ipv6 first hop security Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLANs on the device on which IPv6 First Hop Security is enabled. Default Configuration The IPv6 First Hop Security default policy is applied. Command Mode Interface (Ethernet, Port Channel) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 633
Example 2—In the following example, the IPv6 First Hop Security policy policy1 is attached to the gi11 port and applied to VLANs 1-10 and 12-20: switchxxxxxx(config)# interface gi11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN Configuration mode. To return to the default, use the no form of this command. Syntax policy-name ipv6 first hop security attach-policy no ipv6 first hop security attach-policy Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To return to the default, use the no form of this command. Syntax ipv6 first hop security logging packet drop Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Syntax policy-name ipv6 first hop security policy policy-name no ipv6 first hop security policy Parameters • policy-name —The IPv6 First Hop Security policy name (up to 32 characters). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 637
You can define a policy using the ipv6 first hop security policy command multiple times. If an attached policy is removed, it is detached automatically before removing. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN Configuration mode. To return to the default, use the no form of this command. Syntax ipv6 nd inspection no ipv6 nd inspection Parameters Default Configuration ND Inspection on a VLAN is disabled. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To attach an ND Inspection policy to a specific port, use the ipv6 nd inspection attach-policy command in Interface Configuration mode. To return to the default, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 640
The rules, configured in the policy attached to the VLAN are added to the set if they have not been added. • The global rules are added to the set if they have not been added. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 641
1-10 switchxxxxxx(config-if)# ipv6 nd inspection attach-policy policy2 vlan 12-20 switchxxxxxx(config-if)# exit Example 4—In the following example, ND Inspection detaches policy policy1 from the gi11 port: switchxxxxxx(config)# interface gi11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The no form of the command does not have an effect if the default policy was attached. Example In the following example, the ND Inspection policy policy1 is attached to VLAN 100: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
ND Inspection policy commands are ignored. Example The following example enables the switch to drop messages with no or invalid options or an invalid signature: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Each policy of the same type (for example, ND Inspection policies) must have a unique name. Policies of different types can have a same policy name. The switch supports two predefined ND Inspection policies named: "vlan_default" and "port_default": Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 645
Example 2. The following example defines an ND Inspection policy as policy1 by a few steps: switchxxxxxx(config)# ipv6 nd inspection policy policy1 switchxxxxxx(config-nd-inspection)# drop-unsecure switchxxxxxx(config-nd-inspection)# exit switchxxxxxx(config)# ipv6 nd inspection policy policy1 switchxxxxxx(config-nd-inspection)# device-role router Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
User Guidelines This command specifies the minimum security level parameter value when the drop-unsecured feature is configured. This command has no effect if dropping of non secure messages is disabled. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
MAC address is checked against the link-layer address. Use this command to drop the packet if the link-layer address and the MAC addresses are different from each other. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(see the device-role command). RA Guard validates received RA messages based on an RA Guard policy attached to the source port. RA Guard is performed before ND inspection. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
. If the vlan keyword is not configured, the policy is applied to all VLANs on the device on which RA Guard policy is enabled. Default Configuration The RA Guard default policy is applied. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 650
Example 2—In the following example, the RA Guard policy policy1 is attached to the gi11 port and applied to VLANs 1-10 and 12-20: switchxxxxxx(config)# interface gi11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Verifies that the hop-count limit is lower than or equal to the value argument. Range 1-255. The value of the high boundary must be equal to or greater than the value of the low boundary. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 653
100 Example 2—The following example defines a minimum Cur Hop Limit value of 3 and a maximum Cur Hop Limit value of 100 using a single command: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example enables M flag verification that checks if the value of the flag is 0: switchxxxxxx(config)# ipv6 nd raguard managed-config-flag off Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example shows how the command enables O flag verification that checks if the value of the flag is 0: switchxxxxxx(config)# ipv6 nd raguard other-config-flag off Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The policies cannot be removed, but they can be changed. The no ipv6 nd raguard policy does not remove these policies, it only removes the policy configuration defined by the user. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 657
Example 2—The following example defines an RA Guard named policy1 using multiple steps: switchxxxxxx(config)# ipv6 nd raguard policy policy1 switchxxxxxx(config-ra-guard)# other-config-flag disable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• value minimum —Specifies the minimum allowed Advertised Default Router Preference value. The following values are acceptable: low, medium and high (see RFC4191). Default Configuration Verification is disabled. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 659
Example 2—The following example defines that only a value of medium is acceptable using a single command: switchxxxxxx(config)# ipv6 nd raguard router-preference minimum medium maximum medium Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
NDP messages. • How global IPv6 addresses, bound from NDP messages, are checked against the Neighbor Prefix table, if prefix validation is enabled: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 662
Example 3. The following example specifies that only stateless global IPv6 address binding from NDP can be applied switchxxxxxx(config)# ipv6 neighbor binding address-prefix-validation Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[vlan Parameters • ipv6-prefix prefix-length —IPv6 prefix. • vlan-id vlan —ID of the specified VLAN. • autoconfig—The prefix can be used for stateless configuration. Default Configuration No static prefix Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 664
100 2001:0DB8:101::/64 Example 3. The following example deletes all static entries defined on the specified VLAN: switchxxxxxx(config)# no ipv6 neighbor binding address-prefix vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If an address does not belong, it is not bound. Example The following example shows how to enable bound address validation against the Neighbor Prefix table: switchxxxxxx(config)# ipv6 neighbor binding address-prefix-validation Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The set of rules that is applied to an input packet is built in the following way: • The rules, configured in the policy attached to the port on the VLAN on which the packet arrived are added to the set. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of the command to return to detach the current policy and reattach the default policy. The no form of the command has no effect if the default policy was attached. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ipv6 neighbor binding lifetime command to change the default lifetime. Example The following example changes the lifetime for binding entries to 10 minutes: switchxxxxxx(config)# ipv6 neighbor binding lifetime 10 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Binding table overflow. Example The following example shows how to enable Binding table event logging: switchxxxxxx(config)# ipv6 neighbor binding logging Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example shows how to specify globally the maximum number of entries that can be inserted into the cache per MAC: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The policies cannot be removed, but they can be changed. The no ipv6 neighbor binding policy does not remove these policies, it only removes the policy configuration defined by the user. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 673
Example 2—The following example defines a Neighbor Binding policy named policy1 using multiple steps: switchxxxxxx(config)# ipv6 neighbor binding policy policy1 switchxxxxxx(config-nbr-binding)# device-role internal switchxxxxxx(config-nbr-binding)# exit switchxxxxxx(config)# ipv6 neighbor binding policy policy1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—ID of the specified VLAN. • interface interface-id —Adds static entries to the specified port. • mac-address —MAC address of the static entry. Default Configuration No static entry. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (VLAN) Configuration mode User Guidelines IPv6 Source Guard blocks an IPv6 data message arriving on a port if its source IPv6 address is bound to another port, or it is unknown. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—The IPv6 Source Guard policy name (up to 32 characters). Default Configuration The IPv6 Source Guard default policy is applied. Command Mode Interface (Ethernet, Port Channel) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 677
Example 2—In the following example IPv6 Source Guard detaches policy1 from the gi11 port: switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# no ipv6 source guard attach-policy switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The policy cannot be removed, but it can be changed. The no ipv6 source guard policy does not remove the policy, it only removes any policy configurations defined by the user. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Binding policy, use the logging binding command in Neighbor Binding Policy Configuration mode. To return to the default, use the no form of this command. Syntax logging binding [enable | disable] no logging binding Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 First Hop Security Policy Configuration mode. To return to the default, use the no form of this command. Syntax logging packet drop [enable | disable] no logging packet drop Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 RA Guard policy, use the managed-config-flag command in RA Guard Policy Configuration mode. To return to the default, use the no form of this command. Syntax managed-config-flag {on | off | disable} Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 RA Guard policy, use the match ra address command in RA Guard Policy Configuration mode. To return to the default, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
RA Guard configuration mode, matches the prefixes to the prefix list named list1, and the 2001:101::/64 prefixes and denies 2001:100::/64 prefixes: switchxxxxxx(config)# ipv6 nd raguard policy policy1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 DHCP Guard verifies the assigned IPv6 addresses to the configure prefix list passed in the IA_NA and IA_TA options of the following DHCPv6 messages sent by DHCPv6 servers/relays: • ADVERTISE • REPLY Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DHCPv6 Guard Policy Configuration mode. To return to the default, use the no form of this command. Syntax ipv6-prefix-list-name match server address {prefix-list } | disable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 687
Use the disable keyword to disable verification of the DHCP server's and relay’s IPv6 address. Example The following example defines a DHCPv6 Guard policy named policy1, places the switch in DHCPv6 Guard Policy Configuration mode, matches the server or relay Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
MAC address. Default Configuration Policy attached to port or port channel: the value configured in the policy attached to the VLAN. Policy attached to VLAN: global configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 RA Guard policy, use the other-config-flag command in RA Guard Policy Configuration mode. To return to the default, use the no form of this command. Syntax other-config-flag {on | off | disable} no other-config-flag Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable verification of the preference in messages sent by DHCPv6 servers within a DHCPv6 Guard policy, use the preference command in DHCPv6 Guard Policy Configuration mode. To return to the default, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 691
The following example defines a DHCPv6 Guard policy named policy1, places the switch in DHCPv6 Guard Policy Configuration mode, and defines a minimum preference value of 10: switchxxxxxx(config)# ipv6 dhcp guard policy policy1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Policy attached to port or port channel: the value configured in the policy attached to the VLAN. Policy attached to VLAN: global configuration. Command Mode RA Guard Policy Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration Policy attached to port or port channel: the value configured in the policy attached to the VLAN. Policy attached to VLAN: global configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DHCPv6 Examples Example 1—The following example displays the Policy Configuration for a policy named policy1: switchxxxxxx# show ipv6 dhcp guard policy policy1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 696
VLANs policy2 200-300 vlan-default 1-199,301-4094 Attached to ports: Policy Name Ports VLANs policy1 gi11-2 1-100 port-default gi11-2 101-4094 gi13-4 1-1094 Example 3—The following example displays the user defined policies: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example gives an example of the show ipv6 first hop security command: switchxxxxxx# show ipv6 first hop security IPv6 First Hop Security is enabled on VLANs:1-4,6,7,100-120 Logging Packet Drop: enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 ND Inspection is enabled on VLANs:1-4,6,7,100-120 IPv6 Neighbor Binding Integrity is enabled on VLANs:1-4,6,7,100-120 IPv6 RA Guard is enabled on VLANs:1-4,6,7,100-120 IPv6 Source Guard is enabled on VLANs:1-3,7,100-112 gi11, VLAN 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 699
10 (from policy2 attached to the VLAN) maximum: 20 (from global configuration) manage-config-flag: on(from policy2 attached to the VLAN) ra address verification:: disabled(default) ra prefixes prefix list name: list1(from policy2 attached to the VLAN) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLAN specified by the interface-id vlan-id arguments. Examples The following example displays the attached policy on gi11 and VLAN 100: switchxxxxxx# show ipv6 first hop security attached policies interface gi11 vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Examples The following examples displays information about packets counted on port gi1 switchxxxxxx# show ipv6 first hop security counters interface gi11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 702
Unauthorized cur hop limit ND Inspection Invalid source MAC ND Inspection Unsecure message ND Inspection Unauthorized sec level Source guard NoBinding NB Integrity Illegal ICMPv6 message NB Integrity Illegal DHCPv6 message Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display IPv6 First Hop Security policies on all ports configured with the IPv6 First Hop Security feature, use the show ipv6 first hop security policy command in privileged EXEC mode. Syntax policy-name show ipv6 first hop security policy [ | active] Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 704
1-4094 Po1-4 1-4094 Example 2—The following example displays the attached policies: switchxxxxxx# show ipv6 first hop security policy active Attached to VLAN: Policy Name VLANs policy2 200-300 vlan-default 1-199,301-4094 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display ND Inspection global configuration, use the show ipv6 nd inspection command in Privilege EXEC configuration mode. Syntax show ipv6 nd inspection Parameters Command Mode Privileged EXEC mode User Guidelines This command displays ND Inspection global configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Examples Example 1—The following example displays the policy configuration for a policy named policy1: switchxxxxxx# show ipv6 nd inspection policy policy1 ND Inspection Policy: policy1 device-role: router drop-unsecure: enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
29.74 show ipv6 nd raguard To display RA Guard global configuration, use the show ipv6 nd raguard command in Privilege EXEC configuration mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display a router advertisements (RAs) guard policy on all ports configured with the RA guard feature, use the show ipv6 nd raguard policy command in privileged EXEC mode. Syntax policy-name show ipv6 nd raguard policy [ | active] Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 709
Ports VLANs gi11-2 1-58,68-4094 gi13-4 1-4094 Po1-4 1-4094 Example 2—The following example displays the attached policies: switchxxxxxx# show ipv6 nd raguard policy active Attached to VLANs: Policy Name VLANs Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters Command Mode Privileged EXEC mode User Guidelines This displays Neighbor Binding global configuration. Example The following example gives an example of the show ipv6 neighbor binding command output: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Privileged EXEC mode User Guidelines This command either displays all policies or a specific one. Examples Example 1—The following example displays the policy configuration for a policy named policy1: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 712
1-4094 Po1-4 1-4094 Example 2—The following example displays the attached policies: switchxxxxxx# show ipv6 neighbor binding policy active Attached to VLAN: Policy Name VLANs policy2 200-300 vlan-default 1-199,301-4094 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command displays the Neighbor Prefix table. The display output can be limited to the specified VLAN. If no VLAN is configured, all prefixes are displayed. Example The following example displays the learned prefixes: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Displays the Binding table entries that match the specified IPv6 address. • mac-address —Displays the Binding table entries that match the specified MAC address. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 715
Static—The static IPv6 address manually defined by the ipv6 neighbor binding static command. • NDP—The IPv6 address learnt from the NDP protocol messages. • DHCP—The IPv6 address learnt from the DHCPv6 protocol messages. • State—Entry’s state: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This displays IPv6 Source Guard global configuration. Example The following example gives an example of the show ipv6 source guard command output: switchxxxxxx# show ipv6 source guard IPv6 Source Guard is enabled on VLANs:1-4,6,7,100-120 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 Source Guard Policy Configuration mode. To return to the default, use the no form of this command. Syntax trusted-port no trusted-port Parameters Default Configuration not trusted. Command Mode IPv6 Source Guard Policy Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Policy attached to port or port channel: the value configured in the policy attached to the VLAN. Policy attached to VLAN: global configuration. Command Mode ND inspection Policy Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 720
The following example enables the router to drop an NDP message whose link-layer address does not match the MAC address: switchxxxxxx(config)# ipv6 nd inspection policy policy1 switchxxxxxx(config-nd-inspection)# validate source-mac switchxxxxxx(config-nd-inspection)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To forward IPv6 Multicast packets on an interface, IPv6 Multicast forwarding must be enabled globally and an IPMv6 Routing protocol must be enabled on the interface. Example The following example enables IPv6 Multicast routing using MLD Proxy: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example sets the Hop Limit threshold on a border router to 200: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ipv6 multicast hop-threshold 200 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 Multicast routing table. “Expires” indicates per interface how long (in hours, minutes, and seconds) until the entry will be removed from the IPv6 Multicast routing table. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 724
Example 2. The following is sample output from the show ipv6 mroute command: show ip mroute switchxxxxxx# Timers: Uptime/Expires IPv6 Multicast Routing Table (*, FF07::1), 00:04:45/00:02:47, RP 2001:0DB8:6::6 Incoming interface: vlan5 Outgoing interface list: vlan40, 00:04:45/00:02:47 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1. The following is sample output from the show ipv6 multicast command without the interface keyword when no IPv6 Multicast Routing protocol is enabled: show ipv6 multicast switchxxxxxx# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 726
MLD Proxy is enabled on the interface and the interface is an MLD Proxy Downlink interface: show ipv6 multicast interface vlan 100 switchxxxxxx# IPv6 Unicast Forwarding: enabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The hit count is automatically cleared for all IPv6 prefix lists. Command Mode Privileged EXEC mode User Guidelines The hit count is a value indicating the number of matches to a specific prefix list entry. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
0 to 128. The zero prefix-length may be used only with ipv6-prefix the zero (::). • text description —Text that can be up to 80 characters in length. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 730
A prefix length of less than, or equal to, a value is configured with the le keyword. A Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 731
- is not defined The prefix cP/cL matches the prefix-list entry if PrefixIsEqual(cP,P,L) && cL == L Case 2. An prefix-list entry is: • P - prefix address Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 732
2002::/16 Example 3. The following example shows how to specify a group of prefixes to accept any prefixes from prefix 5F00::/48 up to and including prefix 5F00::/64: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 prefix list or IPv6 prefix list entries. Syntax list-name list-name show ipv6 prefix-list [detail [ ] | summary [ list-name ipv6-prefix prefix-length show ipv6 prefix-list [longer | first-match] Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 734
Examples Example 1. The following example shows the output of this command with the detail keyword: switchxxxxxx# ipv6 prefix-list detail ipv6 prefix-list aggregate: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 735
Example 3. The following example shows the output of the show ipv6 prefix-list command with the seq keyword: switchxxxxxx# show ipv6 prefix-list bgp-in seq 15 seq 15 deny ::/1 (hit count: 0) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 736
IPv6 Prefix List Commands Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If an ACL is bounded on an interface and a frame matches both to the iSCLI and the ACL rules then only the iSCSI rules are applied to this frame. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Two iSCSI IPv4 flows with well-known TCP ports 3260 and 860. Command Mode Global Configuration mode User Guidelines Each iscsi flow command defines an iSCSI flow including the following two sub-flows: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To define the quality of service profile applying to iSCSI flows, use the iscsi qos command in Global Configuration mode. To restore the default configuration, use the no form of the command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 740
Note. At least one parameter is mandatory Example The following example configures the default quality of service profile applying to iSCSI flows: switchxxxxxx(config)# iscsi qos vpt 6 queue 8 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the tunnel number. Default Configuration Command Mode Global Configuration mode Example The following example enters the Interface Configuration (Tunnel) mode. switchxxxxxx(config)# interface tunnel 1 switchxxxxxx(config-if)# tunnel source auto switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To configure the number of router solicitation refresh messages that the device sends, use the tunnel isatap robustness command in Global Configuration mode. To restore the default configuration, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (Tunnel) Configuration mode. To remove this router name and restore the default configuration, use the no form of this command. Syntax tunnel isatap router router-name no tunnel isatap router Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To configure a static IPv6 tunnel interface, use the tunnel mode ipv6ip command in Interface (Tunnel) Configuration mode. To remove an IPv6 tunnel interface, use the no form of this command. Syntax tunnel mode ipv6ip isatap no tunnel mode ipv6ip Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 747
Only the ipv6 address eui-64 command can be used to configured a global unicast IPv6 on an ISATAP tunnel. Examples Example 1—The following example configures an ISATAP tunnel: switchxxxxxx(config)# interface vlan 1 switchxxxxxx(config-if)# ip address 1.1.1.1 255.255.255.0 switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv4 is used as the tunnel local IPv4 address until it is defined. A new IPv4 interface is only chosen in the following cases: • After reboot. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Examples Example 1. The following example displays information on the ISATAP tunnel, when the all keyword is not configured: switchxxxxxx# show ipv6 tunnel Tunnel 2 Tunnel type : ISATAP Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 750
: auto Tunnel Local Ipv4 address : 192.1.3.4 Router DNS name : ISATAP Router IPv4 addresses 1.1.1.1 Detected 100.1.1.1 Detected 14.1.100.1 Not Detected Router Solicitation interval : 10 seconds Robustness Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Enter key twice. The device detects the baud rate automatically. Note that if characters other than Enter are typed, wrong speed might be detected. Example The following example enables autobaud. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
20 10 34.3 line To identify a specific line for configuration and enter the Line Configuration command mode, use the line Global Configuration mode command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To restore the default configuration, use the no form of this command. Syntax speed no speed Parameters bps—Specifies the baud rate in bits per second (bps). Possible values are 9600, 19200, 38400, 57600, and 115200. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Displays the Telnet configuration. • ssh—(Optional) Displays the SSH configuration. Default Configuration If the line is not specified, all line configuration parameters are displayed. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration The default port priority is 1. Command Mode Interface (Ethernet) Configuration mode Example The following example sets the priority of switchxxxxxx(config)# interface gi16 switchxxxxxx(config-if)# lacp port-priority 247 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (Ethernet) Configuration mode command. To restore the default configuration, use the no form of this command. Syntax {long | short} lacp timeout no lacp timeout Parameters • long—Specifies the long timeout value. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display LACP information for a port-channel, use the show lacp port-channel Privileged EXEC mode command. Syntax [port_channel_number] show lacp port-channel Parameters port_channel_number—(Optional) Specifies the port-channel number. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 761
The following example displays LACP information about port-channel 1. switchxxxxxx# show lacp port-channel 1 Port-Channel 1:Port Type 1000 Ethernet Actor System Priority: 000285:0E1C00 MAC Address: Admin Key: Oper Key: Partner System Priority: 00:00:00:00:00:00 MAC Address: Oper Key: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To configure the source of the chassis ID of the port, use the lldp chassis-id Global Configuration mode command. To restore the chassis ID source to default, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To specify how long the receiving device holds a LLDP packet before discarding it, use the lldp hold-multiplier Global Configuration mode command. To restore the default configuration, use the no form of this command. Syntax lldp hold-multiplier number no lldp hold-multiplier Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To define LLDP packet handling when LLDP is globally disabled, use the lldp lldpdu Global Configuration mode command. To restore the default configuration, use the no form of this command. Syntax lldp lldpdu { filtering flooding no lldp lldpdu Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 765
STP state is Forwarding. • LLDP packets are sent as untagged. Example The following example sets the LLDP packet handling mode to Flooding when LLDP is globally disabled. switchxxxxxx(config)# lldp lldpdu flooding Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IP address, that address is not included because the address is associated with the VLAN. Default Configuration No IP address is advertised. The default advertisement is automatic. Command Mode Interface (Ethernet) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Network-Policy, Location, and POE-PSE, Inventory. The Capabilities TLV is always included if LLDP-MED is enabled. • disable—Disable LLDP MED on the port Default Configuration Enabled with network-policy TLV Command Mode Interface (Ethernet) Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Disable is the default. Command Mode Interface (Ethernet) Configuration mode Example The following example enables sending LLDP MED topology change notifications switchxxxxxx(config)# interface gi12 switchxxxxxx(config-if)# lldp med notifications topology-change enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To delete location information for a port, use the no form of this command. Syntax {{coordinate data} | {civic-address data} | {ecs-elin data}} lldp med location {coordinate | civic-address | ecs-elin} no lldp med location Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The lldp med network-policy command creates the network policy, which is attached to a port by lldp med network-policy (interface). The network policy defines how LLDP packets are constructed. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 771
—(Optional) User Priority (Layer 2 priority) to be used for the specified application. • value dscp —(Optional) DSCP value to be used for the specified application. Default Configuration No network policy is defined. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Attaches/removes the specified network policy to the interface. • number—Specifies the network policy sequential number. The range is 1-32 Default Configuration No network policy is attached to the interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To disable this mode, use the no form of this command. The network policy is attached automatically to the voice VLAN. Syntax lldp med network-policy voice auto no lldp med network-policy voice auto Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—The device does not send more than a single notification in the indicated period (range: 5–3600). Default Configuration 5 seconds Command Mode Global Configuration mode Example switchxxxxxx(config)# lldp notifications interval 10 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• sys-cap Command Mode Interface (Ethernet) Configuration mode Example The following example specifies that the port description TLV is transmitted on gi12. switchxxxxxx(config)# interface gi12 switchxxxxxx(config-if)# lldp optional-tlv port-desc Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable receiving LLDP on an interface, use the lldp receive Interface (Ethernet) Configuration mode command. To stop receiving LLDP on an Interface (Ethernet) Configuration mode interface, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode command. To revert to the default setting, use the no form of this command. Syntax seconds lldp reinit no lldp reinit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
LLDP operation on a port is not dependent on the STP state of a port. I.e. LLDP frames are sent on blocked ports. If a port is controlled by 802.1x, LLDP operates only if the port is authorized. Example switchxxxxxx(config)# interface gi11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
It is recommended that the tx-delay be less than 25% of the LLDP timer interval. Example The following example sets the LLDP transmission delay to 10 seconds. switchxxxxxx(config)# lldp tx-delay 10 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 784
The amount of time (as a multiple of the timer interval) that the receiving device holds a LLDP packet before discarding it. Reinit timer The minimum time interval an LLDP port waits before re-initializing an LLDP transmission. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters Interface-id—(Optional) Specifies a port ID. Default Configuration If no port ID is entered, the command displays information for all ports. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 786
Power Source: Primary Power Source Power Priority: Unknown PD Requested Power Value: 30 4-Pair POE supported: Yes Spare Pair Detection/Classification required: Yes PD Spare Pair Desired State: Enabled 802.3 EEE Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 787
Coordinates: 54:53:c1:f7:51:57:50:ba:5b:97:27:80:00:00:67:01 Hardware Revision: B1 Firmware Revision: A1 Software Revision: 3.8 Serial number: 7978399 Manufacturer name: Manufacturer Model name: Model 1 Asset ID: Asset 123 switchxxxxxx# show lldp local gi12 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters interface-id—(Optional) Specifies a port ID. Default Configuration If no port ID is entered, the command displays information for all ports. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 791
Example 2 - The following example displays information about neighboring devices discovered using LLDP on port 1. switchxxxxxx# show lldp neighbors gi11 Device ID: 00:00:00:11:11:11 Port ID: gi11 System Name: ts-7800-2 Capabilities: B System description: Port description: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 792
Aggregation capability: Capable of being aggregated Aggregation status: Not currently in aggregation Aggregation port ID: 1 802.3 Maximum Frame Size: 1522 802.3 EEE Remote Tx: 25 usec Remote Rx: 30 usec Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 794
The active status of auto-negotiation on the status port. (enabled or disabled) Auto-negotiation The port speed/duplex/flow-control Advertised capabilities advertised by the Capabilities auto-negotiation. Operational MAU The port MAU type. type Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 795
The possible values are: Primary power source and Backup power source. A PD device advertises its power source. The possible values are: Primary power, Local power, Primary and Local power. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If no port ID is entered, the command displays information for all ports. If detailed is not used, only present ports are displayed. Command Mode User EXEC mode Example switchxxxxxx# show lldp statistics Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 797
T - Telephone D - DOCSIS cable device H - Host r - Repeater O - Other System description The neighbor device’s system description. Port description The neighbor device’s port description. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 798
The DSCP value used for the specified application. LLDP MED - Power Over Ethernet Power type The device power type. The possible values are: Power Sourcing Entity (PSE) or Power Device (PD). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 799
PSE device, or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration. LLDP MED - Location Coordinates, Civic The location information raw data. address, ECS ELIN. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command enables the Loopback Detection feature globally. Use the loopback-detection enable Interface Configuration mode command to enable Loopback Detection on an interface. Example The following example enables the Loopback Detection feature on the device. switchxxxxxx(config)# loopback-detection enable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
37.3 loopback-detection interval To set the time interval between LBD packets, use the loopback-detection interval Global Configuration mode command. To restore the default configuration, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If this is not set, the default is to display all present ports. Default Configuration All ports are displayed. If detailed is not used, only present ports are displayed. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
User Guidelines A macro is a script that contains CLI commands and is assigned a name by the user. It can contain up to 3000 characters and 200 lines. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 805
A keyword must be prefixed with '$'. #macro keywords - This instruction enables the device to display the keywords as part of the CLI help. It accepts up to 3 keywords. The Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 806
Example 1 -The following example shows how to create a macro that configures the duplex mode of a port. switchxxxxxx(config)# macro name dup Enter macro commands one per line. End with the character ‘@’. #macro description dup duplex full negotiation Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
$DUPLEX full $SPEED ? WORD<1-32> Second parameter value switchxxxxxx(config-if)# macro apply duplex $DUPLEX full $SPEED 100 38.2 macro Use the macro apply/trace Interface Configuration command to either: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 808
You can use the macro apply macro-name with a '?' to display the help string for the macro keywords (if you have defined these with the #macro keywords preprocessor command). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 809
$DUPLEX full $SPEED 100 switchxxxxxx(config-if)# Example 3 - The following is an example of an incorrect macro being applied. switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# macro trace dup Applying command...'duplex full' Applying command...'speed auto' Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To verify the settings created by this command, run the show parser macro command. Example switchxxxxxx(config)# interface gi12 switchxxxxxx(config-if)# macro apply dup Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
| dup | duplex -------------------------------------------------------------- 38.4 macro global Use the macro global Global Configuration command to apply a macro to a switch (with or without the trace option). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 812
As a result, the macro name is appended to the global macro history. Use show parser macro to display the global macro history. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • text —Description text. The text can contain up to 160 characters. Default Configuration The command has no default setting. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Default Configuration Display description of all macros on present ports. If the detailed keyword is not used, only present ports are displayed. Command Mode User EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 815
Macro name : standard-switch10 Macro type : customizable macro description standard-switch10 # Trust QoS settings on VOIP packets auto qos voip trust # Allow port channels to be automatically formed Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 5 - This is an example of output from the show parser macro description interface command. switchxxxxxx# show parser macro description interface gi12 Interface Macro Description -------------------------------------------------------------- gi12 this is test macro -------------------------------------------------------------- Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv4 address prefix. The prefix length must be preceded by a forward slash (/). The parameter is relevant only to IPv4 addresses. (Range: 0–32) Default Configuration No rules are configured. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv6 address prefix length. The prefix length must be preceded by a forward slash (/). The parameter is optional. • mask mask — Specifies the source IPv4 address network mask. This parameter is relevant only to IPv4 addresses. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Configuration mode command. To delete an ACL, use the no form of this command. Syntax name management access-list no management access-list name Parameters name—Specifies the ACL name. (Length: 1–32 characters) Default Configuration Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 820
‘mlist’, configures all interfaces to be management interfaces except gi11 and gi19, and makes the new access list the active list. switchxxxxxx(config)# management access-list mlist deny gi11 switchxxxxxx(config-macl)# deny gi19 switchxxxxxx(config-macl)# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The default configuration is no management connection restrictions. Command Mode Global Configuration mode Example The following example defines an access list called mlist as the active management access list. switchxxxxxx(config)# management access-class mlist Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
! (Note: all other access implicitly denied) console(config-macl)# 39.6 show management access-class To display information about the active management access list (ACLs), use the show management access-class Privileged EXEC mode command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 823
This command has no arguments or keywords. Command Mode Privileged EXEC mode Example The following example displays the active management ACL information. switchxxxxxx# show management access-class Management access-class is enabled, using access list mlist Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example clears the counters for VLAN 100: switchxxxxxx# clear ipv6 mld counters vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ipv6 mld robustness command to change the MLD last member query counter. Example The following example changes a value of the MLD last member query counter to switchxxxxxx(config)# interface vlan 1 ipv6 mld last-member-query-count 3 exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
1500 switchxxxxxx(config-if)# exit 40.4 ipv6 mld query-interval To configure the frequency at which the switch sends Multicast Listener Discovery (MLD) host-query messages, use the ipv6 mld query-interval command in Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
180 switchxxxxxx(config-if)# exit 40.5 ipv6 mld query-max-response-time To configure the maximum response time advertised in Multicast Listener Discovery (MLD) queries, use the ipv6 mld query-max-response-time command in Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 828
Therefore, the hosts must know to respond faster than 10 seconds (or the value you configure). Example The following example configures a maximum response time of 8 seconds: switchxxxxxx(config)# interface vlan 100 switchxxxxxx(config-if)# ipv6 mld query-max-response-time 8 switchxxxxxx(config-if)# exit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To configure which version of Multicast Listener Discovery Protocol (MLD) the router uses, use the ipv6 mld version command in Interface Configuration mode. To restore the default value, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the Multicast Listener Discovery (MLD) traffic counters, use the show ipv6 mld counters command in User EXEC mode. Syntax interface-id show ipv6 mld counters [ Parameters • interface-id —(Optional) Interface Identifier. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Multicast Listener Discovery (MLD), use the show ipv6 mld groups command in User EXEC mode. Syntax group-name group-address interface-id show ipv6 mld groups [link-local | [detail] Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 832
MLD Connected Group Membership Expires: never - switch itself has joined the group Group Address Interface Expires FF02::2 VLAN 100 never FF02::1:FF00:1 VLAN 00:10:27 FF02::1:FFAF:2C39 VLAN 100 00:09:11 FF06:7777::1 VLAN 100 00:00:26 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the number of (*, G) and (S, G) membership reports present in the Multicast Listener Discovery (MLD) cache, use the show ipv6 mld groups summary command in User EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
No. of (S,G) routes = 0—Displays the number of include and exclude mode sources present in the MLD cache. 40.11 show ipv6 mld interface To display multicast-related information about an interface, use the show ipv6 mld interface command in User EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 835
Administrative MLD max query response time is 10 seconds Operational MLD max query response time is 10 seconds Administrative Last member query response interval is 1000 milliseconds Operational Last member query response interval is 1000 milliseconds Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Examples Example 1. The following example adds a downstream interface to a MLD Proxy process with vlan 200 as its Upstream interface: switchxxxxxx(config)# interface vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command has no arguments or keywords. Default Configuration Forwarding from downstream interfaces is allowed. Command Mode Global Configuration mode User Guidelines Use the pv6 mld-proxy downstream protected command to block forwarding from downstream interfaces. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the ipv6 mld-proxy downstream protected interface disabled command to block forwarding from the given downstream interface. Use the ipv6 mld-proxy downstream protected interface enabled command to allow forwarding from the given downstream interface. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies the standard IPv6 access list name defining the SSM range. Default Configuration The command is disabled. Command Mode Global Configuration mode User Guidelines A new ipv6 mld-proxyssm command overrides the previous ipv6 mld-proxy ssm command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
MLD Proxy is enabled or to display the MLD Proxy configuration for a given interface. Examples Example 1. The following example displays MLD Proxy status on all interfaces where the MLD Proxy is enabled: switchxxxxxx# show ip mld-proxy interface Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 841
IPv6 Multicast Routing is enabled MLD Proxy is enabled Global Downdtream interfaces protection is disabled SSM Access List Name: vlan 100 is a Upstream interface Downstream interfaces: *vlan 102, *vlan 110, vlan 113 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 842
IGMP Proxy is disabled: switchxxxxxx# show ipv6 mld-proxy interface vlan 1 IPv6 Forwarding is enabled IPv6 Multicast Routing is enabled MLD Proxy is disabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enable MLD snooping on a specific VLAN, use the ipv6 mld snooping vlan command in Global Configuration mode. To return to the default, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To disable the MLD Snooping querier globally, use the no form of this command. Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Command Mode Global Configuration mode User Guidelines Use the no form of the ipv6 mld snooping vlan querier election command to disable MLD Querier election mechanism on a VLAN. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Command Mode Global Configuration mode User Guidelines Multicast router ports can be configured statically with the bridge multicast forward-all command. You can execute the command before the VLAN is created. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
You can execute the command before the VLAN is created and for a range of ports as shown in the example. Example switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# ipv6 mld snooping vlan 1 mrouter interface gi11-4 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Multicast router ports. You can execute the command before the VLAN is created. Example switchxxxxxx(config)# ipv6 mld snooping vlan 1 forbidden mrouter interface Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
You can register an entry without specifying an interface. Using the no command without a port-list removes the entry. Example switchxxxxxx(config)# ipv6 mld snooping vlan 1 static FF12::3 gi1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
42.12 show ipv6 mld snooping groups To display the multicast groups learned by the MLD snooping, use the show ipv6 mld snooping groups EXEC mode command in User EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 853
Exclude reports were received on the same port for the same group but for different sources, the port will not be in the Exclude list but rather in the Include list Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
EXEC mode command in User EXEC mode. Syntax vlan-id show ipv6 mld snooping interface Parameters • vlan-id —Specifies the VLAN ID. Default Configuration Display information for all VLANs. Command Mode User EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
VLANs or for a specific VLAN, use the show ipv6 mld snooping mrouter EXEC mode command in User EXEC mode. Syntax vlan-id show ipv6 mld snooping mrouter [interface Parameters • vlan-id interface —(Optional) Specifies the VLAN ID. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 856
The following example displays information on dynamically learned Multicast router interfaces for VLAN 1000: switchxxxxxx# show ipv6 mld snooping mrouter interface 1000 VLAN Dynamic Static Forbidden ---- --------- --------- ---------- 1000 gi11 gi12 gi13-4 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IP address. If unspecified, it defaults to 255.255.255.255. The command returns an error if the mask is specified without an IPv4 address. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 858
(read-view and notify-view always, and for rw for write-view also), Example Defines a password for administrator access to the management station at IP address 1.1.1.121 and mask 255.0.0.0. switchxxxxxx(config)# snmp-server community abcd su 1.1.1.121 mask 255.0.0.0 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv4 address prefix. If unspecified, it defaults to 32. The command returns an error if the prefix-length is specified without an IPv4 address. Default Configuration No community is defined Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Syntax snmp-server server no snmp-server server Parameters This command has no arguments or keywords. Default Configuration Enabled Command Mode Global Configuration mode Example switchxxxxxx(config)# snmp-server server Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If there is no available IPv4 source address, a SYSLOG message is issued when attempting to send an SNMP trap or inform. Use the no snmp-server source-interface traps command to remove the source interface for SNMP traps. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The IPv6 source address is the IPv6 address of the outgoing interface and selected in accordance with RFC6724. If no parameters are specified in no snmp-server source-interface, the default is both traps and informs. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters • view-name—Specifies the name for the view that is being created or updated. (Length: 1–30 characters) • included—Specifies that the view type is included. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 864
MIB-II interface group (this format is specified on the parameters specified in ifEntry). switchxxxxxx(config)# snmp-server view user-view system included switchxxxxxx(config)# snmp-server view user-view system.7 excluded switchxxxxxx(config)# snmp-server view user-view ifEntry.*.1 included Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—(Optional) Specifies the view name that enables viewing only. (Length: 1–30 characters) • writeview write —(Optional) Specifies the view name that enables configuring the agent. (Length: 1–30 characters) Default Configuration No group entry exists. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the configured SNMP groups, use the show snmp groups Privileged EXEC mode command. Syntax show snmp groups [ groupname Parameters groupname—(Optional) Specifies the group name. (Length: 1–30 characters) Default Configuration Display all groups. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enter the authentication and privacy passwords in encrypted form (see SSD), use the encrypted form of this command. Syntax username groupname {v1 | v2c | [ host] v3[ {md5 | sha} snmp-server user remote auth auth-password [priv priv-password] ]} Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 869
- DES). Range: Up to 64 characters. • encrypted-priv-password—(Optional) Specifies the privacy password in encrypted format. Default Configuration No group entry exists. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 870
SNMP v1 and v2c. The default abcd is assigned as the engineID. User is assigned to group using SNMP v1 and v2c switchxxxxxx(config)# snmp-server user tom acbd v1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
User name :u1rem Group name :group1 Authentication Algorithm : None Privacy Algorithm : None Remote :11223344556677 Auth Password Priv Password User name : qqq Group name : www Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 872
Auth Password (encrypted) Priv Password (encrypted) User name : u1OnlyAuth Group name : group1 Authentication Algorithm : SHA Privacy Algorithm : None Remote Auth Password (encrypted): 8nPzy2hzuba9pG3iiC/q0451RynUn7kq94L9WORFrRM= Priv Password (encrypted) : Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
This command can be entered multiple times for the same filter. If an object identifier is included in two or more lines, later lines take precedence. The command's logical key is the pair (filter-name, oid-tree). Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example displays the configured SNMP filters. switchxxxxxx# show snmp filters user-filter Name OID Tree Type ------------ --------------------- --------- user-filter 1.3.6.1.2.1.1 Included user-filter 1.3.6.1.2.1.1.7 Excluded user-filter 1.3.6.1.2.1.2.2.1.*.1 Included Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(Range: 1–20 characters). For v1 and v2, any community string can be entered here. For v3, the community string must match the user name defined in snmp-server user (ISCLI) command for v3. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 876
For SNMPv3 the software does not automatically create a user or a notify view. , use the commands snmp-server user (ISCLI) and snmp-server group to create a user or a group. Example The following defines a host at the IP address displayed. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To use SNMPv3, an engine ID must be specified for the device. Any ID can be specified or the default string, which is generated using the device MAC address, can be used. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
ID is a concatenated hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or colon. If the user enters an odd number of hexadecimal digits, Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To display the local SNMP engine ID, use the show snmp engineID Privileged EXEC mode command. Syntax show snmp engineID Parameters This command has no arguments or keywords. Default Configuration None Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example The following example enables SNMP traps except for SNMP failure traps. switchxxxxxx(config)# snmp-server enable traps no snmp-server trap authentication switchxxxxxx(config)# Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To set the value of the system contact (sysContact) string, use the snmp-server contact Global Configuration mode command. To remove the system contact information, use the no form of the command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Configuration mode command. To remove the location string, use the no form of this command. Syntax text snmp-server location no snmp-server location Parameters text—Specifies the system location information. (Length: 1–160 characters) Default Configuration None Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
SNMP user sets a MIB variable that does not have an equivalent CLI command. To generate configuration files that support those situations, the system uses snmp-server set. This command is not intended for the end user. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example disables generation of SNMP link-status traps. switchxxxxxx(config)# interface gi11 switchxxxxxx(config-if)# # no snmp trap link-status 43.24 show snmp To display the SNMP status, use the show snmp Privileged EXEC mode command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 885
Default 172.16.1.1/10 private DefaultSuper 172.16.1.1 Community-string Group name IP Address Mask Type ---------------- ---------- ---------- ------ public user-group Router Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 886
— read-write, super access. IP Address The management station IP Address. Target Address The IP address of the targeted recipient. Version The SNMP version for the sent trap. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The maximum length of cable for the TDR test is 120 meters. Examples - Test the copper cables attached to port gi11 (a copper port). Example 1 switchxxxxxx# test cable-diagnostics tdr interface gi1 Cable is open at 64 meters Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example displays information on the last TDR test performed on all copper ports. show cable-diagnostics tdr switchxxxxxx# Port Result Length Date [meters] ---- -------- ------------------ ------------ Short 13:32:00 23 July 2010 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example displays the estimated copper cable length attached to all ports. switchxxxxxx# show cable-diagnostics cable-length Port Length [meters] ---- ----------------- gi11 < 50 gi12 Copper not active gi13 110-140 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
- Internally measured supply voltage Current - Measured TX bias current Output Power - Measured TX output power in milliWatts Input Power - Measured RX received power in milliWatts - Loss of signal Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 891
PHY Diagnostics Commands N/A - Not Available, N/S - Not Supported, W - Warning, E - Error Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
(Range: 1–32 characters) Default Configuration The default configuration is set to auto. Command Mode Interface (Ethernet) Configuration mode User Guidelines The never parameter cannot be used with a time range. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters N/A. Default Configuration Inrush test is enabled. Command Mode Global Configuration mode Example The following example disable inrush test. switchxxxxxx(config)# power inline inrush test disable Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To add a description of the device type, use the power inline powered-device Interface Configuration mode command. To remove the description, use the no form of this command. Syntax power inline powered-device pd-type no power inline powered-device Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• high—Specifies that the device operation is high priority. • low—Specifies that the device operation is low priority. Default Configuration The default configuration is set to low priority. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The default threshold is 95 percent. Command Mode Global Configuration mode Example The following example configures the threshold for initiating inline power usage alarms to 90 percent. switchxxxxxx(config)# power inline usage-threshold 90 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Syntax power power inline limit no power inline limit Parameters power—States the port power consumption limit in Milliwatts, Range is 0-60000. Default Configuration The default value is 30W Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• port—The power limit of a port is fixed regardless of the class of the discovered PD. Default Configuration The default value is class Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The command is used to force the spare pair to supply power, this allows the usage of 60 Watts PoE. CDP/LLDP will reflect power allocated of 60W regardless of power requested. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
PSE, this allows the usage of 60 Watts PoE without the usage of negotiation protocol. CDP/LLDP will reflect power requested and power consumption of 60W. Use the no command to return to dynamic detection (hardware or protocol based) of PSE uplink ports. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1—The following example displays information about the inline power for all ports (port power based). switchxxxxxx(config)# show power inline Port limit mode: Enabled Usage threshhold: 95% Trap: Enabled Legacy Mode: Disabled Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 902
------- ---------- -------- ------------------- Auto Critical IP Phone Model A Port status: Port is on - Valid PD resistor signature detected Port standard: 802.3AT Admin power limit: 30.0 watts Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 903
Critical, High or Low. Status Power operational state. The possible values are On, Off, Test-Fail, Testing, Searching or Fault. Class Power consumption classification of the device. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 904
Indicates if the port is enabled to provide power. The possible values are Auto or Never. Oper Power operational state. The possible values are On, Off, Test-Fail, Testing, Searching or Fault. Power Power consumed in watts. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 905
Port is on - Forced 4 pairs. Port is off - Main supply voltage is high. Port is off - Main supply voltage is low. Port is off - Hardware pin disables all ports. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
45.13 show power inline savings To display information about the device inline power saving, use the show power inline savings privileged EXEC mode command. Syntax show power inline savings Parameters Default Configuration Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Specifies an interface ID. The interface ID must be an Ethernet port type. If interface ID is not specified - counters for all interfaces are cleared. Default Configuration All interface counters are cleared. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Ethernet port type. If interface ID is not specified - consumption information for all interfaces is cleared. Default Configuration All monitored interface info are cleared. Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Average Weekly Consumption. Displays the last 52 samples, sampled every 7 days (midnight Saturday to midnight Saturday according to system time). Default Configuration This command has no default settings. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 910
* time stamp represents end of sampling period Example 2: The following example displays the average weekly power consumption for the past 52 weeks gathered for entire device. switchxxxxxx# show power inline monitor consumption weeks Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Syntax [interface-id] show powered-device Parameters Interface-id—Specifies an interface ID. The interface ID must be an Ethernet port. Default Configuration Show information for all ports. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 912
N/A. If CDP/LLDP negotiation is activated than this represent the maximum request power level. If no negotiation is activated this value is derived from the PD standard. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 913
In case the power negotiation is not completed or has failed to negotiate power the value of "Unknown" is displayed. If no negotiation is activated this value is derived from the PSE standard. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
LACP operation. Default Configuration The port is not assigned to a port-channel. Command Mode Interface (Ethernet) Configuration mode Default mode is on. User Guidelines LACP starts to manage port joining. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
MAC and IP addresses. Default Configuration src-dst-mac is the default option. Command Mode Global Configuration mode Example switchxxxxxx(config)# port-channel load-balance src-dst-mac Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Examples The following example displays information on all port-channels. switchxxxxxx# show interfaces port-channel Load balancing: src-dst-mac. Gathering information... Channel Ports ------- ----- Active: 1,Inactive: gi12-3 Active: 5 Inactive: gi14 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• cos-dscp—Classifies ingress packets with the packet DSCP values for IP packets. For other packet types, use the packet CoS values. Default Configuration cos-dscp Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
OR of the criteria of the ACLs belonging to this class map. Only a single match criteria in this class map must be matched. Default Configuration No class map. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
47.5 show class-map The show class-map Privileged EXEC mode mode command displays all class maps when QoS is in advanced mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Syntax acl-name match access-group acl-name no match access-group Parameters acl-name—Specifies the MAC, IP ACL name, or IPv6 ACL name. (Length: 1–32 characters) Default Configuration No match criterion is supported. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Parameters policy-map-name—Specifies the policy map name. (Length: 1–32 characters) Default Configuration Command Mode Global Configuration mode User Guidelines This command is only available when QoS is in advanced mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• class-map-name—Specifies the name of an existing class map. If the class map does not exist, a new class map is created under the specified name. (Length: 1–32 characters) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show policy-map Privileged EXEC mode command to display all policy maps or a specific policy map. This command is only available when QoS is in advanced mode. Syntax policy-map-name show policy-map [ Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the trust Policy-map Class Configuration mode. command to configure the trust state. Use the no form of this command to return to the default trust state. Syntax trust no trust Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To return to the Configuration mode, use the exit command. To return to the Privileged EXEC mode, use the end command. The queue keyword is not supported into egress policies. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
—Specifies an Ethernet port or port channel to which the flow is redirected. Command Mode Policy-map Class Configuration mode. User Guidelines Use the redirect command to redirect a frame into the VLAN the frame was assigned to. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Ethernet port. Syntax session_number mirror no mirror Parameters • session_number —Specify the session number identified with the SPAN or RSPAN session. Only a value of 1 is allowed. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DSCP of IP traffic. The DSCP remarking is configured by the qos map policed-dscp command with the violation keyword for the violation action and without this Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 933
The class is called class1 and is in a policy map called policy1. policy1 switchxxxxxx(config)# policy-map cls1 switchxxxxxx(config-pmap)# class switchxxxxxx(config-pmap-c)# police 124000 9600 exceed-action policed-dscp-transmit peak 200000 19200 violate-action policed-dscp-transmit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Interface (Ethernet, Port Channel) Configuration mode Default Policy map is not bound. User Guidelines This command is only available in QoS advanced mode. Only one policy map per interface per direction is supported. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the qos aggregate-policer Global Configuration mode command to define the policer parameters that can be applied to multiple traffic classes. Use the no form of this command to remove an existing aggregate policer. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 936
DSCP remarking is configured by the qos map policed-dscp command with the violation keyword for the violation action and without this keyword for the exceed action. DSCP remarking will have effect only if the mode is trust dscp. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 937
Three-color policer called policer2 that can be applied to multiple classes in the same policy map. When the average traffic rate exceeds 124,000 kbps or the normal burst size exceeds 9600 bytes, the packet is remarked. When the average Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Example 1. The following example displays the parameters of the aggregate policer called Policer1. switchxxxxxx# policer1 show qos aggregate-policer aggregate-policer policer1 96000 4800 exceed-action drop not used by any policy map Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
An aggregate policer cannot be applied across multiple policy maps or interfaces. Use the exit command to return to the Configuration mode. Use the end command to return to the Privileged EXEC mode. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
8 CoS values to map to the specified queue number. (Range: 0–7) Default Configuration The default CoS value mapping to 8 queues is as follows: Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of this command to restore the default configuration. Syntax weight1 weight2 weighting wrr-queue bandwidth no wrr-queue bandwidth Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
47.21 priority-queue out num-of-queues Use the priority-queue out num-of-queues Global Configuration mode command to configure the number of expedite queues. Use the no form of this command to restore the default configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
47.22 traffic-shape Use the traffic-shape Interface (Ethernet, Port Channel) Configuration mode command to configure the egress port shaper. Use the no form of this command to disable the shaper. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the traffic-shape queue Interface (Ethernet, Port Channel) Configuration mode command to configure the egress queue shaper. Use the no form of this command to disable the shaper. Syntax queue-id committed-rate committed-burst traffic-shape queue Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the qos wrr-queue wrtd Global Configuration mode command to enable Weighted Random Tail Drop (WRTD). Use the no form of this command to disable WRTD. Syntax qos wrr-queue wrtd Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
47.25 show qos wrr-queue wrtd Use the show qos wrr-queue wrtd Privileged EXEC mode command to display the Weighted Random Tail Drop (WRTD) configuration. Syntax show qos wrr-queue wrtd Parameters Default Configuration Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
• interface-id —Specifies an interface ID. The interface ID can be one of the following types: Ethernet port, or Port-channel. Default Configuration Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 949
Example 3 —The following an example of the output from the show qos interface buffers command for 8 queues switchxxxxxx(config)# gi11 show qos interface buffers gi11 Notify Q depth: gi11 buffers gi11 Ethernet thresh0 thresh1 thresh2 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
[violation] [ Parameters • violation—Specifies the DSCP remapping in the violate action. If the keyword is not configured the the command specifies the DSCP remapping in the exceed action. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
DSCP to queue map. Use the no form of this command to restore the default configuration. Syntax qos map dscp-queue dscp-list queue-id dscp-list no qos map dscp-queue [ Parameters • dscp-list—Specifies up to 8 DSCP values, separated by spaces. (Range: 0– Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Specifies that ingress packets are classified with packet CoS values. Untagged packets are classified with the default port CoS value. • dscp—Specifies that ingress packets are classified with packet DSCP values. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
QoS mode. Use the no form of this command to disable the trust state on each port. Syntax qos trust Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
CoS value (VPT value) of the port. If the port is trusted and the packet is untagged, then the default CoS value become the CoS value. (Range: 0–7) Default Configuration The default CoS value of a port is 0. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode User Guidelines Apply the DSCP-to-DSCP-mutation map to a port at the boundary of a Quality of Service (QoS) administrative domain. If two QoS domains have different DSCP Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
8 DSCP mapped values, separated by spaces. (Range: 0–63) Default Configuration The default map is the Null map, which means that each incoming DSCP value is mapped to the same DSCP value. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
47.37 qos statistics aggregate-policer Use the qos statistics aggregate-policer Global Configuration mode command to enable counting in-profile and out-of-profile. Use the no form of this command to disable counting. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
47.39 show qos statistics Use the show qos statistics Privileged EXEC mode command to display Quality of Service statistical information. Syntax show qos statistics Parameters Default Configuration Command Mode Privileged EXEC mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
0. If unspecified, the port number defaults to 1813. • timeout timeout —Specifies the timeout value in seconds. (Range: 1–30) Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 967
If key-string is not specified, the global value (set in the radius-server key command) is used. If the usage keyword is not specified, the all argument is applied. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
RADIUS daemon. (Range: 0–128 characters) • encrypted-key-string —Same as the key-string parameter, but the key is in encrypted form. Default Configuration The key-string is an empty string. Command Mode Global Configuration mode Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The software searches the list of RADIUS server hosts 3 times. Command Mode Global Configuration mode Example The following example configures the number of times the software searches all RADIUS server hosts as 5. switchxxxxxx(config)# radius-server retransmit Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If there is no available IPv4 source address, a SYSLOG message is issued when attempting to communicate with an IPv4 RADIUS server. Example The following example configures the VLAN 10 as the source interface. switchxxxxxx(config)# vlan 100 radius-server host source-interface Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
If there is no available source IPv6 address, a SYSLOG message is issued when attempting to communicate with an IPv6 RADIUS server. Example The following example configures the VLAN 10 as the source interface. switchxxxxxx(config)# radius-server host source-interface-ipv6 vlan 100 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
RADIUS servers are skipped over by transaction requests. This improves RADIUS response time when servers are unavailable. Use the no form of this command to restore the default configuration. Syntax radius-server deadtime deadtime Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The following example displays RADIUS server settings: switchxxxxxx# show radius-servers IP address Port Port Time Dead Auth Acc Retransmision time Priority Usage ---------- ---- ---- ---- ------------- ------ -------- ----- Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Privileged EXEC mode Example The following example displays RADIUS server key settings switchxxxxxx# show radius-servers key IP address Key (Encrypted) ---------- --------- 172.16.1.1 Sharon123 172.16.1.2 Bruce123 Global key (Encrypted) -------------- Alice456 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of the command, to return to the default. Example The following example assigns an periodical time interval: switchxxxxxx(config)# time-range connection-time switchxxxxxx(config-time-range)# periodic mon 12:00 to wed 12:00 switchxxxxxx(config-time-range)# exit switchxxxxxx(config)# radius server group developers Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
49.3 clear radius server rejected users To clear the Radius Rejected Users cache, use the clear radius server rejected users command in Privileged EXEC mode. Syntax clear radius server rejected users Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the clear radius server statistics command without parameter to clear the all counters. Use the clear radius server statistics command with parameter to clear the counters of a given NAS. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no form of the command, to return to the default. A value of privilege level is passed to a Radius client in the Access-Accept message in the Vendor-Specific(26) attribute. The attribute is only passed to login users. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
User Guidelines Use the radius server accounting-port command, to define an UDP port for accounting requests. Use the no radius server accounting-port command, to restore the default UDP accounting port. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no radius server authentication-port command, to restore the default UDP authentication port. Example The following example defines port 2083 as an authentication UDP port: switchxxxxxx(config)# authentication -port 2083 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
To enter into Radius Server Group Configuration mode and create this group if it does not exist, use the radius server group command in Global Configuration mode. To restore the default configuration, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
49.10 radius server nas secret To create a secret key, use the radius server nas secret key command in Global Configuration mode. To delete the key, use the no form of this command. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 984
If a NAS is not defined by this command all messages received from this NAS will be dropped. The Radius server supports up to 50 NASs. Use the no radius server nas secret default command, to delete the default key. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Global Configuration mode. To disable the traps, use the no form of this command. Syntax radius server traps accounting no radius server traps accounting Parameters Default Configuration Accounting traps are disabled. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Command Mode Global Configuration mode User Guidelines A rate limit is applied to the traps: not more than one trap of this type can be sent in 10 seconds. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
A rate limit is applied to the traps: not more than one trap of this type can be sent in 10 seconds. Example The following example enables sending traps when a user is successfully authorized: switchxxxxxx(config)# radius server traps authentication success Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the no radius server user group command to delete users of the given group. Use the no radius server user command to delete all users. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show radius server accounting command, to display accounting information of all users. Examples Example 1. The following example displays accounting information of all users: switchxxxxxx# show radius server accounting 29-Jun-14, 16:00, Stop User: Bob Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 990
NAS Address: 10.23.1.3 User Address: 160.134.7.8 *20-Feb-2008, 9:00, Reboot Example 2. The following example displays accounting information of one user Bob: switchxxxxxx# show radius server accounting username Bob: 29-Jun-14, 16:00, Stop Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Privileged EXEC mode. Syntax show radius server configuration Parameters Command Mode Privileged EXEC mode User Guidelines Use the show radius server configuration command, to display Radius server global configuration. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show radius server group command, to display all groups. Example The following example displays radius server groups. switchxxxxxx# show radius server group Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
The Radius server saves the last 1000 accounting logs in a cycle file on FLASH. user-name Use the show radius server rejected users command, to display one rejected user. Use the show radius server rejected users command, to display all rejected users. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 994
User Address: 00:67:67:96:ac:21 Reason: Not Supported EAP method 20-Feb-08 14:14 User Name: Alisa User Type: 802.1x NAS Address: 10.1.1.1 NAS Port: 2 User Address: 00:67:67:96:ac:21 Reason: Not allowed at this time Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
IPv4, IPv6 or IPv6z address. Command Mode Privileged EXEC mode User Guidelines Use the show radius server nas secret default command, to display the default secret key. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 996
Example 3. The following example displays the secret key of one given NAS: switchxxxxxx# show radius server nas secret 10.1.35.3 NAS ID Secret Key’s MD5 ------------------------- -------------------------------- 10.1.35.3 1238af77aaca17568f1298cced165fec Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Number of incoming Access-Requests from unknown addresses: 0 Number of duplicate incoming Access-Requests: 3 Number of sent Access-Accepts: 100 Number of sent Access-Rejects: 17 Number of sent Access-Challenges: 0 Number of incoming malformed Access-Requests: 0 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Page 998
Number of incoming Authentication packets of unknown type: 0 Number of incoming packets on the accounting port: 80 Number of incoming Accounting-Requests from unknown addresses: 0 Number of incoming duplicate Accounting-Requests: 0 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Use the show radius server user command, to display all users. Examples The following example displays one user bob: switchxxxxxx# show radius server user username bob User bob Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...
Tunnel-Medium-Type(65) • Tunnel-Private-Group-ID(81) If a VLAN is not assigned these attributes are not included in the Access-Accept message. Use the no form of the command, to delete VLAN assignment. Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide...