Hirschmann RS20 Reference Manual
Command line interface industrial ethernet gigabit switch
Hide thumbs
Also See for RS20:
- Reference manual (572 pages) ,
- User manual (294 pages) ,
- Programming manual (116 pages)
Related Manuals for Hirschmann RS20
Summary of Contents for Hirschmann RS20
-
Page 1: Reference Manual
Reference Manual Command Line Interface Industrial ETHERNET (Gigabit) Switch RS20/RS30/RS40, MS20/MS30 L2E Rel. 8.0 CLI L2E Technical Support Release 8.0 05/2013 HAC-Support@belden.com... - Page 2 This publication has been created by Hirschmann Automation and Control GmbH according to the best of our knowledge. Hirschmann reserves the right to change the contents of this manual without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the details in this publication.
-
Page 3: Table Of Contents
Content Content About this Manual Maintenace Command Structure Format 1.1.1 Command 1.1.2 Parameters 1.1.3 Values 1.1.4 Conventions 1.1.5 Annotations 1.1.6 Special keys 1.1.7 Secrets in scripts Quick Start up Quick Starting the Switch System Info and System Setup Mode-based CLI Mode-based Topology Mode-based Command Hierarchy Flow of Operation... - Page 4 Content 4.1.7 show bridge duplex-mismatch-detect 4.1.8 show bridge framesize 4.1.9 show bridge vlan-learning 4.1.10 bridge framesize 4.1.11 show config-watchdog 4.1.12 show device-status 4.1.13 show authentication 4.1.14 show eventlog 4.1.15 show interface 4.1.16 show interface ethernet 4.1.17 show interface switchport 4.1.18 show interface utilization 4.1.19 show logging 4.1.20 show mac-addr-table 4.1.21 show signal-contact...
- Page 5 Content 4.4.8 bridge vlan-learning 4.4.9 ethernet-ip 4.4.10 network javascriptmode 4.4.11 network mgmt-access add 4.4.12 network mgmt-access delete 4.4.13 network mgmt-access modify 4.4.14 network mgmt-access operation 4.4.15 network mgmt-access status 4.4.16 network parms 4.4.17 network protocol 4.4.18 network priority 4.4.19 profinetio 4.4.20 serial timeout 4.4.21 set prompt 4.4.22 show ethernet-ip...
- Page 6 Content 4.4.49 snmp-server enable traps linkmode 4.4.50 snmp-server enable traps multiusers 4.4.51 snmp-server enable traps port-sec 4.4.52 snmp-server enable traps stpmode 4.4.53 snmptrap 4.4.54 snmptrap ipaddr 4.4.55 snmptrap mode 4.4.56 snmptrap snmpversion 4.4.57 telnetcon maxsessions 4.4.58 telnetcon timeout Syslog Commands 4.5.1 logging buffered 4.5.2...
- Page 7 Content 4.6.16 set igmp aging-time-unknown 4.6.17 set igmp automatic-mode 4.6.18 set igmp forward-all 4.6.19 set igmp forward-unknown 4.6.20 set igmp static-query-port 4.6.21 set igmp groupmembershipinterval 4.6.22 set igmp interfacemode 4.6.23 set igmp lookup-interval-unknown 4.6.24 set igmp lookup-resp-time-unknown 4.6.25 set igmp maxresponse 4.6.26 set igmp querier max-response-time 4.6.27 set igmp querier protocol-version 4.6.28 set igmp querier status...
- Page 8 Content 4.6.57 spanning-tree bpdumigrationcheck 4.6.58 speed 4.6.59 storm-control broadcast 4.6.60 storm-control egress-limiting 4.6.61 storm-control ingress-limiting 4.6.62 storm-control ingress-mode 4.6.63 storm-control broadcast (port-related) 4.6.64 storm-control egress-limit 4.6.65 storm-control ingress-limit 4.6.66 storm-control ingress-mode 4.6.67 storm-control flowcontrol 4.6.68 storm-control flowcontrol per port 4.6.69 vlan 4.6.70 vlan0-transparent-mode 4.6.71 vlan acceptframe 4.6.72 vlan database...
- Page 9 Content 4.8.2 boot skip-aca-on-boot 4.8.3 show boot skip-aca-on-boot 4.8.4 clear eventlog 4.8.5 traceroute 4.8.6 clear arp-table-switch 4.8.7 clear config 4.8.8 clear config factory 4.8.9 clear counters 4.8.10 clear hiper-ring 4.8.11 clear igmpsnooping 4.8.12 clear mac-addr-table 4.8.13 clear pass 4.8.14 clear signal-contact 4.8.15 clear traplog 4.8.16 clear ring-coupling 4.8.17 clear vlan...
- Page 10 Content 4.9.11 show lldp config port tlv 4.9.12 show lldp remote-data 4.9.13 lldp 4.9.14 lldp config chassis admin-state 4.9.15 lldp config chassis notification-interval 4.9.16 lldp config chassis re-init-delay 4.9.17 lldp config chassis tx-delay 4.9.18 lldp config chassis tx-hold-mult 4.9.19 lldp chassis tx-interval 4.9.20 clear lldp config all 4.9.21 lldp admin-state 4.9.22 lldp fdb-mode...
- Page 11 Content 4.10.6 show sntp status 4.10.7 show sntp time 4.10.8 no sntp 4.10.9 sntp anycast address 4.10.10 sntp anycast transmit-interval 4.10.11 sntp anycast vlan 4.10.12 sntp client accept-broadcast 4.10.13 sntp client disable-after-sync 4.10.14 sntp client offset 4.10.15 sntp client request-interval 4.10.16 no sntp client server 4.10.17 sntp client server primary 4.10.18 sntp client server secondary...
- Page 12 Content 5.1.15 spanning-tree forceversion 5.1.16 spanning-tree forward-time 5.1.17 spanning-tree guard loop 5.1.18 spanning-tree guard none 5.1.19 spanning-tree guard root 5.1.20 spanning-tree hello-time 5.1.21 spanning-tree hold-count 5.1.22 spanning-tree max-age 5.1.23 spanning-tree max-hops 5.1.24 spanning-tree mst 5.1.25 spanning-tree mst priority 5.1.26 spanning-tree mst vlan 5.1.27 spanning-tree mst instance 5.1.28 spanning-tree port mode 5.1.29 spanning-tree port mode all...
- Page 13 Content 5.5.7 ring-coupling redundancy-mode Port Security 5.6.1 show port-sec mode 5.6.2 show port-sec port 5.6.3 port-sec mode 5.6.4 port-sec action 5.6.5 port-sec allowed-ip 5.6.6 port-sec allowed-ip add 5.6.7 port-sec allowed-ip remove 5.6.8 port-sec allowed-mac 5.6.9 port-sec allowed-mac add 5.6.10 port-sec allowed-mac remove 5.6.11 clear port-sec DHCP Relay Commands 5.7.1...
- Page 14 Content Glossary Index Further support CLI L2E Release 8.0 05/2013...
-
Page 15: About This Manual
About this Manual About this Manual The “GUI” reference manual contains detailed information on using the graphical user interface (web-based interface) to operate the individual func- tions of the device. The "Command Line Interface" reference manual contains detailed informa- tion on using the Command Line Interface to operate the individual functions of the device. -
Page 16: Maintenace
You should regularly check whether there is a new version of the soft- ware that provides you with additional benefits. You will find software information and downloads on the product pages of the Hirschmann website. CLI L2E Release 8.0 05/2013... -
Page 17: Command Structure
Command Structure 1 Command Structure The Command Line Interface (CLI) syntax, conventions and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. CLI L2E Release 8.0 05/2013... -
Page 18: Format
Command Structure 1.1 Format 1.1 Format Commands are followed by values, parameters, or both. Example 1 network parms <ipaddr> <netmask> [gateway] network parms is the command name. <ipaddr> <netmask> are the required values for the command. [gateway] is the optional value for the command. Example 2 snmp-server location <loc>... -
Page 19: Command
Command Structure 1.1 Format 1.1.1 Command The text in courier font is to be typed exactly as shown. 1.1.2 Parameters Parameters are order dependent. Parameters may be mandatory values, optional values, choices, or a combi- nation. <parameter>. The <> angle brackets indicate that a mandatory param- eter is to be entered in place of the brackets and text inside them. - Page 20 Command Structure 1.1 Format sub-netted network may be used for the area ID. slot/port Valid slot and port number separated by forward slashes. For example, 1/1 repre- sents slot number 1 and port number 1. logical slot/port Logical slot and port number. This is appli- cable in the case of a link-aggregation (LAG) and vlan router interfaces (9/x).
-
Page 21: Conventions
Command Structure 1.1 Format 1.1.4 Conventions Network addresses are used to define a link to a remote host, workstation or network. Network addresses are shown using the following syntax: Address Type Format Range ipaddr 192.168.11.110 0.0.0.0 to 255.255.255.255 (decimal) macaddr A7:C9:89:DD:A9:B3 hexadecimal digit pairs Table 1: Network Address Syntax... -
Page 22: Annotations
Command Structure 1.1 Format 1.1.5 Annotations The CLI allows the user to type single-line annotations at the command prompt for use when writing test or configuration scripts and for better read- ability. The exclamation point (‘!’) character flags the beginning of a com- ment. -
Page 23: Special Keys
Command Structure 1.1 Format 1.1.6 Special keys The following list of special keys may be helpful to enter command lines. delete previous character Ctrl-A go to beginning of line Ctrl-E go to end of line Ctrl-F go forward one character Ctrl-B go backward one character Ctrl-D... -
Page 24: Secrets In Scripts
Command Structure 1.1 Format 1.1.7 Secrets in scripts A configuration may include secrets (e. g., passwords). When creating a script, these secrets are written to it in a scrambled form, not in clear text. These secrets may be up to 31 characters long. The format for a scrambled secret is: ":v1:<scrambled secret>:"... -
Page 25: Quick Start Up
Quick Start up 2 Quick Start up The CLI Quick Start up details procedures to quickly become acquainted with the software. CLI L2E Release 8.0 05/2013... -
Page 26: Quick Starting The Switch
Enter the state on delivery password private. Press the enter key The CLI User EXEC prompt will be displayed. User EXEC prompt: (Hirschmann Product) > Use “enable” to switch to the Privileged EXEC mode from User EXEC. Privileged EXEC prompt: (Hirschmann Product) # Use “configure”... -
Page 27: System Info And System Setup
Quick Start up 2.2 System Info and System Setup 2.2 System Info and System Setup This chapter informs you about: Quick Start up Software Version Information Quick Start up Physical Port Data Quick Start up User Account Management Quick Start up IP Address Quick Start up Uploading from Switch to Out-of-Band PC Only XMODEM) Quick Start up Downloading from Out-of-Band PC to Switch... - Page 28 Quick Start up 2.2 System Info and System Setup Quick Start up Physical Port Data Command Details show port all Displays the Ports (in Privileged EXEC) slot/port Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port speed and duplex mode Link Status - Indicates whether the link is up or down...
- Page 29 Quick Start up 2.2 System Info and System Setup Command Details users passwd <user- Allows the user to set passwords or change passwords name> needed to login (in Global Config) A prompt will appear after the command is entered requesting the users old password. In the absence of an old password leave the area blank.
- Page 30 Quick Start up 2.2 System Info and System Setup Quick Start up IP Address To view the network parametes the operator can access the device by the following three methods. Simple Network Management Protocol - SNMP Telnet Web Browser Note: After configuring the network parameters it is advisable to execute the command ‘copy system:running-config nvram:startup-config’...
- Page 31 Quick Start up 2.2 System Info and System Setup Command Details Subnet Mask range from 0.0.0.0 to 255.255.255.255 Gateway Address range from 0.0.0.0 to 255.255.255.255 Table 5: Quick Start up IP Address Quick Start up Downloading from TFTP Server Before starting a TFTP server download, the operator must complete the Quick Start up for the IP Address.
- Page 32 Quick Start up 2.2 System Info and System Setup CLI L2E Release 8.0 05/2013...
-
Page 33: Mode-Based Cli
Access Method Prompt Exit or Access Next Mode This is the first level of Enter Logout command User Exec Mode (Hirschmann access. Perform basic Product)> tasks and list system information From the User Exec To exit to the User Exec... -
Page 34: Mode-Based Topology
Mode-based CLI 3.1 Mode-based Topology 3.1 Mode-based Topology The CLI tree is built on a mode concept where the commands are available according to the interface. Some of the modes are depicted in the following figure. ROOT The User Exec commands User Exec are also accessible in the Privileged Exec mode. -
Page 35: Mode-Based Command Hierarchy
When the operator logs into the CLI, the User Exec mode is the initial mode. The User Exec mode contains a limited set of commands. The command prompt shown at this level is: Command Prompt: (Hirschmann Product)> Privileged Exec Mode To have access to the full suite of commands, the operator must enter the Privileged Exec mode. - Page 36 MAC Access-List Config Mode Use the MAC Access-List Config mode to create a MAC Access-List and to enter the mode containing Mac Access-List configuration com- mands. (Hirschmann Product)(Config)# mac-access-list extended <name> Command Prompt: (Hirschmann Product)(Config mac- access-list)# CLI L2E Release 8.0 05/2013...
-
Page 37: Flow Of Operation
This section captures the flow of operation for the CLI: The operator logs into the CLI session and enters the User Exec mode. In the User Exec mode the (Hirschmann Product)(exec)> prompt is displayed on the screen. The parsing process is initiated whenever the operator types a command and presses <ENTER>. - Page 38 Mode-based CLI 3.3 Flow of Operation For mandatory parameters, the command tree extends till the mandatory parameters make the leaf of the branch. The callback function is only in- voked when all the mandatory parameters are provided. For optional pa- rameters, the command tree extends till the mandatory parameters and the optional parameters make the leaf of the branch.
-
Page 39: No" Form Of A Command
Mode-based CLI 3.4 “No” Form of a Command 3.4 “No” Form of a Command “No” is a specific form of an existing command and does not represent a new or distinct command. Only the configuration commands are available in the “no”... - Page 40 Mode-based CLI 3.4 “No” Form of a Command CLI L2E Release 8.0 05/2013...
-
Page 41: Cli Commands: Base
CLI Commands: Base 4 CLI Commands: Base This chapter provides detailed explanation of the Switching commands. The commands are divided into five functional groups: Show commands display switch settings, statistics, and other information. Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting. -
Page 42: System Information And Statistics
CLI Commands: Base 4.1 System Information and Statistics 4.1 System Information and Statistics 4.1.1 show This command displays the interface's configuration. Format show [all] Mode Interface Config Show all the running configuration parameters on this interface. The configuration parameters will be displayed even if their value is the default value. -
Page 43: Show Arp Switch
CLI Commands: Base 4.1 System Information and Statistics 4.1.3 show arp switch This command displays the Address Resolution Protocol cache of the switch. Format show arp switch Mode Privileged EXEC and User EXEC 4.1.4 show bridge address-learning This command displays the address-learning setting. The setting can be enable or disable. -
Page 44: Show Bridge Address-Relearn-Detect
CLI Commands: Base 4.1 System Information and Statistics 4.1.5 show bridge address-relearn-detect This command displays the Bridge Address Relearn Detection setting and the Bridge Address Relearn Threshold. Format show bridge address-relearn-detect Mode Privileged EXEC and User EXEC Bridge Address Relearn Detection Setting can be enable or disable. -
Page 45: Show Bridge Duplex-Mismatch-Detect
CLI Commands: Base 4.1 System Information and Statistics 4.1.7 show bridge duplex-mismatch-detect This command displays the Bridge Duplex Mismatch Detection setting (Enabled or Disabled). Format show bridge duplex-mismatch-detect Mode Privileged EXEC and User EXEC 4.1.8 show bridge framesize This command displays the maximum size of frame (packet size) setting. Format show bridge framesize Mode... -
Page 46: Bridge Framesize
CLI Commands: Base 4.1 System Information and Statistics 4.1.10 bridge framesize Activation of long frames. Configure 1522 or 1632 as maximum size of frame (packet size). Default 1522 Format bridge framesize { 1522 | 1632 | 9022 Mode Global Config bridge framesize 1522 Configure 1522 as maximum size of frame (packet size). -
Page 47: Show Device-Status
CLI Commands: Base 4.1 System Information and Statistics 4.1.12 show device-status The signal device status is for displaying the monitoring functions of the switch, the device status trap setting. Format show device-status [monitor|state|trap] Mode Privileged EXEC and User EXEC Device status monitor Displays the possible monitored events and which of them are monitored: –... -
Page 48: Show Authentication
CLI Commands: Base 4.1 System Information and Statistics 4.1.13 show authentication This command displays users assigned to authentication login lists. Format show authentication [users <listname>] Mode Privileged EXEC and User EXEC 4.1.14 show eventlog This command displays the event log, which contains error messages from the system. -
Page 49: Show Interface
CLI Commands: Base 4.1 System Information and Statistics 4.1.15 show interface This command displays a summary of statistics for a specific port or a count of all CPU traffic based upon the argument. Format show interface {<slot/port> | ethernet{<slot/port>|switchport} | switchport} Mode Privileged EXEC and User EXEC... - Page 50 CLI Commands: Base 4.1 System Information and Statistics Packets Received Without Error The total number of packets (including broadcast packets and multi- cast packets) received by the processor. Broadcast Packets Received The total number of packets received that were directed to the broad- cast address.
-
Page 51: Show Interface Ethernet
CLI Commands: Base 4.1 System Information and Statistics 4.1.16 show interface ethernet This command displays detailed statistics for a specific port or for all CPU traffic based upon the argument. Format show interface ethernet {<slot/port> | switchport} Mode Privileged EXEC and User EXEC The display parameters, when the argument is '<slot/port>', are as follows : Packets Received Octets Received - The total number of octets of data (including those... - Page 52 CLI Commands: Base 4.1 System Information and Statistics octets in length inclusive (excluding framing bits but including FCS octets). Packets Received 1024-1518 Octets - The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
- Page 53 CLI Commands: Base 4.1 System Information and Statistics Alignment Errors - The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with a non-integral number of octets.
- Page 54 CLI Commands: Base 4.1 System Information and Statistics Upstream Threshold - The number of frames discarded due to lack of cell descriptors available for that packet's priority level. Packets Transmitted Octets Total Bytes - The total number of octets of data (including those in bad packets) transmitted into the network (excluding framing bits but including FCS octets).
- Page 55 CLI Commands: Base 4.1 System Information and Statistics Packets Transmitted Successfully Total - The number of frames that have been transmitted by this port to its segment. Unicast Packets Transmitted - The total number of packets that higher-level protocols requested be transmitted to a subnetwork-uni- cast address, including those that were discarded or not sent.
- Page 56 CLI Commands: Base 4.1 System Information and Statistics Protocol Statistics BPDUs received - The count of BPDUs (Bridge Protocol Data Units) received in the spanning tree layer. BPDUs Transmitted - The count of BPDUs (Bridge Protocol Data Units) transmitted from the spanning tree layer. 802.3x Pause Frames Received - A count of MAC Control frames received on this interface with an opcode indicating the PAUSE oper- ation.
- Page 57 CLI Commands: Base 4.1 System Information and Statistics Broadcast Packets Received - The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. Receive Packets Discarded - The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol.
-
Page 58: Show Interface Switchport
CLI Commands: Base 4.1 System Information and Statistics VLAN Deletes - The number of VLANs on this switch that have been created and then deleted since the last reboot. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds, since the statistics for this switch were last cleared. -
Page 59: Show Interface Utilization
CLI Commands: Base 4.1 System Information and Statistics 4.1.18 show interface utilization This command displays the utilization statistics for the entire device. Format show interface utilization Mode Global Config Interface Display port number in <slot/port> notation. Utilization Display the utilization on this port. Possible values: 0..100.00% Lower threshold Display the lower threshold setting for the utilization statistics on this... -
Page 60: Show Logging
CLI Commands: Base 4.1 System Information and Statistics 4.1.19 show logging This command displays the trap log maintained by the switch. The trap log contains a maximum of 256 entries that wrap. Format show logging [buffered | hosts | traplogs | snmp-requests] Mode Privileged EXEC and User EXEC... -
Page 61: Show Mac-Addr-Table
CLI Commands: Base 4.1 System Information and Statistics 4.1.20 show mac-addr-table This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional parameter. Alternatively, the administrator can en- ter a MAC Address to display the table entry for the requested MAC address and all entries following the requested MAC address. -
Page 62: Show Signal-Contact
CLI Commands: Base 4.1 System Information and Statistics 4.1.21 show signal-contact The signal contact is for displaying the manual setting and the current state of the signal contact, the monitoring functions of the switch, the signal-contacts trap setting. Format show signal-contact [1|2|all [mode|monitor|state|trap]] Mode Privileged EXEC and User EXEC... - Page 63 CLI Commands: Base 4.1 System Information and Statistics Signal contact manual setting closed The signal contact´s manual setting is closed. open The signal contact´s manual setting is open. Signal contact operating state closed The signal contact is currently closed. open The signal contact is currently open. Signal contact trap enabled A trap is sent if the signal contact state changes.
-
Page 64: Show Slot
CLI Commands: Base 4.1 System Information and Statistics 4.1.22 show slot This command is used to display information about slot(s). For [slot] enter the slot ID. Format show slot [slot] Mode Privileged EXEC, Global Config Slot Display the number of the media module slot. Status Full The media module slot is equipped with a module. -
Page 65: Show Running-Config
CLI Commands: Base 4.1 System Information and Statistics 4.1.23 show running-config This command is used to display the current setting of different protocol packages supported on the switch. This command displays only those parameters, the values of which differ from default value. Format show running-config [all] Mode... -
Page 66: Show Sysinfo
CLI Commands: Base 4.1 System Information and Statistics 4.1.24 show sysinfo This command displays switch information. Format show sysinfo Mode Privileged EXEC and User EXEC Alarm Displays the latest present Alarm for a signal contact. System Description Text used to identify this switch. System Name Name used to identify the switch. - Page 67 CLI Commands: Base 4.1 System Information and Statistics Backplane Hardware Revision The hardware´s revision number. Backplane Hardware Description The hardware´s device description. Serial Number (Backplane) The hardware´s serial number. Base MAC Address (Backplane) The hardware´s base MAC address. Number of MAC Addresses (Backplane) The number of hardware MAC addresses.
-
Page 68: Show Temperature
The average utilization of the central processing unit. Flashdisk Free memory on flashdisk (in Kbytes). 4.1.25 show temperature Note: The command is available for RS20/RS30/RS40, MS20/MS30, RSR20/RSR30, MACH100, MACH1000, PowerMICE, MACH4000 and OCTOPUS devices. This command displays the lower and upper temperature limit for sending a trap. -
Page 69: Utilization Alarm-Threshold
CLI Commands: Base 4.1 System Information and Statistics 4.1.26 utilization alarm-threshold Use this command to add the alarm threshold value for monitoring bandwidth utilization of the interface. Format utilization alarm-threshold {lower <0..10000> | upper <0..10000>} Mode Interface Config lower Enter lower utilization alarm threshold in the range of 0..10000 where 10000 represents 100%. -
Page 70: Management Vlan Commands
CLI Commands: Base 4.2 Management VLAN Commands 4.2 Management VLAN Com- mands 4.2.1 network mgmt_vlan This command configures the Management VLAN ID. If you enter the VLAN ID “0” , the agent can be accessed by all VLANs. Default Format network mgmt_vlan <0-4042>... -
Page 71: Class Of Service (Cos) Commands
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3 Class of Service (CoS) Commands This chapter provides a detailed explanation of the QoS CoS commands. The following commands are available. The commands are divided into these different groups: Configuration Commands are used to configure features and options of the switch. -
Page 72: Classofservice Dot1P-Mapping
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3.1 classofservice dot1p-mapping This command maps an 802.1p priority to an internal traffic class for a device when in ‘Global Config’ mode. The number of available traffic classes may vary with the platform. Userpriority and trafficclass can both be the range from 0-7. -
Page 73: Classofservice Ip-Dscp-Mapping
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3.2 classofservice ip-dscp-mapping This command maps an IP DSCP value to an internal traffic class. The <ipdscp> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. -
Page 74: Classofservice Trust
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3.3 classofservice trust This command sets the class of service trust mode of an interface. The mode can be set to trust one of the Dot1p (802.1p) or IP DSCP packet markings. Note: In trust ip-dscp mode the switch modifies the vlan priority for out- going frames according to –... -
Page 75: Show Classofservice Dot1P-Mapping
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3.4 show classofservice dot1p-mapping This command displays the current 802.1p priority mapping to internal traffic classes for a specific interface. The slot/port parameter is required on platforms that support priority to traffic class mapping on a ‘per-port’ basis. Platforms that support priority to traffic class mapping on a per-port basis: Format show classofservice dot1p-mapping... -
Page 76: Show Classofservice Ip-Dscp-Mapping
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3.5 show classofservice ip-dscp-mapping This command displays the current IP DSCP mapping to internal traffic class- es for the global configuration settings. Format show classofservice ip-dscp-mapping [<slot/port>] Mode Privileged EXEC The following information is repeated for each user priority. IP DSCP The IP DSCP value. -
Page 77: Show Classofservice Trust
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3.6 show classofservice trust This command displays the current trust mode for the specified interface. The slot/port parameter is optional. If specified, the trust mode of the inter- face is displayed. If omitted, the most recent global configuration settings are displayed. -
Page 78: Vlan Priority
CLI Commands: Base 4.3 Class of Service (CoS) Commands 4.3.8 vlan priority This command configures the default 802.1p port priority assigned for un- tagged packets for a specific interface. The range for the priority is 0-7 Default Format vlan priority <priority> Mode Interface Config CLI L2E... -
Page 79: Management Commands
CLI Commands: Base 4.4 Management Commands 4.4 Management Commands These commands manage the switch and show current management settings. 4.4.1 transport input telnet This command regulates new telnet sessions. If sessions are enabled, new telnet sessions can be established until there are no more sessions available. -
Page 80: Bridge Address-Learning
CLI Commands: Base 4.4 Management Commands 4.4.2 bridge address-learning To enable you to observe the data at all the ports, the Switch allows you to disable the learning of addresses. When the learning of addresses is dis- abled, the Switch transfers all the data from all ports to all ports. The default value is enable. -
Page 81: Bridge Address-Relearn Detect Threshold
CLI Commands: Base 4.4 Management Commands 4.4.4 bridge address-relearn detect threshold This command defines the value of relearned addresses to signal address relearn threshold exceeded. The default relearn threshold is 1. Possible values to configure threshold count are 1 to 1024. Default Format bridge address-relearn-detect threshold <value>... -
Page 82: Bridge Aging-Time
CLI Commands: Base 4.4 Management Commands 4.4.5 bridge aging-time This command configures the forwarding database address aging timeout in seconds. Default Format bridge aging-time < 10-630> Mode Global Config Seconds The <seconds> parameter must be within the range of 10 to 630 sec- onds. -
Page 83: Bridge Fast-Link-Detection
CLI Commands: Base 4.4 Management Commands 4.4.6 bridge fast-link-detection This command enables or disables the Bridge Fast Link Detection. Default Enabled Format bridge fast-link-detection {disable|enable} Mode Global Config 4.4.7 bridge duplex-mismatch-detect operation This command enables or disables Bridge Duplex Mismatch Detection. Reasons for Duplex Mismatch can be: - A local port is configured to fix full-duplex. -
Page 84: Bridge Vlan-Learning
CLI Commands: Base 4.4 Management Commands 4.4.8 bridge vlan-learning With ”independent” you set the Shared VLAN Learning mode to Indepen- dent. The switch will treat equal MAC source addresses from different VLANs as separate addresses. With ”shared” you set the Shared VLAN Learning mode to Shared. The switch will treat equal MAC source addresses from different VLANs as the same adress. -
Page 85: Network Javascriptmode
CLI Commands: Base 4.4 Management Commands 4.4.10 network javascriptmode When the user accesses the switch’s graphical user interface (web-based in- terface), the switch’s web server will deliver a HTML page that contains JavaScript. Default enabled Format network javascriptmode Mode Privileged EXEC no network javascriptmode When the user accesses the switch’s graphical user interface (web- based interface), the switch’s web server will deliver a HTML page that... -
Page 86: Network Mgmt-Access Add
CLI Commands: Base 4.4 Management Commands 4.4.11 network mgmt-access add This command is used to configure the restricted management access feature (RMA). It creates a new empty entry at the <index> (if you enter the command with parameter <index>) or at the next free index (if you enter the command without parameter <index>). -
Page 87: Network Mgmt-Access Modify
CLI Commands: Base 4.4 Management Commands 4.4.13 network mgmt-access modify This command is used to configure the restricted management access feature (RMA). The command modifies an existing rule with <index> to change IP address, net mask and allowed services. Format network mgmt-access modify <index>... -
Page 88: Network Mgmt-Access Operation
CLI Commands: Base 4.4 Management Commands 4.4.14 network mgmt-access operation This command is used to configure the restricted management access feature (RMA). It enables or disables the service to have management access. The default value is disable. Format network mgmt-access operation {disable|enable} Mode Global Config enable... -
Page 89: Network Parms
CLI Commands: Base 4.4 Management Commands 4.4.16 network parms This command sets the IP Address, subnet mask and gateway of the router. The IP Address and the gateway must be on the same subnet. Format network parms <ipaddr> <netmask> [gateway] Mode Privileged EXEC 4.4.17 network protocol... -
Page 90: Network Priority
CLI Commands: Base 4.4 Management Commands 4.4.18 network priority This command configures the VLAN priority or the IP DSCP value for out- going management packets. The <ipdscp> is specified as either an integer from 0-63, or symbolically through one of the following keywords: af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,be,cs0, cs1, cs2,cs3,cs4,cs5,cs6,cs7,ef. -
Page 91: Profinetio
CLI Commands: Base 4.4 Management Commands 4.4.19 profinetio This command controls the PROFINET IO function on the switch. Detailed information you can find in the User Manual Industrial Protocols. Default depends on the order code (standard = disable) Format profinetio admin-state {enable | disable} Mode Global Config Admin-state... -
Page 92: Serial Timeout
CLI Commands: Base 4.4 Management Commands 4.4.20 serial timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected in- definitely. The time range is 0 to 160. Default Format serial timeout <0-160>... -
Page 93: Show Ethernet-Ip
CLI Commands: Base 4.4 Management Commands 4.4.22 show ethernet-ip This command displays the admin state of the EtherNet/IP function. Format show ethernet-ip Mode Privileged EXEC and User EXEC 4.4.23 show network This command displays configuration settings associated with the switch's network interface. - Page 94 CLI Commands: Base 4.4 Management Commands Network Configuration Protocol (BootP/DHCP) Indicates which network protocol is being used. The options are bootp | dhcp | none. DHCP Client ID (same as SNMP System Name) Displays the DHCP Client ID. Network Configuration Protocol HiDiscovery Indicates in which way the HiDiscovery protocol is being used.
-
Page 95: Show Network Mgmt-Access
CLI Commands: Base 4.4 Management Commands 4.4.24 show network mgmt-access This command displays the operating status and entries for restricted management access (RMA). Format show network mgmt-access Mode Privileged EXEC and User EXEC Operation Indicates whether the opeartion for RMA is enabled or not. The options are Enabled | Disabled. -
Page 96: Show Profinetio
CLI Commands: Base 4.4 Management Commands 4.4.25 show profinetio This command displays the admin state of the PROFINET IO function. Format show profinetio Mode Privileged EXEC and User EXEC 4.4.26 show serial This command displays serial communication settings for the switch. Format show serial Mode... -
Page 97: Show Snmp-Access
CLI Commands: Base 4.4 Management Commands 4.4.27 show snmp-access This command displays SNMP access information related to global and SNMP version settings. SNMPv3 is always enabled. Format show snmp-access Mode Privileged EXEC CLI L2E Release 8.0 05/2013... -
Page 98: Show Snmpcommunity
CLI Commands: Base 4.4 Management Commands 4.4.28 show snmpcommunity This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. The switch does not have to be reset for changes to take effect. The SNMP agent of the switch complies with SNMP Version 1 (for more about the SNMP specification, see the SNMP RFCs). -
Page 99: Show Snmptrap
CLI Commands: Base 4.4 Management Commands 4.4.29 show snmptrap This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap re- ceivers are simultaneously supported. -
Page 100: Show Telnet
CLI Commands: Base 4.4 Management Commands 4.4.30 show telnet This command displays outbound telnet settings. Format show telnet Mode Privileged EXEC and User EXEC Outbound Telnet Connection Login Timeout (minutes) This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off. -
Page 101: Show Telnetcon
CLI Commands: Base 4.4 Management Commands 4.4.31 show telnetcon This command displays inbound telnet settings. Format show telnetcon Mode Privileged EXEC and User EXEC Telnet Connection Login Timeout (minutes) This object indicates the number of minutes a remote connection ses- sion is allowed to remain inactive before being logged off. -
Page 102: Show Trapflags
CLI Commands: Base 4.4 Management Commands 4.4.32 show trapflags This command displays trap conditions. Configure which traps the switch should generate by enabling or disabling the trap condition. If a trap condition is enabled and the condition is detected, the switch's SNMP agent sends the trap to all enabled trap receivers. -
Page 103: Snmp-Access Global
CLI Commands: Base 4.4 Management Commands Port Security (MAC, IP) Enable/disable sending port security event traps (for MAC/IP port security). Spanning Tree Flag May be enabled or disabled. The factory default is enabled. Indicates whether spanning tree traps will be sent. 4.4.33 snmp-access global This command configures the global SNMP access setting (for all SNMP versions). -
Page 104: Snmp-Access Version
CLI Commands: Base 4.4 Management Commands 4.4.34 snmp-access version This command configures the SNMP version specific access mode for SNMPv1 and SNMPv2. Format snmp-access version {all|v1|v2} {disable|enable} Mode Global Config Enable or disable SNMP access by all protocol versions (v1 and v2). Enable or disable SNMP access by v1. -
Page 105: Snmp-Access Version V3-Encryption
CLI Commands: Base 4.4 Management Commands 4.4.35 snmp-access version v3-encryption Use this command to activate/deactivate SNMPv3 data encryption. Format snmp-access version v3-encryption {readonly | readwrite} {enable | disable} Mode Global Config disable Disable SNMP access to this switch by SNMPv3 protocol version. enable Enable SNMP read and write access to this switch by SNMPv3 protocol version. -
Page 106: Snmp-Server
CLI Commands: Base 4.4 Management Commands 4.4.36 snmp-server This command sets the name and the physical location of the switch, and the organization responsible for the network.The range for name, location and contact is from 0 to 64 alphanumeric characters. Default None Format... -
Page 107: Snmp-Server Community
CLI Commands: Base 4.4 Management Commands 4.4.37 snmp-server community This command adds a new SNMP community name. A community name is a name associated with the switch and with a set of SNMP managers that manage it with a specified privileged level. The length of name can be up to 32 case-sensitive characters. -
Page 108: Snmp-Server Contact
CLI Commands: Base 4.4 Management Commands 4.4.38 snmp-server contact This command adds a new SNMP server contact. Format snmp-server contact <con> Mode Global Config Enter system contact up to 63 characters in length. If the name contains spaces, enclose it in quotation marks ("). no snmp-server contact This command removes this SNMP server contact from the table. -
Page 109: Snmp-Server Community Ipaddr
CLI Commands: Base 4.4 Management Commands 4.4.39 snmp-server community ipaddr This command sets a client IP address for an SNMP community. The ad- dress is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device. -
Page 110: Snmp-Server Community Ipmask
CLI Commands: Base 4.4 Management Commands 4.4.40 snmp-server community ipmask This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device. -
Page 111: Snmp-Server Community Mode
CLI Commands: Base 4.4 Management Commands 4.4.41 snmp-server community mode This command activates an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the switch accord- ing to its access right. If the community is disabled, no SNMP requests using this community are accepted. -
Page 112: Snmp-Server Community Ro
CLI Commands: Base 4.4 Management Commands 4.4.42 snmp-server community ro This command restricts access to switch information. The access mode is read-only (also called public). Format snmp-server community ro <name> Mode Global Config 4.4.43 snmp-server community rw This command restricts access to switch information. The access mode is read/write (also called private). -
Page 113: Snmp-Server Sysname
CLI Commands: Base 4.4 Management Commands 4.4.45 snmp-server sysname This command configures the system name. Format snmp-server sysname <system name> Mode Global Config 4.4.46 snmp-server enable traps This command enables the Authentication Trap Flag. Default enabled Format snmp-server enable traps Mode Global Config no snmp-server enable traps... -
Page 114: Snmp-Server Enable Traps Chassis
CLI Commands: Base 4.4 Management Commands 4.4.47 snmp-server enable traps chassis Configures whether traps that are related to the chassis functionality of the switch will be sent. These functions include the signal contacts, the ACA, temperature limits exceeded, changes in the module map, addition or removal of SFP modules, status of power supply has changed and the LLDP and SNTP features. -
Page 115: Snmp-Server Enable Traps L2Redundancy
CLI Commands: Base 4.4 Management Commands 4.4.48 snmp-server enable traps l2redundancy Indicates whether traps that are related to the layer 2 redundancy features of the switch will be sent. The HiPER-Ring and the Redundant Coupling will tell you with these traps when the main line has become inoperative or returned. May be enabled or disabled. -
Page 116: Snmp-Server Enable Traps Linkmode
CLI Commands: Base 4.4 Management Commands 4.4.49 snmp-server enable traps linkmode This command enables Link Up/Down traps for the entire switch. When en- abled, link traps are sent only if the Link Trap flag setting associated with the port is enabled (see ‘snmp trap link-status’ command). Default enabled Format... -
Page 117: Snmp-Server Enable Traps Multiusers
CLI Commands: Base 4.4 Management Commands 4.4.50 snmp-server enable traps multiusers This command enables Multiple User traps. When the traps are enabled, a Multiple User Trap is sent when a user logs in to the terminal interface (EIA 232 (serial port) or telnet) and there is an existing terminal interface session. Default enabled Format... -
Page 118: Snmp-Server Enable Traps Port-Sec
CLI Commands: Base 4.4 Management Commands 4.4.51 snmp-server enable traps port-sec This command enables port security traps. When the traps are enabled, a Port Security Trap is sent if a port security event occurs (applies to MAC/IP Port Security). Default enabled Format snmp-server enable traps port-sec... -
Page 119: Snmp-Server Enable Traps Stpmode
CLI Commands: Base 4.4 Management Commands 4.4.52 snmp-server enable traps stpmode This command enables the sending of new root traps and topology change notification traps. Default enabled Format snmp-server enable traps stpmode Mode Global Config no snmp-server enable traps stpmode This command disables the sending of new root traps and topology change notification traps. -
Page 120: Snmptrap
CLI Commands: Base 4.4 Management Commands 4.4.53 snmptrap This command adds an SNMP trap name. The maximum length of name is 32 case-sensitive alphanumeric characters. Default The default name for the six undefined community names is Delete. Format snmptrap <name> <ipaddr> [snmpversion snmpv1] Mode Global Config no snmptrap... -
Page 121: Snmptrap Ipaddr
CLI Commands: Base 4.4 Management Commands 4.4.54 snmptrap ipaddr This command assigns an IP address to a specified community name. The maximum length of name is 32 case-sensitive alphanumeric characters. Note: IP addresses in the SNMP trap receiver table must be unique. If you make multiple entries using the same IP address, the first entry is retained and processed. -
Page 122: Snmptrap Mode
CLI Commands: Base 4.4 Management Commands 4.4.55 snmptrap mode This command activates or deactivates an SNMP trap. Enabled trap receiv- ers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps). Format snmptrap mode <name> <ipaddr> Mode Global Config no snmptrap mode... -
Page 123: Snmptrap Snmpversion
CLI Commands: Base 4.4 Management Commands 4.4.56 snmptrap snmpversion This command configures SNMP trap version for a specified community. Format snmptrap snmpversion <name> <ipAddr> {snmpv1 | snmpv2} Mode Global Config name Enter the community name. ipAaddr Enter the IP Address. snmpv1 Use SNMP v1 to send traps. -
Page 124: Telnetcon Maxsessions
CLI Commands: Base 4.4 Management Commands 4.4.57 telnetcon maxsessions Configure the number of remote telnet connections allowed. Default Format telnetcon maxsessions <0-5> Mode Privileged EXEC no telnetcon maxsessions This command sets the maximum number of telnet connection sessions that can be established to the default value. Format no telnetcon maxsessions Mode... -
Page 125: Telnetcon Timeout
CLI Commands: Base 4.4 Management Commands 4.4.58 telnetcon timeout This command sets the telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set. The time is a decimal value from 1 to 160. Default Format telnetcon timeout <1-160>... -
Page 126: Syslog Commands
CLI Commands: Base 4.5 Syslog Commands 4.5 Syslog Commands This section provides a detailed explanation of the Syslog commands. The commands are divided into two functional groups: Show commands display spanning tree settings, statistics, and other in- formation. Configuration Commands configure features and options of the device. For every configuration command there is a show command that displays the configuration setting. -
Page 127: Logging Buffered Wrap
CLI Commands: Base 4.5 Syslog Commands 4.5.2 logging buffered wrap This command enables wrapping of in-memory logging when full capacity reached. Otherwise when full capacity is reached, logging stops. Default wrap Format logging buffered wrap Mode Privileged EXEC no logging buffered wrap This command disables wrapping of in-memory logging and configures logging to stop when capacity is full. -
Page 128: Logging Cli-Command
CLI Commands: Base 4.5 Syslog Commands 4.5.3 logging cli-command This command enables the CLI command Logging feature. The Command Logging component enables the switch software to log all Command Line Interface (CLI) commands issued on the system. Default disabled Format logging cli-command Mode Global Config... -
Page 129: Logging Console
CLI Commands: Base 4.5 Syslog Commands 4.5.4 logging console This command enables logging to the console. The <severitylevel> value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7). -
Page 130: Logging Host
CLI Commands: Base 4.5 Syslog Commands 4.5.5 logging host This command enables logging to a host where up to eight hosts can be configured. Default Port - 514; Level - Critical; Format logging host <hostaddress> [<port> [<severitylevel>]] Mode Global Config Severity number Severity name Meaning... -
Page 131: Logging Host Reconfigure
CLI Commands: Base 4.5 Syslog Commands 4.5.6 logging host reconfigure The Logging Host Index for which to change the IP Address. Format logging host reconfigure <hostindex> <hostaddress> Mode Global Config 4.5.7 logging host remove The Logging Host Index to be removed. Format logging host remove <hostindex>... -
Page 132: Logging Snmp-Requests Set Operation
CLI Commands: Base 4.5 Syslog Commands 4.5.9 logging snmp-requests set operation This command enables or disables the logging of SNMP SET requests. Default Disabled Format logging snmp-requests set operation { enable | disable } Mode Global Config 4.5.10 logging snmp-requests get severity With this command you can define the severity level of logging SNMP GET requests. -
Page 133: Logging Snmp-Requests Set Severity
CLI Commands: Base 4.5 Syslog Commands 4.5.11 logging snmp-requests set severity With this command you can define the severity level of logging SNMP SET requests. Default Disabled Format logging snmp-requests set severity <level|[0-7]> Mode Global Config level | [0-7] Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). -
Page 134: Logging Syslog Port
CLI Commands: Base 4.5 Syslog Commands 4.5.13 logging syslog port Enter the port number of the syslog server. Default Format logging syslog port <portid> Mode Global Config CLI L2E Release 8.0 05/2013... -
Page 135: Device Configuration Commands
4.6 Device Configuration Commands Device Configuration Commands 4.6.1 auto-disable reason This command enables the port disabling on this device by reason. Default Disabled Format auto-disable reason {link-flap | crc-error | overload-detection} Mode Global Config link-flap Enable the port disabling on this device by link flap. crc-error Enable the port disabling on this device by CRC error. - Page 136 4.6 Device Configuration Commands no auto-disable reason This command disables the port disabling on this device by reason. Default Disabled Format no auto-disable reason {link-flap | crc-error | overload-detection} Mode Global Config link-flap Disable the port disabling on this device by link flap. crc-error Disable the port disabling on this device by CRC error.
-
Page 137: Auto-Disable Timer
4.6 Device Configuration Commands 4.6.2 auto-disable timer This command defines the time after which a deactivated port is activated again. Default Format auto-disable timer {0 | 30..2147483} Mode Interface Config {0 | 30..2147483} Timer value in seconds after a deactivated port is activated again. Possible values: The value 0 disables the timer. -
Page 138: Auto-Negotiate
4.6 Device Configuration Commands 4.6.3 auto-negotiate This command enables automatic negotiation on a port. The default value is enable. Format auto-negotiate Mode Interface Config no auto-negotiate This command disables automatic negotiation on a port. Format no auto-negotiate Mode Interface Config CLI L2E Release 8.0 05/2013... -
Page 139: Auto-Negotiate All
4.6 Device Configuration Commands 4.6.4 auto-negotiate all This command enables automatic negotiation on all ports. The default value is enable. Format auto-negotiate all Mode Global Config no auto-negotiate all This command disables automatic negotiation on all ports. Format no auto-negotiate all Mode Global Config CLI L2E... -
Page 140: Cable-Crossing
4.6 Device Configuration Commands 4.6.5 cable-crossing Note: This function is available for the RS20/RS30/RS40, MS20/MS30, RSR20/RSR30, MACH1000, PowerMICE and OCTOPUS devices. Use this command to enable or disable the cable crossing function. Note: The cable-crossing settings become effective for a certain port, if auto-negotiate is disabled for this port. -
Page 141: Media-Module
4.6 Device Configuration Commands 4.6.6 media-module Use this command to logically configure media modules. Default media-module enable all Format media-module { remove <1-7> | enable { <1-7> | all } | disable { <1-7> | all } } Mode Global Config remove Logically remove a media-module that has already been physically removed. -
Page 142: Dip-Switch Operation
4.6 Device Configuration Commands 4.6.7 dip-switch operation Note: This command is available for the MICE, PowerMICE and RS20/ RS30/RS40 devices. Use this command to enable/disable the DIP switch configuration. Default disabled Format dip-switch operation { enable | disable } Mode... -
Page 143: Macfilter
4.6 Device Configuration Commands 4.6.8 macfilter This command adds a static MAC filter entry for the MAC address <macad- dr> on the VLAN <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The restricted MAC Addresses are: 00:00:00:00:00:00, 01:80:C2:00:00:00 to 01:80:C2:00:00:0F, 01:80:C2:00:00:20 to 01:80:C2:00:00:21, and FF:FF:FF:FF:FF:FF. -
Page 144: Macfilter Adddest
4.6 Device Configuration Commands 4.6.9 macfilter adddest This command adds the interface to the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. -
Page 145: Macfilter Adddest All
4.6 Device Configuration Commands 4.6.10 macfilter adddest all This command adds all interfaces to the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. -
Page 146: Monitor Session
4.6 Device Configuration Commands 4.6.11 monitor session This command configures a probe port and a monitored port for monitor ses- sion (port monitoring). The first slot/port is the source monitored port and the second slot/port is the destination probe port. If this command is executed while port monitoring is enabled, it will have the effect of changing the probe and monitored port values. - Page 147 4.6 Device Configuration Commands no monitor session This command removes the monitor session (port monitoring) designa- tion from both the source probe port and the destination monitored port and removes the probe port from all VLANs. The port must be manually re-added to any desired VLANs.
-
Page 148: Monitor Session Mode
4.6 Device Configuration Commands 4.6.12 monitor session mode This command configures the monitor session (port monitoring) mode to en- able. The probe and monitored ports must be configured before monitor ses- sion (port monitoring) can be enabled. If enabled, the probe port will monitor all traffic received and transmitted on the physical monitored port. -
Page 149: Monitor Session
4.6 Device Configuration Commands 4.6.13 monitor session <session-id> source/ destination This command allows you to configure and activate the port mirroring func- tion of the switch. Port mirroring is when the data traffic of a source port is copied to a specified destination port. The data traffic at the source port is not influenced by port mirroring.Source/Destination -
Page 150: Set Igmp
4.6 Device Configuration Commands 4.6.14 set igmp This command enables IGMP Snooping on the system. The default value is disable. Note: The IGMP snooping application supports the following: Global configuration or per interface configuration. Validation of the IP header checksum (as well as the IGMP header check- sum) and discarding of the frame upon checksum error. -
Page 151: Set Igmp
4.6 Device Configuration Commands 4.6.15 set igmp This command enables IGMP Snooping on a selected interface. Default enabled Format set igmp Mode Interface Config no set igmp This command disables IGMP Snooping on a selected interface. Format no set igmp Mode Interface Config 4.6.16 set igmp aging-time-unknown... -
Page 152: Set Igmp Automatic-Mode
4.6 Device Configuration Commands 4.6.17 set igmp automatic-mode If enabled, this port is allowed to be set as static query port automatically, if the LLDP protocol has found a switch or router connected to this port. Use the command's normal form to enable the feature, the 'no' form to disable it. Default disabled Format... -
Page 153: Set Igmp Forward-All
4.6 Device Configuration Commands 4.6.18 set igmp forward-all This command activates the forwarding of multicast frames to this interface even if the given interface has not received any reports by hosts. N. B.: this applies only to frames that have been learned via IGMP Snooping. The pur- pose is that an interface (e. -
Page 154: Set Igmp Forward-Unknown
4.6 Device Configuration Commands 4.6.19 set igmp forward-unknown Note: This command is available for MS20/MS30. This command defines how to handle unknown multicast frames. Format set igmp forward-unknown { discard | flood | query-ports} Mode Global Config discard Unknown multicast frames will be discarded. flood Unknown multicast frames will be flooded. -
Page 155: Set Igmp Static-Query-Port
4.6 Device Configuration Commands 4.6.20 set igmp static-query-port This command activates the forwarding of IGMP membership report frames to this interface even if the given interface has not received any queries. The purpose is that a port may need to forward such frames even if no queries have been received on it (e. -
Page 156: Set Igmp Groupmembershipinterval
4.6 Device Configuration Commands 4.6.21 set igmp groupmembershipinterval This command sets the IGMP Group Membership Interval time on the sys- tem. The Group Membership Interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular inter- face before deleting the interface from the entry. -
Page 157: Set Igmp Interfacemode
4.6 Device Configuration Commands 4.6.22 set igmp interfacemode This command enables IGMP Snooping on all interfaces. Format set igmp interfacemode Mode Global Config no set igmp interfacemode This command disables IGMP Snooping on all interfaces. Format no set igmp interfacemode Mode Global Config 4.6.23 set igmp lookup-interval-unknown... -
Page 158: Set Igmp Lookup-Resp-Time-Unknown
4.6 Device Configuration Commands 4.6.24 set igmp lookup-resp-time-unknown This command configures the IGMP Snooping lookup interval for unknown multicast frames (unit: seconds, min.: 1, max.: 3,598, default: 10). Format set igmp lookup-resp-time-unknown <1-3598> Mode Global Config <2-3598> Enter the IGMP Snooping lookup interval for unknown multicast frames (unit: seconds, min.: 1, max.: 3,598, default: 10). -
Page 159: Set Igmp Maxresponse
4.6 Device Configuration Commands 4.6.25 set igmp maxresponse This command sets the IGMP Maximum Response time on the system. The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query in response to a received leave message, before deleting the multicast group received in the leave message. -
Page 160: Set Igmp Querier Max-Response-Time
4.6 Device Configuration Commands 4.6.26 set igmp querier max-response-time Configure the IGMP Snooping Querier's maximum response time. The range is 1 to 3,598 seconds. The default value is 10 seconds. Default Format set igmp querier max-response-time <1-3598> Mode Global Config Note: The IGMP Snooping max. -
Page 161: Set Igmp Querier Status
4.6 Device Configuration Commands 4.6.28 set igmp querier status Configure the IGMP Snooping Querier's administrative status (enable or disable). Default disable Format set igmp querier status {enable | disable} Mode Global Config 4.6.29 set igmp querier tx-interval Configure the IGMP Snooping Querier's transmit interval. The range is 2 to 3,599 seconds. -
Page 162: Set Igmp Query-Ports-To-Filter
4.6 Device Configuration Commands 4.6.30 set igmp query-ports-to-filter This command enables or disables the addition of query ports to multicast fil- ter portmasks. The setting can be enable or disable. Default Disable Format set igmp query-ports-to-filter {enable | disable} Mode Global Config enable Addition of query ports to multicast filter portmasks. -
Page 163: Set Pre-Login-Banner Text
4.6 Device Configuration Commands 4.6.31 set pre-login-banner text Use this command to set the text for the pre-login banner. The device displays this banner additionally before login in the CLI and before login in the graphical user interface. Default Empty string Format set pre-login-banner text <text>... -
Page 164: Selftest Reboot-On-Hdxerror
4.6 Device Configuration Commands 4.6.33 selftest reboot-on-hdxerror Enable or disable a restart when the device detects a half duplex mismatch error. Default: enabled. Format selftest reboot-on-hdxerror {disable|enable} Mode Global Config selftest reboot-on-hdxerror disable Disable the reboot-on-hdxerror function. selftest reboot-on-hdxerror enable Enable the reboot-on-hdxerror function. -
Page 165: Selftest Reboot-On-Error
4.6 Device Configuration Commands 4.6.34 selftest reboot-on-error Enable or disable a restart due to an undefined software or hardware state. Default: disabled. Format selftest reboot-on-error {disable|enable|seriousOnly} Mode Global Config selftest reboot-on-error disable Disable the reboot-on-error function. This is the default. selftest reboot-on-error enable Enable the reboot-on-error function. -
Page 166: Show Auto-Disable Brief
4.6 Device Configuration Commands 4.6.35 show auto-disable brief Use this command to display the Auto Disable summary. Format show auto-disable brief Mode Global Config Intf Display the number of the interface in slot/port format. Error reason Display the error reason for auto-disable. Possible values: no error, link-flap, crc-error, overload-detection. -
Page 167: Show Auto-Disable Reasons
4.6 Device Configuration Commands 4.6.36 show auto-disable reasons Use this command to display the reasons for port auto-disable on this devcie. Format show auto-disable reasons Mode Global Config Error reason Display the error reasons of the port auto-disable function (link-flap, crc-error, overload-detection). State Display the state of the port auto-disable function. -
Page 168: Show Dip-Switch
4.6 Device Configuration Commands 4.6.37 how dip-switch This command displays the DIP switch operation configuration. Format show dip-switch Mode Global Config DIP Switch operation This field displays the DIP Switch operation status. Possible values: Enabled, Disabled DIP Switch conflict This field displays the DIP Switch conflict status. Possible values: True, False DIP Switch Red. -
Page 169: Show Igmpsnooping
4.6 Device Configuration Commands 4.6.38 how igmpsnooping This command displays IGMP Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled. Status information is only displayed when IGMP Snooping is enabled. Format show igmpsnooping Mode Privileged EXEC and User EXEC Admin Mode This indicates whether or not IGMP Snooping is globally enabled on the switch. -
Page 170: Show Mac-Filter-Table Igmpsnooping
4.6 Device Configuration Commands Querier Transmit Interval This displays the IGMP Snooping Querier's transmit interval in seconds. Querier Max. Response Time This displays the IGMP Snooping Querier's maximum response time in seconds. Querier Protocol Version This displays the IGMP Snooping Querier's protocol version number. 4.6.39 show mac-filter-table igmpsnooping This command displays the IGMP Snooping entries in the Multicast Forward- ing Database (MFDB) table. -
Page 171: Show Mac-Filter-Table Multicast
4.6 Device Configuration Commands 4.6.40 show mac-filter-table multicast This command displays the Multicast Forwarding Database (MFDB) informa- tion. If the command is entered with no parameter, the entire table is dis- played. This is the same as entering the optional all parameter. The user can display the table entry for one MAC Address by specifying the MAC ad- dress as an optional parameter. -
Page 172: Show Mac-Filter-Table Static
4.6 Device Configuration Commands 4.6.41 show mac-filter-table static This command displays the Static MAC Filtering information for all Static MAC Filters. If all is selected, all the Static MAC Filters in the system are displayed. If a macaddr is entered, a vlan must also be entered and the Static MAC Filter information will be displayed only for that MAC address and VLAN. -
Page 173: Show Mac-Filter-Table Staticfiltering
4.6 Device Configuration Commands 4.6.42 show mac-filter-table staticfiltering This command displays the Static Filtering entries in the Multicast Forward- ing Database (MFDB) table. Format show mac-filter-table staticfiltering Mode Privileged EXEC and User EXEC Mac Address A unicast MAC address for which the switch has forwarding and or fil- tering information. -
Page 174: Show Mac-Filter-Table Stats
4.6 Device Configuration Commands 4.6.43 show mac-filter-table stats This command displays the Multicast Forwarding Database (MFDB) statis- tics. Format show mac-filter-table stats Mode Privileged EXEC and User EXEC Total Entries This displays the total number of entries that can possibly be in the Multicast Forwarding Database table. -
Page 175: Show Monitor Session
4.6 Device Configuration Commands 4.6.44 show monitor session This command displays the port monitoring information for the system. Format show monitor session <Session Number> Mode Global Config, Privileged EXEC, User EXEC Session Display port monitor session settings. Session Number Session number. Enter 1 for the session number. Session ID Displays the session number of the port monitor session. -
Page 176: Show Port
4.6 Device Configuration Commands 4.6.45 show port This command displays port information. Format show port {<slot/port> | all} [name] Mode Privileged EXEC and User EXEC Slot/Port Valid slot and port number separated by forward slashes. Name When the optional command parameter name was specified, the out- put is different. -
Page 177: Show Rmon-Alarm
4.6 Device Configuration Commands Link Trap This object determines whether or not to send a trap when link status changes. The factory default is enabled. Flow Indicates if enable flow control is enabled on this port. Device Status Indicates whether or not the given port's link status is monitored by the device status. -
Page 178: Show Selftest
4.6 Device Configuration Commands 4.6.47 show selftest This command displays switch configuration information. Format show selftest Mode Privileged EXEC and User EXEC Ramtest state May be enabled or disabled. The factory default is enabled. Reboot on error May be enabled, disabled or seriousOnly. The factory default is enabled. -
Page 179: Show Storm-Control
4.6 Device Configuration Commands 4.6.48 show storm-control This command displays switch configuration information. Format show storm-control Mode Privileged EXEC and User EXEC Ingress Limiting May be enabled or disabled. The factory default is disabled. Ingress Limiter Mode Note: This command is available for the MACH4000 and PowerMICE devices. -
Page 180: Show Vlan
4.6 Device Configuration Commands Note: This command is available for the devices RS20/RS30/RS40, MS20/MS30 and OCTOPUS. Shows the mode for the ingress limiter. The factory default is: Broad- casts only. Ingress Limit Shows the ingress rate limit. The factory default is: 0. - Page 181 4.6 Device Configuration Commands VLAN Type Type of VLAN, which can be Default, (VLAN ID = 1), a static (one that is configured and permanently defined), or Dynamic (one that is cre- ated by GVRP registration). VLAN Creation Time Time since VLAN has been created: d days, hh:mm:ss (System Uptime).
-
Page 182: Show Vlan Brief
4.6 Device Configuration Commands Tagging Select the tagging behavior for this port in this VLAN. Tagged - specifies to transmit traffic for this VLAN as tagged frames. Untagged - specifies to transmit traffic for this VLAN as untagged frames. 4.6.51 show vlan brief This command displays a list of all configured VLANs. -
Page 183: Show Vlan Port
4.6 Device Configuration Commands 4.6.52 show vlan port This command displays VLAN port information. Format show vlan port {<slot/port> | all} Mode Privileged EXEC and User EXEC Slot/Port Valid slot and port number separated by forward slashes. It is possi- ble to set the parameters for all ports by using the selectors on the top line. -
Page 184: Shutdown
4.6 Device Configuration Commands to be supported by every switch. GVRP may be enabled or disabled. The factory default is disabled. Default Priority The 802.1p priority assigned to tagged packets arriving on the port. 4.6.53 shutdown This command disables a port. Default enabled Format... -
Page 185: Shutdown All
4.6 Device Configuration Commands 4.6.54 shutdown all This command disables all ports. Default enabled Format shutdown all Mode Global Config no shutdown all This command enables all ports. Format no shutdown Mode Global Config CLI L2E Release 8.0 05/2013... -
Page 186: Snmp Trap Link-Status
4.6 Device Configuration Commands 4.6.55 snmp trap link-status This command enables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. See ‘snmp-server enable traps linkmode’ command. Format snmp trap link-status Mode Interface Config no snmp trap link-status This command disables link status traps by interface. -
Page 187: Snmp Trap Link-Status All
4.6 Device Configuration Commands 4.6.56 snmp trap link-status all This command enables link status traps for all interfaces. Note: This command is valid only when the Link Up/Down Flag is enabled (see “snmp-server enable traps linkmode” ). Format snmp trap link-status all Mode Global Config no snmp trap link-status all... -
Page 188: Spanning-Tree Bpdumigrationcheck
4.6 Device Configuration Commands 4.6.57 spanning-tree bpdumigrationcheck This command enables BPDU migration check on a given interface. This will force the specified port to transmit RST or MST BPDUs. The all option enables BPDU migration check on all interfaces. Format spanning-tree bpdumigrationcheck {<slot/port>|all} Mode Global Config... -
Page 189: Speed
4.6 Device Configuration Commands 4.6.58 speed This command sets the speed and duplex setting for the interface. Format speed { <100 | 10> <half-duplex | full-duplex> | 1000 full-duplex} Mode Interface Config Acceptable values are: 1000f 1000BASE-T full duplex 100h 100BASE-T half duplex 100f 100BASE-T full duplex... -
Page 190: Storm-Control Broadcast
4.6 Device Configuration Commands 4.6.59 storm-control broadcast This command enables the egress broadcast limiter globally. Format storm-control broadcast Mode Global Config no storm-control broadcast This command disables the egress broadcast limiter globally. Format no storm-control broadcast Mode Global Config 4.6.60 storm-control egress-limiting This command enables or disables the egress limiter globally for all frame types. -
Page 191: Storm-Control Ingress-Limiting
4.6 Device Configuration Commands 4.6.61 storm-control ingress-limiting This command enables or disables the ingress limiter globally. Format storm-control ingress-limiting {disable | enable} Mode Global Config 4.6.62 storm-control ingress-mode Note: This command is available for the MACH4000 and PowerMICE devices. This command sets the frame type for the ingress limiter globally to: BC or BC+MC. -
Page 192: Storm-Control Broadcast (Port-Related)
<max. broadcast rate> Mode Interface Config 4.6.64 storm-control egress-limit Note: This command is available for the RS20/RS30/RS40, MS20/MS30 and OCTOPUS devices. Sets the egress rate limit in kbit/s. "0" means: no limit. Format storm-control egress-limit <max. egress rate>... -
Page 193: Storm-Control Ingress-Limit
Format storm-control ingress-limit <max. ingress rate> Mode Interface Config 4.6.66 storm-control ingress-mode Note: This command is available for the RS20/RS30/RS40, MS20/MS30, OCTOPUS devices. This command sets the frame type for the ingress limiter to: All, BC, BC+MC, BC+MC+uUC. Format storm-control ingress-mode {all | bc | mc+bc |... -
Page 194: Storm-Control Flowcontrol
4.6 Device Configuration Commands 4.6.67 storm-control flowcontrol This command enables 802.3x flow control for the switch. Note: This command only applies to full-duplex mode ports. Default disabled Format storm-control flowcontrol Mode Interface Config Global Config no storm-control flowcontrol This command disables 802.3x flow control for the switch. Note: This command only applies to full-duplex mode ports. -
Page 195: Storm-Control Flowcontrol Per Port
4.6 Device Configuration Commands 4.6.68 storm-control flowcontrol per port This command enables 802.3x flow control for the port. Note: This command only applies to full-duplex mode ports. Default enabled Format storm-control flowcontrol Mode Interface Config no storm-control flowcontrol per port This command disables 802.3x flow control for the port. -
Page 196: Vlan
4.6 Device Configuration Commands 4.6.69 vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 1-4042. Format vlan <1-4042> Mode VLAN database no vlan... -
Page 197: Vlan0-Transparent-Mode
In transparency mode devices ignore received vlan tags. Set the vlan mem- bership of the ports to untagged for all vlans. Note: For RS20/RS30/RS40, MS20/MS30 and OCTOPUS: In transparency mode devices ignore the configured port vlan id. Set the vlan membership of the ports from vlan 1 to untagged or member. -
Page 198: Vlan Acceptframe
Only frames received without a VLAN tag will be forwarded. Other frames will be dropped. Note: This command is available for devices of the RS20/RS30/ RS40, MS20/MS30, MACH102, RSR20/RSR30, MACH1020/ MACH1030 and OCTOPUS family. CLI L2E... -
Page 199: Vlan Database
4.6 Device Configuration Commands no vlan acceptframe This command sets the frame acceptance mode per interface to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. -
Page 200: Vlan Ingressfilter
4.6 Device Configuration Commands 4.6.73 vlan ingressfilter This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the re- ceiving interface are admitted and forwarded to ports that are members of that VLAN. -
Page 201: Vlan Name
4.6 Device Configuration Commands 4.6.74 vlan name This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-4042. Default The name for VLAN ID 1 is always Default. -
Page 202: Vlan Participation
4.6 Device Configuration Commands 4.6.75 vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number . Format vlan participation <exclude | include | auto>... -
Page 203: Vlan Participation All
4.6 Device Configuration Commands 4.6.76 vlan participation all This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number. Format vlan participation all <exclude | include | auto> <1-4042> Mode Global Config Participation options are: include... -
Page 204: Vlan Port Acceptframe All
4.6 Device Configuration Commands 4.6.77 vlan port acceptframe all This command sets the frame acceptance mode for all interfaces. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. -
Page 205: Vlan Port Ingressfilter All
4.6 Device Configuration Commands 4.6.78 vlan port ingressfilter all This command enables ingress filtering for all ports. If ingress filtering is dis- abled, frames received with VLAN IDs that do not match the VLAN member- ship of the receiving interface are admitted and forwarded to ports that are members of that VLAN. -
Page 206: Vlan Port Pvid All
4.6 Device Configuration Commands 4.6.79 vlan port pvid all This command changes the VLAN ID for all interface. Default Format vlan port pvid all <1-4042> Mode Global Config no vlan port pvid all This command sets the VLAN ID for all interfaces to 1. Format no vlan port pvid all <1-4042>... -
Page 207: Vlan Port Tagging All
4.6 Device Configuration Commands 4.6.80 vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tag- ging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. -
Page 208: Vlan Pvid
4.6 Device Configuration Commands 4.6.81 vlan pvid This command changes the VLAN ID per interface. Default Format vlan pvid <1-4042> Mode Interface Config no vlan pvid This command sets the VLAN ID per interface to 1. Format no vlan pvid <1-4042> Mode Interface Config CLI L2E... -
Page 209: Vlan Tagging
4.6 Device Configuration Commands 4.6.82 vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. -
Page 210: User Account Management Commands
4.7 User Account Management Commands User Account Management Commands These commands manage user accounts. 4.7.1 disconnect This command closes a telnet session. Format disconnect {<sessionID> | all} Mode Privileged EXEC Session ID Enter the session ID (1-11). CLI L2E Release 8.0 05/2013... -
Page 211: Show Loginsession
4.7 User Account Management Commands 4.7.2 show loginsession This command displays current telnet and serial port connections to the switch. Format show loginsession Mode Privileged EXEC and User EXEC Login Session ID User Name The name the user will use to login using the serial port or Telnet. A new user may be added to the switch by entering a name in a blank entry. -
Page 212: Show Users
4.7 User Account Management Commands 4.7.3 show users This command displays the configured user names and their settings. This command is only available for users with readwrite privileges. The SNMPv3 fields will only be displayed if SNMP is available on the system. Format show users Mode... -
Page 213: Users Defaultlogin
4.7 User Account Management Commands 4.7.4 users defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is config- ured locally. -
Page 214: Users Access
4.7 User Account Management Commands 4.7.6 users access This command sets access for a user: readonly/readwrite. Format users access <username> {readonly readwrite} Mode Global Config <username> Enter a name up to 32 alphanumeric characters in length. readonly Enter the access mode as readonly. readwrite Enter the access mode as readwrite. -
Page 215: Users Name
4.7 User Account Management Commands 4.7.7 users name This command adds a new user (account) if space permits. The account <username> can be up to eight characters in length. The name may be com- prised of alphanumeric characters as well as the dash (‘-’) and underscore (‘_’). -
Page 216: Users Passwd
4.7 User Account Management Commands 4.7.8 users passwd This command is used to change a password. The password should not be more than eight alphanumeric characters in length. If a user is authorized for authentication or encryption is enabled, the password must be at least eight alphanumeric characters in length. -
Page 217: Users Snmpv3 Accessmode
4.7 User Account Management Commands 4.7.9 users snmpv3 accessmode This command specifies the snmpv3 access privileges for the specified login user. The valid accessmode values are readonly or readwrite. The <username> is the login user name for which the specified access mode applies. -
Page 218: Users Snmpv3 Authentication
4.7 User Account Management Commands 4.7.10 users snmpv3 authentication This command specifies the authentication protocol to be used for the specified login If md5 or sha are none user. The valid authentication protocols are specified, the user login password is also used as the snmpv3 authentication password and therefore must be at least eight characters in length. -
Page 219: Users Snmpv3 Encryption
4.7 User Account Management Commands 4.7.11 users snmpv3 encryption This command specifies the encryption protocol to be used for the specified login user. The valid encryption protocols are des or none. If des is specified, the required key may be specified on the command line. The key may be up to 16 characters long. -
Page 220: System Utilities
4.8 System Utilities System Utilities This section describes system utilities. 4.8.1 address-conflict This command configures the setting for detection possible address conflicts of the agent´s IP address with other devices´ IP addresses in the network. Format address-conflict {detection-mode { active-only | disable | enable | passive-only}| ongoing-detection { disable | enable } } Mode... -
Page 221: Boot Skip-Aca-On-Boot
4.8 System Utilities 4.8.2 boot skip-aca-on-boot Use this command to skip external memory (AutoConfiguration Adapter ACA21) during boot phase to shorten startup duration. The ACA21 functionality will be available after the boot phase. Format boot skip-aca-on-boot {disable | enable} Mode Global Config Default disabled... -
Page 222: Clear Eventlog
4.8 System Utilities 4.8.4 clear eventlog Clear the event log. The CLI will ask for confirmation. Answer y (yes) or n (no). The CLI displays the end of this operation. Format clear eventlog Mode Privileged EXEC 4.8.5 traceroute This command is used to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. -
Page 223: Clear Arp-Table-Switch
4.8 System Utilities 4.8.6 clear arp-table-switch This command clears the agent´s ARP table (cache). Format clear arp-table-switch Mode Privileged EXEC 4.8.7 clear config This command resets the configuration in RAM to the factory defaults without powering off the switch. Format clear config Mode Privileged EXEC... -
Page 224: Clear Counters
4.8 System Utilities 4.8.9 clear counters This command clears the stats for a specified <slot/port>or for all the ports or for the entire switch based upon the argument. Format clear counters {<slot/port> | all} Mode Privileged EXEC 4.8.10 clear hiper-ring This command clears the HIPER Ring configuration (deletes it). -
Page 225: Clear Mac-Addr-Table
4.8 System Utilities 4.8.12 clear mac-addr-table This command clears the switch's MAC address table (the forwarding data- base that contains the learned MAC addresses). Note: this command does not affect the MAC filtering table. Format clear mac-addr-table Mode Privileged EXEC 4.8.13 clear pass This command resets all user passwords to the factory defaults without pow- ering off the switch. -
Page 226: Clear Signal-Contact
4.8 System Utilities 4.8.14 clear signal-contact This command clears the signal-contact output configuration. Switches the signal contact 1´s mode to auto and its manual setting to open. Switches the signal contact 2´s mode to manual and its manual setting to closed. -
Page 227: Clear Ring-Coupling
4.8 System Utilities 4.8.16 clear ring-coupling This command clears the ring-coupling configuration. Format clear ring-coupling Mode Privileged EXEC 4.8.17 clear vlan This command resets VLAN configuration parameters to the factory defaults. Format clear vlan Mode Privileged EXEC CLI L2E Release 8.0 05/2013... -
Page 228: Config-Watchdog
4.8 System Utilities 4.8.18 config-watchdog If the function is enabled and the connection to the switch is interrupted for longer than the time specified in “timeout [s]”, the switch then loads the last configuration saved. Format config-watchdog {admin-state {disable|enable}| timeout <10..600>} Mode Global Config admin-state... - Page 229 4.8 System Utilities aca:capturefilter <targetfilename> copy nvram:capturefilter <sourcefilename> copy nvram:errorlog <url> copy nvram:startup-config <url> copy nvram:startup-config system:running-config copy nvram:traplog <url> copy system:running-config nvram:startup-config <url> copy system:running-config <url> copy tftp://<server_ip>/<path_to_pem> nvram:httpscert copy <url> nvram:clibanner copy <url> nvram:capturefilter <destfilename> copy aca:capturefilter <sourcefilename> nvram:capturefilter <destfilename>...
- Page 230 4.8 System Utilities copy nvram:capture aca:capture Save the internal packet capture file to the Auto Configuration Adapter ACA21 (file name: "capture.cap"). copy nvram:capture <url> Save the internal packet capture file to a tftp URL using <tftp://ip/filepath/fileName>. copy nvram:capturefilter <sourcefilename> aca:capturefilter <targetfilename> Save a capture filter file from the flash memory to the Auto Configura- tion Adapter.
- Page 231 4.8 System Utilities copy nvram:startup-config system:running-config Uploads/Copies config file. The target is the currently running configuration. copy nvram:traplog <url> Uploads Trap log file. Uploads Trap log file using <tftp://ip/filepath/fileName>. copy system:running-config nvram:startup-config Copies system config file. Save the running configuration to NVRAM. copy system:running-config <url>...
- Page 232 4.8 System Utilities copy <url> nvram:clibanner This feature provides a privileged user the capability to change the CLI default banner: --------------------------------------------------- Copyright (c) 2004-2010 <Company Name> All rights reserved <Product Name> Release L3P-06.0.00 (Build date 2010-05-01 00:30) System Name: <Product Name>-518280 Mgmt-IP a.b.c.d 1.Router-IP:...
- Page 233 4.8 System Utilities no clibanner This command deletes an existing CLI banner file. copy <url> nvram:capturefilter <destfilename> Load a Capture Filter file from a tftp URL into the flash memory using <tftp://ip/filepath/fileName>. – destfilename: Destination filename of capture filter expressions file.
-
Page 234: Device-Status Connection-Error
4.8 System Utilities copy <url> system:bootcode Use the "copy <url> system:bootcode" command to load the boot- code file via tftp into the device. For <url> enter the path of the tftp server using the following notation: "<tftp://ip/filepath/fileName>", e.g. "tftp://10.1.112.214/switch/switch01.cfg". 4.8.20 device-status connection-error This command configures the device status link error monitoring for this port. -
Page 235: Device-Status Monitor
4.8 System Utilities 4.8.21 device-status monitor This command configures the device-status. Format device-status monitor {aca-removal | all | connection-error | hiper-ring | module-removal | power-supply-1 | power-supply-2 | power-supply-3-1 | power-supply-3-2 |power-supply-4-1 | power-supply-4-2 | ring-coupling | temperature } {error|ignore} device-status trap {disable|enable} Mode Global Config... -
Page 236: Logout
4.8 System Utilities 4.8.22 logout This command closes the current telnet connection or resets the current se- rial connection. Note: Save configuration changes before logging out. Format logout Mode Privileged EXEC 4.8.23 ping This command checks if another computer is on the network and listens for connections. -
Page 237: Signal-Contact Connection-Error
4.8 System Utilities 4.8.24 signal-contact connection-error This command configures the signal contact link error monitoring for this port. Format signal-contact connection-error {disable|enable} Mode Interface Config disable A link down event on this port will be not monitored by a signal con- tact (default). - Page 238 4.8 System Utilities Contact No. Selection of the signal contact: – 1 signal contact 1, – 2 signal contact 2, – all signal contact 1 and signal contact 2. mode Selection of the operational mode: – auto function monitoring, – device-status the device-status determines the signal contact´s status.
-
Page 239: Temperature
4.8 System Utilities 4.8.26 temperature Note: The command is available for RS20/RS30/RS40, MS20/MS30, RSR20/RSR30, MACH100, MACH1000, PowerMICE, MACH4000 and OCTOPUS devices. This command configures the lower and upper temperature limit for the device. If these limits are exceeded, a trap is sent. The unit for the temperature limit is °C (Celsius), the minimum value is -99, the maximum... -
Page 240: Reboot
4.8 System Utilities 4.8.27 reboot This command resets the switch (cold start) after a given time delay, for warm start See “reload” on page 242. Reset means that all network connections are terminated and the boot code executes. The switch uses the stored con- figuration to initialize the switch. -
Page 241: Show Reboot
4.8 System Utilities 4.8.28 show reboot This command displays if a reboot is sceduled for the device. If sceduled, the command displays the number of seconds after which the switch will reboot. Format show reboot Modes Privileged EXEC User Exec <seconds>... -
Page 242: Reload
4.8 System Utilities 4.8.29 reload This command enables you to reset the switch (warm start) after a given time delay, for cold start See “reboot” on page 240. Note: First, the device is checking the software in the flash memory and then it resets. -
Page 243: Show Reload
4.8 System Utilities 4.8.30 show reload This command displays if a reload is sceduled for the device. If sceduled, the command displays the number of seconds after which the switch will reload. Format show reload Modes Privileged EXEC User Exec <seconds>... -
Page 244: Lldp - Link Layer Discovery Protocol
4.9 LLDP - Link Layer Discovery Protocol LLDP - Link Layer Discovery Protocol These commands show and configure the LLDP parameters in compliance with IEEE 802.1 AB. 4.9.1 show lldp This command shows all LLDP settings. Format show lldp Mode Privileged EXEC and User EXEC 4.9.2 show lldp config This command shows all LLDP configuration settings. -
Page 245: Show Lldp Config Chassis
4.9 LLDP - Link Layer Discovery Protocol 4.9.3 show lldp config chassis This command shows all LLDP configuration settings concerning the entire device. Format show lldp config chassis Mode Privileged EXEC and User EXEC 4.9.4 show lldp config chassis admin-state Display the LLDP/IEEE802.1AB functionality on this device. -
Page 246: Show Lldp Config Chassis Re-Init-Delay
4.9 LLDP - Link Layer Discovery Protocol 4.9.6 show lldp config chassis re-init-delay Display the LLDP configuration's chassis re-initialization delay (unit: seconds). Format show lldp config chassis re-init-delay Mode Privileged EXEC and User EXEC 4.9.7 show lldp config chassis tx-delay Display the LLDP transmit delay (unit: seconds). -
Page 247: Show Lldp Config Chassis Tx-Interval
4.9 LLDP - Link Layer Discovery Protocol 4.9.9 show lldp config chassis tx-interval Display the interval (unit: seconds) at which LLDP frames are transmitted on behalf of this LLDP agent. Format show lldp config chassis tx-interval Mode Privileged EXEC and User EXEC CLI L2E Release 8.0 05/2013... -
Page 248: Show Lldp Config Port
Display the port's LLDP admin state (if LLDP/IEEE802.1AB frames will be transmitted and/or received). fdb-mode Display the port's LLDP FDB mode. hm-mode Display the port's LLDP Hirschmann mode. .max-neighbors Display the port's max. no. of LLDP neighbors. notification Display the port's LLDP notification (trap) setting. -
Page 249: Show Lldp Config Port Tlv
4.9 LLDP - Link Layer Discovery Protocol 4.9.11 show lldp config port tlv This command shows all LLDP TLV configuration settings (if the given infor- mation is included in the sent LLDP frames or not) concerning one or all ports. Format show lldp config port <{slot/port|all}>... -
Page 250: Show Lldp Remote-Data
4.9 LLDP - Link Layer Discovery Protocol sys-desc Display the port's LLDP TLV inclusion of System Description. sys-name Display the port's LLDP TLV inclusion of System Name. vlan-name Display the port's LLDP TLV inclusion of VLAN Name. 4.9.12 show lldp remote-data This command shows all LLDP remote-data settings and states concerning one or all ports. - Page 251 4.9 LLDP - Link Layer Discovery Protocol Port Autoneg. Advertized Capabilities and Port Operational MAU Type). inlinepower Displays the remote port's Power over Ethernet capabilities (PoE, IEEE 802.3af). Included are if the remote device is a PSE (Power Source Device) or a PD (Powered Device), if PoE is supported and if the power pairs are selectable.
-
Page 252: Lldp
4.9 LLDP - Link Layer Discovery Protocol 4.9.13 lldp Enable/disable the LLDP/IEEE802.1AB functionality on this device. If dis- abled, the LLDP protocol will become inactive, but the LLDP MIBs can still be accessed. This command is a shorthand notation for lldp config chas- sis admin-state {off|on} (see “lldp config chassis admin-state”... -
Page 253: Lldp Config Chassis Admin-State
4.9 LLDP - Link Layer Discovery Protocol 4.9.14 lldp config chassis admin-state Configure the LLDP/IEEE802.1AB functionality on this device. If disabled, the LLDP protocol will become inactive, but the LLDP MIBs can still be accessed. off: Disable the LLDP/IEEE802.1AB functionality. on: Enable the LLDP/IEEE802.1AB functionality. -
Page 254: Lldp Config Chassis Re-Init-Delay
4.9 LLDP - Link Layer Discovery Protocol 4.9.16 lldp config chassis re-init-delay Configure the LLDP re-initialization delay (unit: seconds, min.: 1 sec., max.: 10 sec., default: 2 sec.). Format lldp config chassis re-init-delay <re-init delay> Mode Global Config Re-init-delay Configure the LLDP re-initialization delay (unit:seconds, min.: 1 sec., max.: 10 sec., default: 2 sec.). -
Page 255: Lldp Config Chassis Tx-Hold-Mult
4.9 LLDP - Link Layer Discovery Protocol 4.9.18 lldp config chassis tx-hold-mult Configure the LLDP transmit hold multiplier, a time-to-live value expressed as a multiple of the LLDP Message Tx Interval (tx-interval), min.: 2, max.: 10, default: 4. Format lldp config chassis tx-hold-mult <tx hold multiplier>... -
Page 256: Clear Lldp Config All
4.9 LLDP - Link Layer Discovery Protocol 4.9.20 clear lldp config all Clear the LLDP configuration, i. e., set all configurable parameters to default values (all chassis- as well as port-specific parameters at once). Note: LLDP Remote data remains unaffected. Format clear lldp config all Mode... -
Page 257: Lldp Fdb-Mode
<{lldp-only|mac-only|lldp-and- mac|autodetect}> Mode Interface Config 4.9.23 lldp hm-mode Configure the port's LLDP Hirschmann mode (if LLDP/IEEE802.1AB frames will be transmitted to and/or received from the Hirschmann-specific multicast address 01:80:63:2f:ff:0b). The default setting is tx-and-rx. Format lldp hm-mode <{tx-only|rx-only|tx-and-rx|off}> Mode... -
Page 258: Lldp Max-Neighbors
4.9 LLDP - Link Layer Discovery Protocol 4.9.24 lldp max-neighbors Configure the port's LLDP max. no. of neighbors (min.: 1, max.: 50, default: 10). Format lldp max-neighbors <1..50> Mode Interface Config 4.9.25 lldp notification Configure the port's LLDP notification setting (on or off, default: off). Format lldp notification <{off|on}>... -
Page 259: Lldp Tlv Mac-Phy-Config-State
4.9 LLDP - Link Layer Discovery Protocol 4.9.27 lldp tlv mac-phy-config-state Configure the port's LLDP TLV inclusion of MAC Phy. Cfg. State (on or off, default: on). Format lldp tlv mac-phy-config-state <{off|on}> Mode Interface Config 4.9.28 lldp tlv max-frame-size Configure the port's LLDP TLV inclusion of Max. Frame Size (on or off, default: on). -
Page 260: Lldp Tlv Pnio
4.9 LLDP - Link Layer Discovery Protocol 4.9.30 lldp tlv pnio Configure the port's LLDP TLV inclusion of PROFINET IO Status (on or off, default: on). Format lldp tlv pnio <{off|on}> Mode Interface Config 4.9.31 lldp tlv pnio-alias Configure the port's LLDP TLV inclusion of PROFINET IO Alias (on or off, default: on). -
Page 261: Lldp Tlv Port-Desc
4.9 LLDP - Link Layer Discovery Protocol 4.9.33 lldp tlv port-desc Configure the port's LLDP TLV inclusion of Port Description (on or off, default: on). Format lldp tlv port-desc <{off|on}> Mode Interface Config 4.9.34 lldp tlv port-vlan Configure the port's LLDP TLV inclusion of Port VLAN (on or off, default: on). Format lldp tlv port-vlan <{off|on}>... -
Page 262: Lldp Tlv Igmp
4.9 LLDP - Link Layer Discovery Protocol 4.9.36 lldp tlv igmp Configure the port's LLDP TLV inclusion of IGMP (on or off, default: on). Format lldp tlv igmp <{off|on (on)}> Mode Interface Config 4.9.37 lldp tlv portsec Configure the port's LLDP TLV inclusion of PortSec (on or off, default: on). Format lldp tlv portsec <{off|on (on)}>... -
Page 263: Lldp Tlv Protocol
4.9 LLDP - Link Layer Discovery Protocol 4.9.39 lldp tlv protocol Configure the port's LLDP TLV inclusion of Protocol (on or off, default: on). Format lldp tlv protocol <{off|on (on)}> Mode Interface Config 4.9.40 lldp tlv sys-cap Configure the port's LLDP TLV inclusion of System Capabilities (on or off, default: on). -
Page 264: Lldp Tlv Sys-Name
4.9 LLDP - Link Layer Discovery Protocol 4.9.42 lldp tlv sys-name Configure the port's LLDP TLV inclusion of System Name (on or off, default: on). Format lldp tlv sys-name <{off|on}> Mode Interface Config 4.9.43 lldp tlv vlan-name Configure the port's LLDP TLV inclusion of VLAN Name. Format lldp tlv vlan-name <{off|on}>... -
Page 265: Name
4.9 LLDP - Link Layer Discovery Protocol 4.9.44 name Set or remove a descriptive name for the current interface (physical ports only). Format name <descriptive name> Mode Interface Config <descriptive name> Enter a descriptive name for the current interface (physical ports only). -
Page 266: Sntp - Simple Network Time Protocol
4.10 SNTP - Simple Network Time Protocol 4.10 SNTP - Simple Network Time Protocol These commands show and configure the SNTP parameters. 4.10.1 show sntp This command shows all SNTP settings. Format show sntp Mode Privileged EXEC and User EXEC SNTP Server Anycast Address Show SNTP Server Anycast Address (a.b.c.d). - Page 267 4.10 SNTP - Simple Network Time Protocol SNTP Client Local Time Offset Show SNTP Client Local Time Offset (in minutes). SNTP Client Primary Server IP Address Show SNTP Client Primary Server IP Address (a.b.c.d). SNTP Client Secondary Server IP Address Show SNTP Client Secondary Server IP Address (a.b.c.d).
-
Page 268: Show Sntp Anycast
4.10 SNTP - Simple Network Time Protocol 4.10.2 show sntp anycast This command shows all SNTP anycast configuration settings. Format show sntp anycast [address|transmit-interval|vlan] Mode Privileged EXEC and User EXEC address Show the SNTP server's anycast destination IP Address. transmit-interval Show the SNTP Server's interval for sending Anycast messages (unit: seconds). -
Page 269: Show Sntp Operation
4.10 SNTP - Simple Network Time Protocol disable-after-sync Show if the SNTP client will be disabled once it is synchronized to the time server. offset Show the local time's offset (in minutes) with respect to UTC (positive values for locations east of Greenwich). request-interval Show the SNTP Client's request interval (unit: seconds). -
Page 270: Show Sntp Server
4.10 SNTP - Simple Network Time Protocol 4.10.5 show sntp server This command shows the SNTP Server's configuration parameters. Format show sntp server [disable-if-local] Mode Privileged EXEC and User EXEC disable-if-local Show if the server will be disabled if the time is running from the local clock and not synchronized to an external time source. -
Page 271: Show Sntp Time
4.10 SNTP - Simple Network Time Protocol 4.10.7 show sntp time This command shows time and date. Format show sntp time [sntp|system] Mode Privileged EXEC and User EXEC sntp Show the current SNTP date and UTC time. system Show the local system's current date and time. 4.10.8 no sntp This command disables sntp. -
Page 272: Sntp Anycast Address
4.10 SNTP - Simple Network Time Protocol 4.10.9 sntp anycast address Set the SNTP server's anycast destination IP Address, default: 0.0.0.0 (none). Format sntp anycast address <IPAddress> Mode Global Config no sntp anycast address Set the SNTP server's anycast destination IP Address to 0.0.0.0. Format no sntp anycast address Mode... -
Page 273: Sntp Anycast Vlan
4.10 SNTP - Simple Network Time Protocol 4.10.11sntp anycast vlan Set the SNTP server's Anycast VLAN ID used for sending Anycast messages, default: 1. Format sntp anycast vlan <1-4042> Mode Global Config 4.10.12sntp client accept-broadcast Enable/Disable that the SNTP Client accepts SNTP broadcasts. Format sntp client accept-broadcast <on | off>... -
Page 274: Sntp Client Disable-After-Sync
4.10 SNTP - Simple Network Time Protocol 4.10.13sntp client disable-after-sync If this option is activated, the SNTP client disables itself once it is synchro- nised to a server. Format sntp client disable-after-sync <on | off> Mode Global Config Do not disable SNTP client when it is synchronised to a time server. Disable SNTP client as soon as it is synchronised to a time server. -
Page 275: Sntp Client Request-Interval
4.10 SNTP - Simple Network Time Protocol 4.10.15sntp client request-interval The synchronization interval in seconds, default: 30. Format sntp client request-interval <1-3600> Mode Global Config 4.10.16no sntp client server Disable the SNTP client servers. Format no sntp client server Mode Global Config CLI L2E Release 8.0 05/2013... -
Page 276: Sntp Client Server Primary
4.10 SNTP - Simple Network Time Protocol 4.10.17sntp client server primary Set the SNTP Client's primary server IP Address, default: 0.0.0.0 (none). Format sntp client server primary <IP-Address> Mode Global Config no sntp client server primary Disable the primary SNTP client server. Format no sntp client server primary Mode... -
Page 277: Sntp Client Server Secondary
4.10 SNTP - Simple Network Time Protocol 4.10.18sntp client server secondary Set the SNTP Client's secondary server IP Address, default: 0.0.0.0 (none). Format sntp client server secondary <IP-Address> Mode Global Config no sntp client server secondary Disable the secondary SNTP client server. Format no sntp client server secondary Mode... -
Page 278: Sntp Client Threshold
4.10 SNTP - Simple Network Time Protocol 4.10.19sntp client threshold With this option you can reduce the frequency of time alterations. Enter this threshold as a positive integer value in milliseconds. The switch obtains the server timer as soon as the deviation to the server time is above this threshold. -
Page 279: Sntp Operation
4.10 SNTP - Simple Network Time Protocol 4.10.20sntp operation Enable/Disable the SNTP function. Format sntp operation <on | off> | client { on | off } | server { on | off } Mode Global Config client Enable or disable SNTP Client. server Enable or disable SNTP Server. -
Page 280: Sntp Server Disable-If-Local
4.10 SNTP - Simple Network Time Protocol 4.10.21sntp server disable-if-local With this option enabled, the switch disables the SNTP Server Function if it is not synchronized to a time server itself. Format sntp server disable-if-local <on | off> Mode Global Config Enable the SNTP Server even if it is not synchronized to a time server itself. -
Page 281: Poe - Power Over Ethernet
4.11 PoE - Power over Ethernet 4.11 PoE - Power over Ethernet These commands show and configure the Power over Ethernet (IEEE 802.3af) parameters. 4.11.1 show inlinepower This command shows global Inline Power settings PoE. Format show inlinepower Mode Privileged EXEC and User EXEC 4.11.2 show inlinepower port This command shows the configuration settings and states per port. -
Page 282: Inlinepower (Global Config)
4.11 PoE - Power over Ethernet 4.11.3 inlinepower (Global Config) Configure the global Inline Power parameters. Format inlinepower {admin-mode {disable|enable} | trap {disable|enable} | threshold <1-99> | fast-startup {enable|disable} } Mode Global Config admin-mode Configure the global Inline Power administrative setting (enable or disable, default: enable). -
Page 283: Inlinepower (Interface Config)
4.11 PoE - Power over Ethernet 4.11.4 inlinepower (Interface Config) Configure the portrelated Inline Power parameters. Note: The interface name you enter in the name-command. Format inlinepower {admin-mode {disable|enable} | priority {critical|high|low} } Mode Interface Config admin-mode Configure the port-related Inline Power administrative setting (enable or disable, default: enable). - Page 284 4.11 PoE - Power over Ethernet CLI L2E Release 8.0 05/2013...
-
Page 285: Cli Commands: Switching
CLI Commands: Switching 5 CLI Commands: Switching This section provides detailed explanation of the Switching commands. The commands are divided into two functional groups: Show commands display spanning tree settings, statistics, and other information. Configuration Commands configure features and options of the switch. For every configuration command there is a show command that displays the configuration setting. - Page 286 CLI Commands: Switching CLI L2E Release 8.0 05/2013...
-
Page 287: Spanning Tree Commands
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1 Spanning Tree Commands 5.1.1 show spanning-tree This command displays spanning tree settings for the common and internal spanning tree, when the optional parameter “brief” is not included in the com- mand. The following details are displayed. Format show spanning-tree [brief] Mode... - Page 288 CLI Commands: Switching 5.1 Spanning Tree Commands Root Port Identifier Identifier of the port to access the Designated Root for the CST. Root Port Max Age Derived value Root Port Bridge Forward Delay Derived value Hello Time Configured value Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) CST Regional Root...
- Page 289 CLI Commands: Switching 5.1 Spanning Tree Commands Bridge Max Age Configured value. Bridge Hello Time Configured value. Bridge Forward Delay Configured value. Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) Rstp Mrp Mode Rapid spanning tree mrp (Media Redundancy Protocol) mode (Enabled/Disabled) Rstp Mrp configuration error Configuration error in Rapid spanning tree mrp (Media Redundancy...
-
Page 290: Show Spanning-Tree Interface
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.2 show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <slot/port> is the desired switch port. The following details are displayed on execution of the com- mand. -
Page 291: Show Spanning-Tree Mst Detailed
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.3 show spanning-tree mst detailed This command displays settings and parameters for the specified multiple spanning tree instance. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance ID. The following de- tails are displayed. -
Page 292: Show Spanning-Tree Mst Port Detailed
CLI Commands: Switching 5.1 Spanning Tree Commands Associated FIDs List of forwarding database identifiers associated with this instance. Associated VLANs List of VLAN IDs associated with this instance. 5.1.4 show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. - Page 293 CLI Commands: Switching 5.1 Spanning Tree Commands Designated Root The Identifier of the designated root for this port. Designated Port Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port. Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the LAN If 0 (defined as the default CIST ID) is passed as the <mstid>, then this com-...
- Page 294 CLI Commands: Switching 5.1 Spanning Tree Commands Topology Change Acknowledgement Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission indicating if a topology change is in progress for this port. Hello Time The hello time in use for this port. Edge Port The configured value indicating if this port is an edge port.
-
Page 295: Show Spanning-Tree Mst Port Summary
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.5 show spanning-tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance. The parameter <mstid> indicates a particu- lar MST instance. The parameter {<slot/port> | all} indicates the desired switch port or all ports. -
Page 296: Show Spanning-Tree Mst Summary
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.6 show spanning-tree mst summary This command displays settings and parameters for the specified multiple spanning tree instance. The following details are displayed. Format show spanning-tree mst summary Mode Privileged EXEC and User EXEC MST Instance ID Valid value: 0 Associated FIDs... -
Page 297: Show Spanning-Tree Summary
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.7 show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. Format show spanning-tree summary Mode Privileged EXEC and User EXEC Spanning Tree Adminmode Enabled or disabled. -
Page 298: Show Spanning-Tree Vlan
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.8 show spanning-tree vlan This command displays the association between a VLAN and a multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID (1-4042). Format show spanning-tree vlan <vlanid> Mode Privileged EXEC and User EXEC vlanid Enter a VLAN identifier (1 - 4042). -
Page 299: Spanning-Tree
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.9 spanning-tree This command sets the spanning-tree operational mode to enabled. Default disabled Format spanning-tree Mode Global Config no spanning-tree This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration is retained and can be changed, but is not activated. -
Page 300: Spanning-Tree Auto-Edgeport
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.10 spanning-tree auto-edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay. Format spanning-tree auto-edgeport Mode Interface Config... -
Page 301: Spanning-Tree Bpduguard
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.11 spanning-tree bpduguard This command sets the BPDU (Bridge Protocol Data Units) Guard on the switch to enabled. Default disabled Format spanning-tree bpduguard Mode Global Config no spanning-tree bpduguard This command sets the BPDU (Bridge Protocol Data Units) Guard to disabled. -
Page 302: Spanning-Tree Configuration Name
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.12 spanning-tree configuration name This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using. The <name> is a string of at most 32 characters. Default The base MAC address displayed using hexadecimal notation as specified in IEEE 802 standard. -
Page 303: Spanning-Tree Configuration Revision
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.13 spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configu- ration Identifier Revision Level is a number in the range of 0 to 65535. Default Format spanning-tree configuration revision <0-65535>... -
Page 304: Spanning-Tree Edgeport
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.14 spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay. Format spanning-tree edgeport Mode Interface Config... -
Page 305: Spanning-Tree Forceversion
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.15 spanning-tree forceversion This command sets the Force Protocol Version parameter to a new value. The Force Protocol Version can be one of the following: 802.1d - ST BPDUs are transmitted (802.1Q-2005 functionality supported) 802.1s - ST BPDUs are transmitted (802.1Q-2005 functionality supported) 802.1w - RST BPDUs are transmitted... -
Page 306: Spanning-Tree Forward-Time
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.16 spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1". -
Page 307: Spanning-Tree Guard Loop
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.17 spanning-tree guard loop This command enables loop guard and disables root guard guard on an interface. Default disabled Format spanning-tree guard loop Mode Interface Config no spanning-tree guard This command disables the guard for this port. Format no spanning-tree guard Mode... -
Page 308: Spanning-Tree Guard None
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.18 spanning-tree guard none This command disables root guard and disables loop guard guard on an interface. Default disabled Format spanning-tree guard none Mode Interface Config no spanning-tree guard This command disables the guard for this port. Format no spanning-tree guard Mode... -
Page 309: Spanning-Tree Guard Root
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.19 spanning-tree guard root This command enables root guard and disables loop guard on an interface. Default disabled Format spanning-tree guard root Mode Interface Config no spanning-tree guard This command disables the guard for this port. Format no spanning-tree guard Mode... -
Page 310: Spanning-Tree Hello-Time
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.20 spanning-tree hello-time This command sets the Hello Time parameter to a new value for the common and internal spanning tree. The hellotime <value> is in whole seconds within a range of 1 to 2 with the value being less than or equal to "(Bridge Max Age / 2) - 1". -
Page 311: Spanning-Tree Hold-Count
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.21 spanning-tree hold-count This command sets the bridge hold count parameter. Default disabled Format spanning-tree hold-count <1-40> Mode Global Config <1-40> Enter the bridge parameter for hold count as an integer in the range 1 - 40. -
Page 312: Spanning-Tree Max-Age
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.22 spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to "2 times (Bridge Forward Delay - 1)". -
Page 313: Spanning-Tree Max-Hops
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.23 spanning-tree max-hops This command sets the Bridge Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is an integer within a range of 1 to127. Format spanning-tree max-hops <1-127>... -
Page 314: Spanning-Tree Mst
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.24 spanning-tree mst This command sets the Path Cost or Port Priority for this port within the mul- tiple spanning tree instance or in the common and internal spanning tree. If the <mstid> parameter corresponds to an existing multiple spanning tree in- stance, then the configurations are done for that multiple spanning tree in- stance. - Page 315 CLI Commands: Switching 5.1 Spanning Tree Commands no spanning-tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree to the respective default values. If the <mstid> parameter corre- sponds to an existing multiple spanning tree instance, then the configura- tions are done for that multiple spanning tree instance.
-
Page 316: Spanning-Tree Mst Priority
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.25 spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree in- stance. The instance <mstid> is a number that corresponds to the desired ex- isting multiple spanning tree instance. The priority value is a number within a range of 0 to 61440 in increments of 4096. -
Page 317: Spanning-Tree Mst Vlan
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.26 spanning-tree mst vlan This command adds an association between a multiple spanning tree instance and a VLAN. The VLAN will no longer be associated with the common and internal spanning tree. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. -
Page 318: Spanning-Tree Mst Instance
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.27 spanning-tree mst instance This command creates a MST instance. Format spanning-tree mst instance <1-4094> Mode Global Config <1-4094> Enter a multiple spanning tree instance identifier. no spanning-tree mst instance This command removes a MST instance. Format no spanning-tree mst instance <1-4094>... -
Page 319: Spanning-Tree Port Mode
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.28 spanning-tree port mode This command sets the Administrative Switch Port State for this port to enabled. Default disabled Format spanning-tree port mode Mode Interface Config no spanning-tree port mode This command sets the Administrative Switch Port State for this port to disabled. -
Page 320: Spanning-Tree Port Mode All
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.29 spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to enabled. Default disabled Format spanning-tree port mode all Mode Global Config no spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to disabled. -
Page 321: Spanning-Tree Stp-Mrp-Mode
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.30 spanning-tree stp-mrp-mode This command sets the spanning tree mrp (Media Redundancy Protocol) mode to enabled. Default disabled Format spanning-tree stp-mrp-mode Mode Global Config no spanning-tree stp-mrp-mode This command sets the spanning tree mrp (Medium Redundancy Protocol) mode to disabled. -
Page 322: Spanning-Tree Tcnguard
CLI Commands: Switching 5.1 Spanning Tree Commands 5.1.31 spanning-tree tcnguard This command enables tcn guard on an interface. Default disabled Format spanning-tree guard tcnguard Mode Interface Config no spanning-tree tcnguard This command disables tcn guard for this port. Format no spanning-tree tcnguard Mode Interface Config CLI L2E... -
Page 323: Mrp
CLI Commands: Switching 5.2 MRP 5.2 MRP The concept of the MRP-Ring enables the construction of high-availability, ring-shaped network structures. The two ends of a backbone in a line-type configuration can be closed to form a redundant ring - the MRP-Ring - by using the RM function (Redundancy Manager) of the Switch. -
Page 324: Show Mrp Current-Domain
CLI Commands: Switching 5.2 MRP 5.2.2 show mrp current-domain This command displays the settings and states of the MRP-Ring´s current domain. The following details are displayed on execution of the command. If you omit the optional keywords (e. g., advanced-mode), all settings will be displayed. -
Page 325: Mrp Current-Domain
CLI Commands: Switching 5.2 MRP port Show the ports for the given MRP domain port primary Show the primary port for the given MRP domain. port secondary Show the secondary port for the given MRP domain. summary Show a summary for the given MRP domain. vlan Show the VLAN ID for the given MRP domain. - Page 326 CLI Commands: Switching 5.2 MRP manager-priority Configure the given MRP domain's manager priority (0-65535). mode Configure the switch's MRP mode for the given domain (client or manager). client: Switch is client for the given MRP domain. manager: Switch is manager for the given MRP domain. name Set a name for the given MRP domain.
-
Page 327: Mrp Delete-Domain
CLI Commands: Switching 5.2 MRP 5.2.4 mrp delete-domain Delete current MRP domain. Format mrp delete-domain current-domain Mode Global Config 5.2.5 mrp new-domain Create a new MRP domain. The configuration will consist of default parame- ters and its operation will be disabled. Default n/a not set Format... -
Page 328: Hiper-Ring
HIPER-Ring are connected with each other via their ring ports. Exactly one redundancy manager assumes control of the ring. These commands are for configuring the Hirschmann High Performance Redundancy Ring. Further information concerning this function you will find in the User Manual ”Redundancy Configuration”. -
Page 329: Show Hiper-Ring
CLI Commands: Switching 5.3 HIPER-Ring 5.3.1 show hiper-ring This command displays the settings and states of the HIPER-Ring. The fol- lowing details are displayed on execution of the command. Format show hiper-ring {info | mode | port [primary | secondary] | redundancy-state | rm-state | recovery-delay} Mode Privileged EXEC and User EXEC... -
Page 330: Hiper-Ring
CLI Commands: Switching 5.3 HIPER-Ring 5.3.2 hiper-ring Configure the HIPER-Ring. Press Enter for a list of valid commands and their recommended order. Format hiper-ring Mode Global Config no hiper-ring Clear the HIPER Ring configuration (delete it). Format no hiper-ring Mode Global Config 5.3.3 hiper-ring mode This command sets the HIPER-Ring mode. -
Page 331: Hiper-Ring Port Primary
CLI Commands: Switching 5.3 HIPER-Ring 5.3.4 hiper-ring port primary Enter the switch's primary HIPER Ring port. Default n/a (not set) Format hiper-ring port primary <primary ring port> Mode Global Config primary ring port Enter the switch's primary HIPER Ring port (<slot/port>). 5.3.5 hiper-ring port secondary Enter the switch's secondary HIPER Ring port. -
Page 332: Hiper-Ring Recovery-Delay
CLI Commands: Switching 5.3 HIPER-Ring 5.3.6 hiper-ring recovery-delay Defines the maximum recovery delay of ring recovery in the HIPER Ring (500 or 300 ms). Default n/a not set Format hiper-ring recovery-delay (<500/300>) Mode Global Config CLI L2E Release 8.0 05/2013... -
Page 333: Fast-Hiper-Ring
Fast-HIPER-Ring are connected with each other via their ring ports. Exactly one redundancy manager assumes control of the ring. These commands are for configuring the Hirschmann Fast High Perfor- mance Redundancy Ring. Further information concerning this function you will find in the User Manual ”Redundancy Configuration”. - Page 334 CLI Commands: Switching 5.4 Fast-HIPER-Ring This command displays the settings and states of the HIPER-Ring. The fol- lowing details are displayed on execution of the command. Format show fast-hiper-ring Mode Privileged EXEC and User EXEC Ring ID Display the Ring ID. Mode of Switch (administrative setting) Display the HIPER-Ring mode administrative settings.
- Page 335 CLI Commands: Switching 5.4 Fast-HIPER-Ring Display the given Fast HIPER-Ring's ID. info Display status information for the given Fast HIPER-Ring ID. mode Display the switch's mode for the given Fast HIPER-Ring ID. operation Display the switch's operative setting for the given Fast HIPER-Ring Note: In case of configuration problems, this value may differ from the administrative setting (may become 'Disabled').
-
Page 336: Fast-Hiper-Ring
CLI Commands: Switching 5.4 Fast-HIPER-Ring 5.4.1 fast-hiper-ring Configure the Fast-HIPER-Ring. Format fast-hiper-ring {current-id {mode {ring-manager|ring-switch|rm|rs} | operation {disable|enable} | port {primary|secondary} <slot/port> | ring-name <ring-name> | nodes <1-n> | vlan <0-4042>} | delete-id current-id | new-id {<id>|default-id}} Mode Global Config current-id Specify that you want to configure the current Fast-HIPER-Ring ID's settings. - Page 337 CLI Commands: Switching 5.4 Fast-HIPER-Ring ring-name Set a ring name for the given Fast HIPER-Ring ID. nodes Specify the number of nodes in the ring for the given Fast HIPER- Ring ID. vlan Specify the VLAN for the given Fast HIPER-Ring ID. delete-id Delete the given Fast HIPER-Ring ID.
-
Page 338: Redundant Coupling
The control intelligence built into the switch allows the redundant coupling of HIPER-Rings and network segments. Two network segments can be connected via two separate paths with one of the following switches: RS2-16M RS20/RS30/RS40 RSR20/RSR30 MICE (Rel. 3.0 or higher) MS20/MS30... -
Page 339: Show Ring-Coupling
CLI Commands: Switching 5.5 Redundant Coupling 5.5.1 show ring-coupling This command displays the settings and states of the network coupling / ring coupling. To set up a new Ring Coupling configuration when no configuration is cur- rently present (e. g., after a clear command), always set the local port first. Please refer to: ring-coupling port local <slot/port>. - Page 340 CLI Commands: Switching 5.5 Redundant Coupling partner IP Display the switch's Ring Coupling partner IP address (only valid for remote configurations). port Display the switch's Ring Coupling ports – all – local – partner (only takes effect in dual configurations) –...
-
Page 341: Ring-Coupling
CLI Commands: Switching 5.5 Redundant Coupling 5.5.2 ring-coupling Configure the redundant coupling of HIPER-Rings / network segments. This command, if called without arguments, lists the available subcommands, their recommended order and tips how to set up a new configuration. Format ring-coupling Mode Global Config... -
Page 342: Ring-Coupling Config
CLI Commands: Switching 5.5 Redundant Coupling 5.5.3 ring-coupling config This command sets the Ring Coupling configuration. Possible values are: single Configure the Ring Coupling's basic setting to single (both cou- pling ports are local to the switch, switch performs master and slave func- tions). -
Page 343: Ring-Coupling Net-Coupling
CLI Commands: Switching 5.5 Redundant Coupling 5.5.4 ring-coupling net-coupling Coupling mode refers to the type of coupled network. Possible values are: network ,if you wish to couple a line-type configuration. ring-only ,if you wish to couple a HIPER-Ring. Default none Format ring-coupling net-coupling <{network|ring-only}>... -
Page 344: Ring-Coupling Port
CLI Commands: Switching 5.5 Redundant Coupling 5.5.6 ring-coupling port Configure the Ring Coupling's ports. Possible values are: control Enter the Ring Coupling's control coupling port in outband configurations. local Enter the Ring Coupling's local coupling port. partner Enter the Ring Coupling's partner coupling port in single mode configuration. -
Page 345: Port Security
CLI Commands: Switching 5.6 Port Security 5.6 Port Security With the Port Securitiy function you can specify for each port from which terminal devices data can be received and sent to other ports. This function helps to protect the network from unauthorized access. 5.6.1 show port-sec mode Display the MAC/IP Based Port Security global setting for all ports. -
Page 346: Port-Sec Mode
CLI Commands: Switching 5.6 Port Security 5.6.3 port-sec mode Configure the global MAC/IP Based Port Security mode: ip-based Port security is based on a given, allowed source IP address. mac-based Port security is based on a given, allowed source MAC address. -
Page 347: Port-Sec Action
CLI Commands: Switching 5.6 Port Security 5.6.4 port-sec action Configure the action to be taken if port security is violated at this port. none No action is taken if port security is violated at this port. port-disable The port is disabled for traffic if port security is violated. trap-only A trap is sent if port security is violated at this port (this port remains open for traffic). -
Page 348: Port-Sec Allowed-Ip
CLI Commands: Switching 5.6 Port Security 5.6.5 port-sec allowed-ip Enter the allowed IP source address for this port, format: nnn.nnn.nnn.nnn (nnn: decimal number 0..255) (up to 10). Format port-sec allowed-ip <IP Address 1> <IP Address 2> ... <IP Address 10> Mode Interface Config 5.6.6 port-sec allowed-ip add... -
Page 349: Port-Sec Allowed-Ip Remove
CLI Commands: Switching 5.6 Port Security 5.6.7 port-sec allowed-ip remove Enter the allowed IP source address for this port, format: nnn.nnn.nnn.nnn (nnn: decimal number 0..255) (up to 50). Format port-sec allowed-ip remove <IP Address 1> <IP Address 2> ... <IP Address 50> Mode Interface Config 5.6.8 port-sec allowed-mac... -
Page 350: Port-Sec Allowed-Mac Add
CLI Commands: Switching 5.6 Port Security 5.6.9 port-sec allowed-mac add Enter the allowed MAC source address for this port, format: nn:nn:nn:nn:nn:nn (n: hexadecimal digit) or format: nn:nn:nn:nn:nn:nn/m n: hexadecimal digit, m: decimal digit (1..48) (up to 50). Format port-sec allowed-mac add <MAC Address 1> <MAC Address 2>... -
Page 351: Clear Port-Sec
CLI Commands: Switching 5.6 Port Security 5.6.11 clear port-sec Clear the MAC/IP Based Port Security by setting each port's security action (applied when port security is violated) to None. Additionally, the global mode is set to MAC Based. Format clear port-sec Mode User EXEC and Global Config CLI L2E... -
Page 352: Dhcp Relay Commands
CLI Commands: Switching 5.7 DHCP Relay Commands 5.7 DHCP Relay Commands These commands configure the DHCP Relay parameters. The commands are divided by functionality into these different groups: Configuration Commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting. -
Page 353: Dhcp-Relay
CLI Commands: Switching 5.7 DHCP Relay Commands 5.7.1 dhcp-relay Set different options for BOOTP/DHCP relay and option 82 inclusion. Format dhcp-relay {opt82 {operation {disable|enable}| man-id <Manual Remote ID>| remote-id-type {client-id|ip|mac|other}}| server-address <Server-ID (1..4)> <Server IP Address>} Mode Global Config dhcp-relay opt82 operation {disable|enable} Enable/Disable option 82 globally. -
Page 354: Dhcp-Relay
{disable|enable} Enable or disable the forwarding of DHCP requests that are received on this port. Enable this parameter if a Hirschmann DHCP client is connected to this port. Default: disable. Disable this parameter if a Non-Hirschmann DHCP client is con- nected to this port (these devices send normal broadcast DHCP requests;... -
Page 355: Show Dhcp-Relay
5.7 DHCP Relay Commands are received on this port) Enable this parameter if a Hirschmann DHCP client is connected to this port (it will send its own DHCP multicast requests to be relayed by the DHCP relay; this will reduce the load in your network). - Page 356 Display the DHCP Relay's active protocol settings. Possible values: Relay, Disabled, Server, Inaccessible Option 82 Display the DHCP Relay's option 82 settings. Possible values: Disabled, Enabled Hirschmann Device Display the DHCP Relay's Hirschmann device settings. Possible values: Disabled, Enabled CLI L2E Release 8.0 05/2013...
-
Page 357: Cli Commands: Security
CLI Commands: Security 6 CLI Commands: Security This chapter provides a detailed explanation of the Security commands. The following Security CLI commands are available in the software Switching Package. Use the security commands to configure security settings for login users and port users. The commands are divided into these different groups: Show commands are used to display device settings, statistics and other information. - Page 358 CLI Commands: Security CLI L2E Release 8.0 05/2013...
-
Page 359: Security Commands
CLI Commands: Security 6.1 Security Commands 6.1 Security Commands 6.1.1 users login This command assigns the specified authentication login list to the specified user for system login. The <user> must be a configured <user> and the <listname> must be a configured login list. If the user is assigned a login list that requires remote authentication, all ac- cess to the interface from all CLI, web, and telnet sessions will be blocked until the authentication is complete. -
Page 360: Http Commands
CLI Commands: Security 6.2 HTTP Commands 6.2 HTTP Commands 6.2.1 ip http secure-port This command is used to set the sslt port where port can be 1-65535 and the default is port 443. Default Format ip http secure-port <portid> Mode Privileged EXEC no ip http secure-port This command is used to reset the sslt port to the default value. -
Page 361: Ip Http Secure-Protocol
CLI Commands: Security 6.2 HTTP Commands 6.2.2 ip http secure-protocol This command is used to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. Default SSL3 and TLS1 Format ip http secure-protocol [SSL3] [TLS1] Mode Privileged EXEC CLI L2E... -
Page 362: Ip Http Server
CLI Commands: Security 6.2 HTTP Commands 6.2.3 ip http server This command enables access to the switch‘s graphical user interface (web- based interface) via a web browser. When access is enabled, the user can login to the switch from the web-based interface. When access is disabled, the user cannot login to the switch's web server. -
Page 363: Show Ip Http
CLI Commands: Security 6.2 HTTP Commands 6.2.4 show ip http This command displays the http settings for the switch. Format show ip http Mode Privileged EXEC and User EXEC Secure-Server Administrative Mode This field indicates whether the administrative mode of secure HTTP is enabled or disabled. -
Page 364: Ip Https Server
CLI Commands: Security 6.2 HTTP Commands 6.2.5 ip https server This command is used to turn on the HTTPS server 3. This command enables access to the switch‘s graphical user interface (web- based interface) via a web browser. When access is enabled, the user can login to the switch from the web interface. -
Page 365: Ip Https Port
CLI Commands: Security 6.2 HTTP Commands 6.2.6 ip https port This command is used to set the HTTPS listening port. The acceptable range is 1-65535. The default is 443 Note: After this setting, re-enable the HTTPS server. See “ip http server” on page 362. Default Format ip https port <port_no>... -
Page 366: Show Ip Https
CLI Commands: Security 6.2 HTTP Commands 6.2.8 show ip https This command displays the status of the HTTPS server (status of the server and port number). Format show ip https Mode Privileged EXEC and User EXEC HTTPS Mode Displays the status of the HTTPS server (enabled, disabled). HTTPS Port Displays the port numberof the HTTPS server (default: 443). -
Page 367: Appendix- Vlan Example
Appendix- VLAN Example 7 Appendix- VLAN Example LAN switches can segment networks into logically defined virtual work- groups.This logical segmentation is commonly referred as a virtual LAN (VLAN). This logical segmentation of devices provides better LAN adminis- tration, security, and management of broadcast activity over the network. Vir- tual LANs have become an integral feature of switched LAN solutions. - Page 368 Appendix- VLAN Example VLAN Command create VLAN 3 vlan database vlan 3 exit config interface 0/3 vlan participation include 3 exit interface 0/4 vlan participation include 3 exit create VLAN 4 vlan database vlan 4 exit config interface 0/5 vlan participation include 4 exit interface 0/6 vlan participation include 4...
-
Page 369: Solution 1
Appendix- VLAN Example 7.1 SOLUTION 1 7.1 SOLUTION 1 All traffic entering the ports is tagged traffic. Since the traffic is tagged, the PVID configuration for each port is not a concern. The network card configuration for devices on Project A must be set to tag all traffic with 'VLAN 2' The network card configuration for devices on Project B must be set to tag all traffic with 'VLAN 3'... - Page 370 Appendix- VLAN Example 7.1 SOLUTION 1 CLI L2E Release 8.0 05/2013...
-
Page 371: Solution
Appendix- VLAN Example 7.2 SOLUTION 2 7.2 SOLUTION 2 The network card configuration for devices on Project A, B and C should be set to NOT tag traffic. To take care of these untagged frames configure the following: vlan pvid 2 (in interface 0/1) vlan pvid 2 (in interface 0/2) vlan pvid 3 (in interface 0/3) vlan pvid 3 (in interface 0/4) - Page 372 Appendix- VLAN Example 7.2 SOLUTION 2 CLI L2E Release 8.0 05/2013...
- Page 373 (hardware) addresses on a LAN. be simultaneously live, which could result in an endless loop of traffic on Advanced Network Device Layer/ the LAN. Software. Hirschmann term for the Device Driver level. CLI L2E Release 8.0 05/2013...
- Page 374 Glossary Aging. When an entry for a node is standard implementation of STP added to the lookup table of a (Spanning Tree Protocol). It uses the switch, it is given a timestamp. Each STP algorithm to insure that physical time a packet is received from a loops in the network topology do not node, the timestamp is updated.
- Page 375 Glossary be programmed after its statements to determine how to construction. forward a given network packet. An analogy is made to travel services, CPLD. See “Complex in which a person can choose Programmable Logic Device.” on among different modes of travel - page 374.
- Page 376 Glossary addresses rather than requiring an asynchronous communication is administrator to manage the task. A called xon-xoff. In this case, the new computer can be added to a receiving device sends a an “xoff” network without the hassle of message to the sending device manually assigning it a unique IP when its buffer is full.
- Page 377 Glossary Group membership information with operation of the GARP Application the MAC Bridges attached to the concerned. same LAN segment, and for that Gigabit Ethernet. A high-speed information to be disseminated Ethernet connection. across all Bridges in the Bridged LAN that support Extended Filtering GIP.
- Page 378 Glossary IGMP. See “Internet Group IP. See “Internet Protocol” on Management Protocol” on page 378. page 378. IGMP Snooping. A series of IP Multicasting. Sending out data operations performed by to distributed servers on the MBone intermediate systems to add logic to (Multicast Backbone).
- Page 379 Glossary gateway recognizes the packet as server that can support IPv6 packets belonging to a computer within its can also support IPv4 packets. immediate neighborhood or domain. That gateway then forwards the packet directly to the computer whose address is specified. Joint Test Action Group.
- Page 380 Glossary Learning. The bridge examines the what is called a WAN or Wide Area Layer 2 source addresses of every Network. frame on the attached networks (called listening) and then maintains a table, or cache, of which MAC addresses are attached to each of MAC.
- Page 381 Glossary MDIX. Management Dependent will allow users to easily join Interface Crossover. multicast groups. Note that multicasting refers to sending a MIB. See “Management Information message to a select group whereas Base” on page 380. broadcasting refers to sending a message to everyone connected to MOSPF.
- Page 382 Glossary autonomous system—or ISP—in fiber-optic cables to be plugged into order to simplify and improve IP- compatible devices as easily as packet exchange. MPLS gives plugging in a telephone cable. network operators a great deal of MUX. See “Multiplexing” on flexibility to divert and route traffic page 381.
- Page 383 Glossary mirrored data to monitor each segment separately. The analyzer captures and evaluates the data PDU. See “Protocol Data Unit” on without affecting the client on the page 383. original port. The monitor port may PHY. The OSI Physical Layer: The be a port on the same SwitchModule physical layer provides for with an attached RMON probe, a...
- Page 384 Glossary Simple Network Management Protocol. SNMP is the protocol governing network management and Real-Time Operating System. the monitoring of network devices RTOS is a component of the OSAPI and their functions. It is not module that abstracts operating necessarily limited to TCP/IP systems with which other systems networks.
- Page 385 Glossary of SNMPv2p and SNMPv2u. (It is also called SNMPv2star.) The documents defing this version were TBI. Ten Bit Interface. never published as RFCs. Telnet. A character-based UNIX SNMPv3 (proposed): This version of application that enables users with a the protocol is a combination of Telnet server account to log on to a user-based security and the protocol UNIX computer and utilize its...
- Page 386 Glossary UPMB. The second of two UPMs in client-server system to distribute Motorola's MPC855T processor. information, based upon the hypertext transfer protocol (HTTP). USP. An abbreviation that represents Unit, Slot, Port. Wide Area Network. A WAN is a computer network that spans a relatively large geographical area.
- Page 387 Glossary slows down the rate of data transmission considerably, but it ensures accurate transmission. Xmodem can be implemented either in software or in hardware. Many modems, and almost all communications software packages, support Xmodem. However, it is useful only at relatively slow data transmission speeds (less than 4,800 bps).
- Page 388 Glossary CLI L2E Release 8.0 05/2013...
- Page 389 Index 9 Index Competence Center address-conflict config commands areaid config loginsession auto-disable reason config port admin-mode 184, 185 auto-disable timer config port linktrap 186, 187 auto-negotiate config port physical-mode auto-negotiate all config switchconfig broadcast 190, 191, config switchconfig flowcontrol 194, 195 boot skip-aca-on-boot 221, 221 config users add...
- Page 390 Index dhcp-relay 353, 354 lldp tlv gmrp dip-switch operation lldp tlv igmp disconnect lldp tlv link-aggregation duplex settings lldp tlv mac-phy-config-state lldp tlv max-frame-size lldp tlv mgmt-addr ethernet-ip lldp tlv pnio lldp tlv pnio-alias lldp tlv pnio-mrp fast-hiper-ring lldp tlv port-desc flow control 194, 195 lldp tlv portsec...
- Page 391 Index network mgmt-access delete network mgmt-access modify Schulungsangebot network mgmt-access operation selftest ramtest network mgmt-access status selftest reboot-on-error network parms selftest reboot-on-hdxerror network priority serial timeout network protocol sessions no dhcp-relay closing 210, 236 no lldp displaying no sntp set igmp 150, 151 no sntp anycast address 272, 273, 279...
- Page 392 Index show vlan summary show selftest show serial show config-watchdog show signal-contact show device-status show slot show dhcp-relay 353, 355 show snmp-access show dip-switch show snmpcommunity show ethernet-ip 93, 96 show snmptrap show eventlog show sntp show fast-hiper-ring show sntp anycast show hiper-ring show sntp client show hiper-ring info...
- Page 393 Index snmp-server enable traps multiusers storm-control egress-limiting snmp-server enable traps port-sec storm-control flowcontrol snmp-server enable traps stpmode storm-control flowcontrol per port snmp-server location storm-control ingress-limit snmp-server sysname storm-control ingress-limiting snmptrap storm-control ingress-mode 191, 193 snmptrap ipaddr switch snmptrap mode information, related 201 commands 177, snmptrap snmpversion 178, SNTP - Simple Network Time Protocol...
- Page 394 Index vlan acceptframe 198, 199 vlan ingressfilter VLAN Mode vlan name vlan participation vlan participation all vlan port acceptframe all vlan port ingressfilter all vlan port priority all vlan port pvid all vlan port tagging all vlan priority vlan pvid vlan tagging vlan0-transparent-mode VLANs...
- Page 395 Further support Technical Questions For technical questions, please contact any Hirschmann dealer in your area or Hirschmann directly.. You will find the addresses of our partners on the Internet at http://www.hirschmann.com Contact our support at https://hirschmann-support.belden.eu.com You can contact us in the EMEA region at: Tel.: +49 (0)1805 14-1538...
Need help?
Do you have a question about the RS20 and is the answer not in the manual?
Questions and answers