Download Print this page

Planet Networking & Communication SGS-6340-24T4S Command Manual

Planet Networking & Communication SGS-6340-24T4S Command Manual

Layer 3 multi-port full gigabit stackable managed switch

Table Of Contents

page of 984

/ 984
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

1-1

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the SGS-6340-24T4S and is the answer not in the manual?

Questions and answers

Summary of Contents for Planet Networking & Communication SGS-6340-24T4S

Page 2: Table Of Contents
Table of Contents CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFIGURATION ......1-42 1.1 C .................... 1-42 OMMANDS FOR ASIC ONFIGURATION 1.1.1 Authentication line ............................ 1-42 1.1.2 banner ..............................1-43 1.1.3 boot img ..............................1-44 1.1.4 boot startup-config ............................ 1-45 1.1.5 clock set..............................1-46 1.1.6 config ................................
Page 3 1.1.35 show privilege mode LINE ........................1-66 1.1.36 show tech-support ..........................1-66 1.1.37 show version ............................1-67 1.1.38 username..............................1-67 1.1.39 web language ............................1-69 1.1.40 write ................................ 1-69 1.1.41 write running-config ..........................1-70 1.2 C ........................1-70 OMMANDS FOR ELNET 1.2.1 aaa authorization config-commands ......................
Page 4 1.3.2 ip address ..............................1-91 1.3.3 ipv6 address ............................. 1-92 1.3.4 ip bootp-client enable ..........................1-93 1.3.5 ip dhcp-client enable ..........................1-94 1.4 C SNMP........................1-95 OMMANDS FOR 1.4.1 debug snmp mib ............................1-95 1.4.2 debug snmp kernel ........................... 1-95 1.4.3 rmon enable..............................
Page 5 1.5.11 tftp-server transmission-timeout ......................1-121 CHAPTER 2 FILE SYSTEM COMMANDS ..............2-122 ..............................2-122 .............................. 2-122 COPY ............................2-124 DELETE ..............................2-124 ............................2-125 FORMAT ............................. 2-126 MKDIR ..............................2-126 ............................2-127 RENAME ............................. 2-128 RMDIR CHAPTER 3 COMMANDS FOR CLUSTER ............... 3-129 ........................
Page 6 3.16 ......................3-142 SHOW CLUSTER CANDIDATES 3.17 ......................3-142 SHOW CLUSTER TOPOLOGY 3.18 ....................... 3-144 RCOMMAND COMMANDER 3.19 ........................3-145 RCOMMAND MEMBER CHAPTER 4 COMMANDS FOR NETWORK PORT CONFIGURATION ....4-146 4.1 C ................4-146 OMMANDS FOR THERNET ONFIGURATION 4.1.1 bandwidth ............................... 4-146 4.1.2 clear counters interface ..........................
Page 7 ..................... 6-170 LOOPBACK DETECTION INTERVAL TIME ................... 6-171 LOOPBACK DETECTION SPECIFIED VLAN ......................6-172 SHOW LOOPBACK DETECTION CHAPTER 7 COMMANDS FOR ULDP ..............7-173 ........................... 7-173 DEBUG ULDP ........................7-173 DEBUG ULDP ERROR ......................... 7-174 DEBUG ULDP EVENT ................... 7-175 DEBUG ULDP FSM INTERFACE ETHERNET ....................
Page 8 ......................8-189 LLDP NOTIFICATION INTERVAL 8.10 ......................8-189 LLDP TOO EIGHBORS 8.11 ........................8-190 LLDP TRANSMIT DELAY 8.12 ......................8-191 LLDP TRANSMIT OPTIONAL TLV 8.13 ............................ 8-192 LLDP TRAP 8.14 ......................... 8-192 LLDP TX INTERVAL 8.15 ......................... 8-193 SHOW DEBUGGING LLDP 8.16 ...........................
Page 9 11.3 ......................11-208 DEBUG ETHERNET OAM FSM 11.4 ....................11-209 DEBUG ETHERNET OAM PACKET 11.5 ...................... 11-209 DEBUG ETHERNET OAM TIMER 11.6 ........................... 11-210 ETHERNET 11.7 ..........11-211 ETHERNET OAMETHERNET OAM ERRORED FRAME THRESHOLD HIGH 11.8 ..............11-211 ETHERNET OAM ERRORED FRAME THRESHOLD LOW 11.9 ...................
Page 10 12.3 ....................... 12-233 SWITCHPORT PORT SECURITY 12.4 .................... 12-233 SWITCHPORT PORT SECURITY AGING 12.5 ................12-234 SWITCHPORT PORT SECURITY MAC ADDRESS 12.6 ..............12-235 SWITCHPORT PORT SECURITY MAC ADDRESS STICKY 12.7 ..................12-236 SWITCHPORT PORT SECURITY MAXIMUM 12.8 ..................12-237 SWITCHPORT PORT SECURITY VIOLATION CHAPTER 13 COMMANDS FOR DDM ...............
Page 11 14.12 ..........................14-16 SHOW LLDP 14.13 <IFNAME>] ................14-17 SHOW LLDP INTERFACE ETHERNET 14.14 ....................... 14-18 SHOW LLDP NEIGHBORS CHAPTER 15 COMMANDS FOR BPDU-TUNNEL ............ 15-19 15.1 ........................15-19 BPDU TUNNEL DMAC 15.2 ......................... 15-20 BPDU TUNNEL STP 15.3 ........................15-21 BPDU TUNNEL GVRP 15.4...
Page 12 17.1.19 show gvrp leaveAll fsm information ....................17-39 17.1.20 show gvrp leavetimer running information ..................17-40 17.1.21 show gvrp port-member ........................17-41 17.1.22 show gvrp port registerd vlan ......................17-42 17.1.23 show gvrp timer running information ....................17-43 17.1.24 show gvrp vlan registerd port ......................17-44 17.1.25 show vlan............................
Page 13 17.3.13 switchport mac-vlan enable ........................ 17-69 17.3.14 switchport subnet-vlan enable ......................17-70 17.4 C VLAN C ................17-71 OMMANDS FOR OICE ONFIGURATION 17.4.1 show voice-vlan ............................ 17-71 17.4.2 switchport voice-vlan enable......................... 17-71 17.4.3 voice-vlan ............................. 17-72 17.4.4 voice-vlan vlan ............................17-73 CHAPTER 18 COMMANDS FOR MAC ADDRESS TABLE CONFIGURATION ..
Page 14 19.1.1 abort ..............................19-93 19.1.2 exit ................................ 19-93 19.1.3 instance vlan ............................19-94 19.1.4 name ..............................19-95 19.1.5 no ................................. 19-95 19.1.6 revision-level ............................19-96 19.1.7 show ..............................19-97 19.1.8 spanning-tree ............................19-97 19.1.9 spanning-tree cost ..........................19-98 19.1.10 spanning-tree digest-snooping ......................19-99 19.1.11 spanning-tree format .........................
Page 15 20.1 ..........................20-124 ACCOUNTING 20.2 ............................20-125 CLASS 20.3 ..........................20-125 CLASS 20.4 ......................20-126 CLEAR MLS QOS STATISTICS 20.5 ............................20-127 DROP 20.6 ............................20-128 MATCH 20.7 ..........................20-129 MLS QOS COS 20.8 ..........................20-130 MLS QOS MAP 20.9 ......................
Page 16 21.2 ..................... 21-152 SHOW FLOW BASED REDIRECT CHAPTER 22 COMMANDS FOR FLEXIBLE QINQ ..........22-153 22.1 ............................22-153 MATCH 22.2 .......................... 22-154 SERVICE POLICY 22.3 ............................. 22-155 CHAPTER 23 COMMANDS FOR LAYER 3 MANAGEMENT ........23-157 23.1 C ................... 23-157 OMMANDS FOR AYER NTERFACE...
Page 17 23.3.3 clear arp traffic ............................23-24 23.3.4 debug arp ............................. 23-25 23.3.5 show arp ............................... 23-25 23.3.6 show arp traffic ............................. 23-27 CHAPTER 24 COMMANDS FOR RIP................ 24-28 24.1 ........................... 24-28 ACCEPT LIFETIME 24.2 ........................24-29 CLEAR IP RIP ROUTE 24.3 .............................
Page 18 24.24 ........................... 24-46 NEIGHBOR 24.25 ............................ 24-47 NETWORK 24.26 ..........................24-48 OFFSET LIST 24.27 ........................24-48 PASSIVE INTERFACE 24.28 ........................24-49 RECV BUFFER SIZE 24.29 ..........................24-50 REDISTRIBUTE 24.30 ............................24-51 ROUTE 24.31 ..........................24-51 ROUTER RIP 24.32 ..........................24-52 SEND LIFETIME 24.33...
Page 19 25.10 ......................25-69 CLEAR IP OSPF PROCESS 25.11 ........................25-69 DEBUG OSPF EVENTS 25.12 ........................25-70 DEBUG OSPF IFSM 25.13 ......................... 25-71 DEBUG OSPF LSA 25.14 ........................25-71 DEBUG OSPF NFSM 25.15 ........................25-72 DEBUG OSPF NSM 25.16 ........................25-72 DEBUG OSPF PACKET 25.17 ........................
Page 20 25.37 ......................... 25-88 IP OSPF PRIORITY 25.38 ....................25-89 IP OSPF RETRANSMIT INTERVAL 25.39 ......................25-90 IP OSPF TRANSMIT DELAY 25.40 ............................. 25-91 25.41 ........................... 25-92 KEY CHAIN 25.42 ....................25-92 ADJACENCY CHANGES DETAIL 25.43 ......................... 25-93 CONCURRENT 25.44 ........................... 25-94 NEIGHBOR 25.45 ...........................
Page 21 25.64 ........................25-112 SUMMARY ADDRESS 25.65 ..........................25-113 TIMERS SPF CHAPTER 26 IPV4 MULTICAST PROTOCOL ............26-1 26.1 ........................26-1 ANTI ARPSCAN ENABLE 26.2 ..................26-1 ANTI ARPSCAN PORT BASED THRESHOLD 26.3 ....................26-2 ANTI ARPSCAN IP BASED THRESHOLD 26.4 ........................
Page 22 30.1 C DHCP S ................30-18 OMMANDS FOR ERVER ONFIGURATION 30.1.1 bootfile ..............................30-18 30.1.2 clear ip dhcp binding ..........................30-18 30.1.3 clear ip dhcp conflict ..........................30-19 30.1.4 clear ip dhcp server statistics ........................ 30-20 30.1.5 client-identifier ............................30-21 30.1.6 debug ip dhcp client ..........................
Page 23 30.2.6 show ip helper-address ........................30-44 CHAPTER 31 COMMANDS FOR DHCPV6 ..............31-2 31.1 ....................... 31-2 CLEAR IPV DHCP BINDING 31.2 ......................31-2 CLEAR IPV DHCP CONFLICT 31.3 ......................31-3 CLEAR IPV DHCP STATISTICS 31.4 ....................31-4 DEBUG IPV DHCP CLIENT PACKET 31.5 .........................
Page 24 31.26 ......................31-21 SHOW IPV DHCP CONFLICT 31.27 ......................31-21 SHOW IPV DHCP INTERFACE 31.28 ........................ 31-22 SHOW IPV DHCP POOL 31.29 ......................31-22 SHOW IPV DHCP STATISTICS 31.30 ....................... 31-25 SHOW IPV GENERAL PREFIX 31.31 ......................31-25 SHOW IPV LOCAL POOL CHAPTER 32 COMMANDS FOR DHCP OPTION 82 ..........
Page 25 33.6 A.B.C.D ........................33-42 OPTION CHAPTER 34 COMMANDS FOR DHCPV6 OPTION37, 38 ........34-43 34.1 C DHCP 37, 38 ..................34-43 OMMANDS FOR OPTION 34.1.1 address range ............................34-43 34.1.2 class ..............................34-44 34.1.3 ipv6 dhcp class ............................. 34-44 34.1.4 ipv6 dhcp relay remote-id ........................34-45 34.1.5 ipv6 dhcp relay remote-id option ......................
Page 26 35.5 ....................35-66 DEBUG IP DHCP SNOOPING UPDATE 35.6 ........................ 35-66 ENABLE TRUSTVIEW KEY 35.7 ......................... 35-67 IP DHCP SNOOPING 35.8 ......................35-68 IP DHCP SNOOPING ACTION 35.9 ....................35-69 IP DHCP SNOOPING ACTION 35.10 ......................35-69 IP DHCP SNOOPING BINDING 35.11 ....................
Page 27 CHAPTER 36 COMMANDS FOR DHCP SNOOPING OPTION 82 ......36-91 36.1 ..................36-91 IP DHCP SNOOPING INFORMATION ENABLE CHAPTER 37 IPV4 MULTICAST PROTOCOL ............37-92 37.1 C DCSCM ......................37-92 OMMANDS FOR 37.1.1 access-list (Multicast Destination Control) .................... 37-92 37.1.2 access-list (Multicast Source Control) ....................37-93 37.1.3 ip multicast destination-control access-group ..................
Page 28 37.2.19 ip igmp snooping vlan report source-address ................... 37-117 37.2.20 ip igmp snooping vlan specific-query-mrsp ..................37-117 37.2.21 ip igmp snooping vlan static-group ....................37-118 37.2.22 ip igmp snooping vlan suppression-query-time ................. 37-119 37.2.23 show ip igmp snooping ........................37-120 CHAPTER 38 IPV6 MULTICAST PROTOCOL ............
Page 29 40.5 )...................... 40-143 ACCESS LIST MAC EXTENDED 40.6 ) ....................40-144 ACCESS LIST IP EXTENDED 40.7 ) ..................... 40-146 ACCESS LIST MAC STANDARD 40.8 ....................40-147 CLEAR ACCESS GROUP STATISTIC 40.9 ............................ 40-148 FIREWALL 40.10 ......................... 40-149 IP ACCESS EXTENDED 40.11 ........................
Page 30 41.2 ........................41-169 DEBUG DOT X ERROR 41.3 ........................41-169 DEBUG DOT X FSM 41.4 ......................... 41-170 DEBUG DOT X PACKET 41.5 ........................41-171 X ACCEPT 41.6 ......................... 41-172 X EAPOR ENABLE 41.7 ..........................41-172 X ENABLE 41.8 ......................41-173 X IPV PASSTHROUGH 41.9...
Page 31 CHAPTER 42 COMMANDS FOR THE NUMBER LIMITATION FUNCTION OF MAC AND IP IN PORT, VLAN ................42-191 42.1 ........................42-191 DEBUG IP ARP COUNT 42.2 ......................... 42-192 DEBUG IPV ND COUNT 42.3 ....................42-192 DEBUG SWITCHPORT ARP COUNT 42.4 ....................42-193 DEBUG SWITCHPORT MAC COUNT 42.5 ....................
Page 32 44.1 ................44-211 DOSATTACK CHECK SRCIP EQUAL DSTIP ENABLE 44.2 ..................44-211 DOSATTACK CHECK TCP FLAGS ENABLE 44.3 ............... 44-212 DOSATTACK CHECK SRCPORT EQUAL DSTPORT ENABLE 44.4 ................44-213 DOSATTACK CHECK ICMP ATTACKING ENABLE 44.5 ....................44-214 DOSATTACK CHECK ICMP SIZE CHAPTER 45 COMMANDS FOR TACACS+ ............
Page 33 46.16 ......................46-231 RADIUS SERVER TIMEOUT 46.17 ............46-231 RADIUS SERVER ACCOUNTING INTERIM UPDATE TIMEOUT 46.18 ....................46-232 SHOW AAA AUTHENTICATED USER 46.19 ..................... 46-233 SHOW AAA AUTHENTICATING USER 46.20 ........................46-234 SHOW AAA CONFIG 46.21 ................46-235 SHOW RADIUS AUTHENTICATED USER COUNT 46.22 ................
Page 34 49.7 ............49-249 AUTHENTICATION BYPASS TIMEOUT OFFLINE DETECT 49.8 ..............49-250 AUTHENTICATION BYPASS TIMEOUT QUIET PERIOD 49.9 ..............49-251 AUTHENTICATION BYPASS TIMEOUT STALE PERIOD 49.10 ..............49-252 AUTHENTICATION BYPASS USERNAME FORMAT 49.11 ..................49-252 SHOW MAC AUTHENTICATION BYPASS CHAPTER 50 COMMANDS FOR PPPOE INTERMEDIATE AGENT ...... 50-255 50.1 <...
Page 35 51.4 ......................51-270 DEBUG WEBPORTAL EVENT 51.5 ......................51-271 DEBUG WEBPORTAL PACKET 51.6 ..................51-272 IP DHCP SNOOPING BINDING WEBPORTAL 51.7 ........................51-272 SHOW WEBPORTAL 51.8 ......................51-273 SHOW WEBPORTAL BINDING 51.9 ......................51-274 WEBPORTAL BINDING LIMIT 51.10 ......................... 51-275 WEBPORTAL ENABLE 51.11 ) ......................
Page 36 53.1.12 savi max-dad-dalay .......................... 53-294 53.1.13 savi max-dad-prepare-delay ......................53-295 53.1.14 savi max-slaac-life ..........................53-295 53.1.15 savi timeout bind-protect........................53-296 53.2 C ..................53-297 OMMANDS FOR ONITOR AND EBUG 53.2.1 debug ipv6 dhcp snooping binding ..................... 53-297 53.2.2 debug ipv6 dhcp snooping event ......................53-298 53.2.3 debug ipv6 dhcp snooping packet ......................
Page 37 CHAPTER 55 COMMANDS FOR ULPP ..............55-316 55.1 ..................55-316 CLEAR ULPP FLUSH COUNTER INTERFACE 55.2 ..........................55-316 CONTROL VLAN 55.3 ........................55-317 DEBUG ULPP ERROR 55.4 ........................55-318 DEBUG ULPP EVENT 55.5 ..................55-319 DEBUG ULPP FLUSH CONTENT INTERFACE 55.6 .................
Page 38 55.27 ..........................55-335 ULPP GROUP 55.28 ........................ 55-336 ULPP GROUP MASTER 55.29 ........................55-337 ULPP GROUP SLAVE CHAPTER 56 IPV4 MULTICAST PROTOCOL ............56-338 56.1 ........................56-338 DEBUG ULSM EVENT 56.2 ........................56-338 SHOW ULSM GROUP 56.3 ..........................56-339 ULSM GROUP 56.4 } ....................
Page 39 59.3 .................... 59-354 MONITOR SESSION REFLECTOR PORT CHAPTER 60 COMMANDS FOR ERSPAN ............. 60-356 60.1 ........................60-356 MONITOR SESSION 60.2 ..................60-357 MONITOR SESSION DESTINATION TUNNEL CHAPTER 61 COMMANDS FOR SNTP ..............61-358 61.1 ......................... 61-358 CLOCK TIMEZONE 61.2 ..........................61-358 DEBUG SNTP 61.3 ..........................
Page 40 62.16 ........................62-373 NTP TRUSTED 62.17 ........................62-373 SHOW NTP STATUS 62.18 ........................62-374 SHOW NTP SESSION CHAPTER 63 COMMANDS FOR SUMMER TIME ..........63-376 63.1 ....................63-376 CLOCK SUMMER TIME ABSOLUTE 63.2 ....................63-377 CLOCK SUMMER TIME RECURRING 63.3 ....................
Page 41 65.4 ............................. 65-391 LOGGING 65.5 ....................65-392 LOGGING EXECUTED COMMANDS 65.6 ..................65-393 LOGGING LOGHOST SEQUENCE NUMBER 65.7 ............................65-394 PING 65.8 6............................65-395 PING 65.9 ........................65-397 SHOW BOOT FILES 65.10 ........................65-398 SHOW DEBUGGING 65.11 ..........................65-399 SHOW FLASH 65.12 ..........................
Page 42 CHAPTER 66 COMMANDS FOR RELOAD SWITCH AFTER SPECIFIED TIME ... 66-414 66.1 ..........................66-414 RELOAD AFTER 66.2 ......................... 66-415 RELOAD CANCEL 66.3 ..........................66-415 SHOW RELOAD CHAPTER 67 COMMANDS FOR DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY CPU ............67-417 67.1 ....................
Page 43: Chapter 1 Commands For Basic Switch Configuration
Chapter 1 Commands for Basic Switch Configuration 1.1 Commands for Basic Configuration 1.1.1 Authentication line Command: authentication line {console | vty | web} login {local | radius | tacacs} no authentication line {console | vty | web} login Function: Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authentication mode for the login user.
Page 44: Banner
Example: Configure the Telnet and ssh login method to Local and RADIUS authentication method. Switch(config)# authentication line vty login local radius Relative Command: aaa enable, radius-server authentication host, tacacs-server authentication host, tacacs-server key 1.1.2 banner Command: banner motd <LINE> no banner motd Function: This command is used to configure the information displayed when the login authentication of a telnet or console user is successful, the no command configures that the information is not displayed when the authentication is...
Page 45: Boot Img
1.1.3 boot img Command: boot img <img-file-url> {primary | backup} Function: Configure the first and second img files used in the next boot of the switch. Parameters: Primary means to configure the first IMG file, backup means to configure the second IMG file, <img-file-url> is the full path of the booting IMG file, the format of which is as follows: 1.
Page 46: Boot Startup-Config
1.1.4 boot startup-config Command: boot startup-config {NULL | <file-url> } Function: Configure the CFG file used in the next booting of the switch. Parameters: The NULL keyword means to use the factory original configuration as the next booting configuration. Setting the CFG file used in the next booting as NULL equals to implementing set default and write commands.
Page 47: Clock Set
1.1.5 clock set Command: clock set <HH:MM:SS> <YYYY.MM.DD> Function: Set system date and time. Parameter: <HH:MM:SS>is the current time, and the valid scope for HH is 0 to 23, MM and SS 0 to 59; <YYYY.MM.DD> is the current year, month and date, and the valid scope for YYYY is 1970~2038, MON meaning month, and DD between 1 to 31.
Page 48: Config
1.1.6 config Command: config [terminal] Function: Enter Global Mode from Admin Mode. Parameter: [terminal] indicates terminal configuration. Command mode: Admin Mode Example: Switch#config 1.1.7 debug ssh-server Command: debug ssh-server no debug ssh-server Function: Display SSH server debugging information; the “no debug ssh-server” command stops displaying SSH server debugging information.
Page 49: Disable
1.1.8 disable Command: Disable Function: Disable admin mode. Parameter: None. Default: None. Command mode: Admin Mode. Usage Guide: None. Example: Switch#disable Switch> 1.1.9 enable Command: enable [<1-15>] Function: Use enable command to enter Admin Mode from User Mode, or change the privilege level of the users. Command mode: User Mode/ Admin Mode.
Page 50: Enable Password
Usage Guide: To prevent unauthorized access of non-admin user, user authentication is required (i.e. Admin user password is required) when entering Admin Mode from User Mode. If the correct Admin user password is entered, Admin Mode access is granted; if 3 consecutive entry of Admin user password are all wrong, it remains in the User Mode. When the user’s privilege is changed from the low level to the high level, it needs to authenticate the password of the corresponding level, or else it will not authenticate the password.
Page 51: End
Example: Configure the command for general users to enter the admin mode by rule as test. Switch(config)#enable password 0 test 1.1.11 end Command: Function: Quit current mode and return to Admin mode when not at User Mode/ Admin Mode. Command mode: Except User Mode/ Admin Mode Example: Quit VLAN mode and return to Admin mode.
Page 52: Exit
Default: Default timeout is 10 minutes. Usage guide: To secure the switch, as well to prevent malicious actions from unauthorized user, the time will be count from the last configuration the admin had made, and the system will exit the admin mode at due time. It is required to enter admin code and password to enter the admin mode again.
Page 53: Help
1.1.14 help Command: Help Function: Output brief description of the command interpreter help system. Command mode: All configuration modes. Usage Guide: An instant online help provided by the switch. Help command displays information about the whole help system, including complete help and partial help. The user can type in ‘?’ any time to get online help.
Page 54: Ip Host
Command mode: Global Mode Default: The default prompt is relative with the switch. Usage Guide: With this command, the user can set the CLI prompt of the switch according to their own requirements. Example: Set the prompt to “Test”. Switch(config)#hostname Test Test(config)# 1.1.16 ip host Command:...
Page 55: Ipv6 Host
Example: Set IP address of a host with the hostname of “beijing” to 200.121.1.1. Switch(config)#ip host beijing 200.121.1.1 Command related: telnet, ping, traceroute 1.1.17 ipv6 host Command: ipv6 host <hostname> <ipv6_addr> no ipv6 host { <hostname> | all} Function: Configure the mapping relationship between the IPv6 address and the host; the no command deletes this mapping relationship.
Page 56: Ip Http Server
1.1.18 ip http server Command: ip http server no ip http server Function: Enable Web configuration; the “no ip http server” command disables Web configuration Command mode: Global mode Usage guide: Web configuration is for supplying an interface configured with HTTP for the user, which is straight and visual, easy to understand.
Page 57: Login
Usage Guide: Switch provides help information in two languages, the user can select the language according to their preference. After the system restart, the help information display will revert to English. 1.1.20 login Command: Login no login Function: login enable password authentication, no login command cancels the login configuration. Command mode: Global mode Default:...
Page 58: Privilege
Parameter: password is the password for the user. If input option 0 on password setting, the password is not encrypted; if input option 7, the password is encrypted. Command mode: Global mode Default: This password is empty by system default Usage guide: When both this password and login command are configured, users have to enter the password set by password command to enter normal user mode on console.
Page 59: Reload
Usage Guide: This function cannot change the command itself. LINE must be the whole command format, the command with the abbreviation format must be analyzed successfully. For half-baked command, false command about writing and command that abbreviation cannot be analyzed successfully, the configuration is failure. For changing the command line with the parameter, it should fill in the parameter which is able to be selected discretionarily according to the required format.
Page 60: Service Password-Encryption
1.1.24 service password-encryption Command: service password-encryption no service password-encryption Function: Encrypt system password. The “no service password-encryption” command cancels the encryption. Command mode: Global Mode Default: No service password-encryption by system default Usage guide: The current unencrypted passwords as well as the coming passwords configured by password, enable password, ip ftp and username command will be encrypted by executed this command.
Page 61: Syscontact
Command mode: Global Mode Usage guide: Configure the columns of characters displayed on each screen of the terminal. The columns of characters displayed on each screen on the telent.ssh client and the Console will be following this configuration. Example: Set the number of vty threads to 20. Switch(config)#service terminal-length 20 1.1.26 sysContact Command:...
Page 62: Syslocation
1.1.27 sysLocation Command: sysLocation <LINE> no sysLocation Function: Set the factory address, the “no sysLocation” command reset the switch to factory settings. Parameter: <LINE> is the prompt character string, range from 0 to 255 characters. Command mode: Global Mode Default: The factory settings.
Page 63: Setup
Usage Guide: Reset the switch to factory settings. That is to say, all configurations made by the user to the switch will disappear. When the switch is restarted, the prompt will be the same as when the switch was powered on for the first time. Note: After the command, “write”...
Page 64: Show Cpu Usage
Usage Guide: If the system clock is inaccurate, user can adjust the time by examining the system date and clock. Example: Switch#show clock Current time is TUE AUG 22 11：00：01 2002 Command related: clock set 1.1.31 show cpu usage Command: show cpu usage [<slotno>] Function: Show CPU usage rate.
Page 65: Show Cpu Utilization
1.1.32 show cpu utilization Command: show cpu utilization Function: Show the current CPU utilization rate. Parameter: None. Default: None. Command mode: Admin mode. Usage Guide: This command is used to show CPU utilization rate in the past 5 seconds, 30 seconds and 5 minutes. Example: Show CPU utilization rate.
Page 66: Show Privilege
Usage Guide: Check the current usage of memory resource by show memory usage command. Only the chassis switch uses slotno parameter which is used to show the memory usage rate of card on the specified slot, if there is no parameter, the default is current card.
Page 67: Show Privilege Mode Line
1.1.35 show privilege mode LINE Command: show privilege mode LINE Function: Show the level of the specified command. Parameters: mode: register mode of the command, ‘Tab’ or ‘?’ is able to show all register modes LINE: the command needs to be configured, it supports the command abbreviation Command Mode: Admin and configuration mode Usage Guide:...
Page 68: Show Version
Parameter: no-more: Display the operational information and the task status of the switch directly, do not connect the user by “more”. Command mode: Admin and Configuration Mode. Usage Guide: This command is used to collect the relative information when the switch operation is malfunctioned. Example: Switch#show tech-support 1.1.37 show version...
Page 69 Function: Configure local login username and password along with its privilege level. Parameter: <username> is the username, its range should not exceed 32 characters. <privilege> is the maximum privilege level of the commands that the user is able to execute, its value is limited between 1 and 15, and 1 by default. <password>...
Page 70: Web Language
1.1.39 web language Command: web language {chinese | english} Function: Set the language for displaying the HTTP Server information. Parameter: chinese for Chinese display; english for English display. Command mode: Admin Mode Default: The default setting is English display. Usage Guide: The user can select the language according to their preference.
Page 71: Write Running-Config
1.1.41 write running-config Command: write running-config [<startup-config-file-name>] Function: Save the current running config as .cfg file to Flash Memory. Parameters: <startup-config-file-name> is the full path of the cfg file. The format of which is as follows: 1. The file path comprises of two parts: device prefix used as the root directory (flash:/) and the file name. No space is allowed in each part or between two parts.
Page 72: Accounting Exec
Default: Disable. Command Mode: Global Mode. Usage Guide: Only after configuring this command and configuring command authorization manner and authorization selection priority of login user with VTY, it can be authorized when configuring command with corresponding command level for login user with VTY. Example: Enable VTY command authorization function.
Page 73: Accounting Command
Usage Guide: console and vty login method are able to set the corresponding accounting method respectively, the accounting method only supports TACACS+ method currently. Example: Configure the login accounting with the telnet method. Switch(config)#accounting line vty exec start-stop tacacs 1.2.3 accounting command Command: accounting line {console | vty} command <1-15>...
Page 74: Authentication Enable
Example: Configure the command accounting with the telnet method. Switch(config)#authorization line vty command 15 start-stop tacacs 1.2.4 authentication enable Command: authentication enable method1 [method2…] no authentication enable Function: Configure the list of the enable authentication method. The no command restores the default authentication method. Parameters: method is the list of the authentication method, it must be among local, tacacs and radius keywords;...
Page 75: Authentication Ip Access-Class
1.2.5 authentication ip access-class Command: authentication ip access-class {<num-std>|<name>} no authentication ip access-class Function: Binding standard IP ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL. Parameters: <num-std> is the access-class number for standard numeric ACL, ranging between 1-99; <name> is the access-class name for standard ACL, the character string length is ranging between 1 and 32.
Page 76: Authentication Line Login
Default: The binding ACL to Telnet/SSH/Web function is closed by default. Command Mode: Global Mode. Example: Binding standard IP ACL protocol to access-class 500. Switch(config)#authentication ipv6 access-class 500 in 1.2.7 authentication line login Command: authentication line {console | vty | web} login method1 [method2…] no authentication line {console | vty | web} login Function: Configure VTY (login with Telnet and SSH), Web and Console, so as to select the list of the authentication method...
Page 77: Authentication Securityip
authentication method of lower preferences will be ignored. To be mentioned, if the user receives corresponding protocol’s answer whether refuse or incept, it will not attempt the next authentication method (Exception: if the local authentication method failed, it will attempt the next authentication method); it will attempt the next authentication method if it receives nothing.
Page 78: Authentication Securityipv6
Usage Guide: IP address of the client which can login the switch is not restricted before the trusted IP address is not configured. After the trusted IP address is configured, only clients with trusted IP addresses are able to login the switch. Up to 32 trusted IP addresses can be configured in the switch.
Page 79: Authorization
1.2.10 authorization Command: authorization line {console | vty | web} exec method [method…] no authorization line {console | vty | web} exec Function: Configure the list of the authorization method for the login user with VTY (login with Telnet and SSH), Web and Console.
Page 80: Authorization Line Vty Command
1.2.11 authorization line vty command Command: authorization line vty command <1-15> {local | radius | tacacs} (none|) no authorization line vty command <1-15> Function: Configure command authorization manner and authorization selection priority of login user with VTY (login with Telnet and SSH). The no command recovers to be default manner. Default: The authorization manner is not configured as default.
Page 81: Clear Line Vty <0-31
1.2.12 clear line vty <0-31> Command: clear line vty <0-31> Function: Delete the logged user information on the appointed line, force user to get down the line who logs in through telnet or ssh. Command mode: Admin Mode. Usage guide: After inputting this command, there is need to judge for this command, “Confirm[Y/N]: “, when inputting “Y“...
Page 82: Terminal Monitor
Parameter: Length of characters displayed in each screen, ranging between 0-512 (0 refers to non-stop display). Command mode: Admin Mode. Default: Default Length is 25. Usage guide: Set length of characters displayed in each screen on terminal, so that the-More-message will be shown when displayed information exceeds the screen.
Page 83: Telnet
1.2.16 telnet Command: telnet [vrf <vrf-name>] {<ip-addr> | <ipv6-addr> | host <hostname>} [<port>] Function: Login on the remote host by Telnet Parameter: <vrf-name> is the specific VRF name; <ip-addr> is the IP address of the remote host, shown in dotted decimal notation;...
Page 84: Telnet Server Enable
1.2.17 telnet server enable Command: telnet server enable no telnet server enable Function: Enable the Telnet server function in the switch: the “no telnet server enable” command disables the Telnet function in the switch. Default: Telnet server function is enabled by default. Command mode: Global Mode Usage Guide:...
Page 85: Ssh-Server Authentication-Retries
Default: The system default value of the max connection number is 5. Command Mode: Global Mode Usage Guide: None. Example: Set the max connection number supported by the Telnet service as 10. Switch(config)#telnet-server max-connection 10 1.2.19 ssh-server authentication-retries Command: ssh-server authentication-retries <authentication-retries> no ssh-server authentication-retries Function: Configure the number of times for retrying SSH authentication;...
Page 86: Ssh-Server Enable
Example: Set the time for retrying SSH authentication to 5. Switch(config)#ssh-server authentication-retries 5 1.2.20 ssh-server enable Command: ssh-server enable no ssh-server enable Function: Enable SSH function on the switch; the “no ssh-server enable” command disables SSH function. Command mode: Global Mode Default: SSH function is disabled by default.
Page 87: Ssh-Server Max-Connection
Parameter: modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The default value is 1024. Command mode: Global Mode Default: The system uses the key generated when the ssh-server is started at the first time. Usage Guide: This command is used to generate the new host key.
Page 88: Ssh-Server Timeout
Command Mode: Global Mode Usage Guide: None. Example: Set the max connection number supported by the SSH service as 10. Switch(config)#ssh-server max-connection 10 1.2.23 ssh-server timeout Command: ssh-server timeout <timeout> no ssh-server timeout Function: Configure timeout value for SSH authentication; the “no ssh-server timeout” command restores the default timeout value for SSH authentication.
Page 89: Show Crypto Key
1.2.24 show crypto key Command: show crypto key Function: Show the secret key of ssh. Command mode: Admin Mode. 1.2.25 show ssh-server Command: show ssh-server Function: Display SSH state and users which log on currently. Command mode: Admin Mode. Example: Switch#show ssh-server ssh server is enabled ssh-server timeout 180s...
Page 90: Show Users
Command Mode: Admin and Configuration Mode. Usage Guide: Check the Telnet client messages connected through Telnet with the switch. Example: Switch#show telnet login Authenticate login by local Login user: 1.2.27 show users Command: show users Function: Show the user information who logs in through telnet or ssh. It includes line number, user name and user IP. Command mode: Admin Mode.
Page 91: Who
1.2.28 who Command: Function: Show the current login users with vty. Parameter: None. Command Mode: All configuration modes Example: Show the current login users with vty. Switch#who Telnet user a login from 192.168.1.20 1.3 Commands for Configuring Switch IP 1.3.1 interface vlan Command: interface vlan <vlan-id>...
Page 92: Ip Address
Usage Guide: Users should first make sure the existence of a VLAN before configuring it. User “exit” command to quit the VLAN interface configuration mode back to the global configuration mode. Example: Enter the VLAN interface configuration mode of VLAN1. Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)# 1.3.2 ip address...
Page 93: Ipv6 Address
1.3.3 ipv6 address Command: ipv6 address <ipv6address | prefix-length> [eui-64] no ipv6 address <ipv6address | prefix-length> [eui-64] Function: Configure aggregatable global unicast address, site-local address and link-local address for the interface. Parameters: <ipv6address> is the prefix of an IPV6 address; <prefix-length>is the length of the prefix of an IPV6 address, ranging from 3 to 128;...
Page 94: Ip Bootp-Client Enable
1.3.4 ip bootp-client enable Command: ip bootp-client enable no ip bootp-client enable Function: Enable the switch to be a BootP Client and obtain IP address and gateway address through BootP negotiation; the “no ip bootp-client enable” command disables the BootP Client function and releases the IP address obtained in BootP.
Page 95: Ip Dhcp-Client Enable
1.3.5 ip dhcp-client enable Command: ip dhcp-client enable no ip dhcp-client enable Function: Enables the switch to be a DHCP client and obtain IP address and gateway address through DHCP negotiation; the “no ip dhcp-client enable” command disables the DHCP client function and releases the IP address obtained in DHCP.
Page 96: Commands For Snmp
1.4 Commands for SNMP 1.4.1 debug snmp mib Command: debug snmp mib no debug snmp mib Function: Enable the SNMP mib debugging; the "no debug snmp mib” command disables the debugging. Command Mode: Admin Mode. Usage Guide: When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes. Example: Switch#debug snmp mib 1.4.2 debug snmp kernel...
Page 97: Rmon Enable
1.4.3 rmon enable Command: rmon enable no rmon enable Function: Enable RMON; the “no rmon enable” command disables RMON. Command mode: Global Mode Default: RMON is enabled by default. Example: Enable RMON. Switch(config)#rmon enable Disable RMON. Switch(config)#no rmon enable 1.4.4 show private-mib oid Command: show private-mib oid Function:...
Page 98: Show Snmp
Example: Show the original oid of the private mib. Switch#show private-mib oid Private MIB OID:1.3.6.1.4.1.6339 1.4.5 show snmp Command: show snmp Function: Display all SNMP counter information. Command mode: Admin and Configuration Mode. Example: Switch#show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied...
Page 99: Show Snmp Engineid
Displayed information Explanation snmp packets input Total number of SNMP packet inputs. bad snmp version errors Number of version information error packets. unknown community name Number of community name error packets. illegal operation for community name supplied Number of permission for community name error packets. encoding errors Number of encoding error packets.
Page 100: Show Snmp Group
Example: Switch#show snmp engineid SNMP engineID:3138633303f1276c Engine Boots is:1 Displayed Information Explanation SNMP engineID Engine number Engine Boots Engine boot counts 1.4.7 show snmp group Command: show snmp group Function: Display the group information commands. Command Mode: Admin and Configuration Mode. Example: Switch#show snmp group Group Name:initial...
Page 101: Show Snmp Mib
1.4.8 show snmp mib Command: show snmp mib Function: Display all MIB supported by the switch. Command Mode: Admin and Configuration Mode. 1.4.9 show snmp status Command: show snmp status Function: Display SNMP configuration information. Command mode: Admin and Configuration Mode. Example: Switch#show snmp status Trap enable...
Page 102: Show Snmp User
1.4.10 show snmp user Command: show snmp user Function: Display the user information commands. Command Mode: Admin and Configuration Mode. Example: Switch#show snmp user User name: initialsha Engine ID: 1234567890 Auth Protocol:MD5 Priv Protocol:DES-CBC Row status:active Displayed Information Explanation User name User name Engine ID Engine ID...
Page 103: Snmp-Server Community
Example: Switch#show snmp view View Name:readview -Included active 1.3. Excluded active Displayed Information Explanation View Name View name 1.and1.3. OID number Included The view includes sub trees rooted by this OID Excluded The view does not include sub trees rooted by this OID active State...
Page 104: Snmp-Server Enable
Usage Guide: The switch supports up to 4 community strings. It can realize the access-control for specifically community view by binding the community name to specifically readable view or writable view. Example: Add a community string named “private” with read-write permission. Switch(config)#snmp-server community rw 0 private Add a community string named “public”...
Page 105: Snmp-Server Enable Traps
Example: Enable the SNMP proxy server function on the switch. Switch(config)#snmp-server enable 1.4.14 snmp-server enable traps Command: snmp-server enable traps no snmp-server enable traps Function: Enable the switch to send Trap message; the “no snmp-server enable traps” command disables the switch to send Trap message.
Page 106: Snmp-Server Engineid
1.4.15 snmp-server engineid Command: snmp-server engineid <engine-string> no snmp-server engineid Function: Configure the engine ID; the “no" form of this command restores to the default engine ID. Command Mode: Global mode Parameter: <engine-string> is the engine ID shown in 1-32 digit hex characters. Default: Default value is the company ID plus local MAC address.
Page 107: Snmp-Server Host
Command Mode: Global Mode Parameter: <group-string> group name which includes 1-32 characters NoauthNopriv Applies the non recognizing and non encrypting safety level AuthNopriv Applies the recognizing but non encrypting safety level AuthPriv Applies the recognizing and encrypting safety level read-string Name of readable view which includes 1-32 characters write-string Name of writable view which includes 1-32 characters notify-string Name of trappable view which includes 1-32 characters <num-std>...
Page 108 Function: As for the v1/v2c versions this command configures the IPv4 or IPv6 address and Trap community character string of the network manage station receiving the SNMP Trap message. And for v3 version, this command is used for receiving the network manage station IPv4 or IPv6 address and the Trap user name and safety level; the “no” form of this command cancels this IPv4 or IPv6 address.
Page 109: Snmp-Server Securityip
1.4.18 snmp-server securityip Command: snmp-server securityip {<ipv4-address> | <ipv6-address>} no snmp-server securityip {<ipv4-address> | <ipv6-address>} Function: Configure security IPv4 or IPv6 address allowed to access NMS management station; the no command deletes security IPv4 or IPv6 address configured. Command Mode: Global Mode.
Page 110: Snmp-Server Trap-Source
Command Mode: Global Mode Default: Enable the security IP address authentication function. Example: Disable the security IP address authentication function. Switch(config)#snmp-server securityip disable 1.4.20 snmp-server trap-source Command: snmp-server trap-source {<ipv4-address> | <ipv6-address>} no snmp-server trap-source {<ipv4-address> | <ipv6-address>} Function: Set the source IPv4 or IPv6 address which is used to send trap packet, the no command deletes the configuration. Parameter: <ipv4-address>: IPv4 address is used to send trap packet in dotted decimal notation <ipv6-address>: IPv6 address is used to send trap packet in colon hexadecimal.
Page 111: Snmp-Server User
1.4.21 snmp-server user Command: snmp-server user <use-string> <group-string> [{authPriv | authNoPriv} auth {md5 | sha} <word>] [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}] no snmp-server user <user-string> [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}] Function: Add a new user to an SNMP group; the "no” form of this command deletes this user. Command Mode: Global Mode.
Page 112: Snmp-Server View
1.4.22 snmp-server view Command: snmp-server view <view-string> <oid-string> {include | exclude} no snmp-server view <view-string> [ <oid-string> ] Function: This command is used to create or renew the view information; the “no" form of this command deletes the view information. Command Mode: Global Mode.
Page 113: Commands For Switch Upgrade
1.5 Commands for Switch Upgrade 1.5.1 copy（FTP） Command: copy <source-url> <destination-url> [ascii | binary] Function: Download files to the FTP client. Parameter: <source-url> is the location of the source files or directories to be copied; <destination-url> is the destination address to which the files or directories to be copied; forms of <source-url> and <destination-url> vary depending on different locations of the files or directories.
Page 114 Usage Guide: This command supports command line hints, namely if the user can enter commands in following forms: copy <filename> ftp:// or copy ftp:// <filename> and press Enter, following hints will be provided by the system： ftp server ip/ipv6 address [x.x.x.x]/[x:x::x:x] > ftp username>...
Page 115: Copy（Tftp
1.5.2 copy（TFTP） Command: copy <source-url> <destination-url> [ascii | binary] Function: Download files to the TFTP client. Parameter: <source-url> is the location of the source files or directories to be copied; <destination-url> is the destination address to which the files or directories to be copied; forms of <source-url> and <destination-url> vary depending on different locations of the files or directories.
Page 116: Ftp-Dir
Example: (1) Save images in the FLASH to the TFTP server of 10.1.1.1 Switch#copy nos.img tftp://10.1.1.1/nos.img (2) Obtain system file nos.img from the TFTP server 10.1.1.1 Switch#copy tftp://10.1.1.1/nos.img nos.img (3) Save images in the FLASH to the TFTP server 2004:1:2:3::6 Switch#copy nos.img tftp:// 2004:1:2:3::6/ nos.img (4) Obtain system file nos.img from the TFTP server 2004:1:2:3::6 Switch#copy tftp:// 2004:1:2:3::6/nos.img nos.img...
Page 117: Ftp-Server Enable
1.5.4 ftp-server enable Command: ftp-server enable no ftp-server enable Function: Start FTP server, the “no ftp-server enable” command shuts down FTP server and prevents FTP user from logging Default: FTP server is not started by default. Command mode: Global Mode Usage Guide: When FTP server function is enabled, the switch can still perform ftp client functions.
Page 118: Ip Ftp
Default: The system default is 600 seconds. Command mode: Global Mode Usage Guide: When FTP data connection idle time exceeds this limit, the FTP management connection will be disconnected. Example: Modify the idle threshold to 100 seconds. Switch#config Switch(config)#ftp-server timeout 100 1.5.6 ip ftp Command: ip ftp username <username>...
Page 119: Show Ftp
Examples: Configure the username as Switch and the password as superuser. Switch# Switch#config Switch(config)#ip ftp username Switch password 0 superuser Switch(config)# 1.5.7 show ftp Command: show ftp Function: Display the parameter settings for the FTP server. Command mode: Admin and Configuration Mode. Default: Do not display.
Page 120: Tftp-Server Enable
Default: Do not display. Command mode: Admin and Configuration Mode. Example: Switch#show tftp timeout : 60 Retry Times : 10 Displayed information Explanation Timeout Timeout time. Retry Times Retransmission times. 1.5.9 tftp-server enable Command: tftp-server enable no tftp-server enable Function: Start TFTP server, the “no ftp-server enable”...
Page 121: Tftp-Server Retransmission-Number
Example: Enable TFTP server service. Switch#config Switch(config)#tftp-server enable Relative Command: tftp-server timeout 1.5.10 tftp-server retransmission-number Command: tftp-server retransmission-number <number> Function: Set the retransmission time for TFTP server. Parameter: <number> is the time to re-transfer, the valid range is 1 to 20. Default: Retransmit 5 times.
Page 122: Tftp-Server Transmission-Timeout
1.5.11 tftp-server transmission-timeout Command: tftp-server transmission-timeout <seconds> Function: Set the transmission timeout value for TFTP server. Parameter: <seconds> is the timeout value, the valid range is 5 to 3600s. Default: The system default timeout setting is 600 seconds. Command mode: Global Mode Example: Modify the timeout value to 60 seconds.
Page 123: Chapter 2 File System Commands
Chapter 2 File System Commands 2.1 cd Command: cd <directory> Function: Change the working directory for the storage device. Parameters: <directory> is the sub-directory name, a sequence of consecutive characters whose length ranges from 1 to 80. Command Mode: Admin Mode. Default Settings: The default working directory is Flash.
Page 124 Function: Copy a designated file on the switch and store it as a new file. Parameters: <source-file-url> is the source file; <dest-file-url> is the destination file. When users operate on files stored in backup master board and line cards under IMG mode, URLs of the source file and the destination file should take such a form as described in the following requirements.
Page 125: Delete
2.3 delete Command: delete <file-url> Function: Delete the designate file on the storage device. Parameters: <file-url> is the full path of the file to be deleted. Command Mode: Admin Mode. Default Settings: None. Usage Guide: The designated file will be deleted after implementing this command. Example: Delete file flash:/nos.img.
Page 126: Format
Parameters: <WORD> is the name of the shown directory. There may be the following formats: directory name, slot-xx#directory name, flash:/directory name, cf:/directory name. Command Mode: Admin Configuration Mode. Default Settings: No <WORD> means to display information of the current working directory. Usage Guide: Implementing this command will display information of files and sub-directories in the designated directory.
Page 127: Mkdir
Default Settings: None. Usage Guide: 1. After formatting, all files on the storage device will be irrecoverably lost. 2. The only acceptable file system type of Format is FAT 32, without exception. 3. This command cannot be used to format flash. 2.6 mkdir Command: mkdir <directory>...
Page 128: Rename
Function: Display the current working directory. Parameters: None. Command Mode: Admin Mode. Default Settings: The default directory is flash. Example: Display the current working directory. Switch#pwd flash:/ Switch# 2.8 rename Command: rename <source-file-url> <new-filename > Function: Rename a designated file on the switch. Parameters: <source-file-url>...
Page 129: Rmdir
Usage Guide: When using this command, if the new file name is not used as that of any existing directory or file, the rename operation can be done, or a prompt will indicate its failure. Example: Change the name of file “nos.img” in the current working directory to “nos-6.1.11.0.img”. Switch# rename nos5.img nos-6.1.11.0.img Rename flash:/nos5.img to flash:/nos-6.1.11.0.img ok！...
Page 130: Chapter 3 Commands For Cluster
Chapter 3 Commands for Cluster 3.1 clear cluster nodes Command: clear cluster nodes [nodes-sn <candidate-sn-list> | mac-address <mac-addr>] Function: Clear the nodes in the candidate list found by the commander switch. Parameters: candidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be specified. mac-address: mac address of the switches (including all candidates, members and other switches).
Page 131: Cluster Commander
Function: When this command is executed in the commander switch, the newly discovered candidate switches will be added to the cluster as a member switch automatically; the “no cluster auto-add” command disables this function. Command mode: Global Mode Default: This function is disabled by default. That means that the candidate switches are not automatically added to the cluster.
Page 132: Cluster Ip-Pool
Usage Guide: This command sets the role of a switch as commander switch and creates a cluster, which can only be executed on non commander switches. The cluster_name cannot be changed after the switch becoming a commander, and “no cluster commander” should be executed first to do that. The no operation of this command will cancel the commander configuration of the switch.
Page 133: Cluster Keepalive Interval
Example: Set the private IP address pool used by cluster member devices as 10.254.254.10 Switch(config)#cluster ip-pool 10.254.254.10 3.5 cluster keepalive interval Command: cluster keepalive interval <second> no cluster keepalive interval Function: Configure the interval of keepalive messages within the cluster. Parameters: <second>: keepalive interval, in seconds, ranging from 3 to 30.
Page 134: Cluster Keepalive Loss-Count
3.6 cluster keepalive loss-count Command: cluster keepalive loss-count<loss-count> no cluster keepalive loss-count Function: Configure the max number of lost keepalive messages in a cluster that can be tolerated. Parameters: loss-count: the tolerable max number of lost messages, ranging from 1 to 10. Default: The default value is 3.
Page 135: Cluster Member
3.7 cluster member Command: cluster member {nodes-sn <candidate-sn-list> | mac-address <mac-addr> [id <member-id>]} no cluster member {id <member-id> | mac-address <mac-addr>} Function: On a commander switch, manually add candidate switches into the cluster created by it. The no command deletes the specified member switch to change it as candidate.
Page 136: Cluster Member Auto-To-User
3.8 cluster member auto-to-user Command: cluster member auto-to-user Function: All members will be deleted when configuring no cluster auto-add. Users need to change automatically added members to manually added ones to keep them. Parameter: None. Default: None. Command Mode: Global Mode. Usage Guide: Execute this command on a switch to change automatically added members to manually added ones.
Page 137: Cluster Run
Default: Boot all member switches. Command mode: Admin Mode. Instructions: In the commander switch, users can use this command to reset a member switch. If this command is executed in a non-commander switch, an error will be displayed. Example: In the commander switch, reset the member switch 1. Switch#cluster reset member 1 3.10 cluster run Command:...
Page 138: Cluster Update Member
Instructions: This command enables cluster function. Cluster function has to be enabled before implementing any other cluster commands. The “no cluster run” disables cluster function. It is recommended that users allocate an exclusive vlan for cluster（such as vlan100） Note：Routing protocols should be disabled on the layer-3 interface where cluster vlan locates to avoid broadcasting private route of the cluster.
Page 139: Debug Cluster
Command mode: Admin Mode Usage Guide: The commander distributes the remote upgrade command to members via the TCP connections between them, causing the number to implement the remote upgrade and reboot. Trying to execute this command on a non-commander switch will return errors. If users want to upgrade more than one member, these switches should be the same type to avoid boot failure induced by mismatched IMG files.
Page 140: Debug Cluster Packets
Example: Enable the debug status changed on the switch. Swtich#debug cluster statemachine 3.13 debug cluster packets Command: debug cluster packets {DP | DR | CP} {receive | send} no debug cluster packets {DP | DR | CP} {receive | send} Function: Enable the debug;...
Page 141: Show Cluster
3.14 show cluster Command: show cluster Function: Display cluster information of the switch. Parameter: None. Command Mode: Admin and Configuration Mode. Usage Guide: None. Example: Execute this command on different switches. ----in a commander---------------------------- Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: commander IP pool:...
Page 142: Show Cluster Members
---- a candidate ---------------------------- Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Candidate ---- disabled ---------------------------- Switch#show cluster Status: Disabled 3.15 show cluster members Command: show cluster members [id <member-id> | mac-address <mac-addr>] Function: Display member information of a cluster. This command can only apply to commander switches. Parameters: member-id: member id of the switch.
Page 143: Show Cluster Candidates
3.16 show cluster candidates Command: show cluster candidates [nodes-sn <candidate-sn-list> | mac-address <mac-addr>] Function: Display the statistic information of the candidate member switches on the command switch Parameter: candidate-sn-list：candidate switch sn, ranging from 1 to 256. More than one switch can be specified. mac-address：...
Page 144 Parameters: starting-node-sn：the starting node of the topology. node-sn-list：the switch node sn. mac-addr：the CPU mac address of the switch. No parameters means to display all topology information. Command Mode: Admin and Configuration Mode. Usage Guide: Executing this command on the commander switch will display the topology information with its starting node specified.
Page 145: Rcommand Commander
5 SGS-6340 LAB_SWITCH_1 OC 01-02-03-04-05-13 eth 1/1 eth 1/2 6 SGS-6340 LAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1 eth 1/3 ---------------------------------------------- Switch#show cluster topology nodes-sn 2 Topology role: Member Member status: Active member (user-config) MAC Address: 01-02-03-04-05-02 Description: SGS-6340 Hostname : LAB_SWITCH_2 Upstream local-port: eth 1/1 Upstream node: 01-02-03-04-05-01 Upstream remote-port:eth 1/2...
Page 146: Rcommand Member
Parameter: None. Default: None. Command mode: Admin Mode. Instructions: This command is used to configure the commander switch remotely. Users have to telnet the commander switch by passing the authentication. The command “exit” is used to quit the configuration interface of the commander switch. This command can only be executed on member switches.
Page 147: Commands For Ethernet Port Configuration
Usage Guide: After executing this command, users will remotely login to a member switch and enter Admin Mode on the latter. Use exit to quit the configuration interface of the member. Because of the use of internal private IP, telnet authentication will be omitted on member switches.
Page 148: Clear Counters Interface
Usage Guide: When the bandwidth limit is enabled with a size set, the max bandwidth of the port is determined by this size other than by 10/100/1000M. If [both | receive | transmit] keyword is not specified, the default is both. Note: The bandwidth limit can not exceed the physic maximum speed on the port.
Page 149: Description
4.1.3 description Command: description <string> no description Function: Set name for specified port; the no command cancels this configuration. Parameter: <string> is a character string, which should not exceed 200 characters. Command Mode: Port Mode. Default: No port name by default. Usage Guide: This command is for helping the user manage switches, such as the user assign names according to the port application, e.g.
Page 150: Interface Ethernet
Command mode: Port Mode. Default: Port flow control is disabled by default. Usage Guide: After the flow control function is enabled, the port will notify the sending device to slow down the sending speed to prevent packet loss when traffic received exceeds the capacity of port cache. Ports support IEEE802.3X flow control; the ports work in half-duplex mode, supporting back-pressure flow control.
Page 151: Loopback
Example: Entering the Ethernet Port Mode for ports1/1，1/4-5，1/8。 Switch(config)#interface ethernet 1/1;1/4-5;1/8 Switch(Config-If-Port-Range)# 4.1.6 loopback Command: loopback no loopback Function: Enables the loopback test function in an Ethernet port; the no command disables the loopback test on an Ethernet port. Command mode: Port Mode.
Page 152: Mdi
4.1.7 mdi Command: mdi {auto | across | normal} no mdi Function: Sets the cable types supported by the Ethernet port; the no command sets the cable type to auto-identification. This command is not supported on combo ports and fiber ports. Parameters: auto indicates auto identification of cable types;...
Page 153: Negotiation
Command mode: Port Mode. Default: The default setting for combo mode of combo ports is sfp-preferred-auto. Usage Guide: The combo mode of combo ports and the port connection condition determines the active port of the combo ports. A combo port consists of one fiber port and a copper cable port. It should be noted that the speed-duplex command applies to the copper cable port while the negotiation command applies to the fiber cable port, they should not conflict.
Page 154: Port-Rate-Statistics Interval
Parameters: on: enables the auto-negotiation; off: disable the auto-negotiation. Command mode: Port configuration Mode. Default: Auto-negotiation is enabled by default. Usage Guide: This command applies to 1000Base-FX interface only. The negotiation command is not available for 1000Base-TX or 100Base-TX interface. For combo port, this command applies to the 1000Base-FX port only but has no effect on the 1000Base-TX port.
Page 155: Port-Scan-Mode
Command Mode: Global Mode Usage Guide: None. Example: Count the interval of port-rate-statistics as 20 seconds. Switch(config)#port-rate-statistics interval 20 4.1.11 port-scan-mode Command: port-scan-mode {interrupt | poll} no port-scan-mode Function: Configure the scan mode of the port as “interrupt” or “poll”, the no command restores the default scan mode. Parameter: interrupt: the interrupt mode;...
Page 156: Rate-Violation
Example: Configure the scan mode of the port as interrupt mode. Switch(config)#port-scan-mode interrupt 4.1.12 rate-violation Command： rate-violation <200-2000000> [recovery <0-86400>] no rate-violation Function： Configure the max packet reception rate of a port. If the packet reception rate of the port violate the packet reception rate, the port is shutdown.
Page 157: Show Interface
Example: Set the rate-violation of port 1/8-10 (GB ports) as 10000pps and the port recovery time as 1200 seconds. Switch(Config)#interface ethernet 1/8-10 Switch(Config-Port-Range)#rate-violation 10000 recovery 1200 4.1.13 show interface Command: show interface [ethernet <interface-number> | port-channel <port-channel-number> | vlan <vlan-id> | <interface-name>] [detail] show interface ethernet status show interface ethernet counter {packet | rate}...
Page 158 For ethernet port, using status to show important information of all the layer 2 ports by list format. each port is a row, the showing information include port number, Link, Protocol status, Speed, Duplex, Vlan, port type and port name; counter packets show package number statistics of all ethernet ports, include layer 2 unicast, broadcast, multicast, error of input and output redirection package number;...
Page 159 5 minute input rate 0 bytes/sec, 0 packets/sec 5 minute output rate 0 bytes/sec, 0 packets/sec The last 5 second input rate 0 bytes/sec, 0 packets/sec The last 5 second output rate 0 bytes/sec, 0 packets/sec Input packets statistics: 0 input packets, 0 bytes, 0 no buffer 0 unicast packets, 0 multicast packets, 0 broadcast packets 0 input errors, 0 CRC, 0 frame alignment, 0 overrun, 0 ignored 0 abort, 0 length error, 0 pause frame...
Page 160: Shutdown
Show the rate statistics information of all layer 2 ports: Switch#Show interface ethernet counter rate Interface IN(pkts/s) IN(bytes/s) OUT(pkts/s) OUT(bytes/s) 13,473 12,345,678 12,345 1,234,567 65,800 92,600 5m 0 5m 0 … 4.1.14 shutdown Command: shutdown no shutdown Function: Shuts down the specified Ethernet port; the no command opens the port. Command mode: Port Mode.
Page 161: Speed-Duplex
4.1.15 speed-duplex Command: speed-duplex {auto [10 [100 [1000]] [auto | full | half |]] | force10-half | force10-full | force100-half | force100-full | force100-fx [module-type {auto-detected | no-phy-integrated | phy-integrated}] | {{force1g-half | force1g-full} [nonegotiate [master | slave]]}| force10g-full} no speed-duplex Function: Sets the speed and duplex mode for 1000Base-TX, 100Base-TX or 100Base-FX ports;...
Page 162: Storm-Control
Example: Port 1 of Switch1 is connected to port 1 of Switch2, the following will set both ports in forced 100Mbps at half-duplex mode. Switch1(config)#interface ethernet1/1 Switch1(Config-If-Ethernet1/1)#speed-duplex force100-half Switch2(config)#interface ethernet1/1 Switch2(Config-If-Ethernet1/1)#speed-duplex force100-half 4.1.16 storm-control Command： storm control {unicast | broadcast | multicast} {kbps <Kbits> | pps <PPS>} no strom control {unicast | broadcast | multicast} Function: Sets the traffic limit for broadcasts, multicasts and unknown destination unicasts on all ports in the switch;...
Page 163: Virtual-Cable-Test
Broadcast suppression is similar to bandwidth control. There is granularity limitation for the chip; When it limits the speed by kbps, the granularity of the switch is 64kbps. If the <Kbits> of users' inputting is not the integer multiple of 64, the system will adjust it to be the integer multiple of 64 automatically and print the real number for users.
Page 164: Switchport Discard Packet
Notice: combo port supports VCT function detection only at copper cable port mode, 100M port does not diagnose the link length at Link UP status. 568A wiring sequence: (1 green white, 2 green), (3 orange white, 6 orange), (4 blue, 5 blue white), (7 brown white, 8 brown).
Page 165 Usage Guide： This command is not suggested to be configured only if there is the special requirement. Example： Configure the port of 1/8 not to receive all packets. Switch(config)#interface ethernet 1/8 Switch(config-if-ethernet1/8)#switchport discard packet all 4-164...
Page 166: Chapter 5 Commands For Port Isolation Function
Chapter 5 Commands for Port Isolation Function 5.1 isolate-port group Command: isolate-port group <WORD> no isolate-port group <WORD> Function: Set a port isolation group, which is the scope of isolating ports; the no operation of this command will delete a port isolation group and remove all ports out of it.
Page 167: Isolate-Port Group Switchport Interface
5.2 isolate-port group switchport interface Command: isolate-port group <WORD> switchport interface [ethernet] <IFNAME> no isolate-port group <WORD> switchport interface [ethernet] <IFNAME> Function: Add one port or a group of ports into a port isolation group to isolate, which will become isolated from the other ports in the group.
Page 168: Show Isolate-Port Group
5.3 show isolate-port group Command: show isolate-port group [<WORD>] Function: Display the configuration of port isolation, including all configured port isolation groups and Ethernet ports in each group. Parameters: <WORD> the name identification of the group, no longer than 32 characters; no parameter means to display the configuration of all port isolation groups.
Page 169: Debug Loopback-Detection
Chapter 6 Commands for Port Loopback Detection Function 6.1 debug loopback-detection Command: debug loopback-detection Function: After enabling the loopback detection debug on a port, BEBUG information will be generated when sending, receiving messages and changing states. Parameters: None. Command Mode: Admin Mode.
Page 170: Loopback-Detection Control-Recovery Timeout
Function: Enable the function of loopback detection control on a port, the no operation of this command will disable the function. Parameters: shutdown set the control method as shutdown, which means to close down the port if a port loopback is found. block set the control method as block, which means to block a port by allowing bpdu and loopback detection messages only if a port loopback is found.
Page 171: Loopback-Detection Interval-Time
Parameters: <0-3600> second is recovery time for be controlled state, 0 is not recovery state. Default: The recovery is not automatic by default. Command Mode: Global Configuration Mode. Usage Guide: When a port detects a loopback and works in control mode, the ports always work in control mode and not recover. The port will not sent packet to detection in shutdown mode, however, the port will sent loopback-detection packet to detection whether have loopback in block or learning mode.
Page 172: Loopback-Detection Specified-Vlan
Command Mode: Global Mode. Usage Guide: When there is no loopback detection, the detection interval can be relatively shorter, for too short a time would be a disaster for the whole network if there is any loopback. So, a relatively longer interval is recommended when loopbacks exist.
Page 173: Show Loopback-Detection
Example: Enable the function of loopback detection under port 1/2 mode. Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)#switchport mode trunk Switch(Config-If-Ethernet1/2)#switchport trunk allowed vlan all Switch(Config-If-Ethernet1/2)#loopback-detection specified-vlan 1;3;5-20 Switch(Config-If-Ethernet1/2)#no loopback-detection specified-vlan 1;3;5-20 6.6 show loopback-detection Command: show loopback-detection [interface <interface-list>] Function: Display the state of loopback detection on all ports if no parameter is provided, or the state and result of the specified ports according to the parameters.
Page 174: Chapter 7 Commands For Uldp
Chapter 7 Commands for ULDP 7.1 debug uldp Command: debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME no debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME Function: Enable the debugging for receiving and sending the specified packets or all ULDP packets on port.
Page 175: Debug Uldp Event
Function: Enable the error message debug function, the no form command disable the function. Parameter: None. Command Mode: Admin Mode. Default: Disabled. Usage Guide: Use this command to display the error message. Example: Display the error message. Switch#debug uldp error 7.3 debug uldp event Command: debug uldp event...
Page 176: Debug Uldp Fsm Interface Ethernet
Usage Guide: Use this command to display all kinds of event information. Example: Display event information. Switch#debug uldp event 7.4 debug uldp fsm interface ethernet Command: debug uldp fsm interface ethernet <IFname> no debug uldp fsm interface ethernet <IFname> Function: To enable debugging information for ULDP for the specified interface.
Page 177: Debug Uldp Interface Ethernet
7.5 debug uldp interface ethernet Command: debug uldp {hello|probe|echo|unidir|all} [receive|send] interface ethernet <IFname> no debug uldp {hello|probe|echo|unidir|all} [receive|send] interface ethernet <IFname> Function: Enable the debug function of display the packet details. After that, display some kinds of the packet details of terminal interface.
Page 178: Uldp Aggressive-Mode
Default: Disabled. Usage Guide: Use this command to display the packet that receiving on each interface. Switch#debug uldp packet receive 7.7 uldp aggressive-mode Command: uldp aggressive-mode no uldp aggressive-mode Function: To configure ULDP to work in aggressive mode. The no form of this command will restore the normal mode. Parameters: None.
Page 179: Uldp Enable
7.8 uldp enable Command: uldp enable Function: ULDP will be enabled after issuing this command. In global configuration mode, this command will enable ULDP for the global. In port configuration mode, this command will enable ULDP for the port. Parameters: None.
Page 180: Uldp Hello-Interval
Command Mode: Global Configuration Mode and Port Configuration Mode. Default: By default ULDP is not configured. Usage Guide: When ULDP is disabled globally, then ULDP in all the ports will be disabled. Example: To disable the ULDP configuration in global configuration mode. Switch(config)#uldp disable 7.10 uldp hello-interval Command:...
Page 181: Uldp Manual-Shutdown
Example: To configure the interval of Hello messages to be 12 seconds. Switch(config)#uldp hello-interval 12 7.11 uldp manual-shutdown Command: uldp manual-shutdown no uldp manual-shutdown Function: To configure ULDP to work in manual shutdown mode. The no command will restore the automatic mode. Parameters: None.
Page 182: Uldp Reset
Function: To configure the interval for ULDP recovery timer. The no form of this command will restore the default configuration. Parameters: <integer>: the time out value for the ULDP recovery timer. Its value is limited between 30 and 86400 seconds. Command Mode: Global Configuration Mode.
Page 183: Show Uldp
Usage Guide: This command can only be effect only if the specified interface is disabled by ULDP. Example: To reset all the port which are disabled by ULDP. Switch(config)#uldp reset 7.14 show uldp Command: show uldp [interface ethernet<interface-name>] Function: To show the global ULDP configuration and status information of interface. If <interface-name> is specified, ULDP configuration and status about the specified interface as well as its neighbors’...
Page 184: Chapter 8 Commands For Lldp Function
Chapter 8 Commands for LLDP Function 8.1 clear lldp remote-table Command: clear lldp remote-table Function: Clear the Remote-table on the port. Parameters: None. Default: Do not clear the entries. Command Mode: Port Configuration Mode. Usage Guide: Clear the Remote table entries on this port. Example: Clear the Remote table entries on this port.
Page 185: Debug Lldp Packets
Parameters: None. Default: Disable the debug information of LLDP function. Command Mode: Admin Mode. Usage Guide: When the debug switch is enabled, users can check the receiving and sending of packets and other information. Example: Enable the debug switch of LLDP function on the switch. Switch#debug lldp 8.3 debug lldp packets Command:...
Page 186: Lldp Enable
Usage Guide: When the debug switch is enabled, users can check the receiving and sending of packets and other information on the port. Example: Enable the debug switch of LLDP function on the switch. Switch#debug lldp packets interface ethernet 1/1 %Jan 01 00:02:40 2006 LLDP-PDU-TX PORT= ethernet 1/1 8.4 lldp enable...
Page 187: Lldp Enable (Port)
8.5 lldp enable (Port) Command: lldp enable lldp disable Function: Enable the LLDP function module of ports in port configuration mode; disable command will disable the LLDP function module of port. Parameters: None. Default: the LLDP function module of ports is enabled by default in port configuration mode. Command Mode: Port Configuration Mode.
Page 188: Lldp Msgtxhold
Parameters: send: Configure the LLDP function as only being able to send messages. receive: Configure the LLDP function as only being able to receive messages. both: Configure the LLDP function as being able to both send and receive messages. disable: Configure the LLDP function as not being able to send or receive messages. Default: The operating state of the port is “both”.
Page 189: Lldp Neighbors Max-Num
Usage Guide: After configuring the multiplier, the aging time is defined as the product of the multiplier and the interval of sending messages, and its maximum value is 65535 seconds. Example: Set the value of the aging time multiplier as 6. Switch(config)#lldp msgTxHold 6 8.8 lldp neighbors max-num Command:...
Page 190: Lldp Notification Interval
8.9 lldp notification interval Command: lldp notification interval <seconds> no lldp notification interval Function: When the time interval ends, the system is set to check whether the Remote Table has been changed. If it has, the system will send Trap to the SNMP management end. Parameters: <seconds>is the time interval, ranging from 5 to 3600 seconds.
Page 191: Lldp Transmit Delay
Default: Discard. Command Mode: Port Configuration Mode. Usage Guide: When the Remote MIB is full, Discard means to discard the received message; Delete means to the message with the least TTL in the Remoter Table. Example: Set port ethernet 1/5 of the switch as delete. Switch(config)#in ethernet 1/5 Switch(Config-If-Ethernet1/5)#lldp tooManyNeighbors delete 8.11 lldp transmit delay...
Page 192: Lldp Transmit Optional Tlv
Usage Guide: When the messages are being sent continuously, a sending delay is set to prevent the Remote information from being updated repeatedly due to sending messages simultaneously. Example: Set the delay of sending messages as 3 seconds. Switch(config)#lldp transmit delay 3 8.12 lldp transmit optional tlv Command: lldp transmit optional tlv [portDesc] [sysName] [sysDesc] [sysCap]...
Page 193: Lldp Trap
8.13 lldp trap Command: lldp trap <enable | disable> Function: enable: configure to enable the Trap function on the specified port; disable: configure to disable the Trap function on the specified port. Parameters: None. Default: The Trap function is disabled on the specified port by default. Command Mode: Port Configuration Mode.
Page 194: Show Debugging Lldp
Default: 30 seconds. Command Settings: Global Mode. Usage Guide: After configuring the interval of sending messages, LLDP messages can only be received after a period as long as configured. The interval should be less than or equal with half of aging time, for a too long interval will cause the state of being aged and reconstruction happen too often;...
Page 195: Show Lldp
Example: Display all ports with lldp debug enabled. Switch(config)#show debugging lldp ====BEGINNING OF LLDP DEBUG SETTINGS==== debug lldp debug lldp packets interface Ethernet1/1 debug lldp packets interface Ethernet1/2 debug lldp packets interface Ethernet1/3 debug lldp packets interface Ethernet1/4 debug lldp packets interface Ethernet1/5 =============END OF DEBUG SETTINGS=============== 8.16 show lldp Command:...
Page 196: Show Lldp Interface Ethernet
Example: Check the configuration information of global LLDP after it is enabled on the switch. Switch(config)#show lldp -----LLDP GLOBAL INFORMATIONS----- LLDP enabled port : Ethernet 1/1 LLDP interval :30 LLDP txTTL :120 LLDP txShutdownWhile :2 LLDP NotificationInterval :5 LLDP txDelay :20 -------------END------------------ 8.17 show lldp interface ethernet Command:...
Page 197: Show Lldp Neighbors Interface Ethernet
LLDP Trap Status: disable LLDP maxRemote: 100 LLDP Overflow handle: discard LLDP interface remote status : Full 8.18 show lldp neighbors interface ethernet Command: show lldp neighbors interface ethernet < IFNAME > Function: Display the LLDP neighbor information of the port. Parameters: None.
Page 198 Parameters: None. Default: Do not display the statistics of LLDP data packets. Command Mode: Admin Mode, Global Mode. Usage Guide: Users can check the statistics of LLDP data packets by using “show lldp traffic”. Example: Check the statistics of LLDP data packets after LLDP is enabled on the switch. Switch(config)#show lldp traffic PortName Ageouts...
Page 199: Chapter 9 Commands For Port Channel
Chapter 9 Commands for Port Channel 9.1 debug port-channel Command: debug port-channel <port-group-number> {all | event | fsm | packet | timer} no debug port-channel [<port-group-number>] Function: Open the debug switch of port-channel. Parameters: <port-group-number> is the group number of port channel, ranging from 1～14 all: all debug information event: debug event information fsm: debug the state machine...
Page 200: Interface Port-Channel
9.2 interface port-channel Command: interface port-channel <port-channel-number> Function: Enters the port channel configuration mode Command mode: Global Mode Usage Guide: On entering aggregated port mode, configuration to GVRP or spanning tree modules will apply to aggregated ports; if the aggregated port does not exist (i.e., ports have not been aggregated), an error message will be displayed and configuration will be saved and will be restored until the ports are aggregated.
Page 201: Lacp System-Priority
Default: The default priority is 32768 by system. Usage Guide: Use this command to modify the port priority of LACP protocol, the no command restores the default value. Example: Set the port priority of LACP protocol. Switch(Config-If-Ethernet1/1)# lacp port-priority 30000 9.4 lacp system-priority Command: lacp system-priority <system-priority>...
Page 202: Lacp Timeout
9.5 lacp timeout Command: lacp timeout {short | long} no lacp timeout Function: Set the timeout mode of LACP protocol. Parameters: The timeout mode includes long and short. Command mode: Port Mode Default: Long. Usage Guide: Set the timeout mode of LACP protocol. Example: Set the timeout mode as short in LACP protocol.
Page 203: Port-Group
dst-ip performs load-balance according to the destination IP dst-src-ip performs load-balance according to the destination and source IP Command mode: Aggregation port mode. Default: Perform load-balance according to the source and destination MAC. Usage Guide: Use port-channel to implement load-balance, user can configure the load-balance mode according to the requirements.
Page 204: Port-Group Mode
Example: Creating a port group. Switch(config)# port-group 1 Delete a port group. Switch(config)#no port-group 1 9.8 port-group mode Command: port-group <port-group-number> mode {active | passive | on} no port-group Function: Add a physical port to port channel, the no operation removes specified port from the port channel. Parameters: <port-group-number>...
Page 205: Show Port-Group
9.9 show port-group Command: show port-group [<port-group-number>] {brief | detail |} Function: Display the specified group number or the configuration information of all port-channel which have been configured. Parameters: <port-group-number> is the group number of port channel to be displayed, from 1～14; brief displays summary information;...
Page 206 Port-group number: 1, Mode: active, Load-balance: dst-src-mac Port-group detail information: System ID: 0x8000,00-30-4f-0c-16-6d Local: Port Status Priority Oper-Key Flag ----------------------------------------------------------- Ethernet1/1 Selected 32768 {ACDEF} Ethernet1/2 Selected 32768 {ACDEF} Ethernet1/3 Selected 32768 {ACDEF} Ethernet1/4 Selected 32768 {ACDEF} Ethernet1/5 Selected 32768 {ACDEF} Ethernet1/6 Selected 32768...
Page 207: Chapter 10 Commands For Mtu
Chapter 10 Commands for MTU 10.1 mtu Command: mtu [<mtu-value>] no mtu Function: Configure the MTU size of JUMBO frame, enable the jumbo receiving/sending function. The no command restores to the normal frame receiving function. Parameter: mtu-value: the MTU value of frames that can be received, in byte, ranging from <1500-16000>. The corresponding frame size is <1518/1522-16018/16022>.
Page 208: Chapter 11 Commands For Efm Oam
Chapter 11 Commands for EFM OAM 11.1 clear ethernet-oam Command: clear ethernet-oam [interface {ethernet |} <IFNAME>] Function: Clear the statistic information of packets and link event on specific or all ports for OAM. Parameters: <IFNAME>, the name of the port needs to clear OAM statistic information Command Mode: Admin mode Default:...
Page 209: Debug Ethernet-Oam Fsm
Command Mode: Admin mode Default: Disable. Usage Guide: N/A. Example: Enable the debugging of OAM error information for ethernet1/1. Switch#debug ethernet-oam error interface ethernet1/1 11.3 debug ethernet-oam fsm Command: debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} <IFNAME>] no debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} <IFNAME>] Function: Enable the debugging of OAM state machine, no command disables it.
Page 210: Debug Ethernet
11.4 debug ethernet-oam packet Command: debug ethernet-oam packet [detail] {all | send | receive} [interface {ethernet |} <IFNAME>] no debug ethernet-oam packet [detail] {all | send | receive} interface {ethernet |} <IFNAME> Function: Enable the debugging of packets received or sent by OAM, no command disables the debugging. Parameters: <IFNAME>: name of the port that the debugging will be enabled or disabled Command Mode:...
Page 211: Ethernet-Oam
Command Mode: Admin mode Default: Disable. Usage Guide: N/A. Example: Enable the debugging of refreshing information for all timers of ethernet1/1. Switch#debug ethernet-oam timer all interface ethernet1/1 11.6 ethernet-oam Command: ethernet-oam no ethernet-oam Function: Enable ethernet-oam of ports, no command disables ethernet-oam of ports. Parameters: None.
Page 212: Ethernet - Oamethernet
11.7 ethernet-oamethernet-oam errored-frame threshold high Command: ethernet-oam errored-frame threshold high {<high-frames> | none} no ethernet-oam errored-frame threshold high Function: Configure the high threshold of errored frame event, no command restores the default value. Parameters: <high-frames>, the high detection threshold of errored frame event, ranging from 2 to 4294967295. none, cancel the high threshold configuration.
Page 213: Ethernet - Oam Errored
Parameters: <low-frames>, the low detection threshold of errored frame event, ranging from 1 to 4294967295. Command Mode: Port mode Default: Usage Guide: During the specific detection period, errored frame event is induced if the number of errored frame is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU.
Page 214 Usage Guide: Detect the errored frame number of the port after the time of specific detection period. If the number of errored frame is larger than or equal to the threshold, bring the corresponding event and notify the peer through OAMPDU. Example: Configure the detection period of errored frame event on port1/4 to be 20s.
Page 215 11.11 ethernet-oam errored-frame-period threshold low Command: ethernet-oam errored-frame-period threshold low <low-frames> no ethernet-oam errored-frame-period threshold low Function: Configure the low threshold of errored frame period event, no command restores the default value. Parameters: <low-frames>, the low detection threshold of errored frame period event, ranging from 1 to 4294967295 frames. Command Mode: Port mode Default:...
Page 216 Command Mode: Port mode Default: Usage Guide: Detect errored frame of the port after the time of specific detection period. If the number of errored frame is larger than or equal to the threshold, corresponding event is induced and the device notifies the peer through OAMPDU. When sending the packets, the maximum number of frames is filled as the value of window in errored frame period event.
Page 217 Usage Guide: During the specific detection period, serious link event is induced if the number of errored frame seconds is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1.
Page 218 11.15 ethernet-oam errored-frame-seconds window Command: ethernet-oam errored-frame-seconds window <seconds> no ethernet-oam errored-frame-seconds window Function: Configure the detection period of errored frame seconds event, no command restores the default value. Parameters: <seconds> is the time for counting the specified frame number, its range from 50 to 450, unit is 200ms. Command Mode: Port mode Default:...
Page 219 Parameters: <high-symbols>, the high detection threshold of errored symbol event, ranging from 2 to 18446744073709551615 symbols. none, cancel the high threshold configuration. Command Mode: Port mode Default: none. Usage Guide: During the specific detection period, serious link event is induced if the number of errored symbols is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1.
Page 220 Default: Usage Guide: During the specific detection period, errored symbol event is induced if the number of errored symbols is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU. Note that the low threshold should not be larger than the high threshold.
Page 221: Ethernet - Oam Link
11.19 ethernet-oam link-monitor Command: ethernet-oam link-monitor no ethernet-oam link-monitor Function: Enable link monitor, no command disables the function. Parameters: None. Command Mode: Port mode Default: Enable. Usage Guide: Enable OAM to monitor local link errors. Generally link monitor is enabled when enabling OAM function of the port. When OAM link monitor is disabled, although local link error is not monitored, Event information OAMPDU from the peer is still normally received and processed.
Page 222: Ethernet-Oam Period
passive, passive mode Command Mode: Port mode Default: active mode. Usage Guide: At least one of the two connected OAM entities should be configured to active mode. Once OAM is enabled, the working mode of OAM cannot be changed and you need to disable OAM function if you have to change the working mode.
Page 223: Ethernet - Oam Remote
Example: Set the transmission interval of Information OAMPDU for ethernet 1/4 to be 2s. Switch(Config-If-Ethernet1/4)# ethernet-oam period 2 11.22 ethernet-oam remote-failure Command: ethernet-oam remote-failure no ethernet-oam remote-failure Function: Enable remote failure indication of OAM, no command disables the function. Parameters: None.
Page 224: Ethernet-Oam Timeout
11.23 ethernet-oam timeout Command: ethernet-oam timeout <seconds> no ethernet-oam timeout Function: Configure the timeout of OAM connection, no command restores the default value. Parameters: <seconds>, the timeout ranging from 5 to 10 seconds. Command Mode: Port mode Default: Usage Guide: OAM connection will be disconnected if no OAMPDU is received after specified timeout.
Page 225 Command Mode: Admin mode Default: N/A. Usage Guide: N/A. Example: Show overview information of Ethernet OAM connection. Switch#show ethernet-oam Remote-Capability codes: L - Link Monitor, R - Remote Loopback U - Unidirection, V - Variable Retrieval ----------------------------------------------------------------------------------------------------------------- Interface Local-Mode Local-Capability Remote-MAC-Addr Remote-Mode Remote-Capability active 0030.4f02.2e5d active...
Page 226 timeout=8s Loopback Supported=YES Unidirectional Support=YES Link Events=YES Remote Failure=YES local_pdu=INFO local_mux_action=FWD local_par_action=DISCARD Max_OAMPDU_Size=1518 ------------------------------------------------------------------------ OAM_local_flags_field： Link Fault=0 Dying Gasp=0 Critical Events=0 ------------------------------------------------------------------------ Packet statistic： Packets Send Receive OAMPDU Information Event Notification Loopback Control ------------------------------------------------------------------------ Field Description Status of Ethernet OAM: oam_status enable, OAM is enabled;...
Page 227 DISCARD, the port only sends OAMPDU packets and discards others. Working mode of the local receiver in the following: FWD, receiving any packets is allowed; DISCARD, only OAMPDU packets is received while others are local_par_action discarded; LB, OAM remote loopback is enabled on the port. In this case, all the packets except OAMPDU packets received are returned to their sources along the ways they come.
Page 228 Remote Failure=YES Max_OAMPDU_Size=1518 -------------------------------------------------------------------------- OAM Remote Flags Field： Link Fault=0 Dying Gasp=0 Critical Event=0 Field Description Remote_Mac_Address MAC address of remote OAM entity Working mode of Ethernet OAM: local _mode active, the port is set as active mode; passive, the port is set as passive mode. The way in which the local end processes Ethernet OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs.
Page 229 11.25 show ethernet-oam events Command: show ethernet-oam events {local | remote} [interface {ethernet |} <IFNAME>] Function: Shows the statistic information of link events on specified or all ports with OAM enabled, including general link events and severe link events. Parameters: local, show the detailed information of the local events;...
Page 230 errored frame：1200120 errored running total：2302512542 event running total：52 OAM_local_errored-frame-events: ------------------------------------------------------------------------------------------------------ event time stamp：3539 errored frame window(200ms)：5 errored frame low threshold：1 errored frame high threshold：none errored frame：1200120 errored running total：2302512542 event running total：75 OAM_local_errored-frame-seconds-summary-events: ------------------------------------------------------------------------------------------------------ event time stamp：3520 errored frame seconds summary window(200ms)：300 errored frame low threshold：1 errored frame high threshold：none errored frame：1200120...
Page 231 the reset of OAM function OAM_local_link-fault The number of the local link-fault faults OAM_local_dying gasp The number of the local dying-gasp faults OAM_local_critical event The number of the local critical-event faults 11.26 show ethernet-oam link-events configuration Command: show ethernet-oam link-events configuration [interface {ethernet | } <IFNAME>] Function: Show configuration of link events on specified or all ports with OAM enabled, including detection period and threshold of the events and so on.
Page 232 ---------------------------------------------------------------------------------------------------- Field Description Event Event type Err-symbol-Period Errored symbol event Err-frame-Period Errored frame period event Err-frame Errored frame event Err-frame-second-summary Errored frame seconds event high-threshold High threshold low-threshold Low threshold window(200ms) Detection period, unit is 200ms Chapter 12 Commands for PORT SECURITY 12.1 clear port-security Command: clear port-security {all | configured | dynamic | sticky} [[address <mac-addr>...
Page 233 Command Mode: Admin mode Usage Guide: None. Example: Clear all secure MACs on the interface. Switch#clear port-security all 12.2 show port-security Command: show port-security [interface <interface-id>] [address | vlan] Function: Show port-security configuration. Parameter: interface-id：Show port-security configuration of the interface. address: Show the secure address of the interface.
Page 234: Switchport Port-Security
12.3 switchport port-security Command: switchport port-security no switchport port-security Function: Configure port-security function for the interface, the no command disables port-security. Parameter: None. Default: Disable. Command Mode: Port mode Usage Guide: Clear all dynamic MACs after the interface enabled port-security, and all MACs learnt from the interfaces are tagged with FDB_TYPE_PORT_SECURITY_DYNAMIC.
Page 235: Switchport Port-Security Mac-Address
Parameter: static：Enable the aging of the static MAC address configured on the specified interface. time <value>：Specify MAC aging time of the interface, its range from 1 to 1440mins. The default value is 0, that means disable the aging. type：Specify the aging type absolute：The expiration of the aging timer on the interface, all secure MACs of the interfaces will get aged and be removed from the MAC table.
Page 236: Switchport Port-Security Mac-Address Sticky
Default: No secure MAC is bound by the interface. Command Mode: Port mode Usage Guide: When configuring the static secure MAC, pay attention to the number of the current secure MAC whether exceed the maximum MAC limit allowed by the interface. If exceeding the maximum MAC limit, it will result in violation operation. Example: Configure the secure MAC address on the interface.
Page 237: Switchport Port-Security Maximum
Example: Configure the secure MAC address on the interface. Switch(config-if-ethernet1/1)#switchport port-security mac-address sticky 00-00-00-00-00-01 12.7 switchport port-security maximum Command: switchport port-security maximum <value> [vlan <vlan-list>] no switchport port-security maximum <value> [vlan <vlan-list>] Function: Configure the maximum number of the secure MAC allowed by the interface, if specifying VLAN parameter, it means the maximum number in the configured VLANs.
Page 238: Switchport Port-Security Violation
12.8 switchport port-security violation Command: switchport port-security violation {protect | restrict | shutdown} no switchport port-security violation Function: When exceeding the maximum number of the configured MAC addresses, MAC address accessing the interface does not belongs to this interface in MAC address table or a MAC address is configured to several interfaces in same VLAN, both of them will violate the security of the MAC address.
Page 239: Chapter 13 Commands For Ddm
Chapter 13 Commands for DDM 13.1 clear transceiver threshold-violation Command: clear transceiver threshold-violation [interface ethernet <interface-list>] Function: Clear the threshold violation of the transceiver monitoring. Parameter: interface ethernet <interface-list>: The interface list that the threshold violation of the transceiver monitoring needs to be cleared.
Page 240: Show Transceiver
Parameter: on/off: Enable or disable the debugging. Command Mode: Admin mode Default: Off. Usage Guide: Disable the DDM debugging with ctrl+o. Example: Enable DDM debugging. Switch#debug transceiver on 13.3 show transceiver Command: show transceiver [interface ethernet <interface-list>] [detail] Function: Show the monitoring of the transceiver. Parameter: interface ethernet <interface-list>: The interface list that the monitoring of the transceiver needs to be shown.
Page 241: Show Transceiver Threshold-Violation
Example: Show the brief DDM information of all ports. Switch#show transceiver Interface Temp（℃） Voltage（V） Bias（mA） RX Power（dBM） TX Power（dBM） 1/21 3.31 6.11 -30.54(A-) -6.01 1/23 5.00（W+） 6.11 -20.54(W-) -6.02 13.4 show transceiver threshold-violation Command: show transceiver threshold-violation [interface ethernet <interface-list>] Function: Show the transceiver monitoring.
Page 242: Transceiver-Monitoring
Detail diagnostic and threshold information: Diagnostic Threshold Realtime Value High Alarm Low Alarm High Warn Low Warn ----------------- ----------- ----------- ------------ --------- Temperature（℃） 33 Voltage（V） 7.31 10.00 0.00 5.00 0.00 Bias current（mA） 3.11 10.30 0.00 5.00 0.00 RX Power（dBM） -30.54(A-) 9.00 -25.00（-34）...
Page 243: Transceiver-Monitoring Interval
13.6 transceiver-monitoring interval Command: transceiver-monitoring interval <minutes> no transceiver-monitoring interval Function: Set the interval of the transceiver monitoring. The no command sets the interval to be the default interval of 15 minutes. Parameter: <minutes>: The interval of the transceiver monitoring needs to be set. Command Mode: Global mode Default:...
Page 244 Parameters: default: Restore the threshold as the default threshold set by the manufacturer. If the monitoring index is not specified, restore all thresholds, if the monitoring index is specified, restore the corresponding threshold only. temperature：The monitoring index—temperature voltage：The monitoring index—voltage bias：The monitoring index—bias current rx-power：The monitoring index—receiving power tx-power：The monitoring index—sending power...
Page 245: Chapter 14 Commands For Lldp-Med
Chapter 14 Commands for LLDP-MED 14.1 civic location Command: civic location {dhcp server | switch | endpointDev} <country-code> no civic location Function: Configure device type and country code of the location with Civic Address LCI format and enter Civic Address LCI address mode.
Page 246 14.2 {description-language | province-state | city | county | street | locationNum | location | floor | room | postal | otherInfo} Command: {description-language | province-state | city | county | street | locationNum | location | floor | room | postal | otherInfo} <address>...
Page 247: Ecs Location
14.3 ecs location Command: ecs location <tel-number> no ecs location Function: Configure the location with ECS ELIN format on the port, the no command cancels the configured location. Parameter: <tel-number>: location characters with ECS ELIN format, such as emergent telephone number, it is character string with the length between 10 and 25.
Page 248: Lldp Med Trap
Parameter: value: The number of sending the packets fast, its range from 1 to 10, unit is entries. Default: Command Mode: Global mode Usage Guide: With this command, set the number for sending the packets fast. Example: Switch(config)#lldp med fast count 5 14.5 lldp med trap Command: lldp med trap {enable | disable}...
Page 249: Lldp Transmit Med Tlv All
Example: Enable LLDP-MED TRAP of the port 19. Switch(Config-If-Ethernet1/19)# lldp med trap enable 14.6 lldp transmit med tlv all Command: lldp transmit med tlv all no lldp transmit med tlv all Function: Configure the specified port to send all LLDP-MED TLVs, the no command disables the function. Parameter: None.
Page 250: Lldp Transmit Med Tlv Capability
14.7 lldp transmit med tlv capability Command: lldp transmit med tlv capability no lldp transmit med tlv capability Function: Configure the specified port to send LLDP-MED Capability TLV. The no command disables the capability. Parameter: None. Default: The function is disabled for sending LLDP-MED Capability TLV. Command Mode: Port mode Usage Guide:...
Page 251: Lldp Transmit Med Tlv Inventory
Parameter: None. Default: The function is disabled for sending LLDP-MED Extended Power-Via-MDI TLV. Command Mode: Port mode Usage Guide: After configuring this command, if the port is able to send LLDP-MED TLV, LLDP packets with LLDP-MED Extended Power-Via-MDI TLV sent by the port. However, LLDP packets without LLDP-MED Extended Power-Via-MDI TLV sent by the port after the switch configured the corresponding no command.
Page 252: Lldp Transmit Med Tlv Networkpolicy
Command Mode: Port mode Usage Guide: After configuring this command, if the port is able to send LLDP-MED TLV, LLDP packets with LLDP-MED Inventory Management TLVs sent by the port. However, LLDP packets without LLDP-MED Inventory Management TLVs sent by the port after the switch configured the corresponding no command. Note: LLDP-MED Capability TLV sent by the port must be configured before sending LLDP-MED Inventory Management TLVs, or else the configuration cannot be successful.
Page 253: Network Policy
Example: Port 19 enables the function for sending LLDP-MED Network Policy TLV. Switch(Config-If-Ethernet1/19)# lldp transmit med tlv networkPolicy 14.11 network policy Command: network policy {voice | voice-signaling | guest-voice | guest-voice-signaling | softphone-voice | video-conferencing | streaming-video | video-signaling} [status {enable | disable}] [tag {tagged | untagged}] [vid {<vlan-id>...
Page 254: Show Lldp
Default: No network policy is configured on the port. Command Mode: Port mode Usage Guide: User is able to configure the network policy of many kinds on a port, but their application types cannot repeat, and a kind of network policy corresponds to a LLDP-MED network policy TLV. If user configures multi-policy for a port, it will send multi-LLDP-MED network policy TLV to a LLDP packet.
Page 255 Example: Show the global LLDP and LLDP-MED configuration. Switch#show lldp -----LLDP GLOBAL INFORMATIONS----- LLDP has been enabled globally. LLDP enabled port : Ethernet1/19 LLDP interval :5 LLDP txTTL :20 LLDP NotificationInterval :5 LLDP txDelay :1 LLDP-MED FastStart Repeat Count :4 -------------END------------------ 14.13 show lldp [interface ethernet <IFNAME>] Command:...
Page 256: Show Lldp Neighbors
Port name :Ethernet1/19 LLDP Agent Adminstatus : Both LLDP Operation TLV : default LLDP Trap Status : disable LLDP maxRemote :100 LLDP Overflow handle : discard LLDP interface remote status : Free MED Optional TLV : capabilities networkPolicy location power inventory MED Trap Status:Enable MED TLV Transmit Status:Disable MED Fast Transmit Status:Disable...
Page 257: Chapter 15 Commands For Bpdu-Tunnel
Port name : Ethernet1/1 Port Remote Counter : 1 TimeMark :20 ChassisIdSubtype :4 ChassisId :00-30-4f-00-00-02 PortIdSubtype :Local PortId :3 PortDesc :Ethernet1/1 SysName :switch SysDesc :switch Device, Compiled Feb 12 17:39:53 2011 SoftWare Version 6.2.30.0 BootRom Version 4.0.1 HardWare Version Device serial number Copyright (C) 2001-2011 by Vendor.
Page 258: Bpdu-Tunnel Stp
Default: Default MAC address. Usage Guide: Configure the tunnel MAC address globally, use the configured MAC (it must be multicast MAC address) to forward the specified protocol across the tunnel. Example: Configure the tunnel MAC address. Switch(Config)# bpdu-tunnel dmac 01-02-03-04-05-06 15.2 bpdu-tunnel stp Command: bpdu-tunnel stp...
Page 259: Bpdu-Tunnel Gvrp
15.3 bpdu-tunnel gvrp Command: bpdu-tunnel gvrp no bpdu-tunnel gvrp Function: Configure the specified port to forward gvrp packets across the tunnel, the no command cancels the operation. Parameter: None. Command Mode: Port mode Default: Port does not forward any protocol packets across the tunnel. Usage Guide: Disable gvrp function on the port before configuring this command.
Page 260: Bpdu-Tunnel Lacp
Command Mode: Port mode Default: Port does not forward any protocol packets across the tunnel. Usage Guide: Disable uldp function on the port before configuring this command. Example: Configure Ethernet 4/5 to forward uldp packets across the tunnel. Switch(Config)#in ethernet 4/5 Switch(Config-if-ethernet 4/5)#bpdu-tunnel uldp 15.5 bpdu-tunnel lacp Command:...
Page 261: Bpdu - Tunnel Dot
Example: Configure Ethernet 4/5 to forward lacp packets across the tunnel. Switch(Config)#in ethernet 4/5 Switch(Config-if-ethernet 4/5)#bpdu-tunnel lacp 15.6 bpdu-tunnel dot1x Command: bpdu-tunnel dot1x no bpdu-tunnel dot1x Function: Configure the specified port to forward dot1x packets across the tunnel, the no command cancels the operation. Parameter: None.
Page 262: Chapter 16 Commands For Eee Energy-Saving
Chapter 16 Commands for EEE Energy-saving 16.1 eee enable Command: eee enable no eee enable Function: Configure the port to enable eee energy-saving function; the no command deletes it. Parameters: None. Command Mode: Port Mode. Default: None. Usage Guide: It supports that configure EEE energy-saving function for the appointed port. There is not the EEE energy-saving function on port as default.
Page 263: Chapter 17 Vlan Configuration
Chapter 17 VLAN Configuration 17.1 Commands for VLAN Configuration 17.1.1 debug gvrp event Command: debug gvrp event interface (ethernet | port-channel |) IFNAME no debug gvrp event interface (ethernet | port-channel |) IFNAME Function: Enable/disable GVRP event debugging including the transfer of state machine and the expiration of timer. Parameters: ethernet, physical port port-channel, aggregate port...
Page 264: Debug Gvrp Packet
17.1.2 debug gvrp packet Command: debug gvrp packet (receive | send) interface (ethernet | port-channel |) IFNAME no debug gvrp packet (receive | send) interface (ethernet | port-channel |) IFNAME Function: Enable/disable GVRP packet debugging. Parameters: receive, enabling the debugging of receiving GVRP packet send, enabling the debugging of sending GVRP packet ethernet, physical port port-channel, aggregate port...
Page 265: Dot1Q-Tunnel Enable
17.1.3 dot1q-tunnel enable Command: dot1q-tunnel enable no dot1q-tunnel enable Function: Set the access port of the switch to dot1q-tunnel mode; the no command restores to default. Parameter: None. Command Mode: Port Mode. Default: Dot1q-tunnel function disabled on the port by default. Usage Guide: After enabling dot1q-tunnel on the port, data packets without VLAN tag (referred to as tag) will be packed with a tag when entering through the port;...
Page 266: Dot1Q-Tunnel Selective Enable
17.1.4 dot1q-tunnel selective enable Command: dot1q-tunnel selective enable no dot1q-tunnel selective enable Function: Specify a port to enable selective QinQ, the no command restores the default value. Parameter: None. Command Mode: Port mode Default: Do not enable selective QinQ. Usage Guide: Enable selective QinQ command should associates with hybrid mode, and it should not be used with dot1q-tunnel enable synchronously.
Page 267: Dot1Q-Tunnel Tpid
Parameters: s-vlan is SP VLAN ID, c-vid-list is the range of user’s VLAN ID. Command Mode: Port mode Default: There is no mapping relation. Usage Guide: This command is used to configure the mapping relation for selective QinQ. If packets match the mapping relation, they will be tagged with SP vlan tag as the outer VLAN tag.
Page 268: Garp Timer Join
Default: TPID on global is defaulted at 0x8100. Usage Guide: This function is to facilitate internetworking with equipments of other manufacturers. If the equipment connected with the switch trunk port sends data packet with a TPID of 0x9100, the global TPID will be set to 0x9100, this way switch will receive and process data packets normally.
Page 269: Garp Timer Leave
17.1.8 garp timer leave Command: garp timer leave <500-1200> Function: Set the value of garp leave timer, note that the value of leave timer must be double of join timer and less than leaveAll timer. Parameters: <500-1200>, the value of timer in millisecond Command Mode: Global mode Default:...
Page 270: Gvrp (Global)
Command Mode: Global mode Default: 10000 ms. Usage Guide: Check whether the value satisfy the range. If so, modify the value of garp leaveAll timer to the specified value, otherwise return a configuration error. Example: Set the value of garp leaveAll as 20000ms. Switch(config)#garp timer leaveall 20000 17.1.10 gvrp (Global) Command:...
Page 271: Gvrp (Port)
17.1.11 gvrp (Port) Command: gvrp no gvrp Function: Enable/disable GVRP function on port. Notice: although GVRP can be enabled on port when GVRP is not enabled globally, it will not take effect until global GVRP is enabled. Parameters: None Command Mode: Port mode Default: Disabled...
Page 272: Name
Parameters: join, join timer leave, leave timer leaveAll, leaveAll timer Command Mode: Global mode Default: 200 | 600 | 10000 milliseconds for join | leave | leaveall timer respectively. Usage Guide: Check whether the default value satisfy the range. If so, modify the value of garp join | leave | leaveAll timer to the default value, otherwise return a configuration error.
Page 273: Private-Vlan
Usage Guide: The switch can specify names for different VLANs, making it easier for users to identify and manage VLANs. Examples: Specify the name of VLAN100 as TestVlan. Switch(Config-Vlan100)#name TestVlan 17.1.14 private-vlan Command: private-vlan {primary | isolated | community} no private-vlan Function: Configure current VLAN to Private VLAN.
Page 274: Private-Vlan Association
Example: Set VLAN100, 200, 300 to private vlans, with respectively primary, Isolated, Community types. Switch(config)#vlan 100 Switch(Config-Vlan100)#private-vlan primary Note:This will remove all the ports from vlan 100 Switch(Config-Vlan100)#exit Switch(config)#vlan 200 Switch(Config-Vlan200)#private-vlan isolated Note:This will remove all the ports from vlan 200 Switch(Config-Vlan200)#exit Switch(config)#vlan 300 Switch(Config-Vlan300)#private-vlan community...
Page 275: Show Dot1Q-Tunnel
Before setting Private VLAN association, three types of Private VLANs should have no member ports; the Private VLAN with Private VLAN association can’t be deleted. When users delete Private VLAN association, all the member ports in the Private VLANs whose association is deleted are removed from the Private VLANs. Example: Associate Isolated VLAN200 and Community VLAN300 to Primary VLAN100.
Page 276: Show Garp Timer
17.1.17 show garp timer Command: show garp timer (join | leave | leaveall |) Function: Show the value of each timer. Note that the value is not the remaining time to run the timer but the initial value when enabling the timer. Parameters: join, join timer leave, leave timer...
Page 277: Show Gvrp Leaveall Fsm Information
Parameters: ethernet, physical port port-channel, aggregate port IFNAME, port name Command Mode: Admin mode Default: MT for registered machine and VO for request state machine. Usage Guide: Show the corresponding state of all registered machines and request state machines. Example: Show the state of all state machines.
Page 278: Show Gvrp Leavetimer Running Information
Parameters: ethernet, physical port port-channel, aggregate port IFNAME, port name Command Mode: Admin mode Default: Passive. Usage Guide: Check the state of leaveAll state machine. Example: Show the state of leaveAll state machine on port. Switch#show gvrp leaveall fsm information interface ethernet 1/1 Interface leaveAll fsm ----------...
Page 279: Show Gvrp Port-Member
Default: leavetimer is disabled. Usage Guide: Show running state and expiration time of each leave timer. Example: Show running state and expiration time of each leave timer on current port. Switch#show gvrp leavetimer running information interface ethernet 1/1 VLANID running state expired time ------------ ----------...
Page 280: Show Gvrp Port Registerd Vlan
Example: Show all ports with GVRP enabled. Switch#show gvrp port member Ports which were enabled gvrp included： Ethernet1/3（T） Ethernet1/4（T） Ethernet1/5（T） Ethernet1/6（T） Ethernet1/7（T） Ethernet1/8（T） Ethernet1/9（T） Ethernet1/10（T） 17.1.22 show gvrp port registered vlan Command: show gvrp port (dynamic | static |) registered vlan interface (Ethernet | port-channel |) IFNAME Function: Show the dynamic or static registration VLANs on current port.
Page 281: Show Gvrp Timer Running Information
Example: Show all dynamic or static registration VLANs on current port. Switch#show gvrp port registered vlan interface ethernet 1/1 Current port dynamic registered vlan included： Vlan10 vlan20 Vlan40 vlan60 Current port static registerd vlan included： Vlan10 vlan30 Vlan40 vlan200 17.1.23 show gvrp timer running information Command: show gvrp timer (join | leaveall) running information interface (ethernet | port-channel |) IFNAME Function:...
Page 282: Show Gvrp Vlan Registerd Port
Example: Show running state and expiration time of each timer. Switch(config)#show gvrp timer join running information interface ethernet 1/1 Current port’s jointimer running state is: UP Current port’s jointimer expired time is: 0.2 s 17.1.24 show gvrp vlan registerd port Command: show gvrp vlan <1-4094>...
Page 283: Show Vlan
17.1.25 show vlan Command: show vlan [brief | summary] [id <vlan-id>] [name <vlan-name>] [internal usage [id <vlan-id> | name <vlan-name>]] Function: Display detailed information for all VLANs or specified VLAN. Parameter: brief stands for brief information; summary for VLAN statistics; <vlan-id> for VLAN ID of the VLAN to display status information, the valid range is 1 to 4094;...
Page 284: Show Vlan-Translation
Total Existing Vlans is:6 Displayed information Explanation VLAN VLAN number Name VLAN name Type VLAN type, statically configured or dynamically learned. Media VLAN interface type: Ethernet Ports Access port within a VLAN 17.1.26 show vlan-translation Command: show vlan-translation Function: Display the information of all the ports at VLAN-translation state. Parameter: None.
Page 285: Switchport Access Vlan
17.1.27 switchport access vlan Command: switchport access vlan <vlan-id> no switchport access vlan Function: Add the current Access port to the specified VLAN. The “no switchport access vlan” command deletes the current port from the specified VLAN, and the port will be partitioned to VLAN1. Parameter: <vlan-id>...
Page 286: Switchport Hybrid Allowed Vlan
Function: Configure the forbidden vlan for a port. Note that this command can only be used to configure on trunk or hybrid ports and the port with GVRP not enabled. No command cancels the forbidden vlanlist for a port. Parameters: WORD, add the vlanList as forbidden vlan and cover the previous configuration all, set all VLANs as forbidden vlan add WORD, add vlanList to the current forbidden vlanList...
Page 287: Switchport Hybrid Native Vlan
Parameter: WORD: Set vlan List to allowed vlan, and the late configuration will cover the previous configuration; all: Set all VLANs to allowed vlan; add WORD: Add vlanList to the existent allowed vlanList; except WORD: Set all VLANs to allowed vlan except the configured vlanList; remove WORD: Delete the specific VLAN of vlanList from the existent allow vlanList;...
Page 288: Switchport Interface
Function: Set the PVID for Hybrid port; the “no switchport hybrid native vlan” command restores the default setting. Parameter: <vlan-id> is the PVID of Hybrid port. Command mode: Port Mode. Default: The default PVID of Hybrid port is 1. Usage Guide: When an untagged frame enters a Hybrid port, it will be added a tag of the native PVID which is set by this command, and is forwarded to the native VLAN.
Page 289: Switchport Mode
Command mode: VLAN Mode. Default: A newly created VLAN contains no port by default. Usage Guide: Access ports are normal ports and can join a VLAN, but a port can only join one VLAN for a time. Example: Assign Ethernet port 1，3，4-7，8 of VLAN100. Switch(Config-Vlan100)#switchport interface ethernet 1/1;3;4-7;8 17.1.32 switchport mode Command:...
Page 290: Switchport Mode Trunk Allow-Null
allow the packets of the default VLAN to send with no tag. The attribute of ports can not directly convert between Hybrid and Trunk, it must configure to be access at first, then configure to be Hybrid or Trunk. When the Trunk or Hybrid attribute is cancelled, the port attribute restores the default (access) attribute and belongs to vlan1.
Page 291: Switchport Trunk Allowed Vlan
Usage Guide: Configure the port as trunk, enable it to leave all VLANs and clear allow-list. Example: Switch(config-if-ethernet1/1)#switchport mode trunk allow-null 17.1.34 switchport trunk allowed vlan Command: switchport trunk allowed vlan {WORD | all | add WORD | except WORD | remove WORD} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic;...
Page 292: Switchport Trunk Native Vlan
17.1.35 switchport trunk native vlan Command: switchport trunk native vlan <vlan-id> no switchport trunk native vlan Function: Set the PVID for Trunk port; the “no switchport trunk native vlan” command restores the default setting. Parameter: <vlan-id> is the PVID for Trunk port. Command mode: Port Mode.
Page 293: Vlan Internal
Function: Create VLANs and enter VLAN configuration mode. If using ';' and '-' connect with multi-VLANs, then only create these VLANs. If only existing VLAN, then enter VLAN configuration mode; if the VLAN is not exist, then create VLAN and enter VLAN configuration mode. In VLAN Mode, the user can set VLAN name and assign the switch ports to the VLAN.
Page 294: Vlan Ingress Enable
Command mode: Global Mode. Default: 1006. Usage Guide: Set 1006 as the default internal VLAN ID, the internal VLAN ID needs to be modified when the network set 1006 as VLAN ID. Internal VLAN ID must select an unused ID or else affect other VLAN. This command takes effect after save the configuration and reboot the switch.
Page 295: Vlan-Translation
17.1.39 vlan-translation Command: vlan-translation <old-vlan-id> to <new-vlan-id> in no vlan-translation <old-vlan-id> in Function: Add VLAN translation by creating a mapping between original VLAN ID and current VLAN ID; the no form of this command deletes corresponding mapping. Parameter: old-vlan-id is the original VLAN ID; new-vlan-id is the translated VLAN ID; in indicates ingress translation. Command Mode: Global/Port Mode.
Page 296: Vlan-Translation Enable
17.1.40 vlan-translation enable Command: vlan-translation enable no vlan-translation enable Function: Enable VLAN translation on the port; the no command restores to the default value. Parameter: None. Command Mode: Port Mode. Default: VLAN translation has not been enabled on the port by default. Usage Guide: vlan-translation and dot1q-tunnel are mutually exclusive, it is recommended to enable vlan-translation on trunk...
Page 297: Show Vlan-Translation N-To-1
Parameters: WORD is the original VLAN ID, its range from 1 to 4094, connect them with ‘;’ and ‘-’. If there are two VLANs with different range are translated into different VLAN ID in the same port, two VLAN ranges should not be superposed. new-vlan-id is the translated VLAN ID, its range from 1 to 4094.
Page 298: Commands For Dynamic Vlan Configuration
Function: Show the port configuration with Multi-to-One VLAN translation. Parameter: interface-name: Specify the name of the port which will be shown. If there is no parameter, show all port configurations with this function. Command Mode: Admin mode. Default: There is no Multi-to-One VLAN translation information. Usage Guide: When it is Example:...
Page 299: Dynamic-Vlan Subnet-Vlan Prefer
Command Mode: Global Mode. Default: MAC-based VLAN is preferred by default. Usage Guide: Configure the preference of dynamic-vlan on switch. The default priority sequence is MAC-based VLAN 、 IP-subnet-based VLAN、 Protocol-based VLAN, namely the preferred order when several dynamic VLAN is available. After the IP-subnet-based VLAN is set to be preferred and the user wish to restore to preferring the MAC-based VLAN, please use this command.
Page 300: Mac-Vlan
Example: Set the IP-subnet-based VLAN preferred. Switch#config Switch(config)#dynamic-vlan subnet-vlan prefer 17.3.3 mac-vlan Command: mac-vlan mac <mac-addrss> vlan <vlan-id> priority <priority-id> no mac-vlan {mac <mac-addrss>|all} Function: Add the correspondence between MAC address and VLAN, namely specify certain MAC address to join specified VLAN.
Page 301: Mac-Vlan Vlan
17.3.4 mac-vlan vlan Command: mac-vlan vlan <vlan-id> no mac-vlan vlan <vlan-id> Function: Configure the specified VLAN to MAC VLAN; the “no mac-vlan vlan <vlan-id>” command cancels the MAC VLAN configuration of this VLAN. Parameter: <vlan-id> is the number of the specified VLAN. Command Mode: Global Mode.
Page 302: Show Dynamic-Vlan Prefer
Parameter: etype-id is the type of the packet protocol, with a valid range of 1536~65535; vlan-id is the ID of VLAN, the valid range is 1~4094; priority is the priority, the range is 0~7; all indicates all the encapsulate protocols. Command Mode: Global Mode.
Page 303: Show Mac-Vlan
Example: Display current dynamic VLAN preference. Switch#show dynamic-vlan prefer Mac Vlan/Voice Vlan IP Subnet Vlan Protocol Vlan 17.3.7 show mac-vlan Command: show mac-vlan Function: Display the configuration of MAC-based VLAN on the switch. Parameter: None. Command Mode: Admin Mode and other configuration Mode. Usage Guide: Display the configuration of MAC-based VLAN on the switch.
Page 304: Show Mac-Vlan Interface
17.3.8 show mac-vlan interface Command: show mac-vlan interface Function: Display the ports at MAC-based VLAN. Parameter: None. Command Mode: Admin Mode and other configuration Mode. Usage Guide: Display the ports of enabling MAC-based VLAN, the character in the bracket indicate the ports mode, A means Access port, T means Trunk port, H means Hybrid port.
Page 305: Show Subnet-Vlan
Usage Guide: Display the configuration of Protocol-based VLAN on the switch. Example: Display the configuration of the current Protocol-based VLAN. Switch#show protocol-vlan Protocol_Type VLAN_ID Priority ------------------- ------------- --------- etype 0x800 etype 0x860 etype 0xabc 17.3.10 show subnet-vlan Command: show subnet-vlan Function: Display the configuration of the IP-subnet-based VLAN on the switch.
Page 306: Show Subnet-Vlan Interface
17.3.11 show subnet-vlan interface Command: show subnet-vlan interface Function: Display the port at IP-subnet-based VLAN. Parameter: None. Command Mode: Admin Mode and other Configuration Mode. Usage Guide: Display the port of enabling IP-subnet-based VLAN, the character in the bracket indicate the ports mode, A means Access port, T means Trunk port, H means Hybrid port.
Page 307: Switchport Mac-Vlan Enable
priority-id is the priority applied in the VLAN tag with a valid range of 0~7; vlan-id is the VLAN ID with a valid range of 1~4094;all indicates all the subnets. Command Mode: Global Mode. Default: No IP subnet joined the VLAN by default. Usage Guide: This command is used for adding specified IP subnet to specified VLAN.
Page 308: Switchport Subnet-Vlan Enable
Usage Guide: After adding a MAC address to specified VLAN, the MAC-based VLAN function will be globally enabled. This command can disable the MAC-based VLAN function on specified port to meet special user applications. Example: Disable the MAC-based VLAN function on port1. Switch#config Switch(config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)#no switchport mac-vlan enable...
Page 309: Commands For Voice Vlan Configuration
17.4 Commands for Voice VLAN Configuration 17.4.1 show voice-vlan Command: show voice-vlan Function: Display the configuration status of the Voice VLAN on the switch. Parameter: None. Command Mode: Admin Mode and other Configuration Mode. Usage Guide: Display Voice VLAN Configuration. Example: Display the Current Voice VLAN Configuration.
Page 310: Voice-Vlan
Function: Enable the Voice VLAN function on the port; the “no” form of this command disables Voice VLAN function on the port. Parameter: None. Command Mode: Port Mode. Default: Voice VLAN is enabled by default. Usage Guide: When voice equipment is added to the Voice VLAN, the Voice VLAN is enabled globally by default. This command disables Voice VLAN on specified port to meet specified application of the user.
Page 311: Voice-Vlan Vlan
Command Mode: Global Mode. Default: This command will add a specified voice equipment into the Voice VLAN, if a non VLAN labeled data packet from the specified voice equipment enters through the switch port, then no matter through which port the packet enters, it will belongs to Voice VLAN.
Page 312 Example: Set VLAN100 to Voice VLAN. Switch#config Switch(config)#voice-vlan vlan 100 17-74...
Page 313: Commands For Mac Address Table Configuration
Chapter 18 Commands for MAC Address Table Configuration 18.1 Commands for MAC Address Table Configuration 18.1.1 clearCollisionMacTable Command： clear collision-mac-address-table Function： Clear the hash collision mac table. Parameter： None. Command mode： Admin Mode. Usage Guide： If enable the function of the hash collision mac table that issued ffp (mac-address-table avoid-collision), the mac cannot be cleared.
Page 314: Mac-Address-Learning Cpu-Control
Function: Clear the dynamic address table. Parameter: <mac-addr>: MAC address will be deleted; <interface-name> the port name for forwarding the MAC packets; <vlan-id> VLAN ID. Command mode: Admin mode. Usage Guide: Delete all dynamic address entries which exist in MAC address table, except application, system entries. MAC address entries can be classified according to different sources, the types are as follows: DYNAMIC, STATIC, APPLICATION, SYSTEM.
Page 315: Mac-Address-Table Aging-Time
Usage Guide: If enable port-security, private-vlan, mac-notification, mac-limit, etc., it should enable MAC learning through CPU first. Example: Enable MAC learning through CPU. Switch(Config)#mac-address-learning cpu-control 18.1.4 mac-address-table aging-time Command: mac-address-table aging-time <0 | aging-time> no mac-address-table aging-time Function: Sets the aging-time for the dynamic entries of MAC address table. Parameter: <aging-time>...
Page 316: Mac-Address-Table Static | Static-Multicast | Blackhole
18.1.5 mac-address-table static | static-multicast | blackhole Command: mac-address-table {static | static-multicast | blackhole} address <mac-addr> vlan <vlan-id> [interface ethernet <interface-name>] | [source | destination | both] no mac-address-table {static | static-multicast | blackhole | dynamic} [address <mac-addr>] [vlan <vlan-id>] [interface ethernet <interface-name>] Function: Add or modify static address entries, static multicast entries and filter address entries.
Page 317: Showcollisionmactable
After configure the static multicast MAC by this command, the multicast MAC traffic will be forwarded to the specified port of the specified VLAN. Example: Port 1/1 belongs to VLAN200, and establishes address mapping with MAC address 00-30-4f-f0-00-18. Switch(config)#mac-address-table static address 00-30-4f-f0-00-18 vlan 200 interface ethernet 1/1 Configure a static multicast MAC 01-00-5e-00-00-01, the egress is ehernet 1/1.
Page 318: Commands For Mac Address Binding Configuration
Parameter: static static entries; blackhole filter entries; aging-time <aging-time> address aging time; count entry’s number, multicast multicast entries; <mac-addr> entry’s MAC address; <vlan-id> entry’s VLAN number; <interface-name> entry’s interface name. Command mode: Admin and Configuration Mode. Default: MAC address table is not displayed by default. Usage guide: This command can display various classes of MAC address entries.
Page 319: Show Port-Security
Usage Guide: The secure port must be locked before dynamic MAC clearing operation can be perform in specified port. If no ports and MAC are specified, then all dynamic MAC in all locked secure ports will be cleared; if only port but no MAC address is specified, then all MAC addresses in the specified port will be cleared.
Page 320: Show Port-Security Address
Displayed information Explanation Security Port Is port enabled as a secure port. MaxSecurityAddr The maximum secure MAC address number set for the security port. CurrentAddr The current secure MAC address number of the security port. Security Action The violation mode of the port configuration. Total Addresses in System The current secure MAC address number of the system.
Page 321: Show Port-Security Interface
Type Secure MAC address type. Ports The port that the secure MAC address belongs to. Total Addresses Current secure MAC address number in the system. 18.2.4 show port-security interface Command: show port-security interface <interface-id> Function: Display the configuration of secure port. Command mode: Admin and Configuration Mode.
Page 322: Switchport Port-Security
Violation mode Violation mode set for the port. Maximum MAC Addresses The maximum secure MAC address number set for the port. Total MAC Addresses Current secure MAC address number for the port. Configured MAC Addresses Current secure static MAC address number for the port.
Page 323: Switchport Port-Security Mac-Address
18.2.6 switchport port-security mac-address Command: switchport port-security mac-address <mac-address> no switchport port-security mac-address <mac-address> Function: Add a static secure MAC address; the no command deletes a static secure MAC address. Command mode: Port Mode. Parameters: <mac-address> stands for the MAC address to be added or deleted. Usage Guide: The MAC address binding function must be enabled before static secure MAC address can be added.
Page 324: Switchport Port-Security Violation
Default: The default maximum port secure MAC address number is 1. Usage Guide: The MAC address binding function must be enabled before maximum secure MAC address number can be set. If secure static MAC address number of the port is larger than the maximum secure MAC address number set, the setting fails;...
Page 325: Commands For Mac Notification
Usage Guide: The port violation mode configuration is only available after the MAC address binding function is enabled. when the port secure MAC address exceeds the security MAC limit, if the violation mode is protect, the port only disable the dynamic MAC address learning function;...
Page 326: Mac-Address-Table Notification
18.3.2 mac-address-table notification Command: mac-address-table notification no mac-address-table notification Function: Enable the MAC address notification globally, the no command disables the global MAC address notification. Parameter: None. Default: Disable. Command Mode: Global mode Usage Guide: This command is used with trap switch of snmp. When disabling the MAC address notification, other configuration can be shown, but the function is invalid.
Page 327: Mac-Address-Table Notification Interval
Default: Command Mode: Global mode Usage Guide: After the global switch is disabled, this command is also able to be configured sequentially. Example: Change the maximum history-size to be 256. Switch(Config)#mac-address-table notification history-size 256 18.3.4 mac-address-table notification interval Command: mac-address-table notification interval <0-86400> no mac-address-table notification interval Function: Configure the interval for sending the MAC address notification, the no command restores the default interval.
Page 328: Mac-Notification
18.3.5 mac-notification Command: mac-notification {added | both | removed} no mac-notification Function: Configure the MAC address notification for the specified port, the no command cancels the function. Parameter: added: the added MAC address removed: the removed MAC address both: the added and the removed MAC addresses Default: No MAC address notification.
Page 329: Snmp-Server Enable Traps Mac-Notification
Default: Do not show the summary. Command Mode: Admin mode Usage Guide: With this command, check the configuration of MAC address and the sending status of MAC notification trap. Example: Switch#show mac-notification summary MAC address notification:enabled MAC address snmp traps:enabled MAC address notification interval = 10 MAC address notification history log size = 120 MAC address added = 0...
Page 330 Usage Guide: This command is used with MAC notification switch. When the switch is disabled, other configuration can be shown, but the function is invalid. Example: Enable the trap notification of MAC address. Switch(Config)#snmp-server enable traps mac-notification 18-92...
Page 331: Chapter 19 Commands For Mstp
Chapter 19 Commands for MSTP 19.1 Commands for MSTP 19.1.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode. Usage Guide: This command is to quit MSTP region mode without saving the current configuration. The previous MSTP region configuration is valid.
Page 332: Instance Vlan
Usage Guide: This command is to quit MSTP region mode with saving the current configuration. Example: Quit MSTP region mode with saving the current configuration. Switch(Config-Mstp-Region)#exit Switch(config)# 19.1.3 instance vlan Command: instance <instance-id> vlan <vlan-list> no instance <instance-id> [vlan <vlan-list>] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances;...
Page 333: Name
Example: Map VLAN1-10 and VLAN 100-110 to Instance 1. Switch(config)#spanning-tree mst configuration Switch(Config-Mstp-Region)#instance 1 vlan 1-10;100-110 19.1.4 name Command: name <name> no name Function: In MSTP region mode, set MSTP region name; the “no name” command restores the default setting. Parameter: <name>...
Page 334: Revision-Level
Function: Cancel one command or set it as initial value. Parameter: <instance-id> instance number, <name> MSTP region name, <revision-level> is account the modify value of MST configuration caption. Command mode: MSTP Region Mode Default: The default revision level is 0. Usage Guide: This command deletes the specified instance and MSTP region name, restore the default of modify value is 0.
Page 335: Show
Usage Guide: This command is to set revision level for MSTP configuration. The bridges with same MSTP revision level and same other attributes are considered in the same MSTP region. Example: Set revision level to 2000. Switch(config)#spanning-tree mst configuration Switch(Config-Mstp-Region)# revision-level 2000 19.1.7 show Command: show...
Page 336: Spanning-Tree Cost
Command mode: Global Mode and Port Mode Default: MSTP is not enabled by default. Usage Guide: If the MSTP is enabled in global mode, the MSTP is enabled in all the ports except for the ports which are set to disable the MSTP explicitly.
Page 337: Spanning-Tree Digest-Snooping
10Gbps 2000 2000~20000 For the aggregation ports, the default costs are as below: Port Type Allowed Number Of Aggregation Default Port Cost Ports 10Mbps 2000000/N 100Mbps 200000/N 1Gbps 20000/N 10Gbps 2000/N Usage Guide: By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of port and the designated port of the instance.
Page 338: Spanning-Tree Format
Usage Guide: According to MSTP protocol, the region authentication string is generated by MD5 algorithm with public authentication key, intstance ID, VLAN ID. Some manufactory don’t use the public authentication key, this causes the incompatibility. After the command is executed the port can use the authentication string of partner port, realize compatibility with these manufactories equipment.
Page 339: Spanning-Tree Forward-Time
Usage Guide: As the CISCO has adopted the packet format different with the one provided by IEEE, while many companies also adopted the CISCO format to be CISCO compatible, we have to provide support to both formats. The standard format is originally the one provided by IEEE, and the privacy packet format is CISCO compatible. In case we are not sure about which the packet format is on partner, the AUTO configuration will be preferred so to identify the format by the packets they sent.
Page 340: Spanning-Tree Hello-Time
Usage Guide: When the network topology changes, the status of the port is changed from blocking to forwarding. This delay is called the forward delay. The forward delay is co working with hello time and max age. The parameters should meet the following conditions.
Page 341: Spanning-Tree Link-Type P2P
19.1.14 spanning-tree link-type p2p Command: spanning-tree link-type p2p {auto | force-true | force-false} no spanning-tree link-type Function: Set the link type of the current port; the command “no spanning-tree link-type” restores link type to auto-negotiation. Parameter: auto sets auto-negotiation, force-true forces the link as point-to-point type, force-false forces the link as non point-to-point type.
Page 342: Spanning-Tree Max-Hop
Parameter: <time> is max aging time in seconds. The valid range is from 6 to 40. Command mode: Global Mode Default: The max age is 20 seconds by default. Usage Guide: The lifetime of BPDU is called max age time. The max age is co working with hello time and forward delay. The parameters should meet the following conditions.
Page 343: Spanning-Tree Mcheck
Usage Guide: The MSTP uses max-age to count BPDU lifetime. In addition, MSTP also uses max-hop to count BPDU lifetime. The max-hop is degressive in the network. The BPDU has the max value when it initiates from MSTI root bridge. Once the BPDU is received, the value of the max-hop is reduced by 1.
Page 344: Spanning-Tree Mode
19.1.18 spanning-tree mode Command: spanning-tree mode {mstp | stp | rstp} no spanning-tree mode Function: Set the spanning-tree mode in the switch; the command “no spanning-tree mode” restores the default setting. Parameter: mstp sets the switch in IEEE802.1s MSTP mode; stp sets the switch in IEEE802.1D STP mode; rstp sets the switch in IEEE802.1D RSTP mode.
Page 345: Spanning-Tree Mst Cost
Command mode: Global Mode Default: The default values of the attributes of the MSTP region are listed as below: Attribute of MSTP Default Value Instance There is only the instance 0. All the VLANs (1~4094) are mapped to the instance 0. Name MAC address of the bridge Revision...
Page 346 Default: By default, the port cost is relevant to the port bandwidth. Port Type Default Path Cost Suggested Range 10Mbps 2000000 2000000~20000000 100Mbps 200000 200000~2000000 1Gbps 20000 20000~200000 10Gbps 2000 2000~20000 For the aggregation ports, the default costs are as below: Port Type Allowed Number Of Aggregation Default Port Cost...
Page 347: Spanning-Tree Cost-Format
ports aggregation link with 4 ports 10Gbps Full- duplex 2,000 aggregation link with 2 1,000 ports aggregation link with 3 ports aggregation link with 4 ports Usage Guide: By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of root port and the designated port of the instance.
Page 348: Spanning-Tree Mst Loopguard
If users already configured the cost value of link with spanning-tree cost command manually, changing path-cost format with cost-format command is successful after the previous configuration is cleared only. Example: Set the cost format in global mode Switch(config)#spanning-tree cost-format dot1d 19.1.22 spanning-tree mst loopguard Command: spanning-tree [mst <instance-id>] loopguard...
Page 349: Spanning-Tree Mst Port-Priority
19.1.23 spanning-tree mst port-priority Command: spanning-tree mst <instance-id> port-priority <port-priority> no spanning-tree mst <instance-id> port-priority Function: Set the current port priority for the specified instance; the command “no spanning-tree mst <instance-id> port-priority” restores the default setting. Parameter: <instance-id> sets the instance ID. The valid range is from 0 to 64; <port-priority> sets port priority. The valid range is from 0 to 240.
Page 350: Spanning-Tree Mst Rootguard
Parameter: <instance-id> sets instance ID. The valid range is from 0 to 64; <bridge-priority> sets the switch priority. The valid range is from 0 to 61440. The value should be the multiples of 4096, such as 0, 4096, 8192…61440. Command mode: Global Mode Default: The default bridge priority is 32768.
Page 351: Spanning-Tree Portfast
Usage Guide: The command is used in Port Mode, if the port is configured to be a rootguand port, it is forbidden to be a MSTP root port. If superior BPDU packet is received from a rootguard port, MSTP did not recalculate spanning-tree, and just set the status of the port to be root_inconsistent (blocked).If no superior BPDU packet is received from a blocked rootguard port, the port status will restore to be forwarding.
Page 352: Spanning-Tree Port-Priority
Example: Configure the border port mode as BPDU guard, the recovery time as 60s. Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)#spanning-tree portfast bpduguard recovery 60 Switch(Config-If-Ethernet1/2)# 19.1.27 spanning-tree port-priority Command: spanning-tree port-priority <port-priority> no spanning-tree port-priority Function: Set the port priority; the command “no spanning-tree port-priority” restores the default setting. Parameter: <port-priority>...
Page 353: Spanning-Tree Priority
19.1.28 spanning-tree priority Command: spanning-tree priority <bridge-priority> no spanning-tree priority Function: Configure the spanning-tree priority; the “no spanning-tree priority” command restores the default priority. Parameter: <bridge-priority> is the priority of the bridging switch. Its value should be round times of 4096 between 0 and 61440, such as 0, 4096, 8192…...
Page 354: Spanning-Tree Tcflush (Global Mode)
Parameter: None. Command mode: Port Mode. Default: Port is non-root port. Usage Guide: The command is used in Port Mode, if the port is configured to be a rootguand port, it is forbidden to be a MSTP root port. If superior BPDU packet is received from a rootguard port, MSTP did not recalculate spanning-tree, and just set the status of the port to be root_inconsistent (blocked).
Page 355: Spanning-Tree Tcflush (Port Mode)
Default: Enable Usage Guide: According to MSTP, when topology changes, the port that send change message clears MAC/ARP table (FLUSH). In fact it is not needed for some network environment to do FLUSH with every topology change. At the same time, as a method to avoid network assault, we allow the network administrator to configure FLUSH mode by the command Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended.
Page 356: Spanning-Tree Transmit-Hold-Count
Usage Guide: According to MSTP, when topology changes, the port that send change message clears MAC/ARP table (FLUSH). In fact it is not needed for some network environment to do FLUSH with every topology change. At the same time, as a method to avoid network assault, we allow the network administrator to configure FLUSH mode by the command Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended.
Page 357: Commands For Monitor And Debug
19.2 Commands for Monitor and Debug 19.2.1 debug spanning-tree Command: debug spanning-tree no debug spanning-tree Function: Enable the MSTP debugging information; the command “no debug spanning-tree” disables the MSTP debugging information. Command mode: Admin Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, and then they can use this command to display the relevant debugging information.
Page 358: Show Spanning-Tree
Usage Guide: In the MSTP region mode, display the configuration of the current MSTP region such as MSTP name, revision, VLAN and instance mapping. Note: Before quitting the MSTP region mode, the displayed parameters may not be effective. Example: Display the configuration of the current MSTP region. Switch(config)#spanning-tree mst configuration Switch(Config-Mstp-Region)#show mst-pending Name...
Page 359 Example: Display the bridge MSTP. Switch#sh spanning-tree -- MSTP Bridge Config Info -- Standard : IEEE 802.1s Bridge MAC : 00: 30: 4f: 01: 0e: 30 Bridge Times : Max Age 20, Hello Time 2, Forward Delay 15 Force Version: 3 ########################### Instance 0 ########################### Self Bridge Id : 32768 - 00: 30: 4f: 01: 0e: 30...
Page 360 ########################### Instance 4 ########################### Self Bridge Id : 32768.00: 30: 4f: 01: 0e: 30 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID Current port list in Instance 4: Ethernet1/1 Ethernet1/2 (Total 2) PortName IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --- ---- ------------------ -------...
Page 361: Show Spanning-Tree Mst Config
19.2.4 show spanning-tree mst config Command: show spanning-tree mst config Function: Display the configuration of the MSTP in the Admin mode. Command mode: Admin Mode Usage Guide: In the Admin mode, this command can show the parameters of the MSTP configuration such as MSTP name, revision, VLAN and instance mapping.
Page 362: Chapter 20 Commands For Qos
Chapter 20 Commands for QoS 20.1 accounting Command: accounting no accounting Function: Set statistic function for the classified traffic. Parameter: None. Command mode: Policy map configuration mode Default: Do not set statistic function. Usage Guide: After enable this function, add statistic function to the traffic of the policy class map. In single bucket mode, the messages can be only red or green when passing policy.
Page 363 20.2 class Command: class <class-map-name> [insert-before <class-map-name>] no class <class-map-name> Function: Associates a class to a policy map and enters the policy class map mode; the no command deletes the specified class. Parameters: <class-map-name> is the class map name used by the class. insert-before <class-map-name>...
Page 364 Function: Creates a class map and enters class map mode; the no command deletes the specified class map. Parameters: <class-map-name> is the class map name. Default: No class map is configured by default. Command mode: Global Mode Example: Creating and then deleting a class map named “c1”. Switch(config)#class-map c1 Switch(Config-ClassMap-c1)#exit Switch(config)#no class-map c1...
Page 365 Usage Guide: Clear accounting data of the specified ports or VLAN Policy Map. If there are no parameters, clear accounting data of all policy map. Example: Clear the Policy Map statistic of VLAN 100. Switch#Clear mls qos statistics vlan 100 20.5 drop Command: drop...
Page 366 20.6 match Command: match {access-group <acl-index-or-name> | ip dscp <dscp-list> | ip precedence <ip-precedence-list> | ipv6 access-group <acl-index-or-name> | ipv6 dscp <dscp-list> | ipv6 flowlabel <flowlabel-list> | vlan <vlan-list> | cos <cos-list>} no match {access-group | ip dscp | ip precedence| ipv6 access-group| ipv6 dscp | ipv6 flowlabel | vlan | cos} Function: Configure the match standard of the class map;...
Page 367: Mls Qos Cos
Example: Create a class-map named c1, and configure the class rule of this class-map to match packets with IP Precedence of Switch(config)#class-map c1 Switch(Config-ClassMap-c1)#match ip precedence 0 Switch(Config-ClassMap-c1)#exit 20.7 mls qos cos Command: mls qos cos {<default-cos>} no mls qos cos Function: Configures the default CoS value of the port;...
Page 368: Mls Qos Map
20.8 mls qos map Command: mls qos map {cos-intp <intp1…intp8> | cos-dp<dp1…dp8> | dscp-intp <in-dscp list> to <intp> | dscp-dp <in-dscp list> to <dp> | dscp-dscp <in-dscp list> to <out-dscp>} no mls qos map {cos-intp | cos-dp | dscp-intp | dscp-dp | dscp-dscp} Function: Set the priority mapping of QoS, the no command restores the default mapping.
Page 369 In-DSCP Value 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63 Out-DSCP Value Command mode: Global Mode Usage Guide: INTP means the chip internal priority setting. Because of the internal DSCP value have 64 and the chip internal priority (queue) only 8, the dscp-intp mapping need 8 continuum internal dscp mapping to the same INTP. Example: 1.
Page 370 Example: Setting the queue management algorithm as sp. Switch(config)#mls qos queue algorithm sp 20.10 mls qos queue wrr weight Command: mls qos queue wrr weight <weight0..weight7> no mls qos queue wrr weight Function: After configure this command, the queue weight is set. Parameters: <weight0..weight7>...
Page 371 20.11 mls qos queue wdrr weight Command: mls qos queue wdrr weight <weight0..weight7> no mls qos queue wdrr weight Function: After configure this command, the queue weight is set. Parameters: <weight0..weight7> defines the queue weight, in Kbytes. For WDRR algorithm, this configuration is valid, but for SP algorithm, it is invalid.
Page 372: Mls Qos Trust
Function: After configure this command, the queue bandwidth guarantee is set. Parameters: <queue-id> is the queue ID to configure the bandwidth guarantee, the different chip supports the different queue count, the range is different too, and the ranging from 1 to 8. <minimum-bandwidth >...
Page 373 Parameters: dscp configures the port to trust DSCP value. Default: Trust CoS value. Command mode: Port Configuration Mode. Usage Guide: trust dscp mode: Set the intp field based dscp-to-intp mapping. Example: Set trust dscp of port. Switch(config)#interface ethernet 1/1 Switch(config-if-ethernet1/1)#mls qos trust dscp 20.14 policy Command: Single Bucket Mode:...
Page 374 Parameters: bits_per_second: The committed information rate – CIR (Committed Information Rate), in Kbps, ranging from 1 to 10000000; normal_burst_bytes: The committed burst size – CBS (Committed Burst Size), in byte, ranging from 1 to 1000000. When the configured CBS value exceeds the max limit of the chip, configure the hardware with max number supported by the chip without any CLI prompt;...
Page 375 Usage Guide: The CLI can support both singe bucket and dual bucket configuration, and determine which one to select by checking whether PIR or PBS is configured. When configuring with CLI, after configuring CBS, if the action is directly configured, the mode is single bucket dual color; if only PBS is configured, the mode is single rate dual bucket three color;...
Page 376 Usage Guide: The same policy set can be referred to by different policy class maps. Example: Create class-map, the match rule is the cos value is 0; policy-map is 1, enter the policy map mode, set the Policy and choose the color policy for the current list. Switch(config)#class-map cm Switch(config-classmap-cm)#match cos 0 Switch(config-classmap-cm)#exit...
Page 377 Example: Creating and deleting a policy map named “p1”. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#exit Switch(config)#no policy-map p1 20.17 service-policy input Command: service-policy input <policy-map-name> no service-policy input {<policy-map-name>} Function: Applies a policy map to the specified port; the no command deletes the specified policy map applied to the port deletes all the policy maps applied on the ingress direction of the port .
Page 378 20.18 service-policy input vlan Command: service-policy input <policy-map-name> vlan <vlan-list> no service-policy input {<policy-map-name>} vlan < vlan-list> Function: Applies a policy map to the specified VLAN interface; the no command deletes the specified policy map applied to the VLAN interface or deletes all the policy maps applied in the ingress direction of the vlan interface . Parameters: input <policy-map-name>...
Page 379 Function: Assign a new DSCP, IP Precedence for the classified traffic; the no form of this command delete assigning the new values. Parameter: ip dscp <new-dscp> new DSCP value, do not distinguish v4 and v6. ip precedence <new-precedence> new IP Precedence. cos <new cos>...
Page 380 Command mode: Admin Mode. Usage Guide: Displays all configured class-map or specified class-map information. Example: Switch # show class-map Class map name:c1, used by 1 times match acl name:1 Displayed information Explanation Class map name:c1 Name of the Class map used by 1 times Used times match acl name:1...
Page 381: Show Mls Qos Interface
Policy Map p1, used by 0 port Class Map name: c1 policy CIR: 1000 CBS: 1000 PIR: 200 PBS: 3000 conform-action: transmit exceed-action: drop violate-action: drop Displayed information Explanation Policy Map p1 Name of policy map Class map name:c1 Name of the class map referred to policy CIR: 1000 CBS: 1000 PIR: 200 PBS: 3000 Policy implemented conform-action:...
Page 382 Usage Guide: In single rate single bucket mode, the messages can only red or green when passing police. In the print information, in-profile means green and out-profile means red. In dual bucket mode, there are three colors of messages. But the counter can only count two kinds of messages, the red and yellow ones will both be treated as out-profile.
Page 383 Trust：COS The trust state of the port Attached Policy Map for Ingress: p1 Policy name bound to port ClassMap ClassMap name classified Total data packets match this ClassMap. If there is no Accounting for Class Map, show NA in-profile Total in-profile data packets match this ClassMap.
Page 384: Show Mls Qos Maps
Display Information Explanation Internal-Priority-TO-Queue map:: Internal-Priority to queue mapping Queue Algorithm： WRR or WDRR or PQ queue out method Queue weights Queue weights configuration Bandwidth Guarantee Configuration Bandwidth guarantee configuration Switch#show mls qos interface ethernet 1/2 policy Ethernet1/2： Attached Policy Map for Ingress: p1 Accounting：ON Classmap classified...
Page 385 Parameters: cos-intp: The mapping from ingress L2 CoS to internal priority cos-dp: The mapping from ingress L2 COS to the dropping priority dscp-intp: The mapping from ingress DSCP to internal priority dscp-dp： The mapping from ingress DSCP to the dropping priority intp-dscp：...
Page 386 ----------------------------------------- Ingress DSCP-TO-DSCP map: d1 : d2 0 8 16 16 16 16 16 16 16 16 24 24 24 24 24 24 24 24 32 32 32 32 32 32 32 32 40 40 40 40 40 40 40 40 48 48 48 48 48 48 48 48 56 56 56 56 56 56 56 56 Ingress DSCP-TO-Drop-Precedence map:...
Page 387 Example: Switch#show mls qos vlan 1 Vlan 1: Attached Policy Map for Ingress: 1 Classmap classified in-profile out-profile (in packets) Switch(config)#show mls qos vlan 7 Vlan 7: Attached Policy Map for Ingress: 7 Classmap classified in-profile out-profile (in packets) 20.25 transmit Command: transmit no transmit...
Page 388 Example: Send the packet which satisfy c1. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-p1-Class-c1)#transmit Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#exit 20-150...
Page 389 Chapter 21 Commands for Flow-based Redirection 21.1 access-group redirect to interface ethernet Command: access-group <aclname> redirect to interface [ethernet <IFNAME> | <IFNAME>] no access-group <aclname> redirect Function: Specify flow-based redirection; “no access-group <aclname> redirect” command is used to delete flow-based redirection.
Page 390 21.2 show flow-based-redirect Command: show flow-based-redirect {interface [ethernet <IFNAME> | <IFNAME>]} Function: Display the information of current flow-based redirection in the system/port. Parameters: 1. No specified port, display the information of all the flow-based redirection in the system. 2. Specify ports in <IFNAME>, display the information of the flow-based redirection configured in the ports listed in the interface-list.
Page 391 Chapter 22 Commands for Flexible QinQ 22.1 match Command: match {access-group <acl-index-or-name> | ip dscp <dscp-list>| ip precedence <ip-precedence-list>| ipv6 access-group <acl-index-or-name>| ipv6 dscp <dscp-list> match {access-group <acl-index-or-name> | ip dscp <dscp-list>| ip precedence <ip-precedence-list>| ipv6 access-group <acl-index-or-name> | ipv6 dscp <dscp-list>...
Page 392 Command Mode: Class-map Mode Usage Guide: Only one match standard can be configured in a class map. When configuring the ACL match, permit rule is the match option, it will apply Policy Map action. Deny rule is the excluding option, it does not apply Policy Map action. If it has been configured other match rule, the operation is failure, but configuring the same match rule will cover the previous.
Page 393 Example: Apply policy-map p1 (p1 corresponds with the action that modify s-vid) to Ethernet port 1/1 for flexible QinQ. Switch(Config-If-Ethernet1/1)#dot1q-tunnel enable Switch(Config-If-Ethernet1/1)#service-policy p1 in Apply policy-map p1 (p1 corresponds with the action that modify c-vid) to Ethernet port 1/1 for flexible QinQ. Switch(Config-If-Ethernet1/1)#service-policy p1 in 22.3 set Command:...
Page 394 Example: Set an external VLAN Tag' VID as 3 for the packet which satisfy c2 class rule. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c2 Switch(Config-PolicyMap-p1-Class-c2)#set s-vid 3 Switch(Config-PolicyMap-p1-Class-c2)#exit 22-156...
Page 395 Chapter 23 Commands for Layer 3 Management 23.1 Commands for Layer 3 Interface 23.1.1 description Command: description <text> no description Function: Configure the description information of VLAN interface. The no command will cancel the description information of VLAN interface. Parameter: <text>...
Page 396: Show Ip Route
23.1.2 interface vlan Command: interface vlan <vlan-id> no interface vlan <vlan-id> Function: Create a VLAN interface (a Layer 3 interface); the “no interface vlan <vlan-id>” command deletes the Layer 3 interface specified. Parameters: <vlan-id> is the VLAN ID of the established VLAN, ranging from 1 to 4094. Default: No Layer 3 interface is configured upon switch shipment.
Page 397 Function: Display routing table. Parameter: database is database information. Command Mode: Admin Mode Usage Guide: Show kernal routing table, include: routing type, destination network, mask, next-hop address, interface, etc. Example: Switch#show ip route Codes: C - connected, S - static, R - RIP derived, O - OSPF derived A - OSPF ASE, B - BGP derived Destination Mask Nexthop Interface Pref C 2.2.2.0 255.255.255.0 0.0.0.0 vlan2 0...
Page 398: Clear Ip Traffic
23.2 Commands for IPv4/v6 configuration 23.2.1 clear ip traffic Command: clear ip traffic Function: Clear the statistic information of IP protocol. Parameter: None. Command mode: Admin Mode. Default: None. Usage guide: Clear the statistic information of receiving and sending packets for IP kernel protocol, including the statistic of receiving packets, sending packets and dropping packets and the error information of receiving and sending packets for IP protocol, ICMP protocol, TCP protocol and UDP protocol.
Page 399 Parameter: None Command Mode: Admin Mode Default: None Usage Guide: This command cannot clear static neighbor. Example: Clear neighbor list. Switch#clear ipv6 neighbors 23.2.3 debug ip icmp Command: debug ip icmp no debug ip icmp Function: The debugging for receiving and sending ICMP packets. Parameter: None.
Page 400: Debug Ip Packet
Example: Switch#debug ip icmp IP ICMP: sent, type 8, src 0.0.0.0, dst 20.1.1.1 Display Description IP ICMP: sent Send ICMP packets type 8 Type is 8（PING request） src 0.0.0.0 Source IPv4 address dst 20.1.1.1 Destination IPv4 address 23.2.4 debug ip packet Command: debug ip packet no debug ip packet...
Page 401: Debug Ipv6 Packet
23.2.5 debug ipv6 packet Command: debug ipv6 packet no debug ipv6 packet Function: IPv6 data packets receive/send debug message. Parameter: None Default: None Command Mode: Admin Mode Example: Switch#debug ipv6 packet IPv6 PACKET: rcvd, src <fe80::203:fff:fe01:2786>, dst <fe80::1>, size <64>, proto <58>, from Vlan1 Displayed information Explanation IPv6 PACKET: rcvd...
Page 402 Parameter: None Default: None Command Mode: Admin Mode Usage Guide: None Example: Switch#debug ipv6 icmp IPv6 ICMP: sent, type <129>, src <2003::1>, dst <2003::20a:ebff:fe26:8a49> from Vlan1 Displayed information Explanation IPv6 ICMP: sent Send IPv6 data report type <129> Ping protocol No. src <2003::1>...
Page 403 Parameter: None. Default: The debug of receiving and sending operations for all five types of IPv6 ND messages is disabled by default. Command Mode: Admin Mode Usage Guide: The ND protocol is an essential part of IPv6. This command can display the ND message of a specified type for troubleshooting.
Page 404 Default: The system default is no IP address configuration. Usage Guide: This command configures IP address on VLAN interface manually. If optional parameter secondary is not configured, then it is configured as the primary IP address of VLAN interface; if optional parameter secondary is configured, then that means the IP address is the secondary IP address of VLAN.
Page 405 Example: Specify a default gateway: Switch(config)# ip default-gateway 10.1.1.10 Cancel the setting of a default gateway: Switch(config)# no ip default-gateway 10.1.1.10 23.2.10 ip route Command: ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} {<gateway-address> | <gateway-interface>} [<distance>] no ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} [<gateway-address> | <gateway-interface>] [<distance>] Function: Configure the static route.
Page 406 IBGP EBGP At the case of no chaging the distance value of all kinds of routes, the priority of directly connected routes is the highest, the static routes, EBGP, OSPF, RIP and IBGP are followed. Example: 1. Add a static route. Switch(config)#ip route 1.1.1.0 255.255.255.0 2.1.1.1 2.
Page 407 Example: Configure an IPv6 address on VLAN1 Layer 3 interface: the prefix is 2001:3f:ed8::99 and the length of the prefix is Switch(Config-if-Vlan1)#ipv6 address 2001:3f:ed8::99/64 23.2.12 ipv6 default-gateway Command: ipv6 default-gateway <X:X::X:X> no ipv6 default-gateway <X:X::X:X> Function: Configure IPv6 default gateway of the router. The no command cancels the configuration. Parameter: <...
Page 408: Ipv6 Nd Dad Attempts
23.2.13 ipv6 nd dad attempts Command: ipv6 nd dad attempts <value> no ipv6 nd dad attempts Function: Set Neighbor Solicitation Message number sent in succession by interface when setting Duplicate Address Detection. Parameter: <value> is the Neighbor Solicitation Message number sent in succession by Duplicate Address Detection, and the value of <value>...
Page 409: Ipv6 Neighbor
Parameter: parameter <seconds> is the time interval of sending Neighbor Solicitation Message, <seconds> value must be between 1-3600 seconds, no command restores the default value 1 second. Command Mode: Interface Configuration Mode Default: The default Request Message time interval is 1 second. Usage Guide: The value to be set will include the situation in all routing announcement on the interface.
Page 410: Show Ip Interface
Usage Guide: IPv6 address and multicast address for specific purpose and local address cannot be set as neighbor. Example: Set static neighbor 2001:1:2::4 on port E1/1, and the hardware MAC address is 00-30-4f-89-44-bc. Switch(Config-if-Vlan1)#ipv6 neighbor 2001:1:2::4 00-30-4f-89-44-bc interface Ethernet 1/1 23.2.16 show ip interface Command: show ip interface [<ifname>...
Page 411 Function: Display statistics for IP packets. Command mode: Admin Mode Usage Guide: Display statistics for IP, ICMP, TCP, UDP packets received/sent. Example: Switch#show ip traffic IP statistics: Rcvd: 3249810 total, 3180 local destination 0 header errors, 0 address errors 0 unknown protocol, 0 discards Frags: 0 reassembled, 0 timeouts 0 fragment rcvd, 0 fragment dropped 0 fragmented, 0 couldn't fragment, 0 fragment sent...
Page 412: Show Ipv6 Interface
UdpInDatagrams 0, UdpInErrors UdpNoPorts 0, UdpOutDatagrams Displayed information Explanation IP statistics： IP packet statistics. Rcvd: 3249810 total, 3180 local destination Statistics total packets received, 0 header errors, 0 address errors number packets reached local 0 unknown protocol, 0 discards destination, number of packets have header errors, number of erroneous addresses, number...
Page 413 Function: Show interface IPv6 parameters. Parameter: Parameter brief is the brief summarization of IPv6 status and configuration, and parameter interface-name is Layer 3 interface name. Default: None Command Mode: Admin and Configuration Mode Usage Guide: If only brief is specified, then information of all L3 is displayed, and you can also specify a specific Layer 3 interface. Example: Switch#show ipv6 interface Vlan1 Vlan1 is up, line protocol is up, dev index is 2004...
Page 414: Show Ipv6 Route
ND managed_config_flag is unset ND other_config_flag is unset ND NS interval is 1 second(s) ND router advertisements is disabled ND RA min-interval is 200 second(s) ND RA max-interval is 600 second(s) ND RA hoplimit is 64 ND RA lifetime is 1800 second(s) ND RA MTU is 0 ND advertised reachable time is 0 millisecond(s) ND advertised retransmit time is 0 millisecond(s)
Page 415 Usage Guide: show ipv6 route only shows IPv6 kernal routing table (routing table in tcpip), database shows all routers except the local router. Example: Switch#show ipv6 route Codes: C - connected, L - Local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP 2001:2::/32 via fe80::789,...
Page 416: Show Ipv6 Neighbors
23.2.20 show ipv6 neighbors Command: show ipv6 neighbors [{vlan|ethernet} interface-number | interface-name | address <ipv6address>] Function: Display neighbor table entry information. Parameter: Parameter {vlan|ethernet} interface-number|interface-name specify the lookup based on interface. Parameter ipv6-address specifies the lookup based on IPv6 address. It displays the whole neighbor table entry if without parameter.
Page 417: Show Ipv6 Traffic
Hardware Addr Neighbor MAC address Interface Exit interface name Port Exit interface name Neighbor status (reachable、state、delay、probe、 State permanent、incomplete、unknown) 23.2.21 show ipv6 traffic Command: show ipv6 traffic Function: Display IPv6 transmission data packets statistics information. Parameter: None Default: None Command Mode: Admin and Configuration Mode Example: Switch#show ipv6 traffic...
Page 418 Displayed information Explanation IP statistics IPv6 data report statistics Rcvd: 90 total, 17 local destination0 IPv6 received packets statistics header errors, 0 address errors0 unknown protocol, 13 discards Frags: 0 reassembled, 0 timeouts IPv6 fragmenting statistics 0 fragment rcvd, 0 fragment dropped0 fragmented, couldn't fragment,...
Page 419 Example: Configuring static ARP for interface VLAN1. Switch(Config-if-Vlan1)#arp 1.1.1.1 00-30-4f-f0-12-34 interface eth 1/2 23.3.2 clear arp-cache Command: clear arp-cache Function: Clears ARP table. Command mode: Admin Mode Example: Switch#clear arp-cache 23.3.3 clear arp traffic Command: clear arp traffic Function: Clear the statistic information of ARP messages of the switch. For box switches, this command will only clear statistics of APP messages received and sent from the current boardcard.
Page 420: Debug Arp
23.3.4 debug arp Command: debug arp {receive|send|state} no debug arp {receive|send|state} Function: Enables the ARP debugging function; the “no debug arp {receive|send|state}” command disables this debugging function. Parameter: receive the debugging-switch of receiving ARP packets of the switch; send the debugging-switch of sending ARP packets of the switch;...
Page 421 Function: Displays the ARP table. Parameters: <ipaddress> is a specified IP address; <vlan-id> stands for the entry for the identifier of specified VLAN; <hw-addr> for entry of specified MAC address; static for static ARP entry; dynamic for dynamic ARP entry; count displays number of ARP entries;...
Page 422 23.3.6 show arp traffic Command: show arp traffic Function: Display the statistic information of ARP messages of the switch. For box switches, this command will only show statistics of APP messages received and sent from the current boardcard. Command mode: Admin and Config Mode Usage Guide: Display statistics information of received and sent APP messages.
Page 423 Chapter 24 Commands for RIP 24.1 accept-lifetime Command: accept-lifetime <start-time> {<end-time>| duration<seconds>| infinite} no accept-lifetime Function: Use this command to specify a key accept on the key chain as a valid time period. The “no accept-lifetime” command deletes this configuration. Parameter: <start-time>...
Page 424: Clear Ip Rip Route
Switch# config terminal Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# accept-lifetime 03:03:01 Dec 3 2004 04:04:02 Oct 6 2006 Related Command: key-string key chain send-lifetime 24.2 clear ip rip route Command: clear ip rip route {<A.B.C.D/M> | kernel | static | connected | rip | ospf | isis | bgp | all} Function: Clear specific route in the RIP route table.
Page 425: Debug Rip
Usage Guide: Use this command with the all parameter will delete all learnt route in the RIP route which will be immediately recovered except for rip route. The dynamic learnt RIP route can only be recovered by studying one more time. Example: Switch# clear ip rip route 10.0.0.0/8 Switch# clear ip rip route ospf...
Page 426 24.4 debug rip redistribute message send Command: debug rip redistribute message send no debug rip redistribute message send Function: To enable the debugging of sending messages for routing redistribution messages from OSPF process or BGP protocol for RIP. The no form of this command will disable the debugging messages. Default: Close the debug by default.
Page 427 Example: Switch#debug rip redistribute route receive Switch#no debug rip redistribute route receive 24.6 default-information originate Command: default-information originate no default-information originate Function: Allow the network 0.0.0.0 to be redistributed into the RIP. The “no default-information originate” disable this function. Default: Disabled Command Mode: Router mode...
Page 428 Parameter: <value> is the metric value to be set, ranging between 1~16. Default: Default route metric value is 1. Command Mode: Router mode and address-family mode Usage Guide: default-metric command is used for setting the default route metric value of the routes from other routing protocols when distributed into the RIP routes.
Page 429 Default: The default managing distance of RIP is 120. Command Mode: Router mode and address-family mode Usage Guide: In case there are routes from two different routing protocols to the same destination, the managing distance is then used for selecting routes. The less the managing distance of the route protocol is, the more reliable will be the route acquired from the protocol.
Page 430 Usage Guide: The filter will be applied to all the interfaces in case no specific interface is set. Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# distribute-list prefix myfilter in vlan 1 24.10 ip rip aggregate-address Command: ip rip aggregate-address A.B.C.D/M no ip rip aggregate-address A.B.C.D/M Function: To configure RIP aggregation route.
Page 431: Ip Rip Authentication Mode
24.11 ip rip authentication key-chain Command: ip rip authentication key <name-of-chain> no ip rip authentication key-chain Function: Use this command to enable RIPV2 authentication on an interface and further configures the adopted key chain. The “no ip rip authentication key-chain” command cancels the authentication. Parameter: <name-of-chain>...
Page 432: Ip Rip Authentication String
Function: Configure the authentication mode; the “no ip rip authentication mode {ext|md5}” command restores to the default authentication mode namely text authentication mode. Parameter: text means text authentication; md5 means MD5 authentication. Default: Not configured authentication. Command Mode: Interface Configuration Mode. Usage Guide: RIP-I do not support authentication which the RIP-II supports two authentication modes: text authentication (i.e.
Page 433 Parameter: <text> is the password used in authentication of which the length should be 1-16 characters with space available. The password should end with enter. Command Mode: Interface mode Usage Guide: The ip rip authentication key will not be able to be configured when this command is configured, key id value is required in MD5 authentication which is 1 when use this command.
Page 434 Command Mode: Interface mode Usage Guide: After authentication is configured on the cisco router, the RIP packets will exceeds the length of the defined standard length of the protocol once the number of route items is greater than 25. By configuring this command the over-lengthen RIP packets will be receivable other than denied.
Page 435: Ip Rip Receive Version
Switch(Config-if-Vlan1)# ip rip receive-packet Related Command: ip rip send-packet 24.16 ip rip receive version Command: ip rip receive version { 1 | 2|1 2 } no ip rip receive version Function: Set the version information of the RIP packets the interface receives. The default version is 2; the “no ip rip receive version”...
Page 436: Ip Rip Send Version
24.17 ip rip send-packet Command: ip rip send-packet no ip rip send-packet Function: Set the Interface to be able to receive the RIP packets; the “no ip rip send-packet” set the interface to be unable to receive the RIP packets. Default: Interface sends RIP packets.
Page 437 Default: Version 2 Command Mode: Interface Configuration Mode. Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip send version 1 Related Command: Version 24.19 ip rip split-horizon Command: ip rip split-horizon [poisoned] no ip rip split-horizon Function: Enable split horizon. The “no ip rip split-horizon” disables the split horizon. Parameter: [poisoned] means configure the split horizon with poison reverse.
Page 438 Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip split-horizon poisoned 24.20 key Command: key <keyid> no key <keyid> Function: This command is for managing and adding keys in the key chain. The “no key <keyid>“command deletes one key. Parameter: <keyid>...
Page 439 24.21 key chain Command: key chain <name-of-chain> no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The “no key chain < name-of-chain >“deletes one keychain. Parameter: <name-of-chain> is the name string of the keychain the length of which is not specifically limited. Command Mode: Global Mode Example:...
Page 440 Parameter: <text> is a character string without length limit. However when referred by RIP authentication only the first 16 characters will be used. Command Mode: Keychain-key mode Usage Guide: This command is for configure different passwords for keys with different ID. Example: Switch# config terminal Switch(config)# key chain mychain...
Page 441 Usage Guide: The maximum RIP route only limits the number of routes learnt through RIP but not includes direct route or the RIP static route configured by the route command. The base on which the comparison is performed is the number of route marked R in the show ip route database, and also the number of RIP routes displayed in the show ip route statistics command.
Page 442 Related Command: passive-interface 24.25 network Command: network <A.B.C.C/M|ifname> no network <A.B.C.C/M|ifname> Function: Configure the RIP protocol network. Parameter: <A.B.C.C/M|> is the IP address prefix and its length in the network. <ifname> is the name of a interface. Default: Not running RIP protocol Command Mode: Router mode and address-family mode Usage Guide:...
Page 443 24.26 offset-list Command: offset-list <access-list-number |access-list-name> {in|out} <number > [<ifname>] no offset-list <access-list-number |access-list-name> {in|out} <number > [<ifname>] Function: Add an offset value to the metric value of the routes learnt by RIP. The “no offset-list <access-list-number |access-list-name> {in|out} <number > [<ifname>]” command disables this function. Parameter: <...
Page 444 Parameter: <ifname> is the name of specific interface. Default: Not configured Command Mode: Router mode Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# passive-interface vlan 1 Related Command: show ip rip 24.28 recv-buffer-size Command: recv-buffer-size<size> no recv-buffer-size Function: This command configures the size of UDP receiving buffer zone of RIP; the “no recv-buffer-size” command restores the system default.
Page 445 Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# recv-buffer-size 23456789 24.29 redistribute Command: redistribute {kernel |connected| static| ospf [<process-id>] | isis| bgp} [metric<value>] [route-map<word>] no redistribute {kernel |connected| static| ospf [<process-id>] | isis| bgp} [metric<value>] [route-map<word>] Function: Introduce the routes learnt from other routing protocols into RIP. Parameter: kernel introduce from kernel routes;...
Page 446: Router Rip
To redistribute OSPFv2 routing information to RIP. Switch(config)# router rip Switch(config-router)# redistribute ospf 2 24.30 route Command: route <A.B.C.D/M> no route <A.B.C.D/M> Function: This command configures a static RIP route. The “no route <A.B.C.D/M>“command deletes this route. Parameter: Specifies this destination IP address prefix and its length. Command Mode: Router mode Usage Guide:...
Page 447 Function: Enable the RIP routing process and enter the RIP mode; the “no router rip” command closes the RIP routing protocol. Default: Not running RIP route. Command Mode: Global mode Usage Guide: This command is the switch for starting the RIP routing protocol which is required to be open before configuring other RIP protocol commands.
Page 448: Show Debugging Rip
<year> Specifies the year of valid start, ranging between 1993 - 2035 end-time> Specifies the due of the time period, of which the form should be: end-time>={<hh:mm:ss> <month> <day> <year>|<hh:mm:ss> <day> <month> <year>} <hh:mm:ss> Specify the concrete valid time of accept-lifetime in hours, minutes and second <day>...
Page 449: Show Ip Protocols Rip
Example: Switch# show debugging rip RIP debugging status: RIP event debugging is on RIP packet detail debugging is on RIP NSM debugging is on 24.34 show ip protocols rip Command: show ip protocols rip Function: Show the RIP process parameter and statistics information. Command Mode: Admin and configuration mode Example:...
Page 450: Show Ip Rip
Distance: (default is 120) Displayed information Explanation Sending updates every 30 seconds with +/-50%, next due in 8 Sending update every 30 secs seconds Timeout after 180 seconds, garbage collect after 120 seconds The route time-out event period is 180 secs, the garbage collect time is 120 seconds Outgoing update filter list for all interface is not set Outgoing update filter list for all...
Page 451: Show Ip Rip Database
Function: Show the routes in the RIP route data base. Command Mode: Admin mode Example: show ip rip Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B – BGP Network Next Hop Metric From...
Page 452: Show Ip Rip Interface
24.37 show ip rip interface Command: show ip rip interface [<ifname>] Function: Show the RIP related messages. Parameter: <ifname> is the name of the interface to show the messages. Command Mode: Admin mode Example: Switch# show ip rip interface vlan 1 Vlan1 is up, line protocol is up Routing Protocol: RIP Receive RIP packets...
Page 453: Timers Basic
Usage Guide: This command is used to display which interface the aggregation route be configured, Metric, Count, Suppress and so on. If configured under global mode, then the interface display “----”, “Metric” is metric. “Count” is the number of learned aggregation routes. “Suppress” is the times of aggregation. Example: To display the information of IPv4 aggregation route.
Page 454 Parameter: <update> time interval of sending update packet, shown in seconds and ranging between 5-2147483647; <invalid> time period after which the RIP route is advertised dead, shown in seconds and ranging between 5-2147483647; <garbage> is the hold time in which the a route remains in the routing table after advertised dead, shown in seconds and ranging between 5-2147483647.
Page 455 2 is version 2 rip. Default: Sent and received data packet is version 2 by default. Command Mode: Router mode and address-family mode Usage Guide: 1. refers to that each interface of the layer 3 switch only sends/receives the RIP-I data packets. 2.
Page 456: Area Authentication
Chapter 25 Commands for OSPF 25.1 area authentication Command: area <id> authentication [message-digest] no area <id> authentication Function: Configure the authentication mode of the OSPF area; the “no area <id> authentication” command restores the default value. Parameter: <id> is the area number which could be shown in digit, ranging between 0 to 4294967295, or in IP address. message-digest is proved by MD5 authentication, or be proved by simple plaintext authentication if not choose this parameter.
Page 457 25.2 area default-cost Command: area <id> default-cost <cost> no area <id> default-cost Function: Configure the cost of sending to the default summary route in stub or NSSA area; the “no area <id> default-cost” command restores the default value. Parameter: <id> is the area number which could be shown as digits 0～4294967295, or as an IP address; <cost> ranges between <0-16777215>.
Page 458: Area Nssa
Parameter: <id> is the area number which could be shown in digits ranging between 0～4294967295, or as an IP address; access-list is appointed for use in access, so is prefix-list for prefix; <name> is the name of the filter, the length of which is between 1-256; in means from other areas to this area, out means from this area to other areas.
Page 459: Area Range
candidate. never means the router will never translate Type 7 LSA to Type 5 LSA. always means the route always translate Type 7 LSA to Type 5 LSA. no-redistribution means never distribute external-LSA to NSSA. DEFAULT-ORIGINATE=default-information-originate [metric <0-16777214>] [metric-type <1-2>], generate the Type-7 LSA.
Page 460: Area Stub
Parameter: <id> is the area number which could be digits ranging between 0～4294967295, and also as an IP address. <address>=<A.B.C.D/M> specifies the area network prefix and its length. advertise: Advertise this area, which is the default. not-advertise : Not advertise this area. substitute= substitute <A.B.C.D/M>: advertise this area as another prefix.
Page 461 Default: Not defined. Command Mode: OSPF protocol mode Usage Guide: Configure area stub on all routes in the stub area. There are two configuration commands for the routers in the stub area: stub and default-cost. All routers connected to the stub area should be configured with area stub command. As for area border routers connected to the stub area, their introducing cost is defined with area default-cost command.
Page 462 AUTH_KEY= authentication-key <key>. <key>: A password consists of less than 8 characters. INTERVAL= [dead-interval | hello-interval | message-digest-key<1-255>md5<LINE> | retransmit-interval | transmit-delay] <value>. <value>:>: The delay or interval seconds, ranging between 1~65535. <dead-interval>: A neighbor is considered offline for certain dead interval without its group messages which the default is 40 seconds.
Page 463: Compatible Rfc
Function: This command sets the way in which OSPF calculate the default metric value. The “no auto-cost reference-bandwidth” command only configures the cost to the interface by types. Parameter: <bandwidth> reference bandwidth in Mbps, ranging between 1~4294967. Default: Default bandwidth is 100Mbps. Command Mode: OSPF protocol mode Usage Guide:...
Page 464: Clear Ip Ospf Process
Default: Rfc 2328 compatible by default. Command Mode: OSPF protocol mode Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#compatible rfc1583 25.10 clear ip ospf process Command: clear ip ospf [<process-id>] process Function: Use this command to clear and restart OSPF routing processes. One certain OSPF process will be cleared by specifying the process ID, or else all OSPF processes will be cleared.
Page 465: Debug Ospf Ifsm
Function: Open debugging switches showing various OSPF events messages; the “no debug ospf events [abr|asbr|lsa|nssa|os|router|vlink]” command closes the debugging switch. Default: Closed Command Mode: Admin and global mode Example: Switch#debug ospf events router 25.12 debug ospf ifsm Command: debug ospf ifsm [status|events|timers] no debug ospf ifsm [status|events|timers] Function: Open debugging switches showing the OSPF interface states;...
Page 466: Debug Ospf Lsa
25.13 debug ospf lsa Command: debug ospf lsa [generate|flooding|install|maxage|refresh] no debug ospf lsa [generate|flooding|install|maxage|refresh] Function: link state announcements; “no Open debugging switches showing debug ospf [generate|flooding|install|maxage|refresh]” closes the debugging switches. Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf lsa generate 25.14 debug ospf nfsm Command:...
Page 467: Debug Ospf Nsm
25.15 debug ospf nsm Command: debug ospf nsm [interface|redistribute] no debug ospf nsm [interface|redistribute] Function: Open debugging switches showing OSPF NSM, the “no debug ospf nsm [interface|redistribute]” command closes this debugging switch. Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf nsm interface 25.16 debug ospf packet...
Page 468: Debug Ospf Route
Example: Switch#debug ospf packet hello 25.17 debug ospf route Command: debug ospf route [ase|ia|install|spf] no debug ospf route [ase|ia|install|spf] Function: Open debugging switches showing OSPF related routes; the “no debug ospf route [ase|ia|install|spf]” command closes this debugging switch. Default: Closed Command Mode: Admin mode and global mode Example:...
Page 469 Command Mode: Admin Mode. Example: To enable debugging of sending command from OSPF process redistributed to other OSPF process routing. Switch#debug ospf redistribute message send 25.19 debug ospf redistribute route receive Command: debug ospf redistribute route receive no debug ospf redistribute route receive Function: To enable/disable debugging switch of received routing message from NSM for OSPF process.
Page 470 25.20 default-information originate Command: default-information originate [always | METRIC | METRICTYPE | ROUTEMAP] no default-information originate Function: This command create a default external route to OSPF route area; the “no default-information originate” closes this feature. Parameter: always: Whether default route exist in the software or not, the default route is always advertised. METRIC = metric <value>: Set the metric value for creating default route, <value>...
Page 471 25.21 default-metric Command: default-metric <value> no default-metric Function: The command set the default metric value of OSPF routing protocol; the “no default-metric” returns to the default state. Parameter: <value>, metric value, ranging between 0~16777214. Default: Built-in, metric value auto translating. Command Mode: OSPF protocol mode Usage Guide:...
Page 472 Parameter: <value>, OSPF routing manage distance, ranging between 1~235 ROUTEPARAMETER= ospf {ROUTE1|ROUTE2|ROUTE3}. ROUTE1= external <external-distance>, Configure the distance learnt from other routing area. <external-distance>distance value, ranging between 1~255. ROUTE2= inter-area <inter-distance>, configure the distance value from one area to another area. <inter-distance>...
Page 473 Parameter: < access-list-name> is the access-list name to be applied. out: Filter the sent route update. kernel Kernel route. connected Direct route. static Static route. rip RIP route. isis ISIS route. bgp BGP route. Command Mode: OSPF protocol mode Usage Guide: When distributing route from other routing protocols into the OSPF routing table, we can use this command.
Page 474: Host Area
Default: There is no default configuration. Command Mode: OSPF protocol mode Usage Guide: This command is used to filter the route obtained by OSPF. Do not filter any routes when the specified access list is not exist, for the routes which do not match permit rule of access list, they will be filtered. One access list can be set for this command, only the last configuration takes effect when configuring many times.
Page 475: Ip Ospf Authentication
Command Mode: OSPF protocol mode Usage Guide: With this command you can advertise certain specific host route out as stub link. Since the stub host belongs to special router in which setting host is not important. Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#host 172.16.10.100 area 1 Switch(config-router)#host 172.16.10.101 area 2 cost 10 25.26 ip ospf authentication...
Page 476: Ip Ospf Cost
Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf authentication message-digest 25.27 ip ospf authentication-key Command: ip ospf [<ip-address>] authentication-key <LINE> no ip ospf [<ip-address>] authentication Function: Specify the authentication key required in sending and receiving OSPF packet on the interface; the “no ip ospf [<ip-address>] authentication”...
Page 477 Function: Specify the cost required in running OSPF protocol on the interface; the “no ip ospf [<ip-address>] cost” command restores the default value. Parameter: <ip-address> is the interface IP address shown in dotted decimal notation. <cost > is the cost of OSPF protocol ranging between 1~65535. Default: Default OSPF cost on the interface is auto-figure out based bandwidth.
Page 478 Command Mode: Interface Configuration Mode. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf database-filter all out 25.30 ip ospf dead-interval Command: ip ospf [<ip-address>] dead-interval <time > no ip ospf [<ip-address>] dead-interval Function: Specify the dead interval for neighboring layer 3 switch; the “no ip ospf [<ip-address>] dead-interval” command restores the default value.
Page 479: Ip Ospf Disable All
Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf dead-interval 80 25.31 ip ospf disable all Command: ip ospf disable all no ip ospf disable all Function: Stop OSPF group process on the interface. Command Mode: Interface Configuration Mode. Usage Guide: This command resets the network area command and stops group process on specific interface.
Page 480 Parameter: <ip-address> is the interface IP address shown in dotted decimal notation; <time> is the interval sending HELLO packet, shown in seconds and ranging between 1～65535. Default: The hello-interval on the interface is 10 seconds. Command Mode: Interface Configuration Mode. Usage Guide: HELLO data packet is the most common packet which is periodically sent to adjacent layer 3 switch to discover and maintain adjacent relationship, elect DR and BDR.
Page 481: Ip Ospf Mtu
Parameter: <ip-address> is the interface IP address show in dotted decimal notation; <key_id> ranges between 1-255; <LINE> is the OSPF key. Default: MD5 key not configured. Command Mode: Interface Configuration Mode. Usage Guide: MD5 key encrypted authentication is used for ensure the safety between the OSPF routers on the network. Same key id and key should be configured between neighbors when using this command or else no adjacent relationship will not be created.
Page 482 Command Mode: Interface Configuration Mode. Usage Guide: The interface value configured by this command is only used by OSPF protocol other than updated into kernel. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf mtu 1480 25.35 ip ospf mtu-ignore Command: ip ospf <ip-address>...
Page 483: Ip Ospf Network
25.36 ip ospf network Command: ip ospf network {broadcast | non-broadcast | point-to-point | point-to-multipoint} no ip ospf network Function: This command configures the OSPF network type of the interface; the “no ip ospf network” command restores the default value. Parameter: broadcast: Set the OSPF network type to broadcast.
Page 484 Parameter: <ip-address> is the interface IP address show in dotted decimal notation. <priority> is the priority of which the valid value ranges between 0～255. Default: The default priority when electing DR is 1. Command Mode: Interface Configuration Mode. Usage Guide: When two layer 3 switches connected to the same segments both want to be the “Defined layer 3 switch”, the priority will decide which one should be chosen.
Page 485 Default: Default retransmit interval is 5 seconds. Command Mode: Interface Configuration Mode. Usage Guide: When a layer 3 switch transmits LSA to its neighbor, it will maintain the link state announcements till confirm from the object side is received. If the confirm packet is not received within the interval, the LSA will be retransmitted. The retransmit interval must be larger than the time it takes to make a round between two layer 3 switches.
Page 486 Usage Guide: The LSA ages with time in the layer 3 switches, but not in the network transmitting process. By adding the transit-delay prior to sending the LSA, the LSA will be sent before aged. Example: Set the LSA transmit delay of interface vlan1 to 3 seconds. Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf transmit-delay 3...
Page 487 25.41 key chain Command: key chain <name-of-chain> no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The “no key chain < name-of-chain >” command deletes one keychain. Parameter: <name-of-chain> is the name string of the keychain the length of which is not specifically limited. Command Mode: Global Mode and Keychain Mode.
Page 488 Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#log-adjacency-changes detail 25.43 max-concurrent-dd Command: max-concurrent-dd <value> no max-concurrent-dd Function: This command set the maximum concurrent number of dd in the OSPF process; the “no max-concurrent-dd” command restores the default. Parameter: <value> ranges between <1-65535>, which is the capacity of processing the concurrent dd data packet. Default: Not set, no concurrent dd limit.
Page 489: Network Area
25.44 neighbor Command: neighbor A.B.C.D [<cost>| priority <value> | poll-interval <value>] no neighbor A.B.C.D [<cost>| priority <value> | poll-interval <value>] Function: This command configures the OSPF router connecting NBMA network. The “no neighbor A.B.C.D [<cost>| priority <value> | poll-interval <value>]” command removes this configuration. Parameter: <cost>, OSPF neighbor cost value ranging between 1-65535;...
Page 490 Function: This command enables OSPF routing function one the interface with IP address matched with the network address. The “no network NETWORKADDRESS area <area-id>“command removes the configuration stop OSPF on corresponding interface. Parameter: NETWORKADDRESS = A.B.C.D/M | A.B.C.D X.Y.Z.W, Shown with the network address prefix or the mask. Wildcast mask if shown in mask;...
Page 491 ibm, Realize through ibm ABR; shortcut, Specify a shortcut-ABR; standard, Realize with standard（RFC2328）ABR. Default: Cisco by default. Command Mode: OSPF protocol mode Usage Guide: For Specifying the realizing type of abr. This command is good for interactive operation among different OSPF realizing method and is especially useful in the multiple host environment.
Page 492: Overflow Database
Usage Guide: The new router-id takes effect immediately. Example: Configure router-id of ospf 100 to 2.3.4.5. Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#ospf router-id 2.3.4.5 25.48 overflow database Command: overflow database <maxdbsize > [{hard|soft}] no overflow database Function: This command is for configuring the max LSA number. The “no overflow database” command cancels the limit. Default: Not configured.
Page 493: Overflow Database External
25.49 overflow database external Command: overflow database external [<maxdbsize > <maxtime>] no overflow database external [<maxdbsize > <maxtime>] Function: The command is for configuring the size of external link database and the waiting time before the route exits overflow state. The “no overflow database external [<maxdbsize > <maxtime>]” restores the default value. Parameter: <...
Page 494 Default: Not configured. Command Mode: OSPF protocol mode Example: Switch#config terminal Switch(config)#router ospf Switch(config-router)#passive-interface vlan1 25.51 redistribute Command: redistribute {kernel |connected| static| rip| isis| bgp} [metric<value>] [metric-type {1|2}][route-map<word>][tag<tag-value>] no redistribute {kernel |connected| static| rip| isis| bgp} [metric<value>] [metric-type {1|2}][route-map<word>][tag<tag-value>] Function: Introduce route learnt from other routing protocols into OSPF.
Page 495: Redistribute Ospf
Usage Guide: Learn and introduce other routing protocol into OSPF area to generate AS-external_LSAs. Example: Switch#config terminal Switch(config)#router ospf Switch(config-router)#redistribute bgp metric 12 25.52 redistribute ospf Command: redistribute ospf [<process-id>] [metric<value>] [metric-type {1|2}][route-map<word>] no redistribute ospf [<process-id>] [metric<value>] [metric-type {1|2}][route-map<word>] Function: To redistribute of process ID routing to this process.
Page 496: Router Ospf
25.53 router ospf Command: router ospf <process_id> <vrf-name> no router ospf <process_id> <vrf-name> Function: This command is for relating the OSPF process and one VPN, after the configuration succeeded, all configuration conmmands of this OSPF are relating with the VPN. The no command deletes the OSPF instance with VPN routing/ forward instance.
Page 497 Parameter: <process-id> is the process ID, ranging between 0~65535. Default: Not displayed Command Mode: Admin and configuration mode Example: Switch#show ip ospf Routing Process "ospf 0" with ID 192.168.1.1 Process bound to VRF default Process uptime is 2 days 0 hour 30 minutes Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA...
Page 498 Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of non-default external LSA 0 External LSA database is unlimited.
Page 499: Show Ip Ospf Database
Example: Switch#show ip ospf border-routers OSPF process 0 internal Routing Table Codes: i - Intra-area route, I - Inter-area route i 10.15.0.1 [10] via 10.10.0.1, Vlan1, ASBR, Area 0.0.0.0 i 172.16.10.1 [10] via 10.10.11.50, Vlan2, ABR, ASBR, Area 0.0.0.0 25.56 show ip ospf database Command: show ip ospf [<process-id>] database[{ adv-router [{<linkstate_id>| self-originate |adv-router <advertiser_router>}]sbr-summary[{<linkstate_id>| self-originate |adv-router <advertiser_router>}] | external...
Page 500: Show Ip Ospf Interface
Example: Switch#show ip ospf database Router Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# CkSum Link count 192.168.1.2 192.168.1.2 254 0x80000031 0xec21 1 192.168.1.3 192.168.1.3 236 0x80000033 0x0521 2 Net Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# CkSum 20.1.1.2...
Page 501: Show Ip Ospf Neighbor
Parameter: <interface> is the name of interface Default: Not displayed Command Mode: Admin and configuration mode Example: Switch#show ip ospf interface Loopback is up, line protocol is up OSPF not enabled on this interface Vlan1 is up, line protocol is up Internet Address 10.10.10.50/24, Area 0.0.0.0 Process ID 0, Router ID 10.10.11.50, Network Type BROADCAST, Cost: 10 Transmit Delay is 5 sec, State Waiting, Priority 1...
Page 502 detail: Display detailed messages of all neighbors <ifaddress> Interface IP address Default: Not displayed Command Mode: Admin and configuration mode Usage Guide: OSPF neighbor state can be checked by viewing the output of this command. Example: Switch#show ip ospf neighbor OSPF process 0: Neighbor ID State...
Page 503: Show Ip Ospf Route
Parameter: <process-id> is the process ID ranging between 0~65535. Command Mode: Admin Mode and Configuration Mode. Example: Switch#show ip ospf redistribute ospf process 1 redistribute information： ospf process 2 ospf process 3 ospf process 2 redistribute information： ospf process 1 ospf process 3 redistribute information：...
Page 504 Command Mode: Admin and configuration mode Example: Switch#show ip ospf route O 10.1.1.0/24 [10] is directly connected, Vlan1, Area 0.0.0.0 O 10.1.1.4/32 [10] via 10.1.1.4, Vlan1, Area 0.0.0.0 IA 11.1.1.0/24 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 11.1.1.2/32 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 12.1.1.0/24 [20] via 10.1.1.2, Vlan1, Area 0.0.0.0 IA 12.1.1.2/32 [20] via 10.1.1.2, Vlan1, Area 0.0.0.0 O 13.1.1.0/24 [10] is directly connected, Vlan4, Area 0.0.0.3...
Page 505 Example: Switch#show ip ospf virtual-links Virtual Link VLINK0 to router 10.10.0.9 is up Transit area 0.0.0.1 via interface Vlan1 Transmit Delay is 1 sec, State Point-To-Point, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Adjacency state Full Virtual Link VLINK1 to router 10.10.0.123 is down Transit area 0.0.0.1 via interface Vlan1...
Page 506: Show Ip Protocols
Example: Switch#show ip route database process-detail Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area >...
Page 507 12.1.1.0/24 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110) Address Mask Distance List Routing Protocol is "bgp 0" Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is IGP synchronization is disabled Automatic route summarization is disabled Neighbor(s): Address...
Page 508: Timers Spf
Example: Switch#config terminal Switch(config)#router ospf Switch(config-router)#summary-address 172.16.0.0/16 tag 3 25.65 timers spf Command: timers spf <spf-delay> <spf-holdtime> no timers spf Function: Adjust the value of the route calculating timer. The “no timers spf” command restores relevant values to default. Parameter: <spf-delay>...
Page 509 Chapter 26 IPv4 Multicast Protocol 26.1 anti-arpscan enable Command: anti-arpscan enable no anti-arpscan enable Function: Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally disables ARP scanning prevention function. Parameters: None. Default Settings: Disable ARP scanning prevention function. Command Mode: Global configuration mode User Guide:...
Page 510 Function: Set the threshold of received messages of the port-based ARP scanning prevention. If the rate of received ARP messages exceeds the threshold, the port will be closed. The unit is packet/second. The “no anti-arpscan port-based threshold” command will reset the default value, 10 packets/second. Parameters: rate threshold, ranging from 2 to 200.
Page 511 Default Settings: 3 packets/second. Command Mode: Global configuration mode User Guide: The threshold of port-based ARP scanning prevention should be larger than the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning prevention will fail. Example: Set the threshold of IP-based ARP scanning prevention as 6 packets/second. Switch (config) #anti-arpscan ip-based threshold 6 26.4 anti-arpscan trust Command:...
Page 512 be dealt with. If the port is already closed by ARP scanning prevention, it will be opened right after being set as a trusted port. When remotely managing a switch with a method like telnet, users should set the uplink port as a Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown because of receiving too many ARP messages.
Page 513 Example: Set 192.168.1.0/24 as trusted IP. Switch (config) #anti-arpscan trust ip 192.168.1.0 255.255.255.0 26.6 anti-arpscan recovery enable Command: anti-arpscan recovery enable no anti-arpscan recovery enable Function: Enable the automatic recovery function, “no anti-arpscan recovery enable” command will disable the function. Parameters: None Default Settings:...
Page 514 Function: Configure automatic recovery time; “no anti-arpscan recovery time” command resets the automatic recovery time to default value. Parameters: Automatic recovery time, in second ranging from 5 to 86400. Default Settings: 300 seconds. Command Mode: Global configuration mode User Guide: Automatic recovery function should be enabled first.
Page 515 User Guide: After enabling ARP scanning prevention log function, users can check the detailed information of ports being closed or automatically recovered by ARP scanning prevention or IP being disabled and recovered by ARP scanning prevention. The level of the log is “Warning”. Example: Enable ARP scanning prevention log function of the switch.
Page 516 26.10 show anti-arpscan Command: show anti-arpscan [trust [ip | port | supertrust-port] |prohibited [ip | port]] Function: Display the operation information of ARP scanning prevention function. Parameters: None. Default Settings: Display every port to tell whether it is a trusted port and whether it is closed. If the port is closed, then display how long it has been closed.
Page 517 Ethernet4/2 untrust Ethernet4/3 untrust Ethernet4/4 trust Ethernet4/5 untrust Ethernet4/6 supertrust Ethernet4/7 untrust Ethernet4/8 trust Ethernet4/9 untrust Ethernet4/10 untrust Ethernet4/11 untrust Ethernet4/12 untrust Ethernet4/13 untrust Ethernet4/14 untrust Ethernet4/15 untrust Ethernet4/16 untrust Ethernet4/17 untrust Ethernet4/18 untrust Ethernet4/19 untrust Ethernet4/20 untrust Ethernet4/21 untrust Ethernet4/22 untrust Ethernet4/23...
Page 518 Function: Enable the debug switch of ARP scanning prevention; ”no debug anti-arpscan [port | ip]” command disables the switch. Parameters: None. Default Settings: Disable the debug switch of ARP scanning prevention Command Mode: Admin Mode User Guide: After enabling debug switch of ARP scanning prevention users can check corresponding debug information or enable the port-based or IP-based debug switch separately whenever a port is closed by ARP scanning prevention or recovered automatically, and whenever IP t is closed or recovered .
Page 519 Chapter 27 Commands for Preventing ARP Spoofing 27.1 ip arp-security updateprotect Command: ip arp-security updateprotect no ip arp-security updateprotect Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect” command re-enables ARP table automatic update. Parameter: None. Default: ARP table automatic update. Command Mode: Global Mode/ Interface configuration.
Page 520 Function: Forbid ARP learning function of IPv4 Version, the “no ip arp-security learnprotect” command re-enables ARP learning function. Parameter: None. Default: ARP learning enabled. Command Mode: Global Mode/ Interface Configuration. Usage Guide: This command is for preventing the automatic learning and updating of ARP. Unlike ip arp-security updateprotect, once this command implemented, there will still be timeout even if the switch keeps sending Request/Reply messages.
Page 521: Clear Ip Arp Dynamic
Usage Guide: This command will convert the dynamic ARP entries to static ones, which, in combination with disabling automatic learning, can prevent ARP binding. Once implemented, this command will lose its effect. Example: Switch(Config-if-Vlan1)#ip arp -security convert Switch(config)#ip arp -security convert 27.4 clear ip arp dynamic Command: clear ip arp dynamic...
Page 522 Parameter: None Command mode: Interface Configuration Usage Guide: This command will clear dynamic entries before binding ND. Once implemented, this command will lose its effect. Example: Switch(Config-if-Vlan1)#clear ipv6 nd dynamic 27-14...
Page 523 Chapter 28 Command for ARP GUARD 28.1 arp-guard ip Command: arp-guard ip <addr> no arp-guard ip <addr> Function: Add an ARP GUARD address, the no command deletes ARP GUARD address. Parameters: <addr> is the protected IP address, in dotted decimal notation. Default: There is no ARP GUARD address by default.
Page 524 Chapter 29 Commands for Gratuitous ARP Configuration 29.1 ip gratuitous-arp Command: ip gratuitous-arp [<interval-time>] no ip gratuitous-arp Function: To enabled gratuitous ARP, and specify update interval for gratuitous ARP. The no form of this command will disable the gratuitous ARP configuration. Parameters: <interval-time>...
Page 525 29.2 show ip gratuitous-arp Command: show ip gratuitous-arp [interface vlan <vlan-id>] Function: To display configuration information about gratuitous ARP. Parameters: <vlan-id> is the VLAN ID. The valid range for <vlan-id> is between 1 and 4094. Command Mode: All the Configuration Modes. Usage Guide: In all the configuration modes, the command show ip gratuitous arp will display information about the gratuitous ARP configuration in global and interface configuration mode.
Page 526: Commands For Dhcp Server Configuration
Chapter 30 Commands for DHCP 30.1 Commands for DHCP Server Configuration 30.1.1 bootfile Command: bootfile <filename> no bootfile Function: Sets the file name for DHCP client to import on boot up; the “no bootfile “command deletes this setting. Parameters: <filename> is the name of the file to be imported, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Usage Guide:...
Page 527: Clear Ip Dhcp Conflict
Parameters: <address> is the IP address that has a binding record in decimal format. all refers to all IP addresses that have a binding record. Command mode: Admin Mode. Usage Guide: “show ip dhcp binding” command can be used to view binding information for IP addresses and corresponding DHCP client hardware addresses.
Page 528: Clear Ip Dhcp Server Statistics
records in the log will be removed. When records are removed from the log, the addresses are available for allocation by the DHCP server. Example: The network administrator finds 10.1.128.160 that has a conflict record in the log and is no longer used by anyone, so he deletes the record from the address conflict log.
Page 529: Debug Ip Dhcp Client
30.1.5 client-identifier Command: client-identifier <unique-identifier> no client-identifier Function: Specifies the unique ID of the user when binding an address manually; the “no client-identifier” command deletes the identifier. Parameters: <unique-identifier> is the user identifier, in dotted Hex format. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used with “host”...
Page 530: Debug Ip Dhcp Relay
Default: Disable the debugging. 30.1.7 debug ip dhcp relay Command: debug ip dhcp server packet no debug ip dhcp server packet Function: Enable the debugging of DHCP relay, no command disables the debugging of DHCP relay. Command mode: Admin Mode Default: Disable the debugging.
Page 531 30.1.9 Admin Mode.default-router Command: default-router <address1>[<address2>[…<address8>]] no default-router Function: Configures default gateway(s) for DHCP clients; the “no default-router” command deletes the default gateway. Parameters: <address1>…<address8> are IP addresses, in decimal format. Default: No default gateway is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide:...
Page 532 Default: No DNS server is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: Up to 8 DNS server addresses can be configured. The DNS server address assigned first has the highest priority, therefore address 1 has the highest priority, and address 2 has the second, and so on. Example: Set 10.1.128.3 as the DNS server address for DHCP clients.
Page 533 30.1.12 hardware-address Command: hardware-address <hardware-address> [{Ethernet | IEEE802|<type-number>}] no hardware-address Function: Specifies the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting. Parameters: <hardware-address> is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, <type-number>...
Page 534: Ip Dhcp Conflict Logging
Function: Specifies the IP address to be assigned to the user when binding addresses manually; the “no host” command deletes the IP address. Parameters: <address> is the IP address in decimal format; <mask> is the subnet mask in decimal format; <prefix-length> means mask is indicated by prefix.
Page 535 Default: Logging for address conflict is enabled by default. Command mode: Global Mode Usage Guide: When logging is enabled, once the address conflict is detected by the DHCP server, the conflicting address will be logged. Addresses present in the log for conflicts will not be assigned dynamically by the DHCP server until the conflicting records are deleted.
Page 536: Ip Dhcp Pool
Example: The port disables DHCP services. switch(config-if-ethernet1/3)#ip dhcp disable 30.1.16 ip dhcp excluded-address Command: ip dhcp excluded-address <low-address> [<high-address>] no ip dhcp excluded-address <low-address> [<high-address>] Function: Specifies addresses excluding from dynamic assignment; the “no ip dhcp excluded-address <low-address> [<high-address>]” command cancels the setting. Parameters: <low-address>...
Page 537 Function: Configures a DHCP address pool and enter the pool mode; the “no ip dhcp pool <name>“command deletes the specified address pool. Parameters: <name> is the address pool name, up to 32 characters are allowed. Command mode: Global Mode Usage Guide: This command is used to configure a DHCP address pool under Global Mode and enter the DHCP address configuration mode.
Page 538: Ip Dhcp Ping Packets
Usage Guide: To enable Ping-detection of conflict, one should enable the log of conflict addresses, when which is disabled, so will the ping-detection of conflict. When a client is unable to receive Ping request messages (when blocked by firewall, for example), this function will check local ARP according to allocated IP: if a designated IP has a corresponding ARP, then an address conflict exists;...
Page 539: Ip Dhcp Ping Timeout
30.1.20 ip dhcp ping timeout Command: ip dhcp ping timeout <timeout-value> no ip dhcp ping timeout Function: Set the timeout period (in ms) of waiting for a reply message (Echo Request) after each Ping request message (Echo Request) in Ping-detection of conflict on DHCP server, whose default value is 500ms. The no operation of this command will restore the default value.
Page 540 Parameters: <days> is number of days from 0 to 365; <hours> is number of hours from 0 to 23; <minutes> is number of minutes from 0 to 59; infinite means perpetual use. Default: The default lease duration is 1 day. Command Mode: DHCP Address Pool Mode Usage Guide:...
Page 541 Usage Guide: This command is used to DHCP request packets with option51. If the lease time (user requests the address) exceeds the maximum lease time configured, the lease that DHCP server assigns the address is the maximum lease time configured. If the lease time requested by the user is less than the maximum lease time configured, the lease that DHCP server assigns the address is the lease time requested by the user.
Page 542 30.1.24 netbios-node-type Command: netbios-node-type {b-node | h-node | m-node | p-node | <type-number>} no netbios-node-type Function: Sets the node type for the specified port; the “no netbios-node-type” command cancels the setting. Parameters: b-node stands for broadcasting node, h-node for hybrid node that broadcasts after point-to-point communication; m-node for hybrid node to communicate in point-to-point after broadcast;...
Page 543 Parameters: <network-number> is the network number; <mask> is the subnet mask in the decimal format; <prefix-length> stands for mask in prefix form. For example, mask 255.255.255.0 in prefix is “24”, and mask 255.255.255.252 in prefix is “30”. Note: When using DHCP server, the pool mask should be longer or equal to that of layer 3 interface IP address in the corresponding segment.
Page 544 Usage Guide: This command configures the address for the server hosting client import file. This is usually used for diskless workstations that need to download configuration files from the server on boot up. This command is used together with “bootfile”. Example: Setting the hosting server address as 10.1.128.4.
Page 545: Service Dhcp
30.1.28 service dhcp Command: service dhcp no service dhcp Function: Enables DHCP server; the “no service dhcp” command disables the DHCP service. Parameters: None Default: DHCP service is disabled by default. Command mode: Global Mode Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP services are enabled, both DHCP server and DHCP relay are enabled.
Page 546: Show Ip Dhcp Conflict
Parameters: <ip-addr> is a specified IP address in decimal format; all stands for all binding types (manual binding and dynamic assignment); manual for manual binding; dynamic for dynamic assignment; count displays statistics for DHCP address binding entries. Command mode: Admin and Configuration Mode. Example: Switch# show ip dhcp binding IP address...
Page 547: Show Ip Dhcp Server Statistics
Detection method Method in which the conflict is detected. Detection Time Time when the conflict is detected. 30.1.31 show ip dhcp relay information option Command: show ip dhcp relay information option Function: Show the relative configuration for DHCP relay option82. Parameters: None.
Page 548 Command mode: Admin and Configuration Mode. Example: Switch# show ip dhcp server statistics Address pools 3 Database agents Automatic bindings 2 Manual bindings Conflict bindings Expired bindings Malformed message 0 Message Received BOOTREQUEST 3814 DHCPDISCOVER 1899 DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM 1 Message Send BOOTREPLY 1911 DHCPOFFER 6...
Page 549: Commands For Dhcp Relay Configuration
DHCPREQUEST Number of DHCPREQUEST packets DHCPDECLINE Number of DHCPDECLINE packets DHCPRELEASE Number of DHCPRELEASE packets DHCPINFORM Number of DHCPINFORM packets Message Send Statistics for DHCP packets sent BOOTREPLY Total packets sent DHCPOFFER Number of DHCPOFFER packets DHCPACK Number of DHCPACK packets DHCPNAK Number of DHCPNAK packets DHCPRELAY...
Page 550 Example: Enable DHCP broadcast suppress function. Switch(config)#ip dhcp broadcast suppress 30.2.2 ip dhcp relay share-vlan <vlanid> sub-vlan <vlanlist> Command: ip dhcp relay share-vlan <vlanid> sub-vlan <vlanlist> no ip dhcp relay share-vlan Function: Specify sub-vlan of a share-vlan, the no command cancels sub-vlan. Parameter: <vlanid>...
Page 551 Function: Sets DHCP relay to forward UPD broadcast packets on the port; the “no ip forward-protocol udp bootps”command cancels the service. Parameter: bootps forwarding UDP port as 67 DHCP broadcast packets. Default: Not forward UPD broadcast packets by default. Command mode: Global Mode Usage Guide: The forwarding destination address is set in the “ip helper-address”...
Page 552 Usage Guide: The DHCP relay forwarding server address corresponds to the port forwarding UDP, i.e. DHCP relay forwards corresponding UDP packets only to the corresponding server instead of all UDP packets to all servers. When this command is run after “ip forward-protocol udp <port>” command, the forwarding address configured by this command receives the UDP packets from <port>.
Page 553 Example: Switch#show ip helper-address Forward protocol Interface Forward server 67(active) Vlan1 192.168.1.1 30-45...
Page 554: Clear Ipv6 Dhcp Binding
Chapter 31 Commands for DHCPv6 31.1 clear ipv6 dhcp binding Command: clear ipv6 dhcp binding [<ipv6-address>] [pd <ipv6-prefix | prefix-length>] Function: To clear one specified DHCPv6 assigned address binding record or all the IPv6 address binding records. Parameter: <ipv6-address> is the specified IPv6 address with binding record; <ipv6-prefix| prefix-length> is the specified IPv6 prefix with binding record;...
Page 555: Clear Ipv6 Dhcp Statistics
Parameter: <address> is the specified address with the conflict record, no specified address will clear all conflict records. Command mode: Admin Mode Usage Guide: With show ipv6 dhcp conflict command, the user can check the conflict in which IP addresses. With this command, the user can clears the conflict record of an address.
Page 556 Example: Clear the counter of DHCPv6 packets. Switch#clear ipv6 dhcp statistics Relative Command: show ipv6 dhcp statistics 31.4 debug ipv6 dhcp client packet Command: debug ipv6 dhcp client {event | packet} no debug ipv6 dhcp client {event | packet} Function: To enable the debugging messages for protocol packets of DHCPv6 prefix delegation client, the no form of this command will disable the debugging information.
Page 557 Default: Disabled. Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp detail 31.6 debug ipv6 dhcp relay packet Command: debug ipv6 dhcp relay packet no debug ipv6 dhcp relay packet Function: To enable the debugging information for protocol packets of DHCPv6 relay, the no form of this command will disable the debugging.
Page 558 Function: To enable the debugging information of DHCPv6 server, the no form of this command will disable the debugging. Parameter: event is to enable debugging messages for DHCPv6 server events, such as address allocation; packet is for debugging messages of protocol packets of DHCPv6 server. Default: Disabled.
Page 559 Example: To configure the DNS Server address of DHCPv6 client as 2001:da8::1. Switch(dhcp-1-config)#dns-server 2001:da8::1 31.9 domain-name Command: domain-name <domain-name> no domain-name <domain-name> Function: To configure domain name of DHCPv6 client; the no form of this command will delete the domain name. Parameter: <domain-name>...
Page 560 Function: To configure the specified IPv6 address to be excluded from the address pool, the excluded address will not be allocated to any hosts; the no form of this command will remove the configuration. Parameter: <ipv6-address> is the IPv6 address to be excluded from being allocated to hosts in the address pool. Default: Disabled Command Mode:...
Page 561: Ipv6 Dhcp Client Pd
Default: No global address is configured for interfaces by default. Usage Guide: The IPv6 address of an interface falls into two parts: <prefix-name> and <ipv6-prefix>/<prefix-length>. If routing advertisement has been enabled, the first 64 bits of the addresses will be advertised. The address generated by <prefix-name>...
Page 562 Usage Guide: This command is used to configure the prefix delegation client on the specified interface, an interface with prefix delegation client enabled will send SOLICIT packets to try to get address prefix from the server. If the prefix is retrieved correctly, the address prefix in the global address pool can be used by the ipv6 address command to generate a valid IPv6 address.
Page 563: Ipv6 Dhcp Pool
Examples: Switch(vlan-1-config)#ipv6 dhcp client pd hint 2001::/48 31.14 ipv6 dhcp pool Command: ipv6 dhcp pool <poolname> no ipv6 dhcp pool <poolname> Function: To configure the address pool for DHCPv6, and enter the DHCPv6 address pool configuration mode. In this mode, information such as the address prefix to be allocated, the DNS server addresses, and domain names, can be configured for the DHCPv6 client.
Page 564: Ipv6 Dhcp Relay Destination
31.15 ipv6 dhcp relay destination Command: ipv6 dhcp relay destination {[<ipv6-address>] [interface { <interface-name> | vlan <1-4096> } ] } no ipv6 dhcp relay destination { [<ipv6-address>] [ interface { <interface-name> | vlan <1-4096> } ] } Function: To configure the destination to which the DHCPv6 relay forwards the DHCPv6 requests from the clients, the destination should be the address of an external DHCPv6 relay or the DHCPv6 server.
Page 565: Ipv6 Dhcp Server
31.16 ipv6 dhcp server Command: ipv6 dhcp server <poolname> [preference <value>] [rapid-commit] [allow-hint] no ipv6 dhcp server <poolname> Function: This command configures the address pool which will be allocated by the DHCPv6 server through the specified interface. The no form of this command will remove the address pool configuration. Parameters: <poolname>...
Page 566 Function: To define an IPv6 general prefix. The no form of this command will delete the configuration. Parameter: <prefix-name> is a character string less than 32 characters, to use as IPv6 general prefix name. <ipv6-prefix/prefix-length> is defined as IPv6 general prefix. Command Mode: Global Mode.
Page 567 Parameters: <poolname> is the name for the IPv6 address pool of the prefix delegation, the length name string should be less than 32. <prefix/prefix-length> is the address prefix and its length of the prefix delegation. <assigned-length> is the length of the prefix in the address pool which can be retrieved by the client, the assigned prefix length should be no less than the value of <prefix-length>...
Page 568 Example: To configure the valid life time as 1000 seconds, and the preferred life time as 600 seconds. Switch(config)#lifetime 1000 600 31.20 network-address Command: network-address <ipv6-pool-start-address> {<ipv6-pool-end-address> | <prefix-length>} [eui-64] no network-address Function: To configure the DHCPv6 address pool; the no form of this command will remove the address pool configuration. Parameters: <ipv6-pool-start-adderss>...
Page 569 31.21 prefix-delegation Command: prefix-delegation <ipv6-prefix/prefix-length> <client-DUID> [iaid <iaid>] [lifetime <valid-time> <preferred-time>] no prefix-delegation <ipv6-prefix/prefix-length> <client-DUID> [iaid <iaid>] Function: To configure dedicated prefix delegation for the specified user. The no form of this command will remove the dedicated prefix delegation. Parameters: <ipv6-prefix/prefix-length>...
Page 570 31.22 prefix-delegation pool Command: prefix-delegation pool <poolname> [lifetime <valid-time> <preferred-time>] no prefix-delegation pool <poolname> Function: To configure prefix delegation name used by DHCPv6 address pool. The no form of this command deletes the configuration. Parameters: <poolname> is the name of the address prefix pool, the length name string should be less than 32. <valid-time> and <preferred-time>...
Page 571: Show Ipv6 Dhcp
31.23 service dhcpv6 Command: service dhcpv6 no service dhcpv6 Function: To enable DHCPv6 server function; the no form of this command disables the configuration. Parameter: None. Default: Disabled. Command Mode: Global Mode. Usage Guide: The DHCPv6 services include DHCPv6 server function, DHCPv6 relay function, DHCPv6 prefix delegation function. All of the above services are configured on ports.
Page 572: Show Ipv6 Dhcp Binding
Command Mode: Admin and Configuration Mode. Usage Guide: To show the enable switch and DUID of DHCPv6 service, server identifier options only use DUID of DUID-LLT type. Example: Switch#show ipv6 dhcp DHCPv6 is enabled LLT DUID is <00:01:00:01:43:b7:1b:81:00:30:4f:01:5f:9d> LL DUID is <00:03:00:01:00:30:4f:01:5f:9d> 31.25 show ipv6 dhcp binding Command: show ipv6 dhcp binding [<ipv6-address>| pd <ipv6-prefix|prefix-length>|count]...
Page 573: Show Ipv6 Dhcp Conflict
31.26 show ipv6 dhcp conflict Command: show ipv6 dhcp conflict Function: Show the log for the address that have a conflict record. Command mode: Admin and Configuration Mode. Example: Switch# show ipv6 dhcp conflict 31.27 show ipv6 dhcp interface Command: show ipv6 dhcp interface [<interface-name>] Function: To show the information for DHCPv6 interface.
Page 574: Show Ipv6 Dhcp Pool
31.28 show ipv6 dhcp pool Command: show ipv6 dhcp pool [<poolname>] Function: To show the DHCPv6 address pool information. Parameter: <poolname> is the DHCPv6 address pool name which configured already, and the length less than 32 characters. If the <poolname> parameter is not provided, then all the DHCPv6 address pool information will be shown. Command Mode: Admin and Configuration Mode.
Page 575 Example: Switch#show ipv6 dhcp server statistics Address pools Active bindings Expired bindings Malformed message Message Recieved DHCP6SOLICIT DHCP6ADVERTISE DHCP6REQUEST DHCP6REPLY DHCP6RENEW DHCP6REBIND DHCP6RELEASE DHCP6DECLINE DHCP6CONFIRM DHCP6RECONFIGURE DHCP6INFORMREQ DHCP6RELAYFORW DHCP6RELAYREPLY Message Send DHCP6SOLICIT DHCP6ADVERTISE DHCP6REQUEST DHCP6REPLY DHCP6RENEW DHCP6REBIND DHCP6RELEASE DHCP6DECLINE DHCP6CONFIRM DHCP6RECONFIGURE DHCP6INFORMREQ DHCP6RELAYFORW...
Page 576 Show information Explanation Address pools To configure the number of DHCPv6 address pools; Active bindings The number of auto assign addresses; Expired bindings The number of expired bindings; Malformed message The number of malformed messages; Message Received The statistic of received DHCPv6 packets. DHCP6SOLICIT The number of DHCPv6 SOLICIT packets.
Page 577 31.30 show ipv6 general-prefix Command: show ipv6 general-prefix Function: To show the IPv6 general prefix pool information. Command Mode: Admin and Configuration Mode. Usage Guide: To show the IPv6 general prefix pool information, include the prefix number in general prefix pool, the name of every prefix, the interface of prefix obtained, and the prefix value.
Page 578: Ip Dhcp Relay Information Option
Chapter 32 Commands for DHCP Option 82 32.1 debug ip dhcp relay packet Command: debug ip dhcp relay packet Function: This command is used to display the information of data packets processing in DHCP Relay Agent, including the “add” and “peel” action of option 82. Parameters: None Command Mode:...
Page 579 Parameters: None. Default Settings: The system disables the option82 function by default. Command Mode: Global configuration mode Usage Guide: Only the DHCP Relay Agents configuring with this command can add option82 to the DHCP request message, and let the server to process it. Before enabling this function, users should make sure that the DHCP service is enabled and the Relay Agent will transmit the udp broadcast messages whose destination port is 67.
Page 580 Command Mode: Global mode Usage Guide: Divide the parameters with the configured delimiters after users have defined them which are used to create suboption (remot-de, circuit-id) of option82 in global mode. Example: Set the parameter delimiters as dot (“.”) for suboption of option82. Switch(config)#ip dhcp relay information option delimiter dot 32.4 ip dhcp relay information option remote-id Command:...
Page 581 Example: Set the suboption remote-id of DHCP option82 as street-1-1. Switch(config)#ip dhcp relay information option remote-id street-1-1 32.5 ip dhcp relay information option remote-id format Command: ip dhcp relay information option remote-id format {default | vs-hp} Function: Set remote-id format of Relay Agent option82. Parameters: default means that remote-id is the VLAN MAC address with hexadecimal format, vs-hp means that remote-id is compatible with the remote-id format of HP manufacturer.
Page 582 Example: Set remote-id of Relay Agent option82 as the compatible format with HP manufacturer. Switch(config)#ip dhcp relay information option remote-id format vs-hp 32.6 ip dhcp relay information option self-defined remote-id Command: ip dhcp relay information option self-defined remote-id {hostname | mac | string WORD} no ip dhcp relay information option self-defined remote-id Function: Set creation method for option82, users can define the parameters of remote-id suboption by themselves.
Page 583 32.7 ip dhcp relay information option self-defined remote-id format Command: ip dhcp relay information option self-defined remote-id format [ascii | hex] Function: Set self-defined format of remote-id for relay option82. Parameters: None. Command Mode: Global Mode Default: ascii. Usage Guide: self-defined format use ip dhcp relay information option type self-defined remote-id to create remote-id format.
Page 584 Command Mode: Global Mode Default: Using standard method. Usage Guide: After configure this command, if users do not configure circuit-id on interface, it will create circuit-id suboption for option82 according to self-defined method. Self-defined format of circuit-id: if self-defined format is ascii, the filled format of vlan such as “Vlan2”, the format of port such as “Ethernet1/1”, the format of mac and remote-mac such as “00-02-d1-2e-3a-0d”.
Page 585 Usage Guide: self-defined format use ip dhcp relay information option type self-defined subscriber-id to create circuit-id format. Example: Set self-defined format of circuit-id as hex for relay option82. Switch(config)# ip dhcp relay information option self-defined subscriber-id format hex 32.10 ip dhcp relay information option subscriber-id Command: ip dhcp relay information option subscriber-id {standard | <circuit-id>} no ip dhcp relay information option subscriber-id...
Page 586 32.11 ip dhcp relay information option subscriber-id format Command: ip dhcp relay information option subscriber-id format {hex | acsii | vs-hp} Function: Set subscriber-id format of Relay Agent option82. Parameters: hex means that subscriber-id is VLAN and port information with hexadecimal format, acsii means that subscriber-id is VLAN and port information with ACSII format.
Page 587: Ip Dhcp Relay Information Policy
Example: Set subscriber-id format of Relay Agent option82 as hexadecimal format. Switch(config)#ip dhcp relay information option subscriber-id format hex 32.12 ip dhcp relay information policy Command: ip dhcp relay information policy {drop | keep | replace} no ip dhcp relay information policy Function: This command is used to set the retransmitting policy of the system for the received DHCP request message which contains option82.
Page 588 32.13 ip dhcp server relay information enable Command: ip dhcp server relay information enable no ip dhcp server relay information enable Function: This command is used to enable the switch DHCP server to identify option82. The “no ip dhcp server relay information enable”...
Page 589 Parameters: None. Command Mode: Admin and Global Configuration Mode. User Guide: Use this command to check the state information of Relay Agent option82 during operation. Example: Switch#show ip dhcp relay information option ip dhcp server relay information option(i.e. option 82) is disabled ip dhcp relay information option(i.e.
Page 590 Chapter 33 IPv4 Multicast Protocol 33.1 option 43 ascii LINE Command: option 43 ascii LINE no option 43 Function: Configure option 43 character string with ascii format in ip dhcp pool mode. The no command deletes the configured option 43. Parameter: LINE: The configured option 43 character string with ascii format, its length range between 1 and 255.
Page 591 33.2 option 43 hex WORD Command: option 43 hex WORD no option 43 Function: Configure option 43 character string with hex format in ip dhcp pool mode. The no command deletes the configured option 43. Parameter: WORD: The configured option 43 character string with hex format, such as a1241b. Default: No option 43 is configured.
Page 592 Function: Configure option 43 character string with IP format in ip dhcp pool mode. The no command deletes the configured option 43. Parameter: A.B.C.D: The configured option 43 with IP format, such as 192.168.1.1. Default: No option 43 is configured. Command Mode: ip dhcp pool mode Usage Guide:...
Page 593 Command Mode: ip dhcp pool mode Usage Guide: None. Example: Configure option 60 with ascii format to be "AP 1000". switch(config)#ip dhcp pool a switch (dhcp-a-config)#option 60 ascii AP 1000 33.5 option 60 hex WORD Command: option 60 hex WORD no option 60 Function: Configure option 60 character string with hex format in ip dhcp pool mode.
Page 594 33.6 option 60 ip A.B.C.D Command: option 60 ip A.B.C.D no option 60 Function: Configure option 60 character string with IP format in ip dhcp pool mode. The no command deletes the configured option 60. Parameter: A.B.C.D: The configured option 60 with IP format, such as 192.168.1.1. Default: No option 60 is configured.
Page 595: Address Range
Chapter 34 Commands for DHCPv6 option37, 38 34.1 Commands for DHCPv6 option37, 38 34.1.1 address range Command: address range <start-ip> <end-ip> no address range <start-ip> <end-ip> Function: This command is used to set address range for a DHCPv6 class in DHCPv6 address pool configuration mode, the no command is used to remove the address range.
Page 596 34.1.2 class Command: class <class-name> no class <class-name> Function: This command associates class to address pool in DHCPv6 address pool configuration mode and enters class configuration mode in address pool. Use the no command to remove the link. Parameters: class-name, the name of DHCPv6 class. Default: None.
Page 597 Parameters: class-name, the name of DHCPv6 class which is a string with a length of less than 32 Default: None. Command Mode: Global configuration mode Usage Guide: Configure a group of option 37 or option 38, or configure option 37 and option 38 simultaneously in a DHCPv6 class. This command can be used when the server supports DHCPv6 class only.
Page 598 Usage Guide: Because the option 37 information added by switch may associate with third-party DHCPv6 servers, users can specify the remote-id content based on server condition when default remote-id of the switch cannot satisfy the demand of server. The enterprise-number together with vlan MAC address is used as the remote-id by default. Example: Enable abc as the remote-id of DHCPv6 option 37.
Page 599 34.1.6 ipv6 dhcp relay subscriber-id Command: ipv6 dhcp relay subscriber-id <subscriber-id> no ipv6 dhcp relay subscriber-id Function: This command is used to set the form of adding option 38 in received DHCPv6 request packets, of which <subscriber-id> is the subscriber-id in user-defined option 38 and it is a string with a length of less than 128. The no operation of this command restores subscriber-id in option 38 to vlan name together with port name such as "Vlan2+Ethernet1/2".
Page 600 Function: This command enables switch relay to support the option 38, the no form of this command disables it. Parameters: None. Default: Disable the relay option 38. Command Mode: Global configuration mode Usage Guide: Only after this command is configured, DHCPv6 relay agent can add option 38 in DHCPv6 request packets before sending it to server or next relay agent.
Page 601 Default: Null. Command Mode: Global configuration mode Usage Guide: The command has no effect on ports with self-defined subscriber-id. If user redefines the subscriber-id of the port after using the command, the user-defined one prevails. This configuration is null by default. Example: Switch(config)# ipv6 dhcp relay subscriber-id select sp delimiter # 34.1.9 ipv6 dhcp server remote-id option...
Page 602 Example: Enable the DHCPv6 server to support option 37. Switch(Config)# ipv6 dhcp server remote-id option 34.1.10 ipv6 dhcp server select relay-forw Command: ipv6 dhcp server select relay-forw no ipv6 dhcp server select relay-forw Function: This command enables the DHCPv6 server to support selections when multiple option 37 or option 38 options exist and the option 37 and option 38 of relay-forw in the innermost layer are selected.
Page 603 34.1.11 ipv6 dhcp server subscriber-id option Command: ipv6 dhcp server subscriber-id option no ipv6 dhcp server subscriber-id option Function: This command enables DHCPv6 server to support the identification of option 38, the no operation of this command disables it. Parameters: None.
Page 604 Parameters: remote-id, user-defined content of option 37. Default: Using vlan MAC address as remote-id content by default such as “00-01-ac-12-23” with ‘-’ hyphen. Command Mode: Port mode Usage Guide: Because option 37 information added by switch may associate with third-party DHCPv6 servers, users can specify remote-id content based on server condition when standard remote-id of the switch cannot satisfy the demand of server.
Page 605 Usage Guide: Only after this command is configured, DHCPv6 SNOOPING can add option 37 in DHCPv6 packets before sending it to server or relay agent. Make sure that DHCPv6 SNOOPING has been enabled before execute this command. The system disables option 37 of DHCPv6 SNOOPING by default. Example: Enable option 37 in DHCPv6 SNOOPING.
Page 606 Example: Configure the reforward policy of DHCPv6 packets with option 37 as keep for DHCPv6 SNOOPING. Switch(Config)# ipv6 dhcp snooping remote-id policy keep 34.1.15 ipv6 dhcp snooping subscriber-id Command: ipv6 dhcp snooping subscriber-id <subscriber-id> no ipv6 dhcp snooping subscriber-id Function: This command is used to set the form of adding option 38 in received DHCPv6 request packets, of which <subscriber-id>...
Page 607 34.1.16 ipv6 dhcp snooping subscriber-id option Command: ipv6 dhcp snooping subscriber-id option no ipv6 dhcp snooping subscriber-id option Function: This command enables DHCPv6 SNOOPING to support option 38, the no form of this command disables it. Parameters: None. Default: Disable option 38 of DHCPv6 SNOOPING. Command Mode: Global configuration mode Usage Guide:...
Page 608 Function: This command is used to set the reforward policy of the system when receiving DHCPv6 packets with option 38, among which the drop mode means that the system simply discards it with option 38, keep mode means that the system keeps option 38 unchanged and forwards the packets to the server and replace mode means that the system replaces option 38 of current packets with its own before forwarding it to the server.
Page 609 Parameters: (sp | sv | pv | spv), a selection from combinations of slot, port and vlan, among which sp represents slot and port, sv represents slot and vlan, pv represents port and vlan, and spv represents slot, port and vlan. WORD, the delimiter between slot, port and vlan which ranges among (#|.|,|;|:|/|space).
Page 610 Command Mode: Global configuration mode Usage Guide: By default, DHCPv6 servers support DHCPv6 class during address assignment and the no form of this command doesn’t remove DHCPv6 class information that has been configured. Make sure that DHCPv6 service has been enabled before using this command.
Page 611 Example: Configure some remote-id or subscriber-id belonging to DHCPv6 class named CLASS1. Switch(Config)# ipv6 dhcp class CLASS1 Switch(Dhcpv6-class)#remote-id abc* subscriber-id bcd* Switch(Dhcpv6-class)#remote-id edf* Switch(Dhcpv6-class)#subscriber *mmn 34.2 Commands for Monitoring and Debugging 34.2.1 debug ipv6 dhcp detail Command: debug ipv6 dhcp detail Function: Display the debug about detailed content of various packets sent and received by DHCPv6.
Page 612 %Jan 01 01:38:45 2006 vendor class option(16), option-len 14 %Jan 01 01:38:45 2006 enterprise number : 311 %Jan 01 01:38:45 2006 option request option(6), option-len 6 %Jan 01 01:38:45 2006 requested-option: domain search list %Jan 01 01:38:45 2006 requested-option: DNS server list %Jan 01 01:38:45 2006 requested-option: vendor specific info %Jan 01 01:38:45 2006...
Page 613 34.2.3 debug ipv6 dhcp snooping packet Command: debug ipv6 dhcp snooping packet Function: Debug the packets of DHCPv6 SNOOPING. Corresponding information will also be displayed when adding or deleting option 37 and option 38. Parameters: None. Command Mode: Admin mode Usage Guide: Enable/disable the information of DHCPv6 packets processed by DHCPv6 Snooping, including the type of received packet, source MAC and destination MAC, client DUID, i.e.
Page 614 34.2.4 show ipv6 dhcp relay option Command: show ipv6 dhcp relay option Function: Display the configuration of system relay agent, including the enable switch for option 37 and option 38. Parameters: None. Command Mode: Admin mode Usage Guide: Use this command to check relay agents’ configuration status for option 37 and option 38. Example: Switch#show ipv6 dhcp relay option remote-id option enable...
Page 615 Usage Guide: Use this command to check snooping configuration status for option 37 and option 38. Example: Switch#show ipv6 dhcp snooping option remote-id option enable subscriber-id option enable The slot port vlan select option is : port and vlan The delimiter is : # 34-63...
Page 616: Debug Ip Dhcp Snooping Event
Chapter 35 Commands for DHCP Snooping 35.1 debug ip dhcp snooping binding Command: debug ip dhcp snooping binding no debug ip dhcp snooping binding Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of binding data of DHCP SNOOPING.
Page 617: Debug Ip Dhcp Snooping Packet
35.3 debug ip dhcp snooping packet Command: debug ip dhcp snooping packet no debug ip dhcp snooping packet Function: This command is used to enable the DHCP SNOOPING debug switch to debug the message-processing procedure of DHCP SNOOPING. Command Mode: Admin Mode.
Page 618 35.5 debug ip dhcp snooping update Command: debug ip dhcp snooping update no debug ip dhcp snooping update Function: This command is use to enable the DHCP snooping debug switch to debug the communication information between DHCP snooping and helper server. Command Mode: Admin Mode.
Page 619: Ip Dhcp Snooping
Usage Guide: The switch communicates with the TrustView management system through private protocols. By default these packets are not encrypted. In order to prevent spoofing, it can be configured to encrypt these packets. And at the same time, the same password should be configured on TrustView server. Example: Enable encrypt or hash function of private message.
Page 620 35.8 ip dhcp snooping action Command: ip dhcp snooping action {shutdown | blackhole} [recovery <second>] no ip dhcp snooping action Function: Set or delete the automatic defense action of a port. Parameters: shutdown: When the port detects a fake DHCP Server, it will be shutdown. blackhole: When the port detects a fake DHCP Server, the vid and source MAC of the fake packet will be used to block the traffic from this MAC.
Page 621: Ip Dhcp Snooping Binding
35.9 ip dhcp snooping action MaxNum Command: ip dhcp snooping action {<maxNum>|default} Function: Set the number of defense action that can be simultaneously took effect. Parameters: <maxNum>: the number of defense action on each port, the range of which is 1-200, and the value of which is 10 by default.
Page 622 Parameters: None. Command Mode: Globe mode Default Settings: DHCP Snooping binding is disabled by default. Usage Guide: When the function is enabled, it will record the binding information allocated by DHCP Server of all trusted ports. Only after the DHCP SNOOPING function is enabled, the binding function can be enabled. Example: Enable the DHCP Snooping binding function.
Page 623 Usage Guide: When this function is enabled, DHCP SNOOPING will notify the DOT1X module about the captured binding information as a DOT1X controlled user. This command is mutually exclusive to”ip dhcp snooping binding user-contro“command. Only after the DHCP SNOOPING binding function is enabled, the binding dot1x function can be set. Example: Enable the binding DOT1X function on port ethernet1/1.
Page 624 Example: Configure static binding users. switch(config)#ip dhcp snooping binding user 00-30-4f-12-34-56 address 192.168.1.16 interface Ethernet 1/16 Relative Command: ip dhcp snooping binding enable 35.13 ip dhcp snooping binding user-control Command: ip dhcp snooping binding user-control no ip dhcp snooping binding user-control Function: Enable the binding user function.
Page 625 35.14 ip dhcp snooping binding user-control max-user Command: ip dhcp snooping binding user-control max-user <number> no ip dhcp snooping binding user-control max-user Function: Set the max number of users allowed to access the port when enabling DHCP Snooping binding user function; the no operation of this command will restore default value.
Page 626 35.15 ip dhcp snooping information enable Command: ip dhcp snooping information enable no ip dhcp snooping information enable Function: This command will enable option 82 function of DHCP Snooping on the switch, the no operation of this command will disable that function. Parameters: None.
Page 627 35.16 ip dhcp snooping information option allow-untrusted (replace|) Command： ip dhcp snooping information option allow-untrusted (replace|) no ip dhcp snooping information option allow-untrusted (replace|) Function: This command is used to set that allow untrusted ports of DHCP snooping to receive DHCP packets with option82 option.
Page 628 Function: Set the delimiter of each parameter for suboption of option82 in global mode, no command restores the delimiter as slash. Parameters: None. Default Settings: slash (“/”). Command Mode: Global mode Usage Guide: Divide parameters with the configured delimiters after users have defined them which are used to create suboption (remote-id, circuit-id) of option82 in global mode.
Page 629 Default: Use standard format to set remote-id. Usage Guide: The additive option 82 needs to associate with third-party DHCP server, it is used to specify the remote-id content by users when the standard remote-id format can not satisfy server’s request. Example: Set the suboption remote-id of DHCP option82 as street-1-1.
Page 630 Example: Set self-defined method and character string of remote-id suboption are mac and abc respectively for option82. Switch(config)# ip dhcp snooping information option self-defined remote-id mac string abc 35.20 ip dhcp snooping information option self-defined remote-id format Command: ip dhcp snooping information option self-defined remote-id format [ascii | hex] Function: Set self-defined format of remote-id for snooping option82.
Page 631 Function: Set creation method for option82, users can define the parameters of circuit-id suboption by themselves. Parameters: WORD the defined character string of circuit-id by themselves, the maximum length is 64. Command Mode: Global Mode Default: Using standard method. Usage Guide: After configure this command, if users do not configure circuit-id on port, it will create circuit-id suboption for option82 according to self-defined method.
Page 632 Command Mode: Global Mode Default: ascii. Usage Guide: self-defined format uses ip dhcp snooping information option type self-defined subscriber-id to create circuit-id format. Example: Set self-defined format of circuit-id as hex for snooping option82. Switch(config)#ip dhcp snooping information option self-defined subscriber-id format hex 35.23 ip dhcp snooping information option subscriber-id Command: ip dhcp snooping information option subscriber-id {standard | <circuit-id>}...
Page 633 Example: Set the suboption circuit-id of DHCP option82 as P2. Switch(config)#ip dhcp snooping information option subscriber-id P2 35.24 ip dhcp snooping information option subscriber-id format Command: ip dhcp snooping information option subscriber-id format {hex | acsii | vs-hp} Function: This command is used to set subscriber-id format of DHCP snooping option82. Parameters: hex means that subscriber-id is VLAN and port information with hexadecimal format, acsii means that subscriber-id is VLAN and port information with ACSII format.
Page 634 Suboption Length type Port 1 byte 1 byte 2 byte Port means port number which begins from 1. Example: Set subscriber-id format of DHCP snooping option82 as hexadecimal format. Switch(config)#ip dhcp snooping information option subscriber-id format hex 35.25 ip dhcp snooping limit-rate Command: ip dhcp snooping limit-rate <pps>...
Page 635: Ip Dhcp Snooping Trust
35.26 ip dhcp snooping trust Command: ip dhcp snooping trust no ip dhcp snooping trust Function: Set or delete the DHCP Snooping trust attributes of a port. Parameters: None Command Mode: Port mode Default Settings: By default, all ports are non-trusted ports Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set.
Page 636 Parameters: <svr_addr>: The IP address of HELPER SERVER IP in dotted-decimal notation. udp_port: The UDP port of HELPER SERVER, the range of which is1－65535, and its default value is 9119. src_addr: The local management IP address of the switch, in dotted-decimal notation. sencondary: Whether it is a secondary SERVER address.
Page 637: Show Ip Dhcp Snooping
Function: The switch choose private packet version two to communicate with trustview. Parameter: None. Command Mode: Global Mode. Default: The switch choose private packet version one to communicate with DCBI. Usage Guide: If the DCBI access control system is applied, the switch should be configured to use private protocol of version one to communicate with the DCBI server.
Page 638 Default Settings: None. Usage Guide: If there is no specific port, then display the current configuration information of dhcp snooping, otherwise, display the records of defense actions of the specific port. Example: switch#show ip dhcp snooping DHCP Snooping is enabled DHCP Snooping binding arp: disabled DHCP Snooping maximum of action info:10 DHCP Snooping limit rate: 100(pps), switch ID: 0030.4F12.3456...
Page 639 Ethernet1/19 untrust none 0second Ethernet1/20 untrust none 0second Ethernet1/21 untrust none 0second Ethernet1/22 untrust none 0second Ethernet1/23 untrust none 0second Ethernet1/24 untrust none 0second Displayed Information Explanation DHCP Snooping is enable Whether the DHCP Snooping is globally enabled or disabled. DHCP Snooping binding arp Whether the ARP binding function is enabled.
Page 640 switch#show ip dhcp snooping int Ethernet1/1 interface Ethernet1/1 user config: trust attribute: untrust action: none binding dot1x: disabled binding user: disabled recovery interval:0(s) Alarm info: 0 Binding info: 0 Expired Binding: 0 Request Binding: 0 Displayed Information Explanation interface The name of port trust attribute The truest attributes of the port action...
Page 641 Parameters: None. Command Mode: Admin and Global Configuration Mode. Default Settings: None. Usage Guide: This command can check the global binding information of DHCP snooping, each table entry includes the corresponding MAC address, IP address, port name, VLAN ID and the flag of the binding state. Besides, DHCP Snooping must be enabled globally, this command can be configured.
Page 642 35.31 show trustview status Command: show trustview status Function: To show all kinds of private packets state information, which sending or receiving from TrustView (inter security management background system). Parameter: None. Command Mode: Admin and Global Configuration Mode. Default: None. Usage Guide: This command can be used for debugging the communication messages between the switch and the TrustView server, messages such as protocol version notification, encryption negotiation, free resource and web URL...
Page 643 Chapter 36 Commands for DHCP Snooping option 82 36.1 ip dhcp snooping information enable Command: ip dhcp snooping information enable no ip dhcp snooping information enable Function: This command will enable option 82 function of DHCP Snooping on the switch, the no operation of this command will disable that function.
Page 644 Chapter 37 IPv4 Multicast Protocol 37.1 Commands for DCSCM 37.1.1 access-list (Multicast Destination Control) Command: access-list <6000-7999> {deny|permit} ip {{<source> <source-wildcard>}|{host-source <source-host-ip>{range<2-65535>|}}|any-source} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>{range<2-255>|}}|any-destination} no access-list <6000-7999> {deny|permit} ip {{<source> <source-wildcard>}|{host-source <source-host-ip>{range<2-65535>|}}|any-source} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>{range<2-255>|}}|any-destination} Function: Configure destination control multicast access-list, the “no access-list <6000-7999> {deny|permit} ip {{<source> <source-wildcard>}|{host <source-host-ip>}|any-source} {{<destination>...
Page 645 Usage Guide: ACL of Multicast destination control list item is controlled by specific ACL number from 6000 to 7999, the command applies to configure this ACL. ACL of Multicast destination control only needs to configure source IP address and destination IP address controlled (group IP address), the configuration mode is basically the same to other ACLs, and use wildcard character to configure address range, and also specify a host address or all address.
Page 646 Command Mode: Global Mode Usage Guide: ACL of Multicast source control list item is controlled by specific ACL number from 5000 to 5099, the command applies to configure this ACL. ACL of Multicast source control only needs to configure source IP address and destination IP address controlled (group IP address), the configuration mode is basically the same to other ACLs, and use wildcard character to configure address range, and also specify a host address or all address.
Page 647 Example: Switch(config)#inter e 1/4 Switch(Config-If-Ethernet 1/4)#ip multicast destination-control access-group 6000 Switch (Config-If-Ethernet1/4)# 37.1.4 ip multicast destination-control access-group (sip) Command: ip multicast destination-control <IPADDRESS/M> access-group <6000-7999> no ip multicast destination-control <IPADDRESS/M> access-group <6000-7999> Function: Configure multicast destination-control access-list used on specified net segment, the “no ip multicast destination-control <IPADDRESS/M>...
Page 648 37.1.5 ip multicast destination-control access-group (vmac) Command: ip multicast destination-control <1-4094> <macaddr >access-group <6000-7999> no ip multicast destination-control <1-4094> <macaddr >access-group <6000-7999> Function: Configure multicast destination-control access-list used on specified vlan-mac, the “no ip multicast destination-control <1-4094> <macaddr >access-group <6000-7999>”command deletes this configuration. Parameter: <1-4094>: VLAN-ID;...
Page 649 Function: Configure multicast policy, the “no ip multicast policy <IPADDRESS/M> <IPADDRESS/M> cos” command deletes it. Parameter: <IPADDRESS/M>: are multicast source address, mask length, destination address, and mask length separately. <priority>: specified priority, range from 0 to 7 Default: None Command Mode: Global Mode Usage Guide: The command configuration modifies to a specified value through the switch matching priority of specified range...
Page 650 Command Mode: Global Mode Usage Guide: The source control access-list applies to interface with only enabling global multicast source control, and configure to disabled global multicast source control without configuring source control access-list on every interface. After configuring the command, multicast data received from every interface does not have matching multicast source control list item, and then they will be thrown away by switches, namely only multicast data matching to PERMIT can be received and forwarded.
Page 651 Example: Switch (config)#interface ethernet1/4 Switch (Config-If-Ethernet1/4)#ip multicast source-control access-group 5000 Switch (Config-If-Ethernet1/4)# Switch(router-msdp)#default-rpf-peer 10.0.0.1 rp-policy 10 37.1.9 multicast destination-control Command: multicast destination-control no multicast destination-control Function: Configure to globally enable multicast destination control, the NO command is to recover and disable the multicast destination control globally.
Page 652 37.1.10 show ip multicast destination-control Command: show ip multicast destination-control [detail] show ip multicast destination-control interface <Interfacename> [detail] show ip multicast destination-control host-address <ipaddress> [detail] show ip multicast destination-control <vlan-id> <mac-address> [detail] Function: Display multicast destination control Parameter: detail: expresses if it display information in detail or not.. <Interfacename>: interface name or interface aggregation name, such as Ethernet1/1, port-channel 1 or ethernet1/1.
Page 653 37.1.11 show ip multicast destination-control access-list Command: show ip multicast destination-control access-list show ip multicast destination-control access-list <6000-7999> Function: Display destination control multicast access-list of configuration. Parameter: <6000-7999>: access-list number. Default: None Command Mode: Admin Mode and Global Mode Usage Guide: The command displays destination control multicast access-list of configuration.
Page 654 Parameter: None Default: None Command Mode: Admin Mode and Global Mode Usage Guide: The command displays multicast policy of configuration Example: Switch#show ip multicast policy ip multicast-policy 10.1.1.0/24 225.0.0.0/8 cos 5 37.1.13 show ip multicast source-control Command: show ip multicast source-control [detail] show ip multicast source-control interface <Interfacename>...
Page 655 Example: Switch#show ip multicast source-control detail ip multicast source-control is enabled Interface Ethernet1/13 use multicast source control access-list 5000 access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 access-list 5000 deny ip 10.1.1.0 0.0.0.255 233.0.0.0 0.255.255.255 37.1.14 show ip multicast source-control access-list Command: show ip multicast source-control access-list show ip multicast source-control access-list <5000-5099>...
Page 656 37.2 Commands for IGMP Snooping 37.2.1 clear ip igmp snooping vlan Command: clear ip igmp snooping vlan <1-4094> groups [A.B.C.D] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; A.B.C.D the specific group address. Command Mode: Admin Configuration Mode Usage Guide:...
Page 657: Ip Igmp Snooping
Usage Guide: Use show command to check the deleted mrouter port of the specific VLAN. Example: Delete mrouter port in vlan 1. Switch# clear ip igmp snooping vlan 1 mrouter-port Relative Command: show ip igmp snooping mrouter-port 37.2.3 debug igmp snooping all/packet/event/timer/mfc Command: debug igmp snooping all/packet/event/timer/mfc no debug igmp snooping all/packet/event/timer/mfc...
Page 658 Function: Enable the IGMP Snooping function; the “no ip igmp snooping” command disables this function. Command mode: Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: Use this command to enable IGMP Snooping, that is permission every VLAN config the function of IGMP snooping. The “no ip igmp snooping”...
Page 659: Ip Igmp Snooping Vlan
37.2.6 ip igmp snooping vlan Command: ip igmp snooping vlan <vlan-id> no ip igmp snooping vlan <vlan-id> Function: Enable the IGMP Snooping function for the specified VLAN; the “no ip igmp snooping vlan <vlan-id>” command disables the IGMP Snooping function for the specified VLAN. Parameter: <vlan-id>...
Page 660 Parameter: <vlan-id> is the VLAN number specified. Command mode: Global Mode Default: This function is disabled by default. Usage Guide: Enable immediate-leave function of the IGMP Snooping in specified VLAN; the” no” form of this command disables the immediate-leave function of the IGMP Snooping. Example: Enable the IGMP Snooping fast leave function for VLAN 100.
Page 661 Usage Guide: It is recommended to configure a layer 2 general querier on a segment. IGMP Snooping function will be enabled by this command if not enabled on this VLAN before configuring this command, IGMP Snooping function will not be disabled when disabling the layer 2 general querier function.
Page 662: Ip Igmp Snooping Vlan Limit
37.2.10 ip igmp snooping vlan l2-general-querier-version Command: ip igmp snooping vlan <vlanid> L2-general-query-version <version> Function: Configure igmp snooping. Parameters: vlan-id is the id of the VLAN, limited to <1-4094>. version is the version number, limited to <1-3>. Command Mode: Global mode. Default: version 3.
Page 663 Parameter: <vlan-id> is the VLAN number. g_limit：<1-65535>, max number of groups joined. s_limit：<1-65535>, max number of source entries in each group, consisting of include source and exclude source. Command mode: Global Mode. Default: Maximum 50 groups by default, with each group capable with 40 source entries. Usage Guide: When number of joined group reaches the limit, new group requesting for joining in will be rejected for preventing hostile attacks.
Page 664 ifname：Interface name port-channel: ports aggregation <1-65535>：The maximum number of groups allowed joining <1-65535>：The maximum number of source table entries in each group, including include source and exclude source. replace：Replace the group and source information drop：Drop the new group and source information Command mode: Global Mode.
Page 665 ifname: Name of interface port-channel: Port aggregation Command Mode: Global mode Default: No static mrouter port on VLAN by default. Usage Guide: When a port is a static mrouter port while also a dynamic mrouter port, it should be taken as a static mrouter port. Deleting static mrouter port can only be realized by the no command.
Page 666: Ip Igmp Snooping Vlan Mrpt
Example: Disable the function that vlan 100 learns mrouter-port (according to pim packets). Switch(config)#no ip igmp snooping vlan 100 mrouter-port learnpim 37.2.15 ip igmp snooping vlan mrpt Command: ip igmp snooping vlan <vlan-id> mrpt <value> no ip igmp snooping vlan <vlan-id> mrpt Function: Configure this survive time of mrouter port.
Page 667 Function: Configure this query interval. Parameter: vlan-id: VLAN ID, ranging between <1-4094> value: query interval, ranging between <1-65535>seconds Command Mode: Global mode Default: 125s Usage Guide: It is recommended to use the default settings. Please keep this configure in accordance with IGMP configuration as possible if layer 3 IGMP is running.
Page 668 Default: Usage Guide: It is recommended to use the default settings. Please keep this configure in accordance with IGMP configuration as possible if layer 3 IGMP is running. Example: Switch(config)#ip igmp snooping vlan 2 query-mrsp 18 37.2.18 ip igmp snooping vlan query-robustness Command: ip igmp snooping vlan <vlan-id>...
Page 669 37.2.19 ip igmp snooping vlan report source-address Command: ip igmp snooping vlan <vlan-id> report source-address <A.B.C.D> no ip igmp snooping vlan <vlan-id> report source-address Function: Configure forward report source-address for IGMP, the “no ip igmp snooping vlan <vlan-id> report source-address” command restores the default setting. Parameter: vlan-id: VLAN ID range<1-4094>;...
Page 670 Parameters: <vlan-id>: the specific VLAN ID, the range from 1 to 4094. <value>: the maximum query response time, unit is second, the range from 1 to 25, default value is 1. Command Mode: Global mode Default: Enable the function. Usage Guide: After enable vlan snooping in global mode, input this command to configure the maximum query response time of the specific group.
Page 671 Command Mode: Global mode Default: No configuration by default. Usage Guide: When a group is a static while also a dynamic group, it should be taken as a static group. Deleting static group can only be realized by the no form of the command. Example: Switch(config)#ip igmp snooping vlan 1 static-group 224.1.1.1 source 192.168.1.1 interface ethernet 1/1 37.2.22 ip igmp snooping vlan suppression-query-time...
Page 672: Show Ip Igmp Snooping
Example: Switch(config)#ip igmp snooping vlan 2 suppression-query-time 270 37.2.23 show ip igmp snooping Command: show ip igmp snooping [vlan <vlan-id>] Parameter: <vlan-id> is the VLAN number specified for displaying IGMP Snooping messages. Command Mode: Admin Mode Usage Guide: If no VLAN number is specified, it will show whether global IGMP Snooping switch is on, which VLAN is configured with l2-general-querier function, and if a VLAN number is specified, detailed IGMP messages for this VLAN will be shown.
Page 673 Igmp snooping L2 general querier :Yes(COULD_QUERY) Igmp snooping query-interval :125(s) Igmp snooping max response time :10(s) Igmp snooping robustness Igmp snooping mrouter port keep-alive time :255(s) Igmp snooping query-suppression time :255(s) IGMP Snooping Connect Group Membership Note:*-All Source, (S)- Include Source, [S]-Exclude Source Groups Sources Ports...
Page 674: Commands For Mld Snooping Configuration
Chapter 38 IPv6 Multicast Protocol 38.1 Commands for MLD Snooping Configuration 38.1.1 clear ipv6 mld snooping vlan Command: clear ipv6 mld snooping vlan <1-4094> groups [X:X::X:X] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; X:X::X:X the specific group address. Command Mode: Admin Configuration Mode Usage Guide:...
Page 675 Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record. Example: Delete the mrouter port in vlan 1. Switch# clear ipv6 mld snooping vlan 1 mrouter-port Relative Command: show ipv6 mld snooping mrouter-port 38.1.3 debug mld snooping all/packet/event/timer/mfc Command: debug mld snooping all/packet/event/timer/mfc no debug mld snooping all/packet/event/timer/mfc...
Page 676: Ipv6 Mld Snooping
38.1.4 ipv6 mld snooping Command: ipv6 mld snooping no ipv6 mld snooping Function: Enable the MLD Snooping function on the switch; the “no ipv6 mld snooping” command disables MLD Snooping. Command Mode: Global Mode Default: MLD Snooping disabled on the switch by default Usage Guide: Enable global MLD Snooping on the switch, namely allow every VLAN to be configured with MLD Snooping;...
Page 677 Command Mode: Global Mode Default: MLD Snooping disabled on VLAN by default Usage Guide: To configure MLD snooping on certain VLAN, the global MLD snooping should be first enabled. Disable MLD snooping on specified VLAN with the no ipv6 mld snooping vlan vid command Example: Enable MLD snooping on VLAN 100 under global mode.
Page 678 Example: Enable the MLD immediate-leave function on VLAN 100. Switch (config)#ipv6 mld snooping vlan 100 immediate-leave 38.1.7 ipv6 mld snooping vlan l2-general-querier Command: ipv6 mld snooping vlan < vlan-id > l2-general-querier no ipv6 mld snooping vlan < vlan-id > l2-general-querier Function: Set the VLAN to Level 2 general querier.
Page 679 38.1.8 ipv6 mld snooping vlan limit Command: ipv6 mld snooping vlan < vlan-id > limit {group <g_limit> | source <s_limit>} no ipv6 mld snooping vlan < vlan-id > limit Function: Configure number of groups the MLD snooping can join and the maximum number of sources in each group. Parameter: vlan-id: VLAN ID, the valid range is <1-4094>...
Page 680 Parameter: vlan-id: VLAN id, the valid range is<1-4094> Ehternet: name of Ethernet port Ifname: Name of interface port-channel: port aggregate Command Mode: Global Mode Default: When a port is made static and dynamic mrouter port at the same time, it’s the static mrouter properties is preferred. Deleting the static mrouter port can only be done with the “no”...
Page 681 Example: Disable the function that vlan 100 learns mrouter-port (according to pimv6 packets). Switch(config)#no ipv6 mld snooping vlan 100 mrouter-port learnpim6 38.1.11 ipv6 mld snooping vlan mrpt Command: ipv6 mld snooping vlan <vlan-id> mrpt <value> no ipv6 mld snooping vlan <vlan-id> mrpt Function: Configure the keep-alive time of the mrouter port.
Page 682 Function: Configure the query interval. Parameter: vlan-id: VLAN ID, the valid range is <1-4094> value: query interval, valid range: <1-65535>secs. Command Mode: Global Mode Default: 125s Usage Guide: It is recommended to use default value and if layer 3 MLD is in operation, please make this configuration in accordance with the MLD configuration as possible.
Page 683 Default: Usage Guide: It is recommended to use default value and if layer 3 MLD is in operation, please make this configuration in accordance with the MLD configuration as possible. Example: Switch(config)#ipv6 mld snooping vlan 2 query-mrsp 18 38.1.14 ipv6 mld snooping vlan query-robustness Command: ipv6 mld snooping vlan <vlan-id>...
Page 684 38.1.15 ipv6 mld snooping vlan static-group Command: ipv6 mld snooping vlan<vlan-id> static-group <X:X::X:X> [source< X:X::X:X>] interface [ethernet | port-channel] <IFNAME> no ipv6 mld snooping vlan <vlan-id> static-group <X:X::X:X> [source< X:X::X:X>] interface [ethernet | port-channel] <IFNAME> Function: Configure static-group on specified port of the VLAN. The no form of the command cancels this configuration. Parameter: vlan-id: ranging between <1-4094>...
Page 685: Show Ipv6 Mld Snooping
Function: Configure the suppression query time; the “no” form of this command restores the default value. Parameter: vlan-id: VLAN ID, valid range: <1-4094> value: valid range: <1-65535>secs. Command Mode: Global Mode Default: 255s Usage Guide: This command can only be configured on L2 general querier. The Suppression-query-time represents the period the suppression state maintains when general querier receives queries from layer 3 MLD within the segment.
Page 686 Example: 1. Summary of the switch MLD snooping Switch(config)#show ipv6 mld snooping Global mld snooping status: Enabled L3 multicasting: running Mld snooping is turned on for vlan 1(querier) Mld snooping is turned on for vlan 2 -------------------------------- Displayed Information Explanation Global mld snooping status Whether or not the global MLD Snooping is enabled on the switch L3 multicasting...
Page 687 display status is set to could-query or suppressed Mld snooping query-interval Query interval time of the VLAN Mld snooping max response time Max response time of this VLAN Mld snooping robustness Robustness configured on the VLAN Mld snooping mrouter port keep-alive Keep-alive time of the dynamic mrouter on this VLAN time snooping...
Page 688 Chapter 39 Commands for Multicast VLAN 39.1 multicast-vlan Command: multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN; the “no” form of this command disables the multicast VLAN function. Parameter: None. Command Mode: VLAN Configuration Mode. Default: Multicast VLAN function not enabled by default. Usage Guide: The multicast VLAN function can not be enabled on Private VLAN.
Page 689 Function: Associate several VLANs with a multicast VLAN; the “no” form of this command cancels the association relations. Parameter: <vlan-list> the VLAN ID list associated with multicast VLAN. Each VLAN can only be associated with one multicast VLAN and the association will only succeed when every VLAN listed in the VLAN ID table exists. Command Mode: VLAN Mode.
Page 690 Command Mode: VLAN configuration mode Default: None. Usage Guide: 1. ‘associated VLAN’ and ‘associated port’ of the multicast VLAN are absolute, they do not affect each other when happening the cross. 2. The port of the aggregation member cannot be associated, but the associated port is able to be added to port-group and cancelling the association.
Page 691 Chapter 40 Commands for ACL 40.1 absolute-periodic/periodic Command: [no] absolute-periodic {Monday|Tuesday|Wednesday|Thursday|Friday |Saturday|Sunday}<start_time>to{Monday|Tuesday|Wednesday|Thursday|Friday|Saturday| Sunday} <end_time> [no]periodic{{Monday+Tuesday+Wednesday+Thursday+Friday+Saturday+Sunday}|daily| weekdays | weekend} <start_time> to <end_time> Functions: Define the time-range of different commands within one week, and every week to circulate subject to this time. Parameters: （Friday) Friday...
Page 692: Absolute Start
Usage Guide: Periodic time and date. The definition of period is specific time period of Monday to Saturday and Sunday every week. day1 hh:mm:ss To day2 hh:mm:ss or {[day1+day2+day3+day4+day5+day6+day7]|weekend|weekdays|daily} hh:mm:ss To hh:mm:ss Examples: Make configurations effective within the period from9:15:30 to 12:30:00 during Tuesday to Saturday. Switch(config)#time-range admin_timer Switch(Config-Time-Range-admin_timer)#absolute-periodic Tuesday 9:15:30 to Saturday 12:30:00 Make configurations effective within the period from 14:30:00 to 16:45:00 on Monday, Wednesday, Friday and...
Page 693 Usage Guide: Absolute time and date, assign specific year, month, day, hour, minute of the start, shall not configure multiple absolute time and date, when in repeated configuration, the latter configuration covers the absolute time and date of the former configuration. Examples: Make configurations effective from 6:00:00 to 13:30:00 from Oct.
Page 694 Parameters: <num> is the No. of access-list, 100-299; <protocol> is the No. of upper-layer protocol of ip, 0-255; <sIpAddr> is the source IP address, the format is dotted decimal notation; <sMask > is the reverse mask of source IP, the format is dotted decimal notation;...
Page 695 40.4 access-list (ip standard) Command: access-list <num> {deny | permit} {{<sIpAddr> <sMask >} | any-source| {host-source <sIpAddr>}} no access-list <num> Functions: Create a numeric standard IP access-list. If this access-list exists, then add a rule list; the “no access-list <num>“ operation of this command is to delete a numeric standard IP access-list. Parameters: <num>...
Page 696 Functions: Define an extended numeric MAC ACL rule, “no access-list <num>” command deletes an extended numeric MAC access-list rule. Parameters: <num> is the access-list No. which is a decimal’s No. from 1100-1199; deny if rules are matching, deny access; permit if rules are matching, permit access; <any-source-mac> any source address; <any-destination-mac> any destination address;...
Page 697 {any-destination-mac|{host-destination-mac <host_dmac>}|{<dmac><dmac-mask>}}igmp {{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination| {host-destination<destination-host-ip>}} [<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> }|{ <smac> <smac-mask> }}{any-destination-mac| {host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }}tcp {{ <source> <source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port{ <port1> | range <sPortMin> <sPortMax> }] {{ <destination> <destination-wildcard> } | any-destination | {host-destination <destination-host-ip>...
Page 698 host address, otherwise the network IP address; destination-wildcard: mask of destination. I Numbers of 32-bit binary system expressed by decimal’s numbers with four-point separated, reverse mask; s-port(optional): means the need to match TCP/UDP source port; port1(optional): value of TCP/UDP source interface No., Interface No. is an integer from 0-65535;...
Page 699 Functions: Define a standard numeric MAC ACL rule, no command deletes a standard numeric MAC ACL access-list rule. Parameters: <num> is the access-list No. which is a decimal’s No. from 700-799; deny if rules are matching, deny access; permit if rules are matching, permit access; <host_smac>, <sumac> source MAC address; <sumac-mask> mask (reverse mask) of source MAC address.
Page 700 Default: None Examples: Empty packet statistics information of interface. Switch#clear access-group statistic 40.9 firewall Command: firewall {enable | disable} Functions: Enable or disable firewall. Parameters: enable means to enable of firewall; disable means to disable firewall. Default: It is no use if default is firewall. Command Mode: Global mode Usage Guide:...
Page 701: Ip Access Extended
40.10 ip access extended Command: ip access extended <name> no ip access extended <name> Function: Create a named extended IP access list. The no prefix will remove the named extended IP access list including all the rules. Parameters: <name> is the name of the access list. The name can be formed by non-all-digit characters of length of 1 to 32. Command Mode: Global Mode.
Page 702 Parameters: <name> is the name of the access list. The name can be formed by non-all-digit characters of length of 1 to 32. Command Mode: Global Mode. Default: No access list is configured by default. Usage Guide: When this command is issued for the first time, an empty access list will be created. Example: To create a standard IP access list name ipFlow.
Page 703 Usage Guide: Creates a numbered 520 standard IP access-list first time, the following configuration will add to the current access-list. Examples: Creates a numbered 520 standard IP access-list, allow the source packet from 2003:1:2:3::1/64 pass through the net, and deny all the other packet from the source address 2003:1:2::1/48 pass through. Switch (config)#ipv6 access-list 520 permit 2003:1:2:3::1/64 Switch (config)#ipv6 access-list 520 deny 2003:1:2:::1/48 40.13 ipv6 access standard...
Page 704 40.14 ipv6 access extended Command: ipv6 access-list extended <name> no ipv6 access-list extended <name> Function: Create a name-based extended IPv6 access list; the no command delete the name-based extended IPv6 access list. Parameter: <name> is the name for access list, the character string length is from 1 to 32. Command Mode: Global Mode.
Page 705 Command Mode: Port Mode Default: The entry of port is not bound ACL. Usage Guide: One port can bind ingress rulesNote: when a ACL has multiple rules, traffic-statistic can't configure. There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when a data packet matches multi types of four ACLs.
Page 706 Parameters: <name> name of access-list excluding blank or quotation mark, and it must start with letter, and the length cannot exceed 32. (remark: sensitivity on capital or small letter.) Command Mode: Global mode Default Configuration: No access-lists configured. Usage Guide: After assigning this command for the first time, only an empty name access-list is created and no list item included.
Page 707 Default: No named MAC-IP access-list. Usage Guide: After assigning this command for the first time, only an empty name access-list is created and no list item included. Examples: Create an MAC-IP ACL named macip_acl. Switch(config)# mac-ip-access-list extended macip_acl Switch(Config-MacIp-Ext-Nacl-macip_acl)# 40.18 permit | deny (ip extended) Command: [no] {deny | permit} icmp {{<sIpAddr>...
Page 708 Parameters: <sIpAddr> is the source IP address, the format is dotted decimal notation; <sMask > is the reverse mask of source IP, the format is dotted decimal notation; <dIpAddr> is the destination IP address, the format is dotted decimal notation; <dMask> is the reverse mask of destination IP, the format is dotted decimal notation, attentive position o, ignored position 1;...
Page 709 Command Mode: Name standard IP access-list configuration mode Default: No access-list configured. Example: Permit packets with source address 10.1.1.0/24 to pass, and deny other packets with source address 10.1.1.0/16. Switch(config)# access-list ip standard ipFlow Switch(Config-Std-Nacl-ipFlow)# permit 10.1.1.0 0.0.0.255 Switch(Config-Std-Nacl-ipFlow)# deny 10.1.1.0 0.0.255.255 40.20 permit | deny(ipv6 extended) Command: [no] {deny | permit} icmp {{<sIPv6Prefix/sPrefixlen>} | any-source | {host-source <sIPv6Addr>}}...
Page 710 Parameter: <sIPv6Addr> is the source IPv6 address; <sPrefixlen> is the length of the IPv6 address prefix, the range is 1～128; <dIPv6Addr> is the destination IPv6 address; <dPrefixlen> is the length of the IPv6 address prefix, the range is 1～ 128; <igmp-type>, type of the IGMP; <icmp-type>, icmp type; <icmp-code>, icmp protocol number; <dscp>, IPv6 priority ,the range is 0 ～...
Page 711 Command Mode: Standard IPv6 nomenclature access list mode Default: No access list configured by default. Example: Permit packets with source address of 2001:1:2:3::1/64 while denying those with source address of 2001:1:2:3::1/48. Switch(config)#ipv6 access-list standard ipv6Flow Switch(Config-IPv6-Std-Nacl-ipv6Flow)# permit 2001:1:2:3::1/64 Switch(Config-IPv6-Std-Nacl-ipv6Flow)# deny 2001:1:2:3::1/48 40.22 permit | deny(mac extended) Command: [no]{deny|permit} {any-source-mac|{host-source-mac <host_smac>...
Page 712 Parameters: any-source-mac: any source of MAC address; any-destination-mac: any destination of MAC address; host_smac, smac: source MAC address; smac-mask: mask (reverse mask) of source MAC address; host_dmac, dmas destination MAC address; dmac-mask mask (reverse mask) of destination MAC address; untagged-eth2 format of untagged ethernet II packet;...
Page 713 {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] [no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }| { <smac> <smac-mask> }}{any-destination-mac|{host-destination-mac <host_dmac> }|{ <dmac> <dmac-mask> }}tcp{{ <source> <source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port { <port1> | range <sPortMin> <sPortMax> }] {{ <destination> <destination-wildcard> } | any-destination| {host-destination <destination-host-ip> }} [d-port { <port3> | range <dPortMin> <dPortMax> }] [ack＋fin＋psh ＋rst＋urg＋syn] [precedence <precedence>...
Page 714 address, otherwise the network IP address; destination-wildcard: mask of destination. I Numbers of 32-bit binary system expressed by decimal’s numbers with four-point separated, reverse mask; s-port(optional): means the need to match TCP/UDP source port; port1(optional): value of TCP/UDP source interface No., Interface No. is an integer from 0-65535;...
Page 715 Parameters: <acl-name>, specific ACL name character string; <num>, specific ACL No. Default: None. Command Mode: Admin Mode Usage Guide: When not assigning names of ACL, all ACL will be revealed, used x time（s）indicates the times of ACL to be used. Examples: Switch#show access-lists access-list 10(used 0 time(s))
Page 716 40.25 show access-group Command: show access-group in (interface {Ethernet | Ethernet IFNAME}) Functions: Display the ACL binding status on the port. Parameters: IFNAME, Port name. Default: None. Command Mode: Admin and Configuration Mode. Usage Guide: When not assigning interface names, all ACL tied to port will be revealed. Examples: Switch#show access-group interface name: Ethernet 1/1...
Page 717: Show Firewall
40.26 show firewall Command: show firewall Functions: Reveal configuration information of packet filtering functions. Parameters: None. Default: None. Command Mode: Admin and Configuration Mode. Examples: Switch#show firewall Firewall status: Enable. Displayed information Explanation fire wall is enable Packet filtering function enabled 40.27 show ipv6 access-lists Command: show ipv6 access-lists [<num>|<acl-name>]...
Page 718 Default: None. Command Mode: Admin and Configuration Mode. Usage Guide: When no access control list is specified, all the access control lists will be displayed; in used x time（s）is shown the times the ACL had been quoted. Example: Switch #show ipv6 access-lists ipv6 access-list 500(used 1 time(s)) ipv6 access-list 500 deny any-source ipv6 access-list 510(used 1 time(s))
Page 719 Command Mode: Admin Mode Usage Guide: When not assigning time-range names, all time-range will be revealed. Examples: Switch#show time-range time-range timer1 (inactive, used 0 times) absolute-periodic Saturday 0:0:0 to Sunday 23:59:59 time-range timer2 (inactive, used 0 times) absolute-periodic Monday 0:0:0 to Friday 23:59:59 40.29 time-range Command: [no] time-range <time_range_name>...
Page 720 Chapter 41 Commands for 802.1x 41.1 debug dot1x detail Command: debug dot1x detail {pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] <interface-name> no debug dot1x detail { pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] <interface-name>...
Page 721 41.2 debug dot1x error Command: debug dot1x error no debug dot1x error Function: Enable the debug information of dot1x about errors; the no operation of this command will disable that debug information. Parameters: None. Command Mode: Admin Mode. Usage Guide: By enabling the debug information of dot1x about errors, users can check the information of errors that occur in the processes of the Radius protocol operation, which might help diagnose the cause of faults if there is any.
Page 722: Debug Dot1X Packet
Parameters: all: Enable the debug information of dot1x state machine; aksm: Enable the debug information of Authenticator Key Transmit state machine; asm: Enable the debug information of Authenticator state machine; basm: Enable the debug information of Backend Authentication state machine; ratsm: Enable the debug information of Re-Authentication Timer state machine;...
Page 723 Example: Enable the debug information of dot1x about messages. Switch#debug dot1x packet all interface ethernet1/1 41.5 dot1x accept-mac Command: dot1x accept-mac <mac-address> [interface <interface-name>] no dot1x accept-mac <mac-address> [interface <interface-name>] Function: Add a MAC address entry to the dot1x address filter table. If a port is specified, the entry added applies to the specified port only.
Page 724: Dot1X Eapor Enable
41.6 dot1x eapor enable Command: dot1x eapor enable no dot1x eapor enable Function: Enables the EAP relay authentication function in the switch; the “no dot1x eapor enable” command sets EAP local end authentication. Command mode: Global Mode. Default: EAP relay authentication is used by default. Usage Guide: The switch and RADIUS may be connected via Ethernet or PPP.
Page 725 Command mode: Global Mode and Port Mode. Default: 802.1x function is not enabled in global mode by default; if 802.1x is enabled under Global Mode, 802.1x will not be enabled for the ports by default. Usage Guide: The 802.1x authentication for the switch must be enabled first to enable 802.1x authentication for the respective ports.
Page 726 Examples: Enable IPv6 passthrough function on port Ethernet1/12. Switch(config)#dot1x enable Switch(config)#interface ethernet 1/12 Switch(Config-If-Ethernet1/12)#dot1x enable Switch(Config-If-Ethernet1/12)#dot1x ipv6 passthrough 41.9 dot1x guest-vlan Command: dot1x guest-vlan <vlanid> no dot1x guest-vlan Function: Set the guest-vlan of the specified port; the “no dot1x guest-vlan” command is used to delete the guest-vlan. Parameters: <vlanid>...
Page 727: Dot1X Macfilter Enable
Attention: There can be different Guest VLAN set on different ports, while only one Guest VLAN is allowed on one port. Only when the access control mode is portbased, the Guest VLAN can take effect. If the access control mode of the port is macbased or userbased, the Guest VLAN can be successfully set without taking effect.
Page 728 41.11 dot1x macbased port-down-flush Command: dot1x macbased port-down-flush no dot1x macbased port-down-flush Function: Enables this command, when the dot1x certification according to mac is down, delete the user who passed the certification of the port; The no command does not make the down operation. Command mode: Global Mode Default:...
Page 729 Default: The default maximum for retransmission is 2. Usage Guide: The default value is recommended in setting the EAP request/ MD5 retransmission times. Example: Changing the maximum retransmission times for EAP request/ MD5 frames to 5 times. Switch(config)#dot1x max-req 5 41.13 dot1x user allow-movement Command: dot1x user allow-movement...
Page 730 41.14 dot1x user free-resource Command: dot1x user free-resource <prefix> <mask> no dot1x user free-resource Function: To configure 802.1x free resource; the no form command closes this function. Parameter: <prefix> is the segment for limited resource, in dotted decimal format; <mask> is the mask for limited resource, in dotted decimal format. Command Mode: Global Mode.
Page 731 Function: Sets the maximum users allowed connect to the port; the “no dot1x max-user” command restores the default setting. Parameters: <number> is the maximum users allowed, the valid range is 1 to 256. Command mode: Port configuration Mode. Default: The default maximum user allowed is 1. Usage Guide: This command is available for ports using MAC-based access management, if MAC address authenticated exceeds the number of allowed user, additional users will not be able to access the network.
Page 732 Default Settings: The maximum number of users allowed to access each port is 10 by default. User Guide: This command can only take effect when the port adopts user-based access control mode. If the number of authenticated users exceeds the upper limit of the number of users allowed access the network, those extra users can not access the network.
Page 733 Example: Switch(Config-If-Ethernet1/1)#dot1x portbased mode single-mode 41.18 dot1x port-control Command: dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control Function: Sets the 802.1x authentication status; the “no dot1x port-control” command restores the default setting. Parameters: auto enable 802.1x authentication, the port authorization status is determined by the authentication information between the switch and the supplicant;...
Page 734 41.19 dot1x port-method Command: dot1x port-method {macbased | portbased | userbased {standard | advanced}} no dot1x port-method Function: To configure the access control method of appointed interface. The no form command restores the default access control method. Parameter: macbased means the access control method based on MAC address portbased means the access control method based on port userbased means the access control method based on user, it can be divided into two types, one is standard access control method, and the other is advanced access control method...
Page 735: Dot1X Privateclient Enable
41.20 dot1x privateclient enable Command: dot1x privateclient enable no dot1x privateclient enable Function: To configure the switch to force the authentication client to use private 802.1x authentication protocol. The no prefix will disable the command and allow the authentication client to use the standard 802.1x authentication protocol. Command Mode: Global Mode.
Page 736 Command mode: Global Mode Default: Disable the privateclient protect function. Usage Guide: Support the partial encryption of the privateclient protocol to advance the security of the privateclient. Example: Enable the privateclient protect function of the switch. Switch(config)#dot1x privateclient protect enable 41.22 dot1x re-authenticate Command: dot1x re-authenticate [interface <interface-name>]...
Page 737 41.23 dot1x re-authentication Command: dot1x re-authentication no dot1x re-authentication Function: Enables periodical supplicant authentication; the “no dot1x re-authentication” command disables this function. Command mode: Global Mode. Default: Periodical re-authentication is disabled by default. Usage Guide: When periodical re-authentication for supplicant is enabled, the switch will re-authenticate the supplicant at regular interval.
Page 738 Command mode: Global Mode. Default: The default value is 10 seconds. Usage Guide: Default value is recommended. Example: Setting the silent time to 120 seconds. Switch(config)#dot1x timeout quiet-period 120 41.25 dot1x timeout re-authperiod Command: dot1x timeout re-authperiod <seconds> no dot1x timeout re-authperiod Function: Sets the supplicant re-authentication interval;...
Page 739 Example: Setting the re-authentication time to 1200 seconds. Switch(config)#dot1x timeout re-authperiod 1200 41.26 dot1x timeout tx-period Command: dot1x timeout tx-period <seconds> no dot1x timeout tx-period Function: Sets the interval for the supplicant to re-transmit EAP request/identity frame; the “no dot1x timeout tx-period” command restores the default setting.
Page 740: Show Dot1X
Function: Enable the 802.1x unicast passthrough function of switch; the no operation of this command will disable this function. Command mode: Global Configuration Mode. Default: The 802.1x unicast passthrough function is not enabled in global mode. Usage Guide: The 802.1x unicast passthrough authentication for the switch must be enabled first to enable the 802.1x unicast passthrough function, then the 802.1x function is configured.
Page 741 Example: 1. Display information about dot1x global parameter for the switch. Switch#show dot1x Global 802.1x Parameters reauth-enabled reauth-period 3600 quiet-period tx-period max-req authenticator mode passive Mac Filter Disable MacAccessList : dot1x-EAPoR Enable dot1x-privateclient Disable dot1x-unicast Disable 802.1x is enabled on ethernet Ethernet1/1 Authentication Method:Port based Max User Number:1 Status...
Page 742 tx-period EAP retransmission interval max-req EAP packet retransmission interval authenticator mode Switch authentication mode Mac Filter Enables dot1x address filter or not MacAccessList Dot1x address filter table dot1x-EAPoR Authentication method used by the switch (EAP relay, EAP local end) dot1x-privateclient Whether the switch supports the privateclient 802.1x enabled...
Page 743 Chapter 42 Commands for the Number Limitation Function of MAC and IP in Port, VLAN 42.1 debug ip arp count Command: debug ip arp count no debug ip arp count Function: When the number limitation function debug of ARP in the VLAN, if the number of dynamic ARP and the number of ARP in the VLAN is larger than the max number allowed, users will see debug information.”...
Page 744 42.2 debug ipv6 nd count Command: debug ipv6 nd count no debug ipv6 nd count Function: When the number limitation function debug of neighbor in the VLAN, if the number of dynamic neighbor and the number of neighbor in the VLAN is larger than the max number allowed, users will see debug information. ”no debug ip neighbor count”...
Page 745 Parameters: None Command Mode: Admin Mode Default Settings: None Usage Guide: Display the debug information of the number of dynamic ARP on the port. Examples: Switch#debug switchport arp count %Jun 14 16:04:40 2007 Current arp count 21 is more than or equal to the maximum limit in port Ethernet3/1 !!%Jun 14 16:04:40 2007 Arp learning will be stopped and some mac will be delete !! 42.4 debug switchport mac count Command:...
Page 746 Usage Guide: Display the debug information of the number of dynamic MAC on the port. Examples: Switch#debug switchport mac count %Jun 14 16:04:40 2007 Current mac count 21 is more than or equal to the maximum limit in port Ethernet3/1 !!%Jun 14 16:04:40 2007 Mac learning will be stopped and some mac will be delete !! 42.5 debug switchport nd count Command:...
Page 747 42.6 debug vlan mac count Command: debug vlan mac count no debug vlan mac count Function: When the number limitation function debug of MAC in the VLAN, if the number of dynamic MAC and the number of MAC in the VLAN is larger than the max number allowed, users will see debug information. ”no debug vlan mac count”...
Page 748 Parameters: <value> upper limit of the number of dynamic ARP in the VLAN, ranging from 1 to 4096. Default Settings: The number limitation function of dynamic ARP in the VLAN is disabled. Command Mode: Interface Configuration Mode. Usage Guide: When configuring the max number of dynamic ARP allowed in the VLAN, if the number of dynamically learnt ARP in the VLAN is already larger than the max number to be set, the extra dynamic ARP will be deleted.
Page 749 Command Mode: Interface Configuration Mode. Usage Guide: When configuring the max number of dynamic NEIGHBOR allowed in the VLAN, if the number of dynamically learnt NEIGHBOR in the VLAN is already larger than the max number to be set, the extra dynamic NEIGHBOR will be deleted.
Page 750 Examples: Set the timeout value of quering dynamic MAC as 30 seconds. Switch(config)#mac-address query timeout 30 42.10 show arp-dynamic count Command: show arp-dynamic count {(vlan <1-4096>)| interface ethernet <portName>} Function: Display the number of dynamic ARP of corresponding port and VLAN. Parameters: <vlan-id>...
Page 751 42.11 show mac-address dynamic count Command: show mac-address dynamic count { (vlan <1-4096>)| interface ethernet <portName>} Function: Display the number of dynamic MAC of corresponding port and VLAN. Parameters: <vlan-id> display the specified VLAN ID. <portName> is the name of layer-2 port. Command Mode: Any mode Usage Guide:...
Page 752 Function: Display the number of dynamic ND of corresponding port and VLAN. Parameters: <vlan-id> is play the specified vlan ID. <portName> is the name of layer-2 port. Command Mode: Admin and Configuration Mode. Usage Guide: Use this command to display the number of dynamic ND of corresponding port and VLAN. Examples: Display the number of dynamic ND of the port and VLAN which are configured with number limitation function of ND.
Page 753 Parameters: <value> upper limit of the number of dynamic ARP of the port, ranging from 1 to 4096. Default Settings: The number limitation function of dynamic ARP on the port is disabled. Command Mode: Port mode. Usage Guide: When configuring the max number of dynamic ARP allowed by the port, if the number of dynamically learnt ARP on the port is already larger than the max number to be set, the extra dynamic ARP will be deleted.
Page 754 Command Mode: Port mode. Usage Guide: When configuring the max number of dynamic MAC address allowed by the port, if the number of dynamically learnt MAC address on the port is already larger than the max number of dynamic MAC address to be set, the extra dynamic MAC addresses will be deleted.
Page 755 Usage Guide: The port sets the violation mode after enable the number limit function of MAC only. If the violation mode is protect, the port only disable the dynamic MAC address learning function when the MAC address number of the port exceeds the upper limit of secure MAC.
Page 756 Examples: Enable the number limitation function of dynamic NEIGHBOR in port 1/2 mode, the max number to be 20. Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)# switchport nd dynamic maximum 20 Disable the number limitation function of dynamic NEIGHBOR in port 1/2 mode Switch(Config-If-Ethernet1/2)#no switchport nd dynamic maximum 42.17 vlan mac-address dynamic maximum Command:...
Page 757 Examples: Enable the number limitation function of dynamic MAC address in VLAN 1, the max number to be set is 50. Switch(config)#vlan1 Switch(Config-if-Vlan1)#vlan mac-address dynamic maximum 50 Enable the number limitation function of dynamic MAC address in VLAN 1. Switch(Config-if-Vlan1)#no vlan mac-address dynamic maximum 42-205...
Page 758 Chapter 43 Commands for AM Configuration 43.1 am enable Command: am enable no am enable Function: Globally enable/disable AM function. Parameters: None. Default: AM function is disabled by default. Command Mode: Global Mode. Usage Guide: None. Example: Enable AM function on the switch. Switch(config)#am enable Disable AM function on the switch.
Page 759 Function: Enable/disable AM function on port. Parameters: None. Default: AM function is disabled on all port. Command Mode: Port Mode. Example: Enable AM function on interface 1/3 of the switch. Switch(Config-If-Ethernet 1/3)#am port Disable AM function on interface 1/3 of the switch. Switch(Config-If-Ethernet 1/3)#no am port 43.3 am ip-pool Command:...
Page 760 Usage Guide: None. Example: Configure that interface 1/3 of the switch will forward data packets from an IP address which is one of 10 consecutive IP addresses starting from 10.10.10.1. Switch(Config-If-Ethernet 1/3)#am ip-pool 10.10.10.1 10 43.4 am mac-ip-pool Command: am mac-ip-pool <mac-address> <ip-address> no am mac-ip-pool <mac-address>...
Page 761 43.5 no am all Command: no am all [ip-pool | mac-ip-pool] Function: Delete MAC-IP address pool or IP address pool or both pools configured by all users. Parameters: ip-pool is the IP address pool; mac-ip-pool is the MAC-IP address pool; no parameter means both address pools. Default: Both address pools are empty at the beginning.
Page 762 Command Mode: Admin and Configuration Mode. Example: Display all configured AM entries. Switch#show am AM is enabled Interface Ethernet1/3 am interface am ip-pool 30.10.10.1 20 Interface Ethernet1/5 am port am ip-pool 50.10.10.1 30 am mac-ip-pool 00-02-04-06-08-09 20.10.10.5 am ip-pool 50.20.10.1 20 Interface Ethernet1/6 am port Interface Ethernet1/1...
Page 763 Chapter 44 Commands for Security Feature 44.1 dosattack-check srcip-equal-dstip enable Command: [no] dosattack-check srcip-equal-dstip enable Function: Enable the function by which the switch checks if the source IP address is equal to the destination IP address; the “no” form of this command disables this function. Parameter: None Default:...
Page 764 Parameter: None Default: This function disable on the switch by default Command Mode: Global Mode Usage Guide: With this function enabled, the switch will be able to drop follow four data packets containing unauthorized TCP label: SYN=1 while source port is smaller than 1024;TCP label positions are all 0 while its serial No. =0;FIN=1,URG=1,PSH=1 and the TCP serial No.=0;SYN=1 and FIN=1.
Page 765 Usage Guide: With this function enabled, the switch will be able to drop TCP and UDP data packet whose destination port is equal to the source port. This function can be used associating the “dosattack-check ipv4-first-fragment enable” function so to block the IPv4 fragment TCP and UDP data packet whose destination port is equal to the source port. Example: Drop the non-fragment TCP and UDP data packet whose destination port is equal to the source port.
Page 766 44.5 dosattack-check icmpV4-size Command: dosattack-check icmpV4-size <64-1023> Function: Configure the max net length of the ICMPv4 data packet permitted by the switch. Parameter: <64-1023> is the max net length of the ICMPv4 data packet permitted by the switch. Default: The value is 0x200 by default Command Mode: Global Mode Usage Guide:...
Page 767 Chapter 45 Commands for TACACS+ 45.1 tacacs-server authentication host Command: tacacs-server authentication host <ip-address> [port <port-number>] [timeout <seconds>] [key {0 | 7} <string>] [primary] no tacacs-server authentication host <ip-address> Function: Configure the IP address, listening port number, the value of timeout timer and the key string of the TACACS+ server; the no form of this command deletes TACACS+ authentication server.
Page 768 45.2 tacacs-server key Command: tacacs-server key {0 | 7} <string> no tacacs-server key Function: Configure the key of TACACS+ authentication server; the “no tacacs-server key” command deletes the TACACS+ server key. Parameter: <string> is the key string of the TACACS+ server. If key option is set as 0, the key is not encrypted and its range should not exceed 64 characters, if key option is set as 7, the key is encrypted and its range should not exceed 64 characters.
Page 769 Parameter: <ip-address> is the source IP address of TACACS+ packet, in dotted decimal notation, it must be a valid unicast IP address. Default: No specific source IP address for TACACS+ packet is configured, the IP address of the interface from which the TACACS+ packets are sent is used as source IP address of TACACS+ packet.
Page 770 Default: 3 seconds by default. Usage Guide: The command specifies the period the switch wait for the authentication through TACACS+ server. When connected to the TACACS+, and after sent the authentication query data packet to the TACACS+ server, the switch waits for the response.
Page 771: Aaa Enable
Chapter 46 Commands for RADIUS 46.1 aaa enable Command: aaa enable no aaa enable Function: Enables the AAA authentication function in the switch; the "no AAA enable" command disables the AAA authentication function. Command mode: Global Mode. Parameters: Default: AAA authentication is not enabled by default. Usage Guide: The AAA authentication for the switch must be enabled first to enable IEEE 802.1x authentication for the switch.
Page 772 Command mode: Global Mode Default: AAA accounting is not enabled by default. Usage Guide: When accounting is enabled in the switch, accounting will be performed according to the traffic or online time for port the authenticated user is using. The switch will send an “accounting started” message to the RADIUS accounting server on starting the accounting, and an accounting packet for the online user to the RADIUS accounting server every five seconds, and an “accounting stopped”...
Page 773 Example: Disable the AAA update accounting function for switch. Switch(config)#aaa-accounting update disable 46.4 debug aaa packet Command: debug aaa packet {send | receive | all} interface {ethernet <interface-number> | <interface-name>} no debug aaa packet {send | receive | all} interface {ethernet <interface-number> | <interface-name>} Function: Enable the debug information of AAA about receiving and sending packets;...
Page 774 46.5 debug aaa detail attribute Command: debug aaa detail attribute interface {ethernet <interface-number> | <interface-name>} no debug aaa detail attribute interface {ethernet <interface-number> | <interface-name>} Function: Enable the debug information of AAA about Radius attribute details; the no operation of this command will disable that debug information.
Page 775 Command Mode: Admin Mode. Usage Guide: By enabling the debug information of aaa about connection details, users can check connection details of aaa, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of aaa about connection details. Switch#debug aaa detail connection 46.7 debug aaa detail event Command:...
Page 776 46.8 debug aaa error Command: debug aaa error no debug error Function: Enable the debug information of aaa about errors; the no operation of this command will disable that debug information. Parameters: None. Command Mode: Admin Mode. Usage Guide: By enabling the debug information of aaa about errors, users can check the information of all kinds of errors that occurs in the operation process of Radius protocol, which might help diagnose the cause of faults if there is any.
Page 777 Default: No specific source IP address for RADIUS packet is configured, the IP address of the interface from which the RADIUS packets are sent is used as source IP address of RADIUS packet. Command mode: Global Mode. Usage guide: The source IP address must belongs to one of the IP interface of the switch, otherwise an failure message of binding IP address will be returned when the switch send RADIUS packet.
Page 778 Usage guide: The source IPv6 address must belongs to one of the IPv6 interface of the switch, otherwise a failure message of binding IPv6 address will be returned when the switch send RADIUS packet. We suggest using the IPv6 address of loopback interface as source IPv6 address, it avoids that the packets from RADIUS server are dropped when the interface link-down.
Page 779 Usage Guide: This command is used to specify the IPv4/IPv6 address and port number of the specified RADIUS server for switch accounting, multiple command instances can be configured. The <port-number> parameter is used to specify accounting port number, which must be the same as the specified accounting port in the RADIUS server; the default port number is 1813.
Page 780 Command mode: Global Mode Default: No RADIUS authentication server is configured by default. Usage Guide: This command is used to specify the IPv4 address or IPv6 address and port number, cipher key string and access mode of the specified RADIUS server for switch authentication, multiple command instances can be configured. The port parameter is used to specify authentication port number, which must be the same as the specified authentication port in the RADIUS server, the default port number is 1812.
Page 781 Command mode: Global Mode Default: The default value is 5 minutes. Usage Guide: This command specifies the time to wait for the RADIUS server to recover from inaccessible to accessible. When the switch acknowledges a server to be inaccessible, it marks that server as having invalid status, after the interval specified by this command;...
Page 782 Example: Setting the RADIUS authentication key to be “test”. Switch(config)#radius-server key 0 test 46.15 radius-server retransmit Command: radius-server retransmit <retries> no radius-server retransmit Function: Configures the re-transmission times for RADIUS authentication packets; the “no radius-server retransmit” command restores the default setting. Parameters: <retries>...
Page 783 46.16 radius-server timeout Command: radius-server timeout <seconds> no radius-server timeout Function: Configures the timeout timer for RADIUS server; the “no radius-server timeout” command restores the default setting. Parameters: <seconds> is the timer value (second) for RADIUS server timeout, the valid range is 1 to 1000. Command mode: Global Mode Default:...
Page 784 Parameters: <seconds> is the interval of sending fee-counting update messages, in seconds, ranging from 60 to 3600. Command Mode: Global Mode. Default: The default interval of sending fee-counting update messages is 300 seconds. User Guide: This command set the interval at which NAS sends fee-counting update messages. In order to realize the real time fee-counting of users, from the moment the user becomes online, NAS will send a fee-counting update message of this user to the RADIUS server at the configured interval.
Page 785 Command mode: Admin and Configuration Mode. Usage Guide: Usually the administrator concerns only information about the online user, the other information displayed is used for troubleshooting by technical support. Example: Switch#show aaa authenticated-user ------------------------- authenticated users ------------------------------- UserName Retry RadID Port EapID ChapID OnTime UserIP ----------------------------------------------------------------------------- --------------- total: 0 ---------------...
Page 786: Show Aaa Config
46.20 show aaa config Command: show aaa config Function: Displays the configured commands for the switch as a RADIUS client. Command mode: Admin and Configuration Mode. Usage Guide: Displays whether aaa authentication, accounting are enabled and information for key, authentication accounting server specified.
Page 787 accounting server[1].sock_addr = 10:2004::7.1813 .Is Primary = 1 .Is Server Dead = 0 .Socket No = 0 Time Out = 5s :After send the require packets, wait for response time out Retransmit = 3 :The number of retransmit Dead Time = 5min :The tautology interval of the dead server Account Time Interval = 0min :The account time interval 46.21 show radius authenticated-user count Command:...
Page 788: Show Radius Count
46.22 show radius authenticating-user count Command: show radius authenticating-user count Function: Show the number of the authenticating-user. Parameter: None. Command mode: Admin and configuration mode. Default: None. Usage Guide: None. Example: Switch#show radius authenticating-user count The authenticating user num is: 46.23 show radius count Command: show radius {authenticated-user|authenticating-user} count...
Page 789 Usage Guide: The statistics for RADIUS authentication users can be displayed with the “show radius count” command. Example: 1. Display the statistics for RADIUS authenticated users. Switch#show radius authenticated-user count The authenticated online user num is: 2. Display the statistics for RADIUS authenticated users and others. Switch#show radius authenticating-user count 46-237...
Page 790 Chapter 47 Commands for SSL Configuration 47.1 ip http secure-server Command: ip http secure-server no ip http secure-server Function: Enable/disable SSL function. Parameter: None. Command Mode: Global Mode. Default: Disabled. Usage Guide: This command is used for enable and disable SSL function. After enable SSL function, the users visit the switch through https client, switch and client use SSL connect, can form safety SSL connect channel.
Page 791 Function: Configure/delete port number by SSL used. Parameter: <port-number> means configured port number, range between 1025 and 65535. 443 is for default. Command Mode: Global Mode. Default: Not configure. Usage Guide: If this command is used to configure the port number, then the configured port number is used to monitor. If the port number for https is changed, when users try to use https to connect, must use the changed one.
Page 792 Command Mode: Global Mode. Default: Not configure. Usage Guide: If this command is used to configure the secure cipher suite, specified encryption method will be used. The SSL should be restarted to take effect after changes on configuration. When des-cbc-sha is configured, IE 7.0 or above is required.
Page 793: Debug Ssl
47.5 debug ssl Command: debug ssl no debug ssl Function: Show the configured SSL information, the no command closes the DEBUG. Parameter: None. Command Mode: Admin Mode. Example: Switch# debug ssl %Jan 01 01:02:05 2006 ssl will to connect to web server 127.0.0.1:9998 %Jan 01 01:02:05 2006 connect to http security server success! 47-241...
Page 794 Chapter 48 Commands for IPv6 Security RA 48.1 ipv6 security-ra enable Command: ipv6 security-ra enable no ipv6 security-ra enable Function: Globally enable IPv6 security RA function, all the RA advertisement messages will not be forwarded through hardware, but only sent to CPU to handle. The no operation of this command will globally disable IPv6 security RA function.
Page 795 48.2 ipv6 security-ra enable Command: ipv6 security-ra enable no ipv6 security-ra enable Function: Enable IPv6 security RA on a port, causing this port not to forward the received RA message. The no ipv6 security-ra enable will disable the IPv6 security RA on a port. Parameters: None.
Page 796 Command Mode: Admin and Configuration Mode. Example: Switch# show ipv6 security-ra IPv6 security ra config and state information in the switch Global IPv6 Security RA State: Enable Ethernet1/1 IPv6 Security RA State: Yes Ethernet1/3 IPv6 Security RA State: Yes 48.4 debug ipv6 security-ra Command: debug ipv6 security-ra no debug ipv6 security-ra...
Page 797 Chapter 49 Commands for MAB 49.1 authentication mab Command: authentication mab {radius | none} no authentication mab Function: Configure the authentication mode and priority of MAC address authentication, the no command restores the default authentication mode. Parameters: radius means RADIUS authentication mode, none means the authentication is needless. Default: Using RADIUS authentication mode.
Page 798 49.2 clear mac-authentication-bypass binding Command: clear mac-authentication-bypass binding {mac WORD | interface (ethernet IFNAME | IFNAME) | all} Function: Clear MAB binding information. Parameters: MAC: Delete MAB binding of the specified MAC address IFNAME: Delete MAB binding of the specified port all: Delete all MAB binding Command Mode: Admin Mode...
Page 799 Command Mode: Admin Mode Default: None. Usage Guide: None. Example: Enable the debugging of the packet information for MAB authentication. Switch#debug mac-authentication-bypass packet 49.4 mac-authentication-bypass binding-limit Command: mac-authentication-bypass binding-limit <1-100> no mac-authentication-bypass binding-limit Function: Set the max binding number of MAB. The no command will restore the default binding number as 3. Parameters: <1-100>...
Page 800 Example: Configure the max binding number as 10. Switch(Config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)#mac-authentication-bypass binding-limit 10 49.5 mac-authentication-bypass enable Command: mac-authentication-bypass enable no mac-authentication-bypass enable Function: Enable the global and port MAB function. The no command disables MAB function. Parameters: None. Command Mode: Global Mode and Port Mode Default: Disable the global and port MAB function.
Page 801 49.6 mac-authentication-bypass spoofing-garp-check Command: mac-authentication-bypass spoofing-garp-check enable no mac-authentication-bypass spoofing-garp-check enable Function: Enable the spoofing-garp-check function, MAB function will not deal with spoofing-garp any more; the no command disables the function. Parameters: None. Command Mode: Global Mode Default: Disable spoofing-garp-check function. Usage Guide: When the terminal of Windows operating system detects the address conflict, it will sends a gratuitous ARP to correct the error ARP entries generated by gratuitous ARP of the conflict detection.
Page 802 Parameters: (0 | <60-7200>): offline-detect time, the range is 0 or 60 to 7200s. Command Mode: Global Mode Default: offline-detect time is 180s. Usage Guide: When offline-detect time is 0, the switch does not detect MAB binding, when offline-detect time is 60s to 7200s, the switch timely detects the flow corresponding to the MAB binding.
Page 803 Usage Guide: If MAB authentication is failing, within the quiet-period the switch will not respond the authentication request of this MAC, after quiet-period, it will respond the request again. Example: Configure quiet-period of MAB authentication as 60s. Switch(Config)#mac-authentication-bypass timeout quiet-period 60 49.9 mac-authentication-bypass timeout stale-period Command: mac-authentication-bypass timeout stale-period <0-60>...
Page 804 49.10 mac-authentication-bypass username-format Command: mac-authentication-bypass username-format {mac-address | {fixed username WORD password WORD}} Function: Set the authenticate method of MAB authentication. Parameters: mac-address: Use MAC address of MAB user as username and password to authenticate. fixed username WORD password WORD: Use the specified username and password to authenticate, the length of username and password ranges between 1 and 32 characters.
Page 805 Parameters: interface {ethernet IFNAME|IFNAME}: The port name. Command Mode: Admin Mode Default: None. Usage Guide: None. Example: Show the binding information of all MAB users. Switch#show mac-authentication-bypass The Number of all binding is 5 Interface Vlan ID State ---------------------------------------------------------------------------------------------------------- 05-0a-eb-6a-7f-88 Ethernet1/1 MAB_QUIET 04-0a-eb-6a-7f-88...
Page 806 Interface Ethernet1/1 user config: MAB enable: Enable Binding info: 1 -------------------------------------------------------- MAB Binding built at SUN JAN 01 01:14:48 2006 VID 1, Port: Ethernet1/1 Client MAC: 00-0a-eb-6a-7f-8e Binding State: MAB_AUTHENTICATED Binding State Lease: 164 seconds left Displayed information Explanation MAB enable MAB function enabled or not Binding info The MAB binding number of the specified port...
Page 807 Chapter 50 Commands for PPPoE Intermediate Agent 50.1 debug pppoe intermediate agent packet {receive | send} interface ethernet <interface-name> Command: debug pppoe intermediate agent packet (receive | send|) interface ethernet <interface-name> no debug pppoe intermediate agent packet (receive | send|) interface ethernet <interface-name> Function: Enable PPPoE packet debug for the specified port, the no command disables it.
Page 808 50.2 pppoe intermediate-agent Command: pppoe intermediate-agent no pppoe intermediate-agent Function: Enable global PPPoE intermediate agent function. The no command disables global PPPoE intermediate agent function. Parameter: None. Command Mode: Global mode. Default: Disable global PPPoE intermediate agent function. Usage Guide: After enable global PPPoE IA function, process the packet of PPPoE discovery stage according to the related configuration.
Page 809 Parameter: None. Command Mode: Port mode Default: Disable PPPoE intermediate agent function of the port. Usage Guide: After enable PPPoE IA function of the port, add vendor tag for PPPoE packet of the port. Note: 1. It must enable global pppoe intermediate-agent function. 2.
Page 810 Usage Guide: This command configures circuit-id alone for each port, the priority is higher than pppoe intermediate-agent identifier-string command. Example: Configure circuit-id as abcd/efgh on port ethernet1/3 of vlan3. Switch(config-if-ethernet1/3)#pppoe intermediate-agent circuit-id abcd/efgh After port ethernet1/3 of vlan3 receives PPPoE packet, circuit-id value of the added vendor tag as ”abcd/efgh”. 50.5 pppoe intermediate-agent delimiter Command: pppoe intermediate-agent delimiter <WORD>...
Page 811 50.6 pppoe intermediate-agent format Command: pppoe intermediate-agent format (circuit-id | remote-id) (hex | ascii) no pppoe intermediate-agent format (circuit-id | remote-id) Function: Configure the format with hex or ASCII for circuit-id and remote-id, the no command cancels the configuration. Parameter: hex: hexadecimal ascii: ASCII code Command Mode:...
Page 812 Parameter: <string>: remote-id, the max character number is 63 bytes. Command Mode: Port mode Default: This configuration is null. Usage Guide: Configure remote-id for each port, if there is no configuration, use switch’s MAC as remote-id value. Example: Configure remote-id as abcd on port ethernet1/2. Switch(config-if-ethernet1/2)# pppoe intermediate-agent remote-id abcd 50.8 pppoe intermediate-agent trust Command:...
Page 813 Example: Configure port ethernet1/1 as trust port. Switch(config-if-ethernet1/1)#pppoe intermediate-agent trust 50.9 pppoe intermediate-agent type self-defined circuit-id Command: pppoe intermediate-agent type self-defined circuit-id {vlan | port | id (switch-id (mac | hostname) | remote-mac) | string WORD} no pppoe intermediate-agent type self-defined circuit-id Function: Configure the self-defined circuit-id, the no command cancels the configuration.
Page 814 50.10 pppoe intermediate-agent type self-defined remote-id Command: pppoe intermediate-agent type self-defined remote-id {mac | hostname | string WORD} no pppoe intermediate-agent type self-defined remote-id Function: Configure the self-defined remote-id, the no command cancels the configuration. Parameter: mac: the local MAC address hostname: the local host name string WORD: the specified keyword Command Mode:...
Page 815 Function: Configure access-node-id field value of circuit ID in the added vendor tag with tr-101 standard. Parameter: <string>: access-node-id, the max character number is 47 bytes. Command Mode: Global mode Default: MAC address of the switch Usage Guide: Use this configuration to create access-node-id of circuit ID in vendor tag. circuit-id value is access-node-id +” eth “+ Slot ID + delimiter + Port Index + delimiter + Vlan ID, access-node-id occupies n bytes (n<48), “...
Page 816 Parameter: <string>: identifier-string, the max character number is 47 bytes. {sp | sv | pv | spv}: This option can select the combination format for slot, port, vlan, sp means slot and port, sv means slot and vlan, pv means port and vlan, spv means slot, port and vlan. <WORD>: The delimiter between slot, port and vlan, the range is (# | .
Page 817 Function: Enable vendor-tag strip function of the port, the no command cancels this function. Parameter: None. Command Mode: Port mode Default: Disable vendor-tag strip function of the port. Usage Guide: If the received packet includes vendor tag from server to client, strip this vendor tag. Note: 1.
Page 818 Default: The configuration information is null. Usage Guide: This command is used to show access-node-id configured by user. Example: Show access-node-id configuration information. Switch#pppoe intermediate-agent access-node-id abcd Switch#show pppoe intermediate-agent access-node-id pppoe intermediate-agent access-node-id is : abcd 50.15 show pppoe intermediate-agent identifier-string option delimiter Command: show pppoe intermediate-agent identifier-string option delimiter...
Page 819 config option is : slot , port and vlan the first delimiter is : "# " the second delimiter is : "/ " 50.16 show pppoe intermediate-agent info Command: show pppoe intermediate-agent info [interface ethernet <interface-name>] Function: Show the related PPPoE IA configuration information of all ports or the specified port. Parameter: ehernet: physical port interface-name: port name...
Page 820 Chapter 51 Commands for Web Portal Configuration 51.1 clear webportal binding Command: clear webportal binding {mac WORD | interface <ethernet IFNAME | IFNAME> |} Function: Clear the binding information of web portal authentication. Parameter: mac: Clear the binding of the specific MAC address. IFNAME: Port ID list, divide the ports with “;”.
Page 821 51.2 debug webportal binding Command: debug webportal binding no debug webportal binding Function: Enable/ disable the binding debugging of web portal authentication. Parameter: None. Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Enable the binding debugging of web portal authentication, the no command disables the binding debugging. Example: Enable the binding debugging of web portal authentication.
Page 822 Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Enable the error debugging of web portal authentication, the no command disables the error debugging. Example: Enable the error debugging of web portal authentication. switch#debug webportal error <NULL> 0 error error debug is on 51.4 debug webportal event Command: debug webportal event...
Page 823 Example: Enable the event debugging of web portal authentication. switch#debug webportal event <NULL> 0 event event debug is on 51.5 debug webportal packet Command: debug webportal packet {all | receive | send} {interface <ethernet IFNAME | IFNAME> |} no debug webportal packet {all | receive | send} {interface <interface-name> |} Function: Enable/ disable the debugging that show the synchronization information of the local clock.
Page 824 Ethernet1/1 0 packet rx debug is on Ethernet1/1 0 packet tx debug is on 51.6 ip dhcp snooping binding webportal Command: ip dhcp snooping binding webportal no ip dhcp snooping binding webportal Function: Enable/disable dhcp snooping binding web portal function. Parameter: None.
Page 825 Parameter: <ethernet IFNAME | IFNAME>: The port name, if the port name is null, show all port information. Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Show the parameter and enable information of web portal authentication according to the condition. Example: Show the parameter and enable information of web portal authentication.
Page 826 Usage Guide: Collect the binding information according to the specified condition, such as the binding number, IP, MAC, interface, VLAN ID and state, etc. Example: Show the binding information of web portal authentication. switch#show webportal binding ? interface Interface setting Output modifiers <cr>...
Page 827 Default: Usage Guide: Limit the max webportal binding number of the port. When the binding number reaches to the max binding number, the port can not process the binding any more. When the max binding number is less than the current binding number of the port, the setting will be unsuccessful.
Page 828 Example: Enable/disable web portal authentication. Switch(config)# webportal enable show running-config shows the global webportal authentication which is enabled successfully. 51.11 webportal enable (Port) Command: webportal enable no webportal enable Function: Enable/disable web portal authentication of the port. Parameter: None. Command Mode: Port Mode.
Page 829 51.12 webportal nas-ip Command: webportal nas-ip <ip-address> no webportal nas-ip Function: Configure IP source address for communicating between accessing device and portal server. Parameter: <ip-address>: IP source address for communicating between accessing device and portal server in dotted decimal notation, it must be the legal unicast address. Command Mode: Global Mode.
Page 830 Function: Configure HTTP redirection address of web portal authentication. Parameter: <ip> is IP address of portal server. Command Mode: Global Mode. Default: There is no redirection address. Usage Guide: Enable web portal authentication globally before configuring its HTTP redirection address. The no command cancels the configured redirection address.
Page 831 Chapter 52 Commands for VLAN-ACL 52.1 clear vacl statistic vlan Command: clear vacl [in | out] statistic vlan [<1-4094>] Function: This command can clear the statistic information of VACL. Parameter: in | out: Clear the traffic statistic of the ingress/egress. vlan <1-4094>: The VLAN which needs to clear the VACL statistic information.
Page 832 Parameter: in | out: Show ingress/egress configuration and statistic vlan <1-4094>: The VLAN which needs to show the configuration and the statistic information of VACL. If do not input VLAN ID, then show VACL configuration and statistic information of all VLANs. begin | include | exclude <regular-expression>: the regular expression .
Page 833 Usage Guide: Egress direction filtering is not supported by switch. Example: Switch (config)#show vacl vlan 2 Vlan 2: IP Ingress access-list used is 100, traffic-statistics Disable. Switch (config)# show vacl vlan 3 Vlan 3: IP Ingress access-list used is myacl, packet(s) number is 5. Displayed Information Explanation Vlan 2...
Page 834 Usage Guide: Use “;” or “-” to input the VLAN or multi-VLANs, but do not exceed 128, and CLI length can not exceed 80 characters. Egress direction filtering is not supported by switch. Example: Configure the numeric IP ACL and enable the statistic function for Vlan 1-5, 6, 7-9. Switch(config)#vacl ip access-group 1 in traffic-statistic vlan 1-5;...
Page 835 52.5 vacl mac access-group Command: vacl mac access-group {<700-1199> | WORD} {in } [traffic-statistic] vlan WORD no vacl mac access-group {<700-1199> | WORD} {in } vlan WORD Function: This command configure VACL of MAC type on the specific VLAN. Parameter: <700-1199>...
Page 836 Parameter: <3100-3299> | WORD: Configure the numeric MAC-IP ACL or the named ACL. in : Filter the ingress traffic. traffic-statistic: Enable the statistic of matched packets number. vlan WORD: The VLAN will be bound to VACL. Command mode: Global Mode. Default: None.
Page 837 Chapter 53 Commands for SAVI 53.1 Commands for SAVI 53.1.1 ipv6 cps prefix Command: ipv6 cps prefix <ipv6-address> vlan <vid> no ipv6 cps prefix<ipv6-address> Function: Configure IPv6 address prefix of the link manually, no command deletes IPv6 address prefix. Parameter: ipv6-address: the address prefix of link, like 2001::/64;...
Page 838: Ipv6 Dhcp Snooping Trust
53.1.2 ipv6 cps prefix check enable Command: ipv6 cps prefix check enable no ipv6 cps prefix check enable Function: Enable SAVI address prefix check function, no command will disable this function. Parameter: None. Command Mode: Global Mode. Default: Disable SAVI address prefix check function. Usage Guide: After enable the prefix check function, if the IPv6 address prefix of the packets does not accord with the link prefix, then do not establish the corresponding IPv6 address binding.
Page 839 Parameter: None. Command Mode: Port Mode. Default: Disable. Usage Guide: Set the port as dhcpv6 trust attribute, enable uplink port of the switch with SAVI function for connecting dhcpv6 server or dhcpv6 relay generally. Example: Set ethernet1/1 to be DHCP trust port. Switch(config)#interface ethernet1/1 Switch(config-if-ethernet1/1)#ipv6 dhcp snooping trust 53.1.4 ipv6 nd snooping trust...
Page 840 Usage Guide: If the port disables ipv6 nd snooping trust function, it is considered to untrust RA packets port and discards all RA packets. Setting the port as trust attribute, enable the uplink port of the switch with SAVI or the conjoint port between switches with SAVI generally.
Page 841 Example: Configure the conflict binding check mode to probe mode. Switch(config)#savi check binding probe mode 53.1.6 savi enable Command: savi enable no savi enable Function: Enable the global SAVI function, the no command disables this global function. Parameter: None. Command Mode: Global Mode.
Page 842 53.1.7 savi ipv6 binding num Command: savi ipv6 binding num <limit-num> no savi ipv6 binding num Function: Configure the number of the corresponding binding with the port, no command restores the default value. Parameter: limit-num: set the range from 0 to 65535, the default value of the port binding number is 65535. Command Mode: Port Mode.
Page 843 Parameter: ip-address: is the unicast IPv6 address, including local link and global unicast address mac-address: is the mac address of Ethernet if-name: is the port name, like interface ethernet 1/1 slaac|dhcp: slaac means create the dynamic binding for slaac type, dhcp means create the dynamic binding for dhcp type lifetime: configure the lifetime period for the dynamic binding, the unit is second.
Page 844 53.1.9 savi ipv6 check source ip-address mac-address Command: savi ipv6 check source [ip-address mac-address | ip-address | mac-address] no savi ipv6 check source Function: Enable the control authentication function for the packets of the port, no command disables this function. Parameter: None.
Page 845 Parameter: dhcp-only: dhcp-only application scene slaac-only: slaac-only application scene dhcp-slaac: combination application scene of dhcp-only and slaac-only Command Mode: Global Mode. Default: Disable SAVI application scene. Usage Guide: dhcp-only application scene only detects DHCPv6 packets and DAD NS packets of link-local ipv6 address to be IPv6 address with target field, it does not detect DAD NS packets of non-link-local address.
Page 846 Default: Usage Guide: This command is used to prevent the exhaust attack of the dynamic binding entry for SAVI. Example: Set the dynamic binding number to be 5 for the same MAC address. Switch(config)#isavi ipv6 mac-binding-limit 5 53.1.12 savi max-dad-dalay Command: savi max-dad-delay <max-dad-delay>...
Page 847 53.1.13 savi max-dad-prepare-delay Command: savi max-dad-prepare-delay <max-dad-prepare-delay> no savi max-dad-prepare-delay Function: Configure lifetime period of redetection for the dynamic binding, no command restores the default value. Parameter: max-dad-prepare-delay: set the ranging between 1 and 65535 seconds, its default value is 1 second. Command Mode: Global Mode.
Page 848 Command Mode: Global Mode. Default: 4 hours. Usage Guide: None. Example: Configure lifetime period of slaac binding type as 2010 seconds at BOUND state. Switch(config)#savi max-slaac-life 2010 53.1.15 savi timeout bind-protect Command: savi timeout bind-protect <protect-time> no savi timeout bind-protect Function: Configure the bind-protect lifetime period for a port after its state from up to down, no command restores the default value.
Page 849 Example: Set bind-protect lifetime period to be 20 seconds. Switch(config)#savi timeout bind-protect 20 53.2 Commands for Monitor and Debug 53.2.1 debug ipv6 dhcp snooping binding Command: debug ipv6 dhcp snooping binding no debug ipv6 dhcp snooping binding Function: Enable binding debug of dhcp type for SAVI, no command disables the debug. Parameter: None.
Page 850 53.2.2 debug ipv6 dhcp snooping event Command: debug ipv6 dhcp snooping event no debug ipv6 dhcp snooping event Function: Enable event debug of dhcp type for SAVI, no command disables the debug. Parameter: None. Command Mode: Admin Mode. Default: None. Usage Guide: After enable event debug, the relative event information of dhcp type will be print for misarranging.
Page 851 Command Mode: Admin Mode. Default: None. Usage Guide: After enable packets debug, the relative DHCPv6 packtets will be print for misarranging. The no command disables this function. Example: Enable the debug of DHCPv6 packets. Switch#debug ipv6 dhcp snooping packet 53.2.4 debug ipv6 nd snooping binding Command: debug ipv6 nd snooping binding no debug ipv6 nd snooping binding...
Page 852 Example: Enable binding debug of slaac type. Switch#debug ipv6 nd snooping binding 53.2.5 debug ipv6 nd snooping event Command: debug ipv6 nd snooping event no debug ipv6 nd snooping event Function: Enable the event debug of slaac type for SAVI, no command disables the event debug. Parameter: None.
Page 853 Function: Enable ND packets debug, no command disables ND packets debug. Parameter: None. Command Mode: Admin Mode. Default: None. Usage Guide: After enable packets debug, the relative ND packets will be print for misarranging. The no command disables this function. Example: Enable ND packets debug.
Page 854 Usage Guide: Descriptions of each field are as below: Field Description The bound MAC address The bound IP address Vlan The binding VLAN belongs to Port The binding port belongs to Type Binding type State Binding state Expires The bound lifetime period Example: Show the global binding state of SAVI.
Page 855 Chapter 54 Commands for MRPP 54.1 control-vlan Command: control-vlan <vid> no control-vlan Function: Configure control VLAN ID of MRPP ring; the “no control-vlan” command deletes control VLAN ID. Parameter: <vid> expresses control VLAN ID, the valid range is from 1 to 4094. Command Mode: MRPP ring mode Default:...
Page 856: Clear Mrpp Statistics
54.2 clear mrpp statistics Command: clear mrpp statistics [<ring-id>] Function: Clear statistic information of MRPP data packet of MRPP ring receiving and transferring. Parameter: <ring-id> is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it clears all of MRPP ring statistic information.
Page 857 Parameter: None. Usage Guide: Enable MRPP debug information, and check message process of MRPP protocol and receive data packet process, it is helpful to monitor debug. Example: Enable debug information of MRPP protocol. Switch#debug mrpp 54.4 enable Command: enable no enable Function: Enable configured MRPP ring, the “no enable”...
Page 858 Switch(mrpp-ring-4000)#hello-timer 6 Switch(mrpp-ring-4000)#enable Switch(mrpp-ring-4000)#exit Switch(config)#in ethernet1/1 Switch(config-If-Ethernet1/1)#mrpp ring 4000 primary-port Switch(config)#in ethernet 1/3 Switch(config-If-Ethernet1/3)#mrpp ring 4000 secondary-port 54.5 errp domain Command: errp domain <domain-id> no errp domain <domain-id> Function: Create ERRP domain, the no command deletes the configured ERRP domain. Parameter: <domain-id>...
Page 859 54.6 fail-timer Command: fail-timer <timer> no fail-timer Function: Configure if the primary node of MRPP ring receive Timer interval of Hello packet or not, the “no fail-timer” command restores default timer interval. Parameter: <timer> valid range is from 1 to 300s. Command Mode: MRPP ring mode Default:...
Page 860 Function: Configure timer interval of Hello packet from primary node of MRPP ring, the “no hello-timer” command restores timer interval of default. Parameter: <timer> valid range is from 1 to 100s. Command Mode: MRPP ring mode Default: Default configuration timer interval is 1s. Usage Guide: The primary node of MRPP ring continuously sends Hello packet on configured Hello timer interval, if secondary port of primary node can receive this packet in configured period;...
Page 861: Mrpp Enable
Default: Disable the compatible function of EAPS. Usage Guide: If the compatible function of EAPS needs to be configured, MRPP protocol should be enabled firstly. When executing no mrpp eaps compatible command, it should ensure that the switch has enabled MRPP protocol. Example: Enable the compatible function of EAPS globally.
Page 862 54.10 mrpp errp compatible Command: mrpp errp compatible no mrpp errp compatible Function: Enable the compatible mode for ERRP, the no command disables the compatible mode. Parameter: None. Command Mode: Global mode Default: Disable the compatible function of ERRP. Usage Guide: If the compatible function of ERRP needs to be configured, MRPP protocol should be enabled firstly.
Page 863: Mrpp Ring
54.11 mrpp poll-time Command: mrpp poll-time <20-2000> Function: Configure the query interval of MRPP. Command mode: Global mode. Usage Guide: Configure the query time to adjust the query interval of MRPP, the default interval is 100ms. Example: Set the query time as 200ms. Switch(Config)# mrpp poll-time 200 54.12 mrpp ring Command:...
Page 864 Example: Switch(config)#mrpp ring 100 54.13 mrpp ring primary-port Command: mrpp ring <ring-id> primary-port no mrpp ring <ring-id> primary-port Function: Specify MRPP ring primary-port. Parameter: <ring-id> is the ID of MRPP ring; range is <1-4096>. Command Mode: Port mode Default: None Usage Guide: The command specifies MRPP ring primary port.
Page 865 54.14 mrpp ring secondary-port Command: mrpp ring < ring-id > secondary-port no mrpp ring < ring-id > secondary-port Function: Specify secondary of MRPP ring. Parameter: <ring-id> is the ID of MRPP ring; range is <1-4096>. Command Mode: Port mode Default: None Usage Guide: The command specifies secondary port of MRPP ring.
Page 866: Show Mrpp
Parameter: None. Command Mode: MRPP ring mode. Default: Default the node mode is secondary node. Usage Guide: None. Example: Configure the switch to primary node. MRPP ring 4000. Switch(config)# mrpp ring 4000 Switch(mrpp-ring-4000)#node-mode master 54.16 show mrpp Command: show mrpp [<ring-id>] Function: Display MRPP ring configuration.
Page 867: Show Mrpp Statistics
Usage Guide: None Example: Display configuration of MRPP ring 4000 of switch Switch# show mrpp 4000 54.17 show mrpp statistics Command: show mrpp statistics [<ring-id>] Function: Display statistic information of data packet of MRPP ring receiving and transferring. Parameter: <ring-id> is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it displays all of MRPP ring statistic information.
Page 868: Control Vlan
Chapter 55 Commands for ULPP 55.1 clear ulpp flush counter interface Command: clear ulpp flush counter interface <name> Function: Clear the statistic information of the flush packets. Parameter: <name> is the name of the port. Default: None. Command mode: Admin mode. Usage Guide: None.
Page 869 Parameter: <integer> is the control VLAN ID that sends the flush packets, range from 1 to 4094. Default: The default is VLAN 1. Command mode: ULPP group configuration mode. Usage Guide: Configure the control VLAN of ULPP group. This VLAN must correspond the existent VLAN, after it is configured, this VLAN can’t be deleted.
Page 870 Usage Guide: None. Example: Show the error information of ULPP. Switch# debug ulpp error Unrecognized Flush packet received. 55.4 debug ulpp event Command: debug ulpp event no debug ulpp event Function: Show the event information of ULPP. The no operation disables showing the event information of ULPP. Parameter: None.
Page 871 55.5 debug ulpp flush content interface Command: debug ulpp flush content interface <name> no debug ulpp flush content interface <name> Function: Show the contents of the receiving flush packets. The no operation disables the shown contents. Parameter: <name> is the name of the port. Default: Do not display.
Page 872 55.6 debug ulpp flush {send | receive} interface Command: debug ulpp flush {send | receive} interface <name> no debug ulpp flush {send | receive} interface <name> Function: Show the information of the receiving/sending flush packets, it only shows the receiving packets, but do not show the detailed contents of the packets.
Page 873 Parameter: <string> is the name of ULPP group, the max number of the characters is 128. Default: Do not configure ULPP name by default. Command mode: ULPP group configuration mode. Usage Guide: None. Example: Configure the description of ULPP group as switch. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# description switch 55.8 flush disable arp...
Page 874 Example: Disable sending the flush packets of deleting ARP. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# flush disable arp 55.9 flush disable mac Command: flush disable mac Function: Disable sending the flush packets of updating MAC address. Parameter: None. Default: By default, enable sending the flush packets of updating MAC address. Command mode: ULPP group configuration mode.
Page 875 55.10 flush disable mac-vlan Command: flush disable mac-vlan Function: Disable sending the flush packets of deleting the dynamic unicast mac according to vlan. Parameter: None. Default: Disable. Command mode: ULPP group configuration mode. Usage Guide: If configure this command, when the link is switched, it will not actively send the flush packets to notify the upstream device to delete the dynamic unicast mac according to vlan.
Page 876 Default: By default, enable sending the flush packets of deleting ARP. Command mode: ULPP group configuration mode. Usage Guide: If enable this function, when the link is switched, it will actively send the flush packets to notify the upstream device, so as to delete the list entries of ARP.
Page 877 Example: Enable sending the flush packets of updating MAC address. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# flush enable mac 55.13 flush enable mac-vlan Command: flush enable mac-vlan Function: Enable sending the flush packets of deleting the dynamic unicast mac according to vlan. Parameter: None.
Page 878: Preemption Delay
55.14 preemption delay Command: preemption delay <integer> no preemption delay Function: Configure the preemption delay, the no command configures the preemption delay as the default value. Parameter: <integer>: the preemption delay, range from 1 to 600, in second. Default: The default preemption delay is 30. Command mode: ULPP group configuration mode.
Page 879 Default: Do not preempt. Command mode: ULPP group configuration mode. Usage Guide: If the preemption mode configured by ULPP group, and the slave port is in forwarding state, and the master port is in the standby state, the master port will turn into the forwarding state and the slave port turn into the standby state after the preemption delay.
Page 880 Usage Guide: Quote the instances of MSTP to protect the VLANs. The VLAN corresponds to this instance is at the forwarding state on one port of this group, and at the blocked state on another port of this group. Each ULPP group can quotes all instances of MSTP.
Page 881 55.18 show ulpp flush-receive-port Command: show ulpp flush-receive-port Function: Show the port which receive flush packet, flush type and control VLAN. Parameter: None. Default: None. Command mode: Admin mode. Usage Guide: None. Example: Show the information that the port receives flush packets. Switch# show ulpp flush-receive-port ULPP flush-receive portlist: Portname...
Page 882 Parameter: [group-id]: Show the information of the specific ULPP group. Default: By default, show the information of all ULPP groups which have been configured. Command mode: Admin mode. Usage Guide: Show the configuration information of ULPP groups which have been configured, such as: the state of the master port and the slave port, the preemption mode, the preemption delay, etc.
Page 883 Parameter: <vlan-list> specify the control VLAN list that receives the flush packets, such as: i; j-k. The number of VLANs in Each character string can not exceed 100. The receiving control VLAN of the port can be added. Default: The default is VLAN 1. Command mode: Port mode.
Page 884 Usage Guide: If this command is configured, then it will not receive the flush packets of deleting ARP. Example: Disable receiving the flush packets of deleting ARP. Switch(config)# interface ethernet 1/1 Switch(config-If-Ethernet1/1)# ulpp flush disable arp 55.22 ulpp flush disable mac Command: ulpp flush disable mac Function:...
Page 885 55.23 ulpp flush disable mac-vlan Command: ulpp flush disable mac-vlan Function: Disable receiving the flush packets of mac-vlan type. Parameter: None. Default: Disable. Command mode: Port mode. Usage Guide: If enabling this function, forward the hardware of the flush packets with mac-vlan type received in port. It will not be analyzed.
Page 886 Default: By default, disable receiving the flush packets of deleting ARP. Command mode: Port mode. Usage Guide: Enable this function to receive the flush packets which delete ARP. Example: Enable receiving of the flush packets of deleting ARP. Switch(config)# interface ethernet 1/1 Switch(config-If-Ethernet1/1)# ulpp flush enable arp 55.25 ulpp flush enable mac Command:...
Page 887 55.26 ulpp flush enable mac-vlan Command: ulpp flush enable mac-vlan Function: Enable receiving the flush packets of mac-vlan type. Parameter: None. Default: Disable. Command mode: Port mode. Usage Guide: If enabling this function, configure the interface to receive the flush packets handled mac-vlan type and delete the dynamic unicast mac according to vlan information in the packets.
Page 888 Parameter: <integer> is the ID of ULPP group, range from 1 to 48. Command mode: Global Mode. Default: Any ULPP groups are not configured. Usage Guide: None. Example: Configure ulpp group 20 or enter the mode of ulpp group 20. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# 55.28 ulpp group master...
Page 889 Usage Guide: There is no sequence requirement for the master and slave port configuration in a group, but the protective VLANs must be configured before the member ports. Each group has only one master port, if the master port exists, then the configuration fail.
Page 890 Chapter 56 IPv4 Multicast Protocol 56.1 debug ulsm event Command: debug ulsm event no debug ulsm event Function: Show the event information of ULSM. The no operation disables showing ULSM events. Parameter: None. Default: None. Command mode: Admin Mode. Usage Guide: None.
Page 891 Parameter: [group-id]: the ID of ULSM group. Default: By default, show the information of all ULSM groups which have been configured. Command mode: Admin Mode. Usage Guide: None. Example: Show the configuration information of ULSM group1. Switch# show ulsm group 1 ULSM group 1 information: ULSM group state: Down Member...
Page 892 Command mode: Global Mode. Usage Guide: None. Example: Create ULSM group 10. Switch(config)# ulsm group 10 56.4 ulsm group {uplink | downlink} Command: ulsm group <group-id> {uplink | downlink} no ulsm group <group-id> Function: Configure the uplink/downlink ports of ULSM group. The no command deletes the uplink/downlink ports. Parameter: <group-id>: The ID of ULSM group, the range from 1 to 32.
Page 893: Monitor Session Source Interface
Chapter 57 Commands for Mirroring Configuration 57.1 monitor session source interface Command: monitor session <session> source {interface <interface-list> | cpu} {rx| tx| both} no monitor session <session> source {interface <interface-list> | cpu} Function: Specify the source interface for the mirror. The no form command will disable this configuration. Parameters: <session>...
Page 894: Monitor Session Destination Interface
57.2 monitor session source interface access-list Command: monitor session <session> source {interface <interface-list>} access-list <num> {rx|tx|both} no monitor session <session> source {interface <interface-list>} access-list <num> Function: Specify the access control for the source of the mirror. The no form command will disable this configuration. Parameters: <session>...
Page 895: Show Monitor
Function: Specify the destination interface of the mirror. The no form command will disable this configuration. Parameters: <session> is the session number of the mirror, which is currently support only one. <interface-number> is the destination interface of the mirror. Default: None.
Page 896 Usage Guide: This command is used to display the source and destination ports for the configured mirror sessions. For port mirroring, CPU mirroring, and flow mirroring, the mirror mode of the source can be displayed. Example: Switch#show monitor 57-344...
Page 897 Chapter 58 Commands for sFlow 58.1 sflow agent-address Command: sflow agent-address <agent-address> no sflow agent-address Function: Configure the sFlow sample proxy address. The “no” form of this command deletes the proxy address. Parameter: <agent-address > is the sample proxy IP address which is shown in dotted decimal notation. Command Mode: Global Mode.
Page 898 Function: Configure the analyzer used by sFlow, the no command deletes the analyzer. Parameter: sflowtrend is the analyzer of Inmon. Command Mode: Global Mode Default: Do not configure Usage Guide: Configure this command when using sFlowTrend. Example: Switch(config)#sflow analyzer sflowtrend 58.3 sflow counter-interval Command: sflow counter-interval <interval-value>...
Page 899 Usage Guide: If no statistic sampling interval is configured, there will not be any statistic sampling on the interface. Example: Set the statistic sampling interval on the interface e1/1 to 20 seconds. Switch(Config-If-Ethernet1/1)#sflow counter-interval 20 58.4 sflow data-len Command: sflow data-len <length-value> no sflow data-len Function: Configure the max length of the sFlow packet data;...
Page 900: Sflow Destination
58.5 sflow destination Command: sflow destination <collector-address> [<collector-port>] no sflow destination Function: Configure the IP address and port number of the host on which the sFlow analysis software is installed. If the port has been configured with IP address, the port configuration will be applied, or else the global configuration will be applied.
Page 901 Function: Configure the length of the head data packet copied in the sFlow data sampling. The “no” form of this command restores the default value. Parameter: <length-value> is the value of the length with a valid range of 32-256. Command Mode: Port Mode.
Page 902 Default: The default value is 0. Usage Guide: When sample packet is sent to the CPU, it is recommended not to assign high priority for the packet so that regular receiving and sending of other protocol packet will not be interfered. The higher the priority value is set, the higher its priority will be.
Page 903: Show Sflow
Example: Configure the ingress sample rate on port e1/1 to 10000 and the egress sample rate to 20000. Switch(Config-If-Ethernet1/1)#sflow rate input 10000 Switch(Config-If-Ethernet1/1)#sflow rate output 20000 58.9 show sflow Command: show sflow Function: Display the sFlow configuration state. Parameter: None. Command Mode: All Modes.
Page 904 configured Collector port is 6343 the sFlow global destination port is the defaulted 6343 Sampler priority is 2 The priority of sFlow when receiving packets from the hardware is Sflow DataSource: type 2, index One sample proxy data source of the sFlow is the interface e1/1 194(Ethernet1/1) and its type is 2 (Ethernet), the interface index is 194.
Page 905 Chapter 59 Commands for RSPAN Configuration 59.1 remote-span Command: remote-span no remote-span Function: To configure VLAN to RSPAN VLAN. The no form of this command will delete the RSPAN VLAN. Parameter: None. Command Mode: VLAN Configuration Mode. Default: Not configured. Usage Guide: This command is used to configure the existing VLAN as RSPAN VLAN.
Page 906 59.2 monitor session remote vlan Command: monitor session <session> remote vlan <vid> no monitor session <session> remote vlan Function: To configure local mirror session to RSPAN. The no form of this command will restore the RSPAN to local mirror. Parameter: <session>: session ID, range between 1~4.
Page 907 Command Mode: Global Mode. Default: Not configured. Usage Guide: This command configures the reflector port for the destination of mirror data grams, and disables the MAC learning function of the specified port. The configuration of reflector port is to change the mode of the local port from the destination port mode to be the reflector mode.
Page 908: Monitor Session
Chapter 60 Commands for ERSPAN 60.1 monitor session Command: monitor session <session> destination tunnel interface <interface-number> desmac < MAC address > desIP < Dest IP address > scrIP < Source IP address no monitor session <session> destination tunnel interface <interface-number> Function: Appoint the mirror destination, and the destination can be the physical port or the tunnel;...
Page 909 60.2 monitor session destination tunnel Command: monitor session <session> destination tunnel <tunnel-number> no monitor session <session> destination tunnel <tunnel-number> Function: Specify the destination port of the mirror as the tunnel. The no command deletes this configuration. Parameters: <session> is the session number of the mirror, which is currently limited from 1 to 4; <tunnel-number> is the tunnel number.
Page 910 Chapter 61 Commands for SNTP 61.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone. Parameters: WORD: timezone name, the length should not exceed 16 add | subtract: the action of timezone <0-23>: the hour value <0-59>: the minute value...
Page 911: Sntp Polltime
Function: Displays or disables SNTP debug information. Parameters: adjust stands for SNTP clock adjustment information; packet for SNTP packets, select for SNTP clock selection. Command mode: Admin Mode Example: Displaying debugging information for SNTP packet. Switch#debug sntp packet 61.3 sntp polltime Command: sntp polltime <interval>...
Page 912: Sntp Server
61.4 sntp server Command: sntp server {<ip-address> | <ipv6-address>} [source {vlan <vlan no> | loopback <loopback no>}] [version <version_no>] no sntp server {<ip-address> | <ipv6-address>} [source {vlan <vlan no> | loopback <loopback no>}] [version <version_no>] Function: Enable the specified time server as clock source, the no command deletes the specified time server. Parameters: ip-address: IPv4 address of time server ipv6-address: IPv6 address of time server...
Page 913: Show Sntp
61.5 show sntp Command: show sntp Function: Displays current SNTP client configuration and server status. Parameters: N/A. Command Mode: Admin and Configuration Mode. Example: Displaying current SNTP configuration. Switch#show sntp SNTP server Version Last Receive 2.1.0.2 61-361...
Page 914 Chapter 62 Commands for NTP 62.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone. Parameters: WORD: timezone name, the length should not exceed 16 add | subtract: the action of timezone <0-23>: the hour value <0-59>: the minute value...
Page 915 Function: To enable/disable the debug switch of displaying local time adjust information. Parameter: None. Default: Disabled. Command Mode: Admin Mode. Usage Guide: None. Example: To enable the debug switch of displaying local time adjust information. Switch# debug ntp adjust 62.3 debug ntp authentication Command: debug ntp authentication no debug ntp authentication...
Page 916 Usage Guide: To display NTP authentication information, if the switch is enabled, and if the packets schlepped authentication information when the packet in sending or receiving process, then the key identifier will be printed out. Example: To enable the switch of displaying NTP authentication information. Switch# debug ntp authentication 62.4 debug ntp events Command:...
Page 917 62.5 debug ntp packet Command: debug ntp packet [send | receive] no debug ntp packet [send | receive] Function: To enable/disable the debug switch of displaying NTP packet information. Parameter: send: The debug switch of sending NTP packet. receive: The debug switch of receiving NTP packet. If there is no parameter, that means should enable the sending and receiving switch of NTP packet in the same time.
Page 918 Parameter: None. Default: Disabled. Command Mode: Admin Mode. Usage Guide: None. Example: To enable debug switch of displaying local time synchronization information. Switch# debug ntp sync 62.7 ntp access-group Command: ntp access-group server <acl> no ntp access-group server <acl> Function: To configure/cancel the access control list of NTP Server.
Page 919: Ntp Authenticate
Example: To configure access control list 2 on the switch. Switch(config)#ntp access-group server 2 62.8 ntp authenticate Command: ntp authenticate no ntp authenticate Function: To enable/cancel NTP authentication function. Parameter: None. Default: Disabled. Command Mode: Global Mode. Usage Guide: None. Example: To enable NTP authentication function.
Page 920 Function: To enable/cancel NTP authentication function, and defined NTP authentication key. Parameter: key-id: The id of key, range is from 1 to 4294967295. value: The value of key, range between 1 to 16 of ascii code. Default: The authentication key of NTP authentication is not configured by default. Command Mode: Global Mode.
Page 921: Ntp Disable
Command Mode: Global Mode. Examples: Configure the max number of broadcast servers is 70 on the switch. Switch(config)#ntp broadcast server count 70 62.11 ntp disable Command: ntp disable no ntp disable Function: To disable/enable the NTP function on port. Parameter: None.
Page 922: Ntp Enable
62.12 ntp enable Command: ntp enable ntp disable Function: To enable/disable NTP function globally. Parameter: None. Default: Disabled. Command Mode: Global Mode. Usage Guide: None. Example: To enable NTP function. Switch(config)#ntp enable 62.13 ntp ipv6 multicast client Command: ntp ipv6 multicast client no ntp ipv6 multicast client Function: Configure the specified interface to receive IPv6 NTP multicast packets, the no command will cancels the specified...
Page 923 Command mode: vlan mode Default: Interface does not receive IPv6 NTP multicast packets. Usage guide: None. Example: Enable the function for receiving IPv6 NTP multicast packets on vlan1 interface. Switch(Config)# interface vlan 1 Switch(Config-if-Vlan1)#ntp ipv6 multicast client 62.14 ntp multicast client Command: ntp multicast client no ntp multicast client...
Page 924: Ntp Server
Example: Enable the function for receiving NTP multicast packets on vlan1 interface. Switch(Config)# interface vlan 1 Switch(Config-if-Vlan1)#ntp multicast client 62.15 ntp server Command: ntp server {<ip-address> | <ipv6-address>} [version <version_no>] [key <key-id>] no ntp server {<ip-address>|<ipv6-address>} Function: To enable specified time server of time source, the no form of this command cancels the specified time server of time source.
Page 925: Show Ntp Status
62.16 ntp trusted-key Command: ntp trusted-key <key-id> no ntp trusted-key <key-id> Function: To configure the trusted key. The no command cancels the trusted key. Parameter: key-id: The id of key, range is from 1 to 4294967295. Default: Trusted key is not configured by default. Command Mode: Global Mode.
Page 926 Default: None. Command Mode: Admin and Configuration Mode. Usage Guide: None. Example: Switch# show ntp status Clock status: synchronized Clock stratum: 3 Reference clock server: 1.1.1.2 Clock offset: 0.010 s Root delay: 0.012 ms Root dispersion: 0.000 ms Reference time: TUE JAN 03 01:27:24 2006 62.18 show ntp session Command: show ntp session [<ip-address>...
Page 927 Command Mode: Admin and Configuration Mode. Usage Guide: None. Example: (Switch)# show ntp session server stream type rootdelay rootdispersion trustlevel * 1.1.1.2 unicast 0.010s 0.002s 2.2.2.2 unicast 0.005s 0.000s 62-375...
Page 928 Chapter 63 Commands for Summer Time 63.1 clock summer-time absolute Command: clock summer-time <word> absolute <HH:MM> <YYYY.MM.DD> <HH:MM> <YYYY.MM.DD> [<offset>] no clock summer-time Function: Configure summer time range, the time in this range is summer time. The no command deletes the configuration. Parameter: <word>...
Page 929 63.2 clock summer-time recurring Command: clock summer-time <word> recurring <HH:MM> <MM.DD> <HH:MM> <MM.DD> [<offset>] no clock summer-time Function: Configure the recurrent summer time range, the time in this range is summer time. Parameter: <word> is the time zone name of summer time; <HH:MM> is the start time, the format is hour (from 0 to 23):minute (from 0 to 59);...
Page 930 63.3 clock summer-time recurring Command: clock summer-time <word> recurring <HH:MM> <week> <day> <month> < HH:MM > <week> <day> <month> [<offset>] no clock summer-time Function: Configure the recurrent summer time range, the time in this range is summer time. Parameter: <word> is the time zone name of summer time; <HH:MM> is the start time, the format is hour(from 0 to 23):minute(from 0 to 59);...
Page 931 Chapter 64 Commands for DNSv4/v6 64.1 clear dynamic-host Command: clear dynamic-host {<ip-address> | <ipv6-address> | all} Function: To delete the domain entry of specified address or all address in dynamic cache. Parameter: <ip-address> is the IP address, in dotted decimal notation; <ipv6-address>...
Page 932 Function: To display the application debug information of DNS domain name resolution, the no form of this command disables the debug display. Parameter: None. Command Mode: Admin Mode. Example: Switch# debug dns all Switch# ping host www.sina.com.cn %Jan 01 00:03:13 2006 domain name www.sina.com.cn is to be parsed! %Jan 01 00:03:13 2006 Dns query type is A! %Jan 01 00:03:13 2006 Connect dns server 10.1.120.241 ..
Page 933 Command Mode: Global Mode. Default: Not configuration. Usage Guide: This command is used for configure or delete DNS server, when need to enable dynamic domain name mapping, the switch will sending a domain name search request packet to configured DNS server, the DNS server can be configured no more than 6.
Page 934 Default: Disabled. Usage Guide: This command is used to look up correspond address based on entered client name, it can look up both IPv4 and IPv6 address. This command only used for domain name mapping, it have no other application function. When command is running, interrupt is forbidding.
Page 935 64.6 show dns domain-list Command: show dns domain-list Function: To display the suffix information of configured DNS domain name. Parameter: None. Command Mode: Admin and Configuration Mode. Example: Switch# show dns domain-list DNS DOMAIN LIST: com.cn edu.cn 64.7 show dns hosts Command: show dns hosts Function:...
Page 936 Example: Switch# show dns hosts Total number of dynamic host is 2 DNS HOST LIST： Hostname Address Time to live Type www.sina.com.cn 202.108.33.32 168000 dynamic www.ipv6.org 2001:6b0:1: 168060 dynamic 64.8 show dns config Command: show dns config Function: Display the configured global DNS information on the switch. Parameter: None.
Page 937 64.9 show dns client Command: show dns client Function: Display the DNS Client information maintained by the switch. Parameter: None. Command Mode: Admin and Configuration Mode. Example: Switch(config)#show dns client DNS REQUEST LIST: Total number of dns request is 2 Address Request Id 192.168.11.141...
Page 938 Default: Disabled. Usage Guide: This command is used to enable or disable the switch DNS dynamic query function. If DNS dynamic query function is enabled, the DNS server will resolve the host name and domain name to the IPv4 or IPv6 address for requests from the clients.
Page 939 Example: To configure domain name suffix of com. Switch(config)# ip domain-list com 64.12 ip dns server Command: ip dns server no ip dns server Function: Enable/disable DNS SERVER function. Parameter: None. Command Mode: Global Mode. Default: Disabled by default. Usage Guide: After the DNS SERVER function is enabled, the switch will be able to receive and handle DNS Requests from the clients by looking up locally or forward the request to the real DNS server.
Page 940 64.13 ip dns server queue maximum Command: ip dns server queue maximum <1-5000> no ip dns server queue maximum Function: Configure the max number of client information in the switch queue. Parameter: <1-5000> the value can be 1－5000. Command Mode: Global Mode.
Page 941 Command Mode: Global Mode. Default: The default timeout value is 5s. Usage Guide: When receiving a DNS Request from a client, the switch will cache the client’s information. But the time of maintaining the client information should not exceed the configured maximum timeout value; otherwise the client’s information will be cleared out.
Page 942: Clear Logging
Chapter 65 Commands for Show 65.1 clear history all-users Command: clear history all-users Function: Clear the command history of all users saved by the switch. Command Mode: Admin mode Usage Guide: Using this command can clear the command history of all users. Example: Switch#clear history all-users 65.2 clear logging...
Page 943 Example: Clear all information in the log buffer zone sdram. Switch#clear logging sdram Related Command: show logging buffered 65.3 history all-users max-length Command: history all-users max-length <count> Function: Set the max command history of all users saved by the switch. Parameter: <count>: the command history number can be saved, ranging from 100 to 1000 Command Mode:...
Page 944 Parameter: <ipv4-addr> is the IPv4 address of the host, <ipv6-addr> is the IPv6 address of the host; <local-number> is the recording equipment of the host with a valid range of local0～local7, which is in accordance with the facility defined in the RFC3164; <severity> is the severity threshold of the log information severity level. The rule of the log information output is explained as follows: only those with a level equal to or higher than the threshold will be outputted.
Page 945 Parameter: None. Command Mode: Global mode. Default: Disable state. Usage Guide: After enable this command, the commands executed by user at the console, telnet or ssh terminal will record the log, so it should be used with the logging LOGHOST command. Example: Enable the command and send the commands executed by user into log host (10.1.1.1) Switch(Config)#logging 10.1.1.1...
Page 946 65.7 ping Command: ping [[src <source-address> ] { <destination-address> | host <hostname> }] Function: Issue ICMP request to remote devices, check whether the remote device can be reached by the switch. Parameters: <source-address> is the source IP address where the ping command is issued, with IP address in dotted decimal format.
Page 947 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms In the example above, 10.1.128.161 is configured as the source address of the ICMP echo requests, while the destination device is configured to be at 10.1.128.160. The command receives all the ICMP reply packets for all of the five ICMP echo requests.
Page 948 Parameters: <dst-ipv6-address> is the target IPv6 address of the ping command. <src-ipv6-address> is the source IPv6 address where the ping command is issued. <hostname> is the target host name of the ping command, which should not exceed 64 characters. Default: Five ICMP6 echo request will be sent by default, with default size as 56 bytes, and default timeout to be 2 seconds.
Page 949 Extended commands [n]: Type ^c to abort. Sending 5 56-byte ICMP Echos to fe80::2d0:59ff:feb8:3b27, using src address fe80::203:fff:fe0b:16e3, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/16 ms Display Information Explanation ping6 The ping6 command Target IPv6 address The target IPv6 address of the command.
Page 950: Show Debugging
Usage Guide: After implementing this command, the booting sequence of IMG files in the corresponding storage device, which IMG file is currently used in booting, the configuration information of the CFG file in the storage device and the CFG file currently booted. Example: Display the first and second IMG files and the CFG file enabled by switch.
Page 951: Show Flash
Example: Check for currently nsm debug switch state. Switch#show debugging nsm NSM debugging status Relative command: debug 65.11 show flash Command: show flash Function: Show the size of the files which are reserved in the system flash memory. Command Mode: Admin Mode and Configuration Mode.
Page 952 Usage Guide: The system holds up to 20 commands the user entered, the user can use the UP/DOWN key or their equivalent (ctrl+p and ctrl+n) to access the command history. Example: Switch#show history enable config interface ethernet 1/3 enable show ftp 65.13 show history all-users Command: show history all-users [detail]...
Page 953: Show Logging Buffered
Time Type User Command 0w 0d 0h 2m Telnet/SSH admin show history all-users detail 192.168.1.2:1419 0w 0d 0h 1m Telnet/SSH admin show history all-users 192.168.1.2:1419 0w 0d 0h 1m Console Null show history all-users 0w 0d 0h 1m Console Null 0w 0d 0h 1m Console Null...
Page 954 Example 1: Display the critical log information in the log buffer zone channel and related to the main control with index ID between 940 and 946. Switch#show logging buffered level critical range 940 946 Example 2: Display all the information which level is warning and above in the log buffer zone channel. Switch#show logging buffered level warning 65.15 show logging executed-commands state Command:...
Page 955 65.16 show logging source Command: show logging source mstp Function: Show the log information source of MSTP module. Parameters: None. Default: None. Command mode: Admin and configuration mode. Usage Guide: Check the log information source (include information channel, the information severity level) by show logging mstp command.
Page 956 Parameter: usage means memory use information. Command mode: Admin Mode Usage Guide: This command is used for switch debug purposes. The command will interactively prompt the user to enter start address of the desired information in the memory and output word number. The displayed information consists of three parts: address, Hex view of the information and character view.
Page 957 Command mode: Admin Mode Usage Guide: When the user finishes a set of configuration and needs to verify the configuration, show running-config command can be used to display the current active parameters. Example: Switch#show running-config 65.19 show running-config current-mode Command: show running-config current-mode Function: Show the configuration under the current mode.
Page 958: Show Switchport Interface
65.20 show startup-config Command: show startup-config Function: Display the switch parameter configurations written into the Flash memory at the current operation; those are usually also the configuration files used for the next power-up. Default: If the configuration parameters read from the Flash are the same as the default operating parameter, nothing will be displayed.
Page 959: Show Tcp
Example: Show VLAN messages of port ethernet 1/1. Switch#show switchport interface ethernet 1/1 Ethernet1/1 Type :Universal Mac addr num : No limit Mode :Trunk Port VID :1 Trunk allowed Vlan :ALL Displayed Information Description Ethernet1/1 Corresponding interface number of the Ethernet. Type Current interface type.
Page 960 LocalPort Local pot number of the TCP connection. ForeignAddress Remote address of the TCP connection. ForeignPort Remote port number of the TCP connection. State Current status of the TCP connection. 65.23 show tcp ipv6 Command: show tcp ipv6 Function: Show the current TCP connection. Command mode: Admin and configuration mode.
Page 961 65.24 show telnet login Command: show telnet login Function: List information of currently available telnet clients which are connected to the switch. Command Mode: Admin Mode and Configuration Mode. Usage Guide: This command used to list the information of currently available telnet clients which are connected to the switch. Example: Switch#show telnet login Authenticate login by local.
Page 962: Show Udp
65.26 show udp Command: show udp Function: Display the current UDP connection status established to the switch. Command mode: Admin Mode Example: Switch#show udp LocalAddress LocalPort ForeignAddress ForeignPort State 0.0.0.0 0.0.0.0 CLOSED 0.0.0.0 0.0.0.0 CLOSED 0.0.0.0 1985 0.0.0.0 CLOSED Displayed information Description LocalAddress Local address of the UDP connection.
Page 963 Displayed Information Explanation LocalAddress Local IPv6 address of UDP connection LocalPort Local port of UDP connection RemoteAddress Remote IPv6 address of UDP connection RemotePort Remote Port of UDP connection State The current state of UDP connection 65.28 show version Command: show version Function: Display the switch version.
Page 964 Parameter: <ipv4-addr> is the assigned source host IPv4 address in dot decimal format. <ip-addr> is the target host IP address in dot decimal format. <hostname> is the hostname for the remote host. <hops> is the maximum gateway number allowed by Traceroute command. <timeout> Is the timeout value for test packets in milliseconds, between 100 -10000.
Page 965 Usage Guide: Traceroute6 is normally used to locate destination network inaccessible failures. Example: Switch# traceroute6 2004:1:2:3::4 Relevant Command: ipv6 host 65-413...
Page 966 Chapter 66 Commands for Reload Switch after Specified Time 66.1 reload after Command: reload after {[<HH:MM:SS>] [days <days>]} Function: Reload the switch after a specified period of time. Parameters: <HH:MM:SS> the specified time, HH (hours) ranges from 0 to 23, MM (minutes) and SS (seconds) range from 0 to <days>...
Page 967: Reload Cancel
66.2 reload cancel Command: reload cancel Function: Cancel the specified time period to reload the switch. Parameters: None Command Mode: Admin mode. Usage Guide: With this command, users can cancel the specified time period to reload the switch, that is, to cancel the configuration of command “reload after”.
Page 968 Usage Guide: With this command, users can view the configuration of command “reload after” and check how long a time is left before rebooting the switch. Example: View the configuration of command “reload after”. In the following case, the user set the switch to be rebooted in 10 hours and 1 second, and there are still 9 hours 59 minutes and 48 seconds left before rebooting it.
Page 969 Chapter 67 Commands for Debugging and Diagnosis for Packets Received and Sent by 67.1 clear cpu-rx-stat protocol Command: clear cpu-rx-stat protocol[ <protocol-type> ] Function: Clear the statistics of the CPU received packets of the protocol type. Parameter: <protocol-type> is the type of the protocol of the packet, including dot1x, stp, snmp, arp, telnet, http, dhcp, igmp, Command Mode: Global Mode Usage Guide:...
Page 970 Function: Set the max rate of the CPU receiving packets of the protocol type, the no command set the max rate to default. Parameter: <protocol-type> is the type of the protocol, including dot1x, stp, snmp, arp, telnet, http, dhcp, igmp, ssh; <packets> is the max rate of CPU receiving packets of the protocol type, its range is 1-2000 pps.
Page 971 Default: 1200pps. Usage Guide: The total rate set by the command have an effect on CPU receiving packets, so it is supposed to be used with the help of the technical support. Example: Set the total rate of the CPU receive packets to 1500pps. Switch(config)#cpu-rx-ratelimit total 1500 67.4 debug driver Command:...
Page 972 67.5 show cpu-rx protocol Command: show cpu-rx protocol [ <protocol-type> ] Function: Show the statistics of the CPU received packets of the specified protocol type. Parameter: <protocol- type> is the protocol type of the packets, if do not input parameters, show all statistic packets. Command Mode: Admin and configuration mode Default:...
Page 973 Chapter 68 Commands for PoE 68.1 Commands for PoE Configuration 68.1.1 power inline dynamic detect enable Command: power inline dynamic detect enable no power inline dynamic detect enable Function: Enable/disable the dynamic detection function of POE power. Parameters: None. Default: Disable.
Page 974 68.1.2 power inline dynamic detect interval <30-300> Command: power inline dynamic detect interval <30-300> no power inline dynamic detect interval Function: Configure the dynamic detection interval of POE power of the port. Parameters: interval <30-300>, detection interval, range is from 30 to 300 and the unit is second. Default: 120s.
Page 975 Command Mode: Global Mode. Default: Disable. Usage Guide: With PoE globally disabled, there would be no power output no matter what the power state of a specified port is. Example: Globally disable PoE. Switch(Config)#no power inline enable 68.1.4 power inline enable (Port) Command: power inline enable no power inline enable...
Page 976 cut off and the corresponding LED indicator will be updated. When the PD is disconnected from the PSE normally, PSE will stop outputting power supply and update the corresponding LED indicator. Disabled: Disable power supply. With the PSE power supply disabled, no power will be output regardless of the existence of PD connections, which means the port will act as a regular Ethernet data port without affecting data transmission.
Page 977: Power Inline Legacy
Example: Enable the allowed high-inrush current when nonstandard PD is powered instantaneously. Switch(config)#power inline high-inrush enable 68.1.6 power inline legacy Command: power inline legacy enable no power inline legacy enable Function: Set whether or not to provide power supply for non-standard IEEE PD. Parameters: None.
Page 978 Parameters: max-wattage: value of the max output power, in W. Any integer from 37 to 370 is valid. Command: Global Mode. Default: The global max output power is 370W. The no power inline max will resume the default configuration. Usage Guide: Setting a global max output power can guarantee a secure power supply and an effective method to control the power consumed by connected subordinate devices.
Page 979: Power Inline Police
Usage Guide: This configuration will effectively control the output power of each port in cooperation with the global max power. Example: Set the max output power of Port 1 to 0.8W. Switch(Config)#interface ethernet 1/0/1 Switch(Config-Ethernet1/0/1)#power inline max 800 68.1.9 power inline police Command: power inline police enable no power inline police enable...
Page 980: Power Inline Priority
Example: Enable the power priority policy mode. Switch(Config)#power inline police enable 68.1.10 power inline priority Command: power inline priority {critical | high | low} Function: Set power supply priority of a port. Parameters: critical: the highest-level priority. high: high-level priority. low: low-level priority.
Page 981: Show Power Inline
68.2 Commands for PoE Monitoring and Debugging 68.2.1 Monitoring and Debugging Information 68.2.1.1 show power inline Command: show power inline Function: Display global PoE configurations and status. Parameters: None. Command Mode: Admin Mode. Default: None. Usage Guide: The meanings of each field are listed in the following table: Field Description Power Inline Status...
Page 982 Examples: Display the current global PoE status Switch#show power inline Power Inline Status: On Power Available: 370 W Power Used: 0 W Power Remaining: 370 W Min Voltage: 44 V Max Voltage: 57 V Police: Off Legacy: Off Disconnect: Ac Mode: Signal HW Version: 30 SW Version: 05.0.5...
Page 983 Usage Guide: The meaning of each field is listed in the following table. Field Description Interface Ethernet port number Status Power supply status Enable: Power supply enabled Disable: Power supply disabled Oper Working status On: PD is normally connected and powered Off: PD is not connected faulty: PD detection failed deny: not enough available power or the required power is over the limit...
Page 984 68.2.1.3 debug power inline Command: debug power inline no debug power inline Function: Enable or disable the PoE debugging. Parameters: None. Command Mode: Admin Mode. Default: None. Usage Guide: With debugging enabled, relative information will be printed in the key processes while implementing commands, for further debugging reference whenever an error occurs.

This manual is also suitable for:

Sgs-6340-48t4s Sgs-6340-24p4s Sgs-6340-20s4c4x Sgs-6340-16xr