Page 1 Dell PowerConnect 7000 Series Systems CLI Reference Guide Regulatory Model: PC7024, PC7024F, PC7024P, PC7048, PC7048P, PC7048R, and PC7048R-RA Regulatory Type: XXXXX...
Page 2 Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Contents Command Groups ....Introduction ..... . . Command Groups .
Page 4 Layer 2 Switching Commands ..AAA Commands ....Commands in this Chapter ....aaa authentication dot1x default .
Page 5 show users accounts ....show users login-history ....username .
Page 6 Address Table Commands ... Commands in this Chapter ....clear mac address-table ....mac address-table aging-time .
Page 7 show mac address-table interface ... show mac address-table static ... . . show mac address-table vlan ....show ports security .
Page 8 show isdp neighbors ....show isdp traffic ....DHCP Layer 2 Relay Commands .
Page 9 10 DHCP Management Interface Commands ..... . . Commands in this Chapter ....release dhcp .
Page 10 show ip dhcp snooping database ... show ip dhcp snooping interfaces ..show ip dhcp snooping statistics ... 12 Dynamic ARP Inspection Commands .
Page 11 logging traps ..... . . logging email message-type to-addr ..logging email from-addr .
Page 12 interface range ..........show interfaces advertise .
Page 13 ethernet cfm domain ....service ......ethernet cfm cc level .
Page 14 green-mode eee ....clear green-mode statistics ....green-mode eee-lpi-history .
Page 15 ip igmp snooping (interface) ....ip igmp snooping host-time-out ... . . ip igmp snooping leave-time-out .
Page 16 20 IP Addressing Commands ... Commands in this Chapter ....clear host ......clear ip address-conflict-detect .
Page 17 show ipv6 dhcp interface out-of-band statistics ..show ipv6 interface out-of-band ... . 21 IPv6 Access List Commands ..Commands in this Chapter .
Page 18 23 IPv6 MLD Snooping Querier Commands ..... . . Commands in this Chapter ....ipv6 mld snooping querier .
Page 19 iscsi aging time ..... iscsi cos ......iscsi enable .
Page 20 lldp med confignotification ....lldp med faststartrepeatcount ... . . lldp med transmit-tlv ....lldp notification .
Page 21 28 Multicast VLAN Registration Commands ..... . . Commands in this Chapter ....
Page 22 Enhanced LAG Hashing ....Manual Aggregation of LAGs ... . . Manual Aggregation of LAGs .
Page 23 31 QoS Commands ....Access Control Lists ....Layer 2 ACLs .
Page 24 mark ip-dscp ..... . mark ip-precedence ....match class-map .
Page 25 policy-map ......redirect ......service-policy .
Page 26 acct-port ......auth-port ......deadtime .
Page 27 33 Spanning Tree Commands ... Commands in this Chapter ....clear spanning-tree detected-protocols ..exit (mst) .
Page 28 spanning-tree mst configuration ... spanning-tree mst cost ....spanning-tree mst port-priority ... . spanning-tree mst priority .
Page 29 35 VLAN Commands ....Double VLAN Mode ....Independent VLAN Learning .
Page 30 show vlan association subnet ... . . switchport access vlan ....switchport forbidden vlan ....switchport general acceptable-frame-type tagged-only .
Page 31 36 Voice VLAN Commands ... . . Commands in this Chapter ....voice vlan ......voice vlan (Interface) .
Page 32 dot1x reauthentication ....dot1x system-auth-control monitor ..dot1x timeout guest-vlan-period ... . dot1x timeout quiet-period .
Page 33 38 Layer 3 Commands ....39 ARP Commands ....ARP Aging .
Page 34 bootfile ......clear ip dhcp binding ....clear ip dhcp conflict .
Page 35 sntp ......show ip dhcp binding ....show ip dhcp conflict .
Page 36 42 DVMRP Commands ....Commands in this Chapter ....ip dvmrp .
Page 37 ip igmp query-max-response-time ... ip igmp robustness ....ip igmp startup-query-count .
Page 38 46 IP Helper/DHCP Relay Commands ..Commands in this Chapter ....bootpdhcprelay maxhopcount ... . . bootpdhcprelay minwaittime .
Page 39 encapsulation ..... . ip address ......ip mtu .
Page 40 ipv6 pim dense ..... ipv6 pim bsr-border ....ipv6 pim bsr-candidate .
Page 41 clear ipv6 statistics 1011 ....ipv6 address 1012 ..... . ipv6 enable 1013 .
Page 42 ipv6 nd reachable-time 1028 ....ipv6 nd suppress-ra 1029 ....ipv6 route 1030 .
Page 43 show ipv6 traffic 1057 ....show ipv6 vlan 1060 ..... traceroute ipv6 1060 .
Page 44 ip pim register-rate-limit 1078 ....ip pim rp-address 1078 ....ip pim rp-candidate 1079 .
Page 45 OSPF Equal Cost Multipath (ECMP) 1098 ..Forwarding of OSPF Opaque LSAs Enabled by Default 1099 ..... . . Passive Interfaces 1099 .
Page 46 area virtual-link transmit-delay 1117 ... . auto-cost 1118 ......bandwidth 1119 .
Page 47 ip ospf retransmit-interval 1135 ....ip ospf transmit-delay 1136 ....maximum-paths 1137 .
Page 48 show ip ospf interface stats 1163 ....show ip ospf neighbor 1164 ....show ip ospf range 1167 .
Page 49 area virtual-link hello-interval 1188 ... . area virtual-link retransmit-interval 1189 ..area virtual-link transmit-delay 1190 ... . default-information originate 1191 .
Page 50 1206 ......nsf helper 1207 ......nsf helper strict-lsa-checking 1208 .
Page 51 show ipv6 ospf stub table 1231 ....show ipv6 ospf virtual-links 1232 ....show ipv6 ospf virtual-link brief 1233 .
Page 52 distribute-list out 1248 ....enable 1249 ......hostroutesaccept 1250 .
Page 53 57 Virtual Router Redundancy Protocol Commands 1267 ..... . Pingable VRRP Interface 1267 ....VRRP Route/Interface Tracking 1268 .
Page 54 show vrrp interface stats 1288 ....ip vrrp accept-mode 1289 ....show ip vrrp interface 1290 .
Page 55 http port 1309 ......https port 1309 ......show captive-portal 1310 .
Page 56 show captive-portal interface configuration status 1324 ......clear captive-portal users 1325 ....no user 1325 .
Page 57 macro global trace 1342 ....macro global description 1343 ....macro apply 1344 .
Page 58 no clock timezone 1360 ....clock summer-time recurring 1361 ... . . clock summer-time date 1362 .
Page 59 delete 1381 ......delete backup-config 1382 ....delete backup-image 1382 .
Page 60 dos-control tcpfrag 1400 ....ip icmp echo-reply 1401 ....ip icmp error-interval 1402 .
Page 61 permit (management) 1417 ....show management access-class 1419 ... show management access-list 1420 ... . 68 Mode Commands 1421 .
Page 62 passwords strength minimum lowercase-letters 1431 . . . passwords strength minimum numeric-characters 1432 ....passwords strength minimum special-characters 1433 ....passwords strength max-limit consecutive-characters 1433...
Page 63 Commands in this Chapter 1445 ....power inline 1446 ..... . power inline detection 1447 .
Page 64 show rmon collection history 1467 ... . . show rmon events 1468 ....show rmon history 1469 .
Page 65 debug ip igmp 1491 ..... debug ip mcache 1492 ....debug ip pimdm packet 1493 .
Page 66 75 Sflow Commands 1507 ....Commands in this Chapter 1507 ....sflow destination 1507 .
Page 67 snmp-server community 1529 ....snmp-server community-group 1531 ... . snmp-server contact 1532 ....snmp-server enable traps 1532 .
Page 68 show crypto key mypubkey 1554 ....show crypto key pubkey-chain ssh 1555 ..show ip ssh 1556 ..... . . user-key 1557 .
Page 69 show logging 1574 ..... . show logging file 1575 ....show syslog-servers 1576 .
Page 70 reload 1595 ......set description 1596 ..... slot 1596 .
Page 71 show tech-support 1628 ....show users 1631 ..... . . show version 1631 .
Page 72 show time-range 1653 ....83 USB Flash Drive Commands 1657 ..Validation of Files Downloaded/Uploaded from USB Device 1657 .
Page 73 common-name 1668 ..... country 1669 ......crypto certificate generate 1670 .
Page 74 Contents...
Page 75: Command Groups
Command Groups Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
Page 76: Command Groups
Command Groups The system commands can be broken down into three sets of functional groups: Layer 2, Layer 3, and Utility. Table 1-1. System Command Groups Command Group Description Layer 2 Commands Configures connection security including authorization and passwords. Configures and displays ACL information. Address Table Configures bridging address tables.
Page 77 (continued) Table 1-1. System Command Groups Command Group Description LLDP Configures and displays LLDP information. Port Channel Configures and displays Port channel information. Port Monitor Monitors activity on specific target ports. Configures and displays QoS information. Radius Configures and displays RADIUS information. Spanning Tree Configures and reports on Spanning Tree protocol.
Page 78 (continued) Table 1-1. System Command Groups Command Group Description OSPFv3 (IPv6) Manages IPv6 shortest path operations. Router Discovery Manages router discovery operations. Protocol (IPv4) Routing Information Configures RIP activities. Protocol (IPv4) Tunnel Interface (IPv6) Managing tunneling operations. Virtual Router Controls virtual LAN routing. Redundancy (IPv4) Virtual Router Manages router redundancy on the system.
Page 79: Mode Types
(continued) Table 1-1. System Command Groups Command Group Description sFlow Configures sFlow monitoring. SNMP Configures SNMP communities, traps and displays SNMP information. Configures SSH authentication. Syslog Manages and displays syslog messages. System Management Configures the switch clock, name and authorized users. Telnet Server Configures Telnet service on the switch and displays Telnet information.
Page 80 • L — Logging • LC — Line Configuration • LD — Link Dependency • MA — Management Access-level • MC — MST Configuration • MDC — Maintenance Domain Configuration • ML — MAC-List Configuration • MSC — Mail Server Configuration •...
Page 81: Layer 2 Commands
Layer 2 Commands Command Description Mode aaa authentication dot1x Specifies an authentication method for 802.1x default clients. aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authorization network Enables the switch to accept VLAN assignment default radius by the RADIUS server.
Page 82 Command Description Mode show users login-history Displays information about login histories of users. username Establishes a username-based authentication system. username password Transfers local user passwords between devices encrypted username unlock without having to know the passwords. For the meaning of each Mode abbreviation, see Mode Types on page 79. Command Description Mode...
Page 83: Address Table
Command Description Mode show mac access-list Displays a MAC access list and all of the rules that are defined for the ACL. For the meaning of each Mode abbreviation, see Mode Typeson page 79. Address Table Command Description Mode clear mac address-table Removes any learned entries from the forwarding database.
Page 84 Command Description Mode show mac address-table Displays all entries in the bridge-forwarding UE or address database for the specified MAC address. show mac address-table Displays the number of addresses present in the count Forwarding Database. show mac address-table Displays all entries in the bridge-forwarding UE or dynamic database.
Page 85 CDP Interoperability Command Description Mode clear isdp counters Clears the ISDP counters. clear isdp table Clears entries in the ISDP table. isdp advertise-v2 Enables the sending of ISDP version 2 packets from the device. isdp enable Enables ISDP on the switch. GC or isdp holdtime Configures the hold time for ISDP packets that...
Page 86: Dhcp Snooping
Command Description Mode dhcp l2relay vlan Enables the L2 DHCP Relay agent for a set of VLANs. dhcp l2relay trust Configures an interface to trust a received DHCP Option 82. For the meaning of each Mode abbreviation, see Mode Types on page 79. DHCP Management Interface Command Description...
Page 87: Dynamic Arp Inspection
Command Description Mode ip dhcp snooping database Configures the interval in seconds at which the write-delay DHCP Snooping database will be stored in persistent storage. ip dhcp snooping limit Controls the maximum rate of DHCP messages. ip dhcp snooping log- Enables logging of DHCP messages filtered by invalid the DHCP Snooping application.
Page 88 Command Description Mode ip arp inspection limit Configures the rate limit and burst interval values for an interface. ip arp inspection trust Configures an interface as trusted for Dynamic ARP Inspection. ip arp inspection validate Enables additional validation checks like source MAC address validation, destination MAC address validation or IP address validation on the received ARP packets.
Page 89: Ethernet Configuration
Command Description Mode logging email message-type Configures the To address field of the email. to-addr logging email from-addr Configures the From address of the email. logging email message-type Configures the subject. subject logging email logtime Configures the value of how frequently the queued messages are sent.
Page 90 Command Description Mode description Adds a description to an interface. duplex Configures the full/half duplex operation of a given Ethernet interface when not using auto- negotiation. flowcontrol Configures the flow control on a given interface. GC interface Enters the interface configuration mode to GC or configure parameters for an interface.
Page 91 Command Description Mode storm-control multicast Enables the switch to count Multicast packets together with Broadcast packets. storm-control unicast Enables Unicast storm control. switchport protected Sets the port to Protected mode. switchport protected name Configures a name for a protected group. show switchport protected Displays protected group/port information.
Page 92 For the meaning of each Mode abbreviation, see Mode Types on page 79. Green Ethernet Command Description Mode green-mode energy-detect Enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. green-mode eee Enables EEE low power idle mode on an interface or all the interfaces.
Page 93 Command Description Mode show green-mode interface- Displays the green-mode configuration and operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled.
Page 94 IGMP Snooping Command Description Mode ip igmp snooping (Global) In Global Config mode, Enables Internet Group Management Protocol (IGMP) snooping. ip igmp snooping Enables Internet Group Management Protocol (Interface) (IGMP) snooping on a specific VLAN. ip igmp snooping host- Configures the host-time-out. time-out ip igmp snooping leave- Configures the leave-time-out.
Page 95: Igmp Snooping Querier
IGMP Snooping Querier Command Description Mode ip igmp snooping querier Enables/disables IGMP Snooping Querier on the system (Global Configuration mode) or on VLAN a VLAN. ip igmp snooping querier Enables the Snooping Querier to participate in VLAN election participate the Querier Election process when it discovers the presence of another Querier in the VLAN.
Page 96 Command Description Mode ip domain-name Defines a default domain name to complete unqualified host names. ip host Configures static host name-to-address mapping in the host cache. ip name-server Configures available name servers. ipv6 address (Interface Sets the IPv6 address of the management Config) interface.
Page 97: Ipv6 Mld Snooping
Command Description Mode ipv6 access-list Creates an IPv6 Access Control List (ACL) consisting of classification fields defined for the IP header of an IPv6 frame. ipv6 access-list rename Changes the name of an IPv6 ACL. ipv6 traffic-filter Attaches a specific IPv6 ACL to an interface or associates it with a VLAN ID in a given direction.
Page 98 IPv6 MLD Snooping Querier Command Description Mode ipv6 mld snooping querier Enables MLD Snooping Querier on the system GC or or on a VLAN. VLAN ipv6 mld snooping querier Sets the global MLD Snooping Querier address GC or address on the system or on a VLAN. VLAN ipv6 mld snooping querier Enables the Snooping Querier to participate in...
Page 99 iSCSI Optimization Command Description Mode iscsi aging time Sets aging time for iSCSI sessions. iscsi cos Sets the quality of service profile that will be applied to iSCSI flows. iscsi enable Enables Global Configuration mode command globally enables iSCSI awareness. iscsi target port Configures an iSCSI target port (optionally configures target port address and name).
Page 100 LLDP Command Description Mode clear lldp remote-data Deletes all data from the remote data table. clear lldp statistics Resets all LLDP statistics. led med Enables/disables LLDP-MED on an interface. lldp med confignotification Enables sending the topology change notification. lldp med Sets the value of the fast start repeat count.
Page 101 Command Description Mode show lldp med local-device Displays the advertised LLDP local data in detail detail. show lldp med remote- Displays the current LLDP MED remote data. PE device show lldp remote-device Displays the current LLDP remote data. show lldp statistics Displays the current LLDP traffic statistics.
Page 102: Port Channel
Port Channel Command Description Mode channel-group Associates a port with a port-channel. interface port-channel Enters the interface configuration mode of a specific port-channel. interface range port- Enters the interface configuration mode to channel configure multiple port-channels. hashing-mode Sets the hashing algorithm on trunk ports. IC (port- channel) lacp port-priority...
Page 103 Command Description Mode assign-queue Modifies the queue ID to which the associated PCMC traffic stream is assigned. class Creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements.
Page 104 Command Description Mode mark cos Marks all packets for the associated traffic PCMC stream with the specified class of service value in the priority field of the 802.1p header. mark ip-dscp Marks all packets for the associated traffic PCMC stream with the specified IP DSCP value. mark ip-precedence Marks all packets for the associated traffic PCMC...
Page 105 Command Description Mode match ip tos Adds to the specified class definition a match condition based on the value of the IP TOS field in a packet. match protocol Adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation.
Page 106 Command Description Mode show class-map Displays all configuration information for the specified class. show classofservice dotlp- Displays the current Dot1p (802.1p) priority mapping mapping to internal traffic classes for a specific interface. show classofservice ip- Displays the current IP DSCP mapping to dscp-mapping internal traffic classes for a specific interface.
Page 107 Radius Command Description Mode aaa accounting network Enables RADIUS accounting on the switch. default start-stop group radius acct-port Sets the port that connects to the RADIUS accounting server. auth-port Sets the port number for authentication requests of the designated radius server. deadtime Improves Radius response times when a server is unavailable by causing the unavailable server to...
Page 108: Spanning Tree
Command Description Mode radius-server source-ip Specifies the source IP address used for communication with RADIUS servers. radius-server timeout Sets the interval for which a switch waits for a server host to reply. retransmit Specifies the number of times the software searches the list of RADIUS server hosts before stopping the search.
Page 109 Command Description Mode show spanning-tree Displays spanning tree settings and parameters summary for the switch. spanning tree Enables spanning-tree functionality. spanning-tree auto-portfast Sets the port to auto portfast mode. spanning-tree bpdu Allows flooding of BPDUs received on flooding nonspanning-tree ports to all other non- spanning-tree ports.
Page 110 Command Description Mode spanning-tree portfast Discards BPDUs received on spanningtree ports bpdufilter default in portfast mode. spanning-tree portfast Enables Portfast mode on all ports. default spanning-tree port-priority Configures port priority. spanning-tree priority Configures the spanning tree priority. spanning-tree tcnguard Prevents a port from propagating topology change notifications.
Page 111 VLAN Command Description Mode dvlan-tunnel ethertype Configures the EtherType for the interface. interface vlan Enters the interface configuration (VLAN) mode. interface range vlan Enters the interface configuration mode to configure multiple VLANs. mode dvlan-tunnel Enables Double VLAN tunneling on the specified interface.
Page 112 Command Description Mode switchport forbidden vlan Forbids adding specific VLANs to a port. switchport general Discards untagged frames at ingress. acceptable-frame-type tagged-only switchport general allowed Adds or removes VLANs from a port in General vlan mode. switchport general ingress- Disables port ingress filtering. filtering disable switchport general pvid Configures the PVID when the interface is in...
Page 113 Voice VLAN Command Description Mode voice vlan Enables the voice VLAN capability on the switch. voice vlan (Interface) Enables the voice VLAN capability on the interface. voice vlan data priority Trusts or not trusts the data traffic arriving on the voice VLAN port. show voice vlan Displays various properties of the voice VLAN.
Page 114 Command Description Mode dot1x timeout guest-vlan- Sets the number of seconds that the switch period waits before authorizing the client if the client is a dot1x unaware client. dot1x timeout quiet-period Sets the number of seconds the switch remains in the quiet state following a failed authentication attempt.
Page 115: Layer 3 Commands
Command Description Mode dot1x guest-vlan Sets the guest VLAN on a port. dot1x unauth-vlan Specifies the unauthenticated VLAN on a port. IC dot1x guest-vlan Defines a guest VLAN. show dot1x advanced Displays 802.1X advanced features for the switch or specified interface. radius-server attribute 4 Sets the network access server (NAS) IP address for the RADIUS server.
Page 116 Command Description Mode show arp Displays the Address Resolution Protocol (ARP) cache. show arp brief Displays the brief Address Resolution Protocol (ARP) table information. For the meaning of each Mode abbreviation, see Mode Types on page 79. DHCP Server and Relay Agent (IPv4) Command Description Mode...
Page 117 Command Description Mode ip dhcp excluded-address Excludes one or more DHCP addresses from automatic assignment. ip dhcp ping packets Configures the number of pings sent to detect if an address is in use prior to assigning an address from the DHCP pool. lease Sets the period for which a dynamically assigned DHCP address is valid.
Page 118 DHCPv6 Command Description Mode clear ipv6 dhcp Clears DHCPv6 statistics for all interfaces or for a specific interface. dns-server Sets the IPv6 DNS server address which is v6DP provided to a DHCPv6 client by the DHCPv6 server. domain-name Sets the DNS domain name which is provided v6DP to a DHCPv6 client by the DHCPv6 server.
Page 119 Command Description Mode show ip dvmrp Displays the system-wide information for DVMRP. show ip dvmrp interface Displays the interface information for DVMRP on the specified interface. show ip dvmrp neighbor Displays the neighbor information for DVMRP . PE isplays the next hop information on show ip dvmrp nexthop outgoing interfaces for routing multicast datagrams.
Page 120: Igmp Proxy
Command Description Mode ip igmp query-interval Configures the query interval for the specified interface. The query interval determines how fast IGMP Host-Query packets are transmitted on this interface. ip igmp query-max- Configures the maximum response time response-time interval for the specified interface. ip igmp robustness Configures the robustness that allows tuning of the interface.
Page 121 Command Description Mode ip igmp-proxy unsolicited- Sets the unsolicited report interval for the report-interval IGMP Proxy router. show ip igmp-proxy Displays a summary of the host interface status parameters. show ip igmp-proxy Displays a detailed list of the host interface interface status parameters.
Page 122 Command Description Mode ip dhcp relay information Enables the circuit ID option and remote agent option-insert ID mode for BootP/DHCP Relay on the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the interface (also called option 82). ip helper-address (global Configures the relay of certain UDP broadcast configuration)
Page 123 Command Description Mode ip route distance Sets the default distance (preference) for static routes. ip routing Globally enables IPv4 routing on the router. routing Enables IPv4 and IPv6 routing for an interface. IC show ip brief Displays all the summary information of the IP. PE show ip interface Displays all pertinent information about the IP interface.
Page 124 Command Description Mode ipv6 pimsm dr-priority Sets the priority value for which a router is elected as the designated router (DR). ipv6 pimsm hello-interval Administratively configures the PIM-SM Hello Interval for the specified interface. ipv6 pimsm join-prune- Administratively configures the interface interval join/prune interval for the PIM-SM router, ipv6 pimsm register-...
Page 125: Ipv6 Routing
IPv6 Routing Command Description Mode clear ipv6 neighbors Clears all entries in the IPv6 neighbor table or an entry on a specific interface. clear ipv6 statistics Clears IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces.
Page 126 Command Description Mode ipv6 mld router Enables MLD in the router in global GC or configuration mode and for a specific interface in interface configuration mode. ipv6 mtu Sets the maximum transmission unit (MTU) size, in bytes, of IPv6 packets on an interface. ipv6 nd dad attempts Sets the number of duplicate address detection probes transmitted while doing...
Page 127 Command Description Mode ping ipv6 Determines whether another computer is on the network. ping ipv6 interface Determines whether another computer is on the network using Interface keyword. show ipv6 brief Displays the IPv6 status of forwarding mode and IPv6 unicast routing mode. show ipv6 interface Shows the usability status of IPv6 interfaces.
Page 128: Loopback Interface
Command Description Mode traceroute ipv6 Discovers the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. For the meaning of each Mode abbreviation, see Mode Types on page 79. Loopback Interface Command Description Mode interface loopback...
Page 129 Command Description Mode ip pim dr-priority Administratively configures the advertised designated router (DR) priority value. ip pim hello-interval Administratively configures the PIM Hello messages on the specified interface. ip pim join-prune-interval Administratively configures the frequency of join/prune messages on the specified interface. ip pim register-rate-limit Sets a limit on the maximum number of PIM register messages sent per second for each (S,G)
Page 130 Command Description Mode show ip mcast mroute Displays the multicast configuration settings of group entries in the multicast mroute table. show ip mcast mroute Displays the multicast configuration settings of source entries in the multicast mroute table. show ip mcast mroute Displays all the static routes configured in the static static mcast table.
Page 131 Command Description Mode area nssa no-summary Configures the NSSA so that summary LSAs are ROSPF not advertised into the NSSA. area nssa translator-role Configures the translator role of the NSSA. ROSPF area nssa translator-stab- Configures the translator stability interval of the ROSPF intv NSSA.
Page 132 Command Description Mode compatible rfc1583 Enables OSPF 1583 compatibility. ROSPF default-information Controls the advertisement of default routes. ROSPF originate default-metric Sets a default for the metric of distributed routes. ROSPF distance ospf Sets the route preference value of OSPF in the ROSPF router.
Page 133 Command Description Mode maximum-paths Sets the number of paths that OSPF can report ROSPF for a given destination. Enables OSPF graceful restart. ROSPF nsf helper Allow OSPF to act as a helpful neighbor for a ROSPF restarting router. nsf helper strict-lsa- Set an OSPF helpful neighbor exit helper mode ROSPF checking...
Page 134 Command Description Mode show ip ospf database Displays information about the link state database when OSPF is enabled. show ip ospf database Displays the number of each type of LSA in the database-summary database for each area and for the router. show ip ospf interface Displays the information for the IFO object or virtual interface tables.
Page 135 Command Description Mode area nssa no-redistribute Configures the NSSA ABR so that learned ROSV3 external routes will not be redistributed to the NSSA. area nssa no-summary Configures the NSSA so that summary LSAs are ROSV3 not advertised into the NSSA. area nssa translator-role Configures the translator role of the NSSA.
Page 136 Command Description Mode exit-overflow-interval Configures the exit overflow interval for OSPF. ROSV3 external-lsdb-limit Configures the external LSDB limit for OSPF. ROSV3 ipv6 ospf Enables OSPF on a router interface or loopback interface. ipv6 ospf area Sets the OSPF area to which the specified router interface belongs.
Page 137 Command Description Mode passive-interface default Enables the global passive mode by default for all ROSV3 interfaces. redistribute Configures the OSPFv3 protocol to allow ROSV3 redistribution of routes from the specified source protocol/routers. router-id Sets a 4-digit dotted-decimal number uniquely ROSV3 identifying the Router OSPF ID.
Page 138 Command Description Mode show ipv6 ospf stub table Displays the OSPF stub table. show ipv6 ospf virtual- Displays the OSPF Virtual Interface information links for a specific area and neighbor. show ipv6 ospf virtual- Displays the OSPFV3 Virtual Interface link brief information for all areas in the system.
Page 139 Routing Information Protocol Command Description Mode auto-summary Enables the RIP auto-summarization mode. default-information Controls the advertisement of default routes. originate default-metric Sets a default for the metric of distributed routes. distance rip Sets the route preference value of RIP in the router.
Page 140 Tunnel Interface Command Description Mode interface tunnel Enables the interface configuration mode for a tunnel. show interfaces tunnel Displays the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address. tunnel destination Specifies the destination transport address of the tunnel.
Page 141 Command Description Mode vrrp preempt Sets the preemption mode value for the virtual router configured on a specified interface. vrrp priority Sets the priority value for the virtual router configured on a specified interface. vrrp timers advertise Sets the frequency, in seconds, that an interface on the specified virtual router sends a virtual router advertisement.
Page 142: Utility Commands
Utility Commands Auto-Install Command Description Mode boot auto-copy-sw Enables or disables Stack Firmware Synchronization. boot auto-copy-sw allow- Enables downgrading the firmware version on downgrade the stack member if the firmware version on the manager is older than the firmware version on the member.
Page 143 Command Description Mode https port Configures an additional HTTPS port for captive portal to monitor. show captive-portal Displays the status of captive portal. show captive-portal status Reports the status of all captive portal instances in the system. block Blocks all traffic for a captive portal configuration.
Page 144 Command Description Mode show captive-portal Displays the clients authenticated to all captive configuration client status portal configurations or a to specific configuration. show captive-portal Displays information about clients interface client status authenticated on all interfaces or a specific interface. show captive-portal Displays the clients authenticated to all captive interface configuration portal configurations or a to specific...
Page 145 Command Description Mode user group Creates a user group. user group moveusers Moves a group's users to a different group. user group name Configures a group name. For the meaning of each Mode abbreviation, see Mode Types on page 79. CLI Macro Command Description...
Page 146: Configuration And Image Files
Command Description Mode sntp client poll timer Defines polling time for the SNTP client. sntp server Configures the SNTP server to use SNTP to request and accept NTP traffic from it. sntp trusted-key Authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize.
Page 147: Denial Of Service
Command Description Mode copy Copies files from a source to a destination. delete backup-image Deletes a file from a flash memory. delete backup-config Deletes the backup configuration file. delete startup-config Deletes the startup configuration file. Prints the contents of the flash file system. erase Erases the startup configuration, the backup configuration, or the backup image.
Page 148 Command Description Mode dos-control tcpflag Enables TCP Flag Denial of Service protections. dos-control tcpfrag Enables TCP Fragment Denial of Service protection. ip icmp echo-reply Enables or disables the generation of ICMP Echo Reply messages. ip icmp error-interval Limits the rate at which IPv4 ICMP error messages are sent.
Page 149 For the meaning of each Mode abbreviation, see Mode Types on page 79. Management ACL Command Description Mode deny (management) Defines a deny rule. management access-class Defines which management access-list is used. GC management access-list Defines a management access-list, and enters the access-list for configuration.
Page 150 Command Description Mode passwords history Enables the administrator to set the number of previous passwords that are stored to ensure that users do not reuse their passwords too frequently. passwords lock-out Enables the administrator to strengthen the security of the switch by enabling the user lockout feature.
Page 151 Command Description Mode show passwords Displays the configuration parameters for configuration password configuration. show passwords result Displays the last password set result information. For the meaning of each Mode abbreviation, see Mode Types on page 79. PHY Diagnostics Command Description Mode show copper-ports tdr Displays the last TDR (Time Domain...
Page 152 power inline priority Configures the port priority level for the delivery of power to an attached device. (Ethernet) power inline priority Use this command along with the power inline management command for power enable management. power inline reset Use to reset the port. power inline usage- Configures the system power usage threshold...
Page 153: Sdm Templates
For the meaning of each Mode abbreviation, see Mode Types on page 79. SDM Templates Command Description Mode sdm prefer Changes the template that will be active after the next reboot. show sdm prefer Views the currently active SDM template and its scaling parameters, or views the scaling parameters for an inactive template.
Page 154 Command Description Mode debug ip pimsm Traces PIMSM packet reception and transmission. debug ip vrrp Enables VRRP debug protocol messages. debug ipv6 dhcp Displays debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client. debug ipv6 mcache Traces MDATAv6 packet reception and transmission.
Page 155 sFlow Command Description Mode sflow destination Configures sFlow collector parameters (owner string, receiver timeout, ip address, and port). sflow polling Enables a new sflow poller instance for the data source if rcvr_idx is valid. sflow polling (Interface Enable a new sflow poller instance for this data Mode) source if rcvr_idx is valid.
Page 156 Command Description Mode snmp-server community Sets up the community access string to permit access to SNMP protocol. snmp-server community- Maps SNMP v1 and v2 security models to the group group name. snmp-server contact Sets up a system contact (sysContact) string. snmp-server enable traps Enables SNMP traps globally or enables specific SNMP traps.
Page 157 Command Description Mode ip ssh pubkey-auth Enables public key authentication for incoming SSH sessions. ip ssh server Enables the switch to be configured from a SSH server connection. key-string Manually specifies a SSH public key. show crypto key mypubkey Displays its own SSH public keys stored on the switch.
Page 158: System Management
Command Description Mode logging console Limits messages logged to the console based on severity. logging file Limits syslog messages sent to the logging file based on severity. logging on Controls error messages logging. logging snmp Enables SNMP Set command logging. logging web-session Enables web session logging.
Page 159 Command Description Mode initiate failover Forces failover of management unit. locate Locates a switch by LED blinking. login-banner Enables login banner on the console, telnet, or SSH connection. media-type Selects the media-type for the interface. This command only valid on combo ports. member Configures the switch.
Page 160 Command Description Mode show sessions Displays a list of the open telnet sessions to remote hosts. show slot Displays information about all the slots in the system or for a specific slot. show supported Displays information about all card types cardtype supported in the system.
Page 161: Telnet Server
Telnet Server Command Description Mode ip telnet server disable Enables/disables the Telnet service on the switch. ip telnet port Configures the Telnet service port number on the switch. show ip telnet Displays the status of the Telnet server and the Telnet service port number.
Page 162: User Interface
Command Description Mode show usb Displays the USB flash device details. dir usb Displays the USB device contents and memory statistics. For the meaning of each Mode abbreviation, see Mode Types. User Interface Command Description Mode enable Enters the privileged EXEC mode. Gets the CLI user control back to the privileged execution mode or user execution mode.
Page 163 Command Description Mode ip http port Specifies the TCP port for use by a web browser to configure the switch. ip http server Enables the switch to be configured from a browser. ip http secure-certificate Configures the active certificate for HTTPS. ip http secure-port Configures a TCP port for use by a secure web browser to configure the switch.
Page 164 Command Groups...
Page 165: Using The Cli
Using the CLI Introduction This chapter describes the basics of entering and editing the Dell PowerConnect 70xx Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
Page 166 Partial keyword lookup — A command is incomplete and the <?> key is • entered in place of a parameter. The matched parameters for this command are displayed. The following features and conventions are applicable to CLI command entry and editing: •...
Page 167 Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall <Ctrl>+<P> successively older commands. Down-arrow key Returns to more recent commands in the history buffer after recalling commands with the up-arrow key.
Page 168 Short Form Commands The CLI supports the short forms of all commands. As long as it is possible to recognize the entered command unambiguously, the CLI accepts the short form of the command as if the user typed the full command. Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands.
Page 169 Table 2-2. CLI Shortcuts Keyboard Key Description <Delete, Backspace> Delete previous character <Ctrl>+<A> Go to beginning of line <Ctrl>+<E> Go to end of line <Ctrl>+<F> Go forward one character <Ctrl>+<B> Go backward one character <Ctrl>+<D> Delete current character <Ctrl>+<U,X> Delete to beginning of line <Ctrl>+<K>...
Page 170 The range key word is used to identify the range of objects on which to • operate. • The range may be specified in the following manner: (#-#) — a range from a particular instance to another instance (inclusive). For example, 1/0/1-10 indicates that the operation applies to the gigabit Ethernet ports 1 to 10 on unit 1.
Page 171: Interface Naming Conventions
Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the <!> character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.
Page 172 • <Interface Type> Unit#/Slot#/Port# — Identifies a specific interface by the interface type tag followed by the Unit# followed by a / symbol, then the Slot# followed by a / symbol, and then the Port#. For example, gi2/0/10 identifies the gigabit port 10 in slot 0 within the second unit on a non-blade switch.
Page 173 Table 2-4. Interface Identifiers Interface Type Long Form Short Form Identifier Fast Ethernet fastethernet unit/slot/port Gigabit Ethernet gigabitethernet unit/slot/port 10-Gigabit tengigabitethernet te unit/slot/port Ethernet Loopback loopback loopback-id (0-7) Port Channel port-channel port-channel-number Tunnel tunnel tunnel-id (0-7) Vlan vlan vlan-id (1-4093) When listed in command line output, gigabit Ethernet interfaces are preceded by the characters , and ten-gigabit Ethernet interfaces are...
Page 174 --------------- ------------- -------------- default Po1-48, Default Gi1/0/1-24 Example #3 console#show slot 1/0 Slot......1/0 Slot Status....... Full Admin State....... Enable Power State....... Enable Inserted Card: Model Identifier....PowerConnect 7024F Card Description....Dell 24 Port Fiber Configured Card: Using the CLI...
Page 175: Cli Command Modes
Model Identifier....PowerConnect 7024F Card Description....Dell 24 Port Fiber Pluggable......No Power Down......No console#show slot 1/2 Slot......1/2 Slot Status....... Empty Admin State....... Disable Power State....... Disable Pluggable......Yes Power Down......No CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access.
Page 176 Utility describes commands used to manage the switch. Commands that cause specific actions to be taken immediately by the system and do not directly affect the system configurations are defined at the top of the command tree. For example, commands for rebooting the system or for downloading or backing up the system configuration files are placed at the top of the hierarchy tree.
Page 177 console> The default host name is Console unless it has been changed using the hostname command in the Global Configuration mode. Privileged EXEC Mode Because many of the privileged commands set operating parameters, privileged access is password-protected to prevent unauthorized use. The password is not displayed on the screen and is case sensitive.
Page 178 VLAN Database — Contains commands to create a VLAN as a whole. • The Global Configuration mode command vlan database is used to enter the VLAN Database mode. Router OSPF Configuration — Global configuration mode command • router ospf is used to enter into the Router OSPF Configuration mode. •...
Page 179 member ports as a single entity. The Global Configuration mode port-channel-number is used to enter command interface port-channel the Port Channel mode. Tunnel — Contains commands to manage tunnel interfaces. The Global • Configuration mode command interface tunnel enters the Tunnel Configuration mode to configure an tunnel type interface.
Page 180 device name command mode- object ][([ ]])][# | >] device name ] — is the name of the managed switch, which is typically the user-configured hostname established by the hostname command. command mode ] — is the current configuration mode and is omitted for the top configuration levels.
Page 181 Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode User EXEC The user is logout console> automatically in User EXEC mode unless the user is defined as a privileged user. Privileged EXEC Use the enable Use the exit console# command to enter...
Page 182 Command Mode Access Method Command Prompt Exit or Access Previous Mode Policy-Class-Map From Global To exit to Global console(config-policy- classmap)# Configuration Configuration mode, use the mode, use the policy-map class exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode. Class-Map From Global To exit to Global...
Page 183 Command Mode Access Method Command Prompt Exit or Access Previous Mode SSH Public Key From the SSH To return to the console(config-pubkey-key)# String Public Key- Chain SSH Public key- mode, use the user- chain mode, use user name key < the exit >...
Page 184 Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP v3 Host From Global To exit to Global console(config-snmp)# Configuration Configuration Configuration mode, use the mode, use the snmp-server v3-host exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode.
Page 185 Command Mode Access Method Command Prompt Exit or Access Previous Mode Stack From Global To exit to Global console(config-stack)# Configuration Configuration mode, use the stack mode, use the exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode. Logging From Global To exit to Global console(config-logging)# Configuration...
Page 186 Command Mode Access Method Command Prompt Exit or Access Previous Mode Router OSPF From Global To exit to Global console(config-router)# Conf Configuration Configuration mode, use the mode, use the router ospf exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode Router RIP From Global To exit to Global...
Page 187 Command Mode Access Method Command Prompt Exit or Access Previous Mode Gigabit Ethernet From Global To exit to Global console (config-if- unit/slot/port Configuration Configuration mode, use the mode, use the interface exit command, gigabitethernet or press command. Or, use <Ctrl>+<Z> the abbreviation to Privileged interface gi.
Page 188: Starting The Cli
Command Mode Access Method Command Prompt Exit or Access Previous Mode tunnel- Tunnel From Global To exit to Global console(config-tunnel Configuration Configuration mode, use the mode, use the interface tunnel exit command, command. Or, use or press the abbreviation <Ctrl>+<Z> interface tu.
Page 189 Web, CLI and the remote Dell Network Manager. After initial setup, the user may enter to the system to set up more advanced configurations.
Page 190 If the user chooses not to use the wizard initially, the session defaults to the CLI mode with a warning to refer the documentation. During a subsequent login, the user may again elect not to run the setup wizard. Once the wizard has established configuration, however, the wizard is presented only if the user resets the switch to the factory default settings.
Page 191 Figure 2-1. Easy Setup Wizard Did the user Transfer to CLI mode previously save a startup configuration? Does the user want Transfer to CLI mode to use setup wizard? Request SNMP Is SNMP Management Community String & Required? Server IP Address Request user name, password Request IP Address, Network...
Page 192 A default gateway address is configured. The following example contains the sequence of prompts and responses associated with running an example Dell Easy Setup Wizard session, using the input values listed above. Note in this case a static IP address for the management interface is being set up.
Page 193 IP address and the "community string" or password that the particular management system uses to access the switch. The wizard automatically assigns the highest access level [Privilege Level 15] to this account. You can use Dell Using the CLI...
Page 194 Network Manager or other management interfaces to change this setting, and to add additional management system later. For more information on adding management systems, see the user documentation. To add a management station: Please enter the SNMP community string to be used. {public}: public<Enter>...
Page 195 Optionally you may request that the system automatically retrieve an IP address from the network via DHCP (this requires that you have a DHCP server running on the network). To setup an IP address: Please enter the IP address of the device (A.B.C.D) or enter "DHCP"...
Page 196: Using Cli Functions And Tools
Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode..console> Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions.
Page 197 Table 2-6. File System Commands Command Description file delete Deletes file. file description filedescr Adds a description to a file (up to 20 characters can be used). source destination copy Copies a file from source file to destination file. Copying Files The copy command not only provides a method for copying files within the file system, but also to and from remote servers.
Page 198 Special System Files The following special filenames are used to refer to special virtual system files, which are under control of the system and may not be removed or added. These file names are reserved and may not be used as user-defined files. When the user copies a local source file into one of these special files and the source file has an attached file description, it also is copied as the file description for the special file.
Page 199 • The CLI is accessible from remote telnet through the IP address for the switch. IP addresses are assigned separately for the service port and the in- band ports. • The CLI is accessible from a secure shell interface. • The CLI generates keys for SSH locally.
Page 200 When Radius is used, the field returns the access level for the user. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). TACACS+ provides the appropriate level of access. The following rules and specifications apply: •...
Page 201 Syslogs The CLI uses syslog support to send logging messages to a remote syslog server. The user configures the switch to generate all logging messages to a remote log server. If no remote log server exists, then the CLI maintains a rolling log of at most the last 1000 critical system events.
Page 202 this case, the CLI suppresses repeated events from the same source and instead the CLI records one event within a period of time and includes that count as part of the log. Management ACL In addition to user access control, the system also manages access for in-band interfaces.
Page 203 • Operational code date • The board type • The CPU • Memory size To start the normal booting process, select item 1 in the Boot Menu. The following is a sample log for booting information. Boot Menu 4.1.0.6 CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ...
Page 204 - volume Id: 0xbb - total number of sectors: 124,408 - bytes per sector: - # of sectors per cluster: 4 - # of reserved sectors: 1 - FAT entry size: FAT16 - # of sectors per FAT copy: 122 - # of FAT table copies: 2 - # of hidden sectors: - first cluster is in sector # 260...
Page 205 Adding 0 symbols for standalone. CFI Probe: Found 2x16 devices in x16 mode volume descriptor ptr (pVolDesc): 0x5157150 XBD device block I/O handle: 0x10001 auto disk check on mount: DOS_CHK_REPAIR |DOS_CHK_VERB_2 volume write mode: copyback (DOS_WRITE) volume options: max # of simultaneously open files: 52 file descriptors in use: # of different files in use: # of descriptors for deleted files: 0...
Page 206 PCI unit 0: Dev 0xb634, Rev 0x11, Chip BCM56634_B0, Driver BCM56634_B0 SOC unit 0 attached to PCI device BCM56634_B0 soc_reset_bcm56634_a0: TCAM PLL not locked. Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX hpc - No stack ports. Starting in stand-alone mode. Instantiating /download as rawFs, device = 0x20001 Formatting /download for DOSFS Instantiating /download as rawFs, device = 0x20001...
Page 207 Options available - Start operational code - Change baud rate - Retrieve event log using XMODEM - Load new operational code using XMODEM - Display operational code vital product data - Abort boot code update - Update boot code - Delete backup image - Reset the system 10 - Restore configuration to factory defaults (delete config files)
Page 208 7 - 57600 8 - 115200 0 - no change Baud rate is not changed [Boot Menu] 3 Sending event log, start XMODEM receive..File asciilog.bin Ready to SEND in binary mode Estimated File Size 0K, 12 Sectors, 89 Bytes Estimated transmission time 14 seconds Send several Control-X characters to cancel before transfer starts.
Page 209 The following image is in the Flash File System: File Name........image2 CRC..........0x3431 (13361) Target Device........0x00508548 Size...........0xc178 dc (12679388) Number of Components......3 Operational Code Size......0xa73af4 (10959604) Operational Code Offset......0x74 (116) Operational Code FLASH flag....1 Operational Code CRC......0x20E7 Operational Compression flag....2 (lzma) Boot Code Version......1 Boot Code Size.........0x100000...
Page 210 VPD - rel 4 ver 1 maint_lvl 0 build_num 6 Timestamp - Mon Feb 28 16:43:14 2011 File - PC7000_M6348v4.1.0.6.opr [Boot Menu] 6 [Boot Menu] 7 Do you wish to update Boot Code and reset? (y/n) y Validating image2..OK Extracting boot code from image...CRC valid Erasing Boot Flash..Done.
Page 211 Wrote 0xb0000 bytes. Wrote 0xc0000 bytes. Wrote 0xd0000 bytes. Wrote 0xe0000 bytes. Wrote 0xf0000 bytes. Wrote 0x100000 bytes. Validating Flash..Passed Flash update completed. Rebooting... CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ... /DskVol// - Volume is OK Change volume Id from 0x0 to 0x79...
Page 212 # of descriptors for deleted files: # of obsolete descriptors: current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0x79 - total number of sectors: 124,408 - bytes per sector: - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: FAT16...
Page 213 Select (1, 2):2 Boot Menu 4.1.0.6 Options available - Start operational code - Change baud rate - Retrieve event log using XMODEM - Load new operational code using XMODEM - Display operational code vital product data - Abort boot code update - Update boot code - Delete backup image - Reset the system...
Page 214 [Boot Menu] 10 Are you SURE you want to delete the configuration? (y/n):y [Boot Menu] 11 Backup image - image1 activated. [Boot Menu] 12 Operational Code Date: Mon Feb 28 16:43:14 2011 Uncompressing..Bulk Class Driver Successfully Initialized Adding 0 symbols for standalone. CFI Probe: Found 2x16 devices in x16 mode volume descriptor ptr (pVolDesc): 0x5157150...
Page 215 volume write mode: copyback (DOS_WRITE) volume options: max # of simultaneously open files: file descriptors in use: # of different files in use: # of descriptors for deleted files: # of obsolete descriptors: current volume configuration: - volume label: NO LABEL ; (in boot sector: ) - volume Id: 0x79 - total number of sectors:...
Page 216 SOC unit 0 attached to PCI device BCM56634_B0 soc_reset_bcm56634_a0: TCAM PLL not locked. Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX Instantiating /download as rawFs, device = 0x20001 Formatting /download for DOSFS Instantiating /download as rawFs, device = 0x20001 Formatting...OK.
Page 217 [ctrl+z]. Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N] n Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode. Applying Interface configuration, please wait ...
Page 218 Management switch has unsaved changes. Are you sure you want to continue? (y/n) y Configuration Not Saved! Are you sure you want to reload the stack? (y/n) y Reloading all switches. Boot Menu 4.1.0.6 CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ...
Page 219 /DskVol//files/ssh_host_rsa_key /DskVol//files/log2.bin /DskVol//files/hpc_broad.cfg /DskVol//files/slog0.txt /DskVol//files/olog0.txt /DskVol//files/sslt.rnd /DskVol// - Volume is OK volume descriptor ptr (pVolDesc): 0x814cf10 XBD device block I/O handle: 0x10001 auto disk check on mount: DOS_CHK_REPAIR |DOS_CHK_VERB_2 volume write mode: copyback (DOS_WRITE) volume options: max # of simultaneously open files: file descriptors in use: # of different files in use: # of descriptors for deleted files:...
Page 220 - bytes per sector: - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: FAT16 - # of sectors per FAT copy: - # of FAT table copies: - # of hidden sectors: - first cluster is in sector # - Update last access date for open-read-close = FALSE Boot Menu 4.1.0.6 Select an option.
Page 221 - Display operational code vital product data - Abort boot code update - Update boot code - Delete backup image - Reset the system 10 - Restore configuration to factory defaults (delete config files) 11 - Activate Backup Image 12 - Password Recovery Procedure 13 - Reformat and restore file system [Boot Menu] 13 Instantiating /RamDisk/ as rawFs,...
Page 222 copying file /DskVol/files/dh512.pem -> /RamDisk/dh512.pem copying file /DskVol/files/dh1024.pem -> /RamDisk/dh1024.pem copying file /DskVol/files/sslt_cert1.pem -> /RamDisk/sslt_cert1.pem copying file /DskVol/files/sslt_key1.pem -> /RamDisk/sslt_key1.pem copying file /DskVol/files/ssh_host_key -> /RamDisk/ssh_host_key copying file /DskVol/files/ssh_host_dsa_key -> /RamDisk/ssh_host_dsa_key copying file /DskVol/files/ssh_host_rsa_key -> /RamDisk/ssh_host_rsa_key image2 12679504 11/15/113 9:30:36 hpc_broad.cfg 11/15/113 10:04:30 boot.dim...
Page 223 ssh_host_dsa_key 5/30/113 0:20:24 ssh_host_rsa_key 5/30/113 0:20:24 Filesystem size 25484288 Bytes used 12683956 Bytes free 12800332 Erasing FFS: CFI Probe: Found 2x16 devices in x16 mode Formatted 1 of 251 units = 0.3 % Formatted 2 of 251 units = 0.7 % Formatted 3 of 251 units = 1.1 % Formatted 4 of 251 units = 1.5 % Formatted 5 of 251 units = 1.9 %...
Page 224 Formatted 19 of 251 units = 7.5 % Formatted 20 of 251 units = 7.9 % Formatted 21 of 251 units = 8.3 % Formatted 22 of 251 units = 8.7 % Formatted 23 of 251 units = 9.1 % Formatted 24 of 251 units = 9.5 % Formatted 25 of 251 units = 9.9 % Formatted 26 of 251 units = 10.3 %...
Page 225 Formatted 45 of 251 units = 17.9 % Formatted 46 of 251 units = 18.3 % Formatted 47 of 251 units = 18.7 % Formatted 48 of 251 units = 19.1 % Formatted 49 of 251 units = 19.5 % Formatted 50 of 251 units = 19.9 % Formatted 51 of 251 units = 20.3 % Formatted 52 of 251 units = 20.7 %...
Page 226 Formatted 71 of 251 units = 28.2 % Formatted 72 of 251 units = 28.6 % Formatted 73 of 251 units = 29.0 % Formatted 74 of 251 units = 29.4 % Formatted 75 of 251 units = 29.8 % Formatted 76 of 251 units = 30.2 % Formatted 77 of 251 units = 30.6 % Formatted 78 of 251 units = 31.0 %...
Page 227 Formatted 97 of 251 units = 38.6 % Formatted 98 of 251 units = 39.0 % Formatted 99 of 251 units = 39.4 % Formatted 100 of 251 units = 39.8 % Formatted 101 of 251 units = 40.2 % Formatted 102 of 251 units = 40.6 % Formatted 103 of 251 units = 41.0 % Formatted 104 of 251 units = 41.4 %...
Page 228 Formatted 123 of 251 units = 49.0 % Formatted 124 of 251 units = 49.4 % Formatted 125 of 251 units = 49.8 % Formatted 126 of 251 units = 50.1 % Formatted 127 of 251 units = 50.5 % Formatted 128 of 251 units = 50.9 % Formatted 129 of 251 units = 51.3 % Formatted 130 of 251 units = 51.7 %...
Page 229 Formatted 149 of 251 units = 59.3 % Formatted 150 of 251 units = 59.7 % Formatted 151 of 251 units = 60.1 % Formatted 152 of 251 units = 60.5 % Formatted 153 of 251 units = 60.9 % Formatted 154 of 251 units = 61.3 % Formatted 155 of 251 units = 61.7 % Formatted 156 of 251 units = 62.1 %...
Page 230 Formatted 175 of 251 units = 69.7 % Formatted 176 of 251 units = 70.1 % Formatted 177 of 251 units = 70.5 % Formatted 178 of 251 units = 70.9 % Formatted 179 of 251 units = 71.3 % Formatted 180 of 251 units = 71.7 % Formatted 181 of 251 units = 72.1 % Formatted 182 of 251 units = 72.5 %...
Page 231 Formatted 201 of 251 units = 80.0 % Formatted 202 of 251 units = 80.4 % Formatted 203 of 251 units = 80.8 % Formatted 204 of 251 units = 81.2 % Formatted 205 of 251 units = 81.6 % Formatted 206 of 251 units = 82.0 % Formatted 207 of 251 units = 82.4 % Formatted 208 of 251 units = 82.8 %...
Page 232 Formatted 227 of 251 units = 90.4 % Formatted 228 of 251 units = 90.8 % Formatted 229 of 251 units = 91.2 % Formatted 230 of 251 units = 91.6 % Formatted 231 of 251 units = 92.0 % Formatted 232 of 251 units = 92.4 % Formatted 233 of 251 units = 92.8 % Formatted 234 of 251 units = 93.2 %...
Page 233 CFI Probe: Found 2x16 devices in x16 mode Recreating FFS: CFI Probe: Found 2x16 devices in x16 mode /DskVol/: file system is marked clean, skipping check volume descriptor ptr (pVolDesc): 0x9a67710 XBD device block I/O handle: 0x40001 auto disk check on mount: DOS_CHK_REPAIR |DOS_CHK_VERB_2 volume write mode:...
Page 234 - # of sectors per FAT copy: - # of FAT table copies: - # of hidden sectors: - first cluster is in sector # - Update last access date for open-read-close = FALSE done Filesystem size 63567872 Bytes used Bytes free 63567872 copying file /RamDisk/image1 ->...
Page 235 copying file /RamDisk/dh1024.pem -> /DskVol/files/dh1024.pem copying file /RamDisk/sslt_cert1.pem -> /DskVol/files/sslt_cert1.pem copying file /RamDisk/sslt_key1.pem -> /DskVol/files/sslt_key1.pem copying file /RamDisk/ssh_host_key -> /DskVol/files/ssh_host_key copying file /RamDisk/ssh_host_dsa_key -> /DskVol/files/ssh_host_dsa_key copying file /RamDisk/ssh_host_rsa_key -> /DskVol/files/ssh_host_rsa_key image2 12679504 11/15/113 9:30:36 hpc_broad.cfg 11/15/113 10:04:30 boot.dim 4/22/105 8:00:02 dh512.pem 5/30/113 0:20:24...
Page 236 ssh_host_dsa_key 5/30/113 0:20:24 ssh_host_rsa_key 5/30/113 0:20:24 Filesystem size 63567872 Bytes used 12683956 Bytes free 50883916 [Boot Menu] Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system.
Page 237: Layer 2 Switching Commands
Layer 2 Switching Commands The chapters that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
Page 238 Layer 2 Switching Commands...
Page 239: Aaa Commands
AAA Commands Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in SNMP Commands). To ensure that only authorized users can access and change the configuration of the switch, users must be authenticated. Users can be authenticated based on: •...
Page 240: Commands In This Chapter
support the concept of timeout, subsequent entries in the list are never attempted. For example, the local authentication method implementation does not supply a time-out value. If a list contains the local method, followed by the radius authentication method, the radius method is not attempted. Once an APL is created, a reference to that APL can be stored in the access line configuration to determine how specific components should authenticate users.
Page 241 Syntax aaa authentication dot1x default {radius| ias|local|none} no aaa authentication dot1x default Parameter Description Parameter Description radius Uses the list of all authenticationservers for authentication. Uses the internal authentication server. local Use the local authentication method. none Uses no authentication. Default Configuration No default authentication method is defined.
Page 242: Aaa Authentication Enable
console(config)#aaa authentication dot1x default radius aaa authentication enable Use the aaa authentication enable command in Global Configuration mode to set authentication for accessing higher privilege levels. To return to the default configuration, use the no form of this command. Syntax list-name method1 method2...
Page 243: Aaa Authentication Login
User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command. list-name method Create a list by entering the aaa authentication enable list-name command where is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries in the given sequence.
Page 244 list-name no aaa authentication login {default | default — Uses the listed authentication methods that follow this • argument as the default list of methods when a user logs in. list-name — Character string used to name the list of authentication •...
Page 245: Aaa Authorization Network Default Radius
the final method in the command line. For example, if none is specified as an authentication method after radius, no authentication is used if the RADIUS server is down. Example The following example configures authentication login. console(config)# aaa authentication login default radius local enable none aaa authorization network default radius Use the aaa authorization network default radius command in Global...
Page 246: Aaa Ias-User Username
aaa ias-user username Use the aaa ias-user username command in Global Configuration mode to configure IAS users and their attributes. Username and password attributes are supported. The ias-user name is composed of up to 64 alphanumeric characters. This command also changes the mode to a user config mode. Use the no form of this command to remove the user from the internal user database.
Page 247: Aaa New-Model
aaa new-model The aaa new-model command in Global Configuration mode is a no-op command. It is present only for compatibility purposes. PowerConnect switches only support the new model command set. Syntax aaa new-model Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 248: Enable Authentication
Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#clear aaa ias-users enable authentication Use the enable authentication command in Line Configuration mode to specify the authentication method list when accessing a higher privilege level from a remote telnet or console.
Page 249: Enable Password
Command Mode Line Configuration mode User Guidelines Use of the no form of the command does not disable authentication. Instead, it sets the authentication list to the default list (same as enable authentication default). Example The following example specifies the default authentication method when accessing a higher privilege level console.
Page 250: Ip Http Authentication
User Guidelines The 4.x firmware emulates industry standard behavior for enable mode authentication over SSH and telnet. In 4.x, the default enable authentication method for telnet and SSH uses the enableNetList method, which requires an enable password. If users are unable to enter privileged mode when accessing the switch via telnet or SSH, the administrator will need to either change the enable authentication method, e.g.
Page 251: Ip Https Authentication
Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 252: Login Authentication
Default Configuration The local user database is checked. This action has the same effect as the command ip https authentication local. Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 253: Password (Aaa Ias User Configuration)
Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies the default authentication method for a console. console(config)# line console console(config-line)# login authentication default password (aaa IAS User Configuration) Use the password command in aaa IAS User Configuration mode to configure a password for a user.
Page 254 User Guidelines This command has no user guidelines. Example console#configure console(config)#aaa ias-user username client-1 console(Config-IAS-User)#password client123 console(Config-IAS-User)#no password Example of a adding a MAB Client to the Internal user database: console#configure console(config)#aaa ias-user username 1f3ccb1157 console(Config-IAS-User)#password 1f3ccb1157 console(Config-IAS-User)#exit console(config)# password (Line Configuration) Use the password command in Line Configuration mode to specify a password on a line.
Page 255: Password (User Exec)
Default Configuration No password is specified. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies a password "mcmxxyyy" on a line. console(config-line)# password mcmxxyyy password (User EXEC) Use the password command in User EXEC mode to allow a currently logged in user to change the password for only that user without having read/write privileges.
Page 256: Show Aaa Ias-Users
User Guidelines This command has no user guidelines. Example The following example shows the prompt sequence for executing the password command. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show aaa ias-users Use the show aaa ias-users command in Privileged EXEC mode to display configured IAS users and their attributes.
Page 257: Show Authentication Methods
Example console#show aaa ias-users UserName ------------------- Client-1 Client-2 Following are the IAS configuration commands shown in the output of the show running-config command. Passwords shown in the command output are always encrypted. aaa ias-user username client-1 password a45c74fdf50a558a2b5cf05573cd633bac2c6c598d54497ad4c46 104918f2c encrypted exit show authentication methods Use the show authentication methods command in Privileged EXEC mode...
Page 258: Show Users Accounts
Example The following example displays the authentication configuration. console#show authentication methods Login Authentication Method Lists --------------------------------- defaultList : none networkList local Enable Authentication Method Lists ---------------------------------- enableList : enable none enableNetList enable Line Login Method List Enable Method List ------- ----------------- ------------------ Console...
Page 259 Syntax show users accounts Parameter Description The following fields are displayed by this command. Parameter Description User Name Local user account’s user name. Privilege User’s access level (read only or read/write). Lockout Status Indicates whether the user account is locked out or not. Password Expiration Date Current password expiration date in date format.
Page 260: Show Users Login-History
admin False guest False brcm1 False console#show users accounts long User Name ------------ thisisaverylongusernameitisquitelong show users login-history Use the show users login-history command in Global Configuration mode to display information about the login history of users. Syntax show users login-history [long] name —...
Page 261: Username
console#show users login-history Login Time Username Protocol Location -------------------- --------- --------- ----------- Jan 19 2005 08:23:48 Serial Jan 19 2005 08:29:29 Robert HTTP 172.16.0.8 Jan 19 2005 08:42:31 John 172.16.0.1 Jan 19 2005 08:49:52 Betty Telnet 172.16.1.7 username Use the username command in Global Configuration mode to add a new user to the local user database.
Page 262: Username Password Encrypted
Parameter Description level The user level. Level 0 can be assigned by a level 15 user to another user to suspend that user’s access. Range: 0-15. Enter access level 1 for Read Access or 15 for Read/Write Access. encrypted Encrypted password entered, copied from another switch configuration.
Page 263 username exactly 128 hexadecimal characters. The user represented by the parameter must be a pre-existing local user. If the password strength feature is enabled, it checks for password strength and returns an appropriate error if it fails to meet the password strength criteria. Syntax name password...
Page 264: Username Unlock
Message Type Message Description Reason behind the failure Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command. Password should contain Minimum <number>...
Page 265 Syntax username username unlock Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. AAA Commands...
Page 266 AAA Commands...
Page 267: Acl Commands
ACL Commands Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
Page 268 classifier rule. The ACL logging feature allows these hardware hit counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The PowerConnect ACL permit/deny rule specification supports a log parameter that enables hardware hit count collection and reporting.
Page 269 Table 5-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3)
Page 270: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: access-list mac access-list extended rename deny | permit (IP ACL) service-acl input deny | permit (Mac-Access-List- show service-acl interface Configuration) ip access-group show ip access-lists mac access-group show mac access-list mac access-list extended access-list Use the access-list command in Global Configuration mode to create an...
Page 271 Parameter Description Parameter Description list-name Access-list name up to 31 characters in length. deny permit Specifies whether the IP ACL rule permits or denies an action. every Allows all protocols. Equal. Refers to the Layer 4 port number being used as match criteria.
Page 272: Deny | Permit (Ip Acl)
Command Mode Global Configuration mode User Guidelines Access list names can consist of any printable character. Names can be up to 31 characters in length. Examples The following examples create an ACL to discard any HTTP traffic from 192.168.77.171, but allow all other traffic from 192.168.77.171: console(config)#access-list alpha deny ip 192.168.77.171 0.0.0.0 0.0.0.0 255.255.255.255 eq http...
Page 273 number srcip {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | srcmask portkey 0-65535 dstip dstmask portkey 0-65535 [{eq { [{eq { precedence tos tosmask dscp [precedence | tos | dscp ] [log] [time-range time-range-name queue-id interface-id...
Page 274: Deny | Permit (Mac-Access-List-Configuration)
Ethertype Protocol 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.1x) 0x88CC Link Layer Discovery Protocol 0x8906 Fibre Channel over Ethernet 0x8914 FCoE Initialization Protocol 0x9100 Q in Q deny permit (Mac-Access-List-Configuration) Use the deny command in Mac-Access-List Configuration mode to deny traffic if the conditions defined in the deny statement are matched.
Page 275 Parameter Description Parameter Description srcmac Valid source MAC address in format xxxx.xxxx.xxxx. srcmacmask Valid MAC address bitmask for the source MAC address in format xxxx.xxxx.xxxx. Packets sent to or received from any MAC address dstmac Valid destination MAC address in format xxxx.xxxx.xxxx. destmacmask Valid MAC address bitmask for the destination MAC address in format xxxx.xxxx.xxxx.
Page 276: Ip Access-Group
Default Configuration This command has no default configuration. Command Mode Mac-Access-List Configuration mode User Guidelines The no form of this command is not supported, as the rules within an ACL cannot be deleted individually. Rather the entire ACL must be deleted and respecified.
Page 277: Mac Access-Group
direction — Direction of the ACL. (Range: in or out. Default is in.) • seqnum — Precedence for this interface and direction. A lower sequence • number has higher precedence. Range: 1 – 4294967295. Default is1. Default Configuration This command has no default configuration. Command Mode Global Configuration and Interface Configuration (Ethernet, VLAN, or Port Channel) modes...
Page 278: Mac Access-List Extended
• direction — Only the in-bound direction is supported. • sequence — Order of access list relative to other access lists already assigned to this interface and direction. (Range: 1-4294967295) Default Configuration The default direction is in (in-bound). Command Mode Global Configuration mode or Interface Configuration (Ethernet, VLAN or Port Channel) mode User Guidelines...
Page 279: Mac Access-List Extended Rename
Syntax name mac access-list extended name no mac access-list extended name — Name of the access list. (Range: 1-31 characters) • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed.
Page 280: Service-Acl Input
Command Mode Global Configuration mode User Guidelines Command fails if the new name is the same as the old one. Example The following example shows the mac access-list extended rename command. console(config)#mac access-list extended rename DELL1 DELL2 service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port.
Page 281: Show Service-Acl Interface
Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, Port-channel) User Guidelines To specify multiple protocols, enter the protocol parameters together on the command line, separated by spaces. This command can only be entered once per interface if no intervening no service-acl input command has been entered.
Page 282: Show Ip Access-Lists
Example console#show service-acl interface gi1/0/1 Block CDP........ Enable Block VTP.........Enable Block DTP........Enable Block UDLD........ Enable Block PAGP.........Enable Block SSTP........ Enable Block All......... Enable show ip access-lists Use the show ip access-lists command in Privileged EXEC mode to display an IP ACL and time-range parameters. Syntax accesslistnumber show ip access-lists [...
Page 283: Show Mac Access-List
Examples The following example displays IP ACLs configured on a device. console#show ip access-lists Current number of ACLs: 2 Maximum number of ACLs: 100 ACL Name Rules Interface(s) Vlan(s) ----------------------------------------------------- ACL40 ACL41 show mac access-list Use the show mac access-list command in Privileged EXEC mode to display a MAC access list and all of the rules that are defined for the MAC ACL.
Page 284 User Guidelines This command has no user guidelines. Example The following example displays a MAC access list and all associated rules. console#show mac access-list DELL123 The command output provides the following information: Fields Description MAC ACL Name The name of the MAC access list. Rules The number of user-configured rules defined for the MAC ACL.
Page 285: Address Table Commands
Address Table Commands Static MAC Filtering allows the administrator to add a number of unicast or multicast MAC addresses directly to the forwarding database. This is typically a small number relative to the total size of the database. Associated with each static MAC address is a set of source ports, a set of destination ports and VLAN information.
Page 286: Clear Mac Address-Table
mac address-table aging- port security show mac address-table time dynamic mac address-table port security max show mac address-table multicast filtering interface mac address-table show mac address-table show mac address-table multicast forbidden multicast static address mac address-table show mac address-table show mac address-table multicast forbidden filtering vlan...
Page 287: Mac Address-Table Aging-Time
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address.
Page 288: Mac Address-Table Multicast Filtering
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example the MAC Address Table aging time is set to 400. console(config)#mac address-table aging-time 400 mac address-table multicast filtering Use the mac address-table multicast filtering command in Global Configuration mode to enable filtering of Multicast addresses.
Page 289: Mac Address-Table Multicast Forbidden Address
User Guidelines If switches exist on the VLAN, and IGMP snooping is not enabled, use the mac address-table multicast forward-all command to enable forwarding all Multicast packets to the Multicast routers. Example In this example, multicast filtering is enabled and multicast frames will behave according to the setting of the mac address-table multicast forward- unregistered and mac address-table multicast forbidden forward- unregistereed command settings.
Page 290: Forward-Unregistered
Parameter Description MAC Multicast address mac-multicast- in the format xxxx.xxxx.xxxx. address ip-multicast-address IP Multicast address. interface-list Specify a comma separated list of interfaces, a range of interfaces, or a combination of both. Interfaces can be port- channel numbers or physical ports in unit/slot/port format. Default Configuration No forbidden addresses are defined.
Page 291: Mac Address-Table Multicast Forward-All
vlan-id no mac address-table multicast forbidden forward-unregistered vlan Parameter Description Parameter Description vlan-id vlan Valid VLAN ID (Range 1-4093). Default Configuration The default for this command is not forbidden. Command Mode Global configuration mode User Guidelines This command has no user guidelines. Example The following example forbids forwarding unregistered multicast addresses on VLAN8.
Page 292: Forward-Unregistered
Parameter Description Parameter Description vlan-id vlan A valid VLAN ID (Range 1-4093). Default Configuration Forward-unregistered. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example, all VLAN1 Multicast packets are forwarded. console(config)#mac address-table multicast forward- all vlan 1 mac address-table multicast forward- unregistered...
Page 293: Mac Address-Table Multicast Static
Default Configuration Forward-unregistered Command Mode Global Configuration mode User Guidelines If routers exist on the VLAN, do not change the unregistered multicast drop addresses state to on the routers ports. NOTE: Do not use the mac address-table multicast forbidden forward-unregistered command with the mac address-table multicast forward-unregistered command on the same interface.
Page 294 Parameter Description Parameter Description Adds ports to the group. If no option is specified, this is the default option. remove Removes ports from the group. vlan-id vlan Valid vlan ID (1-4093). mac-multicast- MAC multicast address in the format xxxx.xxxx.xxxx. address ip-multicast-address IP multicast address.
Page 295: Mac Address-Table Static
console(config)# mac address-table vlan 8 multicast static 0100.5e02.0203 add interface gigabitethernet 1/0/1-9, 1/0/2 mac address-table static Use the mac address-table static command in Global Configuration mode to add a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the mac address-table static command.
Page 296: Port Security
Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 to the MAC address table. console(config)# mac address-table static 3AA2.64B3.A245 vlan 1 interface gigabitethernet 1/0/8 port security Use the port security command in Interface Configuration mode to disable the learning of new addresses on an interface.
Page 297: Port Security Max
console(config)#interface gigabitethernet 1/0/1 console(config-if-1/0/1)#port security trap 100 port security max Use the port security max command in Interface Configuration mode to configure the maximum addresses that can be learned on the port while the port is in port security mode. To return to the system default, use the no form of this command.
Page 298 Syntax vlan-id mac-multicast- show mac address-table multicast [vlan ] [address { address ip-multicast-address }] [format {ip | mac}] vlan_id — A valid VLAN ID value. • mac-multicast-address — A valid MAC Multicast address. • ip- multicast-address — A valid IP Multicast address. •...
Page 299: Show Mac Address-Table Filtering
Example In this example, Multicast MAC address table information is displayed. console#show mac address-table multicast Vlan MAC Address Type Ports ----- ------------------- ------- ------------------ 0100.5E05.0505 Static Forbidden ports for multicast addresses: Vlan MAC Address Ports ---- ----------------------- --------------------------- 0100.5E05.0505 NOTE: A multicast MAC address maps to multiple IP addresses, as shown above.
Page 300: Show Mac Address-Table
User Guidelines This command has no user guidelines. Example In this example, the Multicast configuration for VLAN 1 is displayed. console#show mac address-table filtering 1 Filtering: Enabled VLAN: 1 Mode: Forward-Unregistered show mac address-table Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database.
Page 301: Show Mac Address-Table Address
Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan Mac Address Type Port ---- ---------------- ---------- ----------- 001E.C9AA.AE19 Management CPU Interface: 0/5/ 001E.C9AA.AC19 Dynamic Gi1/0/21 001E.C9AA.AE1B Management 001E.C9AA.AE1B Management Vl10 001E.C9AA.AE1B Management...
Page 302: Show Mac Address-Table Count
Parameter Description interface-id Display information for a specific interface. Valid interfaces include physical ports and port channels. vlan-id Display entries for the specific VLAN only. The range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 303: Show Mac Address-Table Dynamic
Parameter Description Parameter Description interface-id Specify an interface type; valid interfaces include physical ports and port channels. vlan-id Specify a valid VLAN, the range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 304 Syntax mac-address interface- show mac address-table dynamic [address ] [interface vlan-id ] [vlan Parameter Description Parameter Description mac-address A MAC address with the format xxxx.xxxx.xxxx. interface-id Display information for a specific interface. Valid interfaces include physical ports and port channels. vlan-id Display entries for the specific VLAN only.
Page 305: Show Mac Address-Table Interface
0001.02F1.0B33 Dynamic gi1/0/1 show mac address-table interface Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the mac address-table. Syntax interface-id vlan-id show mac address-table interface [vlan Parameter Description Parameter Description interface-id Specify an interface type.Valid interfaces include physical ports and port channels.
Page 306: Show Mac Address-Table Static
---- -------------- ---- ------------- 0000.0001.0000 Dynamic gi1/0/1 0000.8420.5010 Dynamic gi1/0/1 0000.E26D.2C2A Dynamic gi1/0/1 0000.E89A.596E Dynamic gi1/0/1 0001.02F1.0B33 Dynamic gi1/0/1 show mac address-table static Use the show mac address-table static command in User EXEC or Privileged EXEC mode to display static entries in the bridge-forwarding database. Syntax mac-address interface-id...
Page 307: Show Mac Address-Table Vlan
Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- ----- ----- 0001.0001.0001 Static gi1/0/1 show mac address-table vlan Use the show mac address-table vlan command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database for the specified VLAN.
Page 308: Show Ports Security
Example In this example, all classes of entries in the bridge-forwarding database are displayed. console#show mac address-table vlan 1 Mac Address Table ------------------------------------- Vlan Mac Address Type Ports ---- --------------- ------- ------- 0000.0001.0000 Dynamic gi1/0/1 0000.8420.5010 Dynamic gi1/0/1 0000.E26D.2C2A Dynamic gi1/0/1 0000.E89A.596E Dynamic gi1/0/1 0001.02F1.0B33...
Page 309: Show Ports Security Addresses
User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the port-lock status are displayed. console#show ports security Port Status Action Maximum Trap Frequency ---- ------ ---------- --------- ------- ------- 1/0/1 Locked Discard Enable 1/0/2 Unlocked - 1/0/3...
Page 310 Syntax unit/slot/port show ports security addresses {gigabitethernet | port-channel port-channel-number | tengigabitethernet unit/slot/port } Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following example displays dynamic addresses for port channel number 1/0/1.
Page 311: Auto-Voip Commands
Auto-VoIP Commands Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
Page 312: Show Switchport Voice
show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax unit/slot/port port- show switchport voice [gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port ] Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode.
Page 313 Gi1/0/8 Disabled Gi1/0/9 Disabled Gi1/0/10 Disabled Gi1/0/11 Disabled Gi1/0/12 Disabled Gi1/0/13 Disabled Gi1/0/14 Disabled Gi1/0/15 Disabled Gi1/0/16 Disabled Gi1/0/17 Disabled Gi1/0/18 Disabled Gi1/0/19 Disabled Gi1/0/20 Disabled Gi1/0/21 Disabled Gi1/0/22 Disabled Gi1/0/23 Disabled Gi1/0/24 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled...
Page 314: Switchport Voice Detect Auto
Po10 Disabled Po11 Disabled Po12 Disabled Po13 Disabled Po14 Disabled Po15 Disabled --More-- or (q)uit The following example shows command output when a port is specified: console#show switchport voice gigabitethernet 1/0/1 Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- Gi1/0/1 Disabled The command output provides the following information:...
Page 315 Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default. Command Mode Global Configuration mode Interface (gigabitethernet, port-channel, tengigabitethernet) Configuration mode User Guidelines This command has no user guidelines Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#switchport voice detect auto Auto-VoIP Commands...
Page 316 Auto-VoIP Commands...
Page 317: Cdp Interoperability Commands
CDP Interoperability Commands Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. PowerConnect switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
Page 318: Clear Isdp Table
User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines...
Page 319: Isdp Enable
Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP.
Page 320: Isdp Holdtime
Example The following example enables isdp on interface 1/0/1. console(config)#interface gigabitethernet 1/0/1 console(config-if-1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it.
Page 321: Isdp Timer
isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax time isdp timer no isdp timer Parameter Description Parameter Description...
Page 322: Show Isdp Entry
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp Timer........ 30 Hold Time......180 Version 2 Advertisements..... Enabled Neighbors table last time changed..0 days 00:06:01 Device ID......
Page 323 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp entry Switch Device ID PC7000 Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP...
Page 324: Show Isdp Interface
Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp interface The show isdp interface command displays ISDP settings for the specified interface. Syntax unit/slot/port show isdp interface { all | gigabitethernet | tengigabitethernet unit/slot/port Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines...
Page 325: Show Isdp Neighbors
1/0/8 Enabled 1/0/9 Enabled 1/0/10 Enabled 1/0/11 Enabled 1/0/12 Enabled 1/0/13 Enabled 1/0/14 Enabled 1/0/15 Enabled 1/0/16 Enabled 1/0/17 Enabled 1/0/18 Enabled 1/0/19 Enabled 1/0/20 Enabled 1/0/21 Enabled 1/0/22 Enabled 1/0/23 Enabled 1/0/24 Enabled console#show isdp interface gigabitethernet 1/0/1 Interface Mode --------------- ----------...
Page 326 Syntax unit/slot/port show isdp neighbors {[ gigabitethernet | tengigabitethernet unit/slot/port | detail] } Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route, S - Switch, H - Host, I - IGMP, r - Repeater Device ID...
Page 327: Show Isdp Traffic
Interface 1/0/1 Port ID GigabitEthernet1/1 Holdtime Advertisement Version Entry last changed time 0 days 00:55:20 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp traffic The show isdp traffic command displays ISDP statistics.
Page 328 ISDP Packets Transmitted....... 127 ISDPv1 Packets Received......0 ISDPv1 Packets Transmitted..... 0 ISDPv2 Packets Received......4253 ISDPv2 Packets Transmitted..... 4351 ISDP Bad Header........ 0 ISDP Checksum Error......0 ISDP Transmission Failure...... 0 ISDP Invalid Format......0 ISDP Table Full........ 392 ISDP Ip Address Table Full.....
Page 329: Dhcp Layer 2 Relay Commands
DHCP Layer 2 Relay Commands In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers.
Page 330: Dhcp L2Relay (Interface Configuration)
Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay dhcp l2relay (Interface Configuration) Use the dhcp l2relay command to enable DHCP L2 Relay for an interface. Use the "no"...
Page 331: Dhcp L2Relay Circuit-Id
Example console(config-if-1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Circuit ID.
Page 332: Dhcp L2Relay Remote-Id
dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Remote ID.
Page 333: Dhcp L2Relay Vlan
Syntax dhcp l2relay trust no dhcp l2relay trust Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs.
Page 334: Show Dhcp L2Relay All
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay vlan 10,340-345 show dhcp l2relay all Use the show dhcp l2relay all command in Privileged EXEC mode to display the summary of DHCP L2 Relay configuration. Syntax show dhcp l2relay all Default Configuration...
Page 335: Show Dhcp L2Relay Interface
Gi1/0/2 Enabled untrusted Gi1/0/4 Disabled trusted VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Disabled Enabled --NULL-- Enabled Enabled --NULL-- Enabled Enabled broadcom Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- show dhcp l2relay interface Use the show dhcp l2relay interface command in Privileged EXEC mode to display DHCP L2 Relay configuration specific to interfaces.
Page 336: Show Dhcp L2Relay Stats Interface
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay interface all DHCP L2 Relay is Enabled. Interface L2RelayMode TrustMode ---------- ----------- -------------- Enabled untrusted Disabled trusted show dhcp l2relay stats interface Use the show dhcp l2relay stats interface command in Privileged EXEC mode to display DHCP L2 Relay statistics specific to interfaces.
Page 337: Show Dhcp L2Relay Subscription Interface
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay stats interface all DHCP L2 Relay is Enabled. Interface UntrustedServer UntrustedClient TrustedServer TrustedClient MsgsWithOpt82 MsgsWithOpt82 MsgsWithoutOpt82 MsgsWithoutOpt82 --------- --------------- ----------------- ----------------- --- ----------- Gi1/0/1 Gi1/0/2...
Page 338: Show Dhcp L2Relay Agent-Option Vlan
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. show dhcp l2relay agent-option vlan Use the show dhcp l2relay agent-option vlan command in Privileged EXEC mode to display DHCP L2 Relay Option-82 configuration specific to VLANs. Syntax vlan-range show dhcp l2relay agent-option vlan...
Page 339: Show Dhcp L2Relay Vlan
DHCP L2 Relay is Enabled. VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Enabled Enabled --NULL-- Enabled Enabled broadcom Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL— show dhcp l2relay vlan Use the show dhcp l2relay vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled on the specified VLAN or VLAN range.
Page 340: Show Dhcp L2Relay Circuit-Id Vlan
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay vlan 100 DHCP L2 Relay is Enabled. DHCP L2 Relay is enabled on the following VLANs: show dhcp l2relay circuit-id vlan Use the show dhcp l2relay circuit-id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and whether the DHCP Circuit-ID option is enabled on the specified VLAN or VLAN range.
Page 341: Show Dhcp L2Relay Remote-Id Vlan
User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay circuit-id vlan 300 DHCP L2 Relay is Enabled. DHCP Circuit-Id option is enabled on the following VLANs: show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range.
Page 342: Clear Dhcp L2Relay Statistics Interface
Example console#show dhcp l2relay remote-id vlan 200 DHCP L2 Relay is Enabled. VLAN ID Remote Id -------- ------------- remote_22 clear dhcp l2relay statistics interface Use the show dhcp l2relay statistics interface command in Privileged EXEC mode to reset the DHCP L2 Relay counters to zero. Specify the port with the counters to clear, or use the all keyword to clear the counters on all ports.
Page 343 Example console#clear dhcp l2relay statistics interface gi1/0/1 DHCP Layer 2 Relay Commands...
Page 344 DHCP Layer 2 Relay Commands...
Page 345: Dhcp Management Interface Commands
DHCP Management Interface Commands PowerConnect switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP .
Page 346: Release Dhcp
renew dhcp show dhcp lease release dhcp Use the release dhcp command in Privileged EXEC mode to force the DHCPv4 client to release a leased address. Syntax interface-id release dhcp Parameter Description Parameter Description interface-id Any valid VLAN interface. See Interface Naming Conventions for interface representation.
Page 347: Renew Dhcp
Example console#release dhcp vlan2 renew dhcp Use the renew dhcp command in Privileged EXEC mode to force the DHCP client to immediately renew an IPv4 address lease. Syntax interface-id renew dhcp { | out-of-band} Parameter Description Parameter Description interface-id Any valid routing interface. See Interface Naming Conventions for interface representation.
Page 348: Debug Dhcp Packet
Examples The first example is for routing interfaces. console#renew dhcp vlan 2 The second example is for out-of-band port. console#renew dhcp out-of-band debug dhcp packet Use the debug dhcp packet command in Privileged EXEC mode to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client.
Page 349: Show Dhcp Lease
console#debug dhcp packet transmit The third example is for receive flow. console#debug dhcp packet receive show dhcp lease Use the show dhcp lease command in Privileged EXEC mode to display IPv4 addresses leased from a DHCP server. Syntax interface-id show dhcp lease [interface Parameter Description Parameter Description...
Page 350 Term Description State State of the DHCPv4 Client on this interface. DHCP transaction The transaction ID of the DHCPv4 Client. Lease The time (in seconds) that the IP address was leased by the server. Renewal The time (in seconds) when the next DHCP renew Request is sent by DHCPv4 Client to renew the leased IP address.
Page 351 DHCP Lease server: 10.1.20.3, state: 5 Bound DHCP transaction id: 0x7AD Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs Retry count: 0 DHCP Management Interface Commands...
Page 352 DHCP Management Interface Commands...
Page 353: Dhcp Snooping Commands
DHCP Snooping Commands DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
Page 354: Clear Ip Dhcp Snooping Binding
clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac-address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip dhcp snooping database show ip dhcp snooping database ip dhcp snooping database write-delay show ip dhcp snooping interfaces ip dhcp snooping limit...
Page 355: Clear Ip Dhcp Snooping Statistics
clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command.
Page 356: Ip Dhcp Snooping Binding
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping console(config-if-vlan1)#ip dhcp snooping ip dhcp snooping binding Use the ip dhcp snooping binding command to configure a static DHCP Snooping binding. Use the “no” form of this command to remove a static binding.
Page 357: Ip Dhcp Snooping Database
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.134 interface 1/0/1 ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database.
Page 358: Ip Dhcp Snooping Database Write-Delay
User Guidelines There are no user guidelines for this command. Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.txt ip dhcp snooping database write-delay...
Page 359: Ip Dhcp Snooping Limit
User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping database write-delay 500 ip dhcp snooping limit Use the ip dhcp snooping limit command to control the maximum rate of DHCP messages. Use the no form of this command to reset the limit to the default.
Page 360: Ip Dhcp Snooping Log-Invalid
ip dhcp snooping log-invalid Use the ip dhcp snooping log-invalid command to enable logging of DHCP messages filtered by the DHCP Snooping application. Use the “no” form of this command to disable logging. Syntax ip dhcp snooping log-invalid no ip dhcp snooping log-invalid Default Configuration Logging of filtered messages is disabled by default.
Page 361: Ip Dhcp Snooping Verify Mac-Address
Default Configuration Ports are untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines There are no user guidelines for this command. Example console(config-if-1/0/1)#ip dhcp snooping trust console(config-if-1/0/1)#no ip dhcp snooping trust ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message.
Page 362: Show Ip Dhcp Snooping
Example console(config)#ip dhcp snooping verify mac-address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping global configuration. Syntax show ip dhcp snooping Syntax Description This command has no arguments or keywords. Default Configuration There is no default configuration for this command.
Page 363: Show Ip Dhcp Snooping Binding
--------- -------- ---------------- 1/0/1 1/0/2 1/0/3 1/0/4 1/0/6 show ip dhcp snooping binding Use the show ip dhcp snooping binding command to display the DHCP snooping binding entries. Syntax interface- show ip dhcp snooping binding [{ static | dynamic } ] [ interface vlan-id ] [ vlan static | dynamic—...
Page 364: Show Ip Dhcp Snooping Database
MAC Address IP Address VLAN Interface Lease time(Secs) ------------------ ------------ ---- --------- ------------- 00:02:B3:06:60:80 210.1.1.3 1/0/1 86400 00:0F:FE:00:13:04 210.1.1.4 1/0/1 86400 show ip dhcp snooping database Use the show ip dhcp snooping database command to display the DHCP snooping configuration related to the database persistence. Syntax show ip dhcp snooping database Syntax Description...
Page 365: Show Ip Dhcp Snooping Interfaces
show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax interface show ip dhcp snooping interfaces [ • interface—A valid physical interface. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines...
Page 366: Show Ip Dhcp Snooping Statistics
1/0/15 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Syntax Description This command has no arguments or keywords. Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC User Guidelines...
Page 367 Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec'd ----------- ---------- ---------- ----------- 1/0/2 1/0/3 1/0/4 1/0/5 1/0/6 1/0/7 1/0/8 1/0/9 1/0/10 1/0/11 1/0/12 1/0/13 1/0/14 1/0/15 1/0/16 1/0/17 1/0/18 1/0/19 1/0/20 DHCP Snooping Commands...
Page 368 DHCP Snooping Commands...
Page 369: Dynamic Arp Inspection Commands
Dynamic ARP Inspection Commands Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The miscreant sends ARP requests or responses mapping another station IP address to its own MAC address.
Page 370: Clear Ip Arp Inspection Statistics
Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command in Privileged EXEC mode to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
Page 371: Ip Arp Inspection Filter
Example console#clear ip arp inspection statistics ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.
Page 372: Ip Arp Inspection Trust
Configuring none for the limit means the interface is not rate limited for Dynamic ARP Inspection. Syntax seconds ip arp inspection limit { none | rate [ burst interval no ip arp inspection limit • none — To set no rate limit. pps —...
Page 373: Ip Arp Inspection Validate
no ip arp inspection trust Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines There are no user guidelines for this command. Example console(config-if-1/0/3)#ip arp inspection trust ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks like source MAC address validation, destination MAC address validation or IP address validation on the received ARP packets.
Page 374: Ip Arp Inspection Vlan
Default Configuration There is no additional validation enabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ip arp inspection validate src-mac dst-mac ip console(config)#ip arp inspection validate src-mac ip console(config)#ip arp inspection validate dst-mac ip console(config)#ip arp inspection validate ip ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection...
Page 375: Permit Ip Host Mac Host
User Guidelines There are no user guidelines for this command. Example console(config)#ip arp inspection vlan 200-300 console(config)#ip arp inspection vlan 200-300 logging permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation.
Page 376: Show Ip Arp Inspection
show arp access-list Use the show arp access-list command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument would display only the rules in that ARP ACL. Syntax acl-name show arp access-list [ acl-name —...
Page 377 Syntax interface-id vlan-range show ip arp inspection [interfaces [ ] | statistics [vlan vlan-range | vlan Parameter Description Parameter Description interfaces Display the Dynamic ARP Inspection configuration on all the interface-id DAI enabled interfaces. Giving an interface argument, it displays the values for that interface. statistics vlan vlan- Display the statistics of the ARP packets processed by Dynamic...
Page 378 DHCP Drops The number of packets dropped due to DHCP Snooping binding database match failure. ACL Drops The number of packets dropped due to ARP ACL rule match failure. DHCP Permits The number of packets permitted due to DHCP snooping binding database match.
Page 379: Show Ip Arp Inspection Vlan
(pps) (seconds) --------------- ----------- ---------- --------------- 1/0/1 Untrusted 1/0/2 Untrusted Following is an example of the show ip arp inspection statistics command. console#show ip arp inspection statistics VLAN Forwarded Dropped ---- --------- ------- console#show ip arp inspection statistics vlan 10,20 VLAN DHCP DHCP...
Page 380 Parameter Description Parameter Description vlan-range A valid VLAN range. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines The following global parameters are displayed: Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac If Destination Mac validation of ARP Response frame is Validation...
Page 381 Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation : Disabled Vlan Configuration Log Invalid ACL Name Static flag ---- ------------- ----------- --------- ---------- Enabled Enabled Enabled Disabled Enabled Enabled Disabled Dynamic ARP Inspection Commands...
Page 382 Dynamic ARP Inspection Commands...
Page 383: Email Alerting Commands
Email Alerting Commands Email Alerting is an extension of the logging system. The PowerConnect logging system allows the user to configure a variety of destinations for log messages. This feature adds email configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
Page 384 logging email show logging email statistics logging email urgent clear logging email statistics logging traps security logging email message-type to-addr mail-server ip-address | hostname logging email from-addr port (Mail Server Configuration Mode) logging email message-type subject username (Mail Server Configuration Mode) logging email logtime password (Mail Server Configuration...
Page 385 Parameter Description Parameter Description severity If you specify a severity level, log messages at or above the severity level are emailed. The severity level may either be specified by keyword or as an integer from 0 to 7. The accepted keywords, and the numeric severity level each represents, are as follows.
Page 386: Logging Email Urgent
logging email urgent Use the logging email urgent command in Global Configuration mode to set the lowest severity level at which log messages are emailed in an urgent manner. To revert the urgent severity level to its default value, use the no form of this command.
Page 387: Logging Traps
Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent. By default, Emergency and Alert log messages are considered urgent. Urgent log messages are emailed immediately, one log message per email message, and do not wait for the log time to expire.
Page 388: Logging Email Message-Type To-Addr
Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are emailed. You can use this command to specify the severity level at which SNMP traps are logged, and thus control whether traps appear in the buffered log or are emailed and, if they are emailed, whether traps are considered urgent or non-...
Page 389: Logging Email From-Addr
Command Mode Global Configuration User Guidelines This command removes the configured to-addr field of email. logging email from-addr Use the logging email from-addr command in Global Configuration mode to configure the From address of the email. Use the no form of this command to remove the email source address.
Page 390: Logging Email Logtime
Syntax message-type subject logging email message-type subject message-type no logging email message-type subject Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The user must enter the message-type parameter manually as tab and space bar completion do not work for this parameter.
Page 391: Logging Email Test Message-Type
Command Mode Global Configuration User Guidelines This command has no user guidelines. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax message-type message-body...
Page 392: Show Logging Email Statistics
show logging email statistics Use the show logging email statistics command in Privileged EXEC mode to show the statistics about the emails. The command displays information on how many emails are sent, how many emails failed, when the last email was sent, how long it has been since the last email was sent, how long it has been since the email changed to disabled mode.
Page 393: Security
Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. security Use the security command in Mail Server Configuration mode to set the email alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server.
Page 394: Mail-Server Ip-Address | Hostname
mail-server ip-address hostname Use the mail-server ip-address | hostname command in Global Configuration mode to configure the SMTP server IP address and change the mode to Mail Server Configuration mode. The server address can be in the IPv4, IPv6, or DNS name format. Use the no form of this command to remove the configured SMTP server address.
Page 395: Port (Mail Server Configuration Mode)
port (Mail Server Configuration Mode) Use the port command in Mail Server Configuration mode to configure the TCP port to use for communication with the SMTP server. Port can be set to 465 or 25. Use the no form of the command to revert the SMTP port to the default port.
Page 396: Password (Mail Server Configuration Mode)
Parameter Description This command does not require a parameter description. Default Configuration The default value for username is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the email server.
Page 397: Show Mail-Server
show mail-server Use the show mail-server command in Privileged EXEC mode to display the configuration of all the mail servers or a particular mail server. Syntax ip-address hostname show mail-server { | all} Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 398 SMTP server authentication details: Username: admin Mail server2 configuration: SMTP server IP Address: 10.131.1.31 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin console#show mail-server ip-address 10.131.1.11 SMTP server IP Address: 10.131.1.11 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin...
Page 399: Ethernet Configuration Commands
Ethernet Configuration Commands PowerConnect switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues. Jumbo frame technology is employed in certain situations to reduce the task load on a server CPU and to transmit large amounts of data efficiently.
Page 400: Commands In This Chapter
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed and duplex commands control interface link speeds and auto- negotiation.
Page 401: Description
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In the following example, the counters for port 1/0/1 are cleared. console#clear counters gigabitethernet 1/0/1 description Use the description command in Interface Configuration mode to add a description to an interface.
Page 402: Duplex
console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)# description RD_SW#3 duplex Use the duplex command in Interface Configuration mode to configure the duplex operation of a given Ethernet interface. To restore the default, use the no form of this command. Syntax duplex {auto | half | full} no duplex Parameter Description Parameter...
Page 403: Flowcontrol
Example The following example configures the duplex operation of gigabit Ethernet port 1/0/5 to force full duplex operation. console(config)# interface gigabitethernet 1/0/5 console(config-if)# duplex full flowcontrol Use the flowcontrol command in Global Configuration mode to configure the flow control. To disable flow control, use the no form of this command. Syntax flowcontrol no flowcontrol...
Page 404: Interface Range
NOTE: Additional forms of the interface command enable configuring VLANs, tunnels, the loopback interface, the out-of-band interface, and ranges of interfaces. See interface vlan, interface tunnel, interface loopback, and interface range. Syntax unit/slot/port port-channel-number interface {gigabitethernet | port-channel unit/slot/port | tengigabitethernet Default Configuration This command has no default configuration.
Page 405 Parameter Description port-range A list of valid ports to configure. Separate non-consecutive ports with a comma and no spaces; use a hyphen to designate a range of ports. For more detailed information, see Operating on Multiple Objects (Range). port-type Shows all interfaces of the specified type. Default Configuration This command has no default configuration.
Page 406 console(config)#interface range gi1/0/20-48 console(config)#interface range gi1/0/1,gi1/0/48 console(config)#interface range gi2/0/1-10,gi1/0/30 console(config)#interface range gi1/0/1-10,gi1/0/30-48 console(config)#interface range gi1/0/1,te1/1/1 console(config)#interface range gigabitEthernet 1/0/10,tengigabitEthernet1/1/2 Use the mtu command in Interface Configuration mode to enable jumbo frames on an interface by adjusting the maximum size of a packet. To return to the default setting, use the no form of this command.
Page 407: Show Interfaces Advertise
show interfaces advertise Use the show interfaces advertise command in Privileged EXEC mode to display information about auto-negotiation advertisement. Syntax unit/slot/port show interfaces advertise [{gigabitethernet unit/slot/port tengigabitethernet Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 408: Show Interfaces Configuration
Admin Local Link ------ ------ ------ ------ ------ Advertisement yes show interfaces configuration Use the show interfaces configuration command in User EXEC mode to display the configuration for all configured interfaces. Syntax unit/slot/port show interfaces configuration [{gigabitethernet | port-channel port-channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
Page 409: Show Interfaces Counters
1/0/6 Gigabit - Level Unknown Auto 1/0/7 Gigabit - Level Unknown Auto 1/0/8 Gigabit - Level Unknown Auto 1/0/9 Gigabit - Level Unknown Auto 1/0/10 Gigabit - Level Unknown Auto 1/0/11 Gigabit - Level Unknown Auto 1/0/12 Gigabit - Level Unknown Auto 1/0/13...
Page 410 Syntax unit/slot/port port- show interfaces counters [gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port ] Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays traffic seen by the physical interface: console>show interfaces counters Port InOctets...
Page 411 ---- ---------- --------- 27889 OutOctets OutUcastPkts ---- ---------- --------- 23739 The following example displays counters for Ethernet port 1/0/1. console#show interfaces counters gigabitethernet 1/0/1 Port InOctets InUcastPkts ---- ---------- --------- 1/0/1 183892 1289 Port OutOctets OutUcastPkts ---- ---------- --------- 1/0/1 9188 Alignment Errors: 17 FCS Errors: 8...
Page 412 Received Pause Frames: 0 Transmitted Pause Frames: 0 The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets.
Page 413: Show Interfaces Description
Field Description Internal MAC Rx Errors A count of frames for which reception fails due to an internal MAC sublayer receive error. Received Pause Frames A count of MAC Control frames received with an opcode indicating the PAUSE operation. Transmitted Pause Counted MAC Control frames transmitted on this Frames interface with an opcode indicating the PAUSE operation.
Page 414: Show Interfaces Detail
Description ---- ----------- Output show interfaces detail Use the show interfaces detail command in Privileged EXEC mode to display detailed status and configuration of the specified interface. Syntax show interfaces detail <interface-id> Field Description interface-id A physical interface or port channel identifier. Default Configuration This command has no default configuration.
Page 415 State State ----- ------------------------------ ------ ------ ---- ----- ----- Gi1/0/1Gigabit - Level Unknown Auto Down Port Description ------ --------------------------------------------- ------------------------- Gi1/0/1 Flow Control:Enabled Port: Gi1/0/1 VLAN Membership mode:Access Mode Operating parameters: PVID: 1 Ingress Filtering: Enabled Acceptable Frame Type: Untagged Default Priority: 0 GVRP status:Disabled Protected:Disabled...
Page 416 ---- --------------------------------- ----------- -------- default Untagged Default Static configuration: PVID: 1 Ingress Filtering: Enabled Acceptable Frame Type: Untagged Port Gi1/0/1 is statically configured to: VLAN Name Egress rule ---- --------------------------------- ----------- Forbidden VLANS: VLAN Name ---- --------------------------------- Port Gi1/0/1 Enabled State: Disabled Role: Disabled...
Page 417: Show Interfaces Status
Designated bridge Priority: 32768 Address: 001E.C9AA.AF51 Designated port id: 128.1 Designated path cost: 40000 CST Regional Root: 80:00:00:1E:C9:AA:AF:51 Port Cost: 0 BPDU: sent 121, received 316356 show interfaces status Use the show interfaces status command in Privileged EXEC mode to display the status for all configured interfaces.
Page 418: Show Statistics
User Guidelines This command has no user guidelines. Example The following example displays the status for all configured interfaces. console#show interfaces status Port Name Duplex Speed Link Flow Control State Status ------- -------------- ------ ------- ---- ----- ------------ Gi1/0/1 Unknown Auto Down Inactive...
Page 419 User Guidelines This command has no user guidelines. Examples The following example shows statistics for port 1/0/1. console#show statistics gigabitethernet 1/0/1 Total Packets Received (Octets)....779533115 Packets Received 64 Octets..... 48950 Packets Received 65-127 Octets....482426 Packets Received 128-255 Octets....101084 Packets Received 256-511 Octets....
Page 420 Total Packets Received with MAC Errors..0 Jabbers Received....... 0 Fragments/Undersize Received....0 Alignment Errors....... 0 FCS Errors........0 Overruns........0 Total Received Packets Not Forwarded... 91 Local Traffic Frames......0 802.3x Pause Frames Received....0 Unacceptable Frame Type......91 Multicast Tree Viable Discards....
Page 421 FCS Errors........0 Tx Oversized........0 Underrun Errors........ 0 Total Transmit Packets Discarded....0 Single Collision Frames......0 Multiple Collision Frames...... 0 Excessive Collision Frames..... 0 Port Membership Discards....... 0 802.3x Pause Frames Transmitted....0 GVRP PDUs received......0 --More-- or (q)uit GVRP PDUs Transmitted......
Page 422 Unicast Packets Transmitted....2746 Multicast Packets Transmitted....88892 Broadcast Packets Transmitted....14 Transmit Packets Discarded..... 0 --More-- or (q)uit Most Address Entries Ever Used....141 Address Entries Currently in Use....124 Maximum VLAN Entries......1024 Most VLAN Entries Ever Used....6 Static VLAN Entries......
Page 423: Show Statistics Switchport
Multicast Packets Transmitted....0 Broadcast Packets Transmitted....0 Transmit Packets Discarded..... 0 Most Address Entries Ever Used....3 Address Entries Currently in Use....3 Maximum VLAN Entries......1024 Most VLAN Entries Ever Used....2 Static VLAN Entries......2 Dynamic VLAN Entries......0 VLAN Deletes........
Page 424 Command Mode Privileged EXEC mode. User Guidelines It is possible to enter interface configuration mode from global configuration mode or from interface configuration mode. Example The following example shows statistics for the entire switch. console#show statistics switchport Total Packets Received (Octets)....0 Packets Received Without Error....
Page 425: Show Storm-Control
Address Entries Currently in Use....3 Maximum VLAN Entries......1024 Most VLAN Entries Ever Used....2 Static VLAN Entries......2 Dynamic VLAN Entries......0 VLAN Deletes........0 Time Since Counters Last Cleared....0 day 18 hr 1 min 59 sec show storm-control Use the show storm-control command in Privileged EXEC mode to display the configuration of storm control.
Page 426: Shutdown
Bcast Bcast Mcast Mcast Ucast Ucast Intf Mode Level Mode Level Mode Level ------ ------- ------- ------- ------- ------- ------- 1/0/1 Disable 5 Disable 5 Disable 5 1/0/2 Disable 5 Disable 5 Disable 5 1/0/3 Disable 5 Disable 5 Disable 5 1/0/4 Disable 5 Disable 5...
Page 427: Speed
console(config-if-1/0/5)# shutdown The following example re-enables gigabit ethernet port 1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)# no shutdown speed Use the speed command in Interface Configuration mode to configure the speed of a given Ethernet interface when not using auto-negotiation. To restore the default, use the no form of this command. Syntax speed {10 | 100 | 1000 | 10000 | auto [10 | 100 | 1000 | 10000]} no speed...
Page 428: Storm-Control Broadcast
User Guidelines When auto is used with a set of speeds, only those speeds are used by the port for the negotiation capabilities. Alternatively, if no speed arguments are configured, then all the speed capabilities are considered. SFP transceivers support auto-negotiation mode only. Example The following example configures the speed operation of Ethernet port 1/0/5 to force 100-Mbps operation.
Page 429: Storm-Control Multicast
User Guidelines This command has no user guidelines. Example console(config-if-1/0/1)#storm-control broadcast level 5 storm-control multicast Use the storm-control multicast command in Interface Configuration mode to enable multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 430: Storm-Control Unicast
Example console(config-if-1/0/1)#storm-control multicast level 5 storm-control unicast Use the storm-control unicast command in Interface Configuration mode to enable unknown unicast storm control for an interface. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 431: Switchport Protected
switchport protected Use the switchport protected command in Interface Configuration mode to groupid configure a protected port. The parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group. You are required to remove an interface from one group before adding it to another group.
Page 432: Switchport Protected Name
switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to "protected". Syntax groupid name switchport protected name groupid no switchport protected name groupid —...
Page 433 groupid — Identifies which group the port is to be protected in. • (Range: 0–2) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example identifies test as the protected group. console#show switchport protected 0 Name.........
Page 434 Ethernet Configuration Commands...
Page 435: Ethernet Cfm Commands
Ethernet CFM Commands Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest.
Page 436: Ethernet Cfm Domain
ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level debug cfm ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into maintenance domain config mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain config mode.
Page 437: Service
User Guidelines Each domain must have a unique name and level, for example, one cannot create a domain qwerty at level 2 if domain qwerty already exists at level 1. Likewise, one cannot create a domain dvorak at level 2 if a domain of any name exists at level 2.
Page 438: Ethernet Cfm Cc Level
Command Mode Maintenance domain config mode User Guidelines This command has no user guidelines. Example console(config-cfm-mdomain)#service serv1 vlan 10 ethernet cfm cc level Use the ethernet cfm cc level command in Global Configuration mode to initiate sending continuity checks (CCMs) at the specified interval and level on a VLAN monitored by an existing domain.
Page 439: Ethernet Cfm Mep Level
Default Configuration CCMs are not sent by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#ethernet cfm cc level 1 vlan 15 interval 10 ethernet cfm mep level Use the ethernet cfm mep level command in Interface Configuration mode to create a Maintenance End Point (MEP) on an interface at the specified level and direction.
Page 440: Ethernet Cfm Mep Enable
Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction.
Page 441: Ethernet Cfm Mep Active
User Guidelines The maintenance domain must exist for it to be enabled. Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction.
Page 442: Ethernet Cfm Mip Level
ethernet cfm mep archive-hold-time Use the ethernet cfm mep archive-hold-time command in Interface Configuration mode to maintain internal information on a missing MEP. Use the no form of the command to return the interval to the default value. Syntax hold-time ethernet cfm mep archive-hold-time Parameter Description Parameter...
Page 443: Ping Ethernet Cfm
Syntax ethernet cfm mip level Parameter Description Parameter Description level Maintenance association level Default Configuration No MIPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example console(config-if-gi1/0/1)# ethernet cfm mip level <7> ping ethernet cfm Use the ping ethernet cfm command in Privileged EXEC mode to generate a loopback message (LBM) from the configured MEP .
Page 444: Traceroute Ethernet Cfm
Parameter Description mac-addr The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. remote-mpid The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 445 Syntax mac-addr 1-8191 traceroute ethernet cfm {mac | remote-mpid } {domain domain name vlan-id 1-8191 1-255 | level } vlan mpid [ttl Parameter Description Parameter Description level Maintenance association level mac-addr The destination MAC address for which the route needs to be traced.
Page 446: Show Ethernet Cfm Errors
show ethernet cfm errors Use the show ethernet cfm errors command in Privileged EXEC mode to display the cfm errors. Syntax domain-id show ethernet cfm errors {domain | level Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 447: Show Ethernet Cfm Maintenance-Points Local
Syntax domain-id show ethernet cfm domain {brief | Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines.
Page 448: Show Ethernet Cfm Maintenance-Points Remote
Syntax interface- show ethernet cfm maintenance-points local {level | interface domain-name | domain Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). level Maintenance association level interface-id Show all MPs associated with the interface. Default Configuration This command has no default configuration.
Page 449 Syntax domain- show ethernet cfm maintenance-points remote {level | domain name mac-address MEPId domain-name | detail [ mac | mep ] [domain vlan-id level ] [vlan Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 450: Show Ethernet Cfm Statistics
show ethernet cfm statistics Use the show ethernet cfm maintenance-points remote command in Privileged EXEC mode to display the CFM statistics. Syntax domain-name show ethernet cfm statistics [domain | level Parameter Description Parameter Description domain-name Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 451: Debug Cfm
Out-of-order Loopback Replies received: 0 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received...
Page 452 Parameter Description Parameter Description event CFM events CFM PDUs Continuity check messages Link trace messages Loopback messages Transmit only Receive only Everything Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. Example Console# show ethernet cfm statistics ------------------------------------------------------------------...
Page 453 Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 3' ------------------------------------------------------------------...
Page 454 Ethernet CFM Commands...
Page 455: Green Ethernet Commands
Green Ethernet Commands PowerConnect switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Energy-Detect Mode With this mode enabled, when the port link is down the PHY automatically goes down for short periods of time and then wakes up periodically to check for link pulses.
Page 456: Green-Mode Energy-Detect
– green-mode energy-detect This command enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. Use the green-mode energy- detect command in Interface Configuration mode to enable energy-detect mode on an interface or all the interfaces. Energy-detect mode is disabled by default on 1G copper interfaces and enabled by default on 10G copper interfaces.
Page 457: Green-Mode Eee
User Guidelines Cable diagnostics (show copper-ports commands) may give misleading results if green mode is enabled on the port. Disable green mode prior to running any cable diagnostics. green-mode eee Use the green-mode eee command in Interface Configuration mode to enable EEE low power idle mode on an interface.
Page 458: Clear Green-Mode Statistics
clear green-mode statistics Use the clear green-mode statistics command in Privileged EXEC mode to clear: • The EEE LPI event count, and LPI duration • The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax interface-id clear green-mode statistics {...
Page 459 collected on combo ports when the copper port is enabled. Use the no form of the command to set the sampling interval or max-samples values to the default. Syntax 30 sec 36000 sec green-mode eee-lpi-history {sampling-interval – | max- samples Parameter Description Parameter Description...
Page 460 interface-id show green-mode interface-id Use the show green-mode command in Privileged EXEC mode to display the green-mode configuration and operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled.
Page 461 Term Description Reason for Energy- The energy detect mode may be administratively enabled, but detect current the operational status may be inactive. The possible reasons are: operational status Port is currently operating in the fiber mode Link is up. If the energy-detect operational status is active, then the reason field shows up as: No energy Detected EEE Admin Mode...
Page 462 Term Description Tw_sys_rx Echo Integer that indicates the remote systems Receive Tw_sys that (μSec) was used by the local system to compute the Tw_sys that it can support. This value maps into the aLldpXdot3LocRxTwSysEcho attribute. Fallback Tw_sys Integer that indicates the value of fallback Tw_sys that the local (μSec) system requests from the remote system.
Page 463 Term Description Time Since Time Since Counters Last Cleared (since the time of power up, Counters Last or after clear eee counters is executed) Cleared Example console#show green-mode gi1/0/1 Energy Detect Admin Mode... Enabled Operational Status..... Active Reason......No Energy Detected Auto Short Reach Admin Mode....
Page 464: Show Green-Mode
Remote Tw_sys_tx Echo(usec)..XX Remote Tw_sys_rx (usec)....XX Remote Tw_sys_tx Echo(usec)..XX Remote fallback Tw_sys (usec)..XX Tx DLL enabled......Yes Tx DLL ready......Yes Rx DLL enabled......Yes Rx DLL ready......Yes Power Saving (%)...... XX Time Since Counters Last Cleared..1 day 20 hr 47 min 34 sec show green-mode Use the show green-mode command in Privileged EXEC mode to display the...
Page 465: Show Green-Mode Eee-Lpi-History Interface
User Guidelines This command output provides the following information. Term Description Energy Detect Energy-detect Energy-detect Admin mode is enabled or disabled. Config Energy-detect Opr Energy detect mode is currently active or inactive. The energy detect mode may be administratively enabled, but the operational status may be inactive.
Page 466 Parameter Description Parameter Description interface-id Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines On combo ports, samples are only collected on the copper ports when enabled.
Page 467 Example This example is on a platform capable of providing power consumption details. Percentage of Percentage of Sample Time Since Time Spent in Time Spent in the Sample LPI Mode Since LPI Mode Since Was Recorded Last Sample Last Reset ------ -------------- -------------- --------------...
Page 468 Green Ethernet Commands...
Page 469: Gvrp Commands
GVRP Commands GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
Page 470: Garp Timer
Syntax unit/slot/port port- clear gvrp statistics [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on port 1/0/8.
Page 471: Gvrp Enable (Global)
Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines relationships The following for the various timer values must be maintained: •...
Page 472: Gvrp Enable (Interface)
Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (interface) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface.
Page 473: Gvrp Registration-Forbid
Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on gigabit ethernet 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#gvrp enable gvrp registration-forbid...
Page 474: Show Gvrp Configuration
console(config-if-1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To disable dynamic VLAN creation, use the no form of this command. Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Default Configuration By default, dynamic VLAN creation is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode...
Page 475 Syntax unit/slot/port port- show gvrp configuration [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port } ] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example shows how to display GVRP configuration information: console# show gvrp configuration Global GVRP Mode: Disabled...
Page 476: Show Gvrp Error-Statistics
show gvrp error-statistics Use the show gvrp error-statistics command in User EXEC mode to display GVRP error statistics. Syntax unit/slot/port port- show gvrp error-statistics [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 477: Show Gvrp Statistics
1/0/3 1/0/4 show gvrp statistics Use the show gvrp statistics command in User EXEC mode to display GVRP statistics. Syntax unit/slot/port port- show gvrp statistics [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 478 Port rJIn rEmp rLIn sJIn sEmp sLIn ---- ---- ---- ---- ---- ---- --- 1/0/1 1/0/2 1/0/3 1/0/4 1/0/5 1/0/6 1/0/7 1/0/8 GVRP Commands...
Page 479: Igmp Snooping Commands
IGMP Snooping Commands Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows PowerConnect switches to forward multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
Page 480: Commands In This Chapter
interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management. The default value for the multicast router expiration time is zero, which indicates an infinite timeout (that is, no expiration).
Page 481: Ip Igmp Snooping (Interface)
User Guidelines IGMP snooping is enabled on static VLANs only and is not enabled on Private VLANs or their community VLANs. Example The following example globally enables IGMP snooping. console(config)# ip igmp snooping ip igmp snooping (interface) Use the ip igmp snooping command in Interface Configuration mode to enable Internet Group Management Protocol (IGMP) snooping on a specific interface.
Page 482: Ip Igmp Snooping Host-Time-Out
ip igmp snooping host-time-out Use the ip igmp snooping host-time-out command in Interface Configuration mode to configure the host-time-out. If an IGMP report for a Multicast group is not received for a host time-out period from a specific port, this port is deleted from the member list of that Multicast group. To reset to the default host time-out, use the no form of this command.
Page 483: Ip Igmp Snooping Mrouter-Time-Out
IGMP leave was received from a specific port, the current port is deleted from the member list of that Multicast group. To configure the default leave-time- out, use the no form of this command. Syntax time-out ip igmp snooping leave-time-out [ | immediate-leave] no ip igmp snooping leave-time-out time-out —...
Page 484: Show Ip Igmp Snooping
Syntax time-out ip igmp snooping mrouter-time-out no ip igmp snooping mrouter-time-out time-out — mrouter timeout in seconds for IGMP. (Range: 1–3600) • Default Configuration The default value is 300 seconds. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines.
Page 485: Show Ip Igmp Snooping Groups
Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC User Guidelines This command has no user guidelines. show ip igmp snooping groups Use the show ip igmp snooping groups command in User EXEC mode to display the Multicast groups learned by IGMP snooping.
Page 486: Show Ip Igmp Snooping Interface
---- ----------- ------- 224-239.130 | 2.2.3 1/0/1, 2/0/2 224-239.130 | 2.2.8 1/0/9-1/0/11 IGMP Reporters that are forbidden statically: --------------------------------------------- Vlan IP Address Ports ---- ------------------ ------------------- 224-239.130 | 2.2.3 1/0/19 show ip igmp snooping interface Use the show ip igmp snooping interface command in Privileged EXEC mode to display the IGMP snooping configuration.
Page 487: Show Ip Igmp Snooping Mrouter
IGMP Snooping Admin Mode....Disabled Fast Leave Mode......Disabled Group Membership Interval....260 Max Response Time......10 Multicast Router Present Expiration Time..300 show ip igmp snooping mrouter Use the show ip igmp snooping mrouter command in Privileged EXEC mode to display information on dynamically learned Multicast router interfaces.
Page 488: Ip Igmp Snooping Fast-Leave
Syntax vlan-id ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled on VLAN interfaces by default. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping on VLAN 2. console#vlan database console(config-vlan)#ip igmp snooping 2 ip igmp snooping fast-leave...
Page 489: Ip Igmp Snooping Groupmembership-Interval
no ip igmp snooping fast-leave vlan id — Number assigned to the VLAN. • Default Configuration IGMP snooping fast-leave mode is disabled on VLANs by default. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping fast-leave mode on VLAN 2.
Page 490: Ip Igmp Snooping Maxresponse
Default Configuration The default group membership interval time is 260 seconds. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an IGMP snooping group membership interval of 520 seconds. console(config-vlan)#ip igmp snooping groupmembership-interval 2 520 ip igmp snooping maxresponse This command sets the IGMP Maximum Response time on a particular...
Page 491: Ip Igmp Snooping Mcrtrexpiretime
Command Mode VLAN Configuration mode User Guidelines When using IGMP Snooping Querier, this parameter should be less than the value for the IGMP Snooping Querier query interval. Example The following example sets the maximum response time to 60 seconds on VLAN 2.
Page 492 User Guidelines The mcrexpiretime should be less than the group membership interval. Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds. console(config-vlan)#ip igmp mcrtexpiretime 2 60 IGMP Snooping Commands...
Page 493: Ip Igmp Snooping Querier
IGMP Snooping Querier Commands The IGMP/MLD Snooping Querier is an extension to the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect and refresh the multicast group membership information.
Page 494 source address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address. If a VLAN has IGMP Snooping Querier enabled, and IGMP Snooping is operationally disabled on it, IGMP Snooping Querier functionality is disabled on that VLAN.
Page 495: Ip Igmp Snooping Querier Election Participate
Example The following example enables IGMP snooping querier in VLAN Configuration mode. console(config-vlan)#ip igmp snooping querier 1 address 10.19.67.1 ip igmp snooping querier election participate This command enables the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
Page 496: Ip Igmp Snooping Querier Query-Interval
console#vlan database console(config-vlan)#ip igmp snooping querier election participate ip igmp snooping querier query-interval This command sets the IGMP Querier Query Interval time, which is the amount of time in seconds that the switch waits before sending another periodic query. The no form of this command sets the IGMP Querier Query Interval time to its default value.
Page 497: Ip Igmp Snooping Querier Version
ip igmp snooping querier timer expiry This command sets the IGMP Querier timer expiration period which is the time period that the switch remains in Non-Querier mode after it has discovered that there is a Multicast Querier in the network. The no form of this command sets the IGMP Querier timer expiration period to its default value.
Page 498: Show Ip Igmp Snooping Querier
Syntax version ip igmp snooping querier version no ip igmp snooping querier version version — IGMP version. (Range: 1–2) • Default Configuration The querier version default is 2. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the IGMP version of the querier to 1.
Page 499 Parameter Description Admin Mode Indicates whether or not IGMP Snooping Querier is active on the switch. Admin Version Indicates the version of IGMP that will be used while sending out the queries. Source IP Address Shows the IP address that is used in the IPv4 header when sending out IGMP queries.
Page 500 Parameter Description Elected Querier Indicates the IP address of the Querier that has been designated as the Querier based on its source IP address. This field will be 0.0.0.0 when Querier Election Participate mode is disabled. When the optional argument detail is used, the command shows the global information and the information for all Querier enabled VLANs.
Page 501: Ip Addressing Commands
IP Addressing Commands Interfaces on the PowerConnect switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, PowerConnect switches act as a host for management of the switch. Commands in this category allow the network operator to configure the local host address, utilize the embedded DHCP client to obtain an address, resolve names to addresses using DNS servers, and detect address conflicts on the local subnet.
Page 502: Clear Host
clear host Use the clear host command in Privileged EXEC mode to delete entries from the host name-to-address cache. Syntax name clear host { | *} name — Host name to be deleted from the host name-to-address cache. • (Range: 1-255 characters) •...
Page 503: Ip Address (Out-Of-Band)
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# console#configure console(config)#clear ip address-conflict-detect ip address (Out-of-Band) Use the ip address command in Interface Configuration mode to set an IP address for the service port.
Page 504: Ip Address-Conflict-Detect Run
Parameter Description dhcp Obtain the service port address via DHCPv4. Default Configuration The out-of-band interface (service port) obtains an IP address via DHCP by default. Command Mode Interface (Out-of-Band) Configuration mode User Guidelines When setting the netmask/prefix length on an IPv4 address, a space is required between the address and the mask or prefix length.
Page 505: Ip Address Dhcp (Interface Config)
Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console# console#configure console(config)#ip address-conflict-detect run ip address dhcp (Interface Config) Use the ip address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv4 client on an interface.
Page 506: Ip Default-Gateway
User Guidelines This command only applies to routing interfaces. When DHCP is enabled on a routing interface, the system automatically deletes all manually configured IPv4 addresses on the interface. • The command no ip address dhcp removes the interface’s primary address (Manual/DHCP) including the secondary addresses, if configured, and sets the Interface method to None.
Page 507 Syntax ip-address ip default-gateway ip-address no ip default-gateway Parameter Description Parameter Description ip-address Valid IPv4 address of an attached router. Default Configuration No default gateway is defined. Command Mode Global Configuration mode User Guidelines When the system does not have a more specific route to a packet’s destination, it sends the packet to the default gateway.
Page 508: Ip Domain-Lookup
ip domain-lookup Use the ip domain-lookup command in Global Configuration mode to enable IP Domain Naming System (DNS)-based host name-to-address translation. To disable the DNS, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup Default Configuration DNS name resolution is enabled by default.
Page 509 Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a default domain name of dell.com. console(config)#ip domain-name dell.com ip host Use the ip host command in Global Configuration mode to define static host name-to-address mapping in the host cache.
Page 510: Ip Name-Server
This command has no user guidelines. Example The following example defines a static host name-to-address mapping in the host cache. console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command.
Page 511: Ipv6 Address (Interface Config)
Example The following example sets the available name server. console(config)#ip name-server 176.16.1.18 ipv6 address (Interface Config) Use the ipv6 address command to set the IPv6 address of the management interface. Use the no form of this command to reset the IPv6 address to the default.
Page 512: Ipv6 Address (Oob Port)
Example Configure ipv6 routing on vlan 10 and obtain an address via DHCP . Assumes vlan 10 already exists. console(config)#ip routing console(config)#interface vlan 10 console(config-if-vlan10)#ipv6 enable console(config-if-vlan10)#ipv6 address dhcp Configure a default gateway on vlan 10 console(config)#no ipv6 address autoconfig console(config)#no ipv6 address 2003::6/64 console(config)#no ipv6 address 2001::/64 eui64 console(config)#no ipv6 address...
Page 513 Use the no form of the command to remove a specific address or to return the address assignment to its default value. Using the no form of the command with no parameters removes all IPv6 prefixes from the interface. Syntax prefix/prefix-length ipv6 address { [eui64] | autoconfig | dhcp }...
Page 514: Ipv6 Address Dhcp
ipv6 address dhcp Use the ipv6 address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv6 client on an IPv6 interface. Syntax ipv6 address dhcp no ipv6 address dhcp Parameter Description This command does not require a parameter description. Default Configuration DHCPv6 is disabled by default on routing interfaces.
Page 515: Ipv6 Enable (Interface Config)
ipv6 enable (Interface Config) Use the ipv6 enable command to enable IPv6 on a routing interface. Use the "no" form of this command to reset the IPv6 configuration to the defaults. Syntax ipv6 enable no ipv6 enable Default Configuration IPv6 is not enabled by default. Command Mode Interface Configuration mode (VLAN, loopback) User Guidelines...
Page 516: Ipv6 Gateway (Oob Config)
Command Mode Interface (out-of-band) Configuration mode User Guidelines There are no user guidelines for this command. ipv6 gateway (OOB Config) Use the ipv6 gateway command in Interface (out-of-band) Config mode to configure the address of the IPv6 gateway. The gateway is used as a default route for packets addressed to network devices not present on the local subnet.
Page 517: Show Hosts
show hosts Use the show hosts command in User EXEC mode to display the default domain name, a list of name server hosts, and the static and cached list of host names and addresses. The command itself shows hosts [hostname]. •...
Page 518: Show Ip Address-Conflict
show ip address-conflict Use the show ip address-conflict command in User EXEC or Privileged EXEC mode to display the status information corresponding to the last detected address conflict. Syntax show ip address-conflict Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 519: Show Ip Helper-Address
Address Conflict Detection Status...Conflict Detected Last Conflicting IP Address..10.131.12.56 Last Conflicting MAC Address..00:01:02:04:5A:BC Time Since Conflict Detected..5 days 2 hrs 6 mins 46 secs console#show ip address-conflict Address Conflict Detection Status..No Conflict Detected show ip helper-address Use the show ip helper-address command in Privileged EXEC mode to display IP helper addresses configuration.
Page 520: Show Ipv6 Dhcp Interface Out-Of-Band Statistics
-------------------- ----------- ---------- ---------- ------------ ------ vlan 25 domain 0 192.168.40.2 vlan 25 dhcp 0 192.168.40.2 vlan 30 dhcp vlan 30 0 192.168.23.1 dhcp 0 192.168.40.1 show ipv6 dhcp interface out-of-band statistics Use the show ipv6 dhcp interface out-of-band statistics command in Privileged EXEC mode to display IPv6 DHCP statistics for the out-of-band interface.
Page 521: Show Ipv6 Interface Out-Of-Band
Received DHCPv6 Advertisement Packets Discard.. 0 Received DHCPv6 Reply Packets Discarded..0 DHCPv6 Malformed Packets Received....0 Total DHCPv6 Packets Received....0 DHCPv6 Solicit Packets Transmitted..... 8 DHCPv6 Request Packets Transmitted..... 0 DHCPv6 Renew Packets Transmitted....0 DHCPv6 Rebind Packets Transmitted....0 DHCPv6 Release Packets Transmitted.....
Page 522 Example console(config-if)#do show ipv6 interface out-of-band IPv6 Administrative Mode....... Enabled IPv6 Prefix is......... FE80::21E:C9FF:FEAA:AD79/64 ::/128 IPv6 Default Router......FE80::A912:FEC2:A145:FEAD Configured IPv6 Protocol....... None IPv6 AutoConfig Mode......Enabled Burned In MAC Address......001E.C9AA.AD79 IP Addressing Commands...
Page 523: Ipv6 Access List Commands
IPv6 Access List Commands Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
Page 524: Deny | Permit} (Ipv6 Acl)
deny permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields.
Page 525 Parameter Description every Allows all protocols. icmpv6 | ipv6 | tcp Protocol to match, specified as keywords icmp, igmp, ipv6, tcp, | udp | udp or as a standard protocol number from 1–255. protocolnumber any | sourceipv6 any matches any source IP address. Or, you can specify a source prefix/ IPv6 addressed expressed as a prefix/prefixlength.
Page 526: Ipv6 Access-List
Default Configuration This command has no default configuration. Command Mode IPv6-Access-List Configuration mode User Guidelines Users are permitted to add rules, but if a packet does not match any user- specified rules, the packet is dropped by the implicit “deny all” rule. The 'no' form of this command is not supported, since the rules within an IPv6 ACL cannot be deleted individually.
Page 527: Ipv6 Access-List Rename
Syntax name ipv6 access-list name no ipv6 access-list name — Alphanumeric string of 1 to 31 characters uniquely identifying • the IPv6 access list. Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example creates an IPv6 ACL named "DELL_IP6"...
Page 528: Ipv6 Traffic-Filter
Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(Config)#ipv6 access-list rename DELL_IP6 DELL_IP6_NEW_NAME ipv6 traffic-filter The ipv6 traffic-filter command either attaches a specific IPv6 Access Control List (ACL) to an interface or associates it with a VLAN ID in a given direction.
Page 529: Show Ipv6 Access-Lists
seq-num — Order of access list relative to other access lists sequence • already assigned to this interface and direction. (Range: 1–4294967295) Default Configuration This command has no default configuration. Command Modes Global Configuration mode Interface Configuration (Ethernet, Port-channel, VLAN) mode User Guidelines This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces.
Page 530 Parameter Description Rule Status Status (Active/Inactive) of the IPv6 ACL rule. Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays configuration information for the IPv6 ACLs. console#show ipv6 access-lists Current number of all ACLs: 1 Maximum number of all ACLs: 100...
Page 531 Action......... permit Protocol........255(ipv6) Source IP Address......2001:DB8::/32 The command output provides the following information: Field Description Rule Number The ordered rule number identifier defined within the IPv6 ACL. Action Displays the action associated with each rule. The possible values are Permit or Deny.
Page 532 IPv6 Access List Commands...
Page 533: Ipv6 Mld Snooping Commands
IPv6 MLD Snooping Commands In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN.
Page 534: Ipv6 Mld Snooping Immediate-Leave
ipv6 mld snooping immediate-leave The ipv6 mld snooping immediate-leave command enables or disables MLD Snooping snooping immediate-leave admin mode on a selected interface or VLAN. Enabling fast-leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an MLD done message for that multicast group without first sending out MAC-based general queries to the interface.
Page 535: Ipv6 Mld Snooping Groupmembership-Interval
ipv6 mld snooping groupmembership-interval The ipv6 mld snooping groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
Page 536: Ipv6 Mld Snooping Mcrtexpiretime
interface because it did not receive a report for a particular group in that interface. This value must be less than the MLD Query Interval time value. The range is 1 to 3599 seconds. Syntax ipv6 mld snooping maxresponse [vlan-id] [seconds] no ipv6 mld snooping maxresponse [vlan-id] vlan_id —...
Page 537: Ipv6 Mld Snooping (Global)
vlan-id no ipv6 mld snooping mcrtexpiretime [ vlan_id — Specifies a VLAN ID value in VLAN Database mode. • seconds — multicast router present expiration time in seconds. (Range: • 1–3600) Default Configuration The default multicast router present expiration time is 300 seconds. Command Mode Interface Configuration mode.
Page 538: Ipv6 Mld Snooping (Interface)
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping ipv6 mld snooping (Interface) The ipv6 mld snooping (Interface) command enables MLD Snooping on an interface. If an interface has MLD Snooping enabled and it becomes a member of a port-channel (LAG), MLD Snooping functionality is disabled on that interface.
Page 539: Ipv6 Mld Snooping (Vlan)
Syntax ipv6 mld snooping no ipv6 mld snooping Default Configuration MLD Snooping is disabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-4/0/1)#ipv6 mld snooping ipv6 mld snooping (VLAN) The ipv6 mld snooping (VLAN) command enables MLD Snooping on a particular VLAN and enables MLD snooping on all interfaces participating in a VLAN.
Page 540: Show Ipv6 Mld Snooping
User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping 1 show ipv6 mld snooping The show ipv6 mld snooping command displays MLD Snooping information. Configured information is displayed whether or not MLD Snooping is enabled. Syntax unit/slot/port show ipv6 mld snooping [interface {{gigabitethernet...
Page 541: Show Ipv6 Mld Snooping Groups
• VLANs Enabled for MLD Snooping — VLANs on which MLD Snooping is enabled. When you specify an interface or VLAN, the following information displays: • MLD Snooping Admin Mode — Indicates whether MLD Snooping is active on the interface or VLAN. •...
Page 542 Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example console#show ipv6 mld snooping groups Vlan Ipv6 Address Type Ports ---- ----------------------- ------- --------------------------- 3333.0000.0003 Dynamic 1/0/1,1/0/3 3333.0000.0004 Dynamic 1/0/1,1/0/3 3333.0000.0005 Dynamic 1/0/1,1/0/3 MLD Reporters that are forbidden statically: --------------------------------------------- Vlan Ipv6 Address...
Page 543 MLD Reporters that are forbidden statically: --------------------------------------------- Vlan Ipv6 Address Ports ---- ----------------------- ------------------------------------ IPv6 MLD Snooping Commands...
Page 544 IPv6 MLD Snooping Commands...
Page 545: Ipv6 Mld Snooping Querier Commands
IPv6 MLD Snooping Querier Commands IGMP/MLD Snooping Querier is an extension of the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect the multicast group membership information.
Page 546 ipv6 mld snooping querier Use the ipv6 mld snooping querier command to enable MLD Snooping Querier on the system. Use the "no" form of this command to disable MLD Snooping Querier. Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default.
Page 547: Ipv6 Mld Snooping Querier Address
Command Mode VLAN Database mode User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping querier 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the "no" form of this command to reset the global MLD Snooping Querier address to the default.
Page 548: Ipv6 Mld Snooping Querier Election Participate
ipv6 mld snooping querier election participate Use the ipv6 mld snooping querier election participate command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN. When this mode is enabled, if the Snooping Querier finds that the other Querier's source address is higher than the Snooping Querier's address, it stops sending periodic queries.
Page 549: Ipv6 Mld Snooping Querier Timer Expiry
Syntax interval ipv6 mld snooping querier query-interval ipv6 mld snooping querier query-interval interval — Amount of time that the switch waits before sending another • general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command...
Page 550: Show Ipv6 Mld Snooping Querier
Default Configuration The default timer expiration period is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information.
Page 551 MLD Snooping Querier Indicates whether or not MLD Snooping Querier is Mode active on the switch. Querier Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries. MLD Version Indicates the version of MLD that will be used while sending out the queries.
Page 552 Last Querier Address Indicates the IP address of the most recent Querier from which a Query was received. MLD Version Indicates the version of MLD. IPv6 MLD Snooping Querier Commands...
Page 553: Ip Source Guard Commands
IP Source Guard Commands IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address.
Page 554: Ip Verify Source Port-Security
Syntax ip verify source Default Configuration By default, IPSG is disabled on all interfaces. Command Mode Interface Configuration mode User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/1)#ip verify source ip verify source port-security Use the ip verify source port-security command in Interface Configuration mode to enable filtering of IP packets matching the source IP address and the source MAC address.
Page 555: Ip Verify Binding
Example console(config-if-1/0/1)#ip verify source port- security ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax macaddr vlan ipaddr interface ip verify binding Default Configuration By default, there will not be any static bindings configured.
Page 556: Show Ip Verify Source Interface
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show ip verify interface gigabitethernet 1/0/1 show ip verify source interface Use the show ip verify source interface command in Privileged EXEC mode to display the bindings configured on a particular interface.
Page 557 Syntax show ip source binding Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show ip source binding IP Source Guard Commands...
Page 558 IP Source Guard Commands...
Page 559: Iscsi Optimization Commands
iSCSI Optimization Commands iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
Page 560: Iscsi Aging Time
In addition, if configured, the packets can be updated with IEEE 802.1p or IP-DSCP values. This is done by enabling remark. Remarking packets with priority data provides special QoS treatment as the packets continue through the network. iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator.
Page 561: Iscsi Cos
User Guidelines Changing the aging time has the following behavior: • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table.
Page 562 Parameter Description remark Mark the iSCSI frames with the configured DSCP when egressing the switch. Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 4, which the default classofservice dot1p mapping assigns to queue 2. Command Mode Global Configuration mode.
Page 563: Iscsi Enable
Example The following example configures iSCSI packets to receive CoS treatment using DiffServ Code Point AF 41 and configures remarking of transmitted iSCSI packets. console(config)#iscsi cos dscp 10 remark iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command.
Page 564: Iscsi Target Port
The Application Priority TLV sent will contain the following information in addition to any other information contained in the TLV: AE Selector = 1 AE Protocol = 3260 AE Priority = priority configured for iSCSI PFC (the VPT value above) Example In the following example, iSCSI is globally enabled.
Page 565 Parameter Description targetname iSCSI name of the iSCSI target. The name can be statically configured; however, it can be obtained from iSNS or from sendTargets response. The initiator MUST present both its iSCSI Initiator Name and the iSCSI Target Name to which it wishes to connect in the first login request of a new session or connection.
Page 566: Show Iscsi
Example The following example configures TCP Port 49154 to target IP address 172.16.1.20. console(config)#iscsi target port 49154 address 172.16.1.20 show iscsi Use the show iscsi command in Privileged EXEC mode to display the iSCSI configuration. Syntax show iscsi Default Configuration There is no default configuration for this command.
Page 567: Show Iscsi Sessions
------------------------------------------------ TCP Port Target IP Address Name 3260 30001 172.16.1.1 iqn.1993-11.com.disk- vendor:diskarrays.sn.45678.tape:sys1.xyz 30033 172.16.1.10 ------------------------------------------------ iSCSI Static Rule Table ------------------------------------------------ Index TCP Port IP Address IP Address Mask TCP Port Target IP Address Name show iscsi sessions Use the show iscsi sessions command in Privileged EXEC mode to display the iSCSI status.
Page 568 console#show iscsi sessions Target: iqn.1993-11.com.disk- vendor:diskarrays.sn.45678 ----------------------------------------------------- Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12 ISID: 11 Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 ISID: 222 ----------------------------------------------------- Target: iqn.103-1.com.storage-vendor:sn.43338. storage.tape:sys1.xyz Session 3: Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12 Session 4: Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Console# show iscsi sessions detailed Target: iqn.1993-11.com.disk- vendor:diskarrays.sn.45678 ----------------------------------------------------- Session 1: Initiator: iqn.1992-04.com.os vendor.plan9:cdrom.12.storage:sys1.xyz ----------------------------------------------------- Time started: 17-Jul-2008 10:04:50...
Page 569 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.22 30001 Session 2: ----------------------------------------------------- Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Time started: 17-Aug-2008 21:04:50 Time for aging out: 2 min ISID: 22 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.30 49200 172.16.1.20 30001...
Page 570 iSCSI Optimization Commands...
Page 571: Link Dependency Commands
Link Dependency Commands Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface.
Page 572: Link-Dependency Group
Default Configuration The default configuration for a group is down, i.e. the group members will mirror the depended-on link status by going down when all depended-on interfaces are down. Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up.
Page 573: Add Gigabitethernet
Example console(config)#link-dependency group 1 console(config-linkDep-group-1)# add gigabitethernet Use this command to add member gigabit Ethernet port(s) to the dependency list. Syntax intf-list add gigabitethernet intf-list — List of Ethernet interfaces in unit/slot/port format. Separate • nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
Page 574: Add Port-Channel
intf-list — List of Ethernet interfaces in unit/slot/port format. Separate • nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. (Range: Valid Ethernet interface list or range) Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines...
Page 575: Depends-On
Command Mode Link Dependency mode User Guidelines No specific guidelines Example console(config-depend-1)#add port-channel 10-12 depends-on Use this command command to add the dependent Ethernet ports or port channels list. Use the no depends-on command to remove the dependent Ethernet ports or port-channels list. Syntax intf-list depends-on {gigabitethernet | port-channel | tengigabitethernet}...
Page 576: Show Link-Dependency
Examples console(config-linkDep-group-1)#depends-on gigabitethernet 1/0/10 console(config-linkDep-group-1)#depends-on port- channel 6 show link-dependency Use the show link-dependency command to show the link dependencies configured for a particular group. If no group is specified, then all the configured link-dependency groups are displayed. Syntax group GroupId show link-dependency [ ] [detail] Parameter Description...
Page 577 console#show link-dependency GroupId Member Ports Ports Depended On Link Action Group State ------- --------------- ------------------ ---------- ---------- Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows link dependencies for group 1 only. console#show link-dependency group 1 GroupId Member Ports Ports Depended On Link Action Group State ------- --------------- ------------------ ---------- ---------- Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12...
Page 578 Link Dependency Commands...
Page 579: Lldp Commands
LLDP Commands The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an 802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
Page 580: Commands In This Chapter
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.
Page 581: Clear Lldp Statistics
Default Configuration By default, data is removed only on system reset. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command in Privileged EXEC mode to reset all LLDP statistics.
Page 582: Lldp Med
lldp med This command is used to enable/disable LLDP-MED on an interface. By enabling MED, the transmit and receive functions of LLDP are effectively enabled. Syntax Description lldp med no lldp med Parameter Ranges Not applicable Command Mode Interface (Ethernet) Configuration Default Value LLDP-MED is disabled on all supported interfaces.
Page 583: Lldp Med Faststartrepeatcount
Parameter Ranges Not applicable Command Mode Interface (Ethernet) Configuration Default Value By default, notifications are disabled on all supported interfaces. Usage Guidelines No specific guidelines. Example console(config)#lldp med confignotification lldp med faststartrepeatcount This command is used to set the value of the fast start repeat count. Syntax Description count lldp med faststartrepeatcount...
Page 584: Lldp Med Transmit-Tlv
Example console(config)# lldp med faststartrepeatcount 2 lldp med transmit-tlv This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. There are certain conditions that have to be met for this port to be MED compliant. These conditions are explained in the normative section of the specification.
Page 585: Lldp Notification
lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications. To disable notifications, use the no form of this command. Syntax lldp notification no lldp notification Default Configuration By default, notifications are disabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines...
Page 586: Lldp Receive
• interval — The smallest interval in seconds at which to send remote data change notifications. (Range: 5–3600 seconds) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the interval value to 10 seconds.
Page 587: Lldp Timers
Example The following example displays how to enable the LLDP receive capability. console(config-if-1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP . To return any or all parameters to factory default, use the no form of this command.
Page 588: Lldp Transmit
Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before re- initialization.
Page 589: Lldp Transmit-Mgmt
lldp transmit-mgmt Use the lldp transmit-mgmt command in Interface Configuration mode to include transmission of the local system management address information in the LLDPDUs. To cancel inclusion of the management information, use the no form of this command. Syntax lldp transmit-mgmt no lldp transmit-mgmt Default Configuration By default, management address information is not included.
Page 590: Show Lldp
sys-name — Transmits the system name TLV • sys-desc — Transmits the system description TLV • • sys-cap — Transmits the system capabilities TLV • port desc — Transmits the port description TLV Default Configuration By default, no optional TLVs are included. Command Mode Interface Configuration (Ethernet) mode User Guidelines...
Page 591: Show Lldp Interface
User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary. console# show lldp Global Configurations: Transmit Interval: 30 seconds Transmit TTL Value: 120 seconds Reinit Delay: 2 seconds Notification Interval: limited to every 5 seconds console#show lldp LLDP transmit and receive disabled on all interfaces show lldp interface...
Page 592: Show Lldp Local-Device
Examples This example show how the information is displayed when you use the command with the all parameter. console#show lldp interface all Interface Link Transmit Receive Notify TLVs Mgmt --------- ---- -------- -------- -------- ------- ---- 1/0/1 Enabled Enabled Enabled 0,1,2,3 1/0/2 Down Enabled...
Page 593 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples These examples show advertised LLDP local data in two levels of detail. console#show lldp local-device all LLDP Local Device Summary Interface Port ID Port Description...
Page 594: Show Lldp Med
System Capabilities Enabled: bridge Management Address: Type: IPv4 Address: 192.168.17.25 show lldp med This command displays a summary of the current LLDP MED configuration. Syntax Description show lldp med Parameter Ranges Not applicable Command Mode Privileged EXEC Default Value Not applicable Usage Guidelines No specific guidelines.
Page 595: Show Lldp Med Interface
show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface. Syntax Description unit/slotport show lldp med interface {gigabitethernet | tengigabitethernet unit/slotport | all} • all — Shows information for all valid LLDP interfaces. Parameter Ranges Not applicable Command Mode...
Page 596: Show Lldp Med Local-Device Detail
LLDP MED Interface Configuration Interface Link configMED operMED ConfigNotify TLVsTx --------- ------ -------- -------- -------- ------ 1/0/1 Enabled Enabled Disabled TLV Codes: 0- Capabilities, 1- Network Policy 2-Location, 3- Extended PSE, 4- Extended PD, 5-Inventory show lldp med local-device detail This command displays the advertised LLDP local data in detail.
Page 597 LLDP MED Local Device Detail Interface: 1/0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx...
Page 598: Show Lldp Med Remote-Device
Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.2 watts Source: local Priority: low show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface.
Page 599 all — Indicates all valid LLDP interfaces. • detail — Includes a detailed version of remote data for the indicated • interface. Parameter Ranges Not applicable Command Mode Privileged EXEC Default Value Not applicable Example Console#show lldp med remote-device all LLDP MED Remote Device Summary Local InterfaceDevice Class...
Page 600 Local Interface: 1/0/1 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1...
Page 601 Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary...
Page 602: Show Lldp Remote-Device
show lldp remote-device Use the lldp remote-device command in Privileged EXEC mode to display the current LLDP remote data. This command can display summary information or detail for each interface. Syntax interface interface show lldp remote-device {detail | all} • detail —...
Page 603: Show Lldp Statistics
Ethernet1/0/1, Remote ID: 01:23:45:67:89:AB System Name: system-1 System Description: System Capabilities: Bridge Port ID: 01:23:45:67:89:AC Port Description: 1/0/4 Management Address: 192.168.112.1 TTL: 60 seconds show lldp statistics Use the show lldp statistics command in Privileged EXEC mode to display the current LLDP traffic statistics. Syntax unit/slot/port show lldp statistics {...
Page 604 Last Update........0 days 22:58:29 Total Inserts........ 1 Total Deletes........ 0 Total Drops........0 Total Ageouts........ 1 Interface Total Total Discards Errors Ageout Discards Unknowns MED 802.1 802.3 --------- ----- ----- -------- ------ ------ -------- -------- ---- ----- -- 1/0/11 29395 82562 0 The following table explains the fields in this example.
Page 605 Fields Description Errors Number of non-valid LLDP frames received on the indicated port. Ageouts Number of times a remote data entry on the indicated port has been deleted due to TTL expiration. TLV Discards Number LLDP TLVs (Type, Length, Value sets) received on the indicated port and discarded for any reason by the LLDP agent.
Page 606 LLDP Commands...
Page 607: Commands
Multicast VLAN Registration Commands Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
Page 608: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic Use the mvr command in Global Config and Interface Config modes to enable MVR.
Page 609: Mvr Group
mvr group Use the mvr group command in Global Config mode to add an MVR membership group. Use the no form of the command to remove an MVR membership group. Syntax A.B.C.D count mvr group A.B.C.D count no mvr group Parameter Description Parameter Description...
Page 610: Mvr Mode
console(config)#mvr group 239.0.1.0 100 console(config)#mvr vlan 10 mvr mode Use the mvr mode command in Global Config mode to change the MVR mode type. Use the no form of the command to set the mode type to the default value. Syntax mvr mode {compatible | dynamic} no mvr mode...
Page 611 Syntax 1–100 mvr querytime no mvr querytime Parameter Description Parameter Description querytime The query time is a maximum time to wait for an IGMP membership report on a receiver port before removing the port from the multicast group. The query time only applies to receiver ports.
Page 612: Mvr Vlan
mvr vlan Use the mvr vlan command in Global Config mode to set the MVR multicast VLAN. Use the no form of the command to set the MVR multicast VLAN to the default value. Syntax 1–4094 mvr vlan no mvr vlan Parameter Description Parameter Description...
Page 613: Mvr Type
Syntax mvr immediate no mvr immediate Parameter Description This command does not require a parameter description. Default Configuration The default value is Disabled. Command Mode Interface Config User Guidelines Immediate leave should only be configured on ports with a single receiver. When immediate leave is enabled, a receiver port will leave a group on receipt of a leave message.
Page 614 Syntax mvr type { receiver | source } no mvr type Parameter Description Parameter Description receiver Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. source Configure the port as a source port. Source ports are ports over which multicast data is received or sent.
Page 615: Mvr Vlan Group
console(config-if-Gi1/0/1)#interface Gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 99 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 99 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#exit mvr vlan group Use the mvr vlan group command in Interface Config mode to participate in the specific MVR group. Use the no form of this command to remove the port participation from the specific MVR group.
Page 616: Show Mvr
User Guidelines This command statically configures a port to receive the specified multicast group on the specified VLAN. This command only applies to receiver ports in compatible mode. It also applies to source ports in dynamic mode. In dynamic mode, receiver ports can also join multicast groups using IGMP messages.
Page 617 Parameter Description MVR Max Multicast Groups The maximum number of multicast groups that is supported by MVR. MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode.
Page 618: Show Mvr Members
show mvr members Use the show mvr members command in Privileged EXEC mode to display the MVR membership groups allocated. Syntax A.B.C.D show mvr members [ Parameter Description The parameter is a valid multicast address in IPv4 dotted notation. The following table explains the output parameters.
Page 619: Show Mvr Interface
MVR Group IP Status Members ------------------ --------------- --------------------- 224.1.1.1 INACTIVE 1/0/1, 1/0/2, 1/0/3 console#show mvr members 224.1.1.1 MVR Group IP Status Members ------------------ --------------- --------------------- 224.1.1.1 INACTIVE 1/0/1, 1/0/2, 1/0/3 show mvr interface Use the show mvr interface command in Privileged EXEC mode to display the MVR enabled interfaces configuration.
Page 620 Parameter Description Immediate Leave The state of immediate mode. It can be enabled or disabled. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message...
Page 621: Show Mvr Traffic
show mvr traffic Use the show mvr traffic command in Privileged EXEC mode to display global MVR statistics. Syntax show mvr traffic Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines...
Page 622 Parameter Description IGMP Report V1 Transmitted Number of transmitted IGMP Reports V1. IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets.
Page 623: Port Channel Commands
Port Channel Commands Care must be taken while enabling this type of configuration. If the Partner System is not 802.3AD compliant or the Link Aggregation Control protocol is not enabled, there may be network instability. Network instability occurs when one side assumes that the members in an aggregation are one single link, while the other side is oblivious to this aggregation and continues to treat the 'members' as individual links.
Page 624: Port Channels
A LAG can be either static or dynamic not both. It cannot have some members participate in the protocol while other members not participate. Additionally, it is not possible to change a LAG from static to dynamic via the CLI. You must remove the member ports from the static LAG and then add them to the dynamic LAG.
Page 625: Lag Hashing
A LAG failure of one or more of the links does not stop traffic in any manner. Upon failure, the flows mapped to a link are dynamically reassigned to the remaining links of the LAG. Similarly when links are added to a LAG, the conversations may need to be shifted to a new link.
Page 626: Enhanced Lag Hashing
The hashing algorithm is configurable for each LAG. Typically, an administrator is able to choose from hash algorithms utilizing the following attributes of a packet to determine the outgoing port: • Source MAC, VLAN, EtherType, and incoming port associated with the packet.
Page 627: Manual Aggregation Of Lags
Manual Aggregation of LAGs PowerConnect switching supports the manual addition and deletion of links to aggregates. In the manual configuration of aggregates, the ports send their Actor Information (LACPDUs) to the partner system in order to find a suitable Partner to form an aggregation. When the Partner System neglects to respond using LACPDUs, the PowerConnect switching aggregates manually.
Page 628: Channel-Group
channel-group Use the channel-group command in Interface Configuration mode to associate a port with a port channel. To remove the channel-group configuration from the interface, use the no form of this command. Syntax port-channel-number channel-group mode {on | active} no channel-group port-channel-number —...
Page 629: Interface Port-Channel
interface port-channel Use the interface port-channel command in Global Configuration mode to configure a port-channel type and enter port-channel configuration mode. Syntax port-channel-number interface port-channel Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Page 630: Hashing-Mode
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, it stops the execution of the command on subsequent interfaces.
Page 631: Lacp Port-Priority
• 6 — Source/destination IP and source/destination TCP/UDP port • 7 — Enhanced hashing mode Default Configuration This command has no default configuration. Command Mode Interface Configuration (port-channel) User Guidelines No specific guidelines. Example console(config)#interface port-channel l console(config-if-po1)#hashing-mode 4 console(config-if-po1)#no hashing mode lacp port-priority Use the lacp port-priority command in Interface Configuration mode to configure the priority value for physical ports.
Page 632: Lacp System-Priority
User Guidelines This command has no user guidelines. Example The following example configures the priority value for port 1/0/8 to 247. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#lacp port-priority 247 lacp system-priority Use the lacp system-priority command in Global Configuration mode to configure the Link Aggregation system priority. To reset to default, use the no form of this command.
Page 633: Lacp Timeout
lacp timeout Use the lacp timeout command in Interface Configuration mode to assign an administrative LACP timeout. To reset the default administrative LACP timeout, use the no form of this command. Syntax lacp timeout {long | short} no lacp timeout •...
Page 634: Show Interfaces Port-Channel
Syntax port-channel min-links no port-channel min-links Parameter Description Parameter Description min-links The minimum number of links that must be active before the link is declared up. Range 1-8. The default is 1. Default Configuration This command has no default configuration. Command Mode Interface Configuration (port-channel) mode User Guidelines...
Page 635: Show Lacp
User Guidelines No specific guidelines. Example console#show interfaces port-channel Channel Ports ChType Hash Algorithm Type min-Links ------- ------------------ ------- ------------------- --------- Inactive: Gi1/0/3 Dynamic 3 No Configured Ports Static Hash Algorithm Type 1 - Source MAC, VLAN, Ethertype, source module and port ID 2 - Destination MAC, VLAN, Ethertype, source module and port ID 3 - Source IP and source TCP/UDP port 4 - Destination IP and destination TCP/UDP port...
Page 636 User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information. console#show lacp gigabitethernet 1/0/1 Port 1/0/1 LACP parameters: Actor system priority: system mac addr: 00:00:12:34:56:78 port Admin key: port Oper key: port Oper priority: port Admin timeout: LONG...
Page 637: Show Statistics Port-Channel
port Admin priority: port Oper priority: port Oper timeout: LONG LACP Activity: ASSIVE Aggregation: AGGREGATABLE synchronization: FALSE collecting: FALSE distributing: FALSE expired: FALSE Port 1/0/1 LACP Statistics: LACP PDUs sent: LACP PDUs received: show statistics port-channel Use the show statistics port-channel command in Privileged EXEC mode to display statistics about a specific port-channel.
Page 638 Example The following example shows statistics about port-channel 1. console#show statistics port-channel 1 Total Packets Received (Octets)....0 Packets Received > 1522 Octets....0 Packets RX and TX 64 Octets....1064 Packets RX and TX 65-127 Octets....140 Packets RX and TX 128-255 Octets....201 Packets RX and TX 256-511 Octets....
Page 639 Total Received Packets Not Forwarded... 0 Local Traffic Frames......0 802.3x Pause Frames Received....0 Unacceptable Frame Type......0 Multicast Tree Viable Discards....0 Reserved Address Discards...... 0 Broadcast Storm Recovery....... 0 CFI Discards........0 Upstream Threshold......0 Total Packets Transmitted (Octets)..... 263567 Max Frame Size.........
Page 640 802.3x Pause Frames Transmitted....0 GVRP PDUs received......0 GVRP PDUs Transmitted......0 GVRP Failed Registrations...... 0 Time Since Counters Last Cleared....0 day 0 hr 17 min 52 sec console# Port Channel Commands...
Page 641: Port Monitor Commands
Port Monitor Commands PowerConnect switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed.
Page 642: Monitor Session
monitor session show monitor session monitor session Use the monitor session command in Global Configuration mode to configure a probe port and a monitored port for monitor session (port monitoring). Use the src-interface parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets.
Page 643: Show Monitor Session
User Guidelines The source of a monitoring session must be configured before the destination can be configured. Example The following examples show a simple port level configuration that mirrors both transmitted and received packet from one port to another. console(config)#monitor session 1 source interface 1/0/8 console(config)#monitor session 1 destination interface 1/0/10...
Page 644 Session ID Admin Mode Probe Port Mirrored Port Type ---------- ---------- ---------- ------------- ----- Enable 1/0/10 1/0/8 Rx,Tx Port Monitor Commands...
Page 645: Qos Commands
QoS Commands Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
Page 646: Layer 2 Acls
A user configures an ACL permit rule to force its matching traffic stream to a specific egress interface, bypassing any forwarding decision normally performed by the device. The interface can be a physical port or a LAG. The redirect interface rule action is independent of, but compatible with, the assign queue rule action.
Page 647: Queue Mapping
– Untrusted Port Default Priority • Queue Configuration This enables PowerConnect switches to support a wide variety of delay sensitive video and audio multicast applications. CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Page 648: Commands In This Chapter
process is also used for cases where a trusted port mapping is unable to be honored, such as when a nonIP packet arrives at a port configured to trust the IP precedence or IP DSCP value. Commands in this Chapter This chapter explains the following commands: assign-queue mark cos...
Page 649: Assign-Queue
assign-queue Use the assign-queue command in Policy-Class-Map Configuration mode to modify the queue ID to which the associated traffic stream is assigned. Syntax queueid assign-queue queueid — Specifies a valid queue ID. (Range: integer from 0–6.) • Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines...
Page 650: Class-Map
Example The following example shows how to specify the DiffServ class name of "DELL." console(config)#policy-map DELL1 console(config-classmap)#class DELL class-map Use the class-map command in Global Configuration mode to define a new match-all . To delete the existing class, use the no form DiffServ class of type of this command.
Page 651: Class-Map Rename
User Guidelines There are no user guidelines for this command. Example The following example creates a class-map named "DELL" which requires all ACE’s to be matched. console(config)#class-map DELL console(config-cmap)# class-map rename Use the class-map rename command in Global Configuration mode to change the name of a DiffServ class.
Page 652: Classofservice Dot1P-Mapping
console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an 802.1p priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface. Use the no form of the command to remove mapping between an 802.1p priority and an internal traffic class.
Page 653: Classofservice Ip-Dscp-Mapping
classofservice ip-dscp-mapping Use the classofservice ip-dscp-mapping command in Global Configuration mode to map an IP DSCP value to an internal traffic class. Syntax ipdscp trafficclass classofservice ip-dscp-mapping ipdscp — Specifies the IP DSCP value to which you map the specified •...
Page 654: Conform-Color
Syntax classofservice trust {dot1p | untrusted | ip-dscp} no classofservice trust • dot1p — Specifies that the mode be set to trust dot1p (802.1p) packet markings. • untrusted — Sets the Class of Service Trust Mode for all interfaces to Untrusted.
Page 655: Cos-Queue Min-Bandwidth
of the policy command, the conform action defaults to send, the exceed action defaults to drop, and the violate action defaults to drop. These actions can be set with this command. Syntax conform-color Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines...
Page 656: Cos-Queue Random-Detect
Default Configuration This command has no default configuration. Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines The maximum number of queues supported per interface is seven. Example The following example displays how to specify the minimum transmission bandwidth for seven interfaces.
Page 657: Cos-Queue Strict
Default Configuration WRED queue management policy is disabled by default. Tail-drop queue management policy is enabled by default. Command Mode Interface Configuration (physical or port-channel) User Guidelines When used on a port-channel, this command will override the settings on the individual interfaces that are part of the port channel.
Page 658: Diffserv
queue-id-1 queue-id-2 queue-id-n no cos-queue strict { } [{ } … { queue-id-1 — Specifies the queue ID for which you are activating the • strict priority scheduler. You can specify a queue ID for as many queues as you have (queue-id 1 through queue-id-n). (Range: 0–6) Default Configuration This command has no default configuration.
Page 659: Drop
Default Configuration This command default is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress.
Page 660: Mark Cos
console(config-policy-classmap)#drop mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header. If the packet does not already contain this header, one is inserted.
Page 661: Mark Ip-Precedence
dscpval — Specifies a DSCP value (10, 12, 14, 18, 20, 22, 26, 28, 30, 34, 36, • 38, 0, 8, 16, 24, 32, 40, 48, 56, 46) or a DSCP keyword (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef).
Page 662: Match Class-Map
User Guidelines. This command has no user guidelines. Example The following example displays console(config)#policy-map p1 in console(config-policy-map)#class c1 console(config-policy-classmap)#mark ip-precedence 2 console(config-policy-classmap)# match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class. Use the no form of this command to remove from the specified class definition the set of match conditions defined for another class.
Page 663: Match Cos
Example The following example adds match conditions defined for the Dell class to the class currently being configured. console(config-classmap)#match class-map Dell The following example deletes the match conditions defined for the Dell class from the class currently being configured.
Page 664: Match Destination-Address Mac
Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the destination MAC address of a packet.
Page 665: Match Dstip
Example The following example displays adding a match condition for the specified MAC address and bit mask. console(config-classmap)#match destination-address mac AA:ED:DB:21:11:06 FF:FF:FF:EF:EE:EE match dstip Use the match dstip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the destination IP address of a packet.
Page 666: Match Dstl4Port
match dstip6 The match dstip6 command adds to the specified class definition a match condition based on the destination IPv6 address of a packet. Syntax destination-ipv6-prefix/prefix-length match dstip6 destination-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. •...
Page 667: Match Ethertype
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the destination layer 4 port of a packet using the "echo" port name keyword. console(config-classmap)#match dstl4port echo match ethertype Use the match ethertype command in Class-Map Configuration mode to add...
Page 668: Match Ip6Flowlbl
Example The following example displays how to add a match condition based on ethertype. console(config-classmap)#match ethertype arp match ip6flowlbl The match ip6flowlbl command adds to the specified class definition a match condition based on the IPv6 flow label of a packet. Syntax label match ip6flowlbl...
Page 669: Match Ip Dscp
match ip dscp Use the match ip dscp command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet. This field is defined as the high-order six bits of the Service Type octet in the IP header.
Page 670: Match Ip Precedence
match ip precedence Use the match ip precedence command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP precedence field. Syntax precedence match ip precedence precedence — Specifies the precedence field in a packet. This field is the •...
Page 671: Match Protocol
Syntax tosbits tosmask match ip tos tosbits — Specifies a two-digit hexadecimal number. (Range: 00–ff) • tosmask — Specifies the bit positions in the tosbits parameter that are • used for comparison against the IP TOS field in a packet. This value of this parameter is expressed as a two-digit hexadecimal number.
Page 672: Match Source-Address Mac
protocol-name — Specifies one of the supported protocol name keywords. • icmp , igmp , ip , tcp , and udp . The supported values are protocol-number — Specifies the standard value assigned by IANA. • (Range 0–255) Default Configuration This command has no default configuration.
Page 673: Match Srcip
Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example adds to the specified class definition a match condition based on the source MAC address of the packet. console(config-classmap)# match source-address mac 10:10:10:10:10:10 11:11:11:11:11:11 match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP...
Page 674: Match Srcl4Port
Example The following example displays adding a match condition for the specified IP address and address bit mask. console(config-classmap)#match srcip 10.240.1.1 10.240.0.0 match srcip6 The match srcip6 command adds to the specified class definition a match condition based on the source IPv6 address of a packet. Syntax source-ipv6-prefix/prefix-length match srcip6...
Page 675: Match Vlan
Syntax portkey port-number match srcl4port { portkey — Specifies one of the supported port name keywords. A match • condition is specified by one layer 4 port number. The currently supported values are: domain, echo, ftp, ftpdata, http, smtp,snmp, telnet, tftp, and www.
Page 676: Mirror
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition for the VLAN ID "2." console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified.
Page 677: Police-Simple
Example The following example displays how to copy all the data to port 1/0/5. console(config-policy-classmap)#mirror 1/0/5 police-simple Use the police-simple command in Policy-Class-Map Configuration mode to establish the traffic policing style for the specified class. The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and nonconform.
Page 678: Policy-Map
User Guidelines Only one style of police command (simple) is allowed for a given class instance in a particular policy. Example The following example shows how to establish the traffic policing style for the specified class. console(config-policy-classmap)#police-simple 33 34 conform-action transmit violate-action transmit policy-map Use the policy-map command in Global Configuration mode to establish a new DiffServ policy or to enter policy map configuration mode.
Page 679: Redirect
Example The following example shows how to establish a new ingress DiffServ policy named "DELL." console(config)#policy-map DELL in console(config-policy-classmap)# redirect Use the redirect command in Policy-Class-Map Configuration mode to specify that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel).
Page 680: Service-Policy
Example The following example shows how to redirect incoming packets to port 1/0/1. config-policy-classmap console( )#redirect 1/0/1 service-policy Use the service-policy command in either Global Configuration mode (for all system interfaces) or Interface Configuration mode (for a specific interface) to attach a policy to an interface. To return to the system default, use the no form of this command.
Page 681: Show Class-Map
ACLs and DiffServ policies may not both exist on the same interface in the same direction. Example The following example shows how to attach a service policy named "DELL" to all interfaces. console(config)#service-policy DELL show class-map Use the show class-map command in Privileged EXEC mode to display all configuration information for the specified class.
Page 682 Example The following example displays all the configuration information for the class named "Dell". console#show class-map Class L3 Class Name Type Proto Reference Class Name ------------------------------- ----- ----- ----------------------- ------ ipv4 ipv4 ipv6 ipv6 stop_http_class ipv6 match_icmp6 ipv6 console#show class-map ipv4 Class Name........
Page 683: Show Classofservice Dot1P-Mapping
Source Layer 4 Port 80(http/www) show classofservice dot1p-mapping Use the show classofservice dot1p-mapping command in Privileged EXEC mode to display the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. Syntax unit/slot/port show classofservice dot1p-mapping [{gigabitethernet | port- port-channel-number | tengigabitethernet unit/slot/port }] channel...
Page 684: Show Classofservice Ip-Dscp-Mapping
The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value. Traffic Class The traffic class internal queue identifier to which the user priority value is mapped. show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command in Privileged EXEC mode to display the current IP DSCP mapping to internal traffic classes for a...
Page 685 IP DSCP Traffic Class ------------- ------------- 0(be/cs0 8(cs1) 10(af11) 12(af12) 14(af13) 16(cs2) 18(af21) --More-- or (q)uit 20(af22) 22(af23) QoS Commands...
Page 686 24(cs3) 26(af31) 28(af32) 30(af33) 32(cs4) 34(af41) 36(af42) 38(af43) 40(cs5) --More-- or (q)uit 46(ef) QoS Commands...
Page 687: Show Classofservice Trust
48(cs6) 56(cs7) console# show classofservice trust Use the show classofservice trust command in Privileged EXEC mode to display the current trust mode setting for a specific interface. Syntax unit/slot/port port- show classofservice trust [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
Page 688: Show Diffserv
Command Mode Privileged EXEC mode User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown. Example The following example displays the current trust mode settings for the specified port.
Page 689: Show Diffserv Service Interface
console#show diffserv DiffServ Admin mode......Enable Class Table Size Current/Max....5 / 25 Class Rule Table Size Current/Max.... 6 / 150 Policy Table Size Current/Max....2 / 64 Policy Instance Table Size Current/Max..2 / 640 Policy Attribute Table Size Current/Max..2 / 1920 Service Table Size Current/Max....
Page 690: Show Diffserv Service Interface Port-Channel
User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode......Enable Interface........1/0/1 Direction........In No policy is attached to this interface in this direction. show diffserv service interface port-channel Syntax Description channel-group show diffserv service interface port-channel {in|out}...
Page 691: Show Diffserv Service Brief
User Guidelines Not applicable Example console#show diffserv service interface port-channel 1 in DiffServ Admin Mode......Enable Interface........po1 Direction........In No policy is attached to this interface in this direction show diffserv service brief Use the show diffserv service brief command in Privileged EXEC mode to display all interfaces in the system to which a DiffServ policy has been attached.
Page 692: Show Interfaces Cos-Queue
----------- ----------- ------------ ------------------- 1/0/1 Down DELL show interfaces cos-queue Use the show interfaces cos-queue command in Privileged EXEC mode to display the class-of-service queue configuration for the specified interface. Syntax unit/slot/port show interfaces cos-queue [{gigabitethernet | port-channel port-channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
Page 693 Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop This example displays the COS configuration for the specified interface 1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface........1/0/1 Interface Shaping Rate......0 Queue Id Min.
Page 694: Show Interfaces Random-Detect
Parameter Description Intf Shaping Rate The maximum transmission bandwidth limit for the interface as a whole. It is independent of any per-queue maximum bandwidth values in effect for the interface. This value is a configured value. Queue Mgmt Type The queue depth management technique used for all queues on this interface.
Page 695: Show Policy-Map
This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show policy-map Policy Name Policy Type Class Members ----------- ----------- ------------- POLY1 DellClass DELL DellClass QoS Commands...
Page 696: Show Policy-Map Interface
This command has no user guidelines. Example The following example displays the statistics information for port 1/0/1. console#show policy-map interface 1/0/1 in Interface........1/0/1 Operational Status......Down Policy Name........DELL Interface Summary: Class Name........murali In Discarded Packets......0 QoS Commands...
Page 697: Show Service-Policy
Class Name........test In Discarded Packets......0 Class Name........DELL1 In Discarded Packets......0 Class Name........DELL In Discarded Packets......0 show service-policy Use the show service-policy command in Privileged EXEC mode to display a summary of policy-oriented statistics information for all interfaces.
Page 698: Traffic-Shape
1/0/2 Down DELL 1/0/3 Down DELL 1/0/4 Down DELL 1/0/5 Down DELL 1/0/6 Down DELL 1/0/7 Down DELL 1/0/8 Down DELL 1/0/9 Down DELL 1/0/10 Down DELL traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit rate shaping for the interface as a whole.
Page 699 User Guidelines This command has no user guidelines. Example The following example displays the setting of traffic-shape to a maximum bandwidth of 1024 Kbps. console(config-if-1/0/1)#traffic-shape 1024 kbps QoS Commands...
Page 700 QoS Commands...
Page 701: Radius Commands
RADIUS Commands Managing and determining the validity of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
Page 702 Table 32-1. RADIUS Attributes Supported by PowerConnect Switch Service Type RADIUS Attribute Name 802.1X User Manager Captive Portal NAS-IP-ADDRESS NAS-PORT SERVICE-TYPE FILTER-ID FRAMED-MTU REPLY-MESSAGE STATE CLASS VENDOR-SPECIFIC SESSION-TIMEOUT IDLE-TIMEOUT TERMINATION-ACTION CALLED-STATION-ID CALLING-STATION-ID NAS-IDENTIFIER ACCT-STATUS-TYPE Set by RADIUS client for Accounting ACCT-INPUT-OCTETS ACCT-OUTPUT-OCTETS ACCT-SESSION-ID...
Page 703 Table 32-1. RADIUS Attributes Supported by PowerConnect Switch Service Type RADIUS Attribute Name 802.1X User Manager Captive Portal NAS-PORT-TYPE TUNNEL-TYPE TUNNEL-MEDIUM-TYPE EAP-MESSAGE MESSAGE-AUTHENTICATOR Set by RADIUS client for Accounting TUNNEL-PRIVATE-GROUP-ID Yes The following attributes are processed in the RADIUS Access-Accept message received from a RADIUS server: •...
Page 704: Commands In This Chapter
• FILTER-ID – Name of the filter list for this user. • TUNNEL-TYPE – Used to indicate that a VLAN is to be assigned to the user when set to tunnel type VLAN (13). • TUNNEL-MEDIUM-TYPE – Used to indicate the tunnel medium type. Must be set to medium type 802 (6) to enable VLAN assignment.
Page 705: Radius
aaa accounting network default start-stop group radius Use the aaa accounting network default start-stop group radius command to enable RADIUS accounting on the switch. Use the “no” form of this command to disable RADIUS accounting. Syntax aaa accounting network default start-stop group radius no aaa accounting network default start-stop group radius Default Configuration RADIUS accounting is disabled by default.
Page 706: Auth-Port
Default Configuration The default value of the port number is 1813. Command Mode Radius (accounting) mode User Guidelines There are no user guidelines for this command. Example The following example sets port number 56 for accounting requests. console(config)#radius-server host acct 3.2.3.2 console(Config-acct-radius)#acct-port 56 auth-port Use the auth-port command in Radius mode to set the port number for...
Page 707: Deadtime
Example The following example sets the port number 2412 for authentication requests. console(config)#radius-server host 192.143.120.123 console(config-radius)#auth-port 2412 deadtime Use the deadtime command in Radius mode to configure the minimum amount of time to wait before attempting to re-contact an unresponsive RADIUS server.
Page 708: Msgauth
Use the key command to specify the encryption key which is shared with the RADIUS server. Use the "no" form of this command to remove the key. Syntax key-string key-string — A string specifying the encryption key (Range: 0 - 128 •...
Page 709: Name (Radius Server)
Default Configuration The message authenticator attribute is enabled by default. Command Mode Radius mode User Guidelines There are no user guidelines for this command. Example console(Config-auth-radius)#msgauth name (RADIUS server) Use the name command to assign a name to a RADIUS server. Use the no form of the command to return the name to the default (unspecified).
Page 710: Primary
User Guidelines Names may only be set for authentication servers, not for accounting servers. Names may consist of alphanumeric characters and the underscore, dash and blanks.Embed the name in double quotes to use a name with blanks. NOTE: When multiple radius servers are configured with different names, e.g.. ServerName is name1 and address is 1.1.1.1 ServerName is name2 and address is 1.1.1.2 The radius request is always sent to the first ordered name server list, i.e.
Page 711: Priority
Syntax primary Default Configuration There is no primary authentication server by default. Command Mode Radius mode User Guidelines There are no user guidelines for this command. Example console(Config-auth-radius)#primary priority Use the priority command in Radius mode to specify the order in which the servers are to be used, with 0 being the highest priority.
Page 712: Radius-Server Deadtime
Example The following example specifies a priority of 10 for the designated server. console(config)#radius-server host 192.143.120.123 console(config-radius)#priority 10 radius-server deadtime Use the radius-server deadtime command in Global Configuration mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server.
Page 713: Radius-Server Host
Example The following example sets the minimum interval for a RADIUS server will not be contacted after becoming unresponsive. console(config)#radius-server deadtime 10 radius-server host Use the radius-server host command in Global Configuration mode to specify a RADIUS server host and enter RADIUS Configuration mode. To delete the specified Radius host, use the no form of this command.
Page 714: Radius-Server Key
Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the authentication and encryption key for all Radius communications between the device and the Radius server to “dell- .” server console(config)#radius-server key dell-server RADIUS Commands...
Page 715: Radius-Server Retransmit
radius-server retransmit Use the radius-server retransmit command in Global Configuration mode to specify the number of times the Radius client will retransmit requests to the Radius server. To reset the default configuration, use the no form of this command. Syntax retries radius-server retransmit no radius-server retransmit...
Page 716: Radius-Server Timeout
no radius-server source-ip source — Specifies the source IP address. • Default Configuration The default IP address is the outgoing IP interface. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the source IP address used for communication with Radius servers to 10.1.1.1.
Page 717: Retransmit
User Guidelines This command has no user guidelines. Example The following example sets the interval for which a switch waits for a server host to reply to 5 seconds. console(config)#radius-server timeout 5 retransmit Use the retransmit command in Radius mode to specify the number of times the Radius client retransmits requests to the Radius server.
Page 718: Show Aaa Servers
show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS client. Syntax servername show aaa servers [accounting | authentication ] [name [ Parameter Description Parameter Description...
Page 719: Radius Accounting Mode
Field Description Configured Accounting The number of RADIUS Accounting servers that have Servers been configured. Named Authentication The number of configured named RADIUS server groups. Server Groups Named Accounting The number of configured named RADIUS server groups. Server Groups Timeout The configured timeout value, in seconds, for request retransmissions.
Page 720 Number of Named Authentication Server Groups... 2 Number of Named Accounting Server Groups..1 Number of Retransmits......3 Timeout Duration....... 15 Deadtime........0 Source IP........0.0.0.0 RADIUS Accounting Mode......Disable RADIUS Attribute 4 Mode......Disable --More-- or (q)uit RADIUS Attribute 4 Value....... 0.0.0.0 console#show aaa servers name Server Name Host Address...
Page 721: Show Radius Statistics
console#show radius-servers accounting name Server Name Host Address Port Type ---------------------- -------------- ------ ---------- Default-RADIUS-Server 2.2.2.2 1813 Secondary console#show radius-servers name Default-RADIUS-Server RADIUS Server Name......Default-RADIUS-Server Current Server IP Address....1.1.1.1 Retransmits......... 4 Timeout........5 Deadtime........0 Port........1812 Source IP........0.0.0.0 Secret Configured......
Page 722 Parameter Description ipaddress The RADIUS server host IP address. hostname Host name of the Radius server host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name" servername The alias used to identify the server.
Page 723 Field Description Malformed The number of malformed RADIUS Accounting Response Responses packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed accounting responses. The number of RADIUS Accounting Response packets Authenticators containing invalid authenticators received from this accounting server.
Page 724 Field Description Malformed Access The number of malformed RADIUS Access Response packets Responses received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access responses. The number of RADIUS Access Response packets containing Authenticators invalid authenticators or signature attributes received from this...
Page 725: Source-Ip
Packets Dropped....... 0 console#show radius statistics name Default_RADIUS_Server RADIUS Server Name......Default_RADIUS_Server Server Host Address......192.168.37.200 Access Requests....... 0.00 Access Retransmissions......0 Access Accepts........ 0 Access Rejects........ 0 Access Challenges......0 Malformed Access Responses....0 Bad Authenticators......0 Pending Requests......0 Timeouts........
Page 726: Timeout
Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies 10.240.1.23 as the source IP address. console(config)#radius-server host 192.143.120.123 console(config-radius)#source-ip 10.240.1.23 timeout Use the timeout command in Radius mode to set the timeout value in seconds for the designated Radius server.
Page 727: Usage
Example The following example specifies the timeout setting for the designated Radius Server. console(config)#radius-server host 192.143.120.123 console(config-radius)#timeout 20 usage Use the usage command in Radius mode to specify the usage type of the server. Syntax type usage type — Variable can be one of the following values: login , 802.1x or all . •...
Page 728 RADIUS Commands...
Page 729: Spanning Tree Commands
Spanning Tree Commands The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1s by efficiently navigating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE 802.1w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation.
Page 730: Commands In This Chapter
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role.
Page 731: Clear Spanning-Tree Detected-Protocols
clear spanning-tree detected-protocols Use the clear spanning-tree detected-protocols command in Privileged EXEC mode to restart the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface. Syntax unit/slot/port clear spanning-tree detected-protocols [{gigabitethernet port-channel-number | tengigabitethernet unit/slot/port }] port-channel Default Configuration This command has no default setting.
Page 732: Instance (Mst)
Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes. console(config)#spanning-tree mst configuration console(config-mst)#exit instance (mst) Use the instance command in MST mode to map VLANS to an MST instance.
Page 733 All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST. For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name.
Page 734: Name (Mst)
console(config)#interface te1/1/1 console(config-if-Te1/1/1)#switchport mode trunk console(config-if-Te1/1/1)#switchport trunk allowed vlan add 2-150 console(config-if-Te1/1/1)#spanning-tree mst 1 port- priority 16 console(config-if-Te1/1/1)#interface te1/1/2 console(config-if-Te1/1/2)#switchport mode trunk console(config-if-Te1/1/2)#switchport trunk allowed vlan add 200-349 console(config-if-Te1/1/2)#spanning-tree mst 2 port- priority 16 console(config-if-Te1/1/2)#exit name (mst) Use the name command in MST mode to define the configuration name. To return to the default setting, use the no form of this command.
Page 735: Revision (Mst)
Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command.
Page 736 Syntax unit/slot/port port- show spanning-tree [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] [instance instance-id ] instance-id show spanning-tree [detail] [active | blockedports] | [instance show spanning-tree mst-configuration Parameter Description Parameter Description detail Displays detailed information. active Displays active ports only. blockedports Displays blocked ports only.
Page 737 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role Restricted...
Page 738 Path Cost 20000 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 1 last change occurred 0d0h17m7s ago Times: hold 6, hello 2, max age 20, forward delay 15 Port Gi1/0/1 Enabled State: Forwarding...
Page 739: Show Spanning-Tree Summary
Designated bridge Priority: 32768 Address: 0010.1882.1C53 Designated port id: 128.48 Designated path cost: 0 CST Regional Root: 80:00:00:10:18:82:1C:53 CST Port Cost: 0 BPDU: sent 24, received 504 Port Gi1/0/5 Enabled State: Forwarding Role: Designated Port id: 128.5 Port Cost: 20000 Root Protection: No Designated bridge Priority: 32768 Address: 001E.C9AA.AD1B...
Page 740 Command Mode Privileged EXEC mode User Guidelines The following fields are displayed: Field Description Spanning Tree Admin Enabled or disabled Mode Spanning Tree Version Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the mode parameter.
Page 741: Spanning-Tree
BPDU Filter Mode....Disabled Configuration Name....00-1E-C9-AA-AC-84 Configuration Revision Level..0 Configuration Digest Key..0xac36177f50283cd4b83821d8ab26de62 Configuration Format Selector..0 spanning-tree Use the spanning-tree command in Global Configuration mode to enable spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree...
Page 742: Spanning-Tree Auto-Portfast
spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode. This enables the port to become a portfast port if it does not see any BPDUs for 3 seconds. Use the “no” form of this command to disable auto portfast mode.
Page 743: Spanning-Tree Bpdu-Protection
no spanning-tree bpdu flooding Default Configuration This feature is disabled by default. Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example console#spanning-tree bpdu flooding spanning-tree bpdu-protection Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU protection on a switch.
Page 744: Spanning-Tree Cost
Default Configuration BPDU protection is not enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables BPDU protection. console(config)#spanning-tree bpdu-protection spanning-tree cost Use the spanning-tree cost command in Interface Configuration mode to configure the external spanning-tree path cost for a port.
Page 745: Spanning-Tree Disable
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command configures the external cost. Since by default each switch is in its own region, the external cost is considered in determining the spanning tree of the network. This command is also used to configure the rstp path cost. Example The following example configures the spanning-tree cost on 1/0/5 to 35000.
Page 746: Spanning-Tree Forward-Time
Example The following example disables spanning-tree on 1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)#spanning-tree disable spanning-tree forward-time Use the spanning-tree forward-time command in Global Configuration mode to configure the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state.
Page 747: Spanning-Tree Guard
spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface. Syntax spanning-tree guard { root | loop | none } •...
Page 748: Spanning-Tree Max-Age
Syntax spanning-tree loopguard default no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports.
Page 749: Spanning-Tree Max-Hops
User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree.
Page 750: Spanning-Tree Mode
spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no form of this command. Syntax spanning-tree mode {stp | rstp | mst} no spanning-tree mode •...
Page 751: Spanning-Tree Mst Cost
Syntax spanning-tree mst configuration Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name.
Page 752: Spanning-Tree Mst Port-Priority
cost — The port path cost. (Range: 0–200,000,000) • Default Configuration The default value is 0, which signifies that the cost will be automatically calculated based on port speed. The default configuration is: — 2,000,000 • Ethernet (10 Mbps) — 200,000 •...
Page 753: Spanning-Tree Mst Priority
Parameter Description Parameter Description instance-id ID of the spanning-tree instance. (Range: 1-4094) priority The port priority. (Range: 0-240 in multiples of 16.) Default Configuration The default port-priority for IEEE STP is 128. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096.
Page 754: Spanning-Tree Portfast
Parameter Description Parameter Description instance-id ID of the spanning-tree instance. (Range: 1-4094) priority Sets the switch priority for the specified spanning-tree instance. This setting affects the likelihood that the switch is selected as the root switch. A lower value increases the probability that the switch is selected as the root switch.
Page 755: Spanning-Tree Portfast Bpdufilter Default
Default Configuration PortFast mode is disabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command only applies to access ports. The command is to be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations.
Page 756: Spanning-Tree Portfast Default
Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example The following example discards BPDUs received on spanning-tree ports in portfast mode. console#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable Portfast mode only on access ports.
Page 757: Spanning-Tree Port-Priority
Example The following example enables Portfast mode on all access ports. console(config)#spanning-tree portfast default spanning-tree port-priority Use the spanning-tree port-priority command in Interface Configuration mode to configure port priority. To reset the default port priority, use the no form of this command. Syntax priority spanning-tree port-priority...
Page 758: Spanning-Tree Priority
spanning-tree priority Use the spanning-tree priority command in Global Configuration mode to configure the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command. Syntax priority spanning-tree priority...
Page 759: Spanning-Tree Transmit Hold-Count
Default Configuration TCN propagation is disabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds).
Page 760 Example The following example sets the maximum number of BPDUs sent to 6. console(config)#spanning-tree transmit hold-count 6 Spanning Tree Commands...
Page 761: Tacacs+ Commands
TACACS+ Commands TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization and accounting services.
Page 762: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: tacacs-server host port tacacs-server key priority tacacs-server timeout show tacacs timeout Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server.
Page 763: Port
port Use the port command in TACACS Configuration mode to specify a server port number. Syntax port [ port-number ] port-number — The server port number. If left unspecified, the default • port number is 49. (Range: 0 – 65535) Default Configuration The default port number is 49.
Page 764: Show Tacacs
Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to specify a server priority of 10000. console(tacacs)#priority 10000 show tacacs Use the show tacacs command in Privileged EXEC mode to display the configuration and statistics of a TACACS+ server.
Page 765: Tacacs-Server Host
IP address Port Timeout Priority --------------- ----- ------- -------- 10.254.24.162 Global tacacs-server host Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. To delete the specified hostname or IP address, use the no form of this command.
Page 766: Tacacs-Server Key
console(config)#tacacs-server host 172.16.1.1 console(tacacs)# tacacs-server key Use the tacacs-server key command in Global Configuration mode to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. To disable the key, use the no form of this command. Syntax key-string tacacs-server key [...
Page 767: Tacacs-Server Timeout
console(config)#tacacs-server key @#$%^&*()_+=- {}][<>.,/';:| tacacs-server timeout Use the tacacs-server timeout command in Global Configuration mode to set the interval during which a switch waits for a server host to reply. To restore the default, use the no form of this command. Syntax timeout tacacs-server timeout [...
Page 768 timeout — The timeout value in seconds. (Range: 1–30) • Default Configuration If left unspecified, the timeout defaults to the global value. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value. console(tacacs)#timeout 23 TACACS+ Commands...
Page 769: Vlan Commands
VLAN Commands PowerConnect 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Page 770: Protocol Based Vlans
two TPID values can be different or the same. VLAN normalization, source MAC learning, and forwarding are based on the S-TAG value in a received frame. PowerConnect supports configuring one outer VLAN TPID value per switch. The global default TPID is 0x88A8, which indicates a Virtual Metropolitan Area Network (VMAN).
Page 771: Ip Subnet Based Vlans
its own VLAN. Additionally, protocol-based classification allows an administrator to assign nonroutable protocols, such as NetBIOS or DECnet, to larger VLANs than routable protocols like IPX or IP. This maximizes the efficiency gains that are possible with VLANs. In port-based VLAN classification, the Port VLAN Identifier (PVID) is associated with the physical ports.
Page 772: Dvlan-Tunnel Ethertype
name (VLAN show vlan switchport trunk vlan protocol group Configuration) association mac name protocol group show vlan vlan vlan protocol group association subnet remove protocol vlan group switchport access vlan (Global vlan routing vlan Config) protocol vlan group switchport vlan association forbidden vlan show dvlan-tunnel switchport general vlan association...
Page 773: Interface Vlan
Default Configuration The default for this command is 802.1Q. The default S-TAG TPID, when double-tagging is enabled, is 0x88A8. The default C-TAG TPID when double vlan tagging is enabled is 0x8100. Command Mode Global Configuration, Interface Configuration mode User Guidelines This command configures the TPID value on the outer VLAN (S-VLAN).
Page 774: Interface Range Vlan
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the VLAN 1 IP address of 131.108.1.27 and subnet mask 255.255.255.0. console(config)#interface vlan 1 console(config-vlan)#ip address 131.108.1.27 255.255.255.0 interface range vlan...
Page 775: Mode Dvlan-Tunnel
User Guidelines Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 till 228 and VLAN 889 to receive the same command.
Page 776: Name (Vlan Configuration)
Example The following example displays how to enable Double VLAN Tunneling at gigabit ethernet port 1/0/1. console(config-if-1/0/1)#mode dvlan-tunnel name (VLAN Configuration) Use the name command in VLAN Configuration mode to configure the VLAN name. To return to the default configuration, use the no form of this command.
Page 777: Protocol Group
Example The following example configures a VLAN name of office2 for VLAN 2. console(config)#interface vlan 2 console(config-vlan)#name "RDU-NOC Management VLAN" protocol group Use the protocol group command in VLAN Database mode to attach a groupid VLAN ID to the protocol-based group identified by .
Page 778: Protocol Vlan Group
Example The following example displays how to attach the VLAN ID "100" to the protocol-based VLAN group "3." console#vlan database console(config-vlan)#protocol group 3 100 protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group groupid identified by .
Page 779: Protocol Vlan Group All
User Guidelines This command has no user guidelines. Example The following example displays how to add a physical port interface to the group ID of "2." console(config-if-1/0/1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to groupid add all physical interfaces to the protocol-based group identified by A group may have more than one interface associated with it.
Page 780: Show Dvlan-Tunnel
User Guidelines This command has no user guidelines. Example The following example displays how to add all physical interfaces to the protocol-based group identified by group ID "2." console(config)#protocol vlan group all 2 show dvlan-tunnel Use the show dvlan-tunnel command in Privileged EXEC mode to display all interfaces enabled for Double VLAN Tunneling.
Page 781: Show Dvlan-Tunnel Interface
show dvlan-tunnel interface Use the show dvlan-tunnel interface command in Privileged EXEC mode to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces. Syntax unit/slot/port show dvlan-tunnel interface {gigabithethernet unit/slot/port tengigabitethernet | all} • all — Displays information for all interfaces. Default Configuration This command has no default configuration.
Page 782: Show Interfaces Switchport
EtherType This field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. The three different EtherType tags are: (1) 802.1Q, which represents the commonly used value of 0x8100. (2) vMAN, which represents the commonly used value of 0x88A8.
Page 783 PVID: 1 (default) Ingress Filtering: Enabled Acceptable Frame Type: All GVRP status: Enabled Protected: Enabled Port 1/0/1 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- default untagged Default VLAN008 tagged Dynamic VLAN0011 tagged Static IPv6 VLAN untagged Static VLAN0072...
Page 784 The following example displays switchport configuration individually for 1/0/2. console#show interface switchport gigabitethernet 1/0/2 Port 1/0/2: VLAN Membership mode: General Operating parameters: PVID: 4095 (discard vlan) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/0/1 is member in: VLAN Name Egress rule Type ----...
Page 785 ---- --------- The following example displays switchport configuration individually for 2/0/19. console#show interfaces switchport gigabitethernet 2/0/19 Port 2/0/19: Operating parameters: PVID: 2922 Ingress Filtering: Enabled Acceptable Frame Type: Untagged GVRP status: Disabled Port 2/0/19 is member in: VLAN Name Egress rule Type ---- ---------...
Page 786: Show Port Protocol
2922 Community A1 untagged Static show port protocol Use the show port protocol command in Privileged EXEC mode to display the Protocol-Based VLAN information for either the entire system or for the indicated group. Syntax groupid show port protocol { | all} groupid —...
Page 787: Show Vlan
show vlan Use the show vlan command in Privileged EXEC mode to display detailed information, including interface information and dynamic VLAN type, for a specific VLAN. The ID is a valid VLAN identification number. Syntax vlanid |name vlan-name] show vlan [id Parameter Description Parameter Description...
Page 788: Show Vlan Association Mac
----- --------------- ------------- -------------- VLAN0002 Gi1/0/11-20 Dynamic (DOT1X) console#show vlan id 3 VLAN Name Ports Type ----- --------------- ------------- -------------- VLAN0003 Gi1/0/21-24 Dynamic (GVRP) show vlan association mac Use the show vlan association mac command in Privileged EXEC mode to display the VLAN associated with a specific configured MAC address.
Page 789: Show Vlan Association Subnet
MAC Address VLAN ID ----------------------- ------- 0001.0001.0001.0001 console# show vlan association subnet Use the show vlan association subnet command in Privileged EXEC mode to display the VLAN associated with a specific configured IP-Address and netmask. If no IP Address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed.
Page 790: Switchport Access Vlan
The IP Subnet to VLAN association does not exist. switchport access vlan Use the switchport access vlan command in Interface Configuration mode to configure the VLAN ID when the interface is in access mode. To reconfigure the default, use the no form of this command. Syntax vlan-id switchport access vlan...
Page 791: Switchport Forbidden Vlan
switchport forbidden vlan Use the switchport forbidden vlan command in Interface Configuration mode to forbid adding specific VLANs to a port. To revert to allowing the addition of specific VLANs to the port, use the remove parameter of this command. Syntax vlan-list vlan-list...
Page 792: Switchport General Allowed Vlan
switchport general acceptable-frame-type tagged-only Use the switchport general acceptable-frame-type tagged-only command in Interface Configuration mode to discard untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
Page 793: Switchport General Ingress-Filtering Disable
vlan-list switchport general allowed vlan remove vlan-list — List of VLAN IDs to add. Separate nonconsecutive VLAN • IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. vlan-list — List of VLAN IDs to remove. Separate nonconsecutive remove •...
Page 794: Switchport General Pvid
Syntax switchport general ingress-filtering disable no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how to enables port ingress filtering on 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#switchport general ingress- filtering disable...
Page 795: Switchport Mode
Default Configuration vlan-id The default value for the parameter is 1 when the VLAN is enabled. Otherwise, the value is 4093. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode.
Page 796: Switchport Trunk
Parameter Description trunk A trunk port connects two switches. A trunk port may belong to multiple VLANs. A trunk port accepts only packets tagged with the VLAN IDs of the VLANs to which the trunk is a member or untagged packets if configured with a PVID. A trunk only transmits tagged packets.
Page 797 Parameter Description Parameter Description vlan–list Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all. The vlan–list format is as follows: The vlan-list format is all remove except vlan–atom...
Page 798: Vlan
Example console(config-if-Gi1/0/1)#switchport trunk allowed vlan 1-1024 console(config-if-Gi1/0/1)#switchport trunk allowed vlan except 1,2,3,5,7,11,13 vlan Use the vlan command in VLAN Database mode to configure a VLAN. To delete a VLAN, use the no form of this command. Syntax vlan-range vlan vlan-range no vlan vlan-range —...
Page 799: Vlan (Global Config)
vlan (Global Config) Use the vlan command in Global Configuration mode to configure a VLAN. To delete a VLAN, use the no form of this command. Syntax vlan–id vlan–range vlan { vlan–id vlan–range no vlan { Parameter Description Parameter Description vlan–id A valid VLAN ID.
Page 800: Vlan Association Mac
vlan association mac Use the vlan association mac command in VLAN Database mode to associate a MAC address to a VLAN. The maximum number of MAC-based VLANs is 256. Syntax mac-address vlanid vlan association mac mac-address no vlan association mac mac-address —...
Page 801: Vlan Database
ip-address — Source IP address. (Range: Any valid IP address) • subnet-mask — Subnet mask. (Range: Any valid subnet mask) • vlanid — VLAN to associated with subnet. (Range: 1-4093) • Default Configuration No assigned ip-subnet. Command Mode VLAN Database mode User Guidelines This command has no user guidelines.
Page 802: Vlan Makestatic
Example The following example enters the VLAN database mode. console(config)#vlan database console(config-vlan)# vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2- 4093.
Page 803: Vlan Protocol Group
vlan protocol group Use the vlan protocol group command in Global Configuration mode to add protocol-based groups to the system. When a protocol group is created, it is assigned a unique group ID number. The group ID is used to identify the group in subsequent commands.
Page 804: Vlan Protocol Group Add Protocol
vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid . A group may have more than one protocol associated with it. Each interface and protocol combination can be associated with one group only.
Page 805: Vlan Protocol Group Remove
console(config)#vlan protocol group add protocol 2 ethertype 0xXXXX vlan protocol group name This is a new command for assigning a group name to vlan protocol group id. Syntax groupid groupName vlan protocol group name groupid no vlan protocol group name groupid —The protocol-based VLAN group ID, which is automatically •...
Page 806: Vlan Routing
Syntax groupid vlan protocol group remove groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command.
Page 807 Parameter Description index Internal interface ID. This optional parameter is listed in the configuration file for all VLAN routing interfaces. When a nonstop forwarding failover occurs, this information enables the system to correlate checkpointed state information with the proper interfaces and their configuration. Default Configuration Routing is enabled on VLAN 1 by default.
Page 808 VLAN Commands...
Page 809: Voice Vlan Commands
Voice VLAN Commands The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
Page 810: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: voice vlan voice vlan data priority voice vlan (Interface) show voice vlan voice vlan This command is used to enable the voice vlan capability on the switch. Syntax voice vlan no voice vlan Parameter Ranges Not applicable...
Page 811 Syntax vlanid priority voice vlan { | dot1p | none | untagged | data priority { trust | dscp untrust } | auth { enable | disable } | dscp no voice vlan Parameter Description Parameter Description auth Enables/disables authentication on the voice vlan port. data Observe the priority on received voice vlan traffic (trusted mode).
Page 812: Show Voice Vlan
Example console(config-if-Gi1/0/1)#voice vlan 1 console(config-if-Gi1/0/1)#voice vlan dot1p 1 console(config-if-Gi1/0/1)#voice vlan none console(config-if-Gi1/0/1)#voice vlan untagged voice vlan data priority This command is to either trust or not trust (untrust) the data traffic arriving on the voice VLAN port. Syntax voice vlan data priority { trust | untrust } •...
Page 813 Syntax When the interface parameter is not specified, only the global mode of the voice VLAN is displayed. When the interface parameter is specified, the following is displayed: When the interface parameter is specified: Voice VLAN Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID.
Page 814 Voice VLAN Commands...
Page 815: X Commands
802.1x Commands Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
Page 816: Mac Authentication Bypass
Whenever an operator configures a port in Dot1x authentication mode and selects the authentication method as internal, then the user credentials received from the Dot1x supplicant is validated against the IDAS by Dot1x component. The Dot1x application accesses the Dot1x user database to check whether the user credentials present in the authentication message corresponds to a valid user or not.
Page 817: Guest Vlan
Guest VLAN The Guest VLAN feature allows a PowerConnect switch to provide a distinguished service to unauthenticated users (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN.
Page 818: Radius-Based Dynamic Vlan Assignment
client is authenticated and is undisturbed by the failure condition(s). The reasons for failure are logged and buffered into the local logging database such that the operator can track the failure conditions. RADIUS-based Dynamic VLAN Assignment If VLAN assignment is enabled in the RADIUS server then as part of the response message, the RADIUS server sends the VLAN ID which the client is requested to use in the 802.1x tunnel attributes.
Page 819: Dot1X Dynamic-Vlan Enable
802.1x Advanced Features dot1x guest-vlan dot1x unauth-vlan show dot1x advanced 802.1x Option 81 radius-server attribute 4 dot1x dynamic-vlan enable Use the dot1x dynamic-vlan enable command in Global Configuration mode to enable the capability of creating VLANs dynamically when a RADIUS–assigned VLAN does not exist in the switch. Use the no form of the command to disable this capability.
Page 820: Dot1X Initialize
dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned.
Page 821: Dot1X Max-Req
Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example sets MAC Authentication Bypass on interface 1/2: console(config-if-1/0/2)#dot1x mac-auth-bypass dot1x max-req Use the dot1x max-req command in Interface Configuration mode to set the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process.
Page 822: Dot1X Max-Users
Example The following example sets the number of times that the switch sends an EAP-request/identity frame to 6. console(config)# interface gigabitethernet 1/0/16 console(config-if-1/0/16)# dot1x max-req 6 dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port.
Page 823: Dot1X Port-Control
console(config-if-1/0/2)#dot1x max-users 3 dot1x port-control Use the dot1x port-control command in Interface Configuration mode to enable the IEEE 802.1X operation on the port. Syntax dot1x port-control {force-authorized | force-unauthorized | auto | mac- based} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client.
Page 824: Dot1X Re-Authenticate
User Guidelines It is recommended that you disable the spanning tree or enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to go immediately to the forwarding state after successful authentication.
Page 825: Dot1X Reauthentication
console# dot1x re-authenticate gigabitethernet 1/0/16 dot1x reauthentication Use the dot1x reauthentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax dot1x reauthentication no dot1x reauthentication Default Configuration Periodic re-authentication is disabled.
Page 826: Dot1X Timeout Guest-Vlan-Period
Parameter Description This command has no arguments or keywords. Default Configuration Dot1x monitor mode is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control monitor dot1x timeout guest-vlan-period Use the dot1x timeout guest-vlan-period command in Interface Configuration mode to set the number of seconds that the switch waits...
Page 827: Dot1X Timeout Quiet-Period
User Guidelines It is recommended that the user set the dot1x timeout guest-vlan-period to at least three times the while timer, so that at least three EAP Requests are sent, before assuming that the client is a dot1x unaware client. Example The following example sets the dot1x timeout guest vlan period to 100 seconds.
Page 828: Dot1X Timeout Re-Authperiod
Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide a faster response time to the user, enter a smaller number than the default.
Page 829: Dot1X Timeout Server-Timeout
Example The following example sets the number of seconds between re-authentication attempts to 300. console(config)# interface gigabitethernet 1/0/16 console(config-if-1/0/16)# dot1x timeout re- authperiod 300 dot1x timeout server-timeout Use the dot1x timeout server-timeout command in Interface Configuration mode to set the time that the switch waits for a response from the authentication server.
Page 830: Dot1X Timeout Supp-Timeout
console(config-if-1/0/1)# dot1x timeout server- timeout 3600 dot1x timeout supp-timeout Use the dot1x timeout supp-timeout command in Interface Configuration mode to set the time that the switch waits for a response before retransmitting an Extensible Authentication Protocol (EAP)-request frame to the client. To return to the default setting, use the no form of this command. Syntax seconds dot1x timeout supp-timeout...
Page 831: Dot1X Timeout Tx-Period
dot1x timeout tx-period Use the dot1x timeout tx-period command in Interface Configuration mode to set the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP)-request/identity frame from the client before resending the request. To return to the default setting, use the no form of this command.
Page 832: Show Dot1X
show dot1x Use the show dot1x command in Privileged EXEC mode to display: • A summary of the global dot1x configuration. • Summary information of the dot1x configuration for a specified port or all ports. • Detailed dot1x configuration for a specified port •...
Page 833: Show Dot1X Authentication-History
Field Description Monitor Mode Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled. Example console#show dot1x Administrative Mode....Enabled VLAN Assignment Mode.....Disabled Monitor Mode.....Disabled show dot1x authentication-history Use the show dot1x authentication-history command in Privileged EXEC mode to display the dot1x authentication events and information during successful and unsuccessful dot1x authentication processes.
Page 834 Parameter Description Reason Actual reason behind the successful or failure authentication. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show dot1x authentication-history all detail Time Stamp....... Mar 22 2010 01:16:31 Interface........
Page 835: Show Dot1X Clients
console#show dot1x authentication-history gi1/0/1 Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------- Mar 22 2010 01:16:31 gi1/0/1 00:01:02:03:04:05 111 Authorized Mar 22 2010 01:18:22 gi1/0/1 00:00:00:03:04:05 0 Unauthorized console#show dot1x authentication-history gi1/0/1 failed-auth-only Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------- Mar 22 2010 01:18:22...
Page 836 User Guidelines The following fields are displayed by this command. Field Description Clients Indicates the number of Dot1x clients authenticated using Authenticated using Monitor mode. Monitor Mode Clients Indicates the number of Dot1x clients authenticated using Authenticated using 802.1x authentication process. Dot1x The following table describes the significant fields shown in the display.
Page 837: Show Dot1X Interface
Clients Authenticated using Dot1x....1 Logical Interface......16 Interface........gi1/0/2 User Name........000102030405 Supp MAC Address....... 00:01:02:03:04:05 Session Time........518 Filter Id........VLAN Id........1 VLAN Assigned........Default Session Timeout........ 0 Session Termination Action..... Default Logical Interface......96 Interface........gi1/0/7 User Name........
Page 838 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show dot1x interface gigabitethernet 1/0/10 Administrative Mode....Disabled Dynamic VLAN Creation Mode..Disabled Monitor Mode...... Disabled Port Admin Oper...
Page 839: Show Dot1X Statistics
VLAN Assigned........Supplicant Timeout......30 Guest-vlan Timeout......30 Server Timeout (secs)......30 MAB mode (configured)......Disabled MAB mode (operational)......Disabled Authenticator PAE State......Initialize Backend Authentication State....Initialize show dot1x statistics Use the show dot1x statistics command in Privileged EXEC mode to display 802.1x statistics for the specified interface.
Page 840 console#show dot1x statistics gigabitethernet 1/0/2 Port........... 1/0/2 EAPOL Frames Received......0 EAPOL Frames Transmitted....... 0 EAPOL Start Frames Received....0 EAPOL Logoff Frames Received....0 Last EAPOL Frame Version....... 0 Last EAPOL Frame Source......0000.0000.0000 EAP Response/Id Frames Received....0 EAP Response Frames Received....
Page 841: Show Dot1X Users
Field Description EapolRespFramesRx The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator. EapolReqIdFramesTx The number of EAP Req/Id frames that have been transmitted by this Authenticator. EapolReqFramesTx The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator.
Page 842: Clear Dot1X Authentication–History
User Guidelines This command has no user guidelines. Example The following example displays 802.1x users. console#show dot1x users Port Username --------- --------- 1/0/1 1/0/2 John Switch# show dot1x users username Bob Port Username --------- --------- 1/0/1 The following table describes the significant fields shown in the display: Field Description Username...
Page 843: Dot1X Guest-Vlan
Parameter Description Parameter Description interface–id Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#clear dot1x authentication-history Purge all entries from the log.
Page 844: Dot1X Unauth-Vlan
no dot1x guest-vlan vlan-id — The ID of a valid VLAN to use as the guest VLAN (Range: 0- • 4093). Default Configuration The guest VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines Configure the guest VLAN before using this command.
Page 845: Show Dot1X Advanced
User Guidelines Configure the unauthenticated VLAN before using this command. Example The following example set the unauthenticated VLAN on port 1/0/2 to VLAN console(config-if-1/0/2)#dot1x unauth-vlan 20 show dot1x advanced Use the show dot1x advanced command in Privileged EXEC mode to display 802.1x advanced features for the switch or for the specified interface.
Page 846: Radius-Server Attribute 4
VLAN Vlan --------- --------- --------------- 1/0/1 Disabled Disabled 1/0/2 1/0/3 Disabled Disabled 1/0/4 Disabled Disabled 1/0/5 Disabled Disabled 1/0/6 Disabled Disabled console#show dot1x advanced gigabitethernet 1/0/2 Port Guest Unauthenticated VLAN Vlan --------- --------- --------------- 1/0/2 802.1x Option 81 radius-server attribute 4 Use the radius-server attribute 4 command in Global Configuration mode to set the network access server (NAS) IP address for the RADIUS server.
Page 847 Default Configuration If a RADIUS server has been configured on the switch, the default attribute 4 value is the RADIUS server IP address. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the NAS IP address in RADIUS attribute 4 to 192.168.10.22.
Page 848 802.1x Commands...
Page 849: Layer 3 Commands
Layer 3 Commands The chapters that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 commands perform a series of exchanges over various data links to deliver data between any two nodes in a network.
Page 850 Layer 3 Commands...
Page 851: Arp Commands
ARP Commands When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
Page 852: Arp Aging
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests.
Page 853: Arp Cachesize
Syntax ip-address hardware-address ip-address no arp ip-address — IP address of a device on a subnet attached to an existing • routing interface. hardware-address — A unicast MAC address for that device. • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Page 854: Arp Dynamicrenew
Default Configuration The default integer value is 896. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines an arp cachesize of 500. console(config)#arp cachesize 500 arp dynamicrenew Use the arp dynamicrenew command in Global Configuration mode to enable the ARP component to automatically renew dynamic ARP entries when they age out.
Page 855: Arp Purge
entry is reset to 0 without removing the entry from the hardware. Traffic to the host continues to be forwarded in hardware without interruption. If the entry is not being used to forward data packets, then the entry is deleted from the ARP cache, unless the dynamic renew option is enabled.
Page 856: Arp Resptime
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response timeout.
Page 857: Arp Retries
arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax integer arp retries no arp retries integer —...
Page 858: Clear Arp-Cache
Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command in Privileged EXEC mode to remove all ARP entries of type dynamic from the ARP cache.
Page 859: Clear Arp-Cache Management
console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 860: Ip Local-Proxy-Arp
IP Address MAC Address Interface Type --------------- ----------------- -------------- -------- ----------- 10.27.20.241 001A.A0FF.F662 Management Dynamic n/a 10.27.20.243 0019.B9D1.29A3 Management Dynamic n/a console#clear arp-cache management ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled.
Page 861: Show Arp
next hops in its route to the destination are through interfaces other than the interface that received the ARP request. Use the no form of the command to disable proxy ARP on a router interface. Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration.
Page 862 Default Configuration This command has no default configuration. Command Mode User EXEC and Privileged EXEC modes User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. Example The following example shows show arp command output.
Page 863: Dhcp Server And Relay Agent
DHCP Server and Relay Agent Commands DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client.
Page 864: Ip Dhcp Pool
• Internet access cost is greatly reduced by using automatic assignment as Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. • Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
Page 865 Syntax pool-name ip dhcp pool [ pool-name no ip dhcp pool [ Parameter Description Parameter Description pool-name The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’...
Page 866 • Client DNS server – dns-server • NetBIOS WINS Server – netbios-name-server • NetBIOS Node Type – netbios-node-type • Client default router – default-router • Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode.
Page 867: Bootfile
console(config)#ip dhcp pool "Windows PCs" console(config-dhcp-pool)#network 192.168.21.0 /24 console(config-dhcp-pool)#domain-name power- connect.com console(config-dhcp-pool)#dns-server 192.168.22.3 192.168.23.3 console(config-dhcp-pool)#netbios-name-server 192.168.22.2 192.168.23.2 console(config-dhcp-pool)#netbios-node-type h-node console(config-dhcp-pool)#lease 2 12 console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.1 bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration.
Page 868: Clear Ip Dhcp Binding
Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#bootfile ntldr clear ip dhcp binding Use the clear ip dhcp binding command in Privileged EXEC mode to remove automatic DHCP server bindings. Syntax clear ip dhcp binding {ip-address | *} Parameter Description Parameter Description...
Page 869: Clear Ip Dhcp Conflict
clear ip dhcp conflict Use the clear ip dhcp conflict command in Privileged EXEC mode to remove DHCP server address conflicts. Use the show ip dhcp conflict command to display address conflicts detected by the DHCP server. Syntax clear ip dhcp conflict {ip-address | *} Parameter Description Parameter Description...
Page 870: Client-Name
no client-identifier Parameter Description Parameter Description unique-identifier The identifier of the Microsoft DHCP client. The client identifier is specified as 7 bytes of the form XX:XX:XX:XX:XX:XX:XX where X is a hexadecimal digit. Default Configuration This command has no default configuration. Command Mode DHCP Pool Configuration mode User Guidelines...
Page 871: Default-Router
no client-name Parameter Description Parameter Description name The name of the DHCP client. The client name is specified as up to 31 printable characters. Default Configuration There is no default client name. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
Page 872: Dns-Server (Ip Dhcp Pool Config)
no default-router Parameter Description Parameter Description ip-address1 The IPv4 address of the first default router for the DHCP client. ip-address2 The IPv4 address of the second default router for the DHCP client. Default Configuration No default router is configured. Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines.
Page 873: Domain-Name (Ip Dhcp Pool Config)
Parameter Description Parameter Description ip-address1 Valid IPv4 address. Default Configuration This command has no default configuration. Command Mode IP DHCP Pool Configuration mode User Guidelines This command has no user guidelines. domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server.
Page 874: Hardware-Address
hardware-address Use the hardware-address command in DHCP Pool Configuration mode to specify the MAC address of a client to be manually assigned an address. Use the no form of the command to remove the MAC address assignment. Syntax hardware-address hardware-address no hardware-address Parameter Description Parameter...
Page 875: Host
host Use the host command in DHCP Pool Configuration mode to specify a manual binding for a DHCP client host. Use the no form of the command to remove the manual binding. Syntax host ip-address [netmask|prefix-length] no host Parameter Description Parameter Description ip-address...
Page 876: Ip Dhcp Bootp Automatic
ip dhcp bootp automatic Use the ip dhcp bootp automatic command in Global Configuration mode to enable automatic BOOTP address assignment. By default, BOOTP clients are not automatically assigned addresses, although they may be assigned a static address. Use the no form of the command to disable automatic BOOTP client address assignment.
Page 877: Ip Dhcp Excluded-Address
no ip dhcp conflict logging Parameter Description This command does not require a parameter description. Default Configuration Conflict logging is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp conflict logging ip dhcp excluded-address Use the ip dhcp excluded-address command in Global Configuration mode to exclude one or more DHCP addresses from automatic assignment.
Page 878: Ip Dhcp Ping Packets
Parameter Description High-address An IPv4 address indicating the ending range for exclusion from automatic DHCP address assignment. The high-address must be numerically greater than the low-address. Default Configuration By default, no IP addresses are excluded from the lists configured by the IP DHCP pool configuration.
Page 879: Lease
Parameter Description Parameter Description count The number of ping packets sent to detect an address in use. The default is 2 packets. Range 0, 2-10. A value of 0 turns off address detection. Use the no form of the command to return the setting to the default value.
Page 880: Netbios-Name-Server
Parameter Description Parameter Description days The number of days for the lease duration. Range 0-59. Default is 1. hours The number of hours for the lease duration. Range 0-23. There is no default. minutes The number of minutes for the lease duration. Range 0-59. There is no default.
Page 881: Netbios-Node-Type
Parameter Description Parameter Description ip-address IPv4 address Default Configuration There is no default name server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. Up to eight name server addresses may be specified. The NetBIOS WINS information is conveyed in the Option 44 TLV of the DHCP OFFER, DCHP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
Page 882: Network
Parameter Description Parameter Description type The NetBIOS node type can be b-node, h-node, m-node or p- node. Default Configuration There is no default NetBIOS node type configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
Page 883: Next-Server
Parameter Description Parameter Description network-number A valid IPv4 address mask A valid IPv4 network mask with contiguous left-aligned bits. prefix-length An integer indicating the number of leftmost bits in the network-number to use as a prefix for allocating cells. Default Configuration This command has no default configuration.
Page 884: Option
User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address is conveyed in the SIADDR field of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#next-server 192.168.21.2 option Use the option command in DHCP Pool Configuration mode to supply arbitrary configuration information to a DHCP client.
Page 885 Command Mode DHCP Pool Configuration mode User Guidelines The option information must match the selected option type and length. Options cannot be longer than 255 characters in length. The option information is conveyed in the TLV specified by the code parameter in the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
Page 886 (continued) Figure 40-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 21 (Policy Filter) – 22 (Max Datagram – – Reassembly) 23 (IP TTL) – – 24 (Path MTU Aging) – – 25 (Path MTU Plateau) –...
Page 887 (continued) Figure 40-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 42 (NTP Servers) – 43 (Vendor Specific – – Information) 45 (NetBIOS Datagram – Distribution) 47 (Netbois Scope) – – 48 (X-Windows Font – Server) 49 (X-Windows Display –...
Page 888: Service Dhcp
Example console(config-dhcp-pool)#option 4 ascii "ntpservice.com " console(config-dhcp-pool)#option 42 ip 192.168.21.1 console(config-dhcp-pool)#option 29 hex 01 console(config-dhcp-pool)#option 59 hex 00 00 10 01 console(config-dhcp-pool)#option 25 hex 01 ff service dhcp Use the service dhcp command in Global Configuration mode to enable local IPv4 DHCP server on the switch.
Page 889: Show Ip Dhcp Binding
Syntax ip-address sntp no sntp Parameter Description Parameter Description ip-address The IPv4 address of the NTP server to use for time services. Default Configuration There is no default IPv4 NTP server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
Page 890: Show Ip Dhcp Conflict
Parameter Description Parameter Description address A valid IPv4 address Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console(config)# show ip dhcp binding IP address Hardware Address Expires Type client-...
Page 891: Show Ip Dhcp Global Configuration
Parameter Description Parameter Description address A valid IPv4 address for which the conflict information is desired. Default Configuration The command has no default configuration. Command Mode Privileged EXEC modes User Guidelines This command has no user guidelines. show ip dhcp global configuration Use the show ip dhcp global configuration command in Privileged EXEC mode to display the DHCP global configuration.
Page 892: Show Ip Dhcp Pool
Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User EXEC or Privileged EXEC mode to display the configured DHCP pool or pools. If no pool name is specified, information about all pools is displayed. Syntax poolname show ip dhcp pool [all |...
Page 893 Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics Automatic Bindings......100 Expired Bindings.......
Page 894 DHCP ACK........132 DHCP NACK........0 DHCP Server and Relay Agent Commands...
Page 895: Dhcpv6 Commands
DHCPv6 Commands This chapter explains the following commands: clear ipv6 dhcp service dhcpv6 dns-server (IPv6 DHCP Pool Config) show ipv6 dhcp domain-name (IPv6 DHCP Pool Config) show ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp interface (User EXEC) ipv6 dhcp relay show ipv6 dhcp interface (Privileged EXEC) ipv6 dhcp server...
Page 896: Dns-Server (Ipv6 Dhcp Pool Config)
Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server.
Page 897: Ipv6 Dhcp Pool
Syntax domain domain-name domain no domain-name domain — DHCPv6 domain name. (Range: 1–255 characters) • Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of Example The following example sets the DNS domain name "test", which is provided to a DHCPv6 client by the DHCPv6 server.
Page 898: Ipv6 Dhcp Relay
pool-name — DHCPv6 pool name. (Range: 1-31 characters) • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)# ipv6 dhcp relay...
Page 899: Ipv6 Dhcp Server
Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines relay-address relay-interface is an IPv6 global address, then is not required. relay-address relay-interface is a link-local or multicast address, then relay-address required. Finally, a value for is not specified, then a value for relay-interface must be specified and the DHCPV6-ALLAGENTS multicast...
Page 900: Prefix-Delegation
rapid-commit — Is an option that allows for an abbreviated exchange • between the client and server. pref-value — Preference value • used by clients to determine preference — between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration The default preference value is 20. Rapid commit is not enabled by default. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines...
Page 901 Parameter Description Parameter Description prefix/prefix-length Delegated IPv6 prefix. client-DUID Client DUID (e.g. 00:01:00:09:f8:79:4e:00:04:76:73:43:76'). hostname Client hostname used for logging and tracing. (Range: 0-31 characters.) The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name" valid-lifetime Valid lifetime for delegated prefix.
Page 902: Service Dhcpv6
The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days. console(config-dhcp6s-pool)#prefix-delegation fc00::/7 00:1D:BA:FF:FE:06:37:64 preferred-lifetime 43200 service dhcpv6 Use the service dhcpv6 command in Global Configuration mode to enable local IPv6 DHCP server on the switch.
Page 903: Show Ipv6 Dhcp
show ipv6 dhcp Use the show ipv6 dhcp command in Privileged EXEC mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Syntax Description This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines...
Page 904: Show Ipv6 Dhcp Interface (User Exec)
Default Configuration This command has no default configuration. Command Mode Privileged EXEC and User EXEC modes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address. console#show ipv6 dhcp binding 2020:1:: show ipv6 dhcp interface (User EXEC) Use the show ipv6 dhcp interface command in User EXEC mode to display DHCPv6 information for all relevant interfaces or for the specified interface.
Page 905 Command Mode User EXEC, Privileged EXEC modes User Guidelines Statistics are shown depending on the interface mode (relay, server, or client). Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console> show ipv6 dhcp interface vlan 11 IPv6 Interface.........
Page 906: Show Ipv6 Dhcp Interface (Privileged Exec)
DHCPv6 Malformed Packets Received....0 Received DHCPv6 Packets Discarded....0 Total DHCPv6 Packets Received....0 DHCPv6 Advertisement Packets Transmitted..0 DHCPv6 Reply Packets Transmitted....0 DHCPv6 Reconfig Packets Transmitted.... 0 DHCPv6 Relay-reply Packets Transmitted..0 DHCPv6 Relay-forward Packets Transmitted..0 Total DHCPv6 Packets Transmitted....
Page 907 User Guidelines This command shows the DHCP status. Information displayed depends on the mode. The command output provides the following information for an interface configured in client mode. Not all fields will be shown for an inactive client. Term Description Mode Displays whether the specified interface is in Client, Relay, or Server mode.
Page 908 Example The following example shows the output from this command when the device has leased an IPv6 address from the DHCPv6 server on interface 1/0/1. NOTE: Note that the interface is in client mode. console#show ipv6 dhcp interface vlan 2 IPv6 Interface.........
Page 909: Show Ipv6 Dhcp Pool
DHCPv6 Solicit Packets Received....0 DHCPv6 Request Packets Received....0 DHCPv6 Confirm Packets Received....0 DHCPv6 Renew Packets Received....0 DHCPv6 Rebind Packets Received....0 DHCPv6 Release Packets Received....0 DHCPv6 Decline Packets Received....0 DHCPv6 Inform Packets Received....0 DHCPv6 Relay-forward Packets Received..
Page 910: Show Ipv6 Dhcp Statistics
Syntax poolname show ipv6 dhcp pool poolname — Name of the pool. (Range: 1-32 characters) • Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool.
Page 911 Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics ------------------------------------ DHCPv6 Solicit Packets Received....0 DHCPv6 Request Packets Received....0 DHCPv6 Confirm Packets Received....0 DHCPv6 Renew Packets Received....0 DHCPv6 Rebind Packets Received....
Page 912 DHCPv6 Commands...
Page 913: Dvmrp Commands
DVMRP Commands Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
Page 914: Ip Dvmrp Metric
Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets VLAN 15’s administrative mode of DVMRP to active. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp ip dvmrp metric Use the ip dvmrp metric command in Interface Configuration mode to configure the metric for an interface.
Page 915: Show Ip Dvmrp
User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command in Privileged EXEC mode to display the system-wide information for DVMRP .
Page 916: Show Ip Dvmrp Interface
DVMRP INTERFACE STATUS Interface Interface Mode Protocol State --------- -------------- -------------- show ip dvmrp interface Use the show ip dvmrp interface command in Privileged EXEC mode to display the interface information for DVMRP on the specified interface. Syntax vlan-id show ip dvmrp interface vlan vlan-id —...
Page 917: Show Ip Dvmrp Nexthop
Default Configuration This command has no default condition. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP . console(config)#show ip dvmrp neighbor No neighbors available. show ip dvmrp nexthop Use the show ip dvmrp nexthop command in Privileged EXEC mode to display the next hop information on outgoing interfaces for routing multicast datagrams.
Page 918: Show Ip Dvmrp Prune
Example The following example displays the next hop information on outgoing interfaces for routing multicast datagrams. console(config)#show ip dvmrp nexthop Next Hop Source IP Source Mask Interface Type -------------- -------------- --------- ------ show ip dvmrp prune Use the show ip dvmrp prune command in Privileged EXEC mode to display the table that lists the router’s upstream prune information.
Page 919: Show Ip Dvmrp Route
show ip dvmrp route Use the show ip dvmrp route command in Privileged EXEC mode to display the multicast routing information for DVMRP. Syntax show ip dvmrp route Default Configuration This command has no default condition. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 920 DVMRP Commands...
Page 921: Gmrp Commands
GMRP Commands The GARP Multicast Registration Protocol provides a mechanism that allows networking devices to dynamically register (and de-register) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
Page 922: Commands In This Chapter
The registration and de-registration of membership results in the multicast table being updated with a new entry or the existing entry modified. This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address).
Page 923: Show Gmrp Configuration
Example In this example, GMRP is globally enabled. console(config)#gmrp enable show gmrp configuration Use the show gmrp configuration command in Global Configuration mode and Interface Configuration mode to display GMRP configuration. Syntax show gmrp configuration Parameter Description This command does not require a parameter description. Default Configuration GMRP is disabled by default.
Page 924 Gi1/0/2 1000 Disabled Gi1/0/3 1000 Disabled Gi1/0/4 1000 Disabled Gi1/0/5 1000 Disabled Gi1/0/6 1000 Disabled GMRP Commands...
Page 925: Igmp Commands
IGMP Commands Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed. Since IGMP is used between end systems (often desktops) and the multicast router, the version of IGMP required depends on the end-user operating system being supported.
Page 926: Commands In This Chapter
IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a group- specific IGMP Query message to the multicast group.The Leave Group message is not used with IGMPv3, since the source address filtering...
Page 927: Ip Igmp Last-Member-Query-Count
Syntax ip igmp no ip igmp Default Configuration Disabled is the default state. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables IGMP . console(config)#ip igmp ip igmp last-member-query-count Use the ip igmp last-member-query-count command in Interface Configuration mode to set the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface.
Page 928: Ip Igmp Last-Member-Query-Interval
User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries. console#configure console(config)#interface vlan 2 console(config-if-vlan2)#ip igmp last-member-query- count 10 console(config-if-vlan2)#no ip igmp last-member- query-count ip igmp last-member-query-interval Use the ip igmp last-member-query-interval command in Interface Configuration mode to configure the Maximum Response Time inserted in Group-Specific Queries which are sent in response to Leave Group messages.
Page 929: Ip Igmp Query-Interval
Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp last-member-query- interval 20 ip igmp query-interval Use the ip igmp query-interval command in Interface Configuration mode to configure the query interval for the specified interface.
Page 930: Ip Igmp Robustness
ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface. It is the maximum query response time advertised in IGMPv2 queries on this interface. The time interval is specified in seconds. Syntax seconds ip igmp query-max-response-time...
Page 931: Ip Igmp Startup-Query-Count
Syntax robustness ip igmp robustness no ip igmp robustness robustness — Robustness variable. (Range: 1-255) • Default Configuration The default robustness value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a robustness value of 10 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp robustness 10 ip igmp startup-query-count...
Page 932: Ip Igmp Startup-Query-Interval
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-count ip igmp startup-query-interval Use the ip igmp startup-query-interval command in Interface Configuration mode to set the interval between general queries sent at startup on the interface.
Page 933: Ip Igmp Version
Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query- interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface.
Page 934: Show Ip Igmp Groups
Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode......Enabled IGMP Router-Alert check.....
Page 935: Show Ip Igmp Interface
Syntax show ip igmp groups [interface-type interface-number] [detail] Syntax Description Parameter Description interface-type Interface type of VLAN and a valid VLAN ID. interface-number Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines This command has no user guidelines.
Page 936 Syntax Description Parameter Description interface-type Interface type of VLAN and a valid VLAN ID. interface-number Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines This command has no user guidelines. Example The following example displays IGMP information for VLAN 11. console#show ip igmp vlan 11 Interface........
Page 937: Show Ip Igmp Interface Stats
show ip igmp membership Use the show ip igmp membership command in Privileged EXEC mode to display the list of interfaces that have registered in the multicast group. If detail is specified, this command displays detailed information about the listed interfaces. Syntax groupaddr ] [detail] show ip igmp membership [...
Page 938 vlan-id — Valid VLAN ID • Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. Examples The following example displays the IGMP statistical information for VLAN 7. console#show ip igmp interface stats vlan 7 Querier Status.......
Page 939: Igmp Proxy Commands
IGMP Proxy Commands IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces.
Page 940: Ip Igmp-Proxy Reset-Status
Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example enables the IGMP Proxy on the VLAN 15 router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy ip igmp-proxy reset-status Use the ip igmp-proxy reset-status command in Interface Configuration mode to reset the host interface status parameters of the IGMP Proxy router.
Page 941: Ip Igmp-Proxy Unsolicited-Report-Interval
Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy reset-status ip igmp-proxy unsolicited-report-interval Use the ip igmp-proxy unsolicited-report-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router.
Page 942: Show Ip Igmp-Proxy
show ip igmp-proxy Use the show ip igmp-proxy command in Privileged EXEC mode to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 943: Show Ip Igmp-Proxy Interface
Proxy Start Frequency......1 show ip igmp-proxy interface Use the show ip igmp-proxy interface command in Privileged EXEC mode to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy interface Default Configuration...
Page 944: Show Ip Igmp-Proxy Groups
show ip igmp-proxy groups Use the show ip igmp-proxy groups command in Privileged EXEC mode to display a table of information about multicast groups that IGMP Proxy reported. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy groups Default Configuration This command has no default configuration.
Page 945 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp-proxy groups detail Interface Index........
Page 946 IGMP Proxy Commands...
Page 947: Ip Helper/Dhcp Relay Commands
IP Helper/DHCP Relay Commands The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address. This allows applications to reach servers on non-local subnets. This is possible even when the application is designed to assume a server is always on a local subnet or when the application uses broadcast packets to reach the server (with the limited broadcast address 255.255.255.255, or a network directed broadcast address).
Page 948 Protocol UDP Port Number NetBIOS Name Server NetBIOS Datagram Server TACACS Server Time Service DHCP Trivial File Transfer Protocol Certain preexisting configurable DHCP relay options do not apply to relay of other protocols. These options are unchanged. The user may optionally set a DHCP maximum hop count or minimum wait time.
Page 949: Bootpdhcprelay Maxhopcount
• The protocol field in the IP header must be UDP (17). • The destination UDP port must match a configured relay entry. DHCP relay cannot be enabled and disabled globally. IP helper can be enabled or disabled globally. Enabling IP helper enables DHCP relay. Commands in this Chapter This chapter explains the following commands: bootpdhcprelay maxhopcount...
Page 950: Bootpdhcprelay Minwaittime
Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example defines a maximum hopcount of 6. console(config)#bootpdhcprelay maxhopcount 6 bootpdhcprelay minwaittime Use the bootpdhcprelay minwaittime command in Global Configuration mode to configure the minimum wait time in seconds for BootP/DHCP Relay on the system.
Page 951: Clear Ip Helper Statistics
Example The following example defines a minimum wait time of 10 seconds. console(config)#bootpdhcprelay minwaittime 10 clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics Default Configuration There is no default configuration for this command.
Page 952: Ip Dhcp Relay Information Check-Reply
Parameter Description This command has no arguments or keywords. Default Configuration This is enabled by default for a DHCP relay agent. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Interface configuration takes precedence over global configuration. However if there is no interface configuration then global configuration is followed.
Page 953: Ip Dhcp Relay Information Option
Parameter Description Parameter Description none (Optional) Disables the command function. Default Configuration This check is enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Enable DHCP Relay using the ip helper enable command. Use the global configuration command ip dhcp relay information option command to enable processing of DHCP circuit ID and remote agent ID options.
Page 954: Ip Dhcp Relay Information Option-Insert
Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example enables the circuit ID and remote agent ID options. console(config)#ip dhcp relay information option ip dhcp relay information option-insert Use the ip dhcp relay information option-insert command in Interface Configuration mode to enable the circuit ID option and remote agent ID...
Page 955: Ip Helper-Address (Global Configuration)
Command Mode Interface (VLAN) Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. The interface configuration always takes precedence over global configuration. However, if there is no interface configuration, then global configuration is followed. Example The following example enables the circuit ID and remote agent ID options on vlan 10.
Page 956 (port 53), isakmp (port 500), mobile-ip (port 434), nameserver (port 42), netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-auto- rp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured.
Page 957: Ip Helper-Address (Interface Configuration)
ip helper-address (interface configuration) Use the ip helper-address (interface configuration) command to configure the relay of certain UDP broadcast packets received on a specific interface. To delete a relay entry on an interface, use the no form of this command. Syntax ip helper-address { server-address | discard } [ dest-udp-port | dhcp | domain | isakmp | mobile ip | nameserver | netbios-dgm | netbios-ns | ntp...
Page 958 User Guidelines This command can be invoked multiple times on routing interface, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. The command no ip helper-address with no arguments clears all helper addresses on the interface.
Page 959: Ip Helper Enable
and DNS packets received on vlan 5 to 192.168.40.2, relays SNMP traps (port 162) received on interface vlan 6 to 192.168.23.1, and drops DHCP packets received on vlan 6: console#config console(config)#ip helper-address 192.168.40.1 dhcp console(config)#interface vlan 5 console(config-if-vlan5)#ip helper-address 192.168.40.2 dhcp console(config-if-vlan5)#ip helper-address 192.168.40.2 domain console(config-if-vlan5)#exit...
Page 960: Show Ip Helper-Address
User Guidelines This command can be used to temporarily disable IP helper without deleting all IP helper addresses. This command replaces the bootpdhcprelay enable command, but affects not only relay of DHCP packets, but also relay of any other protocols for which an IP helper address has been configured.
Page 961: Show Ip Dhcp Relay
UDP Port The relay configuration is applied to packets whose destination UDP port is this port. Entries whose UDP port is identified as “any” are applied to packets with the destination UDP ports listed in Table 47-1. Discard If “Yes”, packets arriving on the given interface with the given destination UDP port are discarded rather than relayed.
Page 962: Show Ip Helper Statistics
Default Configuration The command has no default configuration. Command Mode User EXEC and Privileged EXEC modes User Guidelines This command has no user guidelines. Example The following example defines the Boot/DHCP Relay information. console#show ip dhcp relay Maximum Hop Count......4 Minimum Wait Time(Seconds).....
Page 963 User Guidelines Field Description DHCP client The number of valid messages received from a DHCP client. messages received The count is only incremented if IP helper is enabled globally, the ingress routing interface is up, and the packet passes a number of validity checks, such as having a TTL >...
Page 964 Packets with The number of packets received with TTL of 0 or 1 that might expired TTL otherwise have been relayed. Packets that The number of packets ignored by the relay agent because they matched a discard match a discard relay entry. entry Example console#show ip helper statistics...
Page 965: Ip Routing Commands
IP Routing Commands The Routing Module provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments. The PowerConnect switches allows the network operator to build a complete Layer 3+ configuration with advanced functionality. As the PowerConnect defaults to Layer 2 switching functionality, routing must be explicitly enabled on the PowerConnect to perform Layer 3 forwarding.
Page 966: Default Routes
The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF). When routes from different sources have the same preference, PowerConnect routing prefers a static route over a dynamic route.
Page 967: Encapsulation
encapsulation Use the encapsulation command in Interface Configuration (VLAN) mode to configure the Link Layer encapsulation type for the packet. Routed frames are always ethernet-encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation. •...
Page 968 Syntax ip-address subnet-mask prefix-length ip address } [ secondary ] ip-address subnet-mask prefix-length no ip address } [ secondary ] ip-address — IP address of the interface. • subnet-mask — Subnet mask of the interface • prefix-length — Length of the prefix. Must be preceded by a forward slash •...
Page 969 ip mtu Use the ip mtu command in Interface Configuration mode to set the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation.
Page 970: Ip Netdirbcast
Example The following example defines 1480 as the MTU for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip mtu 1480 ip netdirbcast Use the ip netdirbcast command in Interface Configuration mode to enable the forwarding of network-directed broadcasts. When enabled, network directed broadcasts are forwarded. When disabled they are dropped. Use the no form of the command to disable the broadcasts.
Page 971: Ip Route
ip route Use the ip route command in Global Configuration mode to configure a static route. Use the no form of the command to delete the static route. The IP route command sets a value for the route preference. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
Page 972: Ip Route Default
Example ip-address subnet-mask, next-hop-ip The following example identifies the and a preference value of 200. console(config)#ip route 192.168.10.10 255.255.255.0 192.168.20.1 metric 200 ip route default Use the ip route default command in Global Configuration mode to configure the next hop address of the default route. Use the no form of the command to delete the default route.
Page 973: Ip Route Distance
Using this command, the administrator may manually configure a single, global default gateway. The switch installs a default route for a configured default gateway with a preference of 253, making it more preferred than the default gateways learned via DHCP , but less preferred than a static default route.
Page 974: Ip Routing
Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default route metric to 80. console(config)#ip route distance 80 ip routing To globally enable IPv4 routing on the router, use the "ip routing" command in Global Configuration mode.
Page 975: Show Ip Brief
routing Use the routing command in Interface Configuration mode to enable IPv4 and IPv6 routing for an interface. View the current value for this function with the show ip brief command. The value is labeled Routing Mode in the output display. Use the no form of the command to disable routing for an interface.
Page 976: Show Ip Interface
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays IP summary information. console#show ip brief Default Time to Live....... 30 Routing Mode....... Disabled IP Forwarding Mode......
Page 977 Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines The Method field contains one of the following values. Field Description DHCP The address is leased from a DHCP server. Manual The address is manually configured. The following examples display all IP information and information specific to VLAN 2.
Page 978 The Method field is also added to the long form. console#show ip interface vlan2 Routing Interface Status..Up Primary IP Address..192.168.75.1/255.255.255.0 Method......DHCP Routing Mode..... Enable Administrative Mode....Enable Forward Net Directed Broadcasts..Disable Proxy ARP......Enable Local Proxy ARP....Disable Active State.......
Page 979: Show Ip Protocols
Burned In MAC Address....001E.C9AA.AD1C show ip protocols Use the show ip protocols command in User EXEC or Privileged EXEC mode to display the parameters and current state of the active routing protocols. Syntax show ip protocols Syntax Description This command has no arguments or keywords. Default Configuration This command has no default configuration.
Page 980: Show Ip Route
-------- --------- ----------- ---------- 176.1.1.1 1 1 flowers 176.2.1.1 passive 2 Routing Information Sources: Gateway Last Update 176.1.1.2 0:00:17 Preference: 60 Routing Protocol is "ospf" Redistributing: OSPF, External direct, Static, RIP Interfaces: Interface Metric Key-chain -------- --------- ----------- ---------- 176.1.1.1 10 flowers 176.2.1.1 1 Routing Information Sources: Gateway State...
Page 981 Syntax Description Parameter Description ip-address Specifies the network for which the route is to be displayed and displays the best matching best-route for the address. mask Subnet mask of the IP address. prefix-length Length of prefix, in bits. Must be preceded with a forward slash (/).
Page 982: Show Ip Route Configured
S 0.0.0.0/0 [254/0] via 10.1.20.1 C 10.1.20.0/24 [0/1] directly connected, Vl2 C 4.4.0.0/16 [0/1] directly connected, C 20.1.20.0/24 [0/1] directly connected, Vl4 show ip route configured Use the show ip route configured command in Privileged EXEC mode to display the configured routes, whether they are reachable or not. Syntax show ip route configured Default Configuration...
Page 983: Show Ip Route Preferences
Default Gateway is not configured 10.0.0.0/8 [1/0] via 1.2.3.5 show ip route preferences Use the show ip route preferences command in Privileged EXEC mode displays detailed information about the route preferences. Route preferences are used in determining the best route. Lower router preference values are preferred over higher router preference values.
Page 984: Show Ip Route Summary
Local.......... 0 Static......... 1 OSPF Intra........110 OSPF Inter........110 OSPF External........110 RIP..........120 Configured Default Gateway..... 253 DHCP Default Gateway......254 show ip route summary Use the show ip route summary command in Privileged EXEC mode to display the routing table summary, including best and non-best routes. Syntax show ip route summary [best] Parameter Description...
Page 985: Show Ip Traffic
Example The following example displays the IP route summary. console#show ip route summary Connected Routes....... 0 Static Routes........0 RIP Routes........0 OSPF Routes........0 Intra Area Routes......0 Inter Area Routes......0 External Type-1 Routes......0 External Type-2 Routes......0 Total routes........
Page 986 User Guidelines This command has no user guidelines. Example The following example displays IP route preferences. console>show ip traffic IpInReceives........24002 IpInHdrErrors........1 IpInAddrErrors......... 925 IpForwDatagrams........ 0 IpInUnknownProtos......0 IpInDiscards........0 IpInDelivers........18467 IpOutRequests........295 IpOutDiscards........0 IpOutNoRoutes........0 IpReasmTimeout......... 0 IpReasmReqds........
Page 987: Show Ip Vlan
IcmpInTimeExcds........ 0 IcmpInParmProbs........ 0 IcmpInSrcQuenchs....... 0 IcmpInRedirects........ 0 IcmpInEchos........3 IcmpInEchoReps......... 0 IcmpInTimestamps....... 0 IcmpInTimestampReps......0 IcmpInAddrMasks........ 0 IcmpInAddrMaskReps......0 IcmpOutMsgs........3 IcmpOutErrors........0 IcmpOutDestUnreachs......0 IcmpOutTimeExcds....... 0 IcmpOutParmProbs....... 0 IcmpOutSrcQuenchs......0 IcmpOutRedirects....... 0 IcmpOutEchos........3 IcmpOutEchoReps........ 3 IcmpOutTimestamps......0 IcmpOutTimestampReps......
Page 988 Syntax show ip vlan Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information. console#show ip vlan MAC Address used by Routing VLANs: 00:00:00:01:00:02 VLAN ID IP Address Subnet Mask ------- --------------- ---------------...
Page 989: Ipv6 Pim
IPv6 PIM Commands This chapter explains the following commands: ipv6 pim ipv6 pim join-prune- show ipv6 pim bsr-router interval ipv6 pim sparse (Global ipv6 pim register-rate-limit show ipv6 pim interface config) ipv6 pim dense ipv6 pim rp-address show ipv6 pim neighbor ipv6 pim bsr-border ipv6 pim rp-candidate show ipv6 pim rp hash...
Page 990: Ipv6 Pim Sparse (Global Config)
Example console(if-vlan-10)#ipv6 pim ipv6 pim sparse (Global config) Use the ipv6 pim sparse command to administratively configure PIM sparse mode for multicast routing. Use the no form of this command to disable PIM sparse mode. Syntax ipv6 pim sparse no ipv6 pim sparse Default Configuration IPv6 PIM is disabled by default.
Page 991: Ipv6 Pim Bsr-Border
Default Configuration PIM is disabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. Example console(config)#ipv6 pim dense ipv6 pim bsr-border Use the ipv6 pim bsr-border command to administratively disable bootstrap router (BSR) messages from being sent or received through an interface.
Page 992: Ipv6 Pim Bsr-Candidate
ipv6 pim bsr-candidate Use the ipv6 pim bsr-candidate command to configure the router to advertise itself as a bootstrap router (BSR). Use the no form of this command to return to the default configuration. Syntax vlan-id hash-mask-len bsr-priority ipv6 pim bsr-candidate vlan { [interval interval vlan-id...
Page 993: Ipv6 Pim Dr-Priority
Example console(config)#ipv6 pim bsr-candidate vlan 10 16 0 interval 30 ipv6 pim dr-priority Use the ipv6 pim dr-priority command to administratively configure the advertised designated router (DR) priority. Use the no form of this command to return the configuration to the default. Syntax priority ipv6 pim dr-priority...
Page 994: Ipv6 Pim Hello-Interval
ipv6 pim hello-interval Use the ipv6 pim hello-interval command to administratively configure the frequency of PIM Hello messages for the specified interface. Use the no form of this command to return the configuration to the default. Syntax interval ipv6 pim hello-interval no ipv6 pim hello-interval Parameter Description Parameter...
Page 995: Ipv6 Pim Register-Rate-Limit
no ipv6 pim join-prune-interval Parameter Description Parameter Description interval The number of seconds between successive join-prune transmissions. Range 0-18000 seconds. Default 60 seconds. Default Configuration The join/prune interval defaults to 60 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled.
Page 996: Ipv6 Pim Rp-Address
Default Configuration The default threshold is 0. This indicates that the register limit is infinite. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim register-rate-limit 10 ipv6 pim rp-address Use the ipv6 pim rp-address command to define the address of a PIM Rendezvous Point (RP) for a specific multicast group range.
Page 997: Ipv6 Pim Rp-Candidate
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim rp-address 2001:db8:85a3:0:0:8a2e:370:7334 ffe8::0 /16 override ipv6 pim rp-candidate Use the ipv6 pim rp-candidate command to configure the router to advertise itself to the bootstrap router (BSR) as a PIM candidate Rendezvous Point (RP) for a specific multicast group range.
Page 998: Ipv6 Pim Spt-Threshold
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example Console(config)# ipv6 pim rp-candidate vlan 10 239.1.0.0 255.255.0.0 interval 30 ipv6 pim spt-threshold Use the ipv6 pim spt-threshold command to set the multicast traffic threshold rate for the last-hop router to switch to the shortest path on the router.
Page 999: Ipv6 Pim Ssm
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim spt-threshold 1000 ipv6 pim ssm Use the ipv6 pim ssm command to administratively configure PIM Source Specific Multicast (SSM) range of addresses for IPv6 multicast routing. Use the no form of this command to removed configured ranges of addresses from the router.
Page 1000: Show Ipv6 Pimsm
Example console(config)#ipv6 pim ssm ffe8::01::00:00:00 /96 show ipv6 pimsm Use the show ipv6 pimsm command to display global status of IPv6 PIMSM and its IPv6 routing interfaces. Syntax show ipv6 pimsm Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines...

Dell PowerConnect 7000 Series Reference Manual

1 Command Groups

6 Address Table

19 Igmp Snooping Querier

22 Ipv6 Mld Snooping

33 Spanning Tree

38 Layer 3 Commands

73 Sdm Templates

2 Using the CLI

3 Layer 2 Switching Commands

4 Aaa Commands

5 ACL Commands

7 Auto-Voip Commands

8 CDP Interoperability Commands

9 DHCP Layer 2 Relay Commands

10 DHCP Management Interface Commands

11 DHCP Snooping Commands

12 Dynamic ARP Inspection Commands

13 Email Alerting Commands

14 Ethernet Configuration Commands

15 Ethernet CFM Commands

16 Green Ethernet Commands

17 Gvrp Commands

18 Igmp Snooping Commands

20 Ip Addressing Commands

21 Ipv6 Access List Commands

23 Ipv6 MLD Snooping Querier Commands

24 IP Source Guard Commands

25 Iscsi Optimization Commands

Quick Links

Related Manuals for Dell PowerConnect 7000 Series

Summary of Contents for Dell PowerConnect 7000 Series