Summary of Contents for Centrecom FS980M/9
- Page 1 ® CentreCOM FS980M Series FAST ETHERNET MANAGED ACCESS SWITCHES FS980M/9 FS980M/28 FS980M/9PS FS980M/28PS FS980M/18 FS980M/52 FS980M/18PS FS980M/52PS Command Reference for AlliedWare Plus™ Version 5.4.6-2.x 613-50137-01 Rev A...
- Page 2 Acknowledgments This product includes software developed by the University of California, Berkeley and its contributors. Copyright ©1982, 1986, 1990, 1991, 1993 The Regents of the University of California. All rights reserved. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. For information about this see www.openssl.org/ Copyright ©1998-2008 The OpenSSL Project.
-
Page 3: Table Of Contents
Contents PART 1: Setup and Troubleshooting ......58 Chapter 1: CLI Navigation Commands ......59 Introduction . -
Page 4: Table Of Contents
erase startup-config ........96 ip tftp source-interface ........97 ipv6 tftp source-interface . -
Page 5: Table Of Contents
Chapter 4: GUI Commands ........160 Introduction . -
Page 6: Table Of Contents
show system pluggable detail ......230 show system pluggable diagnostics ......233 show test cable-diagnostics tdr . -
Page 7: Table Of Contents
echo ..........314 wait . -
Page 8: Table Of Contents
polarity ......... . . 373 show debugging loopprot . -
Page 9: Table Of Contents
vlan classifier rule proto ....... . . 437 vlan database ........440 vlan mode stack-local-vlan . -
Page 10: Table Of Contents
spanning-tree portfast bpdu-guard ......511 spanning-tree priority (bridge priority) ..... . . 513 spanning-tree priority (port priority) . -
Page 11: Table Of Contents
arp log ..........572 arp-reply-bc-dmac . -
Page 12: Table Of Contents
maximum-paths ........637 show ip route . -
Page 13: Table Of Contents
PART 4: Multicast Applications ....... 698 Chapter 22: IGMP Snooping Commands ......699 Introduction . -
Page 14: Table Of Contents
Introduction ........756 access-group . -
Page 15: Table Of Contents
match cos ......... . 859 match dscp . -
Page 16: Table Of Contents
show dot1x ......... 924 show dot1x diagnostics . -
Page 17: Table Of Contents
auth-web-server page title ......1013 auth-web-server page welcome-message ....1014 auth-web-server ping-poll enable . -
Page 18: Table Of Contents
authorization commands ....... 1083 clear aaa local user lockout ......1085 debug aaa . -
Page 19: Table Of Contents
subject-name (trustpoint configuration) ..... 1146 Chapter 33: TACACS+ Commands ......1148 Introduction . -
Page 20: Table Of Contents
Chapter 35: Virtual Chassis Stacking (VCStack™) Commands ... . . 1211 Introduction ........1211 clear counter stack . -
Page 21: Table Of Contents
Chapter 37: RRP Snooping Commands ......1278 Introduction ........1278 ip rrp snooping . -
Page 22: Table Of Contents
atmf recover led-off ........1346 atmf remote-login ........1347 atmf restricted-login . -
Page 23: Table Of Contents
show dhcp lease ........1448 Chapter 40: NTP Commands . -
Page 24: Table Of Contents
clear lldp statistics ........1516 clear lldp table ........1517 debug lldp . -
Page 25: Table Of Contents
rmon event ........1587 show rmon alarm . -
Page 26: Table Of Contents
show running-config trigger ......1654 show trigger ........1655 test . -
Page 27: Table Of Contents
List of Commands (access-list extended ICMP filter) .........814 (access-list extended IP filter). -
Page 28: Table Of Contents
aaa authorization commands ......... . .1151 aaa authorization config-commands . -
Page 29: Table Of Contents
atmf backup area-masters synchronize ........1294 atmf backup bandwidth ..........1295 atmf backup delete . -
Page 30: Table Of Contents
atmf reboot-rolling ........... . .1339 atmf recover guest. -
Page 31: Table Of Contents
auth-mac password............990 auth-mac reauth-relearning. -
Page 32: Table Of Contents
backpressure ............344 banner exec . -
Page 33: Table Of Contents
clear lldp table............1517 clear log buffered. -
Page 34: Table Of Contents
crypto key generate hostkey ..........1601 crypto key generate rsa . -
Page 35: Table Of Contents
debug rip ............. . . 653 debug snmp. -
Page 36: Table Of Contents
dot1x max-auth-fail............915 dot1x max-reauth-req . -
Page 37: Table Of Contents
fullupdate (RIP) ............658 gui-timeout . -
Page 38: Table Of Contents
ip igmp snooping routermode ......... . . 713 ip igmp snooping tcn query solicit . -
Page 39: Table Of Contents
ipv6 mld snooping querier ..........745 ipv6 mld snooping report-suppression . -
Page 40: Table Of Contents
lldp tx-delay ............1537 local-proxy-arp . -
Page 41: Table Of Contents
login authentication ........... .1087 logout. -
Page 42: Table Of Contents
neighbor (RIP) ............678 network (RIP) . -
Page 43: Table Of Contents
power-inline usage-threshold ..........554 priority-queue . -
Page 44: Table Of Contents
sample-size.............1694 script. -
Page 45: Table Of Contents
show atmf area summary ..........1383 show atmf area . -
Page 46: Table Of Contents
show counter dhcp-client ..........1447 show counter log . -
Page 47: Table Of Contents
show debugging snmp ..........1481 show debugging stack. -
Page 48: Table Of Contents
show interface memory..........326 show interface status . -
Page 49: Table Of Contents
show ipv6 mld interface ..........752 show ipv6 mld snooping mrouter . -
Page 50: Table Of Contents
show mls qos interface........... 885 show mls qos maps cos-queue . -
Page 51: Table Of Contents
show running-config log..........311 show running-config snmp . -
Page 52: Table Of Contents
show stack .............1225 show startup-config . -
Page 53: Table Of Contents
snmp-server legacy-ifadminstatus........1505 snmp-server location . -
Page 54: Table Of Contents
spanning-tree restricted-role..........515 spanning-tree restricted-tcn . -
Page 55: Table Of Contents
switchport access vlan ........... 414 switchport atmf-agentlink . -
Page 56: Table Of Contents
test ..............1660 thrash-limiting . -
Page 57: Table Of Contents
undebug mstp ............518 undebug ping-poll . -
Page 58: Part 1: Setup And Troubleshooting
Part 1: Setup and Troubleshooting 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 59: Cli Navigation
CLI Navigation Commands Introduction Overview This chapter provides an alphabetical reference for the commands used to navigate between different modes. This chapter also provides a reference for the help and show commands used to help navigate within the CLI. Command List •... -
Page 60: Configure Terminal
CLI N AVIGATION OMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode. configure terminal Syntax Mode Privileged Exec Example To enter the Global Configuration command mode (note the change in the command prompt), enter the command: awplus# configure terminal awplus(config)#... -
Page 61: Disable (Privileged Exec Mode)
CLI N AVIGATION OMMANDS DISABLE RIVILEGED XEC MODE disable (Privileged Exec mode) Overview This command exits the Privileged Exec mode, returning the prompt to the User Exec mode. To end a session, use the exit command. disable Syntax Mode Privileged Exec Example To exit the Privileged Exec mode, enter the command: awplus#... - Page 62 CLI N AVIGATION OMMANDS Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode. do <command> Syntax Parameter Description <command> Specify the command and its parameters. Mode Any configuration mode awplus# configure terminal Example...
-
Page 63: Enable (Privileged Exec Mode)
CLI N AVIGATION OMMANDS ENABLE RIVILEGED XEC MODE enable (Privileged Exec mode) Overview This command enters the Privileged Exec mode and optionally changes the privilege level for a session. If a privilege level is not specified then the maximum privilege level (15) is applied to the session. If the optional privilege level is omitted then only users with the maximum privilege level can access Privileged Exec mode without providing the password as specified by the enable password... - Page 64 CLI N AVIGATION OMMANDS ENABLE RIVILEGED XEC MODE Privilege Exec mode. Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode. awplus> enable 7 awplus# Related disable (Privileged Exec mode) Commands enable password enable secret...
- Page 65 CLI N AVIGATION OMMANDS Overview This command returns the prompt to the Privileged Exec command mode from any other advanced command mode. Syntax Mode All advanced command modes, including Global Configuration and Interface Configuration modes. Example The following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode.
-
Page 66: Exit
CLI N AVIGATION OMMANDS EXIT exit Overview This command exits the current mode, and returns the prompt to the mode at the previous level. When used in User Exec mode, the exit command terminates the session. exit Syntax Mode All command modes, including Global Configuration and Interface Configuration modes. -
Page 67: Help
CLI N AVIGATION OMMANDS HELP help Overview This command displays a description of the AlliedWare Plus™ OS help system. help Syntax Mode All command modes Example To display a description on how to use the system help, use the command: awplus# help Output... -
Page 68: Logout
CLI N AVIGATION OMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session. logout Syntax Mode User Exec and Privileged Exec Example To exit the User Exec mode, use the command: awplus# logout 613-50137-01 Rev A Command Reference for FS980M Series... -
Page 69: Show History
CLI N AVIGATION OMMANDS SHOW HISTORY show history Overview This command lists the commands entered in the current session. The history buffer is cleared automatically upon reboot. The output lists all command line entries, including commands that returned an error. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 70: Configuration Management
File and Configuration Management Commands Introduction This chapter provides an alphabetical reference of AlliedWare Plus™ OS file and configuration management commands. Filename Syntax Many of the commands in this chapter use the placeholder “filename” to represent and Keyword the name and location of the file that you want to act on. The following table Usage explains the syntax of the filename for each different type of file location. - Page 71 ILE AND ONFIGURATION ANAGEMENT OMMANDS When you copy a file... Use this syntax: Example: Copying with SFTP sftp://[[<location>]/<directory>] To specify a file in the top-level /<filename> directory of the server: sftp://10.0.0.5/example.cfg <hostname>-<stack_ID>/flash:[/][< Copying to or from To specify a file in the configs directory directory>/] stack member on member 2 of a stack named vcstack:...
- Page 72 ILE AND ONFIGURATION ANAGEMENT OMMANDS Similarly, you can specify the USB storage device base directory with usb or usb: or usb:/ You cannot name a directory or subdirectory flash, nvs, usb, card, tftp, scp, sftp or http. These keywords are reserved for tab completion when using various file commands.
- Page 73 ILE AND ONFIGURATION ANAGEMENT OMMANDS • “show file” on page 107 • “show file systems” on page 108 • “show running-config” on page 110 • “show running-config interface” on page 114 • “show startup-config” on page 116 • “show version” on page 117 •...
-
Page 74: Autoboot Enable
ILE AND ONFIGURATION ANAGEMENT OMMANDS AUTOBOOT ENABLE autoboot enable Overview This command enables the device to restore a release file and/or a configuration file from external media, such as a USB storage device. When the Autoboot feature is enabled, the device looks for a special file called autoboot.txt on the external media. -
Page 75: Boot Config-File
ILE AND ONFIGURATION ANAGEMENT OMMANDS BOOT CONFIG FILE boot config-file Overview Use this command to set the configuration file to use during the next boot cycle. Use the no variant of this command to remove the configuration file. Syntax boot config-file <filepath-filename> no boot config-file Parameter Description... - Page 76 ILE AND ONFIGURATION ANAGEMENT OMMANDS BOOT CONFIG FILE To stop running the configuration file “branch.cfg” stored on the switch’s USB storage device filesystem when the device boots up, use the commands: awplus# configure terminal awplus(config)# no boot config-file usb:/branch.cfg Related boot config-file backup Commands boot system...
-
Page 77: Boot Config-File Backup
ILE AND ONFIGURATION ANAGEMENT OMMANDS BOOT CONFIG FILE BACKUP boot config-file backup Overview Use this command to set a backup configuration file to use if the main configuration file cannot be accessed. Use the no variant of this command to remove the backup configuration file. Syntax boot config-file backup <filepath-filename>... -
Page 78: Boot System
ILE AND ONFIGURATION ANAGEMENT OMMANDS BOOT SYSTEM boot system Overview Use this command to set the release file to load during the next boot cycle. Use the no variant of this command to remove the release file as the boot file. Syntax boot system <filepath-filename>... - Page 79 ILE AND ONFIGURATION ANAGEMENT OMMANDS BOOT SYSTEM To run the release file FS980-5.4.6-1.4.rel stored on the switch’s USB storage device filesystem the next time the device boots up, use the commands: awplus# configure terminal awplus(config)# boot system usb:/FS980-5.4.6-1.4.rel To remove the release file FS980-5.4.6-1.4.rel stored on the switch’s USB storage device filesystem the next time the device boots up, use the commands: awplus# configure terminal...
-
Page 80: Boot System Backup
ILE AND ONFIGURATION ANAGEMENT OMMANDS BOOT SYSTEM BACKUP boot system backup Overview Use this command to set a backup release file to load if the main release file cannot be loaded. Use the no variant of this command to remove the backup release file as the backup boot file. - Page 81 ILE AND ONFIGURATION ANAGEMENT OMMANDS Overview This command changes the current working directory. cd <directory-name> Syntax Parameter Description <directory-name> Name and path of the directory. Mode Privileged Exec To change to the directory called images, use the command: Example awplus# cd images Related Commands...
-
Page 82: Copy (Filename)
ILE AND ONFIGURATION ANAGEMENT OMMANDS COPY FILENAME copy (filename) Overview This command copies a file. This allows you to: • copy files from your device to a remote device • copy files from a remote device to your device • copy files stored on Flash memory to or from a different memory type, such as a USB storage device •... - Page 83 ILE AND ONFIGURATION ANAGEMENT OMMANDS COPY FILENAME To copy the file config.cfg into the current directory from a remote file server, and rename it to configtest.cfg, use the command: awplus# copy fserver:/config.cfg configtest.cfg To copy the file test.txt from the top level of Flash on stack member 2 to the current directory in the stack master, use the command: awplus# copy awplus-2/flash:/test.txt test.txt...
-
Page 84: Copy Current-Software
ILE AND ONFIGURATION ANAGEMENT OMMANDS COPY CURRENT SOFTWARE copy current-software Overview This command copies the AlliedWare Plus™ OS software that the device has booted from, to a destination file. Specify whether the destination is Flash or USB when saving the software to the local filesystem. copy current-software <destination-name>... -
Page 85: Copy Debug
ILE AND ONFIGURATION ANAGEMENT OMMANDS COPY DEBUG copy debug Overview This command copies a specified debug file to a destination file. Specify whether the destination is Flash or USB when saving the software to the local filesystem. copy debug {<destination-name>|debug|flash|nvs|scp|tftp|usb} Syntax {<source-name>|debug|flash|nvs|scp|tftp|usb} Parameter... -
Page 86: Copy Running-Config
ILE AND ONFIGURATION ANAGEMENT OMMANDS COPY RUNNING CONFIG copy running-config Overview This command copies the running-config to a destination file, or copies a source file into the running-config. Commands entered in the running-config do not survive a device reboot unless they are saved in a configuration file. copy <source-name>... -
Page 87: Copy Startup-Config
ILE AND ONFIGURATION ANAGEMENT OMMANDS COPY STARTUP CONFIG copy startup-config Overview This command copies the startup-config script into a destination file, or alternatively copies a configuration script from a source file into the startup-config file. copy <source-name> startup-config Syntax copy startup-config <destination-name> Parameter Description <source-name>... -
Page 88: Copy Zmodem
ILE AND ONFIGURATION ANAGEMENT OMMANDS COPY ZMODEM copy zmodem Overview This command allows you to copy files using ZMODEM using Minicom. ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer. copy <source-name> zmodem Syntax copy zmodem Parameter... -
Page 89: Create Autoboot
ILE AND ONFIGURATION ANAGEMENT OMMANDS CREATE AUTOBOOT create autoboot Use this command to create an autoboot.txt file on external media. This Overview command will automatically ensure that the keys and values that are expected in this file are correct. After the file is created the create autoboot command will copy the current release and configuration files across to the external media. -
Page 90: Delete
ILE AND ONFIGURATION ANAGEMENT OMMANDS DELETE delete Overview This command deletes files or directories. delete [force] [recursive] <filename> Syntax Parameter Description force Ignore nonexistent filenames and never prompt before deletion. recursive Remove the contents of directories recursively. <filename> The filename and path of the file to delete. See Introduction on page 70 for valid syntax. -
Page 91: Delete Debug
ILE AND ONFIGURATION ANAGEMENT OMMANDS DELETE DEBUG delete debug Overview Use this command to delete a specified debug output file. delete debug <source-name> Syntax Parameter Description <source-name> The filename and path where the debug output originates. Introduction on page 70 for valid URL syntax. Mode Privileged Exec Example... - Page 92 ILE AND ONFIGURATION ANAGEMENT OMMANDS Overview This command lists the files on a filesystem. If no directory or file is specified then this command lists the files in the current working directory. dir [all] [recursive] [sort [reverse] [name|size|time]] Syntax [<filename>|debug|flash|nvs|usb] Parameter Description List all files.
- Page 93 ILE AND ONFIGURATION ANAGEMENT OMMANDS To list all the files in the root of the Flash filesystem, use the command: awplus# dir all flash: To list recursively the files in the Flash filesystem, use the command: awplus# dir recursive flash: To list the files in alphabetical order, use the command: awplus# dir sort name...
-
Page 94: Edit
ILE AND ONFIGURATION ANAGEMENT OMMANDS EDIT edit Overview This command opens a text file in the AlliedWare Plus™ text editor. Once opened you can use the editor to alter to the file. If a filename is specified and it already exists, then the editor opens it in the text editor. -
Page 95: Edit (Filename)
ILE AND ONFIGURATION ANAGEMENT OMMANDS EDIT FILENAME edit (filename) Overview This command opens a remote text file as read-only in the AlliedWare Plus™ text editor. Before starting the editor make sure your terminal, terminal emulation program, or Telnet client is 100% compatible with a VT100 terminal. The editor uses VT100 control sequences to display text on the terminal. -
Page 96: Erase Startup-Config
ILE AND ONFIGURATION ANAGEMENT OMMANDS ERASE STARTUP CONFIG erase startup-config Overview This command deletes the file that is set as the startup-config file, which is the configuration file that the system runs when it boots up. At the next restart, the device loads the default configuration file, default.cfg. If default.cfg no longer exists, then the device loads with the factory default configuration. -
Page 97: Ip Tftp Source-Interface
ILE AND ONFIGURATION ANAGEMENT OMMANDS IP TFTP SOURCE INTERFACE ip tftp source-interface Overview Use this command to manually specify the IP address that all TFTP requests originate from. This is useful in network configurations where TFTP servers only accept requests from certain devices, or where the server cannot dynamically determine the source of the request. -
Page 98: Ipv6 Tftp Source-Interface
ILE AND ONFIGURATION ANAGEMENT OMMANDS TFTP SOURCE INTERFACE ipv6 tftp source-interface Overview Use this command to manually specify the IPv6 address that all TFTP requests originate from. This is useful in network configurations where TFTP servers only accept requests from certain devices, or where the server cannot dynamically determine the source of the request. -
Page 99: Mkdir
ILE AND ONFIGURATION ANAGEMENT OMMANDS MKDIR mkdir Overview This command makes a new directory. mkdir <name> Syntax Parameter Description <name> The name and path of the directory that you are creating. Mode Privileged Exec Usage You cannot name a directory or subdirectory flash, nvs, usb, card, tftp, scp, sftp or http. -
Page 100: Move
ILE AND ONFIGURATION ANAGEMENT OMMANDS MOVE move Overview This command renames or moves a file. move <source-name> <destination-name> Syntax Parameter Description <source-name> The filename and path of the source file. See Introduction on page 70 for valid syntax. <destination-name> The filename and path of the destination file. See Introduction on page 70 for valid syntax. -
Page 101: Move Debug
ILE AND ONFIGURATION ANAGEMENT OMMANDS MOVE DEBUG move debug Overview This command moves a specified debug file to a destination debug file. move debug {<destination-name>|debug|flash|nvs|usb} Syntax Parameter Description <destination-name> The filename and path where you would like the debug output moved to. See Introduction on page 70 for valid syntax. - Page 102 ILE AND ONFIGURATION ANAGEMENT OMMANDS Overview This command prints the current working directory. Syntax Mode Privileged Exec Example To print the current working directory, use the command: awplus# Related Commands 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 103: Rmdir
ILE AND ONFIGURATION ANAGEMENT OMMANDS RMDIR rmdir Overview This command removes a directory. This command only works on empty directories, unless you specify the optional force keyword. rmdir [force] <name> Syntax Parameter Description force Optional keyword that allows you to delete directories that are not empty and contain files or subdirectories. -
Page 104: Show Autoboot
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW AUTOBOOT show autoboot Overview This command displays the Autoboot configuration and status. show autoboot Syntax Mode Privileged Exec Example To show the Autoboot configuration and status, use the command: awplus# show autoboot Output Figure 2-6: Example output from the show autoboot command awplus#show autoboot... -
Page 105: Show Boot
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW BOOT show boot Overview This command displays the current boot configuration. We recommend that the currently running release is set as the current boot image. show boot Syntax Mode Privileged Exec Example To show the current boot configuration, use the command: awplus# show boot Output... - Page 106 ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW BOOT Table 1: Parameters in the output of the show boot command (cont.) Parameter Description Backup boot config The configuration file to use during the next boot cycle if the main configuration file cannot be loaded. Autoboot status The status of the Autoboot feature;...
-
Page 107: Show File
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW FILE show file Overview This command displays the contents of a specified file. show file <filename> Syntax Parameter Description <filename> Name of a file on the local Flash filesystem, or name and directory path of a file. Mode Privileged Exec To display the contents of the file oldconfig.cfg, which is in the current... -
Page 108: Show File Systems
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW FILE SYSTEMS show file systems Overview This command lists the filesystems and their utilization information where appropriate. show file systems Syntax Mode Privileged Exec Examples To display the filesystems, use the command: awplus# show file systems Output Figure 2-9: Example output from the show file systems command... - Page 109 ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW FILE SYSTEMS Table 2: Parameters in the output of the show file systems command (cont.) Parameter Description Prefixes The prefixes used when entering commands to access the filesystems; one of: flash system tftp sftp http.
-
Page 110: Show Running-Config
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW RUNNING CONFIG show running-config Overview This command displays the current configuration of your device. Its output includes all non-default configuration. The default settings are not displayed. : You can control the output by entering | or > at the end of the command: NOTE •... - Page 111 ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW RUNNING CONFIG Parameter Description Internet Protocol (IP) configuration ip pim dense-mode PIM-DM configuration ip pim sparse-mode PIM-SM configuration ip route IP static route configuration ip-reputation IP Reputation configuration IPS configuration ipsec Internet Protocol Security (IPSec) configuration ipv6 Internet Protocol version 6 (IPv6)
- Page 112 ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW RUNNING CONFIG Parameter Description switch Switch configuration web-control Web Control configuration Mode Privileged Exec and Global Configuration Example To display the current configuration of your device, use the command: awplus# show running-config Output Figure 2-10: Example output from show running-config !...
- Page 113 ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW RUNNING CONFIG Related copy running-config Commands show running-config interface 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 114: Show Running-Config Interface
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW RUNNING CONFIG INTERFACE show running-config interface Overview This command displays the current configuration of one or more interfaces on the device. show running-config interface [<interface-list>] [dot1x|ip Syntax igmp|ip multicast|ip pim dense-mode|ip pim sparse-mode|ipv6 rip|lacp|mstp|ospf|rip|rstp|stp] Parameter Description <interface-list>... - Page 115 ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW RUNNING CONFIG INTERFACE To display the current running configuration of a device for VLAN 1, use the command: awplus# show running-config interface vlan1 To display the current running configuration of a device for VLANs 1 and 3-5, use the command: awplus# show running-config interface vlan1,vlan3-vlan5...
-
Page 116: Show Startup-Config
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW STARTUP CONFIG show startup-config Overview This command displays the contents of the start-up configuration file, which is the file that the device runs on start-up. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 117: Show Version
ILE AND ONFIGURATION ANAGEMENT OMMANDS SHOW VERSION show version Overview This command displays the version number and copyright details of the current AlliedWare Plus™ OS your device is running. show version Syntax Mode User Exec and Privileged Exec Example To display the version details of your currently installed software, use the command: awplus# show version... -
Page 118: Write File
ILE AND ONFIGURATION ANAGEMENT OMMANDS WRITE FILE write file Overview This command copies the running-config into the file that is set as the current startup-config file. This command is a synonym of the write memory and copy running-config startup-config commands. write [file] Syntax Mode... -
Page 119: Write Memory
ILE AND ONFIGURATION ANAGEMENT OMMANDS WRITE MEMORY write memory Overview This command copies the running-config into the file that is set as the current startup-config file. This command is a synonym of the write file and copy running-config startup-config commands. write [memory] Syntax Mode... -
Page 120: Write Terminal
ILE AND ONFIGURATION ANAGEMENT OMMANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device. This command is a synonym of the show running-config command. write terminal Syntax Mode Privileged Exec Example To display the current configuration of your device, use the command: awplus# write terminal Related... -
Page 121: User Access
User Access Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure user access. Command List • “clear line console” on page 123 • “clear line vty” on page 124 • “enable password” on page 125 •... - Page 122 CCESS OMMANDS • “show security-password configuration” on page 150 • “show security-password user” on page 151 • “show telnet” on page 152 • “show users” on page 153 • “telnet” on page 154 • “telnet server” on page 155 • “terminal length”...
-
Page 123: Clear Line Console
CCESS OMMANDS CLEAR LINE CONSOLE clear line console Overview This command resets a console line. If a terminal session exists on the line then the terminal session is terminated. If console line settings have changed then the new settings are applied. clear line console 0 Syntax Mode... -
Page 124: Clear Line Vty
CCESS OMMANDS CLEAR LINE VTY clear line vty Overview This command resets a VTY line. If a session exists on the line then it is closed. clear line vty <0-32> Syntax Parameter Description <0-32> Line number Mode Privileged Exec Example To reset the first VTY line, use the command: awplus# clear line vty 1... -
Page 125: Enable Password
CCESS OMMANDS ENABLE PASSWORD enable password Overview To set a local password to control access to various privilege levels, use the enable password Global Configuration command. Use the enable password command to modify or create a password to be used, and use the no enable password command to remove the password. - Page 126 CCESS OMMANDS ENABLE PASSWORD Note that the enable password command is an alias for the enable secret command and one password per privilege level is allowed using these commands. Do not assign one password to a privilege level with enable password and another password to a privilege level with enable...
- Page 127 CCESS OMMANDS ENABLE PASSWORD this method. The output in the configuration file will show only the encrypted string, and not the text string. awplus# configure terminal awplus(config)# enable password 8 fU7zHzuutY2SA awplus(config)# This results in the following show output: awplus#show run Current configuration:...
-
Page 128: Enable Secret
CCESS OMMANDS ENABLE SECRET enable secret Overview To set a local password to control access to various privilege levels, use the enable secret Global Configuration command. Use the enable secret command to modify or create a password to be used, and use the no enable secret command to remove the password. - Page 129 CCESS OMMANDS ENABLE SECRET Note that the enable secret command is an alias for the enable password command and one password per privilege level is allowed using these commands. Do not assign one password to a privilege level with enable password and another password to a privilege level with enable...
- Page 130 CCESS OMMANDS ENABLE SECRET The output in the configuration file will show only the encrypted string, and not the text string: awplus# configure terminal awplus(config)# enable secret 8 fU7zHzuutY2SA awplus(config)# This results in the following show output: awplus#show run Current configuration: hostname awplus...
-
Page 131: Exec-Timeout
CCESS OMMANDS EXEC TIMEOUT exec-timeout Overview This command sets the interval your device waits for user input from either a console or VTY connection. Once the timeout interval is reached, the connection is dropped. This command sets the time limit when the console or VTY connection automatically logs off after no activity. - Page 132 CCESS OMMANDS EXEC TIMEOUT Related line Commands service telnet 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 133: Flowcontrol Hardware (Asyn/Console)
CCESS OMMANDS FLOWCONTROL HARDWARE ASYN CONSOLE flowcontrol hardware (asyn/console) Overview Use this command to enable RTS/CTS (Ready To Send/Clear To Send) hardware flow control on a terminal console line (asyn port) between the DTE (Data Terminal Equipment) and the DCE (Data Communications Equipment). flowcontrol hardware Syntax no flowcontrol hardware... - Page 134 CCESS OMMANDS FLOWCONTROL HARDWARE ASYN CONSOLE Examples To enable hardware flow control on terminal console line asyn0, use the commands: awplus# configure terminal awplus(config)# line console 0 awplus(config-line)# flowcontrol hardware To disable hardware flow control on terminal console line asyn0, use the commands: awplus# configure terminal...
-
Page 135: Length (Asyn)
CCESS OMMANDS LENGTH ASYN length (asyn) Overview Use this command to specify the number of rows of output that the device will display before pausing, for the console or VTY line that you are configuring. The no variant of this command restores the length of a line (terminal session) attached to a console port or to a VTY to its default length of 22 rows. -
Page 136: Line
CCESS OMMANDS LINE line Overview Use this command to enter line configuration mode for the specified VTYs or the console. The command prompt changes to show that the device is in Line Configuration mode. line vty <first-line> [<last-line>] Syntax Parameter Description <first-line>... - Page 137 CCESS OMMANDS LINE Related accounting login Commands clear line console clear line vty flowcontrol hardware (asyn/console) length (asyn) login authentication privilege level speed (asyn) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 138: Privilege Level
CCESS OMMANDS PRIVILEGE LEVEL privilege level Overview This command sets a privilege level for VTY or console connections. The configured privilege level from this command overrides a specific user’s initial privilege level at the console login. privilege level <1-15> Syntax Mode Line Configuration Usage... -
Page 139: Security-Password History
CCESS OMMANDS SECURITY PASSWORD HISTORY security-password history Overview This command specifies the number of previous passwords that are unable to be reused. A new password is invalid if it matches a password retained in the password history. The no variant of the command disables this feature. Syntax security-password history <0-15>... -
Page 140: Security-Password Forced-Change
CCESS OMMANDS SECURITY PASSWORD FORCED CHANGE security-password forced-change Overview This command specifies whether or not a user is forced to change an expired password at the next login. If this feature is enabled, users whose passwords have expired are forced to change to a password that must comply with the current password security rules at the next login. -
Page 141: Security-Password Lifetime
CCESS OMMANDS SECURITY PASSWORD LIFETIME security-password lifetime Overview This command enables password expiry by specifying a password lifetime in days. Note that when the password lifetime feature is disabled, it also disables the security-password forced-change command and the security-password warning command. -
Page 142: Security-Password Minimum-Categories
CCESS OMMANDS SECURITY PASSWORD MINIMUM CATEGORIES security-password minimum-categories Overview This command specifies the minimum number of categories that the password must contain in order to be considered valid. The password categories are: • uppercase letters: A to Z • lowercase letters: a to z •... -
Page 143: Security-Password Minimum-Length
CCESS OMMANDS SECURITY PASSWORD MINIMUM LENGTH security-password minimum-length Overview This command specifies the minimum allowable password length. This value is checked against when there is a password change or a user account is created. security-password minimum-length <1-23> Syntax Parameter Description <1-23>... -
Page 144: Security-Password Reject-Expired-Pwd
CCESS OMMANDS SECURITY PASSWORD REJECT EXPIRED security-password reject-expired-pwd Overview This command specifies whether or not a user is allowed to login with an expired password. Users with expired passwords are rejected at login if this functionality is enabled. Users then have to contact the Network Administrator to change their password. -
Page 145: Security-Password Warning
CCESS OMMANDS SECURITY PASSWORD WARNING security-password warning Overview This command specifies the number of days before the password expires that the user will receive a warning message specifying the remaining lifetime of the password. Note that the warning period cannot be set unless the lifetime feature is enabled with the security-password lifetime command. -
Page 146: Service Advanced-Vty
CCESS OMMANDS SERVICE ADVANCED service advanced-vty Overview This command enables the advanced-vty help feature. This allows you to use TAB completion for commands. Where multiple options are possible, the help feature displays the possible options. The no service advanced-vty command disables the advanced-vty help feature. Syntax service advanced-vty no service advanced-vty... -
Page 147: Service Password-Encryption
CCESS OMMANDS SERVICE PASSWORD ENCRYPTION service password-encryption Overview Use this command to enable password encryption. This is enabled by default. When password encryption is enabled, the device displays passwords in the running config in encrypted form instead of in plain text. Use the no service password-encryption command to stop the device from displaying newly-entered passwords in encrypted form. -
Page 148: Service Telnet
CCESS OMMANDS SERVICE TELNET service telnet Overview Use this command to enable the telnet server. The server is enabled by default. Enabling the telnet server starts the device listening for incoming telnet sessions on the configured port. The server listens on port 23, unless you have changed the port by using the privilege level command. -
Page 149: Show Privilege
CCESS OMMANDS SHOW PRIVILEGE show privilege Overview This command displays the current user privilege level, which can be any privilege level in the range <1-15>. Privilege levels <1-6> allow limited user access (all User Exec commands), privilege levels <7-14> allow restricted user access (all User Exec commands plus Privileged Exec show commands). -
Page 150: Show Security-Password Configuration
CCESS OMMANDS SHOW SECURITY PASSWORD CONFIGURATION show security-password configuration Overview This command displays the configuration settings for the various security password rules. show security-password configuration Syntax Mode Privileged Exec Example To display the current security-password rule configuration settings, use the command: awplus# show security-password configuration... -
Page 151: Show Security-Password User
CCESS OMMANDS SHOW SECURITY PASSWORD USER show security-password user Overview This command displays user account and password information for all users. show security-password user Syntax Mode Privileged Exec Example To display the system users’ remaining lifetime or last password change, use the command: awplus# show security-password user... -
Page 152: Show Telnet
CCESS OMMANDS SHOW TELNET show telnet Overview This command shows the Telnet server settings. show telnet Syntax Mode User Exec and Privileged Exec Example To show the Telnet server settings, use the command: awplus# show telnet Output Figure 3-4: Example output from the show telnet command Telnet Server Configuration... -
Page 153: Show Users
CCESS OMMANDS SHOW USERS show users Overview This command shows information about the users who are currently logged into the device. show users Syntax Mode User Exec and Privileged Exec Example To show the users currently connected to the device, use the command: awplus# show users Output... -
Page 154: Telnet
CCESS OMMANDS TELNET telnet Overview Use this command to open a telnet session to a remote device. telnet {<hostname>|[ip] <ipv4-addr>|[ipv6] <ipv6-addr>} Syntax [<port>] Parameter Description <hostname> The host name of the remote system. Keyword used to specify the IPv4 address or host name of a remote system. -
Page 155: Telnet Server
CCESS OMMANDS TELNET SERVER telnet server Overview This command enables the telnet server on the specified TCP port. If the server is already enabled then it will be restarted on the new port. Changing the port number does not affect the port used by existing sessions. telnet server {<1-65535>|default} Syntax Parameter... -
Page 156: Terminal Length
CCESS OMMANDS TERMINAL LENGTH terminal length Overview Use the terminal length command to specify the number of rows of output that the device will display before pausing, for the currently-active terminal only. Use the terminal no length command to remove the length specified by this command. -
Page 157: Terminal Resize
CCESS OMMANDS TERMINAL RESIZE terminal resize Overview Use this command to automatically adjust the number of rows of output on the console, which the device will display before pausing, to the number of rows configured on the user’s terminal. terminal resize Syntax Mode User Exec and Privileged Exec... -
Page 158: Username
CCESS OMMANDS USERNAME username Overview This command creates or modifies a user to assign a privilege level and a password. : The default username privilege level of 1 is not shown in running-config output. NOTE Any username privilege level that has been modified from the default is shown. Syntax username <name>... - Page 159 CCESS OMMANDS USERNAME Usage An intermediate CLI security level (privilege level 7 to privilege level 14) allows a CLI user access to the majority of show commands, including the platform show commands that are available at privilege level 1 to privilege level 6. Note that some show commands, such as show running-configuration and show startup-configuration, are only available at privilege level 15.
-
Page 160: Chapter 4: Gui Commands
GUI Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure the GUI. For more information, see the Getting Started with Alliedware Plus Command List • “atmf topology-gui enable” on page 161 • “gui-timeout” on page 162 •... -
Page 161: Atmf Topology-Gui Enable
GUI C OMMANDS ATMF TOPOLOGY GUI ENABLE atmf topology-gui enable Overview Use this command to enable the operation of AMF Vista Manager on the Master device. Use the no variant of this command to disable this feature. Syntax atmf topology-gui enable no atmf topology-gui enable Default By default the GUI support will not be enabled on AMF Master devices. -
Page 162: Gui-Timeout
GUI C OMMANDS TIMEOUT gui-timeout Overview Use this command to configure an idle timeout period for a GUI session. The time can be set in minutes and/or seconds. Use the no variant of this command to disable the GUI session idle timeout. Syntax gui-timeout <minutes>... - Page 163 GUI C OMMANDS TIMEOUT Related show running-config Commands 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 164: Log Event-Host
GUI C OMMANDS LOG EVENT HOST log event-host Overview Use this command to set up an external host to log AMF topology events through Vista Manager. This command is run on the Master device. Use the no variant of this command to disable log events through Vista Manager. Syntax log event-host [<ipv4-addr>|<ipv6-addr>] atmf-topology-event no log event-host [<ipv4-addr>|<ipv6-addr>] atmf-topology-event... -
Page 165: Service Http
GUI C OMMANDS SERVICE HTTP service http Overview Use this command to enable the HTTP (Hypertext Transfer Protocol) service. This service, which is enabled by default, is required to support the AlliedWare Plus™ GUI Java applet on a Java enabled browser. Use the no variant of this command to disable the HTTP feature. -
Page 166: Show Http
GUI C OMMANDS SHOW HTTP show http Overview This command shows the HTTP server settings. show http Syntax Mode User Exec and Privileged Exec Example To show the HTTP server settings, use the command: awplus# show http Output Figure 4-2: Example output from the show http command awplus#show http... -
Page 167: Monitoring Commands
System Configuration and Monitoring Commands Introduction Overview This chapter provides an alphabetical reference of commands for configuring and monitoring the system. Command List • “banner exec” on page 169 • “banner login (system)” on page 171 • “banner motd” on page 173 •... - Page 168 YSTEM ONFIGURATION AND ONITORING OMMANDS • “show memory” on page 202 • “show memory allocations” on page 204 • “show memory history” on page 206 • “show memory pools” on page 208 • “show memory shared” on page 209 • “show process”...
-
Page 169: Banner Exec
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER EXEC banner exec Overview This command configures the User Exec mode banner that is displayed on the console after you login. The banner exec default command restores the User Exec banner to the default banner. Use the no banner exec command to disable the User Exec banner and remove the default User Exec banner. - Page 170 YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER EXEC awplus#configure terminal awplus(config)#banner exec default awplus(config)#exit awplus#exit awplus login: manager Password: AlliedWare Plus (TM) 5.4.6-1 09/30/16 13:03:59 awplus> To remove the User Exec mode banner after login, enter the following commands: awplus#configure terminal...
-
Page 171: Banner Login
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER LOGIN SYSTEM banner login (system) Overview This command configures the login banner that is displayed on the console when you login. The login banner is displayed on all connected terminals. The login banner is displayed after the MOTD (Message-of-the-Day) banner and before the login username and password prompts. -
Page 172: Banner Motd
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER LOGIN SYSTEM awplus#configure terminal awplus(config)#no banner login awplus(config)#exit awplus#exit awplus login: manager Password: AlliedWare Plus (TM) 5.4.6-1 09/30/16 13:03:59 awplus> Related banner exec Commands banner motd 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™... -
Page 173: Banner Motd
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER MOTD banner motd Overview Use this command to create or edit the text MotD (Message-of-the-Day) banner displayed before login. The MotD banner is displayed on all connected terminals. The MotD banner is useful for sending messages that affect all network users, for example, any imminent system shutdowns. - Page 174 YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER MOTD awplus>enable awplus#configure terminal awplus(config)#no banner motd awplus(config)#exit awplus#exit awplus login: manager Password: AlliedWare Plus (TM) 5.4.6-1 09/30/16 13:03:59 awplus> Related banner exec Commands banner login (system) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 175: Clock Set
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SET clock set Overview This command sets the time and date for the system clock. clock set <hh:mm:ss> <day> <month> Syntax <year> Parameter Description <hh:mm:ss> Local time in 24-hour format <day> Day of the current month, from 1 to 31 <month>... -
Page 176: Clock Summer-Time Date
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME DATE clock summer-time date Overview This command defines the start and end of summertime for a specific year only, and specifies summertime’s offset value to Standard Time for that year. The no variant of this command removes the device’s summertime setting. This clears both specific summertime dates and recurring dates (set with the clock summer-time recurring... - Page 177 YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME DATE Related clock summer-time recurring Commands clock timezone 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 178: Clock Summer-Time Recurring
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME RECURRING clock summer-time recurring Overview This command defines the start and end of summertime for every year, and specifies summertime’s offset value to Standard Time. The no variant of this command removes the device’s summertime setting. This clears both specific summertime dates (set with the clock summer-time date command) and recurring dates. - Page 179 YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME RECURRING Mode Global Configuration Examples To set a summertime definition for New Zealand using NZST (UTC+12:00) as the standard time, and NZDT (UTC+13:00) as summertime, with summertime set to start on the last Sunday in September, and end on the 1st Sunday in April, use the command: awplus(config)# clock summer-time NZDT recurring 5 sun sep 2:00...
-
Page 180: No Clock Timezone
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK TIMEZONE clock timezone Overview This command defines the device’s clock timezone. The timezone is set as a offset to the UTC. The no variant of this command resets the system time to UTC. By default, the system time is set to UTC. clock timezone <timezone-name>... -
Page 181: Ecofriendly Led
YSTEM ONFIGURATION AND ONITORING OMMANDS ECOFRIENDLY LED ecofriendly led Overview Use this command to enable the eco-friendly LED (Light Emitting Diode) feature, which turns off power to the port LEDs, including the stack port status LEDs. Power to the system status and stack management LEDs is not disabled. Use the no variant of this command to disable the eco-friendly LED feature. -
Page 182: Findme
YSTEM ONFIGURATION AND ONITORING OMMANDS FINDME findme Overview Use this command to physically locate a specific device from a group of similar devices. Activating the command causes a selected number of port LEDs to alternately flash green then amber (if that device has amber LEDs) at a rate of 1 Hz. Use the no variant of this command to deactivate the Find Me feature prior to the timeout expiring. - Page 183 YSTEM ONFIGURATION AND ONITORING OMMANDS FINDME To activate the Find Me feature for the default duration (60 seconds) on switch port interfaces port1.0.2 through port1.0.4, use the following command: awplus# findme interface port1.0.2-1.0.4 In the example above, ports 2 to 4 will flash 4 times and then all ports will flash twice.
-
Page 184: Findme Trigger
YSTEM ONFIGURATION AND ONITORING OMMANDS FINDME TRIGGER findme trigger Overview When this command is enabled, the LED flashing functionality of the find-me command is applied whenever any or all of the selected parameter conditions is detected. Use the no variant to remove the findme trigger function for the selected parameter. -
Page 185: Hostname
YSTEM ONFIGURATION AND ONITORING OMMANDS HOSTNAME hostname Overview This command sets the name applied to the device as shown at the prompt. The hostname is: • displayed in the output of the show system command • displayed in the CLI prompt so you know which device you are configuring •... - Page 186 YSTEM ONFIGURATION AND ONITORING OMMANDS HOSTNAME To set the system name to HQ-Sales, use the command: Example awplus# configure terminal awplus(config)# hostname HQ-Sales This changes the prompt to: HQ-Sales(config)# To revert to the default hostname awplus, use the command: HQ-Sales(config)# no hostname This changes the prompt to: awplus(config)#...
-
Page 187: No Debug All
YSTEM ONFIGURATION AND ONITORING OMMANDS NO DEBUG ALL no debug all Overview This command disables the debugging facility for all features on your device. This stops the device from generating any diagnostic debugging messages. The debugging facility is disabled by default. Syntax no debug all [ipv6|dot1x|nsm] Parameter... -
Page 188: Reboot
YSTEM ONFIGURATION AND ONITORING OMMANDS REBOOT reboot Overview This command halts the device and performs a cold restart (also known as reload). It displays a confirmation request before restarting. You can reboot a stand-alone device, a stack, or a specified stack member. Syntax reboot <stack-ID>... -
Page 189: Reload
YSTEM ONFIGURATION AND ONITORING OMMANDS RELOAD reload Overview This command performs the same function as the reboot command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 190: Show Clock
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CLOCK show clock Overview This command displays the system’s current configured local time and date. It also displays other clock related information such as timezone and summertime configuration. show clock Syntax Mode User Exec and Privileged Exec Example To display the system’s current local time, use the command: awplus#... - Page 191 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CLOCK Related clock set Commands clock summer-time date clock summer-time recurring clock timezone 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 192: Show Cpu
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU show cpu Overview This command displays a list of running processes with their CPU utilization. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 193 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU Output Figure 5-2: Example output from show cpu Stack member 2: CPU averages: 1 second: 12%, 20 seconds: 2%, 60 seconds: 2% System load averages: 1 minute: 0.03, 5 minutes: 0.02, 15 minutes: 0.00 Current CPU load:...
- Page 194 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU Table 2: Parameters in the output of the show cpu command (cont.) Parameter Description state Process state; one of “run”, “sleep”, “zombie”, and “dead”. sleep% Percentage of time that the process is in the sleep state. runtime The time that the process has been running for, measured in jiffies.
-
Page 195: Show Cpu History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU HISTORY show cpu history Overview This command prints a graph showing the historical CPU utilization. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 196 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU HISTORY Output Figure 5-3: Example output from the show cpu history command Per second CPU load history 100 90 80 70 60 50 40 30 * 10 ******************************************* **************** |..|..|..|..|..|..|..|..|..|..|..|.. Oldest Newest CPU load% per second (last 60 seconds)...
- Page 197 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU HISTORY Related show memory Commands show memory allocations show memory pools show process 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 198: Show Debugging
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW DEBUGGING show debugging Overview This command displays information for all debugging options. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show debugging Default This command runs all the show debugging commands in alphabetical order. -
Page 199: Show Ecofriendly
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW ECOFRIENDLY show ecofriendly Overview This command displays the switch’s eco-friendly configuration status. The ecofriendly led configuration status are shown in the show ecofriendly output. show ecofriendly Syntax Mode Privileged Exec and Global Configuration Example To display the switch’s eco-friendly configuration status, use the following command: awplus#... -
Page 200: Show Interface Memory
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW INTERFACE MEMORY show interface memory Overview This command displays the shared memory used by either all interfaces, or the specified interface or interfaces. The output is useful for diagnostic purposes by Allied Telesis authorized service personnel. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 201 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW INTERFACE MEMORY Output Figure 5-6: Example output from the show interface memory command awplus#show interface memory Vlan blocking state shared memory usage --------------------------------------------- Interface shmid Bytes Used nattch Status port1.0.1 393228 1 port1.0.2 458766 1...
-
Page 202: Show Memory
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY show memory Overview This command displays the memory used by each process that is currently running For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 203 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY Table 4: Parameters in the output of the show memory command Parameter Description Stack member Stack member number. RAM total Total amount of RAM memory free. free Available memory size. buffers Memory allocated kernel buffers. Identifier number for the process.
-
Page 204: Show Memory Allocations
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY ALLOCATIONS show memory allocations Overview This command displays the memory allocations used by processes. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 205: Show Memory History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY ALLOCATIONS Related show memory Commands show memory history show memory pools show memory shared show tech-support 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 206: Show Memory History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY HISTORY show memory history Overview This command prints a graph showing the historical memory usage. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 207 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY HISTORY Output Figure 5-10: Example output from the show memory history command STACK member 1: Per minute memory utilization history 100 90 80 70 60 50 40************************************************************* 30 20 10 |..|..|..|..|..|..|..|..|..|..|..|.. Oldest Newest...
-
Page 208: Show Memory Pools
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY POOLS show memory pools Overview This command shows the memory pools used by processes. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 209: Show Memory Shared
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY SHARED show memory shared Overview This command displays shared memory allocation information. The output is useful for diagnostic purposes by Allied Telesis authorized service personnel. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 210: Show Process
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW PROCESS show process Overview This command lists a summary of the current running processes. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show process [<stack-ID>] [sort {cpu|mem}] Parameter... - Page 211 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW PROCESS Output Figure 5-13: Example output from the show process command Stack member 2: CPU averages: 1 second: 8%, 20 seconds: 5%, 60 seconds: 5% System load averages: 1 minute: 0.04, 5 minutes: 0.08, 15 minutes: 0.12 Current CPU load:...
- Page 212 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW PROCESS Table 5: Parameters in the output from the show process command (cont.) Parameter Description Process priority. state Process state; one of “run”, “sleep”, “stop”, “zombie”, or “dead”. sleep% Percentage of time the process is in the sleep state. Related show cpu Commands...
-
Page 213: Show Reboot History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW REBOOT HISTORY show reboot history Overview Use this command to display the device’s reboot history. show reboot history [<stack-ID>] Syntax Parameter Description <stack-ID> Stack member number, from 1 to 8. Mode User Exec and Privileged Exec Example To show the reboot history of stack member 2, use the command: awplus#... -
Page 214: Show Router-Id
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW ROUTER show router-id Overview Use this command to show the Router ID of the current system. show router-id Syntax Mode User Exec and Privileged Exec Example To display the Router ID of the current system, use the command: awplus# show router-id Output... -
Page 215: Show System
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM show system Overview This command displays general system information about the device, including the hardware, installed, memory, and software versions loaded. It also displays location and contact details when these have been set. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 216: Show System Environment
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM ENVIRONMENT show system environment Overview This command displays the current environmental status of your device and any attached PSU, XEM, or other expansion option. The environmental status covers information about temperatures, fans, and voltage. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 217: Show System Interrupts
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM INTERRUPTS show system interrupts Overview Use this command to display the number of interrupts for each IRQ (Interrupt Request) used to interrupt input lines on a PIC (Programmable Interrupt Controller) on your device. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 218: Show System Mac
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM MAC show system mac Overview This command displays the physical MAC address available on a standalone switch, or a stack. This command also shows the virtual MAC address for a stack if the stack virtual MAC address feature is enabled with the stack virtual-mac or the stack enable... -
Page 219: Show System Serialnumber
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM SERIALNUMBER show system serialnumber Overview This command shows the serial number information for the device. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 220: Show Tech-Support
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW TECH SUPPORT show tech-support Overview This command generates system and debugging information for the device and saves it to a file. You can optionally limit the command output to display only information for a given protocol or feature. - Page 221 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW TECH SUPPORT Parameter Description ripng Display RIPNG specific information stack Display stacking device information Display STP specific information system Display general system information tacacs+ Display TACACS+ information update Display resource update specific information Output modifier >...
-
Page 222: Speed (Asyn)
YSTEM ONFIGURATION AND ONITORING OMMANDS SPEED ASYN speed (asyn) Overview This command changes the console speed from the device. Note that a change in console speed is applied for subsequent console sessions. Exit the current session to enable the console speed change using the clear line console command. - Page 223 YSTEM ONFIGURATION AND ONITORING OMMANDS SPEED ASYN Related clear line console Commands line show running-config show startup-config speed 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 224: Terminal Monitor
YSTEM ONFIGURATION AND ONITORING OMMANDS TERMINAL MONITOR terminal monitor Overview Use this command to display debugging output on a terminal. To display the cursor after a line of debugging output, press the Enter key. Use the command terminal no monitor to stop displaying debugging output on the terminal, or use the timeout option to stop displaying debugging output on the terminal after a set time. -
Page 225: Undebug All
YSTEM ONFIGURATION AND ONITORING OMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of the no debug all command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 226: Chapter 6: Pluggables And Cabling Commands
Pluggables and Cabling Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure and monitor Pluggables and Cabling, including: • Optical Digital Diagnostic Monitoring (DDM) to help find fiber issues when links go down For more information, see the Pluggables and Cabling Feature Overview and Configuration Guide. -
Page 227: Clear Test Cable-Diagnostics Tdr
LUGGABLES AND ABLING OMMANDS CLEAR TEST CABLE DIAGNOSTICS TDR clear test cable-diagnostics tdr Overview Use this command to clear the results of the last cable test that was run. clear test cable-diagnostics tdr Syntax Mode Privileged Exec Examples To clear the results of a previous cable-diagnostics test use the following commands: awplus# clear test cable-diagnostics tdr... -
Page 228: Show System Pluggable
LUGGABLES AND ABLING OMMANDS SHOW SYSTEM PLUGGABLE show system pluggable Overview This command displays brief pluggable transceiver information showing the pluggable type, the pluggable serial number, and the pluggable port on the device. Different types of pluggable transceivers are supported in different models of device. - Page 229 LUGGABLES AND ABLING OMMANDS SHOW SYSTEM PLUGGABLE Table 1: Parameters in the output from the show system pluggable command Parameter Description Device Name Specifies the device name for the installed pluggable transceiver. Device Type Specifies the device type for the installed pluggable transceiver.
-
Page 230: Show System Pluggable Detail
LUGGABLES AND ABLING OMMANDS SHOW SYSTEM PLUGGABLE DETAIL show system pluggable detail Overview This command displays detailed pluggable transceiver information showing the pluggable type, the pluggable serial number, and the pluggable port on the device. Different types of pluggable transceivers are supported in different models of device. - Page 231 LUGGABLES AND ABLING OMMANDS SHOW SYSTEM PLUGGABLE DETAIL • Power Monitoring: Displays the received power measurement type, which can be either OMA(Optical Module Amplitude) or Avg(Average Power) measured in μW. : For parameters that are not supported or not specified, a hyphen is displayed NOTE instead.
- Page 232 LUGGABLES AND ABLING OMMANDS SHOW SYSTEM PLUGGABLE DETAIL Table 2: Parameters in the output from the show system pluggable detail command: (cont.) Parameter Description Device Revision Specifies the hardware revision code for the pluggable transceiver. This may be useful for troubleshooting because different devices may support different pluggable transceiver revisions.
-
Page 233: Show System Pluggable Diagnostics
LUGGABLES AND ABLING OMMANDS SHOW SYSTEM PLUGGABLE DIAGNOSTICS show system pluggable diagnostics Overview Different types of pluggable transceivers are supported in different models of device. See your device’s Datasheet for more information about the models of pluggables that your device supports. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 234 LUGGABLES AND ABLING OMMANDS SHOW SYSTEM PLUGGABLE DIAGNOSTICS Table 3: Parameters in the output from the show system pluggables diagnostics command Parameter Description Temp (Degrees C) Shows the temperature inside the transceiver. Vcc (Volts) Shows voltage supplied to the transceiver. Tx Bias (mA) Shows current to the Laser Diode in the transceiver.
-
Page 235: Show Test Cable-Diagnostics Tdr
LUGGABLES AND ABLING OMMANDS SHOW TEST CABLE DIAGNOSTICS TDR show test cable-diagnostics tdr Overview Use this command to display the results of the last cable-diagnostics test that was run using the TDR (Time Domain Reflectometer) on a fixed copper cable port. The displayed status of the cable can be either: •... -
Page 236: Test Cable-Diagnostics Tdr Interface
LUGGABLES AND ABLING OMMANDS TEST CABLE DIAGNOSTICS TDR INTERFACE test cable-diagnostics tdr interface Overview Use this command to apply the Cable Fault Locator’s cable-diagnostics tests to twisted pair data cables for a selected port. The tests will detect either correct, short circuit, or open, circuit terminations. -
Page 237: Logging Commands
Logging Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure logging. Command List • “clear exception log” on page 239 • “clear log” on page 240 • “clear log buffered” on page 241 • “clear log permanent”... - Page 238 OGGING OMMANDS • “log email time” on page 271 • “log facility” on page 273 • “log host” on page 275 • “log host (filter)” on page 277 • “log host exclude” on page 280 • “log host source” on page 283 •...
-
Page 239: Clear Exception Log
OGGING OMMANDS CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log, but does not remove the associated core files. : When this command is used within a stacked environment, it will remove the NOTE contents of the exception logs in all stack members. -
Page 240: Clear Log
OGGING OMMANDS CLEAR LOG clear log Overview This command removes the contents of the buffered and permanent logs. : When this command is used within a stacked environment, it will remove the NOTE contents of the buffered and permanent logs in all stack members. Syntax clear log Mode... -
Page 241: Clear Log Buffered
OGGING OMMANDS CLEAR LOG BUFFERED clear log buffered Overview This command removes the contents of the buffered log. : When this command is used within a stacked environment, it will remove the NOTE contents of the buffered logs in all stack members. Syntax clear log buffered Mode... -
Page 242: Clear Log Permanent
OGGING OMMANDS CLEAR LOG PERMANENT clear log permanent Overview This command removes the contents of the permanent log. : When this command is used within a stacked environment, it will remove the NOTE contents of the permanent logs in all stack members. Syntax clear log permanent Mode... -
Page 243: Default Log Buffered
OGGING OMMANDS DEFAULT LOG BUFFERED default log buffered Overview This command restores the default settings for the buffered log stored in RAM. By default the size of the buffered log is 50 kB and it accepts messages with the severity level of “warnings” and above. default log buffered Syntax Default... -
Page 244: Default Log Console
OGGING OMMANDS DEFAULT LOG CONSOLE default log console Overview This command restores the default settings for log messages sent to the terminal when a log console command is issued. By default all messages are sent to the console when a log console command is issued. default log console Syntax Mode... -
Page 245: Default Log Email
OGGING OMMANDS DEFAULT LOG EMAIL default log email Overview This command restores the default settings for log messages sent to an email address. By default no filters are defined for email addresses. Filters must be defined before messages will be sent. This command also restores the remote syslog server time offset value to local (no offset). -
Page 246: Default Log Host
OGGING OMMANDS DEFAULT LOG HOST default log host Overview This command restores the default settings for log sent to a remote syslog server. By default no filters are defined for remote syslog servers. Filters must be defined before messages will be sent. This command also restores the remote syslog server time offset value to local (no offset). -
Page 247: Default Log Monitor
OGGING OMMANDS DEFAULT LOG MONITOR default log monitor Overview This command restores the default settings for log messages sent to the terminal when a terminal monitor command is used. default log monitor Syntax Default All messages are sent to the terminal when a terminal monitor command is used. -
Page 248: Default Log Permanent
OGGING OMMANDS DEFAULT LOG PERMANENT default log permanent Overview This command restores the default settings for the permanent log stored in NVS. By default, the size of the permanent log is 50 kB and it accepts messages with the severity level of warnings and above. default log permanent Syntax Default... -
Page 249: Log Buffered
OGGING OMMANDS LOG BUFFERED log buffered Overview This command configures the device to store log messages in RAM. Messages stored in RAM are not retained on the device over a restart. Once the buffered log reaches its configured maximum allowable size old messages will be deleted to make way for new ones. -
Page 250: Log Buffered (Filter)
OGGING OMMANDS LOG BUFFERED FILTER log buffered (filter) Overview Use this command to create a filter to select messages to be sent to the buffered log. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these. - Page 251 OGGING OMMANDS LOG BUFFERED FILTER Parameter Description imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Filter messages to the buffered log by syslog facility. <facility>...
- Page 252 OGGING OMMANDS LOG BUFFERED FILTER To add a filter to send all messages containing the text “Bridging initialization” to the buffered log, use the following commands: awplus# configure terminal awplus(config)# log buffered msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the buffered log, use the following commands: awplus# configure terminal...
-
Page 253: Log Buffered Exclude
OGGING OMMANDS LOG BUFFERED EXCLUDE log buffered exclude Overview Use this command to exclude specified log messages from the buffered log. You can exclude messages on the basis of: • the priority/severity of the message • the program that generated the message •... - Page 254 OGGING OMMANDS LOG BUFFERED EXCLUDE Parameter Description Integrated Management Interface (IMI) imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Exclude messages from a syslog facility. <facility>...
-
Page 255: Log Buffered Size
OGGING OMMANDS LOG BUFFERED EXCLUDE log buffered log buffered (filter) log buffered size show log show log config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 256: Log Buffered Size
OGGING OMMANDS LOG BUFFERED SIZE log buffered size Overview This command configures the amount of memory that the buffered log is permitted to use. Once this memory allocation has been filled old messages will be deleted to make room for new messages. log buffered size <50-250>... -
Page 257: Log Console
OGGING OMMANDS LOG CONSOLE log console Overview This command configures the device to send log messages to consoles. The console log is configured by default to send messages to the device’s main console port. Use the no variant of this command to configure the device not to send log messages to consoles. -
Page 258: Log Console (Filter)
OGGING OMMANDS LOG CONSOLE FILTER log console (filter) Overview This command creates a filter to select messages to be sent to all consoles when the log console command is given. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these. - Page 259 OGGING OMMANDS LOG CONSOLE FILTER Parameter Description loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Filter messages by syslog facility. <facility> Specify one of the following syslog facilities to include messages from: kern Kernel messages user Random user-level messages mail Mail system...
- Page 260 OGGING OMMANDS LOG CONSOLE FILTER To remove a default filter that includes sending critical, alert and emergency level messages to the console, use the following commands: awplus# configure terminal awplus(config)# no log console level critical Related default log console Commands log console log console exclude show log config...
-
Page 261: Log Console Exclude
OGGING OMMANDS LOG CONSOLE EXCLUDE log console exclude Overview Use this command to prevent specified log messages from being sent to the console, when console logging is turned on. You can exclude messages on the basis of: • the priority/severity of the message •... - Page 262 OGGING OMMANDS LOG CONSOLE EXCLUDE Parameter Description mstp Multiple Spanning Tree Protocol (MSTP) Integrated Management Interface (IMI) imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Exclude messages from a syslog facility.
- Page 263 OGGING OMMANDS LOG CONSOLE EXCLUDE log console log console (filter) show log config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 264: Log Email
OGGING OMMANDS LOG EMAIL log email Overview This command configures the device to send log messages to an email address. The email address is specified in this command. log email <email-address> Syntax Parameter Description <email-address> The email address to send log messages to Default By default no filters are defined for email log targets. -
Page 265: Log Email (Filter)
OGGING OMMANDS LOG EMAIL FILTER log email (filter) Overview This command creates a filter to select messages to be sent to an email address. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these. - Page 266 OGGING OMMANDS LOG EMAIL FILTER Parameter Description Integrated Management Interface (IMI) imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Filter messages by syslog facility. <facility>...
- Page 267 OGGING OMMANDS LOG EMAIL FILTER To create a filter to send all messages containing the text “Bridging initialization”, to the email address admin@homebase.com, use the following commands: awplus# configure terminal awplus(config)# log email admin@homebase.com msgtext "Bridging initialization" To create a filter to send messages with a severity level of informational and above to the email address admin@alliedtelesis.com, use the following commands: awplus#...
-
Page 268: Log Email Exclude
OGGING OMMANDS LOG EMAIL EXCLUDE log email exclude Overview Use this command to prevent specified log messages from being emailed, when the device is configured to send log messages to an email address. You can exclude messages on the basis of: •... - Page 269 OGGING OMMANDS LOG EMAIL EXCLUDE Parameter Description mstp Multiple Spanning Tree Protocol (MSTP) Integrated Management Interface (IMI) imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Exclude messages from a syslog facility.
-
Page 270: Log Email Time
OGGING OMMANDS LOG EMAIL EXCLUDE Related default log email Commands log email log email (filter) log email time show log config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 271: Log Email Time
OGGING OMMANDS LOG EMAIL TIME log email time Overview This command configures the time used in messages sent to an email address. If the syslog server is in a different time zone to your device then the time offset can be configured using either the utc-offset parameter option keyword or the local-offset parameter option keyword, where utc-offset is the time difference from UTC (Universal Time, Coordinated) and local-offset is the difference from... - Page 272 OGGING OMMANDS LOG EMAIL TIME To send messages to the email address test@home.com in the same time zone Examples as the device’s local time zone, use the following commands: awplus# configure terminal awplus(config)# log email admin@base.com time local 0 To send messages to the email address admin@base.com with the time information converted to the time zone of the email recipient, which is 3 hours ahead of the device’s local time zone, use the following commands: awplus#...
-
Page 273: Log Facility
OGGING OMMANDS LOG FACILITY log facility Overview Use this command to specify an outgoing syslog facility. This determines where the syslog server will store the log messages. Use the no variant of this command to remove the facility. Syntax log facility {kern|user|mail|daemon|auth|syslog|lpr|news|uucp|cron|authpriv |ftp|local0|local1|local2|local3|local4|local5|local6|local7} no log facility... - Page 274 OGGING OMMANDS LOG FACILITY Example To specify a facility of local0, use the following commands: awplus# configure terminal awplus(config)# log facility local0 Related show log config Commands 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 275: Log Host
OGGING OMMANDS LOG HOST log host Overview This command configures the device to send log messages to a remote syslog server via UDP port 514. The IP address of the remote server must be specified. By default no filters are defined for remote syslog servers. Filters must be defined before messages will be sent. - Page 276 OGGING OMMANDS LOG HOST log host time log trustpoint show log config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 277: Log Host (Filter)
OGGING OMMANDS LOG HOST FILTER log host (filter) Overview This command creates a filter to select messages to be sent to a remote syslog server. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a substring within the message or a combination of some or all of these. - Page 278 OGGING OMMANDS LOG HOST FILTER Parameter Description imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Filter messages by syslog facility. <facility> Specify one of the following syslog facilities to include messages from: kern Kernel messages...
- Page 279 OGGING OMMANDS LOG HOST FILTER To create a filter to send messages with a severity level of informational and above to the syslog server with IP address 10.32.16.21, use the following commands: awplus# configure terminal awplus(config)# log host 10.32.16.21 level informational To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to a remote syslog server with IP address 10.32.16.21, use the following commands:...
-
Page 280: Log Host Exclude
OGGING OMMANDS LOG HOST EXCLUDE log host exclude Overview Use this command to prevent specified log messages from being sent to the remote syslog server, when log host is enabled. You can exclude messages on the basis of: • the priority/severity of the message •... - Page 281 OGGING OMMANDS LOG HOST EXCLUDE Parameter Description mstp Multiple Spanning Tree Protocol (MSTP) Integrated Management Interface (IMI) imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Exclude messages from a syslog facility.
- Page 282 OGGING OMMANDS LOG HOST EXCLUDE log host log host (filter) log host source log host time show log config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 283: Log Host Source
OGGING OMMANDS LOG HOST SOURCE log host source Overview Use this command to specify a source interface or IP address for the device to send syslog messages from. You can specify any one of an interface name, an IPv4 address or an IPv6 address. This is useful if the device can reach the syslog server via multiple interfaces or addresses and you want to control which interface/address the device uses. -
Page 284: Log Host Time
OGGING OMMANDS LOG HOST TIME log host time Overview This command configures the time used in messages sent to a remote syslog server. If the syslog server is in a different time zone to your device then the time offset can be configured using either the utc-offset parameter option keyword or the local-offset parameter option keyword, where utc-offset is the time difference from UTC (Universal Time, Coordinated) and local-offset is the difference from local time. - Page 285 OGGING OMMANDS LOG HOST TIME To send messages to the remote syslog server with the IP address 10.32.16.12 with the time information converted to the time zone of the remote syslog server, which is 3 hours ahead of the device’s local time zone, use the following commands: awplus# configure terminal...
-
Page 286: Log Monitor (Filter)
OGGING OMMANDS LOG MONITOR FILTER log monitor (filter) Overview This command creates a filter to select messages to be sent to the terminal when terminal monitor command is given. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these. - Page 287 OGGING OMMANDS LOG MONITOR FILTER Parameter Description rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Filter messages by syslog facility. <facility> Specify one of the following syslog facilities to include messages from: kern Kernel messages user Random user-level messages...
- Page 288 OGGING OMMANDS LOG MONITOR FILTER To remove a default filter that includes sending everything to the terminal, use the following commands: awplus# configure terminal awplus(config)# no log monitor level debugging Related default log monitor Commands log monitor exclude show log config terminal monitor 613-50137-01 Rev A Command Reference for FS980M Series...
-
Page 289: Log Monitor Exclude
OGGING OMMANDS LOG MONITOR EXCLUDE log monitor exclude Overview Use this command to prevent specified log messages from being displayed on a terminal, when terminal monitor is enabled. You can exclude messages on the basis of: • the priority/severity of the message •... - Page 290 OGGING OMMANDS LOG MONITOR EXCLUDE Parameter Description mstp Multiple Spanning Tree Protocol (MSTP) Integrated Management Interface (IMI) imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Exclude messages from a syslog facility.
- Page 291 OGGING OMMANDS LOG MONITOR EXCLUDE log monitor (filter) show log config terminal monitor 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 292: Log Permanent
OGGING OMMANDS LOG PERMANENT log permanent Overview This command configures the device to send permanent log messages to non-volatile storage (NVS) on the device. The content of the permanent log is retained over a reboot. Once the permanent log reaches its configured maximum allowable size old messages will be deleted to make way for new messages. -
Page 293: Log Permanent (Filter)
OGGING OMMANDS LOG PERMANENT FILTER log permanent (filter) Overview This command creates a filter to select messages to be sent to the permanent log. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these. - Page 294 OGGING OMMANDS LOG PERMANENT FILTER Parameter Description epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Filter messages by syslog facility. <facility> Specify one of the following syslog facilities to include messages from: kern Kernel messages user...
- Page 295 OGGING OMMANDS LOG PERMANENT FILTER Related clear log permanent Commands default log permanent log permanent log permanent exclude log permanent size show log config show log permanent 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 296: Log Permanent Exclude
OGGING OMMANDS LOG PERMANENT EXCLUDE log permanent exclude Overview Use this command to prevent specified log messages from being sent to the permanent log. You can exclude messages on the basis of: • the priority/severity of the message • the program that generated the message •... - Page 297 OGGING OMMANDS LOG PERMANENT EXCLUDE Parameter Description Integrated Management Interface (IMI) imish Integrated Management Interface Shell (IMISH) epsr Ethernet Protection Switched Rings (EPSR) rmon Remote Monitoring loopprot Loop Protection Power-inline (Power over Ethernet) dhcpsn DHCP snooping (DHCPSN) facility Exclude messages from a syslog facility. <facility>...
- Page 298 OGGING OMMANDS LOG PERMANENT EXCLUDE log permanent log permanent (filter) log permanent size show log config show log permanent 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 299: Log Permanent Size
OGGING OMMANDS LOG PERMANENT SIZE log permanent size Overview This command configures the amount of memory that the permanent log is permitted to use. Once this memory allocation has been filled old messages will be deleted to make room for new messages. log permanent size <50-250>... -
Page 300: Log-Rate-Limit Nsm
OGGING OMMANDS RATE LIMIT NSM log-rate-limit nsm Overview This command limits the number of log messages generated by the device for a given interval. Use the no variant of this command to revert to the default number of log messages generated by the device of up to 200 log messages per second. Syntax log-rate-limit nsm messages <message-limit>... - Page 301 OGGING OMMANDS RATE LIMIT NSM To return the device the default setting, to generate up to 200 log messages per second, use the following commands: awplus# configure terminal awplus(config)# no log-rate-limit nsm 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 302: Log Trustpoint
OGGING OMMANDS LOG TRUSTPOINT log trustpoint Overview This command adds one or more trustpoints to be used with the syslog application. Multiple trustpoints may be specified, or the command may be executed multiple times, to add multiple trustpoints to the application. The no version of this command removes one or more trustpoints from the list of trustpoints associated with the application. -
Page 303: Show Counter Log
OGGING OMMANDS SHOW COUNTER LOG show counter log Overview This command displays log counter information. show counter log Syntax Mode User Exec and Privileged Exec Example To display the log counter information, use the command: awplus# show counter log Output Figure 7-1: Example output from the show counter log command Log counters... -
Page 304: Show Exception Log
OGGING OMMANDS SHOW EXCEPTION LOG show exception log Overview This command displays the contents of the exception log. show exception log Syntax Mode User Exec and Privileged Exec Example To display the exception log, use the command: awplus# show exception log 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™... -
Page 305: Show Log
OGGING OMMANDS SHOW LOG show log Overview This command displays the contents of the buffered log. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show log [tail [<10-250>]] Parameter Description tail... - Page 306 OGGING OMMANDS SHOW LOG Output Figure 7-2: Example output from the show log command awplus#show log <date> <time> <facility>.<severity> <program[<pid>]>: <message> ------------------------------------------------------------------------- 2016 Oct 19 02:11:28 daemon.warning awplus-1 rpc.mountd[1102]: /flash and /nvs have same filehandle for 192.168.255.0/27, using first 2016 Oct 19 02:11:28 local6.crit awplus-1 Pluggable[404]: Pluggable AT-StackXS/1.0 inserted into port1.0.27...
-
Page 307: Show Log Config
OGGING OMMANDS SHOW LOG CONFIG show log config Overview This command displays information about the logging system. This includes the configuration of the various log destinations, buffered, permanent, syslog servers (hosts) and email addresses. This also displays the latest status information for each of these destinations. - Page 308 OGGING OMMANDS SHOW LOG CONFIG Host 10.32.16.21: Time offset ..+2:00 Offset type ..UTC Source ..- Secured ..enabled Filters: 1 Level ..critical Program ..any Facility ..any Message text . any Statistics ..1327 messages received, 1 accepted by filter (2016 Oct 11 10:36:16) Email admin@alliedtelesis.com:...
-
Page 309: Show Log Permanent
OGGING OMMANDS SHOW LOG PERMANENT show log permanent Overview This command displays the contents of the permanent log. show log permanent [tail [<10-250>]] Syntax show log permanent [<stack-ID>] [tail [<10-250>]] Parameter Description <stack-ID> Stack member number, from 1 to 8. tail Display only the latest log entries. - Page 310 OGGING OMMANDS SHOW LOG PERMANENT log permanent (filter) log permanent exclude log permanent size show log config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 311: Show Running-Config Log
OGGING OMMANDS SHOW RUNNING CONFIG LOG show running-config log Overview This command displays the current running configuration of the Log utility. show running-config log Syntax Mode Privileged Exec and Global Configuration Example To display the current configuration of the log utility, use the command: awplus# show running-config log Related... -
Page 312: Chapter 8: Scripting Commands
Scripting Commands Introduction Overview This chapter provides commands used for command scripts. Command List • “activate” on page 313 • “echo” on page 314 • “wait” on page 315 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 313: Activate
CRIPTING OMMANDS ACTIVATE activate Overview This command activates a script file. activate [background] <script> Syntax Parameter Description background Activate a script to run in the background. A process that is running in the background will operate as a separate task, and will not interrupt foreground processing. -
Page 314: Echo
CRIPTING OMMANDS ECHO echo Overview This command echoes a string to the terminal, followed by a blank line. echo <line> Syntax Parameter Description <line> The string to echo Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts, to make the script print user-visible comments. -
Page 315: Wait
CRIPTING OMMANDS WAIT wait Overview This command pauses execution of the active script for the specified period of time. wait <delay> Syntax Parameter Description <delay> <1-65335> Specify the time delay in seconds Default No wait delay is specified by default to pause script execution. Mode Privileged Exec (when executed from a script not directly from the command line) Usage... -
Page 316: Interface Commands
Interface Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure and display interfaces. Command List • “description (interface)” on page 317 • “interface (to configure)” on page 318 • “mtu” on page 320 • “show interface”... -
Page 317: Description (Interface)
NTERFACE OMMANDS DESCRIPTION INTERFACE description (interface) Overview Use this command to add a description to a specific port or interface. description <description> Syntax Parameter Description <description> Text describing the specific interface. Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to. -
Page 318: Interface (To Configure)
NTERFACE OMMANDS INTERFACE TO CONFIGURE interface (to configure) Overview Use this command to select one or more interfaces to configure. interface <interface-list> Syntax interface lo Parameter Description <interface-list> The interfaces or ports to configure. An interface-list can be: • an interface such as a VLAN (e.g. vlan2), a switch port (e.g. port1.0.6), a static channel group (e.g. - Page 319 NTERFACE OMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface. awplus# configure terminal awplus(config)# interface lo awplus(config-if)# Related ip address (IP Addressing and Protocol) Commands show interface show interface brief 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
- Page 320 NTERFACE OMMANDS Overview Use this command to set the Maximum Transmission Unit (MTU) size for VLANs, where MTU is the maximum packet size that VLANs can transmit. The MTU size setting is applied to both IPv4 and IPv6 packet transmission. Use the no variant of this command to remove a previously specified Maximum Transmission Unit (MTU) size for VLANs, and restore the default MTU size (1500 bytes) for VLANs.
- Page 321 NTERFACE OMMANDS Related show interface Commands 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 322: Show Interface
NTERFACE OMMANDS SHOW INTERFACE show interface Overview Use this command to display interface configuration and status. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show interface [<interface-list>] show interface lo Parameter Description... - Page 323 NTERFACE OMMANDS SHOW INTERFACE Figure 9-1: Example output from the show interface command awplus#show interface Interface port1.0.1 Scope: both Link is DOWN, administrative state is UP Thrash-limiting Status Not Detected, Action learn-disable, Timeout 1(s) Hardware is Ethernet, address is eccd.6dff.d67d index 5001 metric 1 mru 1500...
- Page 324 NTERFACE OMMANDS SHOW INTERFACE Figure 9-3: Example output from the show interface vlan1,vlan2 command awplus#show interface vlan1,vlan2 Interface vlan1 Scope: both Link is UP, administrative state is UP Hardware is VLAN, address is 0015.77e9.5c50 IPv4 address 192.168.1.1/24 broadcast 192.168.1.255 index 201 metric 1 mtu 1500...
-
Page 325: Show Interface Brief
NTERFACE OMMANDS SHOW INTERFACE BRIEF show interface brief Overview Use this command to display brief interface, configuration, and status information, including provisioning information. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 326 NTERFACE OMMANDS SHOW INTERFACE MEMORY show interface memory Overview This command displays the shared memory used by either all interfaces, or the specified interface or interfaces. The output is useful for diagnostic purposes by Allied Telesis authorized service personnel. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”...
- Page 327 NTERFACE OMMANDS SHOW INTERFACE MEMORY Output Figure 9-5: Example output from the show interface memory command awplus#show interface memory Vlan blocking state shared memory usage --------------------------------------------- Interface shmid Bytes Used nattch Status port1.0.1 393228 1 port1.0.2 458766 1 port1.0.3 360459 1...
-
Page 328: Show Interface Status
NTERFACE OMMANDS SHOW INTERFACE STATUS show interface status Overview Use this command to display the status of the specified interface or interfaces. Note that when no interface or interfaces are specified then the status of all interfaces on the device are shown. show interface [<port-list>] status Syntax Parameter... - Page 329 NTERFACE OMMANDS SHOW INTERFACE STATUS Table 4: Parameters in the output from the show interface status command Parameter Description Port Name/Type of the interface. Name Description of the interface. Status The administrative and operational status of the interface; one of: •...
-
Page 330: Shutdown
NTERFACE OMMANDS SHUTDOWN shutdown Overview This command shuts down the selected interface. This administratively disables the link and takes the link down at the physical (electrical) layer. Use the no variant of this command to disable this function and therefore to bring the link back up again. -
Page 331: Port Mirroring Commands
Port Mirroring Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure Port Mirroring. For more information, see the Mirroring Feature Overview and Configuration Guide. Command List • “mirror interface” on page 332 • “show mirror” on page 334 •... -
Page 332: Mirror Interface
IRRORING OMMANDS MIRROR INTERFACE mirror interface Overview Use this command to define a mirror port and mirrored (monitored) ports and direction of traffic to be mirrored. The port for which you enter interface mode will be the mirror port. The destination port is removed from all VLANs, and no longer participates in other switching. - Page 333 IRRORING OMMANDS MIRROR INTERFACE Access control lists can be used to mirror a subset of traffic from the mirrored port by using the copy-to-mirror parameter in hardware ACL commands. Example To mirror traffic received and transmitted on port1.0.4 and port1.0.5 to destination port1.0.3, use the commands: awplus# configure terminal...
-
Page 334: Show Mirror
IRRORING OMMANDS SHOW MIRROR show mirror Overview Use this command to display the status of all mirrored ports. show mirror Syntax Mode User Exec and Privileged Exec Example To display the status of all mirrored ports, use the following command: awplus# show mirror Output... -
Page 335: Show Mirror Interface
IRRORING OMMANDS SHOW MIRROR INTERFACE show mirror interface Overview Use this command to display port mirroring configuration for a mirrored (monitored) switch port. show mirror interface <port> Syntax Parameter Description <port> The monitored switch port to display information about. Mode User Exec, Privileged Exec and Interface Configuration To display port mirroring configuration for the port1.0.4, use the following Example... - Page 336 Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces. Command List • “clear test interface” on page 337 • “service test” on page 338 • “test interface” on page 339 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 337: Clear Test Interface
NTERFACE ESTING OMMANDS CLEAR TEST INTERFACE clear test interface Overview This command clears test results and counters after issuing a test interface command. Test results and counters must be cleared to issue subsequent test interface commands later on. clear test interface {<port-list>|all} Syntax Parameter Description... -
Page 338: Service Test
NTERFACE ESTING OMMANDS SERVICE TEST service test Overview This command puts the device into the interface testing state, ready to begin testing. After entering this command, enter Interface Configuration mode for the desired interfaces and enter the command test interface. Do not test interfaces on a device that is part of a live network—disconnect the device first. -
Page 339: Test Interface
NTERFACE ESTING OMMANDS TEST INTERFACE test interface Overview This command starts a test on a port or all ports or a selected range or list of ports. Use the no variant of this command to disable this function. The test duration can be configured by specifying the time in minutes after specifying a port or ports to test. - Page 340 NTERFACE ESTING OMMANDS TEST INTERFACE Example To test the switch ports in VLAN 1, install loopbacks in the ports, and enter the following commands: awplus(config)# service test awplus(config)# no spanning-tree rstp enable bridge-forward awplus(config)# interface vlan1 awplus(config-if)# shutdown awplus(config-if)# awplus# test interface all To see the output, use the commands: awplus#...
-
Page 341: Part 2: Layer Two Switching
Part 2: Layer Two Switching 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 342: Chapter 12: Switching Commands
Switching Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure switching. For more information, see the Switching Feature Overview and Configuration Guide. Command List • “backpressure” on page 344 • “clear loop-protection counters” on page 346 •... - Page 343 WITCHING OMMANDS • “mac address-table thrash-limit” on page 369 • “platform jumboframe” on page 370 • “platform stop-unreg-mc-flooding” on page 371 • “polarity” on page 373 • “show debugging loopprot” on page 374 • “show debugging platform packet” on page 375 •...
-
Page 344: Backpressure
WITCHING OMMANDS BACKPRESSURE backpressure Overview This command provides a method of applying flow control to ports running in half duplex mode. The setting will only apply when the link is in the half-duplex state. You can disable backpressure on an interface using the off parameter or the no variant of this command. - Page 345 WITCHING OMMANDS BACKPRESSURE To disable back pressure flow control on interface port1.0.2 enter the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# backpressure off Validation show running-config Commands show interface Related duplex Commands 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 346: Clear Loop-Protection Counters
WITCHING OMMANDS CLEAR LOOP PROTECTION COUNTERS clear loop-protection counters Overview Use this command to clear the counters for the Loop Protection counters. clear loop-protection [interface <port-list>] counters Syntax Parameters Description interface The interface whose counters are to be cleared. <port-list> A port, a port range, or an aggregated link. -
Page 347: Clear Mac Address-Table Dynamic
WITCHING OMMANDS CLEAR MAC ADDRESS TABLE DYNAMIC clear mac address-table dynamic Overview Use this command to clear the filtering database of all entries learned for a selected MAC address, an MSTP instance, a switch port interface or a VLAN interface. clear mac address-table dynamic [address Syntax <mac-address>|interface <port>... - Page 348 WITCHING OMMANDS CLEAR MAC ADDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries when learned through device operation for a given MSTP instance 1 on switch port interface port1.0.2. awplus# clear mac address-table dynamic interface port1.0.2 instance 1 Related clear mac address-table static...
-
Page 349: Clear Mac Address-Table Static
WITCHING OMMANDS CLEAR MAC ADDRESS TABLE STATIC clear mac address-table static Overview Use this command to clear the filtering database of all statically configured entries for a selected MAC address, interface, or VLAN. clear mac address-table static [address <mac-address>|interface Syntax <port>|vlan <vid>] Parameter Description... -
Page 350: Clear Port Counter
WITCHING OMMANDS CLEAR PORT COUNTER clear port counter Overview Use this command to clear the packet counters of the port. clear port counter [<port>] Syntax Parameter Description <port> The port number or range Mode Privileged Exec To clear the packet counter for port1.0.1, use the command: Example awplus# clear port counter port1.0.1... -
Page 351: Clear Port-Security Intrusion
WITCHING OMMANDS CLEAR PORT SECURITY INTRUSION clear port-security intrusion Overview Use this command to clear the history of the port-security intrusion list on all ports, or an individual port. If a port is not specified, the intrusion lists of all ports are cleared. - Page 352 WITCHING OMMANDS CLEAR PORT SECURITY INTRUSION Table 2: Example output from the show port-security intrusion command awplus#show port-security intrusion interface port1.0.1 Port Security Intrusion List ------------------------------------------------------------ Interface: port1.0.1 - 1 intrusion(s) detected 801f.0200.19da To clear the history of port-security intrusion list on port1.0.1, use the following command: awplus# clear port-security intrusion interface port1.0.1...
- Page 353 WITCHING OMMANDS CLEAR PORT SECURITY INTRUSION Related show port-security interface Commands show port-security intrusion switchport port-security switchport port-security aging switchport port-security maximum switchport port-security violation 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 354: Debug Loopprot
WITCHING OMMANDS DEBUG LOOPPROT debug loopprot Overview This command enables Loop Protection debugging. The no variant of this command disables Loop Protection debugging. Syntax debug loopprot {info|msg|pkt|state|nsm|all} no debug loopprot {info|msg|pkt|state|nsm|all} Parameter Description info General Loop Protection information. Received and transmitted Loop Detection Frames (LDFs). Echo raw ASCII display of received and transmitted LDF packets to the console. -
Page 355: Debug Platform Packet
WITCHING OMMANDS DEBUG PLATFORM PACKET debug platform packet Overview This command enables platform to CPU level packet debug functionality on the device. Use the no variant of this command to disable platform to CPU level packet debug. If the result means both send and receive packet debug are disabled, then any active timeout will be canceled. - Page 356 WITCHING OMMANDS DEBUG PLATFORM PACKET To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes, enter: awplus# debug platform packet vlan 2 timeout 150 To disable receive packet debug, enter: awplus# no debug platform packet recv Related show debugging platform packet Commands...
-
Page 357: Duplex
WITCHING OMMANDS DUPLEX duplex Overview This command changes the duplex mode for the specified port. To see the currently-negotiated duplex mode for ports whose links are up, use the command show interface. To see the configured duplex mode (when different from the default), use the command show running-config. - Page 358 WITCHING OMMANDS DUPLEX Related backpressure Commands polarity speed show interface 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 359: Flowcontrol (Switch Port)
WITCHING OMMANDS FLOWCONTROL SWITCH PORT flowcontrol (switch port) Overview Use this command to enable flow control, and configure the flow control mode for the switch port. Use the no variant of this command to disable flow control for the specified switch port. - Page 360 WITCHING OMMANDS FLOWCONTROL SWITCH PORT awplus# configure terminal Examples awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol receive on awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol send on awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol receive off awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol send off...
-
Page 361: Linkflap Action
WITCHING OMMANDS LINKFLAP ACTION linkflap action Overview Use this command to detect flapping on all ports. If more than 15 flaps occur in less than 15 seconds the flapping port will shut down. Use the no variant of this command to disable flapping detection at this rate. Syntax linkflap action [shutdown] no linkflap action... -
Page 362: Loop-Protection Loop-Detect
WITCHING OMMANDS LOOP PROTECTION LOOP DETECT loop-protection loop-detect Overview Use this command to enable the loop-protection loop-detect feature and configure its parameters. Use the no variant of this command to disable the loop-protection loop-detect feature. Syntax loop-protection loop-detect [ldf-interval <period>] [ldf-rx-window <frames>] [fast-block] no loop-protection loop-detect Parameter... -
Page 363: Loop-Protection Action
WITCHING OMMANDS LOOP PROTECTION ACTION loop-protection action Overview Use this command to specify the protective action to apply when a network loop is detected on an interface. Use the no variant of this command to reset the loop protection actions to the default action, vlan-disable, on an interface. -
Page 364: Loop-Protection Action-Delay-Time
WITCHING OMMANDS LOOP PROTECTION ACTION DELAY TIME loop-protection action-delay-time Overview Use this command to sets the loop protection action delay time for an interface to specified values in seconds. The action delay time specifies the waiting period for the action. Use the no variant of this command to reset the loop protection action delay time for an interface to default. -
Page 365: Loop-Protection Timeout
WITCHING OMMANDS LOOP PROTECTION TIMEOUT loop-protection timeout Overview Use this command to specify the Loop Protection recovery action duration on an interface. Use the no variant of this command to set the loop protection timeout to the default. Syntax loop-protection timeout <duration> no loop-protection timeout Parameter Description... -
Page 366: Mac Address-Table Acquire
WITCHING OMMANDS MAC ADDRESS TABLE ACQUIRE mac address-table acquire Overview Use this command to enable MAC address learning on the device. Use the no variant of this command to disable learning. Syntax mac address-table acquire no mac address-table acquire Default Learning is enabled by default for all instances. -
Page 367: Mac Address-Table Ageing-Time
WITCHING OMMANDS MAC ADDRESS TABLE AGEING TIME mac address-table ageing-time Overview Use this command to specify an ageing-out time for a learned MAC address. The learned MAC address will persist for at least the specified time. The no variant of this command will reset the ageing-out time back to the default of 300 seconds (5 minutes). -
Page 368: Mac Address-Table Static
WITCHING OMMANDS MAC ADDRESS TABLE STATIC mac address-table static Overview Use this command to statically configure the MAC address-table to forward or discard frames with a matching destination MAC address. mac address-table static <mac-addr> {forward|discard} interface Syntax <port> [vlan <vid>] no mac address-table static <mac-addr>... -
Page 369: Mac Address-Table Thrash-Limit
WITCHING OMMANDS MAC ADDRESS TABLE THRASH LIMIT mac address-table thrash-limit Overview Use this command to set the thrash limit on the device or stack. Thrashing occurs when a MAC address table rapidly “flips” its mapping of a single MAC address between two subnets, usually as a result of a network loop. Use the no variant of this command to disable thrash limiting. -
Page 370: Platform Jumboframe
WITCHING OMMANDS PLATFORM JUMBOFRAME platform jumboframe Overview This command enables the device to forward jumbo frames. See the Switching Feature Overview and Configuration Guide for more information. When jumbo frame support is enabled, the maximum size of packets that the device can forward is 10240 bytes. -
Page 371: Platform Stop-Unreg-Mc-Flooding
WITCHING OMMANDS PLATFORM STOP UNREG FLOODING platform stop-unreg-mc-flooding Overview If a multicast stream is arriving at a network device, and that network device has received no IGMP reports that request the receipt of the stream, then that stream is referred to as "unregistered". IGMP snooping actively prevents the flooding of unregistered streams to all ports in the VLAN on which the stream is received. - Page 372 WITCHING OMMANDS PLATFORM STOP UNREG FLOODING Examples To enable this feature and stop multicast packet flooding, use the following commands: awplus# configure terminal awplus(config)# platform stop-unreg-mc-flooding To disable this feature and allow multicast packet flooding, use the following commands: awplus# configure terminal awplus(config)# no platform stop-unreg-mc-flooding...
-
Page 373: Polarity
WITCHING OMMANDS POLARITY polarity Overview This command sets the MDI/MDIX polarity on a copper-based switch port. polarity {auto|mdi|mdix} Syntax Parameter Description Sets the polarity to MDI (medium dependent interface). mdix Sets the polarity to MDI-X (medium dependent interface crossover). auto The switch port sets the polarity automatically. -
Page 374: Show Debugging Loopprot
WITCHING OMMANDS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information. show debugging loopprot Syntax Mode User Exec and Privileged Exec Example To display the enabled Loop Protection debugging modes, use the command: awplus# show debugging loopprot Related debug loopprot Commands... -
Page 375: Show Debugging Platform Packet
WITCHING OMMANDS SHOW DEBUGGING PLATFORM PACKET show debugging platform packet Overview This command shows platform to CPU level packet debugging information. show debugging platform packet Syntax Mode User Exec and Privileged Exec Example To display the platform packet debugging information, use the command: awplus# show debugging platform packet Related... -
Page 376: Show Flowcontrol Interface
WITCHING OMMANDS SHOW FLOWCONTROL INTERFACE show flowcontrol interface Overview Use this command to display flow control information. show flowcontrol interface <port> Syntax Parameter Description <port> Specifies the name of the port to be displayed. Mode User Exec and Privileged Exec To display the flow control for the port1.0.5, use the command: Example awplus#... -
Page 377: Show Interface Err-Disabled
WITCHING OMMANDS SHOW INTERFACE ERR DISABLED show interface err-disabled Overview Use this command to show the ports which have been dynamically shut down by protocols running on the device and the protocols responsible for the shutdown. show interface [<interface-range> err-disabled] Syntax Parameter Description... -
Page 378: Show Interface Switchport
WITCHING OMMANDS SHOW INTERFACE SWITCHPORT show interface switchport Overview Use this command to show VLAN information about each switch port. show interface switchport Syntax Mode User Exec and Privileged Exec Example To display VLAN information about each switch port, enter the command: awplus# show interface switchport Output... -
Page 379: Show Loop-Protection
WITCHING OMMANDS SHOW LOOP PROTECTION show loop-protection Overview Use this command to display the current loop protection setup for the device. show loop-protection [interface <port-list>] [counters] Syntax Parameter Description interface The interface selected for display. <port-list> A port, a port range, or an aggregated link. counters Displays counter information for loop protection. - Page 380 WITCHING OMMANDS SHOW LOOP PROTECTION awplus#show loop-protection counters Switch Loop Detection Counter Interface Rx Invalid Last LDF Rx ------------------------------------------------------------------------- port1.0.1 vlan1 - port1.0.2 vlan1 - port1.0.3 vlan1 - 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 381: Show Mac Address-Table
WITCHING OMMANDS SHOW MAC ADDRESS TABLE show mac address-table Overview Use this command to display the mac address-table for all configured VLANs. show mac address-table Syntax Mode User Exec and Privileged Exec Usage The show mac address-table command is only applicable to view a mac address-table for Layer 2 switched traffic within VLANs. - Page 382 WITCHING OMMANDS SHOW MAC ADDRESS TABLE awplus(config)#mac address-table static 0000.1111.2222 for int port1.0.3 vlan 2 awplus(config)#end awplus# awplus#show mac address-table VLAN Port State unknown 0000.cd28.0752 static port1.0.2 0030.846e.bac7 dynamic port1.0.3 0000.1111.2222 static unknown 0000.cd28.0752 static port1.0.5 0030.846e.9bf4 dynamic 0000.cd00.0000 static Related...
-
Page 383: Show Mac Address-Table Thrash-Limit
WITCHING OMMANDS SHOW MAC ADDRESS TABLE THRASH LIMIT show mac address-table thrash-limit Overview Use this command to display the current thrash limit set for all interfaces on the device. show mac address-table thrash-limit Syntax Mode User Exec and Privileged Exec Example To display the current, use the following command: awplus#... -
Page 384: Show Platform
WITCHING OMMANDS SHOW PLATFORM show platform Overview This command displays the settings configured by using the platform commands. show platform Syntax Mode Privileged Exec Usage This command displays the settings in the running config. For changes in some of these settings to take effect, the device must be rebooted with the new settings in the startup config. -
Page 385: Show Platform Classifier Statistics Utilization Brief
WITCHING OMMANDS SHOW PLATFORM CLASSIFIER STATISTICS UTILIZATION BRIEF show platform classifier statistics utilization brief Overview This command displays the number of used entries available for various platform functions, and the percentage that number of entries represents of the total available. Syntax show platform classifier statistics utilization brief Mode... -
Page 386: Show Platform Port
WITCHING OMMANDS SHOW PLATFORM PORT show platform port Overview This command displays the various port registers or platform counters for specified switchports. show platform port [<port-list>|counters] Syntax Parameter Description <port-list> The ports to display information about. A port-list can be: •... - Page 387 WITCHING OMMANDS SHOW PLATFORM PORT Output Figure 12-9: Example output from the show platform port command awplus#show platform port port1.0.1 Phy register value for port1.0.1 (ifindex: 5001) BCM84858 PHY detected PMA/PMD Registers - Device 1 0=2040 1=0082 2=600d 3=8562...
- Page 388 WITCHING OMMANDS SHOW PLATFORM PORT Table 6: Parameters in the output from the show platform port command Parameter Description 128 - 255 Number of 128 - 255 octet packets received and transmitted. 256 - 511 Number of 256 - 511 octet packets received and transmitted.
- Page 389 WITCHING OMMANDS SHOW PLATFORM PORT Table 6: Parameters in the output from the show platform port command Parameter Description SysErDurCarrier Receive Code Error Counter. CarrierSenseErr Receive False Carrier Counter. UndersizePkts Number of undersized packets received. Transmit Counters for traffic transmitted. Octets Number of octets transmitted.
- Page 390 WITCHING OMMANDS SHOW PLATFORM PORT Table 6: Parameters in the output from the show platform port command Parameter Description ifOutDiscards Outbound interface Discarded Packets counter. MTUExcdDiscard Receive MTU Check Error Frame Counter 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 391: Show Port-Security Interface
WITCHING OMMANDS SHOW PORT SECURITY INTERFACE show port-security interface Overview Use this command to show the current port-security configuration and the switch port status. show port-security interface <port> Syntax Parameter Description <port> The port to display information about. The port may be a switch port (e.g. -
Page 392: Show Port-Security Intrusion
WITCHING OMMANDS SHOW PORT SECURITY INTRUSION show port-security intrusion Overview Use this command to show the intrusion list. If the port is not specified, the entire intrusion table is shown. show port-security intrusion [interface <port>] Syntax Parameter Description interface Specify a port <port>... -
Page 393: Show Storm-Control
WITCHING OMMANDS SHOW STORM CONTROL show storm-control Overview Use this command to display storm-control information for all interfaces or a particular interface. show storm-control [<port>] Syntax Parameter Description <port> The port to display information about. The port may be a switch port (e.g. -
Page 394: Speed Auto
WITCHING OMMANDS SPEED speed Overview This command changes the speed of the specified port. You can optionally specify the speed or speeds that get autonegotiated, so autonegotiation is only attempted at the specified speeds. To see the currently-negotiated speed for ports whose links are up, use the show interface command. - Page 395 WITCHING OMMANDS SPEED To set the port to auto-negotiate its speed at 1000Mbps only, enter the following commands: awplus# configure terminal awplus(config)# interface port1.0.49 awplus(config-if)# speed auto 1000 Related duplex Commands polarity show interface speed (asyn) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 396: Storm-Control Level
WITCHING OMMANDS STORM CONTROL LEVEL storm-control level Overview Use this command to specify the speed limiting level for broadcasting, multicast, or destination lookup failure (DLF) traffic for the port. Storm-control limits the selected traffic type to the specified percentage of the maximum port speed. Use the no variant of this command to disable storm-control for broadcast, multicast or DLF traffic. -
Page 397: Switchport Port-Security
WITCHING OMMANDS SWITCHPORT PORT SECURITY switchport port-security Overview Use this command to enable the port-security feature. This feature is also known as the port-based learn limit. It allows the user to set the maximum number of MAC addresses that each port can learn. Use the no variant of this command to disable the port-security feature. -
Page 398: Switchport Port-Security Aging
WITCHING OMMANDS SWITCHPORT PORT SECURITY AGING switchport port-security aging Overview Use this command to set MAC addresses that have been learned by port security to age out. Use the no variant of this command to set the MAC addresses to not age out. Syntax switchport port-security aging no switchport port-security aging... -
Page 399: Switchport Port-Security Maximum
WITCHING OMMANDS SWITCHPORT PORT SECURITY MAXIMUM switchport port-security maximum Overview Use this command to set the maximum number of MAC addresses that each port can learn. Use the no variant of this command to unset the maximum number of MAC addresses that each port can learn. -
Page 400: Switchport Port-Security Violation
WITCHING OMMANDS SWITCHPORT PORT SECURITY VIOLATION switchport port-security violation Overview Use this command to set the action taken on a switch port when the port exceeds the learning limits. The port action can be either shutdown, restrict or protect. If shutdown is set, the physical link will be disabled and “shutdown”... -
Page 401: Thrash-Limiting
WITCHING OMMANDS THRASH LIMITING thrash-limiting Overview To block all traffic on a vlan, use the following command: awplus# configure terminal awplus(config)# thrash-limiting action vlan-disable To set the thrash limiting timeout to 5 seconds, use the following command: awplus(config-if)# thrash-limiting timeout 5 To set the thrash limiting action to its default, use the following command: awplus(config-if)# no thrash-limiting action... -
Page 402: Undebug Loopprot
WITCHING OMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no debug loopprot command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 403: Undebug Platform Packet
WITCHING OMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no debug platform packet command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 404: Vlan Commands
VLAN Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure VLANs. For more information see the VLAN Feature Overview and Configuration Guide. Command List • “private-vlan” on page 406 • “private-vlan association” on page 407 •... - Page 405 VLAN C OMMANDS • “switchport voice dscp” on page 429 • “switchport voice vlan” on page 430 • “switchport voice vlan priority” on page 432 • “vlan” on page 433 • “vlan classifier activate” on page 434 • “vlan classifier group”...
-
Page 406: Private-Vlan
VLAN C OMMANDS PRIVATE VLAN private-vlan Overview Use this command to a create a private VLAN. Private VLANs can be either primary or secondary. Secondary VLANs can be ether community or isolated. Use the no variant of this command to remove the specified private VLAN. For more information, see the VLAN Feature Overview and Configuration Guide. -
Page 407: Private-Vlan Association
VLAN C OMMANDS PRIVATE VLAN ASSOCIATION private-vlan association Overview Use this command to associate a secondary VLAN to a primary VLAN. Only one isolated VLAN can be associated to a primary VLAN. Multiple community VLANs can be associated to a primary VLAN. Use the no variant of this command to remove association of all the secondary VLANs to a primary VLAN. -
Page 408: Show Vlan
VLAN C OMMANDS SHOW VLAN show vlan Overview Use this command to display information about a particular VLAN by specifying its VLAN ID. Selecting all will display information for all the VLANs configured. show vlan Syntax {all|brief|dynamic|static|auto|static-ports|<1-4094>} Parameter Description <1-4094> Display information about the VLAN specified by the VLAN ID. -
Page 409: Show Vlan Classifier Group
VLAN C OMMANDS SHOW VLAN CLASSIFIER GROUP show vlan classifier group Overview Use this command to display information about all configured VLAN classifier groups or a specific group. show vlan classifier group [<1-16>] Syntax Parameter Description <1-16> VLAN classifier group identifier Mode User Exec and Privileged Exec Usage... -
Page 410: Show Vlan Classifier Group Interface
VLAN C OMMANDS SHOW VLAN CLASSIFIER GROUP INTERFACE show vlan classifier group interface Overview Use this command to display information about a single switch port interface for all configured VLAN classifier groups. show vlan classifier group interface <switch-port> Syntax Parameter Description <switch-port>... -
Page 411: Show Vlan Classifier Interface Group
VLAN C OMMANDS SHOW VLAN CLASSIFIER INTERFACE GROUP show vlan classifier interface group Overview Use this command to display information about all interfaces configured for a VLAN group or all the groups. show vlan classifier interface group [<1-16>] Syntax Parameter Description <1-16>... -
Page 412: Show Vlan Classifier Rule
VLAN C OMMANDS SHOW VLAN CLASSIFIER RULE show vlan classifier rule Overview Use this command to display information about all configured VLAN classifier rules or a specific rule. show vlan classifier rule [<1-256>] Syntax Parameter Description <1-256> VLAN classifier rule identifier Mode User Exec and Privileged Exec Usage... -
Page 413: Show Vlan Private-Vlan
VLAN C OMMANDS SHOW VLAN PRIVATE VLAN show vlan private-vlan Overview Use this command to display the private VLAN configuration and associations. show vlan private-vlan Syntax Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations, enter the command: awplus# show vlan private-vlan Output... -
Page 414: Switchport Access Vlan
VLAN C OMMANDS SWITCHPORT ACCESS VLAN switchport access vlan Overview Use this command to change the port-based VLAN of the current port. Use the no variant of this command to change the port-based VLAN of this port to the default VLAN, vlan1. Syntax switchport access vlan <vlan-id>... -
Page 415: Switchport Enable Vlan
VLAN C OMMANDS SWITCHPORT ENABLE VLAN switchport enable vlan Overview This command enables the VLAN on the port manually once disabled by certain actions, such as QSP (QoS Storm Protection) or EPSR (Ethernet Protection Switching Ring). Note that if the VID is not given, all disabled VLANs are re-enabled. This command enables the VLAN on the port manually once disabled by certain actions, such as EPSR (Ethernet Protection Switching Ring). -
Page 416: Switchport Mode Access
VLAN C OMMANDS SWITCHPORT MODE ACCESS switchport mode access Overview Use this command to set the switching characteristics of the port to access mode. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria. switchport mode access [ingress-filter {enable|disable}] Syntax Parameter... -
Page 417: Switchport Mode Private-Vlan
VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN switchport mode private-vlan Overview Use this command to make a Layer 2 port a private VLAN host port or a promiscuous port. Use the no variant of this command to remove the configuration. Syntax switchport mode private-vlan {host|promiscuous} no switchport mode private-vlan {host|promiscuous}... -
Page 418: Switchport Mode Private-Vlan Trunk Promiscuous
VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK PROMISCUOUS switchport mode private-vlan trunk promiscuous Overview Use this command to enable a port in trunk mode to be promiscuous port for isolated VLANs. Use the no variant of this command to remove a port in trunk mode as a promiscuous port for isolated VLANs. - Page 419 VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK PROMISCUOUS To create the isolated VLANs 2, 3 and 4 and then enable port1.0.2 in trunk Examples mode as a promiscuous port for these VLANs with the group ID of 3, use the following commands: awplus# configure terminal...
-
Page 420: Switchport Mode Private-Vlan Trunk Secondary
VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK SECONDARY switchport mode private-vlan trunk secondary Overview Use this command to enable a port in trunk mode to be a secondary port for isolated VLANs. Use the no variant of this command to remove a port in trunk mode as a secondary port for isolated VLANs. - Page 421 VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK SECONDARY To create isolated private VLAN 2 and then enable port1.0.3 in trunk mode as Examples a secondary port for the this VLAN with the group ID of 3, use the following commands: awplus# configure terminal...
-
Page 422: Switchport Mode Trunk
VLAN C OMMANDS SWITCHPORT MODE TRUNK switchport mode trunk Overview Use this command to set the switching characteristics of the port to trunk. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria. switchport mode trunk [ingress-filter {enable|disable}] Syntax Parameter... -
Page 423: Switchport Private-Vlan Host-Association
VLAN C OMMANDS SWITCHPORT PRIVATE VLAN HOST ASSOCIATION switchport private-vlan host-association Overview Use this command to associate a primary VLAN and a secondary VLAN to a host port. Only one primary and secondary VLAN can be associated to a host port. Use the no variant of this command to remove the association. -
Page 424: Switchport Private-Vlan Mapping
VLAN C OMMANDS SWITCHPORT PRIVATE VLAN MAPPING switchport private-vlan mapping Overview Use this command to associate a primary VLAN and a set of secondary VLANs to a promiscuous port. Use the no variant of this to remove all the association of secondary VLANs to primary VLANs for a promiscuous port. -
Page 425: Switchport Trunk Allowed Vlan
VLAN C OMMANDS SWITCHPORT TRUNK ALLOWED VLAN switchport trunk allowed vlan Overview Use this command to add VLANs to be trunked over this switch port. Traffic for these VLANs can be sent and received on the port. Use the no variant of this command to reset switching characteristics of a specified interface to negate a trunked configuration specified with switchport trunk allowed vlan command. - Page 426 VLAN C OMMANDS SWITCHPORT TRUNK ALLOWED VLAN either the except or the all parameters have first been used to add a list of VLANs to a port. To remove a VLAN, where the configuration for port1.0.6 shows the below output: awplus#show running-config...
- Page 427 VLAN C OMMANDS SWITCHPORT TRUNK ALLOWED VLAN Add VLAN 4 by re-entering the except parameter with a list of VLANs to exclude, instead of using the add parameter to include VLAN 4, as shown in the command example below: awplus# configure terminal awplus(config)# interface port1.0.5...
-
Page 428: Switchport Trunk Native Vlan
VLAN C OMMANDS SWITCHPORT TRUNK NATIVE VLAN switchport trunk native vlan Overview Use this command to configure the native VLAN for this port. The native VLAN is used for classifying the incoming untagged packets. Use the none parameter with this command to remove the native VLAN from the port and set the acceptable frame types to vlan-tagged only. -
Page 429: Switchport Voice Dscp
VLAN C OMMANDS SWITCHPORT VOICE DSCP switchport voice dscp Overview Use this command for a specific port to configure the Layer 3 DSCP value advertised when the transmission of LLDP-MED Network Policy TLVs for voice devices is enabled. When LLDP-MED capable IP phones receive this network policy information, they transmit voice data with the specified DSCP value. -
Page 430: Switchport Voice Vlan
VLAN C OMMANDS SWITCHPORT VOICE VLAN switchport voice vlan Overview Use this command to configure the Voice VLAN tagging advertised when the transmission of LLDP-MED Network Policy TLVs for voice endpoint devices is enabled. When LLDP-MED capable IP phones receive this network policy information, they transmit voice data with the specified tagging. - Page 431 VLAN C OMMANDS SWITCHPORT VOICE VLAN “Egress-VLAN-Name (58)” in the RADIUS Accept message when authenticating a phone attached to this port. For more information about configuring authentication for Voice VLAN, see the LLDP Feature Overview and Configuration Guide. If the ports have been set to be edge ports by the switchport voice vlan command, the no variant of this command will leave them unchanged as edge ports.
-
Page 432: Switchport Voice Vlan Priority
VLAN C OMMANDS SWITCHPORT VOICE VLAN PRIORITY switchport voice vlan priority Overview Use this command to configure the Layer 2 user priority advertised when the transmission of LLDP-MED Network Policy TLVs for voice devices is enabled. This is the priority in the User Priority field of the IEEE 802.1Q VLAN tag, also known as the Class of Service (CoS), or 802.1p priority. -
Page 433: Vlan
VLAN C OMMANDS VLAN vlan Overview This command creates VLANs, assigns names to them, and enables or disables them. Disabling the VLAN causes all forwarding over the specified VLAN ID to cease. Enabling the VLAN allows forwarding of frames on the specified VLAN. When VCStack is enabled, you can configure a maximum of 512 VLANs. -
Page 434: Vlan Classifier Activate
VLAN C OMMANDS VLAN CLASSIFIER ACTIVATE vlan classifier activate Overview Use this command in Interface Configuration mode to associate a VLAN classifier group with the switch port. Use the no variant of this command to remove the VLAN classifier group from the switch port. -
Page 435: Vlan Classifier Group
VLAN C OMMANDS VLAN CLASSIFIER GROUP vlan classifier group Overview Use this command to create a group of VLAN classifier rules. The rules must already have been created. Use the no variant of this command to delete a group of VLAN classifier rules. Syntax vlan classifier group <1-16>... -
Page 436: Vlan Classifier Rule Ipv
VLAN C OMMANDS VLAN CLASSIFIER RULE IPV vlan classifier rule ipv4 Overview Use this command to create an IPv4 subnet-based VLAN classifier rule and map it to a specific VLAN. Use the no variant of this command to delete the VLAN classifier rule. -
Page 437: Vlan Classifier Rule Proto
VLAN C OMMANDS VLAN CLASSIFIER RULE PROTO vlan classifier rule proto Overview Use this command to create a protocol type-based VLAN classifier rule, and map it to a specific VLAN. See the published IANA EtherType IEEE 802 numbers here: www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.txt. Instead of a protocol name the decimal value of the protocol's EtherType can be entered. - Page 438 VLAN C OMMANDS VLAN CLASSIFIER RULE PROTO Parameter Description [decsyscomm|24583] DEC Systems Comms Arch protocol [g8bpqx25|2303] G8BPQ AX.25 protocol [ieeeaddrtrans|2561] Xerox IEEE802.3 PUP Address [ieeepup|2560] Xerox IEEE802.3 PUP protocol [ip|2048] IP protocol [ipv6|34525] IPv6 protocol [ipx|33079] IPX protocol [netbeui|61680] IBM NETBIOS/NETBEUI protocol [netbeui|61681] IBM NETBIOS/NETBEUI...
- Page 439 VLAN C OMMANDS VLAN CLASSIFIER RULE PROTO awplus# configure terminal Example awplus(config)# vlan classifier rule 1 proto x25 encap ethv2 vlan 2 awplus(config)# vlan classifier rule 2 proto 512 encap ethv2 vlan 2 awplus(config)# vlan classifier rule 3 proto 2056 encap ethv2 vlan 2 awplus(config)# vlan classifier rule 4 proto 2054 encap ethv2...
-
Page 440: Vlan Database
VLAN C OMMANDS VLAN DATABASE vlan database Overview Use this command to enter the VLAN Configuration mode. vlan database Syntax Mode Global Configuration Usage Use this command to enter the VLAN configuration mode. You can then add or delete a VLAN, or modify its values. Example In the following example, note the change to VLAN configuration mode from Configure mode:... -
Page 441: Vlan Mode Stack-Local-Vlan
VLAN C OMMANDS VLAN MODE STACK LOCAL VLAN vlan mode stack-local-vlan Overview This command enables you to create stack-local-VLANs and use ICMP to monitor and diagnose issues within specific members of the stack. When a VLAN is added using this method, all its traffic will be trapped to and processed by the CPU of the specific local stack member, rather than the CPU of the stack master. - Page 442 VLAN C OMMANDS VLAN MODE STACK LOCAL VLAN To remove VLAN 4002, use the following commands: awplus# configure terminal awplus(config)# vlan database awplus(config-vlan)# no vlan 4002 Related ip igmp snooping Commands vlan database 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 443: Spanning Tree
Spanning Tree Commands Introduction Overview This chapter provides an alphabetical reference for commands used to configure RSTP, STP or MSTP. For information about spanning trees, including configuration procedures, see the STP Feature Overview and Configuration Guide. Command List • “clear spanning-tree statistics”... - Page 444 PANNING OMMANDS • “show spanning-tree statistics instance” on page 475 • “show spanning-tree statistics instance interface” on page 476 • “show spanning-tree statistics interface” on page 478 • “show spanning-tree vlan range-index” on page 480 • “spanning-tree autoedge (RSTP and MSTP)”...
-
Page 445: Clear Spanning-Tree Statistics
PANNING OMMANDS CLEAR SPANNING TREE STATISTICS clear spanning-tree statistics Overview Use this command to clear all the STP BPDU (Bridge Protocol Data Unit) statistics. clear spanning-tree statistics Syntax clear spanning-tree statistics [instance <mstp-instance>] clear spanning-tree statistics [interface <port> [instance <mstp-instance>]] Parameter Description <port>... -
Page 446: Clear Spanning-Tree Detected Protocols (Rstp And Mstp)
PANNING OMMANDS (RSTP MSTP) CLEAR SPANNING TREE DETECTED PROTOCOLS clear spanning-tree detected protocols (RSTP and MSTP) Overview Use this command to clear the detected protocols for a specific port, or all ports. Use this command in RSTP or MSTP mode only. clear spanning-tree detected protocols [interface <port>] Syntax Parameter... -
Page 447: Debug Mstp (Rstp And Stp)
PANNING OMMANDS (RSTP STP) DEBUG MSTP debug mstp (RSTP and STP) Overview Use this command to enable debugging for the configured spanning tree mode, and echo data to the console, at various levels. Note that although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well the MSTP protocol. - Page 448 PANNING OMMANDS (RSTP STP) DEBUG MSTP command. The default terminal monitor filter will select and display these messages. Alternatively, the messages can be directed to any of the other log outputs by adding a filter for the MSTP application using log buffered (filter) command: awplus#...
- Page 449 PANNING OMMANDS (RSTP STP) DEBUG MSTP awplus#terminal monitor awplus#debug mstp packet rx decode interface port1.0.4 17:23:42 awplus MSTP[1417]: port1.0.4 xSTP BPDU rx - start 17:23:42 awplus MSTP[1417]: Protocol version: MSTP, BPDU type: RST 17:23:42 awplus MSTP[1417]: CIST Flags: Agree Forward Learn role=Desig 17:23:42 awplus MSTP[1417]: CIST root id : 0000:0000cd1000fe...
- Page 450 PANNING OMMANDS (RSTP STP) DEBUG MSTP awplus#terminal monitor awplus#debug mstp packet rx decode interface port1.0.4 awplus#17:30:17 awplus MSTP[1417]: port1.0.4 xSTP BPDU rx - start 17:30:17 awplus MSTP[1417]: Protocol version: RSTP, BPDU type: RST 17:30:17 awplus MSTP[1417]: CIST Flags: Forward Learn role=Desig 17:30:17 awplus MSTP[1417]: CIST root id : 8000:0000cd1000fe...
-
Page 451: Instance Priority (Mstp)
PANNING OMMANDS (MSTP) INSTANCE PRIORITY instance priority (MSTP) Overview Use this command to set the priority for this device to become the root bridge for the specified MSTI (Multiple Spanning Tree Instance). Use this command for MSTP only. Use the no variant of this command to restore the root bridge priority of the device for the instance to the default. - Page 452 PANNING OMMANDS (MSTP) INSTANCE PRIORITY Related region (MSTP) Commands revision (MSTP) show spanning-tree mst config spanning-tree mst instance spanning-tree mst instance priority 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 453: Instance Vlan (Mstp)
PANNING OMMANDS (MSTP) INSTANCE VLAN instance vlan (MSTP) Overview Use this command to create an MST Instance (MSTI), and associate the specified VLANs with it. An MSTI is a spanning tree instance that exists within an MST region (MSTR). When a VLAN is associated with an MSTI the member ports of the VLAN are automatically configured to send and receive spanning-tree information for the associated MSTI. - Page 454 PANNING OMMANDS (MSTP) INSTANCE VLAN Related region (MSTP) Commands revision (MSTP) show spanning-tree mst config spanning-tree mst instance vlan 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 455: Region (Mstp)
PANNING OMMANDS (MSTP) REGION region (MSTP) Overview Use this command to assign a name to the device’s MST Region. MST Instances (MSTI) of a region form different spanning trees for different VLANs. Use this command for MSTP only. Use the no variant of this command to remove this region name and reset it to the default. -
Page 456: Revision (Mstp)
PANNING OMMANDS (MSTP) REVISION revision (MSTP) Overview Use this command to specify the MST revision number to be used in the configuration identifier. Use this command for MSTP only. Syntax revision <revision-number> Parameter Description <revision-number> <0-65535> Revision number. Default The default of revision number is 0. Mode MST Configuration Usage... -
Page 457: Show Debugging Mstp
PANNING OMMANDS SHOW DEBUGGING MSTP show debugging mstp Overview Use this command to show the MSTP debugging options set. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show debugging mstp Mode User Exec and Privileged Exec mode... -
Page 458: Show Spanning-Tree
PANNING OMMANDS SHOW SPANNING TREE show spanning-tree Overview Use this command to display detailed spanning tree information on the specified port or on all ports. Use this command for RSTP, MSTP or STP. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 459 PANNING OMMANDS SHOW SPANNING TREE Output Figure 14-2: Example output from show spanning-tree in RSTP mode awplus#show spanning-tree % 1: Bridge up - Spanning Tree Enabled % 1: Root Path Cost 0 - Root Port 0 - Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20...
- Page 460 PANNING OMMANDS SHOW SPANNING TREE % 1: Bridge up - Spanning Tree Enabled % 1: Root Path Cost 0 - Root Port 0 - Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 % 1: Root Id 80000000cd20f093...
-
Page 461: Show Spanning-Tree Brief
PANNING OMMANDS SHOW SPANNING TREE BRIEF show spanning-tree brief Overview Use this command to display a summary of spanning tree status information on all ports. Use this command for RSTP, MSTP or STP. show spanning-tree brief Syntax Parameter Description brief A brief summary of spanning tree information. -
Page 462: Show Spanning-Tree Mst
PANNING OMMANDS SHOW SPANNING TREE MST show spanning-tree mst Overview This command displays bridge-level information about the CIST and VLAN to MSTI mappings. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 463: Show Spanning-Tree Mst Config
PANNING OMMANDS SHOW SPANNING TREE MST CONFIG show spanning-tree mst config Overview Use this command to display MSTP configuration identifier for the device. show spanning-tree mst config Syntax Mode User Exec, Privileged Exec and Interface Configuration Usage The region name, the revision number, and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region. -
Page 464: Show Spanning-Tree Mst Detail
PANNING OMMANDS SHOW SPANNING TREE MST DETAIL show spanning-tree mst detail Overview This command displays detailed information about each instance, and all interfaces associated with that particular instance. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 465 PANNING OMMANDS SHOW SPANNING TREE MST DETAIL port1.0.3: Port 5003 - Id 838b - Role Disabled - State Discarding port1.0.3: Designated External Path Cost 0 -Internal Path Cost 0 port1.0.3: Configured Path Cost 20000000 - Add type Explicit ref count 1 port1.0.3: Designated Port Id 838b - CIST Priority 128 -...
-
Page 466: Show Spanning-Tree Mst Detail Interface
PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE show spanning-tree mst detail interface Overview This command displays detailed information about the specified switch port, and the MST instances associated with it. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 467 PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE port1.0.2: No portfast configured - Current portfast off port1.0.2: portfast bpdu-guard default - Current portfast bpdu-guard off port1.0.2: portfast bpdu-filter default - Current portfast bpdu-filter off port1.0.2: no root guard configured - Current root guard off port1.0.2: Configured Link Type point-to-point - Current shared...
-
Page 468: Show Spanning-Tree Mst Instance
PANNING OMMANDS SHOW SPANNING TREE MST INSTANCE show spanning-tree mst instance Overview This command displays detailed information for the specified instance, and all switch ports associated with that instance. A topology change counter has been included for RSTP and MSTP. You can see the topology change counter for RSTP by using the show spanning-tree command. -
Page 469: Show Spanning-Tree Mst Instance Interface
PANNING OMMANDS SHOW SPANNING TREE MST INSTANCE INTERFACE show spanning-tree mst instance interface Overview This command displays detailed information for the specified MST (Multiple Spanning Tree) instance, and the specified switch port associated with that MST instance. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 470: Show Spanning-Tree Mst Interface
PANNING OMMANDS SHOW SPANNING TREE MST INTERFACE show spanning-tree mst interface Overview This command displays the number of instances created, and VLANs associated with it for the specified switch port. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 471 PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE show spanning-tree mst detail interface Overview This command displays detailed information about the specified switch port, and the MST instances associated with it. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”...
- Page 472 PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE port1.0.2: No portfast configured - Current portfast off port1.0.2: portfast bpdu-guard default - Current portfast bpdu-guard off port1.0.2: portfast bpdu-filter default - Current portfast bpdu-filter off port1.0.2: no root guard configured - Current root guard off port1.0.2: Configured Link Type point-to-point - Current shared...
-
Page 473: Show Spanning-Tree Statistics
PANNING OMMANDS SHOW SPANNING TREE STATISTICS show spanning-tree statistics Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for all spanning-tree instances, and all switch ports associated with all spanning-tree instances. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 474 PANNING OMMANDS SHOW SPANNING TREE STATISTICS % STATUS of Port Timers % --------------------- % Hello Time Configured : 2 % Hello timer : INACTIVE % Hello Time Value : 0 % Forward Delay Timer : INACTIVE % Forward Delay Timer Value : 0...
-
Page 475: Show Spanning-Tree Statistics Instance
PANNING OMMANDS SHOW SPANNING TREE STATISTICS INSTANCE show spanning-tree statistics instance Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for the specified MST (Multiple Spanning Tree) instance, and all switch ports associated with that MST instance. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 476: Show Spanning-Tree Statistics Instance Interface
PANNING OMMANDS SHOW SPANNING TREE STATISTICS INSTANCE INTERFACE show spanning-tree statistics instance interface Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for the specified MST (Multiple Spanning Tree) instance and the specified switch port associated with that MST instance. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 477 PANNING OMMANDS SHOW SPANNING TREE STATISTICS INSTANCE INTERFACE Output Figure 14-15: Example output from show spanning-tree statistics instance interface awplus#sh spanning-tree statistics interface port1.0.2 instance 1 Spanning Tree Enabled for Instance : 1 ================================== % INST_PORT port1.0.2 Information & Statistics % ----------------------------------------...
-
Page 478: Show Spanning-Tree Statistics Interface
PANNING OMMANDS SHOW SPANNING TREE STATISTICS INTERFACE show spanning-tree statistics interface Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for the specified switch port, and all MST instances associated with that switch port. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 479 PANNING OMMANDS SHOW SPANNING TREE STATISTICS INTERFACE % PORT Based Information & Statistics % ----------------------------------- % Config Bpdu's xmitted : 0 % Config Bpdu's received : 0 % TCN Bpdu's xmitted : 0 % TCN Bpdu's received : 0 % Forward Trans Count : 0...
-
Page 480: Show Spanning-Tree Vlan Range-Index
PANNING OMMANDS SHOW SPANNING TREE VLAN RANGE INDEX show spanning-tree vlan range-index Overview Use this command to display information about MST (Multiple Spanning Tree) instances and the VLANs associated with them including the VLAN range-index value for the device. show spanning-tree vlan range-index Syntax Mode Privileged Exec... -
Page 481: Spanning-Tree Autoedge (Rstp And Mstp)
PANNING OMMANDS (RSTP MSTP) SPANNING TREE AUTOEDGE spanning-tree autoedge (RSTP and MSTP) Overview Use this command to enable the autoedge feature on the port. The autoedge feature allows the port to automatically detect that it is an edge port. If it does not receive any BPDUs in the first three seconds after linkup, enabling, or entering RSTP or MSTP mode, it sets itself to be an edgeport and enters the forwarding state. -
Page 482: Spanning-Tree Bpdu
PANNING OMMANDS SPANNING TREE BPDU spanning-tree bpdu Overview Use this command in Global Configuration mode to configure BPDU (Bridge Protocol Data Unit) discarding or forwarding, with STP (Spanning Tree Protocol) disabled on the switch. See the Usage note about disabling Spanning Tree before using this command, and using this command to forward unsupported BPDUs unchanged for unsupported STP Protocols. - Page 483 PANNING OMMANDS SPANNING TREE BPDU Examples To enable STP BPDU discard in Global Configuration mode with STP disabled, which discards all ingress STP BPDU frames, enter the commands: awplus# configure terminal awplus(config)# no spanning-tree stp enable awplus(config)# spanning-tree bpdu discard To enable STP BPDU forward in Global Configuration mode with STP disabled, which forwards any ingress STP BPDU frames to all ports regardless of any VLAN membership, enter the commands:...
-
Page 484: Spanning-Tree Cisco-Interoperability (Mstp)
PANNING OMMANDS (MSTP) SPANNING TREE CISCO INTEROPERABILITY spanning-tree cisco-interoperability (MSTP) Overview Use this command to enable/disable Cisco-interoperability for MSTP. Use this command for MSTP only. Syntax spanning-tree cisco-interoperability {enable|disable} Parameter Description enable Enable Cisco interoperability for MSTP. disable Disable Cisco interoperability for MSTP. Default If this command is not used, Cisco interoperability is disabled. -
Page 485: Spanning-Tree Edgeport (Rstp And Mstp)
PANNING OMMANDS (RSTP MSTP) SPANNING TREE EDGEPORT spanning-tree edgeport (RSTP and MSTP) Overview Use this command to set a port as an edge-port. Use this command for RSTP or MSTP. This command has the same effect as the spanning-tree portfast (STP) command, but the configuration displays differently in the output of some show commands. -
Page 486: Spanning-Tree Enable
PANNING OMMANDS SPANNING TREE ENABLE spanning-tree enable Overview Use this command in Global Configuration mode to enable the specified spanning tree protocol for all switch ports. Note that this must be the spanning tree protocol that is configured on the device by the spanning-tree mode command. - Page 487 PANNING OMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode, enter the below commands: awplus# configure terminal awplus(config)# no spanning-tree rstp enable Related spanning-tree bpdu Commands spanning-tree mode 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 488: Spanning-Tree Errdisable-Timeout Enable
PANNING OMMANDS SPANNING TREE ERRDISABLE TIMEOUT ENABLE spanning-tree errdisable-timeout enable Overview Use this command to enable the errdisable-timeout facility, which sets a timeout for ports that are disabled due to the BPDU guard feature. Use this command for RSTP or MSTP. Use the no variant of this command to disable the errdisable-timeout facility. -
Page 489: Spanning-Tree Errdisable-Timeout Interval
PANNING OMMANDS SPANNING TREE ERRDISABLE TIMEOUT INTERVAL spanning-tree errdisable-timeout interval Overview Use this command to specify the time interval after which a port is brought back up when it has been disabled by the BPDU guard feature. Use this command for RSTP or MSTP. Syntax spanning-tree errdisable-timeout interval <10-1000000>... -
Page 490: Spanning-Tree Force-Version
PANNING OMMANDS SPANNING TREE FORCE VERSION spanning-tree force-version Overview Use this command in Interface Configuration mode for a switch port interface only to force the protocol version for the switch port. Use this command for RSTP or MSTP only. spanning-tree force-version <version> Syntax no spanning-tree force-version Parameter... -
Page 491: Spanning-Tree Forward-Time
PANNING OMMANDS SPANNING TREE FORWARD TIME spanning-tree forward-time Overview Use this command to set the forward delay value. Use the no variant of this command to reset the forward delay value to the default setting of 15 seconds. The forward delay sets the time (in seconds) to control how fast a port changes its spanning tree state when moving towards the forwarding state. -
Page 492: Spanning-Tree Guard Root
PANNING OMMANDS SPANNING TREE GUARD ROOT spanning-tree guard root Overview Use this command in Interface Configuration mode for a switch port only to enable the Root Guard feature for the switch port. The root guard feature disables reception of superior BPDUs. You can use this command for RSTP, STP or MSTP. Use the no variant of this command to disable the root guard feature for the port. -
Page 493: Spanning-Tree Hello-Time
PANNING OMMANDS SPANNING TREE HELLO TIME spanning-tree hello-time Overview Use this command to set the hello-time. This sets the time in seconds between the transmission of device spanning tree configuration information when the device is the Root Bridge of the spanning tree or is trying to become the Root Bridge. Use this command for RSTP, STP or MSTP. -
Page 494: Spanning-Tree Link-Type
PANNING OMMANDS SPANNING TREE LINK TYPE spanning-tree link-type Overview Use this command in Interface Configuration mode for a switch port interface only to enable or disable point-to-point or shared link types on the switch port. Use this command for RSTP or MSTP only. Use the no variant of this command to return the port to the default link type. -
Page 495: Spanning-Tree Max-Age
PANNING OMMANDS SPANNING TREE MAX spanning-tree max-age Overview Use this command to set the max-age. This sets the maximum age, in seconds, that dynamic spanning tree configuration information is stored in the device before it is discarded. Use this command for RSTP, STP or MSTP. Use the no variant of this command to restore the default of max-age. -
Page 496: Spanning-Tree Max-Hops (Mstp)
PANNING OMMANDS (MSTP) SPANNING TREE MAX HOPS spanning-tree max-hops (MSTP) Overview Use this command to specify the maximum allowed hops for a BPDU in an MST region. This parameter is used by all the instances of the MST region. Use the no variant of this command to restore the default. Use this command for MSTP only. -
Page 497: Spanning-Tree Mode
PANNING OMMANDS SPANNING TREE MODE spanning-tree mode Overview Use this command to change the spanning tree protocol mode on the device. The spanning tree protocol mode on the device can be configured to either STP, RSTP or MSTP. spanning-tree mode {stp|rstp|mstp} Syntax Default The default spanning tree protocol mode on the device is RSTP. -
Page 498: Spanning-Tree Mst Configuration
PANNING OMMANDS SPANNING TREE MST CONFIGURATION spanning-tree mst configuration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning-Tree Protocol. spanning-tree mst configuration Syntax Mode Global Configuration Examples The following example uses this command to enter MST Configuration mode. Note the change in the command prompt. -
Page 499: Spanning-Tree Mst Instance
PANNING OMMANDS SPANNING TREE MST INSTANCE spanning-tree mst instance Overview Use this command to assign a Multiple Spanning Tree instance (MSTI) to a switch port or channel group. Note that ports are automatically configured to send and receive spanning-tree information for the associated MSTI when VLANs are assigned to MSTIs using the instance vlan (MSTP) command. -
Page 500: Spanning-Tree Mst Instance Path-Cost
PANNING OMMANDS SPANNING TREE MST INSTANCE PATH COST spanning-tree mst instance path-cost Overview Use this command to set the cost of a path associated with a switch port, for the specified MSTI. This specifies the switch port’s contribution to the cost of a path to the MSTI regional root via that port. - Page 501 PANNING OMMANDS SPANNING TREE MST INSTANCE PATH COST To return the path cost to its default value on instance 3, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no spanning-tree mst instance 3 path-cost Related instance vlan (MSTP) Commands spanning-tree mst instance spanning-tree mst instance priority...
-
Page 502: Spanning-Tree Mst Instance Priority
PANNING OMMANDS SPANNING TREE MST INSTANCE PRIORITY spanning-tree mst instance priority Overview Use this command in Interface Configuration mode for a switch port interface only to set the port priority for an MST instance (MSTI). Use the no variant of this command to restore the default priority value (128). Syntax spanning-tree mst instance <instance-id>... -
Page 503: Spanning-Tree Mst Instance Restricted-Role
PANNING OMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE spanning-tree mst instance restricted-role Overview Use this command in Interface Configuration mode for a switch port interface only to enable the restricted role for an MSTI (Multiple Spanning Tree Instance) on a switch port. - Page 504 PANNING OMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related instance vlan (MSTP) Commands spanning-tree priority (port priority) spanning-tree mst instance spanning-tree mst instance path-cost spanning-tree mst instance restricted-tcn 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 505: Spanning-Tree Mst Instance Restricted-Tcn
PANNING OMMANDS SPANNING TREE MST INSTANCE RESTRICTED spanning-tree mst instance restricted-tcn Overview Use this command to prevent a switch port from propagating received topology change notifications and topology changes to other switch ports. This is named restricted TCN (Topology Change Notification). A TCN is a simple Bridge Protocol Data Unit (BPDU) that a bridge sends out to its root port to signal a topology change. -
Page 506: Spanning-Tree Path-Cost
PANNING OMMANDS SPANNING TREE PATH COST spanning-tree path-cost Overview Use this command in Interface Configuration mode for a switch port interface only to set the cost of a path for the specified port. This value then combines with others along the path to the root bridge in order to determine the total cost path value from the particular port, to the root bridge. -
Page 507: Spanning-Tree Portfast (Stp)
PANNING OMMANDS (STP) SPANNING TREE PORTFAST spanning-tree portfast (STP) Overview Use this command in Interface Configuration mode for a switch port interface only to set a port as an edge-port. The portfast feature enables a port to rapidly move to the forwarding state, without having first to pass through the intermediate spanning tree states. - Page 508 PANNING OMMANDS (STP) SPANNING TREE PORTFAST awplus# configure terminal Example awplus(config)# interface port1.0.2 awplus(config-if)# spanning-tree portfast Related spanning-tree edgeport (RSTP and MSTP) Commands show spanning-tree spanning-tree portfast bpdu-filter spanning-tree portfast bpdu-guard 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 509: Spanning-Tree Portfast Bpdu-Filter
PANNING OMMANDS SPANNING TREE PORTFAST BPDU FILTER spanning-tree portfast bpdu-filter Overview This command sets the bpdu-filter feature and applies a filter to any BPDUs (Bridge Protocol Data Units) received. Enabling this feature ensures that configured ports will not transmit any BPDUs and will ignore (filter out) any BPDUs received. BPDU Filter is not enabled on a port by default. - Page 510 PANNING OMMANDS SPANNING TREE PORTFAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode, enter the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# spanning-tree portfast bpdu-filter enable Related spanning-tree edgeport (RSTP and MSTP) Commands show spanning-tree spanning-tree portfast (STP) spanning-tree portfast bpdu-guard 613-50137-01 Rev A Command Reference for FS980M Series...
-
Page 511: Spanning-Tree Portfast Bpdu-Guard
PANNING OMMANDS SPANNING TREE PORTFAST BPDU GUARD spanning-tree portfast bpdu-guard Overview This command applies a BPDU (Bridge Protocol Data Unit) guard to the port. A port with the bpdu-guard feature enabled will block all traffic (BPDUs and user data), if it starts receiving BPDUs. - Page 512 PANNING OMMANDS SPANNING TREE PORTFAST BPDU GUARD Use the show spanning-tree command to display the device and port configurations for the BPDU Guard feature. It shows both the administratively configured and currently running values of bpdu-guard. Example To enable STP BPDU guard in Global Configuration mode, enter the below commands: awplus# configure terminal...
-
Page 513: Spanning-Tree Priority (Bridge Priority)
PANNING OMMANDS SPANNING TREE PRIORITY BRIDGE PRIORITY spanning-tree priority (bridge priority) Overview Use this command to set the bridge priority for the device. A lower priority value indicates a greater likelihood of the device becoming the root bridge. Use this command for RSTP, STP or MSTP. When MSTP mode is configured, this will apply to the CIST. -
Page 514: Spanning-Tree Priority (Port Priority)
PANNING OMMANDS SPANNING TREE PRIORITY PORT PRIORITY spanning-tree priority (port priority) Overview Use this command in Interface Configuration mode for a switch port interface only to set the port priority for port. A lower priority value indicates a greater likelihood of the port becoming part of the active topology. -
Page 515: Spanning-Tree Restricted-Role
PANNING OMMANDS SPANNING TREE RESTRICTED ROLE spanning-tree restricted-role Overview Use this command in Interface Configuration mode for a switch port interface only to restrict the port from becoming a root port. Use the no variant of this command to disable the restricted role functionality. Syntax spanning-tree restricted-role no spanning-tree restricted-role... -
Page 516: Spanning-Tree Restricted-Tcn
PANNING OMMANDS SPANNING TREE RESTRICTED spanning-tree restricted-tcn Overview Use this command in Interface Configuration mode for a switch port interface only to prevent TCN (Topology Change Notification) BPDUs (Bridge Protocol Data Units) from being sent on a port. If this command is enabled, after a topology change a bridge is prevented from sending a TCN to its designated bridge. -
Page 517: Spanning-Tree Transmit-Holdcount
PANNING OMMANDS SPANNING TREE TRANSMIT HOLDCOUNT spanning-tree transmit-holdcount Overview Use this command to set the maximum number of BPDU transmissions that are held back. Use the no variant of this command to restore the default transmit hold-count value. Syntax spanning-tree transmit-holdcount no spanning-tree transmit-holdcount Default Transmit hold-count default is 3. -
Page 518: Undebug Mstp
PANNING OMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp (RSTP and STP) command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... - Page 519 Link Aggregation Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure a static channel group (static aggregator) and dynamic channel group (LACP channel group, etherchannel or LACP aggregator). Link aggregation is also sometimes referred to as channeling. : AlliedWare Plus™...
- Page 520 GGREGATION OMMANDS • “show etherchannel” on page 532 • “show etherchannel detail” on page 533 • “show etherchannel summary” on page 534 • “show lacp sys-id” on page 535 • “show lacp-counter” on page 536 • “show port etherchannel” on page 537 •...
-
Page 521: Channel-Group
GGREGATION OMMANDS CHANNEL GROUP channel-group Overview Use this command to either create a new dynamic channel group while at the same time adding a port to it, or to add a port to an existing dynamic channel group. Note that you must also set the LACP mode to be either active or passive. You can create up to 32 dynamic (LACP) channel groups (and up to 96 static channel groups). - Page 522 GGREGATION OMMANDS CHANNEL GROUP For more information about LACP, see the Link Aggregation Feature Overview and Configuration Guide which is available on our website at alliedtelesis.com. Examples To add device port1.0.6 to a newly created LACP channel group 2 use the commands below: awplus# configure terminal...
-
Page 523: Clear Lacp Counters
GGREGATION OMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators (channel groups) or a given LACP aggregator. clear lacp [<1-32>] counters Syntax Parameter Description <1-32> Channel-group number. Mode Privileged Exec awplus# clear lacp 2 counters Example... -
Page 524: Debug Lacp
GGREGATION OMMANDS DEBUG LACP debug lacp Overview Use this command to enable all LACP troubleshooting functions. Use the no variant of this command to disable this function. Syntax debug lacp {all|cli|event|ha|packet|sync|timer[detail]} no debug lacp {all|cli|event|ha|packet|sync|timer[detail]} Parameter Description Turn on all debugging for LACP. Specifies debugging for CLI messages. -
Page 525: Lacp Global-Passive-Mode Enable
GGREGATION OMMANDS LACP GLOBAL PASSIVE MODE ENABLE lacp global-passive-mode enable Overview Use this command to enable LACP channel-groups to dynamically self-configure when they are connected to another device that has LACP channel-groups configured with Active Mode. lacp global-passive-mode enable Syntax no lacp global-passive-mode enable Default Enabled... -
Page 526: Lacp Port-Priority
GGREGATION OMMANDS LACP PORT PRIORITY lacp port-priority Overview Use this command to set the priority of a device port. Ports are selected for aggregation based on their priority, with the higher priority (numerically lower) ports selected first. Use the no variant of this command to reset the priority of port to the default. Syntax lacp port-priority <1-65535>... -
Page 527: Lacp System-Priority
GGREGATION OMMANDS LACP SYSTEM PRIORITY lacp system-priority Overview Use this command to set the system priority of a local system. This is used in determining the system responsible for resolving conflicts in the choice of aggregation groups. Use the no variant of this command to reset the system priority of the local system to the default. -
Page 528: Lacp Timeout
GGREGATION OMMANDS LACP TIMEOUT lacp timeout Overview Use this command to set the short or long timeout on a port. Ports will time out of the aggregation if three consecutive updates are lost. lacp timeout {short|long} Syntax Parameter Description timeout Number of seconds before invalidating a received LACP data unit (DU). - Page 529 GGREGATION OMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1.0.2. awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# lacp timeout short 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 530: Show Debugging Lacp
GGREGATION OMMANDS SHOW DEBUGGING LACP show debugging lacp Overview Use this command to display the LACP debugging option set. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show debugging lacp Mode User Exec and Privileged Exec... -
Page 531: Show Diagnostic Channel-Group
GGREGATION OMMANDS SHOW DIAGNOSTIC CHANNEL GROUP show diagnostic channel-group Overview This command displays dynamic and static channel group interface status information. The output of this command is useful for Allied Telesis authorized service personnel for diagnostic purposes. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 532: Show Etherchannel
GGREGATION OMMANDS SHOW ETHERCHANNEL show etherchannel Overview Use this command to display information about a LACP channel specified by the channel group number. The command output also shows the thrash limiting status. If thrash limiting is detected and the action parameter of the thrash-limiting command is set to vlan-disable, the output will also show the VLANs on which thrashing is detected. -
Page 533: Show Etherchannel Detail
GGREGATION OMMANDS SHOW ETHERCHANNEL DETAIL show etherchannel detail Overview Use this command to display detailed information about all LACP channels. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide, which is available on our website at alliedtelesis.com. -
Page 534: Show Etherchannel Summary
GGREGATION OMMANDS SHOW ETHERCHANNEL SUMMARY show etherchannel summary Overview Use this command to display a summary of all LACP channels. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide, which is available on our website at alliedtelesis.com. -
Page 535: Show Lacp Sys-Id
GGREGATION OMMANDS SHOW LACP SYS show lacp sys-id Overview Use this command to display the LACP system ID and priority. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide, which is available on our website at alliedtelesis.com. -
Page 536: Show Lacp-Counter
GGREGATION OMMANDS SHOW LACP COUNTER show lacp-counter Overview Use this command to display the packet traffic on all ports of all present LACP aggregators, or a given LACP aggregator. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 537: Show Port Etherchannel
GGREGATION OMMANDS SHOW PORT ETHERCHANNEL show port etherchannel Overview Use this command to show LACP details of the device port specified. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide, which is available on our website at alliedtelesis.com. -
Page 538: Show Static-Channel-Group
GGREGATION OMMANDS SHOW STATIC CHANNEL GROUP show static-channel-group Overview Use this command to display all configured static channel groups and their corresponding member ports. Note that a static channel group is the same as a static aggregator. The command output also shows the thrash limiting status. If thrash limiting is detected and the action parameter of the thrash-limiting command is set to... -
Page 539: Static-Channel-Group
GGREGATION OMMANDS STATIC CHANNEL GROUP static-channel-group Overview Use this command to create a static channel group, or add a member port to an existing static channel group. Static channel groups are also known as static aggregators. You can create up to 96 static channel groups (and up to 32 dynamic channel groups). - Page 540 GGREGATION OMMANDS STATIC CHANNEL GROUP To reference static channel group 2 as an interface, use the commands: awplus# configure terminal awplus(config)# interface sa2 awplus(config-if)# To make it possible to use QoS Storm Protection on static channel group 2 on port1.0.6, with an ACL named “test-acl”, use the commands: awplus# configure terminal awplus(config)#...
-
Page 541: Undebug Lacp
GGREGATION OMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no debug lacp command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 542: Chapter 16: Power Over Ethernet Commands
Power over Ethernet Commands Introduction Overview This chapter contains an alphabetical list of commands used to configure Power over Ethernet (PoE). Each command contains a functional description and shows examples of configuration and output screens for show commands. These commands are only supported on PoE capable ports. An error message will display on the console if you enter a PoE command on a port that does not support PoE. - Page 543 OWER OVER THERNET OMMANDS • “show debugging power-inline” on page 556 • “show power-inline” on page 557 • “show power-inline counters” on page 560 • “show power-inline interface” on page 562 • “show power-inline interface detail” on page 564 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 544: Clear Power-Inline Counters Interface
OWER OVER THERNET OMMANDS CLEAR POWER INLINE COUNTERS INTERFACE clear power-inline counters interface Overview This command will clear the counters from a specified port, a range of ports, or all ports on the switch. If no ports are entered then PoE counters for all ports are cleared. -
Page 545: Debug Power-Inline
OWER OVER THERNET OMMANDS DEBUG POWER INLINE debug power-inline Overview This command enables debugging display for messages that are specific to Power over Ethernet (PoE). Use the no variant of this command to disable the specified PoE debugging messages. Syntax debug power-inline [all|event|info|power] no debug power-inline [all|event|info|power] Parameter... - Page 546 OWER OVER THERNET OMMANDS DEBUG POWER INLINE Related show debugging power-inline Commands terminal monitor 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 547: Power-Inline Allow-Legacy
OWER OVER THERNET OMMANDS POWER INLINE ALLOW LEGACY power-inline allow-legacy Overview This command enables detection of pre-IEEE 802.3af Power Ethernet standard legacy Powered Devices (PDs). The no variant of this command disables detection of pre-IEEE 802.3af Power Ethernet standard legacy Powered Devices (PDs). Syntax power-inline allow-legacy no power-inline allow-legacy... -
Page 548: Power-Inline Description
OWER OVER THERNET OMMANDS POWER INLINE DESCRIPTION power-inline description Overview This command adds a description for a Powered Device (PD) connected to a PoE port. The no variant of this command clears a previously entered description for a connected PD, resetting the PD description to the default (null). Syntax power-inline description <pd-description>... -
Page 549: Power-Inline Enable
OWER OVER THERNET OMMANDS POWER INLINE ENABLE power-inline enable Overview This command enables Power over Ethernet (PoE) to detect a connected Powered Device (PD) and supply power. The no variant of this command disables PoE functionality on the selected PoE port(s). -
Page 550: Power-Inline Max
OWER OVER THERNET OMMANDS POWER INLINE MAX power-inline max Overview This command sets the maximum power allocated to a Power over an Ethernet (PoE and PoE+) port. The amount of power actually supplied to the port depends on the power requirements of the connected PD. It is also a function of the total PoE power loading on the switch and the PoE priority set for the port by the power-inline priority command. - Page 551 OWER OVER THERNET OMMANDS POWER INLINE MAX awplus#configure terminal awplus(config)#interface port1.0.1 awplus(config-if)#power-line max 5300 % The maximum power has been rounded to 5450mW in hardware. See the LLDP Feature Overview and Configuration Guide for information about power monitoring at the PD.
-
Page 552: Power-Inline Priority
OWER OVER THERNET OMMANDS POWER INLINE PRIORITY power-inline priority Overview This command sets the Power over Ethernet (PoE) priority level of a PoE port to one of three available priority levels: • • high • critical The IE200-6 Series switches are able to supply 802.3at (PoE+) power levels to all their PoE-capable ports. - Page 553 OWER OVER THERNET OMMANDS POWER INLINE PRIORITY Examples To set the priority level to high on port1.0.1 to port1.0.4, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.1-port1.0.4 awplus(config-if)# power-inline priority high To reset the priority level to the default of low on port1.0.1 to port1.0.4, use the following commands: awplus# configure terminal...
-
Page 554: Power-Inline Usage-Threshold
OWER OVER THERNET OMMANDS POWER INLINE USAGE THRESHOLD power-inline usage-threshold Overview This command sets the level at which the switch will issue a message that the power supplied to all Powered Devices (PDs) has reached a critical level of the nominal power rating for the switch. -
Page 555: Service Power-Inline
OWER OVER THERNET OMMANDS SERVICE POWER INLINE service power-inline Overview This command enables Power over Ethernet (PoE) globally on the switch, for all PoE ports. service power-inline Syntax no service power-inline Default PoE functionality is enabled by default Mode Global Configuration Examples To disable PoE, use the following commands: awplus#... -
Page 556: Show Debugging Power-Inline
OWER OVER THERNET OMMANDS SHOW DEBUGGING POWER INLINE show debugging power-inline Overview This command displays Power over Ethernet (PoE) debug settings. show debugging power-inline Syntax Mode User Exec and Privileged Exec Example To display PoE debug settings, use the following command: awplus# show debugging power-inline Output... -
Page 557: Show Power-Inline
OWER OVER THERNET OMMANDS SHOW POWER INLINE show power-inline Overview This command displays the Power over Ethernet (PoE) status for all ports. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 558 OWER OVER THERNET OMMANDS SHOW POWER INLINE Table 1: Parameters in the show power-inline command output (cont.) Parameter Description Operational Status The operational status of the PSU hardware when this command was issued: • On if the PSU is installed and switched on. •...
- Page 559 OWER OVER THERNET OMMANDS SHOW POWER INLINE Table 1: Parameters in the show power-inline command output (cont.) Parameter Description Device The description of the connected PD device if a description has been added with the power-inline description command. No description is shown for PDs not configured with the power-inline description command.
-
Page 560: Show Power-Inline Counters
OWER OVER THERNET OMMANDS SHOW POWER INLINE COUNTERS show power-inline counters Overview This command displays Power over Ethernet (PoE) event counters for ports on the Power Sourcing Equipment (PSE). The PoE event counters displayed can also be accessed by objects in the PoE MIB (RFC 3621). See the MIB Objects Feature Overview and Configuration Guide for information about which PoE MIB objects... - Page 561 OWER OVER THERNET OMMANDS SHOW POWER INLINE COUNTERS Table 2: Parameters in the show power-inline counters command output Parameter Description Overload The number of instances when a PD exceeds its configured power limit (as configured by the power-inline max command). Also increments pethPsePortOverLoadCounter in the PoE MIB.
-
Page 562: Show Power-Inline Interface
OWER OVER THERNET OMMANDS SHOW POWER INLINE INTERFACE show power-inline interface Overview This command displays a summary of Power over Ethernet (PoE) information for specified ports. If no ports are specified then PoE information is displayed for all ports. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 563 OWER OVER THERNET OMMANDS SHOW POWER INLINE INTERFACE Table 3: Parameters in the show power-inline interface command output Parameter Description The current PoE priorities for PoE ports on the PSE, as configured from a power-inline priority command: • Low displays when the low parameter is issued. The lowest priority for a PoE enabled port (default).
-
Page 564: Show Power-Inline Interface Detail
OWER OVER THERNET OMMANDS SHOW POWER INLINE INTERFACE DETAIL show power-inline interface detail Overview This command displays detailed information for one or more Power over Ethernet (PoE) ports. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 565 OWER OVER THERNET OMMANDS SHOW POWER INLINE INTERFACE DETAIL Table 4: Parameters in show power-inline interface detail command output Parameter Description Interface The PoE port(s) in the format portx.y.z, where x is the device number, y is the module number within the device, and z is the PoE port number within the module.
- Page 566 OWER OVER THERNET OMMANDS SHOW POWER INLINE INTERFACE DETAIL Related show power-inline Commands show power-inline interface 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 567: Part 3: Layer Three, Switching And Routing
Part 3: Layer Three, Switching and Routing 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 568: Protocol Commands
IP Addressing and Protocol Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure various IP features, including the following protocols: • Address Resolution Protocol (ARP) For more information, see the IP Feature Overview and Configuration Guide. - Page 569 IP A DDRESSING AND ROTOCOL OMMANDS • “show ip traffic” on page 598 • “tcpdump” on page 604 • “traceroute” on page 605 • “undebug ip packet interface” on page 606 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 570: Arp-Aging-Timeout
IP A DDRESSING AND ROTOCOL OMMANDS AGING TIMEOUT arp-aging-timeout Overview This command sets a timeout period on dynamic ARP entries associated with a specific interface. If your device stops receiving traffic for the host specified in a dynamic ARP entry, it deletes the ARP entry from the ARP cache after this timeout is reached. -
Page 571: Arp (Ip Address Mac)
IP A DDRESSING AND ROTOCOL OMMANDS MAC) ADDRESS arp (IP address MAC) Overview This command adds a static ARP entry to the ARP cache. This is typically used to add entries for hosts that do not support ARP or to speed up the address resolution function for a host. -
Page 572: Arp Log
IP A DDRESSING AND ROTOCOL OMMANDS ARP LOG arp log Overview This command enables the logging of dynamic and static ARP entries in the ARP cache. The ARP cache contains mappings of device ports, VLAN IDs, and IP addresses to physical MAC addresses for hosts. This command can display the MAC addresses in the ARP log either using the notation HHHH.HHHH.HHHH, or using the IEEE standard hexadecimal notation (HH-HH-HH-HH-HH-HH). - Page 573 IP A DDRESSING AND ROTOCOL OMMANDS ARP LOG To enable ARP logging and specify that the MAC address in the log message is displayed in the standard IEEE format hexadecimal notation (HH-HH-HH-HH-HH-HH), use the following commands: awplus# configure terminal awplus(config)# arp log mac-address-format ieee To leave ARP logging enabled, but stop using HH-HH-HH-HH-HH-HH format and use HHHH.HHHH.HHHH format instead, use the following commands:...
- Page 574 IP A DDRESSING AND ROTOCOL OMMANDS ARP LOG The following table lists the parameters in output of the show log | include ARP_LOG command. The ARP log message format is: <date> <time> <severity> <hostname> <program-name> ARP_LOG <port-number> <vid> <operation> <MAC> <IP> Table 1: Parameters in output of the show log | include ARP_LOG command Parameter Description...
-
Page 575: Arp-Reply-Bc-Dmac
IP A DDRESSING AND ROTOCOL OMMANDS REPLY DMAC arp-reply-bc-dmac Overview Use this command to allow processing of ARP replies that arrive with a broadcast destination MAC (ffff.ffff.ffff). This makes neighbors reachable if they send ARP responses that contain a broadcast destination MAC. Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC. -
Page 576: Clear Arp-Cache
IP A DDRESSING AND ROTOCOL OMMANDS CLEAR ARP CACHE clear arp-cache Overview This command deletes dynamic ARP entries from the ARP cache. You can optionally specify the IPv4 address of an ARP entry to be cleared from the ARP cache. clear arp-cache [<ip-address>] Syntax Parameter... -
Page 577: Debug Ip Packet Interface
IP A DDRESSING AND ROTOCOL OMMANDS DEBUG IP PACKET INTERFACE debug ip packet interface Overview The debug ip packet interface command enables IP packet debug and is controlled by the terminal monitor command. If the optional icmp keyword is specified then ICMP packets are shown in the output. - Page 578 IP A DDRESSING AND ROTOCOL OMMANDS DEBUG IP PACKET INTERFACE To turn on ARP packet debugging on vlan1, use the command: Examples awplus# debug ip packet interface vlan1 arp To turn on all packet debugging on all interfaces on the device, use the command: awplus# debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192.168.2.4, use...
-
Page 579: Ip Address (Ip Addressing And Protocol)
IP A DDRESSING AND ROTOCOL OMMANDS (IP A IP ADDRESS DDRESSING AND ROTOCOL ip address (IP Addressing and Protocol) Overview This command sets a static IP address on an interface. The no variant of this command removes the IP address from the interface. You cannot remove the primary address when a secondary address is present. - Page 580 IP A DDRESSING AND ROTOCOL OMMANDS (IP A IP ADDRESS DDRESSING AND ROTOCOL To add the IP address 10.10.11.50/24 to the local loopback interface lo, use the following commands: awplus# configure terminal awplus(config)# interface lo awplus(config-if)# ip address 10.10.11.50/24 Related interface (to configure) Commands show ip interface...
-
Page 581: Ip Gratuitous-Arp-Link
IP A DDRESSING AND ROTOCOL OMMANDS IP GRATUITOUS LINK ip gratuitous-arp-link Overview This command sets the Gratuitous ARP time limit for all switchports. The time limit restricts the sending of Gratuitous ARP packets to one Gratuitous ARP packet within the time in seconds. : This command specifies time between sequences of Gratuitous ARP packets, NOTE and time between individual Gratuitous ARP packets occurring in a sequence, to allow... - Page 582 IP A DDRESSING AND ROTOCOL OMMANDS IP GRATUITOUS LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds, use the commands: awplus# configure terminal awplus(config)# ip gratuitous-arp-link 20 Validation show running-config Commands 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 583: Ip Limited-Local-Proxy-Arp
IP A DDRESSING AND ROTOCOL OMMANDS IP LIMITED LOCAL PROXY ip limited-local-proxy-arp Overview Use this command to enable local proxy ARP, but only for a specified set of IP addresses. This makes the device respond to ARP requests for those IP addresses when the addresses are reachable via the interface you are configuring. -
Page 584: Ip Local-Proxy-Arp
IP A DDRESSING AND ROTOCOL OMMANDS IP LOCAL PROXY ip local-proxy-arp Overview This command allows you to stop MAC address resolution between hosts within a private VLAN edge interface. Local Proxy ARP works by intercepting ARP requests between hosts within a subnet and responding with your device’s own MAC address details instead of the destination host’s details. -
Page 585: Ip Proxy-Arp
IP A DDRESSING AND ROTOCOL OMMANDS IP PROXY ip proxy-arp Overview This command enables Proxy ARP responses to ARP requests on an interface. When enabled, your device intercepts ARP broadcast packets and substitutes its own physical address for that of the remote host. By responding to the ARP request, your device ensures that subsequent packets from the local host are directed to its physical address, and it can then forward these to the remote host. -
Page 586: Local-Proxy-Arp
IP A DDRESSING AND ROTOCOL OMMANDS LOCAL PROXY local-proxy-arp Overview Use this command to specify an IP subnet for use with limited local proxy ARP. When limited local proxy ARP is enabled with the command limited-local-proxy-arp, the device will respond to ARP requests for addresses in that subnet. -
Page 587: Ip Unreachables
IP A DDRESSING AND ROTOCOL OMMANDS IP UNREACHABLES ip unreachables Overview Use this command to enable ICMP (Internet Control Message Protocol) type 3, destination unreachable, messages. Use the no variant of this command to disable destination unreachable messages. This prevents an attacker from using these messages to discover the topology of a network. - Page 588 IP A DDRESSING AND ROTOCOL OMMANDS IP UNREACHABLES Table 17-1: ICMP type 3 reason codes and description (cont.) Code Description [RFC] Host Precedence Violation [RFC1812] Precedence cutoff in effect [RFC1812] Example To disable destination unreachable messages, use the commands awplus# configure terminal awplus(config)# no ip unreachables...
-
Page 589: Ping
IP A DDRESSING AND ROTOCOL OMMANDS PING ping Overview This command sends a query to another IPv4 host (send Echo Request messages). ping [ip] <host> [broadcast] [df-bit {yes|no}] [interval Syntax <0-128>] [pattern <hex-data-pattern>] [repeat {<1-2147483647>|continuous}] [size <36-18024>] [source <ip-addr>] [timeout <1-65535>] [tos <0-255>] Parameter Description <host>... -
Page 590: Show Arp
IP A DDRESSING AND ROTOCOL OMMANDS SHOW ARP show arp Overview Use this command to display entries in the ARP routing and forwarding table—the ARP cache contains mappings of IP addresses to physical addresses for hosts. To have a dynamic entry in the ARP cache, a host must have used the ARP protocol to access another host. -
Page 591: Mac Address
IP A DDRESSING AND ROTOCOL OMMANDS SHOW ARP Table 18: Parameters in the output of the show arp command Parameter Meaning IP Address IP address of the network device this entry maps to. MAC Address Hardware address of the network device. Interface Interface over which the network device is accessed. -
Page 592: Show Debugging Ip Packet
IP A DDRESSING AND ROTOCOL OMMANDS SHOW DEBUGGING IP PACKET show debugging ip packet Overview Use this command to show the IP interface debugging status. IP interface debugging is set using the debug ip packet interface command. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 593 IP A DDRESSING AND ROTOCOL OMMANDS SHOW DEBUGGING IP PACKET Related debug ip packet interface Commands terminal monitor 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 594: Show Ip Interface
IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP INTERFACE show ip interface Overview Use this command to display information about interfaces and the IP addresses assigned to them. To display information about a specific interface, specify the interface name with the command. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 595: Show Ip Sockets
IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP SOCKETS show ip sockets Overview Use this command to display information about the IP or TCP sockets that are present on the device. It includes TCP, UDP listen sockets, displaying associated IP address and port. - Page 596 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP SOCKETS tcp :::23 :::* LISTEN udp 0.0.0.0:111 0.0.0.0:* udp 226.94.1.1:5405 0.0.0.0:* udp 0.0.0.0:161 0.0.0.0:* udp :::161 :::* raw 0.0.0.0:112 0.0.0.0:* 112 raw :::58 :::* 58 raw :::112 :::* 112 Table 19: Parameters in the output of the show ip sockets command Parameter Description Not showing...
- Page 597 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP SOCKETS Table 19: Parameters in the output of the show ip sockets command (cont.) Parameter Description Remote For TCP and UDP listening sockets this shows the source IP address Address (either IPv4 or IPv6) and source TCP or UDP port number for which the socket will accept packets.
-
Page 598: Show Ip Traffic
IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP TRAFFIC show ip traffic Overview Use this command to display statistics regarding IP traffic sent and received by all interfaces on the device, showing totals for IP and IPv6 and then broken down into sub-categories such as TCP, UDP, ICMP and their IPv6 equivalents when appropriate. - Page 599 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP TRAFFIC 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP: 139468 datagrams received 139468 datagrams sent UDPLite: Table 20: Parameters in the output of the show ip traffic command Parameter Description IPv4...
- Page 600 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP TRAFFIC Table 20: Parameters in the output of the show ip traffic command (cont.) Parameter Description packets transmitted Packets transmitted packets discarded on transmit Packets discarded on transmit packets discarded on transmit Packets discarded on transmit due to no due to no route route...
- Page 601 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP TRAFFIC Table 20: Parameters in the output of the show ip traffic command (cont.) Parameter Description syncookies received Syncookies received syncookies failed Syncookies failed embryonic resets Embryonic resets sockets pruned Sockets pruned ICMPs out of window ICMPs out of window ICMPs dropped due to lock...
- Page 602 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP TRAFFIC Table 20: Parameters in the output of the show ip traffic command (cont.) Parameter Description TCP Reno failures TCP Reno failures SACK failures SACK failures loss failures Loss failures fast retransmits Fast retransmits forward retransmits Forward retransmits...
- Page 603 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP TRAFFIC Table 20: Parameters in the output of the show ip traffic command (cont.) Parameter Description TCP MD5 Unexpected TCP MD5 Unexpected TCP SACKs shifted TCP SACKs shifted TCP SACKs merged TCP SACKs merged TCP SACK shift fallback TCP SACK shift fallback UDP Counters...
-
Page 604: Tcpdump
IP A DDRESSING AND ROTOCOL OMMANDS TCPDUMP tcpdump Overview Use this command to start a tcpdump, which gives the same output as the Unix-like tcpdump command to display TCP/IP traffic. Press <ctrl> + c to stop a running tcpdump. tcpdump <line> Syntax Parameter Description... -
Page 605: Traceroute
IP A DDRESSING AND ROTOCOL OMMANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host. traceroute {<ip-addr>|<hostname>} Syntax Parameter Description <ip-addr> The destination IPv4 address. The IPv4 address uses the format A.B.C.D. <hostname> The destination hostname. Mode User Exec and Privileged Exec awplus#... -
Page 606: Undebug Ip Packet Interface
IP A DDRESSING AND ROTOCOL OMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality of the no debug ip packet interface command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 607: Domain Name
Domain Name Service (DNS) Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure the Domain Name Service (DNS) client. For more information, see the IP Feature Overview and Configuration Guide. Command List • “ip domain-list” on page 608 •... -
Page 608: Ip Domain-List
(DNS) C OMAIN ERVICE OMMANDS IP DOMAIN LIST ip domain-list Overview This command adds a domain to the DNS list. Domains are appended to incomplete host names in DNS requests. Each domain in this list is tried in turn in DNS lookups. -
Page 609: Ip Domain-Lookup
(DNS) C OMAIN ERVICE OMMANDS IP DOMAIN LOOKUP ip domain-lookup Overview This command enables the DNS client on your device. This allows you to use domain names instead of IP addresses in commands. The DNS client resolves the domain name into an IP address by sending a DNS inquiry to a DNS server, specified with the ip name-server command. -
Page 610: Ip Domain-Name
(DNS) C OMAIN ERVICE OMMANDS IP DOMAIN NAME ip domain-name Overview This command sets a default domain for the DNS. The DNS client appends this domain to incomplete host-names in DNS requests. The no variant of this command removes the domain-name previously set by this command. -
Page 611: Ip Name-Server
(DNS) C OMAIN ERVICE OMMANDS IP NAME SERVER ip name-server Overview This command adds IPv4 or IPv6 DNS server addresses. The DNS client on your device sends DNS queries to IP addresses in this list when trying to resolve a host name. - Page 612 (DNS) C OMAIN ERVICE OMMANDS IP NAME SERVER Related ip domain-list Commands ip domain-lookup ip domain-name show ip name-server 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 613: Show Hosts
(DNS) C OMAIN ERVICE OMMANDS SHOW HOSTS show hosts Overview This command shows the default domain, domain list, and name servers configured on your device. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 614: Show Ip Domain-List
(DNS) C OMAIN ERVICE OMMANDS SHOW IP DOMAIN LIST show ip domain-list Overview This command shows the domains configured in the domain list. The DNS client uses the domains in this list to append incomplete hostnames when sending a DNS inquiry to a DNS server. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 615: Show Ip Domain-Name
(DNS) C OMAIN ERVICE OMMANDS SHOW IP DOMAIN NAME show ip domain-name Overview This command shows the default domain configured on your device. When there are no entries in the DNS list, the DNS client appends this domain to incomplete hostnames when sending a DNS inquiry to a DNS server. -
Page 616: Show Ip Name-Server
(DNS) C OMAIN ERVICE OMMANDS SHOW IP NAME SERVER show ip name-server Overview This command displays a list of IPv4 and IPv6 DNS server addresses that your device will send DNS requests to. This is a static list configured using the name-server command. -
Page 617: Ipv6 Commands
IPv6 Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure IPv6. For more information, see the IPv6 Feature Overview and Configuration Guide. Command List • “clear ipv6 neighbors” on page 618 • “ipv6 address” on page 619 •... -
Page 618: Clear Ipv6 Neighbors
OMMANDS CLEAR IPV NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries. clear ipv6 neighbors Syntax Mode Privileged Exec awplus# clear ipv6 neighbors Example 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 619: Ipv6 Address
OMMANDS ADDRESS ipv6 address Overview Use this command to set the IPv6 address of a VLAN interface and enable IPv6. Use the no variant of this command to remove the IPv6 address assigned and disable IPv6. Note that if no global addresses are left after removing the IPv6 address then IPv6 is disabled. -
Page 620: Ipv6 Enable
OMMANDS ENABLE ipv6 enable Overview Use this command to enable IPv6 on an interface without an IPv6 global address for the interface. This enables IPv6 with a IPv6 link-local address, not an IPv6 global address. Use the no variant of this command to disable IPv6 on an interface without a global address. -
Page 621: Ipv6 Nd Raguard
OMMANDS ND RAGUARD ipv6 nd raguard Overview Use this command to apply the Router Advertisements (RA) Guard feature from the Interface Configuration mode for a device port. This blocks all RA messages received on a device port. For more information about RA Guard, see the IPv6 Feature Overview and Configuration Guide. - Page 622 OMMANDS ND RAGUARD Output Example output from using show running-config interface port1.0.2 to verify RA Guard: ! interface port1.0.2 switchport mode access ipv6 nd raguard ! Related show running-config interface Commands 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 623: Ipv6 Neighbor
OMMANDS NEIGHBOR ipv6 neighbor Overview Use this command to add a static IPv6 neighbor entry. Use the no variant of this command to remove a specific IPv6 neighbor entry. Syntax ipv6 neighbor <ipv6-address> <vlan-name> <mac-address> <port-list> no ipv6 neighbor <ipv6-address> <vlan-name> <port-list> Parameter Description <ipv6-address>... -
Page 624: Ipv6 Route
OMMANDS ROUTE ipv6 route Overview This command adds a static IPv6 route to the Routing Information Base (RIB). If this route is the best route for the destination, then your device adds it to the Forwarding Information Base (FIB). Your device uses the FIB to advertise routes to neighbors and forward packets. -
Page 625: Ipv6 Unreachables
OMMANDS UNREACHABLES ipv6 unreachables Overview Use this command to enable ICMPv6 (Internet Control Message Protocol version 6) type 1, destination unreachable, messages. Use the no variant of this command to disable destination unreachable messages. This prevents an attacker from using these messages to discover the topology of a network. -
Page 626: Ping Ipv6
OMMANDS PING IPV ping ipv6 Overview This command sends a query to another IPv6 host (send Echo Request messages). : Use of the interface parameter keyword, plus an interface or an interface range, NOTE with this command is only valid when pinging an IPv6 link local address. Syntax ping ipv6 {<host>|<ipv6-address>} [repeat {<1-2147483647>|continuous}] [size <10-1452>] [interface... -
Page 627: Show Ipv6 Interface Brief
OMMANDS SHOW IPV INTERFACE BRIEF show ipv6 interface brief Overview Use this command to display brief information about interfaces and the IPv6 address assigned to them. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 628: Show Ipv6 Neighbors
OMMANDS SHOW IPV NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show ipv6 neighbors Mode User Exec and Privileged Exec 613-50137-01 Rev A... -
Page 629: Show Ipv6 Route
OMMANDS SHOW IPV ROUTE show ipv6 route Overview Use this command to display the IPv6 routing table for a protocol or from a particular table. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 630 OMMANDS SHOW IPV ROUTE Example 2 To display all database entries for an IP route, use the following command: awplus# show ipv6 route database Output Figure 19-3: Example output of the show ipv6 route database command IPv6 Routing Table Codes: C - connected>...
-
Page 631: Show Ipv6 Route Summary
OMMANDS SHOW IPV ROUTE SUMMARY show ipv6 route summary Overview Use this command to display the summary of the current NSM RIB entries. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 632: Traceroute Ipv6
OMMANDS TRACEROUTE IPV traceroute ipv6 Overview Use this command to trace the route to the specified IPv6 host. traceroute ipv6 {<ipv6-addr>|<hostname>} Syntax Parameter Description <ipv6-addr> The destination IPv6 address. The IPv6 address uses the format X:X::X:X. <hostname> The destination hostname. Mode User Exec and Privileged Exec Example... -
Page 633: Routing Commands
Routing Commands Introduction Overview This chapter provides an alphabetical reference of routing commands that are common across the routing IP protocols. For more information, see the Route Selection Feature Overview and Configuration Guide. Command List • “ip route” on page 634 •... -
Page 634: Ip Route
OUTING OMMANDS IP ROUTE ip route Overview This command adds a static route to the Routing Information Base (RIB). If this route is the best route for the destination, then your device adds it to the Forwarding Information Base (FIB). Your device uses the FIB to advertise routes to neighbors and forward packets. - Page 635 OUTING OMMANDS IP ROUTE Examples To add the destination 192.168.3.0 with the mask 255.255.255.0 as a static route available through the device at “10.10.0.2” with the default administrative distance, use the commands: awplus# configure terminal awplus(config)# ip route 192.168.3.0 255.255.255.0 10.10.0.2 To remove the destination 192.168.3.0 with the mask 255.255.255.0 as a static route available through the device at “10.10.0.2”...
- Page 636 OUTING OMMANDS ROUTE ipv6 route Overview This command adds a static IPv6 route to the Routing Information Base (RIB). If this route is the best route for the destination, then your device adds it to the Forwarding Information Base (FIB). Your device uses the FIB to advertise routes to neighbors and forward packets.
-
Page 637: Maximum-Paths
OUTING OMMANDS MAXIMUM PATHS maximum-paths Overview This command enables ECMP on your device, and sets the maximum number of paths that each route has in the Forwarding Information Base (FIB). ECMP is enabled by default. The no variant of this command sets the maximum paths to the default of 4. Syntax maximum-paths <1-8>... -
Page 638: Show Ip Route
OUTING OMMANDS SHOW IP ROUTE show ip route Overview Use this command to display routing entries in the FIB (Forwarding Information Base). The FIB contains the best routes to a destination, and your device uses these routes when forwarding traffic. You can display a subset of the entries in the FIB based on protocol. - Page 639 OUTING OMMANDS SHOW IP ROUTE Figure 20-1: Example output from the show ip route command Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2...
-
Page 640: Show Ip Route Database
OUTING OMMANDS SHOW IP ROUTE DATABASE show ip route database Overview This command displays the routing entries in the RIB (Routing Information Base). When multiple entries are available for the same prefix, RIB uses the routes’ administrative distances to choose the best route. All best routes are entered into the FIB (Forwarding Information Base). -
Page 641: Show Ip Route Summary
OUTING OMMANDS SHOW IP ROUTE SUMMARY show ip route summary Overview This command displays a summary of the current RIB (Routing Information Base) entries. To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. Syntax show ip route summary Mode... - Page 642 OUTING OMMANDS SHOW IPV ROUTE show ipv6 route Overview Use this command to display the IPv6 routing table for a protocol or from a particular table. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
- Page 643 OUTING OMMANDS SHOW IPV ROUTE Example 2 To display all database entries for an IP route, use the following command: awplus# show ipv6 route database Output Figure 20-5: Example output of the show ipv6 route database command IPv6 Routing Table Codes: C - connected>...
- Page 644 OUTING OMMANDS SHOW IPV ROUTE SUMMARY show ipv6 route summary Overview Use this command to display the summary of the current NSM RIB entries. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
-
Page 645: Rip Commands
RIP Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure RIP. For information about configuring RIP, see the RIP Feature Overview and Configuration Guide. Command List • “accept-lifetime” on page 647 • “alliedware-behavior” on page 649 •... - Page 646 RIP C OMMANDS • “ip rip split-horizon” on page 673 • “key” on page 674 • “key chain” on page 675 • “key-string” on page 676 • “maximum-prefix” on page 677 • “neighbor (RIP)” on page 678 • “network (RIP)” on page 679 •...
-
Page 647: Accept-Lifetime
RIP C OMMANDS ACCEPT LIFETIME accept-lifetime Overview Use this command to specify the time period during which the authentication key on a key chain is received as valid. Use the no variant of this command to remove a specified time period for an authentication key on a key chain as set previously with the accept-lifetime command. - Page 648 RIP C OMMANDS ACCEPT LIFETIME awplus# configure terminal awplus(config)# key chain mychain awplus(config-keychain)# key 1 awplus(config-keychain-key)# accept-lifetime 03:03:01 3 Sep 2016 04:04:02 6 Oct 2016 Related Commands key-string key chain send-lifetime 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 649: Alliedware-Behavior
RIP C OMMANDS ALLIEDWARE BEHAVIOR alliedware-behavior Overview This command configures your device to exhibit AlliedWare behavior when sending RIPv1 response/update messages. Configuring for this behavior may be necessary if you are replacing an AlliedWare device with an AlliedWare Plus device and wish to ensure consistent RIPv1 behavior. - Page 650 RIP C OMMANDS ALLIEDWARE BEHAVIOR To return your device to AlliedWare Plus-like behavior when sending and receiving RIPv1 update messages, enter the commands: awplus# configure terminal awplus(config)# router rip awplus(config-router)# no alliedware-behavior rip1-send awplus(config-router)# no alliedware-behavior rip1-recv Validation show ip protocols rip Commands show running-config Related...
-
Page 651: Cisco-Metric-Behavior (Rip)
RIP C OMMANDS (RIP) CISCO METRIC BEHAVIOR cisco-metric-behavior (RIP) Overview Use this command to enable or disable the RIP routing metric update to conform to Cisco’s implementation. This command is provided to allow inter-operation with older Cisco devices that do not conform to the RFC standard for RIP route metrics. -
Page 652: Clear Ip Rip Route
RIP C OMMANDS CLEAR IP RIP ROUTE clear ip rip route Overview Use this command to clear specific data from the RIP routing table. Parameter Description <ip-dest-network/ Removes entries which exactly match this destination prefix-length> address from RIP routing table. Enter the IP address and prefix length of the destination network. -
Page 653: Debug Rip
RIP C OMMANDS DEBUG RIP debug rip Overview Use this command to specify the options for the displayed debugging information for RIP events and RIP packets. Use the no variant of this command to disable the specified debug option. Syntax debug rip {events|nsm|<packet>|all} no debug rip {events|nsm|<packet>|all} Parameter... -
Page 654: Default-Information Originate (Rip)
RIP C OMMANDS (RIP) DEFAULT INFORMATION ORIGINATE default-information originate (RIP) Overview Use this command to generate a default route into the Routing Information Protocol (RIP). Use the no variant of this command to disable this feature. Syntax default-information originate no default-information originate Default Disabled Mode... -
Page 655: Default-Metric (Rip)
RIP C OMMANDS (RIP) DEFAULT METRIC default-metric (RIP) Overview Use this command to specify the metrics to be assigned to redistributed RIP routes. Use the no variant of this command to reset the RIP metric back to its default (1). Syntax default-metric <metric>... -
Page 656: Distance (Rip)
RIP C OMMANDS (RIP) DISTANCE distance (RIP) Overview This command sets the administrative distance for RIP routes. Your device uses this value to select between two or more routes to the same destination obtained from two different routing protocols. The route with the smallest administrative distance value is added to the Forwarding Information Base (FIB). -
Page 657: Distribute-List (Rip)
RIP C OMMANDS (RIP) DISTRIBUTE LIST distribute-list (RIP) Overview Use this command to filter incoming or outgoing route updates using the access-list or the prefix-list. Use the no variant of this command to disable this feature. Syntax distribute-list {<access-list> | prefix <prefix-list>} {in|out} [<interface>] no distribute-list {<access-list>... -
Page 658: Fullupdate (Rip)
RIP C OMMANDS (RIP) FULLUPDATE fullupdate (RIP) Overview Use this command to specify which routes RIP should advertise when performing a triggered update. By default, when a triggered update is sent, RIP will only advertise those routes that have changed since the last update. When fullupdate is configured, the device advertises the full RIP route table in outgoing triggered updates, including routes that have not changed. -
Page 659: Ip Rip Authentication Key-Chain
RIP C OMMANDS IP RIP AUTHENTICATION KEY CHAIN ip rip authentication key-chain Overview Use this command to enable RIPv2 authentication on an interface and specify the name of the key chain to be used. Use the no variant of this command to disable this function. Syntax ip rip authentication key-chain <key-chain-name>... - Page 660 RIP C OMMANDS IP RIP AUTHENTICATION KEY CHAIN Specify the mode of authentication for the given interface (text or MD5), using the following command: awplus(config-if)# ip rip authentication mode {md5|text} Example In the following example of a configuration for multiple keys authentication, a password “toyota”...
-
Page 661: Ip Rip Authentication Mode
RIP C OMMANDS IP RIP AUTHENTICATION MODE ip rip authentication mode Overview Use this command to specify the type of authentication mode used for RIP v2 packets. Use the no variant of this command to restore clear text authentication. Syntax ip rip authentication mode {md5|text} no ip rip authentication mode Parameter... - Page 662 RIP C OMMANDS IP RIP AUTHENTICATION MODE Usage: multiple For multiple keys authentication, use the following steps to configure a route to enable RIPv2 authentication using multiple keys at different times: Define a key chain with a key chain name, using the following commands: awplus# configure terminal awplus(config)#...
- Page 663 RIP C OMMANDS IP RIP AUTHENTICATION MODE Example 3 The following example specifies “mykey” as the authentication string with MD5 authentication, for the VLAN interface vlan2: awplus# configure terminal awplus(config)# interface vlan2 awplus(config-if)# ip rip authentication string mykey awplus(config-if)# ip rip authentication mode md5 Related ip rip authentication string Commands...
-
Page 664: Ip Rip Authentication String
RIP C OMMANDS IP RIP AUTHENTICATION STRING ip rip authentication string Overview Use this command to specify the authentication string or password used by a key. Use the no variant of this command to remove the authentication string. Syntax ip rip authentication string <auth-string> no ip rip authentication string Parameter Description... - Page 665 RIP C OMMANDS IP RIP AUTHENTICATION STRING In the following example, the VLAN interface vlan2 is configured to have an Example authentication string as guest. Any received RIP packet in that interface should have the same string as password. awplus# configure terminal awplus(config)# interface vlan2...
-
Page 666: Ip Rip Receive-Packet
RIP C OMMANDS IP RIP RECEIVE PACKET ip rip receive-packet Overview Use this command to configure the interface to enable the reception of RIP packets. Use the no variant of this command to disable this feature. Syntax ip rip receive-packet no ip rip receive-packet Default Receive-packet is enabled... -
Page 667: Ip Rip Receive Version
RIP C OMMANDS IP RIP RECEIVE VERSION ip rip receive version Overview Use this command to specify the version of RIP packets accepted on an interface and override the setting of the version command. Use the no variant of this command to use the setting specified by the version (RIP) command. -
Page 668: Ip Rip Send-Packet
RIP C OMMANDS IP RIP SEND PACKET ip rip send-packet Overview Use this command to enable sending RIP packets through the current interface. Use the no variant of this command to disable this feature. Syntax ip rip send-packet no ip rip send-packet Default Send packet is enabled Mode... -
Page 669: Ip Rip Send Version
RIP C OMMANDS IP RIP SEND VERSION ip rip send version Overview Use this command in Interface Configuration mode to specify the version of RIP packets sent on an interface and override the setting of the version (RIP) command. This mechanism causes RIP version 2 interfaces to send multicast packets instead of broadcasting packets. - Page 670 RIP C OMMANDS IP RIP SEND VERSION In the following example, the VLAN interface vlan4 is configured to send both RIP version 2 and 1 packets. awplus# configure terminal awplus(config)# interface vlan4 awplus(config-if)# ip rip send version 2 1 In the following example, the VLAN interface vlan4 is configured to send RIP version 1 packets only.
-
Page 671: Ip Rip Send Version 1-Compatible
RIP C OMMANDS IP RIP SEND VERSION COMPATIBLE ip rip send version 1-compatible Overview Use this command in Interface Configuration mode to send RIP version 1 compatible packets from a RIP version 2 interfaces to other RIP Interfaces. This mechanism causes RIP version 2 interfaces to send broadcast packets instead of multicasting packets, and is used in environments where multicast is not enabled or where hosts do not listen to multicast. - Page 672 RIP C OMMANDS IP RIP SEND VERSION COMPATIBLE Related ip rip send version Commands version (RIP) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 673: Ip Rip Split-Horizon
RIP C OMMANDS IP RIP SPLIT HORIZON ip rip split-horizon Overview Use this command to turn on the split-horizon mechanism on the interface. Use the no variant of this command to disable this mechanism. Syntax ip rip split-horizon [poisoned] no ip rip split-horizon Parameter Description poisoned... - Page 674 RIP C OMMANDS Overview Use this command to manage, add and delete authentication keys in a key-chain. Use the no variant of this command to delete the authentication key. Syntax key <keyid> no key <keyid> Parameter Description <keyid> <0-2147483647> Key identifier number. Mode Keychain Configuration Usage...
-
Page 675: Key Chain
RIP C OMMANDS KEY CHAIN key chain Overview Use this command to enter the key chain management mode and to configure a key chain with a key chain name. Use the no variant of this command to remove the key chain and all configured keys. -
Page 676: Key-String
RIP C OMMANDS STRING key-string Overview Use this command to define the password to be used by a key. Use the no variant of this command to remove a password. Syntax key-string <key-password> no key-string Parameter Description <key-password> A string of characters to be used as a password by the key. Mode Keychain-key Configuration Usage... -
Page 677: Maximum-Prefix
RIP C OMMANDS MAXIMUM PREFIX maximum-prefix Overview Use this command to configure the maximum number of RIP routes stored in the routing table. Use the no variant of this command to disable all limiting of the number of RIP routes stored in the routing table. Syntax maximum-prefix <maxprefix>... -
Page 678: Neighbor (Rip)
RIP C OMMANDS (RIP) NEIGHBOR neighbor (RIP) Overview Use this command to specify a neighbor router. It is used for each router to which you wish to send unicast RIP updates. Use the no variant of this command to stop sending unicast updates to the specific router. -
Page 679: Network (Rip)
RIP C OMMANDS (RIP) NETWORK network (RIP) Overview Use this command to activate the transmission of RIP routing information on the defined network. Use the no variant of this command to remove the specified network or VLAN as one that runs RIP. Syntax network {<network-address>[/<subnet-mask>]|<vlan-name>} no network {<network-address>[/<subnet-mask>]|<vlan-name>}... -
Page 680: Offset-List (Rip)
RIP C OMMANDS (RIP) OFFSET LIST offset-list (RIP) Overview Use this command to add an offset to the in and out metrics of routes learned through RIP. Use the no variant of this command to remove the offset list. Syntax offset-list <access-list>... -
Page 681: Passive-Interface (Rip)
RIP C OMMANDS (RIP) PASSIVE INTERFACE passive-interface (RIP) Overview Use this command to block RIP broadcasts on the interface. Use the no variant of this command to disable this function. Syntax passive-interface <interface> no passive-interface <interface> Parameter Description <interface> Specifies the interface name. Default Disabled Mode... -
Page 682: Recv-Buffer-Size (Rip)
RIP C OMMANDS (RIP) RECV BUFFER SIZE recv-buffer-size (RIP) Overview Use this command to run-time configure the RIP UDP (User Datagram Protocol) receive-buffer size to improve UDP reliability by avoiding UDP receive buffer overrun. Use the no variant of this command to reset the configured RIP UDP receive-buffer size to the system default (196608 bits). -
Page 683: Redistribute (Rip)
RIP C OMMANDS (RIP) REDISTRIBUTE redistribute (RIP) Overview Use this command to redistribute information from other routing protocols into RIP. Use the no variant of this command to disable the specified redistribution. The parameters metric and routemap may be used on this command, but have no effect. -
Page 684: Restart Rip Graceful
RIP C OMMANDS RESTART RIP GRACEFUL restart rip graceful Overview Use this command to force the RIP process to restart, and optionally set the grace-period. restart rip graceful [grace-period <1-65535>] Syntax Mode Privileged Exec Default The default RIP grace-period is 60 seconds. Usage After this command is executed, the RIP process immediately shuts down. -
Page 685: Rip Restart Grace-Period
RIP C OMMANDS RIP RESTART GRACE PERIOD rip restart grace-period Overview Use this command to change the grace period of RIP graceful restart. Use the no variant of this command to disable this function. Syntax rip restart grace-period <1-65535> no rip restart grace-period <1-65535> Mode Global Configuration Default... -
Page 686: Route (Rip)
RIP C OMMANDS (RIP) ROUTE route (RIP) Overview Use this command to configure static RIP routes. Use the no variant of this command to disable this function. Syntax route <ip-addr/prefix-length> no route <ip-addr/prefix-length> Parameter Description <ip-addr/prefix-length> The IPv4 address and prefix length. Default No static RIP route is added by default. -
Page 687: Router Rip
RIP C OMMANDS ROUTER RIP router rip Overview Use this global command to enter Router Configuration mode to enable the RIP routing process. Use the no variant of this command to disable the RIP routing process. Syntax router rip no router rip Mode Global Configuration Example... -
Page 688: Send-Lifetime
RIP C OMMANDS SEND LIFETIME send-lifetime Overview Use this command to specify the time period during which the authentication key on a key chain can be sent. send-lifetime <start-date> {<end-date>| Syntax duration <seconds>|infinite} no send-lifetime Parameter Description Specifies the start time and date in the format: <start-date>... - Page 689 RIP C OMMANDS SEND LIFETIME Related Commands key-string key chain accept-lifetime 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 690: Show Debugging Rip
RIP C OMMANDS SHOW DEBUGGING RIP show debugging rip Overview Use this command to display the RIP debugging status for these debugging options: nsm debugging, RIP event debugging, RIP packet debugging and RIP nsm debugging. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 691: Show Ip Protocols Rip
RIP C OMMANDS SHOW IP PROTOCOLS RIP show ip protocols rip Overview Use this command to display RIP process parameters and statistics. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 692 RIP C OMMANDS SHOW IP RIP show ip rip Overview Use this command to show RIP routes. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show ip rip Mode User Exec and Privileged Exec awplus#...
-
Page 693: Show Ip Rip Database
RIP C OMMANDS SHOW IP RIP DATABASE show ip rip database Overview Use this command to display information about the RIP database. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 694: Show Ip Rip Interface
RIP C OMMANDS SHOW IP RIP INTERFACE show ip rip interface Overview Use this command to display information about the RIP interfaces. You can specify an interface name to display information about a specific interface. show ip rip interface [<interface>] Syntax Parameter Description... -
Page 695: No Timers Basic
RIP C OMMANDS (RIP) TIMERS timers (RIP) Overview Use this command to adjust routing network timers. Use the no variant of this command to restore the defaults. Syntax timers basic <update> <timeout> <garbage> no timers basic Parameter Description <update> <5-2147483647> Specifies the period at which RIP route update packets are transmitted. -
Page 696: Undebug Rip
RIP C OMMANDS UNDEBUG RIP undebug rip Overview Use this command to disable the options set for debugging information of RIP events, packets and communication between RIP and NSM. This command has the same effect as the no debug rip command. Syntax undebug rip {all|events|nsm|<packet>} Parameter... -
Page 697: Version (Rip)
RIP C OMMANDS (RIP) VERSION version (RIP) Overview Use this command to specify a RIP version used globally by the router. Use the no variant of this command to restore the default version. Syntax version {1|2} no version Parameter Description Specifies the version of RIP processing. -
Page 698: Rev A Command Reference For Fs980M Series
Part 4: Multicast Applications 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 699: Igmp Snooping
IGMP Snooping Commands Introduction Overview Devices running AlliedWare Plus use IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) to track which multicast groups their clients belong to. This enables them to send the correct multimedia streams to the correct destinations. - Page 700 IGMP S NOOPING OMMANDS • “show ip igmp groups” on page 722 • “show ip igmp interface” on page 724 • “show ip igmp snooping mrouter” on page 726 • “show ip igmp snooping routermode” on page 727 • “show ip igmp snooping statistics”...
-
Page 701: Clear Ip Igmp
IGMP S NOOPING OMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all interfaces. clear ip igmp Syntax Mode Privileged Exec awplus# clear ip igmp Example Related clear ip igmp group Commands clear ip igmp interface show ip igmp interface... -
Page 702: Clear Ip Igmp Group
IGMP S NOOPING OMMANDS CLEAR IP IGMP GROUP clear ip igmp group Overview Use this command to clear IGMP group membership records for a specific group on either all interfaces, a single interface, or for a range of interfaces. clear ip igmp group * Syntax clear ip igmp group <ip-address>... -
Page 703: Clear Ip Igmp Interface
IGMP S NOOPING OMMANDS CLEAR IP IGMP INTERFACE clear ip igmp interface Overview Use this command to clear IGMP group membership records on a particular interface. clear ip igmp interface <interface> Syntax Parameter Description <interface> Specifies the name of the interface. All groups learned on this interface are deleted. -
Page 704: Debug Igmp
IGMP S NOOPING OMMANDS DEBUG IGMP debug igmp Overview Use this command to enable debugging of either all IGMP or a specific component of IGMP. Use the no variant of this command to disable all IGMP debugging, or debugging of a specific component of IGMP. Syntax debug igmp {all|decode|encode|events|fsm|tib} no debug igmp {all|decode|encode|events|fsm|tib}... -
Page 705: Ip Igmp Flood Specific-Query
IGMP S NOOPING OMMANDS IP IGMP FLOOD SPECIFIC QUERY ip igmp flood specific-query Overview Use this command if you want IGMP to flood specific queries to all VLAN member ports, instead of only sending the queries to multicast group member ports. Use the no variant of this command if you want IGMP to only send the queries to multicast group member ports. -
Page 706: Ip Igmp Maximum-Groups
IGMP S NOOPING OMMANDS IP IGMP MAXIMUM GROUPS ip igmp maximum-groups Overview Use this command to set a limit, per switch port, on the number of IGMP groups clients can join. This stops a single client from using all the switch’s available group-entry resources, and ensures that clients on all ports have a chance to join IGMP groups. - Page 707 IGMP S NOOPING OMMANDS IP IGMP MAXIMUM GROUPS Example To limit clients to 10 groups on port 1.0.1, which is in vlan1, use the commands: awplus# configure terminal awplus(config)# interface port1.0.1 awplus(config-if)# ip igmp maximum-groups 10 awplus(config-if)# exit awplus(config)# interface vlan1 awplus(config-if)# ip igmp snooping fast-leave Related...
-
Page 708: Ip Igmp Snooping
IGMP S NOOPING OMMANDS IP IGMP SNOOPING ip igmp snooping Overview Use this command to enable IGMP Snooping. When this command is used in the Global Configuration mode, IGMP Snooping is enabled at the device level. When this command is used in Interface Configuration mode, IGMP Snooping is enabled for the specified VLANs. -
Page 709: Ip Igmp Snooping Fast-Leave
IGMP S NOOPING OMMANDS IP IGMP SNOOPING FAST LEAVE ip igmp snooping fast-leave Overview Use this command to enable IGMP Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing. The IGMP group-membership entry is removed as soon as an IGMP leave group message is received, without sending out a group-specific query. -
Page 710: Ip Igmp Snooping Mrouter
IGMP S NOOPING OMMANDS IP IGMP SNOOPING MROUTER ip igmp snooping mrouter Overview Use this command to statically configure the specified port as a multicast router port for IGMP Snooping for an interface. This command applies to interfaces configured for IGMP Snooping. Use the no variant of this command to remove the static configuration of the port as a multicast router port. -
Page 711: Ip Igmp Snooping Querier
IGMP S NOOPING OMMANDS IP IGMP SNOOPING QUERIER ip igmp snooping querier Overview Use this command to enable IGMP querier operation when no multicast routing protocol is configured. When enabled, the IGMP Snooping querier sends out periodic IGMP queries for all interfaces. This command applies to interfaces configured for IGMP Snooping. -
Page 712: Ip Igmp Snooping Report-Suppression
IGMP S NOOPING OMMANDS IP IGMP SNOOPING REPORT SUPPRESSION ip igmp snooping report-suppression Overview Use this command to enable report suppression for IGMP versions 1 and 2. This command applies to interfaces configured for IGMP Snooping. Report suppression stops reports being sent to an upstream multicast router port when there are already downstream ports for this group on this interface. -
Page 713: Ip Igmp Snooping Routermode
IGMP S NOOPING OMMANDS IP IGMP SNOOPING ROUTERMODE ip igmp snooping routermode Overview Use this command to set the destination IP addresses as router multicast addresses. Use the no variant of this command to set it to the default. You can also remove a specified IP address from a custom list of multicast addresses. - Page 714 IGMP S NOOPING OMMANDS IP IGMP SNOOPING ROUTERMODE Examples To set ip igmp snooping routermode for all default reserved addresses enter: awplus(config)# ip igmp snooping routermode default To remove the multicast address 224.0.0.5 from the custom list of multicast addresses enter: awplus(config)# no ip igmp snooping routermode address 224.0.0.5...
-
Page 715: Ip Igmp Snooping Tcn Query Solicit
IGMP S NOOPING OMMANDS IP IGMP SNOOPING TCN QUERY SOLICIT ip igmp snooping tcn query solicit Overview Use this command to enable IGMP (Internet Group Management Protocol) Snooping TCN (Topology Change Notification) Query Solicitation feature. When this command is used in the Global Configuration mode, Query Solicitation is enabled. - Page 716 IGMP S NOOPING OMMANDS IP IGMP SNOOPING TCN QUERY SOLICIT Command issued from Command issued Device is STP Root Global from Interface Bridge or the IGMP Query Solicit Configuration Configuration EPSR Master Node message sent on VLAN See the IGMP Feature Overview and Configuration Guide for introductory information about the Query Solicitation feature.
-
Page 717: Ip Igmp Static-Group
IGMP S NOOPING OMMANDS IP IGMP STATIC GROUP ip igmp static-group Overview Use this command to statically configure multicast group membership entries on a VLAN interface, or to statically forward a multicast channel out a particular port or port range. To statically add only a group membership, do not specify any parameters. - Page 718 IGMP S NOOPING OMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on vlan3: awplus# configure terminal awplus(config)# interface vlan3 awplus(config-if)# ip igmp awplus(config-if)# ip igmp static-group 226.1.2.4 source 10.2.3.4 613-50137-01 Rev A Command Reference for FS980M Series...
-
Page 719: Ip Igmp Trusted
IGMP S NOOPING OMMANDS IP IGMP TRUSTED ip igmp trusted Overview Use this command to allow IGMP to process packets received on certain trusted ports only. Use the no variant of this command to stop IGMP from processing specified packets if the packets are received on the specified ports or aggregator. Syntax ip igmp trusted {all|query|report|routermode} no ip igmp trusted {all|query|report|routermode}... -
Page 720: Ip Igmp Version
IGMP S NOOPING OMMANDS IP IGMP VERSION ip igmp version Overview Use this command to set the current IGMP version (IGMP version 1, 2 or 3) on an interface. Use the no variant of this command to return to the default version. Syntax ip igmp version <1-3>... -
Page 721: Show Debugging Igmp
IGMP S NOOPING OMMANDS SHOW DEBUGGING IGMP show debugging igmp Overview Use this command to display the IGMP debugging options set. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 722: Show Ip Igmp Groups
IGMP S NOOPING OMMANDS SHOW IP IGMP GROUPS show ip igmp groups Overview Use this command to display the multicast groups with receivers directly connected to the router, and learned through IGMP. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 723 IGMP S NOOPING OMMANDS SHOW IP IGMP GROUPS Table 1: Parameters in the output of the show ip igmp groups command (cont.) Parameter Description Expires Time (in hours, minutes, and seconds) until the entry expires. Last Last host to report being a member of the multicast group. Reporter 613-50137-01 Rev A Command Reference for FS980M Series...
-
Page 724: Show Ip Igmp Interface
IGMP S NOOPING OMMANDS SHOW IP IGMP INTERFACE show ip igmp interface Overview Use this command to display the state of IGMP Snooping for a specified VLAN, or all VLANs. IGMP is shown as Active or Disabled in the show output. You can also display the number of groups a switch port belongs to. - Page 725 IGMP S NOOPING OMMANDS SHOW IP IGMP INTERFACE awplus#show ip igmp interface vlan2 Interface vlan2 (Index 202) IGMP Disabled, Inactive, Version 3 (default) IGMP interface has 0 group-record states IGMP activity: 0 joins, 0 leaves IGMP robustness variable is 2 IGMP last member query count is 2...
-
Page 726: Show Ip Igmp Snooping Mrouter
IGMP S NOOPING OMMANDS SHOW IP IGMP SNOOPING MROUTER show ip igmp snooping mrouter Overview Use this command to display the multicast router ports, both static and dynamic, in a VLAN. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 727: Show Ip Igmp Snooping Routermode
IGMP S NOOPING OMMANDS SHOW IP IGMP SNOOPING ROUTERMODE show ip igmp snooping routermode Overview Use this command to display the current routermode and the list of IP addresses set as router multicast addresses from the ip igmp snooping routermode command. -
Page 728: Show Ip Igmp Snooping Statistics
IGMP S NOOPING OMMANDS SHOW IP IGMP SNOOPING STATISTICS show ip igmp snooping statistics Overview Use this command to display IGMP Snooping statistics data. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. - Page 729 IGMP S NOOPING OMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 22-7: Example output from the show ip igmp snooping statistics command for a switch port awplus#show ip igmp interface port1.0.1 IGMP information for port1.0.1 Maximum groups limit set: 10 Number of groups port belongs to: 0 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 730: Undebug Igmp
IGMP S NOOPING OMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the no debug igmp command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 731: Mld Snooping
MLD Snooping Commands Introduction Overview This chapter provides an alphabetical reference of configuration, clear, and show commands related to MLD Snooping. Command List • “clear ipv6 mld” on page 732 • “clear ipv6 mld group” on page 733 • “clear ipv6 mld interface”... -
Page 732: Clear Ipv6 Mld
MLD S NOOPING OMMANDS CLEAR IPV clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces. clear ipv6 mld Syntax Mode Privileged Exec awplus# clear ipv6 mld Example Related clear ipv6 mld group Commands clear ipv6 mld interface 613-50137-01 Rev A Command Reference for FS980M Series... -
Page 733: Clear Ipv6 Mld Group
MLD S NOOPING OMMANDS CLEAR IPV MLD GROUP clear ipv6 mld group Overview Use this command to clear MLD specific local-membership(s) on all interfaces, for a particular group. clear ipv6 mld group {*|<ipv6-address>} Syntax Parameter Description Clears all groups on all interfaces. This is an alias to the clear ipv6 mld command. -
Page 734: Clear Ipv6 Mld Interface
MLD S NOOPING OMMANDS CLEAR IPV MLD INTERFACE clear ipv6 mld interface Overview Use this command to clear MLD interface entries. clear ipv6 mld interface <interface> Syntax Parameter Description <interface> Specifies name of the interface; all groups learned from this interface are deleted. -
Page 735: Debug Mld
MLD S NOOPING OMMANDS DEBUG MLD debug mld Overview Use this command to enable all MLD debugging modes, or a specific MLD debugging mode. Use the no variant of this command to disable all MLD debugging modes, or a specific MLD debugging mode. Syntax debug mld {all|decode|encode|events|fsm|tib} no debug mld {all|decode|encode|events|fsm|tib}... -
Page 736: Ipv6 Mld Access-Group
MLD S NOOPING OMMANDS MLD ACCESS GROUP ipv6 mld access-group Overview Use this command to control the multicast local-membership groups learned on an interface. Use the no variant of this command to disable this access control. Syntax ipv6 mld access-group <IPv6-access-list-name> no ipv6 mld access-group Parameter Description... -
Page 737: Ipv6 Mld Immediate-Leave
MLD S NOOPING OMMANDS MLD IMMEDIATE LEAVE ipv6 mld immediate-leave Overview Use this command to minimize the leave latency of MLD memberships. Use the no variant of this command to disable this feature. Syntax ipv6 mld immediate-leave group-list <IPv6-access-list-name> no ipv6 mld immediate-leave Parameter Description <IPv6-access-... -
Page 738: Ipv6 Mld Limit
MLD S NOOPING OMMANDS MLD LIMIT ipv6 mld limit Overview Use this command to configure a limit on the maximum number of group memberships that may be learned. The limit may be set for the device as a whole, or for a specific interface. Once the specified group membership limit is reached, all further local-memberships will be ignored. - Page 739 MLD S NOOPING OMMANDS MLD LIMIT The following example configures an MLD limit of 100 group-membership states on the VLAN interface vlan2: awplus# configure terminal awplus(config)# ipv6 forwarding awplus(config)# ipv6 multicast-routing awplus(config)# interface vlan2 awplus(config-if)# ipv6 enable awplus(config-if)# ipv6 mld limit 100 The following example configures an MLD limit of 100 group-membership states on the VLAN interfaces vlan2-vlan4: awplus#...
-
Page 740: Ipv6 Mld Snooping
MLD S NOOPING OMMANDS MLD SNOOPING ipv6 mld snooping Overview Use this command to enable MLD Snooping. When this command is issued in the Global Configuration mode, MLD Snooping is enabled globally for the device. When this command is issued in Interface mode for a VLAN then MLD Snooping is enabled for the specified VLAN. - Page 741 MLD S NOOPING OMMANDS MLD SNOOPING To configure MLD Snooping on the VLAN interfaces vlan2-vlan4, enter the following commands: awplus# configure terminal awplus(config)# interface vlan2-vlan4 awplus(config-if)# ipv6 mld snooping To disable MLD Snooping for the VLAN interface vlan2, enter the following commands: awplus# configure terminal...
-
Page 742: Ipv6 Mld Snooping Fast-Leave
MLD S NOOPING OMMANDS MLD SNOOPING FAST LEAVE ipv6 mld snooping fast-leave Overview Use this command to enable MLD Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing; the MLD group-membership is removed as soon as an MLD leave group message is received, without sending out a group-specific query. -
Page 743: Ipv6 Mld Snooping Mrouter
MLD S NOOPING OMMANDS MLD SNOOPING MROUTER ipv6 mld snooping mrouter Overview Use this command to statically configure the specified port as a Multicast Router interface for MLD Snooping within the specified VLAN. See detailed usage notes below to configure static multicast router ports when using static IPv6 multicast routes with EPSR, and the destination VLAN is an EPSR data VLAN. - Page 744 MLD S NOOPING OMMANDS MLD SNOOPING MROUTER Examples This example shows how to specify the next-hop interface to the multicast router for VLAN interface vlan2: awplus# configure terminal awplus(config)# interface vlan2 awplus(config-if)# ipv6 mld snooping mrouter interface port1.0.5 This example shows how to specify the next-hop interface to the multicast router for VLAN interfaces vlan2-vlan4: awplus# configure terminal...
-
Page 745: Ipv6 Mld Snooping Querier
MLD S NOOPING OMMANDS MLD SNOOPING QUERIER ipv6 mld snooping querier Overview Use this command to enable MLD querier operation on a subnet (VLAN) when no multicast routing protocol is configured in the subnet (VLAN). When enabled, the MLD Snooping querier sends out periodic MLD queries for all interfaces on that VLAN. -
Page 746: Ipv6 Mld Snooping Report-Suppression
MLD S NOOPING OMMANDS MLD SNOOPING REPORT SUPPRESSION ipv6 mld snooping report-suppression Overview Use this command to enable report suppression from hosts for Multicast Listener Discovery version 1 (MLDv1) on a VLAN in Interface Configuration mode. Use the no variant of this command to disable report suppression on a VLAN in Interface Configuration mode. - Page 747 MLD S NOOPING OMMANDS MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2-vlan4: awplus# configure terminal awplus(config)# interface vlan2-vlan4 awplus(config-if)# no ipv6 mld snooping report-suppression 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 748: Ipv6 Mld Static-Group
MLD S NOOPING OMMANDS MLD STATIC GROUP ipv6 mld static-group Overview Use this command to statically configure IPv6 group membership entries on an interface. To statically add only a group membership, do not specify any parameters. Use the no variant of this command to delete static group membership entries. Syntax ipv6 mld static-group <ipv6-group-address>... - Page 749 MLD S NOOPING OMMANDS MLD STATIC GROUP To add a static group record on a specific port on vlan2, use the following commands: awplus# configure terminal awplus(config)# interface vlan2 awplus(config-if)# ipv6 mld static-group ff1e::10 interface port1.0.4 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 750: Show Debugging Mld
MLD S NOOPING OMMANDS SHOW DEBUGGING MLD show debugging mld Overview Use this command to display the MLD debugging modes enabled with the debug command. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 751: Show Ipv6 Mld Groups
MLD S NOOPING OMMANDS SHOW IPV MLD GROUPS show ipv6 mld groups Overview Use this command to display the multicast groups that have receivers directly connected to the router and learned through MLD. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 752: Show Ipv6 Mld Interface
MLD S NOOPING OMMANDS SHOW IPV MLD INTERFACE show ipv6 mld interface Overview Use this command to display the state of MLD and MLD Snooping for a specified interface, or all interfaces. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 753: Show Ipv6 Mld Snooping Mrouter
MLD S NOOPING OMMANDS SHOW IPV MLD SNOOPING MROUTER show ipv6 mld snooping mrouter Overview Use this command to display the multicast router interfaces, both configured and learned, in a VLAN. If you do not specify a VLAN interface then all the VLAN interfaces are displayed. -
Page 754: Show Ipv6 Mld Snooping Statistics
MLD S NOOPING OMMANDS SHOW IPV MLD SNOOPING STATISTICS show ipv6 mld snooping statistics Overview Use this command to display MLD Snooping statistics data. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. -
Page 755: Part 5: Access And Security
Part 5: Access and Security 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 756: Chapter 24: Ipv4 Hardware Access Control List (Acl) Commands
IPv4 Hardware Access Control List (ACL) Commands Introduction Overview This chapter provides an alphabetical reference of IPv4 Hardware Access Control List (ACL) commands. It contains detailed command information and command examples about IPv4 hardware ACLs, which you can apply directly to interfaces using the access-group command. - Page 757 (ACL) C ARDWARE CCESS ONTROL OMMANDS Table 24-1: IPv4 Hardware Access List Commands and Prompts Command Name Command Mode Prompt awplus# show interface access-group Privileged Exec awplus# show access-list (IPv4 Hardware ACLs) Privileged Exec awplus# show interface access-group Privileged Exec awplus(config)# access-list (numbered hardware ACL for IP Global Configuration...
- Page 758 (ACL) C ARDWARE CCESS ONTROL OMMANDS • “access-list (numbered hardware ACL for IP protocols)” on page 767 • “access-list (numbered hardware ACL for MAC addresses)” on page 771 • “access-list (numbered hardware ACL for TCP or UDP)” on page 773 •...
-
Page 759: Access-Group
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS GROUP access-group Overview This command adds or removes a hardware-based access-list to or from a switch port interface. The number of hardware numbered and named access-lists that can be added to a switch port interface is determined by the available memory in hardware-based packet classification tables. - Page 760 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS GROUP Examples To add the numbered hardware access-list 3005 to switch port interface port1.0.1, enter the following commands: awplus# configure terminal awplus(config)# interface port1.0.1 awplus(config-if)# access-group 3005 To add the named hardware access-list “hw-acl” to switch port interface port1.0.2, enter the following commands: awplus# configure terminal...
-
Page 761: Access-List (Numbered Hardware Acl For Icmp)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ICMP) ACCESS LIST NUMBERED HARDWARE access-list (numbered hardware ACL for ICMP) Overview This command creates an access-list for use with hardware classification. The access-list will match on ICMP packets that have the specified source and destination IP addresses and, optionally, ICMP type. - Page 762 (ACL) C ARDWARE CCESS ONTROL OMMANDS ICMP) ACCESS LIST NUMBERED HARDWARE Parameter Description <ip-addr> Match any source IP address within <reverse-mask> the specified subnet. Specify the subnet by entering a reverse mask in dotted decimal format. For example, entering “192.168.1.1 0.0.0.255” is the same as entering 192.168.1.1/24.
- Page 763 (ACL) C ARDWARE CCESS ONTROL OMMANDS ICMP) ACCESS LIST NUMBERED HARDWARE Mode Global Configuration Default On an interface controlled by a hardware ACL, any traffic that does not explicitly match a filter is permitted. Usage This command creates an ACL for use with hardware classification. Once you have configured the ACL, use the access-group or the...
-
Page 764: Access-List (Numbered Hardware Acl For Ip Packets)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE PACKETS access-list (numbered hardware ACL for IP packets) Overview This command creates an access-list for use with hardware classification. The access-list will match on packets that have the specified source and destination IP addresses. - Page 765 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE PACKETS Table 24-2: IP and ICMP parameters in access-list (hardware IP numbered) Parameter Description <ip-addr> Match any source IP address within <reverse-mask> the specified subnet. Specify the subnet by entering a reverse mask in dotted decimal format.
- Page 766 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE PACKETS Examples To create an access-list that will permit IP packets with a source address of 192.168.1.1 and any destination address, enter the commands: awplus# configure terminal awplus(config)# access-list 3000 permit ip 192.168.1.1/32 any To destroy the access-list with an access-list identity of 3000 enter the following commands: awplus#...
-
Page 767: Access-List (Numbered Hardware Acl For Ip Protocols)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE PROTOCOLS access-list (numbered hardware ACL for IP protocols) Overview This command creates an access-list for use with hardware classification. The access-list will match on packets that have the specified source and destination IP addresses and IP protocol number. - Page 768 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE PROTOCOLS Table 24-3: Parameters in access-list (hardware IP numbered) (cont.) Parameter Description <ip-addr>/<prefix> Match any source IP address within the specified subnet. Specify the subnet by entering the IPv4 address, then a forward slash, then the prefix length.
- Page 769 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE PROTOCOLS Table 24-4: IP protocol number and description (cont.) Protocol Number Protocol Description [RFC] EGP (Exterior Gateway Protocol) [RFC888] IGP (Interior Gateway Protocol) [IANA] Network Voice Protocol [RFC741] UDP (User Datagram Protocol) [RFC768] Host monitoring [RFC869] RDP (Reliable Data Protocol) [RFC908] IRTP (Internet Reliable Transaction Protocol) [RFC938]...
- Page 770 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE PROTOCOLS Mode Global Configuration Default On an interface controlled by a hardware ACL, any traffic that does not explicitly match a filter is permitted. Usage This command creates an ACL for use with hardware classification. Once you have configured the ACL, use the access-group or the...
-
Page 771: Mac Addresses
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE ADDRESSES access-list (numbered hardware ACL for MAC addresses) Overview This command creates an access-list for use with hardware classification. The access-list will match on packets that have the specified source and destination MAC addresses. - Page 772 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST NUMBERED HARDWARE ADDRESSES Mode Global Configuration Default On an interface controlled by a hardware ACL, any traffic that does not explicitly match a filter is permitted. Usage This command creates an ACL for use with hardware classification. Once you have configured the ACL, use the access-group or the...
-
Page 773: Access-List (Numbered Hardware Acl For Tcp Or Udp)
(ACL) C ARDWARE CCESS ONTROL OMMANDS UDP) ACCESS LIST NUMBERED HARDWARE access-list (numbered hardware ACL for TCP or UDP) Overview This command creates an access-list for use with hardware classification. The access-list will match on TCP or UDP packets that have the specified source and destination IP addresses and optionally, port values. - Page 774 (ACL) C ARDWARE CCESS ONTROL OMMANDS UDP) ACCESS LIST NUMBERED HARDWARE Parameter Description <ip-addr> Match any source IP address within <reverse-mask> the specified subnet. Specify the subnet by entering a reverse mask in dotted decimal format. For example, entering “192.168.1.1 0.0.0.255” is the same as entering 192.168.1.1/24.
- Page 775 (ACL) C ARDWARE CCESS ONTROL OMMANDS UDP) ACCESS LIST NUMBERED HARDWARE Examples To create an access-list that will permit TCP packets with a destination address of 192.168.1.1, a destination port of 80, and any source address and source port, enter the commands: awplus# configure terminal...
-
Page 776: Access-List Hardware (Named Hardware Acl)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACL) ACCESS LIST HARDWARE NAMED HARDWARE access-list hardware (named hardware ACL) Overview This command creates a named hardware access-list and puts you into IPv4 Hardware ACL Configuration mode, where you can add filter entries to the ACL. Once you have configured the ACL, you can use the access-group or the... - Page 777 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL) ACCESS LIST HARDWARE NAMED HARDWARE Related access-group Commands (named hardware ACL: ICMP entry) (named hardware ACL: IP protocol entry) (named hardware ACL: TCP or UDP entry) (access-list standard named filter) show access-list (IPv4 Hardware ACLs) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
- Page 778 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: ICMP NAMED HARDWARE ENTRY (named hardware ACL: ICMP entry) Overview Use this command to add a new ICMP filter entry to the current hardware access-list. The filter will match on any ICMP packet that has the specified source and destination IP addresses and (optionally) ICMP type.
- Page 779 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: ICMP NAMED HARDWARE ENTRY Parameter Description host <ip-addr> Match a single source host with the IP address given by <ip-addr> in dotted decimal notation. <ip-addr>/<prefix> Match any source IP address within the specified subnet. Specify the subnet by entering the IPv4 address, then a forward slash, then the prefix length.
- Page 780 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: ICMP NAMED HARDWARE ENTRY Parameter Description Timestamp requests. Timestamp replies. Information requests. Information replies. Address mask requests. Address mask replies. vlan <1-4094> The VLAN to match against. The ACL will match against the specified ID in the packet’s VLAN tag.
- Page 781 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: ICMP NAMED HARDWARE ENTRY Related access-group Commands access-list hardware (named hardware ACL) match access-group show running-config show access-list (IPv4 Hardware ACLs) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
- Page 782 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PACKET ENTRY (named hardware ACL: IP packet entry) Overview Use this command to add an IP packet filter entry to the current hardware access-list. The filter will match on IP packets that have the specified IP and/or MAC addresses.
- Page 783 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PACKET ENTRY Parameter Description dhcpsnooping Match the source address learned from the DHCP Snooping binding database. host <ip-addr> Match a single source host with the IP address given by <ip-addr> in dotted decimal notation.
- Page 784 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PACKET ENTRY Parameter Description <source-mac> The source MAC address to match against, followed by the mask. Enter the address in the format <HHHH.HHHH.HHHH>, where each H is a hexadecimal number. Enter the mask in the format <HHHH.HHHH.HHHH>, where each H is a hexadecimal number.
- Page 785 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PACKET ENTRY Then use the access-group or the match access-group command to apply this ACL to a port or QoS class-map. Note that the ACL will only apply to incoming data packets.
- Page 786 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PROTOCOL ENTRY (named hardware ACL: IP protocol entry) Overview Use this command to add an IP protocol type filter entry to the current hardware access-list. The filter will match on IP packets that have the specified IP protocol number, and the specified IP and/or MAC addresses.
- Page 787 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PROTOCOL ENTRY Table 24-5: Parameters in IP protocol ACL entries (cont.) Parameter Description Match any source IP address. dhcpsnooping Match the source address learned from the DHCP Snooping binding database. host <ip-addr>...
- Page 788 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PROTOCOL ENTRY Table 24-5: Parameters in IP protocol ACL entries (cont.) Parameter Description <source-mac> The source MAC address to match against, followed by the mask. Enter the address in the format <HHHH.HHHH.HHHH>, where each H is a hexadecimal number.
- Page 789 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PROTOCOL ENTRY Table 24-6: IP protocol number and description (cont.) Protocol Number Protocol Description [RFC] Network Voice Protocol [RFC741] UDP (User Datagram Protocol) [RFC768] Host monitoring [RFC869] RDP (Reliable Data Protocol) [RFC908] IRTP (Internet Reliable Transaction Protocol) [RFC938] ISO-TP4 (ISO Transport Protocol Class 4) [RFC905] Bulk Data Transfer Protocol [RFC969]...
- Page 790 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: IP NAMED HARDWARE PROTOCOL ENTRY Default On an interface controlled by a hardware ACL, any traffic that does not explicitly match a filter is permitted. Usage To use this command, run the command access-list hardware (named hardware ACL) and enter the desired access-list name.
- Page 791 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: MAC NAMED HARDWARE ENTRY (named hardware ACL: MAC entry) Overview Use this command to add a MAC address filter entry to the current hardware access-list. The access-list will match on packets that have the specified source and destination MAC addresses.
- Page 792 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: MAC NAMED HARDWARE ENTRY Parameter Description <dest-mac> The destination MAC address to match against, followed by the mask. Enter the address in the format <HHHH.HHHH.HHHH>, where each H is a hexadecimal number. Enter the mask in the format <HHHH.HHHH.HHHH>, where each H is a hexadecimal number.
- Page 793 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: MAC NAMED HARDWARE ENTRY Related access-group Commands access-list hardware (named hardware ACL) match access-group show running-config show access-list (IPv4 Hardware ACLs) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
- Page 794 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: TCP NAMED HARDWARE ENTRY (named hardware ACL: TCP or UDP entry) Overview Use this command to add a TCP or UDP filter entry to the current hardware access-list. The access-list will match on TCP or UDP packets that have the specified source and destination IP addresses and optionally, port values.
- Page 795 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: TCP NAMED HARDWARE ENTRY Parameter Description host <ip-addr> Match a single source host with the IP address given by <ip-addr> in dotted decimal notation. <ip-addr>/<prefix> Match any source IP address within the specified subnet. Specify the subnet by entering the IPv4 address, then a forward slash, then the prefix length.
- Page 796 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACL: TCP NAMED HARDWARE ENTRY Then use this command (and the other “named hardware ACL: entry” commands) to add filter entries. You can add multiple filter entries to an ACL. You can insert a new filter entry into the middle of an existing list by specifying the appropriate sequence number.
-
Page 797: Commit (Ipv4)
(ACL) C ARDWARE CCESS ONTROL OMMANDS COMMIT commit (IPv4) Overview Use this command to commit the IPv4 ACL filter configuration entered at the console to the hardware immediately without exiting the IPv4 Hardware ACL Configuration mode. This command forces the associated hardware and software IPv4 ACLs to synchronize. -
Page 798: Show Access-List (Ipv4 Hardware Acls)
(ACL) C ARDWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST ARDWARE show access-list (IPv4 Hardware ACLs) Overview Use this command to display the specified access-list, or all access-lists if none have been specified. Note that only defined access-lists are displayed. An error message is displayed for an undefined access-list. - Page 799 (ACL) C ARDWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST ARDWARE % Can't find access-list 2 Related access-list (numbered hardware ACL for MAC addresses) Commands access-list hardware (named hardware ACL) 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 800: Show Interface Access-Group
(ACL) C ARDWARE CCESS ONTROL OMMANDS SHOW INTERFACE ACCESS GROUP show interface access-group Overview Use this command to display the access groups attached to a port. If an access group is specified, then the output only includes the ports that the specified access group is attached to. -
Page 801: Chapter 25: Ipv4 Software Access Control List (Acl) Commands
IPv4 Software Access Control List (ACL) Commands Introduction Overview This chapter provides an alphabetical reference for the IPv4 Software Access Control List (ACL) commands, and contains detailed command information and command examples about IPv4 software ACLs as applied to Routing and Multicasting, which are not applied to interfaces. - Page 802 (ACL) C OFTWARE CCESS ONTROL OMMANDS Table 25-1: IPv4 Software Access List Commands and Prompts Command Name Command Mode Prompt awplus# show ip access-list Privileged Exec awplus(config)# access-group Global Configuration awplus(config)# access-list (extended named) Global Configuration awplus(config)# access-list (extended numbered) Global Configuration awplus(config)# access-list (standard named)
- Page 803 (ACL) C OFTWARE CCESS ONTROL OMMANDS • “show ip access-list” on page 839 • “show ip prefix-list” on page 840 • “vty access-class (numbered)” on page 841 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 804: Access-List Extended (Named)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED access-list extended (named) Overview This command configures an extended named access-list that permits or denies packets from specific source and destination IP addresses. You can either create an extended named ACL together with an ACL filter entry in the Global Configuration mode, or you can use the IPv4 Extended ACL Configuration mode for sequenced ACL filter entry after entering a list name. - Page 805 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED Table 25-2: Parameters in the access-list extended (named) command - icmp Parameter Description <source> The source address of the packets. You can specify a single host, a subnet, or all sources. The following are the valid formats for specifying the source: Matches any source IP address.
- Page 806 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED Table 25-2: Parameters in the access-list extended (named) command - icmp Parameter Description <type-number> The ICMP type, as defined in RFC792 and RFC950. Specify one of the following integers to create a filter for the ICMP message type: Echo replies.
- Page 807 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED Table 25-3: Parameters in the access-list extended (named) command - tcp|udp Parameter Description <source> The source address of the packets. You can specify a single host, a subnet, or all sources. The following are the valid formats for specifying the source: Matches any source IP address.
- Page 808 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED Table 25-4: Parameters in the access-list extended (named) command - proto|ip|any Parameter Description <list-name> A user-defined name for the access-list. deny The access-list rejects packets that match the type, source, and destination filtering specified with this command.
- Page 809 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED Table 25-4: Parameters in the access-list extended (named) command - proto|ip|any (cont.) Parameter Description Logs the results. <ip-protocol> The IP protocol number, as defined by IANA (Internet Assigned Numbers Authority www.iana.org/assignments/protocol-numbers) ...
- Page 810 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED Table 25-5: IP protocol number and description (cont.) Protocol Number Protocol Description [RFC] OSPFIGP [RFC1583] Ethernet-within-IP Encapsulation / RFC3378 Encapsulation Header / RFC1241 IP Payload Compression Protocol / RFC2393 Virtual Router Redundancy Protocol / RFC3768 RSVP-E2E-IGNORE / RFC3175 Mobility Header / RFC3775 UDPLite / RFC3828...
- Page 811 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NAMED Alternatively, you can enter the extended named ACL in Global Configuration mode before specifying the ACL filter entry in the IPv4 Extended ACL Configuration mode, as shown below: awplus# configure terminal awplus(config)# access-list extended TK awplus(config-ip-ext-acl)#...
-
Page 812: Access-List (Extended Numbered)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NUMBERED access-list (extended numbered) Overview This command configures an extended numbered access-list that permits or denies packets from specific source and destination IP addresses. You can either create an extended numbered ACL together with an ACL filter entry in the Global Configuration mode, or you can use the IPv4 Extended ACL Configuration mode for sequenced ACL filter entry after entering a list number. - Page 813 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED NUMBERED Parameter Description <destination> The destination address of the packets. You can specify a single host, a subnet, or all destinations. The following are the valid formats for specifying the destination: Matches any destination IP address.
- Page 814 (ACL) C OFTWARE CCESS ONTROL OMMANDS ICMP ACCESS LIST EXTENDED FILTER (access-list extended ICMP filter) Overview Use this ACL filter to add a new ICMP filter entry to the current extended access-list. If the sequence number is specified, the new filter is inserted at the specified location.
- Page 815 (ACL) C OFTWARE CCESS ONTROL OMMANDS ICMP ACCESS LIST EXTENDED FILTER Parameter Description icmp-type The ICMP type. <icmp-value> The value of the ICMP type. Log the results. Mode IPv4 Extended ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied.
- Page 816 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED FILTER (access-list extended IP filter) Overview Use this ACL filter to add a new IP filter entry to the current extended access-list. If the sequence number is specified, the new filter is inserted at the specified location.
- Page 817 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED FILTER Parameter Description <destination> The destination address of the packets. You can specify a single host, a subnet, or all destinations. The following are the valid formats for specifying the destination: Matches any destination IP address.
- Page 818 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED FILTER Then use the following commands to add a new entry to the named access-list my-acl that will reject packets from 10.0.0.1 to 192.168.1.1: awplus(config-ip-ext-acl)# deny ip host 10.0.0.1 host 192.168.1.1 awplus(config-ip-ext-acl)# 20 permit ip any any Example 3...
- Page 819 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED PROTOCOL FILTER (access-list extended IP protocol filter) Overview Use this ACL filter to add a new IP protocol type filter entry to the current extended access-list. If the sequence number is specified, the new filter is inserted at the specified location.
- Page 820 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED PROTOCOL FILTER Parameter Description <destination> The destination address of the packets. You can specify a single host, a subnet, or all destinations. The following are the valid formats for specifying the destination: <ip-addr>/ An IPv4 address, followed by a forward <prefix>...
- Page 821 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED PROTOCOL FILTER Table 25-6: IP protocol number and description (cont.) Protocol Number Protocol Description [RFC] Destination Options for IPv6 [RFC1883] EIGRP (Enhanced Interior Gateway Routing Protocol) OSPFIGP [RFC1583] Ethernet-within-IP Encapsulation / RFC3378 Encapsulation Header / RFC1241 IP Payload Compression Protocol / RFC2393 Virtual Router Redundancy Protocol / RFC3768...
- Page 822 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST EXTENDED PROTOCOL FILTER Example 2 Use the following commands to add a new access-list filter entry at sequence position 5 in the access-list named my-list that will accept packets from source [adding to a list] address 10.10.1.1/24 to destination address 192.68.1.1/24: awplus# configure terminal...
- Page 823 (ACL) C OFTWARE CCESS ONTROL OMMANDS TCP UDP ACCESS LIST EXTENDED FILTER (access-list extended TCP UDP filter) Overview Use this ACL filter to add a new TCP or UDP filter entry to the current extended access-list. If the sequence number is specified, the new filter is inserted at the specified location.
- Page 824 (ACL) C OFTWARE CCESS ONTROL OMMANDS TCP UDP ACCESS LIST EXTENDED FILTER Parameter Description <destination> The destination address of the packets. You can specify a single host, a subnet, or all destinations. The following are the valid formats for specifying the destination: <ip-addr>/ An IPv4 address, followed by a <prefix>...
-
Page 825: Access-List Standard (Named)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED access-list standard (named) Overview This command configures a standard named access-list that permits or denies packets from a specific source IP address. You can either create a standard named ACL together with an ACL filter entry in the Global Configuration mode, or you can use the IPv4 Standard ACL Configuration mode for sequenced ACL filter entry after first entering an access-list name. - Page 826 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED Usage Use this command when configuring a standard named access-list for filtering IP software packets. You can either create access-lists from within this command, or you can enter access-list standard followed by only the name. Entering only the name moves you to the IPv4 Standard ACL Configuration mode for the selected access-list.
-
Page 827: Access-List (Standard Numbered)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED access-list (standard numbered) Overview This command configures a standard numbered access-list that permits or denies packets from a specific source IP address. You can either create a standard numbered ACL together with an ACL filter entry in the Global Configuration mode, or you can use the IPv4 Standard ACL Configuration mode for sequenced ACL filter entry after first entering an access-list number. - Page 828 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED You can either create access-lists from within this command, or you can enter access-list followed by only the number. Entering only the number moves you to the IPv4 Standard ACL Configuration mode for the selected access-list. From there you can configure your access-lists by using the command (access-list standard numbered...
- Page 829 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED FILTER (access-list standard named filter) Overview This ACL filter adds a source IP address filter entry to a current named standard access-list. If the sequence number is specified, the new filter entry is inserted at the specified location.
- Page 830 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED FILTER Usage An ACL can be configured with multiple ACL filters using sequence numbers. If the sequence number is omitted, the next available multiple of 10 will be used as the sequence number for the new filter.
- Page 831 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED FILTER (access-list standard numbered filter) Overview This ACL filter adds a source IP address filter entry to a current standard numbered access-list. If a sequence number is specified, the new filter entry is inserted at the specified location.
- Page 832 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED FILTER Usage An ACL can be configured with multiple ACL filters using sequence numbers. If the sequence number is omitted, the next available multiple of 10 will be used as the sequence number for the new filter.
-
Page 833: Clear Ip Prefix-List
(ACL) C OFTWARE CCESS ONTROL OMMANDS CLEAR IP PREFIX LIST clear ip prefix-list Overview Use this command to reset the hit count to zero in the prefix-list entries. clear ip prefix-list [<list-name>] [<ip-address>/<mask>] Syntax Parameter Description <list-name> The name of the prefix-list. <ip-address>/<mask>... -
Page 834: Ip Prefix-List
(ACL) C OFTWARE CCESS ONTROL OMMANDS IP PREFIX LIST ip prefix-list Overview Use this command to create an entry for an IPv4 prefix list. Use the no variant of this command to delete the IPv4 prefix-list entry. Syntax ip prefix-list <list-name> [seq <1-429496725>] {deny|permit} {any|<ip-prefix>} [ge <0-32>] [le <0-32>] ip prefix-list <list-name>... - Page 835 (ACL) C OFTWARE CCESS ONTROL OMMANDS IP PREFIX LIST In the below sample configuration, the last ip prefix-list command in the Example below list matches all, and the first ip prefix-list command denies the IP network 76.2.2.0: awplus(config)# router bgp 100 awplus(config-router)# network 172.1.1.0 awplus(config-router)#...
-
Page 836: Maximum-Access-List
(ACL) C OFTWARE CCESS ONTROL OMMANDS MAXIMUM ACCESS LIST maximum-access-list Overview Sets the maximum number of filters that can be added to any access-list. These are access-lists within the ranges <1-199>, <1300-1999> and <2000-2699> and named standard and extended access-lists. The no variant of this command removes the limit on the number of filters that can be added to a software access-list maximum-access-list <1-4294967294>... -
Page 837: Show Access-List (Ipv4 Software Acls)
(ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST OFTWARE show access-list (IPv4 Software ACLs) Overview Use this command to display the specified access-list, or all access-lists if none have been specified. Note that only defined access-lists are displayed. An error message is displayed for an undefined access-list show access-list Syntax... - Page 838 (ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST OFTWARE Standard IP access-list 20 deny 192.168.10.0, wildcard bits 0.0.0.255 deny 192.168.12.0, wildcard bits 0.0.0.255 Note the following error message is displayed if you attempt to show an undefined access-list: awplus# show access-list 2 ...
-
Page 839: Show Ip Access-List
(ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW IP ACCESS LIST show ip access-list Overview Use this command to display IP access-lists. show ip access-list Syntax [<1-99>|<100-199>|<1300-1999>|<2000-2699>|<access-list-name>] Parameter Description <1-99> IP standard access-list. <100-199> IP extended access-list. <1300-1999> IP standard access-list (expanded range). <2000-2699>... -
Page 840: Show Ip Prefix-List
(ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW IP PREFIX LIST show ip prefix-list Overview Use this command to display the IPv4 prefix-list entries. Note that this command is valid for RIP and BGP routing protocols only. show ip prefix-list [<name>|detail|summary] Syntax Parameter Description... -
Page 841: Vty Access-Class (Numbered)
(ACL) C OFTWARE CCESS ONTROL OMMANDS VTY ACCESS CLASS NUMBERED vty access-class (numbered) Overview For IPv4, use this command to set a standard numbered software access list to be the management ACL. This is then applied to all available VTY lines for controlling remote access by Telnet and SSH. -
Page 842: Chapter 26: Ipv6 Software Access Control List (Acl) Commands
IPv6 Software Access Control List (ACL) Commands Introduction Overview This chapter provides an alphabetical reference for the IPv6 Software Access Control List (ACL) commands, and contains detailed command information and command examples about IPv6 software ACLs as applied to Routing and Multicasting, which are not applied to interfaces. - Page 843 (ACL) C OFTWARE CCESS ONTROL OMMANDS Table 26-1: IPv6 Software Access List Commands and Prompts Command Name Command Mode Prompt awplus# show ipv6 access-list (IPv6 Software Privileged Exec ACLs) awplus(config)# ipv6 access-list standard (named) Global Configuration awplus(config-ipv6-std-acl)# (ipv6 access-list standard filter) IPv6 Standard ACL Configuration Command List...
-
Page 844: Ipv6 Access-List Standard (Named)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED ipv6 access-list standard (named) Overview This command configures an IPv6 standard access-list for filtering frames that permit or deny IPv6 packets from a specific source IPv6 address. The no variant of this command removes a specified IPv6 standard access-list. Syntax ipv6 access-list standard <ipv6-acl-list-name>... - Page 845 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED For backwards compatibility you can either create IPv6 standard access-lists from within this command, or you can enter ipv6 access-list standard followed by only the IPv6 standard access-list name. This latter (and preferred) method moves you to the (config-ipv6-std-acl) prompt for the selected IPv6 standard access-list, and from here you can configure the filters for this selected IPv6 standard access-list.
- Page 846 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD FILTER (ipv6 access-list standard filter) Overview Use this ACL filter to add a filter entry for an IPv6 source address and prefix length to the current standard IPv6 access-list. If a sequence number is specified, the new entry is inserted at the specified location.
- Page 847 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD FILTER To remove the ACL filter entry that will deny any IPv6 packets from the standard IPv6 access-list named my-list, enter the commands: awplus# configure terminal awplus(config)# ipv6 access-list standard my-list awplus(config-ipv6-std-acl)# no deny any Alternately, to remove the ACL filter entry with sequence number 5 to the...
-
Page 848: Show Ipv6 Access-List (Ipv6 Software Acls)
(ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW IPV ACCESS LIST OFTWARE show ipv6 access-list (IPv6 Software ACLs) Overview Use this command to display all configured IPv6 access-lists or the IPv6 access-list specified by name. show ipv6 access-list [<access-list-name>] Syntax show ipv6 access-list standard [<access-list-name>] Parameter Description <access-list-name>... -
Page 849: Vty Ipv6 Access-Class (Named)
(ACL) C OFTWARE CCESS ONTROL OMMANDS VTY IPV ACCESS CLASS NAMED vty ipv6 access-class (named) Overview For IPv6, use this command to set a standard named software access list to be the management ACL. This is then applied to all available VTY lines for controlling remote access by Telnet and SSH. -
Page 850: Qos Commands
QoS Commands Introduction Overview This chapter provides an alphabetical reference for Quality of Service commands. QoS uses ACLs. For more information about ACLs, see the ACL Feature Overview and Configuration Guide. Command List • “class” on page 852 • “class-map” on page 853 •... - Page 851 OMMANDS • “police twin-rate action” on page 874 • “policy-map” on page 876 • “priority-queue” on page 877 • “remark-map” on page 878 • “remark new-cos” on page 880 • “service-policy input” on page 882 • “show class-map” on page 883 •...
-
Page 852: Class
OMMANDS CLASS class Overview Use this command to associate an existing class-map to a policy or policy-map (traffic classification), and to enter Policy Map Class Configuration mode to configure the class- map. Use the no variant of this command to delete an existing class-map. If your class-map does not exist, you can create it by using the class-map command. -
Page 853: Class-Map
OMMANDS CLASS class-map Overview Use this command to create a class-map. Use the no variant of this command to delete the named class-map. Syntax class-map <name> no class-map <name> Parameter Description <name> Name of the class-map to be created. Mode Global Configuration This example creates a class-map called cmap1, use the commands: Example... -
Page 854: Clear Mls Qos Interface Policer-Counters
OMMANDS CLEAR MLS QOS INTERFACE POLICER COUNTERS clear mls qos interface policer-counters Overview Resets an interface’s policer counters to zero. You can either clear a specific class-map, or you can clear all class-maps by not specifying a class map. clear mls qos interface <port> policer-counters [class-map Syntax <class-map>] Parameter... -
Page 855: Default-Action
OMMANDS DEFAULT ACTION default-action Overview Sets the action for the default class-map belonging to a particular policy-map. The action for a non-default class-map depends on the action of any ACL that is applied to the policy-map. The default action can therefore be thought of as specifying the action that will be applied to any data that does not meet the criteria specified by the applied matching commands. -
Page 856: Description (Qos Policy-Map)
OMMANDS DESCRIPTION POLICY description (QoS policy-map) Overview Adds a textual description of the policy-map. This can be up to 80 characters long. Use the no variant of this command to remove the current description from the policy-map. Syntax description <line> no description Parameter Description... -
Page 857: Match Access-Group
OMMANDS MATCH ACCESS GROUP match access-group Overview Use this command to apply an ACL to a class-map. Use the no variant of this command to remove the match. Syntax match access-group {<hw-IP-ACL>|<hw-MAC-ACL>|<hw-named-ACL>} no match access-group {<hw-IP-ACL>|<hw-MAC-ACL>|<hw-named-ACL>} Parameter Description <hw-IP-ACL> Specify a hardware IP ACL number in the range <3000-3699>. <hw-MAC-ACL>... - Page 858 OMMANDS MATCH ACCESS GROUP To configure a class-map named “cmap3”, which matches traffic against access-list “hw_acl”, which allows IP traffic from any source to any destination, use the commands: awplus# configure terminal awplus(config)# access-list hardware hw_acl awplus(config-ip-hw-acl)# permit ip any any awplus(config)# class-map cmap3 awplus(config-cmap)#...
-
Page 859: Match Cos
OMMANDS MATCH COS match cos Overview Use this command to define a COS to match against incoming packets. Use the no variant of this command to remove CoS. Syntax match cos <0-7> no match cos Parameter Description <0-7> Specify the CoS value. Mode Class Map Configuration To set the class-map’s CoS to 4, use the commands:... -
Page 860: Match Dscp
OMMANDS MATCH DSCP match dscp Overview Use this command to define the DSCP to match against incoming packets. Use the no variant of this command to remove a previously defined DSCP. Syntax match dscp <0-63> no match dscp Parameter Description <0-63>... -
Page 861: Match Eth-Format Protocol
OMMANDS MATCH ETH FORMAT PROTOCOL match eth-format protocol Overview This command sets the Ethernet format and the protocol for a class-map to match Select one Layer 2 format and one Layer 3 protocol when you issue this command. Use the no variant of this command to remove the configured Ethernet format and protocol from a class-map. - Page 862 OMMANDS MATCH ETH FORMAT PROTOCOL Parameter Description ecma-internet Protocol Number 0803 (enter the parameter name or its number). chaosnet Protocol Number 0804 (enter the parameter name or its number). xdot25-level-3 Protocol Number 0805 (enter the parameter name or its number). arp Protocol Number 0806 (enter the parameter name or its number).
- Page 863 OMMANDS MATCH ETH FORMAT PROTOCOL Parameter Description ethertalk-2 Protocol Number 809B (enter the parameter name or its number). ethertalk-2-aarp Protocol Number 80F3 (enter the parameter name or its number). ipx-snap Protocol Number 8137 (enter the parameter name or its number). ipx-802dot3 Protocol Number FFFF (enter the parameter name or its number).
-
Page 864: Match Ip-Precedence
OMMANDS MATCH IP PRECEDENCE match ip-precedence Overview Use this command to identify IP precedence values as match criteria. Use the no variant of this command to remove IP precedence values from a class-map. Syntax match ip-precedence <0-7> no match ip-precedence Parameter Description <0-7>... -
Page 865: Match Mac-Type
OMMANDS MATCH MAC TYPE match mac-type Overview Use this command to set the MAC type for a class-map to match on. Use no variant of this command to remove the MAC type match entry. Syntax match mac-type {l2bcast|l2mcast|l2ucast} no match mac-type Parameter Description l2bcast... -
Page 866: Match Tcp-Flags
OMMANDS MATCH TCP FLAGS match tcp-flags Overview Sets one or more TCP flags (control bits) for a class-map to match on. Use the no variant of this command to remove one or more TCP flags for a class-map to match on. Syntax match tcp-flags {[ack][fin][psh][rst][syn][urg]} no match tcp-flags {[ack][fin][psh][rst][syn][urg]}... -
Page 867: Match Vlan
OMMANDS MATCH VLAN match vlan Overview Use this command to define the VLAN ID as match criteria. Use the no variant of this command to disable the VLAN ID used as match criteria. Syntax match vlan <1-4094> no match vlan Parameter Description <1-4094>... -
Page 868: Mls Qos Cos
OMMANDS MLS QOS COS mls qos cos Overview This command assigns a CoS (Class of Service) user-priority value to untagged frames entering a specified interface. By default, all untagged frames are assigned a CoS value of 0. Use the no variant of this command to return the interface to the default CoS setting for untagged frames entering the interface. -
Page 869: Mls Qos Enable
OMMANDS MLS QOS ENABLE mls qos enable Overview Use this command to globally enable QoS on the switch or stack. Use the no variant of this command to globally disable QoS and remove all QoS configuration. The no variant of this command removes all class-maps, policy-maps, and policers that have been created. -
Page 870: Mls Qos Map Cos-Queue To
OMMANDS MLS QOS MAP COS QUEUE TO mls qos map cos-queue to Overview Use this command to set the default CoS to egress queue mapping. This is the default queue mapping for packets that do not get assigned an egress queue via any other QoS functionality. -
Page 871: Mls Qos Map Premark-Dscp To
OMMANDS MLS QOS MAP PREMARK DSCP TO mls qos map premark-dscp to Overview This command configures the premark-dscp map. It is used when traffic is classified by a class-map that has trust dscp configured. Based on a lookup DSCP, the map determines new QoS settings for the traffic. The no variant of this command resets the premark-dscp map to its defaults. -
Page 872: No Police
OMMANDS NO POLICE no police Overview Use this command to disable any policer previously configured on the class-map. no police Syntax Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class-map. Example To disable policing on a class-map use the command: awplus# configure terminal awplus(config)#... -
Page 873: Police Single-Rate Action
OMMANDS POLICE SINGLE RATE ACTION police single-rate action Overview Configures a single-rate policer for a class-map. police single-rate <rate> <number> <number> action drop-red Syntax Parameter Description <rate> Specify the maximum rate (1-16000000 kbps). <number> Specify any decimal number between 0 and 16777216. The switch ignores these values. -
Page 874: Police Twin-Rate Action
OMMANDS POLICE TWIN RATE ACTION police twin-rate action Overview Configures a twin-rate policer for a class-map. police twin-rate <cir> <pir> <cbs> <pbs> action Syntax {drop-red|remark-transmit} Parameter Description <cir> Specify the Committed Information Rate (CIR) (1-40000000 kbps). <pir> Specify the Peak Information Rate (PIR) (1-40000000 kbps). <cbs>... - Page 875 OMMANDS POLICE TWIN RATE ACTION Using an action of remark-transmit means that the packet will be remarked with the values configured in the policed-dscp map. The index into this map is determined by the DSCP in the packet. Note that the remark-map does not only apply to red traffic.
-
Page 876: Policy-Map
OMMANDS POLICY policy-map Overview Use this command to create a policy-map and to enter Policy Map Configuration mode to configure the specified policy-map. Use the no variant of this command to delete an existing policy-map. Syntax policy-map <name> no policy-map <name> Parameter Description <name>... -
Page 877: Priority-Queue
OMMANDS PRIORITY QUEUE priority-queue Overview Configures strict priority based scheduling on the specified egress queues. You must specify at least one queue. priority-queue [0][1][2][3][4][5][6][7] Syntax Parameter Description [0][1]...[7] Specify the queues that will use strict priority scheduling. With strict priority scheduling, the switch will completely empty the highest numbered queue first, then start processing the next lowest numbered queue. -
Page 878: Remark-Map
OMMANDS REMARK remark-map Overview Use this command to configure the remark map. If a re-mark map is applied to a class, and a policer is also applied to the same class, then: • green and yellow traffic will all be acted upon by the remark-map, and •... - Page 879 OMMANDS REMARK To reset the DSCP for all bandwidth classes, use the commands: awplus# configure terminal awplus(config)# policy-map pmap1 awplus(config-pmap)# class cmap1 awplus(config-pmap-c)# no remark-map to new-dscp Related police single-rate action Commands police twin-rate action 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 880: Remark New-Cos
OMMANDS REMARK NEW remark new-cos Overview This command enables you to configure and remark either or both of: • the CoS flag in the data packet • the input into the CoS to queue map, thus changing the destination egress queue. - Page 881 OMMANDS REMARK NEW Figure 27-1: Remarking and the CoS to Q map Table 27-1: CoS to egress queue remarking function Input Command Output CoS field = 1 Remark new-cos (not CoS value = 1 configured) Packet sent to egress queue 0 CoS field = 1 Remark new-cos 2 external CoS value = 2...
-
Page 882: Service-Policy Input
OMMANDS SERVICE POLICY INPUT service-policy input Overview Use this command to apply a policy-map to the input of an interface. Use the no variant of this command to remove a policy-map and interface association. Syntax service-policy input <policy-map> no service-policy input <policy-map> Parameter Description <policy-map>... -
Page 883: Show Class-Map
OMMANDS SHOW CLASS show class-map Overview Use this command to display the QoS class-maps’ criteria for classifying traffic. show class-map [<class-map-name>] Syntax Parameter Description <class-map-name> Name of the class-map. Mode User Exec and Privileged Exec Example To display a QoS class-map’s match criteria for classifying traffic, use the command: awplus# show class-map cmap1 Output... -
Page 884: Show Mls Qos
OMMANDS SHOW MLS QOS show mls qos Overview Use this command to display whether QoS is enabled or disabled on the switch. show mls qos Syntax Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled, use the command: awplus# show mls qos Output... -
Page 885: Show Mls Qos Interface
OMMANDS SHOW MLS QOS INTERFACE show mls qos interface Overview Displays the current settings for the interface. This includes its default CoS and queue, scheduling used for each queue, and any policies/maps that are attached. show mls qos interface [<port>] Syntax Parameter Description... - Page 886 OMMANDS SHOW MLS QOS INTERFACE Egress Queue: 2 Status: Enabled Scheduler: Strict Priority Queue Limit: 12% Egress Rate Limit: 0 Kb Egress Queue: 3 Status: Enabled Scheduler: Wrr Group 2 Weight: 10 Queue Limit: 12% Egress Rate Limit: 0 Kb Egress Queue: 4...
- Page 887 OMMANDS SHOW MLS QOS INTERFACE Table 28: Parameters in the output of the show mls qos interface command Parameter Description Queue Limit The percentage of the port’s buffers that have been allocated to this queue. Egress Rate Limit The amount of traffic that can be transmitted via this queue per second.
-
Page 888: Show Mls Qos Interface Policer-Counters
OMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS show mls qos interface policer-counters Overview This command displays an interface’s policer counters. This can either be for a specific class-map or for all class-maps attached to the interface. If no class-map is specified then all class-map policer counters attached to the interface are displayed. -
Page 889: Show Mls Qos Interface Queue-Counters
OMMANDS SHOW MLS QOS INTERFACE QUEUE COUNTERS show mls qos interface queue-counters Overview This command displays an interface’s egress queue counters. This can either be for a specific queue or for all queues on the interface. If no queue is specified all queue counters on the interface will be displayed. -
Page 890: Show Mls Qos Interface Storm-Status
OMMANDS SHOW MLS QOS INTERFACE STORM STATUS show mls qos interface storm-status Overview Show the current configuration and status of the QoS Storm Protection (QSP) on the given port. show mls qos interface <port> storm-status Syntax Parameter Description <port> Switch port. Mode User Exec and Privileged Exec Example... -
Page 891: Show Mls Qos Maps Cos-Queue
OMMANDS SHOW MLS QOS MAPS COS QUEUE show mls qos maps cos-queue Overview Show the current configuration of the cos-queue map. show mls qos maps cos-queue Syntax Mode User Exec and Privileged Exec Example To display the current configuration of the cos-queue map, use the command: awplus# show mls qos maps cos-queue Output... -
Page 892: Show Mls Qos Maps Premark-Dscp
OMMANDS SHOW MLS QOS MAPS PREMARK DSCP show mls qos maps premark-dscp Overview This command displays the premark-dscp map. This map is used to determine the queue on the basis of the DSCP. show mls qos maps premark-dscp [<0-63>] Syntax Parameter Description <0-63>... - Page 893 OMMANDS SHOW PLATFORM CLASSIFIER STATISTICS UTILIZATION BRIEF show platform classifier statistics utilization brief Overview This command displays the number of used entries available for various platform functions, and the percentage that number of entries represents of the total available. Syntax show platform classifier statistics utilization brief Mode Privileged Exec...
-
Page 894: Show Policy-Map
OMMANDS SHOW POLICY show policy-map Overview Displays the policy-maps configured on the switch. The output also shows whether or not they are connected to a port (attached / detached) and shows their associated class-maps. show policy-map [<name>] Syntax Parameter Description <name>... -
Page 895: Storm-Action
OMMANDS STORM ACTION storm-action Overview Sets the action to be taken when triggered by QoS Storm Protection (QSP). There are three available options: • portdisable will disable the port in software. • vlandisable will disable the port from the VLAN matched by the class-map in class-map. -
Page 896: Storm-Downtime
OMMANDS STORM DOWNTIME storm-downtime Overview Sets the time to re-enable a port that has been disabled by QoS Storm Protection (QSP). The time is given in seconds, from a minimum of one second to maximum of 86400 seconds (i.e. one day). The no variant of this command resets the time to the default value of 10 seconds. -
Page 897: Storm-Protection
OMMANDS STORM PROTECTION storm-protection Overview Use this command to enable Policy Based Storm Protection (such as QSP - QoS Storm Protection). Storm protection is activated as soon as a port is enabled. However, it will only be functional after storm-rate storm-window have been set. -
Page 898: Storm-Rate
OMMANDS STORM RATE storm-rate Overview Sets the data rate that triggers the storm-action. The rate is in kbps and the range is from 1kbps to 40Gbps. Note that this setting is made in conjunction with the storm-window command. Use the no variant of this command to negate the storm-rate command. storm-rate <1-40000000>... -
Page 899: Storm-Window
OMMANDS STORM WINDOW storm-window Overview Sets the window size of QoS Storm Protection (QSP). This sets the time to poll the data-rate every given milliseconds. Minimum window size is 100 ms and the maximum size is 60 sec. Use the no variant of this command to negate the storm-window command. Syntax storm-window <100-60000>... -
Page 900: Trust Dscp
OMMANDS TRUST DSCP trust dscp Overview This command enables the premark-dscp map to send traffic to a particular egress queue, based on a lookup DSCP value. trust dscp Syntax no trust Mode Policy-Map Configuration. Because policy-maps are applied to ports, you can think of trust dscp as a per-port setting. -
Page 901: Wrr-Queue Disable Queues
OMMANDS QUEUE DISABLE QUEUES wrr-queue disable queues Overview Use this command to disable an egress queue from transmitting traffic. The no variant of this command enables an egress queue to transmit traffic. Syntax wrr-queue disable queues [0][1][2][3][4][5][6][7] no wrr-queue disable queues [0][1][2][3][4][5][6][7] Parameter Description [0][2]...[7]... -
Page 902: Wrr-Queue Egress-Rate-Limit Queues
OMMANDS QUEUE EGRESS RATE LIMIT QUEUES wrr-queue egress-rate-limit queues Overview Sets a limit on the amount of traffic that can be transmitted per second from these queues. The default unit is in Kb, but Mb or Gb can also be specified. The minimum is 651Kb. -
Page 903: Wrr-Queue Weight Queues
OMMANDS QUEUE WEIGHT QUEUES wrr-queue weight queues Overview This command configures weighted round-robin based scheduling on the specified egress queues on switch port interfaces only. The weights are specified as ratios relative to each other. wrr-queue weight <1-15> queues [0][1][2][3][4][5][6][7] Syntax Parameter Description... -
Page 904: Chapter 28: 802.1X Commands
802.1X Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure 802.1X port access control. For more information, see the AAA and Port Authentication Feature Overview and Configuration Guide Command List • “debug dot1x” on page 906 •... - Page 905 802.1X C OMMANDS • “undebug dot1x” on page 941 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 906: Debug Dot1X
802.1X C OMMANDS DEBUG DOT debug dot1x Overview Use this command to enable 802.1X IEEE Port-Based Network Access Control troubleshooting functions. Use the no variant of this command to disable this function. Syntax debug dot1x [all|auth-web|event|nsm|packet|timer] no debug all dot1x no debug dot1x [all|auth-web|event|nsm|packet|timer] Parameter Description... -
Page 907: Dot1X Control-Direction
802.1X C OMMANDS X CONTROL DIRECTION dot1x control-direction Overview This command sets the direction of the filter for the unauthorized interface. If the optional in parameter is specified with this command then packets entering the specified port are discarded. The in parameter discards the ingress packets received from the supplicant. - Page 908 802.1X C OMMANDS X CONTROL DIRECTION To set the port direction to the default (both) for authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# no dot1x control-direction Related auth profile (Global Configuration) Commands show dot1x show dot1x interface show auth interface 613-50137-01 Rev A...
-
Page 909: Dot1X Eap
802.1X C OMMANDS X EAP dot1x eap Overview This command selects the transmit mode for the EAP packet. If the authentication feature is not enabled then EAP transmit mode is not enabled. The default setting discards EAP packets. dot1x eap {discard|forward|forward-untagged-vlan|forward-vlan} Syntax Parameter Description... -
Page 910: Dot1X Eapol-Version
802.1X C OMMANDS X EAPOL VERSION dot1x eapol-version Overview This command sets the EAPOL protocol version for EAP packets when 802.1X port authentication is applied. Use the no variant of this command to set the EAPOL protocol version to 1. The default EAPOL protocol version is version 1. - Page 911 802.1X C OMMANDS X EAPOL VERSION Validation auth profile (Global Configuration) Commands show dot1x show dot1x interface 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 912: Dot1X Initialize Interface
802.1X C OMMANDS X INITIALIZE INTERFACE dot1x initialize interface Overview This command removes authorization for a connected interface with the specified<interface-list>. The connection will attempt to re-authorize when the specified port attempts to make use of the network connection. : Reauthentication could be a long time after the use of this command because NOTE the reauthorization attempt is not triggered by this command. -
Page 913: Dot1X Initialize Supplicant
802.1X C OMMANDS X INITIALIZE SUPPLICANT dot1x initialize supplicant This command removes authorization for a connected supplicant with the Overview specified MAC address or username. The connection will attempt to re-authorize when the specified supplicant attempts to make use of the network connection. : Reauthentication could be a long time after the use of this command because NOTE the reauthorization attempt is not triggered by this command. -
Page 914: Dot1X Keytransmit
802.1X C OMMANDS X KEYTRANSMIT dot1x keytransmit Overview This command enables key transmission on the interface specified previously in Interface mode. The no variant of this command disables key transmission on the interface specified. Syntax dot1x keytransmit no dot1x keytransmit Default Key transmission for port authentication is enabled by default. -
Page 915: Dot1X Max-Auth-Fail
802.1X C OMMANDS X MAX AUTH FAIL dot1x max-auth-fail Overview Use this command to configure the maximum number of login attempts for a supplicant (client device) using the auth-fail vlan feature, when using 802.1X port authentication on an interface. The no variant of this command resets the maximum login attempts for a supplicant (client device) using the auth-fail vlan feature, to the default configuration of 3 login attempts. - Page 916 802.1X C OMMANDS X MAX AUTH FAIL To configure the maximum number of login attempts for a supplicant on authentication profile 'student' to a single (1) login attempt, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# dot1x max-auth-fail 1 To configure the maximum number of login attempts for a supplicant on authentication profile 'student' to the default number of three (3) login attempts, use the commands:...
-
Page 917: Dot1X Max-Reauth-Req
802.1X C OMMANDS X MAX REAUTH dot1x max-reauth-req Overview This command sets the number of reauthentication attempts before an interface is unauthorized. The no variant of this command resets the reauthentication delay to the default. Syntax dot1x max-reauth-req <1-10> no dot1x max-reauth-req Parameter Description <1-10>... - Page 918 802.1X C OMMANDS X MAX REAUTH To configure the maximum number of reauthentication attempts for authentication profile 'student' to the default maximum number of two (2) reauthentication attempts, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# no dot1x max-reauth-req Validation show running-config Commands...
-
Page 919: Dot1X Port-Control
802.1X C OMMANDS X PORT CONTROL dot1x port-control Overview This command enables 802.1X port authentication on the interface specified, and sets the control of the authentication port. The no variant of this command disables the port authentication on the interface specified. - Page 920 802.1X C OMMANDS X PORT CONTROL To disable port authentication on the interface port1.0.2, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no dot1x port-control To enable port authentication on authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)#...
-
Page 921: Dot1X Timeout Tx-Period
802.1X C OMMANDS X TIMEOUT TX PERIOD dot1x timeout tx-period Overview This command sets the transmit timeout for the authentication request on the specified interface. The no variant of this command resets the transmit timeout period to the default (30 seconds). Syntax dot1x timeout tx-period <1-65535>... - Page 922 802.1X C OMMANDS X TIMEOUT TX PERIOD Validation auth profile (Global Configuration) Commands show dot1x show dot1x interface 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 923: Show Debugging Dot1X
802.1X C OMMANDS SHOW DEBUGGING DOT show debugging dot1x Overview Use this command to display the 802.1X debugging option set. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide. Syntax show debugging dot1x Mode... -
Page 924: Show Dot1X
802.1X C OMMANDS SHOW DOT show dot1x Overview This command shows authentication information for dot1x (802.1X) port authentication. If you specify the optional all parameter then this command also displays all authentication information for each port available on the switch. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 925 802.1X C OMMANDS SHOW DOT Table 1: Example output from the show dot1x command (cont.) dot1x: enabled protocolVersion: 1 authMac: enabled method: PAP reauthRelearning: disabled authWeb: enabled method: PAP lockCount: 3 packetForwarding: disabled twoStepAuthentication: configured: enabled actual: enabled SupplicantMac: none supplicantMac: none...
- Page 926 802.1X C OMMANDS SHOW DOT Table 1: Example output from the show dot1x command (cont.) authEaplogoggWhileAuthenticating: 0 authReauthsWhileAuthenticated: 0 authEapstartWhileAuthenticated: 0 authEaplogoffWhileAuthenticated: 0 BackendResponses: 2 BackendAccessChallenges: 1 BackendOtherrequestToSupplicant: 3 BackendAuthSuccess: 1 BackendAuthFails: 0 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 927: Show Dot1X Diagnostics
802.1X C OMMANDS SHOW DOT X DIAGNOSTICS show dot1x diagnostics Overview This command shows 802.1X authentication diagnostics for the specified interface (optional), which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. If no interface is specified then authentication diagnostics are shown for all interfaces. - Page 928 802.1X C OMMANDS SHOW DOT X DIAGNOSTICS Output Figure 28-1: Example output from the show dot1x diagnostics command Authentication Diagnostics for interface port1.0.5 Supplicant address: 00d0.59ab.7037 authEnterConnecting: 2 authEaplogoffWhileConnecting: 1 authEnterAuthenticating: 2 authSuccessWhileAuthenticating: 1 authTimeoutWhileAuthenticating: 1 authFailWhileAuthenticating: 0 authEapstartWhileAuthenticating: 0 authEaplogoggWhileAuthenticating: 0...
-
Page 929: Show Dot1X Interface
802.1X C OMMANDS SHOW DOT X INTERFACE show dot1x interface Overview This command shows the status of 802.1X port-based authentication on the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Use the optional diagnostics parameter to show authentication diagnostics for the specified interfaces. - Page 930 802.1X C OMMANDS SHOW DOT X INTERFACE Table 2: Example output from the show dot1x interface command for a port awplus#show dot1x interface port1.0.6Authentication info for interface port1.0.6 portEnabled: true - portControl: Auto portStatus: Authorized reAuthenticate: disabled reAuthPeriod: 3600 PAE: quietPeriod: 60 - maxReauthReq: 2 - txPeriod: 30 PAE: connectTimeout: 30 ...
- Page 931 802.1X C OMMANDS SHOW DOT X INTERFACE awplus#show dot1x interface port1.0.6 diagnostics Authentication Diagnostics for interface port1.0.6 Supplicant address: 00d0.59ab.7037 authEnterConnecting: 2 authEaplogoffWhileConnecting: 1 authEnterAuthenticating: 2 authSuccessWhileAuthenticating: 1 authTimeoutWhileAuthenticating: 1 authFailWhileAuthenticating: 0 authEapstartWhileAuthenticating: 0 authEaplogoggWhileAuthenticating: 0 authReauthsWhileAuthenticated: 0 authEapstartWhileAuthenticated: 0 authEaplogoffWhileAuthenticated: 0...
- Page 932 802.1X C OMMANDS SHOW DOT X INTERFACE awplus#show dot1x statistics interface port1.0.6802.1X statistics for interface port1.0.6 EAPOL Frames Rx: 5 - EAPOL Frames Tx: 16 EAPOL Start Frames Rx: 0 - EAPOL Logoff Frames Rx: 0 EAP Rsp/Id Frames Rx: 3 - EAP Response Frames Rx: 2 EAP Req/Id Frames Tx: 8 - EAP Request Frames Tx: 2...
- Page 933 802.1X C OMMANDS SHOW DOT X INTERFACE Table 28-1: Parameters in the output of show dot1x interface (cont.) Parameter Description suppTimeout Supplicant timeout. serverTimeout Server timeout. maxReq Maximum requests to be sent. Controlled Directions State machine. adminControlledDi Administrative value (Both/In). r ections operControlledDir Operational Value (Both/In).
-
Page 934: Show Dot1X Sessionstatistics
802.1X C OMMANDS SHOW DOT X SESSIONSTATISTICS show dot1x sessionstatistics Overview This command shows authentication session statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 935: Show Dot1X Statistics Interface
802.1X C OMMANDS SHOW DOT X STATISTICS INTERFACE show dot1x statistics interface Overview This command shows the authentication statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... -
Page 936: Show Dot1X Supplicant
802.1X C OMMANDS SHOW DOT X SUPPLICANT show dot1x supplicant Overview This command shows the supplicant state of the authentication mode set for the switch. This command shows a summary when the optional brief parameter is used. For information on filtering and saving command output, see the “Getting Started with AlliedWare Plus”... - Page 937 802.1X C OMMANDS SHOW DOT X SUPPLICANT Interface port1.0.6 authenticationMethod: dot1x totalSupplicantNum: 1 authorizedSupplicantNum: 1 macBasedAuthenticationSupplicantNum: 0 dot1xAuthenticationSupplicantNum: 1 webBasedAuthenticationSupplicantNum: 0 Interface VID Mode MAC Address Status IP Address Username ========= === ==== =========== ====== ========== ======== port1.0.6 00d0.59ab.7037 Authenticated 192.168.2.201 manager...
-
Page 938: Show Dot1X Supplicant Interface
802.1X C OMMANDS SHOW DOT X SUPPLICANT INTERFACE show dot1x supplicant interface Overview This command shows the supplicant state of the authentication mode set for the interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. - Page 939 802.1X C OMMANDS SHOW DOT X SUPPLICANT INTERFACE Interface port1.0.6 authenticationMethod: dot1x totalSupplicantNum: 1 authorizedSupplicantNum: 1 macBasedAuthenticationSupplicantNum: 0 dot1xAuthenticationSupplicantNum: 1 webBasedAuthenticationSupplicantNum: 0 otherAuthenticationSupplicantNum: 0 Supplicant name: VCSPCVLAN10 Supplicant address: 0000.cd07.7b60 authenticationMethod: 802.1X Two-Step Authentication: firstAuthentication: Pass - Method: mac secondAuthentication: Pass - Method: dot1x...
- Page 940 802.1X C OMMANDS SHOW DOT X SUPPLICANT INTERFACE awplus#show dot1x interface sa1 supplicant brief Interface sa1 authenticationMethod: dot1x Two-Step Authentication: firstMethod: mac secondMethod: dot1x totalSupplicantNum: 1 authorizedSupplicantNum: 1 macBasedAuthenticationSupplicantNum: 0 dot1xAuthenticationSupplicantNum: 1 webBasedAuthenticationSupplicantNum: 0 otherAuthenticationSupplicantNum: 0 Interface Mode MAC Address Status IP Address Username...
-
Page 941: Undebug Dot1X
802.1X C OMMANDS UNDEBUG DOT undebug dot1x Overview This command applies the functionality of the no variant of the debug dot1x command. 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x... -
Page 942: Chapter 29: Authentication Commands
Authentication Commands Introduction Overview This chapter provides an alphabetical reference for authentication commands. For more information, see the AAA and Port Authentication Feature Overview and Configuration Guide. Command List • “auth auth-fail vlan” on page 945 • “auth critical” on page 947 •... - Page 943 UTHENTICATION OMMANDS • “auth timeout supp-timeout” on page 981 • “auth two-step enable” on page 983 • “auth-mac enable” on page 986 • “auth-mac method” on page 988 • “auth-mac password” on page 990 • “auth-mac reauth-relearning” on page 991 •...
- Page 944 UTHENTICATION OMMANDS • “auth-web-server ssl intercept-port” on page 1025 • “copy proxy-autoconfig-file” on page 1026 • “copy web-auth-https-file” on page 1027 • “description (Authentication Profile)” on page 1028 • “erase proxy-autoconfig-file” on page 1029 • “erase web-auth-https-file” on page 1030 •...
-
Page 945: Auth Auth-Fail Vlan
UTHENTICATION OMMANDS AUTH AUTH FAIL VLAN auth auth-fail vlan Overview Use this command to enable the auth-fail vlan feature on the specified vlan interface. This feature assigns supplicants (client devices) to the specified VLAN if they fail port authentication. Use the no variant of this command to disable the auth-fail vlan feature for a specified VLAN interface. - Page 946 UTHENTICATION OMMANDS AUTH AUTH FAIL VLAN as a supplicant on the Guest VLAN. For more information about ACL concepts, and configuring ACLs see the ACL Feature Overview and Configuration Guide. For more information about ACL commands see: • IPv4 Hardware Access Control List (ACL) Commands •...
-
Page 947: Auth Critical
UTHENTICATION OMMANDS AUTH CRITICAL auth critical Overview This command enables the critical port feature on the interface. When the critical port feature is enabled on an interface, and all the RADIUS servers are unavailable, then the interface becomes authorized. The no variant of this command disables critical port feature on the interface. Syntax auth critical no auth critical... -
Page 948: Auth Dynamic-Vlan-Creation
UTHENTICATION OMMANDS AUTH DYNAMIC VLAN CREATION auth dynamic-vlan-creation Overview This command enables and disables the Dynamic VLAN assignment feature. The Dynamic VLAN assignment feature allows a supplicant (client device) to be placed into a specific VLAN based on information returned from the RADIUS server during authentication, on a given interface. - Page 949 UTHENTICATION OMMANDS AUTH DYNAMIC VLAN CREATION If you issue an auth dynamic-vlan-creation command without a rule parameter then a second supplicant with a different VLAN ID is rejected. It is not assigned to the first supplicant’s VLAN. Issuing an auth dynamic-vlan-creation command without a rule parameter has the same effect as issuing an auth dynamic-vlan-creation rule deny command rejecting supplicants with differing VIDs.
- Page 950 UTHENTICATION OMMANDS AUTH DYNAMIC VLAN CREATION To disable the Dynamic VLAN assignment feature on interface port1.0.2, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no auth dynamic-vlan-creation To enable the Dynamic VLAN assignment feature on authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)#...
-
Page 951: Auth Guest-Vlan
UTHENTICATION OMMANDS AUTH GUEST VLAN auth guest-vlan Overview This command enables and configures the Guest VLAN feature on the interface specified by associating a Guest VLAN with an interface. This command does not start authentication. The supplicant's (client device’s) traffic is associated with the native VLAN of the interface if its not already associated with another VLAN. - Page 952 UTHENTICATION OMMANDS AUTH GUEST VLAN The Guest VLAN routing mode in this release overcomes these issues. With the Guest VLAN routing mode, the switch can lease DHCP addresses and accept access to a limited network. Note that Guest VLAN can use only untagged ports. See the AAA and Port Authentication Feature Overview and Configuration Guide for information about:...
- Page 953 UTHENTICATION OMMANDS AUTH GUEST VLAN auth guest-vlan forward dot1x port-control show dot1x show dot1x interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 954: Auth Guest-Vlan Forward
UTHENTICATION OMMANDS AUTH GUEST VLAN FORWARD auth guest-vlan forward Overview Use this command to enable packet forwarding from the Guest VLAN to a destination IP address or subnet. If this command is configured, the device can lease DHCP addresses and accept access to a limited part of your network. Also, when using NAP authentication, the supplicant can log on to a domain controller to gain certification. - Page 955 UTHENTICATION OMMANDS AUTH GUEST VLAN FORWARD To disable forwarding of DNS packets from the guest VLAN to the destination IP address on port1.0.2, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no auth guest-vlan forward 10.0.0.1 dns To enable the tcp forwarding port 137 on authentication profile 'student', use the commands: awplus# configure terminal...
-
Page 956: Auth Host-Mode
UTHENTICATION OMMANDS AUTH HOST MODE auth host-mode Overview This command selects the host mode on the specified interface. Use the no variant of this command to set host mode to the default setting (single host). Syntax auth host-mode {single-host|multi-host|multi-supplicant} no auth host-mode Parameter Description single-host... - Page 957 UTHENTICATION OMMANDS AUTH HOST MODE To set the host mode to default (single host) on interface port1.0.2, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no auth host-mode To set the host mode to multi-supplicant on authentication profile ‘student’, use the commands: awplus# configure terminal...
-
Page 958: Auth Log
UTHENTICATION OMMANDS AUTH LOG auth log Overview Use this command to configure the types of authentication feature log messages that are output to the log file. Use the no variant of this command to remove either specified types or all types of authentication feature log messages that are output to the log file. - Page 959 UTHENTICATION OMMANDS AUTH LOG To disable the logging of all types of authentication log messages to the log file for supplicants (client devices) connected to interface port1.0.2, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no auth log all To configure the logging of web authentication failures to the log file for supplicants (client devices) connected to authentication profile ‘student’, use the commands:...
-
Page 960: Auth Max-Supplicant
UTHENTICATION OMMANDS AUTH MAX SUPPLICANT auth max-supplicant Overview This command sets the maximum number of supplicants (client devices) that can be authenticated on the selected port. Once this value is exceeded, further supplicants will not be authenticated. The no variant of this command resets the maximum supplicant number to the default. - Page 961 UTHENTICATION OMMANDS AUTH MAX SUPPLICANT Related auth profile (Global Configuration) Commands show dot1x show dot1x interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 962: Auth Profile (Global Configuration)
UTHENTICATION OMMANDS AUTH PROFILE LOBAL ONFIGURATION auth profile (Global Configuration) Overview Use this command to enter port authentication profile mode and configure a port authentication profile. If the specified profile does not exist a new authentication profile is created with the name provided. -
Page 963: Auth Profile (Interface Configuration)
UTHENTICATION OMMANDS AUTH PROFILE NTERFACE ONFIGURATION auth profile (Interface Configuration) Overview Use this command to attach a port authentication profile to the current interface. Use the no variant of this command to detach a port authentication profile from the current interface. Syntax auth profile <profile-name>... -
Page 964: Auth Reauthentication
UTHENTICATION OMMANDS AUTH REAUTHENTICATION auth reauthentication Overview This command enables re-authentication on the interface specified in the Interface mode, which may be a static channel group (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Use the no variant of this command to disables reauthentication on the interface. -
Page 965: Auth Roaming Disconnected
UTHENTICATION OMMANDS AUTH ROAMING DISCONNECTED auth roaming disconnected Overview This command allows a supplicant to move to another authenticating interface without reauthentication, even if the link is down for the interface that the supplicant is currently connected to. You must enter the auth roaming enable command on both interfaces before using this command. - Page 966 UTHENTICATION OMMANDS AUTH ROAMING DISCONNECTED To allow supplicants using authentication profile ‘student’ to move between ports without reauthentication even when the link is down, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# auth roaming disconnected To require supplicants using authentication profile ‘student’ to reauthenticate when moving between ports if the link is down, use the commands: awplus# configure terminal...
-
Page 967: Auth Roaming Enable
UTHENTICATION OMMANDS AUTH ROAMING ENABLE auth roaming enable Overview This command allows a supplicant to move to another authenticating interface without reauthentication, providing the link is up for the interface that the supplicant is is currently connected to. The no variant of this command disables roaming authentication on an interface, and forces a supplicant to be reauthenticated when moving between interfaces. - Page 968 UTHENTICATION OMMANDS AUTH ROAMING ENABLE To disable roaming authentication for authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# no auth roaming enable Related auth profile (Global Configuration) Commands auth-mac enable auth roaming disconnected auth-web enable dot1x port-control show auth interface show dot1x interface...
-
Page 969: Auth Supplicant-Ip
UTHENTICATION OMMANDS AUTH SUPPLICANT auth supplicant-ip Overview This command adds a supplicant (client device) IP address on a given interface and provides parameters for its configuration. Use the no variant of this command to delete the supplicant IP address and reset other parameters to their default values. - Page 970 UTHENTICATION OMMANDS AUTH SUPPLICANT Default No supplicant IP address for port authentication exists by default until first created with the auth supplicant-ip command. The defaults for parameters applied are as shown in the table above. Mode Interface Configuration for a static channel, a dynamic (LACP) channel group, a switch port, or Authentication Profile.
-
Page 971: Auth Supplicant-Mac
UTHENTICATION OMMANDS AUTH SUPPLICANT auth supplicant-mac Overview This command adds a supplicant (client device) MAC address or MAC mask on a given interface with the parameters as specified in the table below. Use the no variant of this command to delete the supplicant MAC address and reset other parameters to their default values. - Page 972 UTHENTICATION OMMANDS AUTH SUPPLICANT Parameter Description supp-timeout Supplicant response timeout (default 30 seconds). <1-65535> Seconds for supplicant response timeout. server-timeout Authentication server response timeout (default 30 seconds). <1-65535> Seconds for authentication server response timeout. reauthentication Enable reauthentication on a port. max-reauth-req No of reauthentication attempts before becoming unauthorized (default 2).
- Page 973 UTHENTICATION OMMANDS AUTH SUPPLICANT To add the supplicant MAC address 0000.5E00.5343 to force authorized port control for authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# auth supplicant-mac 0000.5E00.5343 port-control force-authorized To delete the supplicant MAC address 0000.5E00.5343 for authentication profile ‘student’, use the commands: awplus# configure terminal...
-
Page 974: Auth Timeout Connect-Timeout
UTHENTICATION OMMANDS AUTH TIMEOUT CONNECT TIMEOUT auth timeout connect-timeout Overview This command sets the connect-timeout period for the interface. Use the no variant of this command to reset the connect-timeout period to the default. Syntax auth timeout connect-timeout <1-65535> no auth timeout connect-timeout Parameter Description <1-65535>... - Page 975 UTHENTICATION OMMANDS AUTH TIMEOUT CONNECT TIMEOUT To reset the connect-timeout period to the default (30 seconds) for authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# no auth timeout connect-timeout Related auth profile (Global Configuration) Commands show dot1x show dot1x interface...
-
Page 976: Auth Timeout Quiet-Period
UTHENTICATION OMMANDS AUTH TIMEOUT QUIET PERIOD auth timeout quiet-period Overview This command sets a time period for which another authentication request is not accepted on a given interface, after an authentication request has failed. Use the no variant of this command to reset the quiet period to the default. Syntax auth timeout quiet-period <1-65535>... -
Page 977: Auth Timeout Reauth-Period
UTHENTICATION OMMANDS AUTH TIMEOUT REAUTH PERIOD auth timeout reauth-period Overview This command sets the timer for reauthentication on a given interface. The re-authentication for the supplicant (client device) is executed at this timeout. The timeout is only applied if the auth reauthentication command is applied. Use the no variant of this command to reset the reauth-period parameter to the default (3600 seconds). - Page 978 UTHENTICATION OMMANDS AUTH TIMEOUT REAUTH PERIOD Related auth profile (Global Configuration) Commands auth reauthentication show dot1x show dot1x interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 979: Auth Timeout Server-Timeout
UTHENTICATION OMMANDS AUTH TIMEOUT SERVER TIMEOUT auth timeout server-timeout Overview This command sets the timeout for the waiting response from the RADIUS server on a given interface. The no variant of this command resets the server-timeout to the default (30 seconds). - Page 980 UTHENTICATION OMMANDS AUTH TIMEOUT SERVER TIMEOUT Related auth profile (Global Configuration) Commands show dot1x show dot1x interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 981: Auth Timeout Supp-Timeout
UTHENTICATION OMMANDS AUTH TIMEOUT SUPP TIMEOUT auth timeout supp-timeout Overview This command sets the timeout of the waiting response from the supplicant (client device) on a given interface. The no variant of this command resets the supplicant timeout to the default (30 seconds). - Page 982 UTHENTICATION OMMANDS AUTH TIMEOUT SUPP TIMEOUT Related auth profile (Global Configuration) Commands show dot1x show dot1x interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 983: Auth Two-Step Enable
UTHENTICATION OMMANDS AUTH TWO STEP ENABLE auth two-step enable Overview This command enables a two-step authentication feature on an interface. When this feature is enabled, the supplicant is authorized in a two-step process. If authentication succeeds, the supplicant becomes authenticated. This command will apply the two-step authentication method based on 802.1X-, MAC- or Web-Authentication. - Page 984 UTHENTICATION OMMANDS AUTH TWO STEP ENABLE To enable MAC-Authentication followed by Web-Authentication, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# switchport mode access awplus(config-if)# auth-mac enable awplus(config-if)# auth-web enable awplus(config-if)# auth dynamic-vlan-creation awplus(config-if)# auth two-step enable To enable 802.1X-Authentication followed by Web-Authentication, use the following commands: awplus# configure terminal...
- Page 985 UTHENTICATION OMMANDS AUTH TWO STEP ENABLE Relat ed auth profile (Global Configuration) Commands show auth two-step supplicant brief show auth show auth interface show auth supplicant show dot1x show dot1x interface show dot1x supplicant 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 986: Auth-Mac Enable
UTHENTICATION OMMANDS AUTH MAC ENABLE auth-mac enable Overview This command enables MAC-based authentication on the interface specified in the Interface command mode. Use the no variant of this command to disable MAC-based authentication on an interface. Syntax auth-mac enable no auth-mac enable Default MAC-Authentication is disabled by default. - Page 987 UTHENTICATION OMMANDS AUTH MAC ENABLE To disable MAC authentication on authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# no auth-mac enable Related auth profile (Global Configuration) Commands show auth show auth interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 988: Auth-Mac Method
UTHENTICATION OMMANDS AUTH MAC METHOD auth-mac method Overview This command sets the type of authentication method for MAC-Authentication that is used with RADIUS on the interface specified in the Interface command mode. The no variant of this command resets the authentication method used to the default method (PAP) as the RADIUS authentication method used by the MAC-Authentication. - Page 989 UTHENTICATION OMMANDS AUTH MAC METHOD To disable MAC authentication on authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# no auth-mac enable Related auth profile (Global Configuration) Commands show auth show auth interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 990: Auth-Mac Password
UTHENTICATION OMMANDS AUTH MAC PASSWORD auth-mac password Overview This command changes the password for MAC-based authentication. Use the no variant of this command to return the password to its default. Syntax auth-mac [encrypted] password <password> no auth-mac password Parameter Description auth-mac MAC-based authentication encrypted... -
Page 991: Auth-Mac Reauth-Relearning
UTHENTICATION OMMANDS AUTH MAC REAUTH RELEARNING auth-mac reauth-relearning Overview This command sets the MAC address learning of the supplicant (client device) to re-learning for re-authentication on the interface specified in the Interface command mode. Use the no variant of this command to disable the auth-mac re-learning option. Syntax auth-mac reauth-relearning no auth-mac reauth-relearning... -
Page 992: Auth-Mac Username
UTHENTICATION OMMANDS AUTH MAC USERNAME auth-mac username Overview Use this command to specify the format of the MAC address in the username and password field when a request for MAC-based authorization is sent to a RADIUS server. auth-mac username {ietf|unformatted} {lower-case|upper-case} Syntax Parameter Description... -
Page 993: Auth-Web Enable
UTHENTICATION OMMANDS AUTH WEB ENABLE auth-web enable Overview This command enables Web-based authentication in Interface mode on the interface specified. Use the no variant of this command to apply its default. Syntax auth-web enable no auth-web enable Default Web-Authentication is disabled by default. Mode Interface Configuration for a static channel, a dynamic (LACP) channel group, or a switch port;... - Page 994 UTHENTICATION OMMANDS AUTH WEB ENABLE To disable Web authentication on authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# no auth-web enable Related auth profile (Global Configuration) Commands show auth show auth interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™...
-
Page 995: Auth-Web Forward
UTHENTICATION OMMANDS AUTH WEB FORWARD auth-web forward Overview This command enables the Web-authentication packet forwarding feature on the interface specified. This command also enables ARP forwarding, and adds forwarded packets to the tcp or udp port number specified. The no variant of this command disables the specified packet forwarding feature on the interface. - Page 996 UTHENTICATION OMMANDS AUTH WEB FORWARD Examples To enable the ARP forwarding feature on interface port1.0.2, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# auth-web forward arp To add the TCP forwarding port 137 on interface port1.0.2, use the following commands: awplus# configure terminal...
- Page 997 UTHENTICATION OMMANDS AUTH WEB FORWARD To add the tcp forwarding port 137 on authentication profile ‘student’, use the commands: awplus# configure terminal awplus(config)# auth profile student awplus(config-auth-profile)# auth-web forward tcp 137 To disable the ARP forwarding feature on authentication profile ‘student’, use the commands: awplus# configure terminal...
-
Page 998: Auth-Web Max-Auth-Fail
UTHENTICATION OMMANDS AUTH WEB MAX AUTH FAIL auth-web max-auth-fail Overview This command sets the number of authentication failures allowed before rejecting further authentication requests. When the supplicant (client device) fails more than the specified number of times, then login requests are refused during the quiet period. - Page 999 UTHENTICATION OMMANDS AUTH WEB MAX AUTH FAIL Related auth profile (Global Configuration) Commands auth timeout quiet-period show auth show auth interface show running-config 613-50137-01 Rev A Command Reference for FS980M Series AlliedWare Plus™ Operating System - Version 5.4.6-2.x...
-
Page 1000: Auth-Web Method
UTHENTICATION OMMANDS AUTH WEB METHOD auth-web method Overview This command sets the Web-authentication access method that is used with RADIUS on the interface specified. The no variant of this command sets the authentication method to PAP for the interface specified when Web-Authentication is also used with the RADIUS authentication method.