1. Manuals
  2. Brands
  3. Alaxala Manuals
  4. Switch
  5. AX6700S series
  6. Software manual

Alaxala AX6700S Software Manual

Operation command reference vol. 2 for version 11.7
Hide thumbs Also See for AX6700S:
1
2
3
4
5
6
7
8
9
10
Table Of Contents
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual
AX6700S/AX6600S/AX6300S Software Manual
Operation Command Reference Vol. 2
For Version 11.7
AX63S-S011X-30

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AX6700S and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Alaxala AX6700S

Summary of Contents for Alaxala AX6700S

  • Page 1 AX6700S/AX6600S/AX6300S Software Manual Operation Command Reference Vol. 2 For Version 11.7 AX63S-S011X-30...
  • Page 2 Relevant products This manual applies to the models in the AX6700S, AX6600S, and AX6300S series of switches. It also describes the functionality of version 11.7 of the software for the AX6700S, AX6600S, and AX6300S series switches. The described functionality is that supported by the OS-S/ OS-SE basic software and optional licenses.
  • Page 3 History of Amendments [For version 11.7] Summary of amendments Location and title Changes 16 SNMP • The following commands were added: - show snmp - show snmp pending In addition to the above changes, minor editorial corrections were made. [For version 11.4] Summary of amendments Item Changes...

  • Page 5: Preface

    Preface Applicable products and software versions This manual applies to the models in the AX6700S, AX6600S, and AX6300S series of switches. It also describes the functionality of version 11.7 of thesoftware for the AX6700S, AX6600S, and AX6300S series switches. The described functionality is that supported by the OS-S/OS-SE basic software and optional licenses.

  • Page 6: Manual Url

    Switch. Conventions: The terms "Switch" and "switch" The term Switch (upper-case "S") is an abbreviation for any or all of the following models: AX6700S series switch...

  • Page 7: Abbreviations Used In The Manual

    AX6600S series switch AX6300S series switch The term switch (lower-case "s") might refer to a Switch, another type of switch from the current vendor, or a switch from another vendor. The context decides the meaning. Abbreviations used in the manual Alternating Current ACKnowledge ADSL...
  • Page 8 IEEE Institute of Electrical and Electronics Engineers, Inc. IETF the Internet Engineering Task Force IGMP Internet Group Management Protocol Internet Protocol IPCP IP Control Protocol IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 IPV6CP IP Version 6 Control Protocol Internetwork Packet Exchange International Organization for Standardization Internet Service Provider...

  • Page 9: Conventions: Kb, Mb, Gb, And Tb

    Power Supply PSNP Partial Sequence Numbers PDU Packet Switching Processor Quality of Service Router Advertisement RADIUS Remote Authentication Dial In User Service Remote Defect Indication REJect Request For Comments Rate Guaranteed Queueing Routing Information Protocol RIPng Routing Information Protocol next generation RMON Remote Network Monitoring MIB Reverse Path Forwarding...

  • Page 11: Table Of Contents

    Contents Preface Applicable products and software versions ................i Corrections to the manual .......................i Intended readers ........................i Manual URL .......................... ii Reading sequence of the manuals ..................ii Conventions: The terms "Switch" and "switch" ..............ii Abbreviations used in the manual ..................iii Conventions: KB, MB, GB, and TB ..................v PART 1: Reading the Manual 1.
  • Page 12 clear shaper ..........................87 show shaper <port list> ....................... 88 clear shaper <port list> ........................ 94 PART 4: Layer 2 Authentication 5. IEEE802.1X show dot1x statistics ........................98 show dot1x ..........................103 clear dot1x statistics ........................112 clear dot1x auth-state ......................... 114 reauthenticate dot1x ........................
  • Page 13 8. Authentication VLANs [OP-VAA] show fense server [OP-VAA] .....................228 show fense statistics [OP-VAA] ....................233 show fense logging [OP-VAA] ....................240 clear fense statistics [OP-VAA] ....................243 clear fense logging [OP-VAA] ....................244 restart vaa [OP-VAA] .........................245 dump protocols vaa [OP-VAA] ....................247 PART 5: Security 9.
  • Page 14 PART 7: High Reliability Based on Network Failure Detection 13. IEEE 802.3ah/UDLD show efmoam ..........................364 show efmoam statistics ......................367 clear efmoam statistics ....................... 370 restart efmoam ..........................371 dump protocols efmoam ......................373 14. L2 Loop Detection show loop-detection ........................376 show loop-detection statistics ....................
  • Page 15 restart sflow ..........................472 dump sflow ..........................473 PART 9: Management of Neighboring Device Information 18. LLDP show lldp ............................476 show lldp statistics ........................482 clear lldp .............................484 clear lldp statistics ........................485 restart lldp ...........................486 dump protocols lldp ........................488 19. OADP show oadp ...........................490 show oadp statistics ........................495 clear oadp ............................497 clear oadp statistics ........................499...

  • Page 17: Part 1: Reading The Manual

    PART 1: Reading the Manual Chapter 1. Reading the Manual Command description format Specifiable values for parameters List of character codes Error messages displayed by the entry-error location detection functionality...

  • Page 18: Command Description Format

    1. Reading the Manual Command description format Each command is described in the following format: Function Describes the purpose of the command. Syntax Defines the input format of the command. The format is governed by the following rules: Parameters for setting values or character strings are enclosed in angle brackets (<>). Characters that are not enclosed in angle brackets (<>) are keywords that must be typed exactly as they appear.
  • Page 19 1. Reading the Manual Input format Interface name <interface name> interface tengigabitethernet tengeth1/1 The numeric values represent <nif no.>/<port no.>. interface vlan <vlan id> VLAN0002 The last four digits represent <vlan id>. interface loopback loopback0 The numeric value represents <loopback id>. interface null 0 null0 interface mgmt 0...

  • Page 20: Specifiable Values For Parameters

    1 to 4 AX6608S 1 to 8 AX6304S 1 to 4 AX6308S 1 to 8 Table 1-5: Range of <port no.> values [AX6700S] [AX6600S] NIF type name abbreviation Range of <port no.> values NK1G-24T 1 to 24 NK1G-24S 1 to 24...
  • Page 21 1. Reading the Manual NIF type name abbreviation Range of <port no.> values NK1GS-8M 1 to 8 NK10G-4RX 1 to 4 NK10G-8RX 1 to 8 Table 1-6: Range of <port no.> values [AX6300S] NIF type name abbreviation Range of <port no.> values NH1G-16S 1 to 16 NH1G-24T...

  • Page 22: List Of Character Codes

    1. Reading the Manual List of character codes Character codes are listed in the following table. Table 1-7: List of character codes Charact Code Char Code Char Code Char Code Char Code Char Code acter acter acter acter acter Space 0x20 0x30 0x40...

  • Page 23: Error Messages Displayed By The Entry-Error Location Detection Functionality

    1. Reading the Manual Error messages displayed by the entry-error location detection functionality The following table describes error messages output by the entry-error location detection functionality (see 5.2.3 Entry-error location detection functionality in the manual Configuration Guide Vol. 1 For Version 11.7.) Table 1-8: List of error messages output by the entry-error location detection functionality Message Description...

  • Page 25: Part 2: Filters

    PART 2: Filters Chapter 2. Filters show access-filter clear access-filter...

  • Page 26: Show Access-Filter

    2. Filters show access-filter Displays the filter conditions applied on the Ethernet interface or VLAN interface by the access group commands ( , and ), the ip access-group ipv6 traffic-filter mac access-group number of packets that met the filter conditions, and the number of packets discarded because they did not match any filter conditions in the access list.
  • Page 27 2. Filters layer settings. Note, however, that the statistics displayed by layer2-and-layer3-forwarding do not include the statistics from separate layer2-forwarding or layer3-forwarding specifications. Operation when this parameter is omitted: On the specified interface, displays statistics for the access list for which layer2-forwarding is specified and for the access list for which layer3-forwarding is specified.
  • Page 28 2. Filters Using Interface: vlan 10 out Advance access-list: only-telnet layer2-and-layer3-forwarding remark "permit only mac-ipv6" permit mac-ipv6 0012.e200.1234 ffff.ffff.0000 any ipv6(41) any host 2001:db8:1:fe20::1 matched packets 468756 implicitly denied packets: 15342 > Figure 2-6: Result of displaying information when the access list ID is omitted >...
  • Page 29 2. Filters Using Interface:vlan 15 out IPv6 access-list:only-telnet layer3-forwarding remark "permit only telnet ipv6" permit ipv6(41) any host 3ffe:501:811:ff00::1 eq telnet(23) matched packets 385496541 implicitly denied packets: 56645 Using Interface:vlan 19 in Standard IP access-list:pc-a1024 layer2-forwarding remark "permit only pc-a1024" permit host 192.168.1.254 matched packets 24826...
  • Page 30 2. Filters Item Displayed information Detailed information Meaning Using Port:<nif no.>/<port no.> out Information about an Ethernet interface to which an access list has been applied on the outbound side Using Interface:vlan <vlan id> in Information about a VLAN interface to which an access list has been applied on the inbound side Using Interface:vlan <vlan id>...
  • Page 31 2. Filters Message Description Can't execute. The command could not be executed. Possible causes are as follows: • There are no active BSUs, CSUs, and MSUs. Make sure at least one BSU, CSU, or MSU is active before re-executing the command. •...

  • Page 32: Clear Access-Filter

    2. Filters clear access-filter For the access list information displayed by the command, this command show access-filter resets the number of packets that met the filter conditions (indicated in ) and the matched packets number of packets discarded because they did not meet the filter conditions (indicated in implicitly denied packets Syntax clear access-filter...
  • Page 33 2. Filters Note, however, that statistics for layer2-forwarding or layer3-forwarding is not cleared if statistics for layer2-and-layer3-forwarding are cleared. Operation when this parameter is omitted: Resets statistics for the access list when layer2-forwarding is set and the access list when layer3-forwarding is set in the specified interface.

  • Page 35: Access List Logging

    Chapter 3. Access List Logging show access-log clear access-log show access-log flow clear access-log flow dump access-log restart access-log debug access-log no debug access-log...

  • Page 36: Show Access-Log

    3. Access List Logging show access-log Displays access list log information. Syntax show access-log Input mode User mode and administrator mode Parameters None Example Figure 3-1: Displaying access list log information > show access-log Date 2009/12/14 12:00:00 UTC Access list logging Information: rate-limit(pps) interval(minutes) threshold(packets) :...
  • Page 37 3. Access List Logging Item Meaning Displayed information Used Number of items of managed access list log information NonIP Number of items of access list log information for non-IP packets in the number of items of managed access list log information IPv4 Number of items of access list log information for IPv4 packets in the number of items of managed...

  • Page 38: Clear Access-Log

    3. Access List Logging clear access-log Clears the discarded packet statistics which were acquired through access list logging. Syntax clear access-log Input mode User mode and administrator mode Parameters None Example Figure 3-2: Clearing statistics for the access list logging packets >...

  • Page 39: Show Access-Log Flow

    3. Access List Logging show access-log flow Displays access list log information managed by access list logging. For details about the information to be displayed as the command execution result, see the manual Message and Log Reference For Version Ver. 11.7. Syntax Display of access list log information for non-IP packets: <ethernet type>...
  • Page 40 3. Access List Logging Operation when this parameter is omitted: Displays access list log information for all Ethernet types. {<source mac> <source mac mask> | host <source mac> | any} {<destination mac> <destination mac mask> | host <destination mac> | any} Displays access list log information that matches the specified source MAC address or destination MAC address.
  • Page 41 3. Access List Logging Displays access list log information that matches the specified source IPv4 address or destination IPv4 address. <source ipv4> <source ipv4 wildcard> Specify the source IPv4 address for <source ipv4>. For <source ipv4 wildcard>, specify a wildcard mask in IPv4 address format that specifies bits in an IPv4 address whose permitted value is arbitrary.
  • Page 42 3. Access List Logging host <source ipv6> Displays access list log information of the source IPv6 address that perfectly matches <source ipv6>. <destination ipv6>/<length> Specify the destination IPv6 address for <destination ipv6>. For <length>, specify the part of the IPv6 address that meets conditions by using the first bits of the address.
  • Page 43 3. Access List Logging Displays non-IP, IPv4, and IPv6 packets in that order in ascending order of source addresses. Operation when all parameters are omitted: Information about all access list logs is displayed. Example Figure 3-3: Displaying access list log information >...

  • Page 44: Clear Access-Log Flow

    3. Access List Logging clear access-log flow Clears access list log information and statistics managed by access list logging. Syntax clear access-log flow [packets] Input mode User mode and administrator mode Parameters packets Clears statistics only. This parameter can be specified only when is specified for the log message output unlimit interval (...

  • Page 45: Dump Access-Log

    3. Access List Logging dump access-log Outputs, to a file, event trace information and control table information collected by the access list logging program. Syntax dump access-log Input mode User mode and administrator mode Parameters None Example Figure 3-5: Dumping the access list log >...

  • Page 46: Restart Access-Log

    3. Access List Logging restart access-log Restarts the access list logging program. Syntax restart access-log [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the access list logging program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.
  • Page 47 3. Access List Logging Notes The storage directory and the name of the core file are as follows: Storage directory: /usr/var/core/ Core file: acllogd.core If necessary, back up the file in advance because the specified file is unconditionally overwritten if it already exists.

  • Page 48: Debug Access-Log

    3. Access List Logging debug access-log Displays operation messages of operation logs output by access list logging and starts sending syslog messages. Syntax debug access-log [display] Input mode User mode and administrator mode Parameters display Displays operation messages of operation logs and starts sending syslog messages. Operation when this parameter is omitted: Starts collecting operation logs and sending syslog messages.
  • Page 49 3. Access List Logging Notes None...

  • Page 50: No Debug Access-Log

    3. Access List Logging no debug access-log Stops displaying operation messages of operation logs output by access list logging and sending syslog messages. Syntax no debug access-log Input mode User mode and administrator mode Parameters None Example Figure 3-8: Stopping output of the access list log >...

  • Page 51: Part 3: Qos

    PART 3: QoS Chapter 4. QoS show qos-flow clear qos-flow show qos queueing clear qos queueing show qos queueing distribution clear qos queueing distribution show qos queueing interface clear qos queueing interface show qos queueing to-cpu clear qos queueing to-cpu show shaper clear shaper show shaper <port list>...

  • Page 52: Show Qos-Flow

    4. QoS show qos-flow Displays the number of packets that meet the flow detection conditions corresponding to the flow detection conditions and specified actions in the QoS flow list applied to the Ethernet interface or VLAN interface by QoS flow group commands ( , and ip qos-flow-group ipv6 qos-flow-group...
  • Page 53 4. QoS Displays statistics for the QoS flow list for Layer 2 forwarding and the QoS flow list for Layer 3 forwarding in the specified interface. Operation when all parameters are omitted: Displays statistics for the QoS flow list of all types of forwarding in all interfaces. Example The following shows an example of displaying QoS flow list information when bandwidth monitoring is not used.
  • Page 54 4. QoS IPv6 qos-flow-list:telnet-qos layer2-forwarding remark "QoS for telnet" tcp(6) any host 3ffe:501:811:ff00::1 eq telnet(23) action priority-class 6 discard-class 4 matched packets 387252415 > Figure 4-6: Result of displaying information when in or out is omitted > show qos-flow interface vlan 100 Date 2006/03/01 12:00:00 UTC Using Interface:vlan 100 in IP qos-flow-list:ftp-qos layer2-forwarding...
  • Page 55 4. QoS Using Interface:vlan 25 out IP qos-flow-list:smtp-qos layer2-forwarding remark "QoS for smtp" tcp(6) any any eq smtp(25) action priority-class 5 discard-class 3 matched packets 91384186 Using Interface:vlan 100 out MAC qos-flow-list:apple-talk-qos layer2-forwarding remark "QoS for apple-talk" any any appletalk(0x809b) action priority-class 5 discard-class 2 matched packets 73156 IP qos-flow-list:smtp-qos layer3-forwarding...
  • Page 56 4. QoS > show qos-flow 1/7 http-qos Date 2006/03/01 12:00:00 UTC Using Port:1/7 in <----------------Interface information IP qos-flow-list:http-qos layer2-forwarding <---------QoS flow list name remark "QoS for http" <----------------QoS flow list information tcp any host 10.10.10.2 eq http action priority-class 4 <--QoS flow list information matched packets 74699826...
  • Page 57 4. QoS Item Displayed information Detailed information Meaning (max-rate under):<packets> Number of packets that match the flow detection conditions and conform to the maximum bandwidth control conditions of the QoS flow list. (min-rate over) :<packets> Number of packets that match the flow detection conditions but violate the minimum bandwidth monitoring conditions of the QoS flow list (min-rate under):<packets>...

  • Page 58: Clear Qos-Flow

    4. QoS clear qos-flow Clears the number of packets (indicated by ) that met the flow detection matched packets conditions in the QoS flow list, which is displayed by the command. show qos-flow Syntax clear qos-flow <nif no.> <port no.> <qos flow list name>...
  • Page 59 4. QoS Operation when all parameters are omitted: Clears statistics for the QoS flow list of all types of forwarding for all interfaces. Example Figure 4-11: Result of clearing information > clear qos-flow 1/7 http-qos Date 2006/03/01 12:00:00 UTC > Display items None Impact on communication...

  • Page 60: Show Qos Queueing

    • Length of a priority queue • Maximum queue length • Number of packets accumulated in a queue • Number of bytes accumulated in a queue • Statistics for the total of the items Figure 4-12: Queues to be displayed (other than NK1GS-8M) [AX6700S]...
  • Page 61 4. QoS Figure 4-13: Queues to be displayed (for NK1GS-8M) [AX6700S] Figure 4-14: Queues to be displayed (other than NK1GS-8M) [AX6600S]...
  • Page 62 4. QoS Figure 4-15: Queues to be displayed (for NK1GS-8M) [AX6600S] Figure 4-16: Queues to be displayed (other than NH1GS-6M and NH10G-1RX) [AX6300S]...
  • Page 63 4. QoS Figure 4-17: Queues to be displayed (for NH1GS-6M) [AX6300S] Figure 4-18: Queues to be displayed (for NH10G-1RX) Syntax <port list> show qos queueing [ [{inbound | outbound}]] Input mode User mode and administrator mode Parameters <port list> Specify the port number in list format. Displays information about all distribution input and output queues and port input and output queues that include one or more ports specified in the...
  • Page 64 Displays information about input and output queues. Example The following is an example of displaying information about all input and output queues. Figure 4-19: Result of displaying information about all input and output queues [AX6700S] [AX6600S] > show qos queueing...
  • Page 65 4. QoS 1594804 total 1594804 2308.7M NIF1/Port1 (outbound) Max_Queue=8, Rate=100Mbit/s, Schedule_mode=pq Queue1: Qlen=32, Peak_Qlen=255, Limit_Qlen=255, Drop_mode=tail_drop send_pkt discard_pkt send_byte total 813432 1174.4M BSU1:NIF1/Port1,3,5,7,9,11,13,15,17,19,21,23 (Distribution_Queue, inbound) Max_Queue=1 Queue1: Qlen=0, Peak_Qlen=1, Limit_Qlen=127 send_pkt discard_pkt send_byte total NIF1/Port1 (inbound) Max_Queue=1 Queue1: Qlen=0, Peak_Qlen=1, Limit_Qlen=63 discard send_pkt discard_pkt...
  • Page 66 15.8k > Note: "-" is displayed for the items that do not exist in the statistics counter. Display items Table 4-4: Items displayed for statistics [AX6700S] [AX6600S] Item Displayed information Detailed information Meaning Interface NIF<nif no.>/Port<port no.> (outbound)
  • Page 67 4. QoS Item Displayed information Detailed information Meaning BSU<bsu no.>:NIF<nif no.>/ Distribution output queue 2 Port<port no.>- <port no.> (Distribution_Queue2, outbound) BSU<bsu no.>:NIF<nif no.>/ Distribution input queue when allocation per Port<port no.>- <port no.> port was configured for load balancing of BSUs (Distribution_Queue, inbound) BSU<bsu no.>:NIF<nif no.>/ Distribution input queue 1...
  • Page 68 4. QoS Item Displayed information Detailed information Meaning Peak_Qlen=<queue length> Greatest number of in-use packet buffers in a queue Limit_Qlen=<queue length> Limit of the number of in-use packet buffers in a queue Drop_mode=tail_drop Drop control mode: tail_drop Statistics discard Queuing priority •...
  • Page 69 4. QoS Item Displayed information Detailed information Meaning To-CPU Queues output to the CPU Max_Queue=<number of queue> Number of queues information Rate=<rate> Bandwidth for which the legacy shaper functionality is performed. • When auto-negotiation is unresolved (including when processing is in progress) or for hierarchical Shaper NIF: - •...
  • Page 70 4. QoS Item Displayed information Detailed information Meaning total Total of the items (unit k indicates 1024, M indicates 1024 , and G indicates 1024 Impact on communication None Response messages Table 4-6: List of response messages for the show qos queueing command Message Description Can't execute this command in standby system.

  • Page 71: Clear Qos Queueing

    4. QoS clear qos queueing Clears all queue statistics displayed by executing the command. show qos queueing Syntax <port list> clear qos queueing [ ] [{inbound | outbound}] Input mode User mode and administrator mode Parameters <port list> Specify the port number in list format. Clears information about one or more distribution queues and port input and output queues for ports specified in the list.
  • Page 72 4. QoS Message Description Can't execute. The command could not be executed. There are no active BSUs, CSUs, and MSUs. Make sure at least one BSU, CSU, or MSU is active before re-executing the command. Illegal NIF -- <nif no.>. The specified NIF number is invalid.

  • Page 73: Show Qos Queueing Distribution

    • Statistics for the total of the items For details about queues to be displayed, see the figures below in show qos queueing. For AX6700S series switches: Figure 4-12: Queues to be displayed (other than NK1GS-8M) [AX6700S] and Figure 4-13: Queues to be displayed (for NK1GS-8M) [AX6700S]...
  • Page 74 The following shows an example of displaying information when a distribution input queue is specified. Figure 4-22: Result of displaying information when a distribution input queue is specified [AX6700S] > show qos queueing distribution 1 1/1-24 inbound Date 2008/04/16 17:38:47 UTC Specified BSU number ignored in displaying of Distribution Inbound Queue.
  • Page 75 The following shows an example of displaying information when a distribution output queue is specified. Figure 4-25: Result of displaying information when a distribution output queue is specified [AX6700S] > show qos queueing distribution 1 1/11 outbound Date 2008/04/16 12:00:00 UTC...
  • Page 76 4. QoS 2122478 total 2122478 3072.6M > Note: "-" is displayed for the items that do not exist in the statistics counter. Figure 4-26: Result of displaying information when a distribution output queue is specified [AX6600S] > show qos queueing distribution 1 1/11 outbound Date 2008/12/16 12:00:00 UTC CSU1:NIF1/Port1-24 (Distribution_Queue, outbound) Max_Queue=8...
  • Page 77 4. QoS Display items Table 4-8: Items displayed for statistics [AX6700S] [AX6600S] Item Displayed information Detailed information Meaning BSU number Specified BSU number ignored in displaying of Indicates that the BSU number specified for specification Distribution Inbound Queue. the distribution input queue is ignored.
  • Page 78 4. QoS Item Displayed information Detailed information Meaning Peak_Qlen=<queue length> Greatest number of in-use packet buffers in a queue Limit_Qlen=<queue length> Limit of the number of in-use packet buffers in a queue Statistics discard Queuing priority • For details about queuing priority, see the description about the number of discard classes in Table 6-32 Correspondence between NIF models and send control...
  • Page 79 4. QoS Item Displayed information Detailed information Meaning Limit_Qlen=<queue length> Limit of the number of in-use packet buffers in a queue Statistics discard Queuing priority • For details about queuing priority, see the description about the number of discard classes in Table 6-35 Correspondence between NIF models and send control functionality (2 of 3) in the manual Configuration Guide Vol.
  • Page 80 4. QoS Notes None...

  • Page 81: Clear Qos Queueing Distribution

    4. QoS clear qos queueing distribution Clears all queue statistics displayed by executing the show qos queueing distribution command. Syntax For the AX6700S series: <bsu no.> <port list> clear qos queueing distribution [ [{inbound | outbound}] For the AX6600S series: <csu no.>...
  • Page 82 Figure 4-30: Result of clearing statistics for the distribution input queue > clear qos queueing distribution 1/11 inbound Date 2008/12/24 12:00:00 UTC > Display items Table 4-11: Items displayed for statistics [AX6700S] Item Displayed information Detailed information Meaning BSU number...
  • Page 83 4. QoS Message Description Can't execute. The command could not be executed. There are no active BSUs, CSUs, and MSUs. Make sure at least one BSU, CSU, or MSU is active before re-executing the command. Illegal NIF -- <nif no.>. The specified NIF number is invalid.

  • Page 84: Show Qos Queueing Interface

    • Statistics for the total of the items For details about queues to be displayed, see figures from Figure 4-12: Queues to be displayed (other than NK1GS-8M) [AX6700S] to Figure 4-18: Queues to be displayed (for NH10G-1RX) in show qos queueing.
  • Page 85 4. QoS Example The following shows an example of displaying information when a port output queue is specified. Figure 4-31: Result of displaying information when a port output queue is specified > show qos queueing interface 1/1 outbound Date 2008/04/16 12:00:00 UTC NIF1/Port1 (outbound) Max_Queue=8, Rate=100Mbit/s, Schedule_mode=pq Queue1: Qlen=0, Peak_Qlen=51, Limit_Qlen=255, Drop_mode=tail_drop...
  • Page 86 4. QoS Item Displayed information Detailed information Meaning Limit_Qlen=<queue length> Limit of the number of in-use packet buffers in a queue Drop_mode=tail_drop Drop control mode: tail_drop Statistics discard Queuing priority • For details about queuing priority, see the description about the number of discard classes in Table 6-32 Correspondence between NIF models and send control functionality (2 of 3) in the manual Configuration Guide Vol.
  • Page 87 4. QoS Message Description No operational port. There is no port that is active. Make sure the specified NIF is active, and then re-execute the command. Notes None...

  • Page 88: Clear Qos Queueing Interface

    4. QoS clear qos queueing interface Clears all queue statistics displayed by executing the command. show qos queueing interface Syntax <port list> clear qos queueing interface [{inbound | outbound}] Input mode User mode and administrator mode Parameters <port list> Specify the port number in list format. Clears information about the queue that includes one or more ports specified in the list.
  • Page 89 4. QoS Message Description Can't execute. The command could not be executed. There are no active BSUs, CSUs, and MSUs. Make sure at least one BSU, CSU, or MSU is active before re-executing the command. Illegal NIF -- <nif no.>. The specified NIF number is invalid.

  • Page 90: Show Qos Queueing To-Cpu

    • Statistics for the total of the items For details about queues to be displayed, see figures from Figure 4-12: Queues to be displayed (other than NK1GS-8M) [AX6700S] to Figure 4-18: Queues to be displayed (for NH10G-1RX) in show qos queueing.
  • Page 91 Specify the queue number in list format. Displays information about the specified queue number. For AX6700S and AX6600S series switches, the specifiable range of queue numbers is from 1 to 16. For AX6300S series switches, the specifiable range of queue numbers is from 1 to 8.
  • Page 92 > Note: "-" is displayed for the items that do not exist in the statistics counter. Display items Table 4-16: Items displayed for statistics [AX6700S] [AX6600S] Item Displayed information Detailed information Meaning Interface BSU<bsu no.>:To-CPU Queues output to the CPU...
  • Page 93 4. QoS Item Displayed information Detailed information Meaning Statistics discard Queuing priority • For details about queuing priority, see the description about the number of discard classes in Table 6-32 Correspondence between NIF models and send control functionality (2 of 3) in the manual Configuration Guide Vol.
  • Page 94 4. QoS Item Displayed information Detailed information Meaning Statistics discard Queuing priority • For details about queuing priority, see the description about the number of discard classes in Table 6-35 Correspondence between NIF models and send control functionality (2 of 3) in the manual Configuration Guide Vol.

  • Page 95: Clear Qos Queueing To-Cpu

    Clears all queue statistics displayed by executing the command. show qos queueing to-cpu Syntax For the AX6700S series switches: <bsu no.> clear qos queueing to-cpu [ For the AX6600S series switches: <csu no.> clear qos queueing to-cpu [...
  • Page 96 4. QoS Display items None Impact on communication None Response messages Table 4-19: List of response messages for the clear qos queueing to-cpu command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute.

  • Page 97: Show Shaper

    4. QoS show shaper Outputs statistics for the hierarchical shaper functionality. Displays the following to monitor the traffic status: • Port buffer information. • Number of output or discarded packets in output queues, number of output and discarded bytes, and queue length Syntax show shaper [{ all | discard-mode }] Input mode...
  • Page 98 4. QoS 38419319 total 116008881 5267 Queue send_byte discard_byte discard_mode 9.5M 5.0M tail-drop2 3.7M 2.3M tail-drop2 3.2G 348.4k tail-drop2 6.6G tail-drop2 22.4G tail-drop2 36.7G tail-drop2 40.6G tail-drop2 54.3G tail-drop2 total 164.0G 7.6M User:ID=1, USER-A Schedule_mode=PQ Peak_rate=500Mbit/s, Min_rate=250Mbit/s, Weight=10 Queue send_pkt discard_pkt Queue_length 6324...
  • Page 99 4. QoS User:default-user, DEFAULT-LIST Schedule_mode=PQ Peak_rate=1Mbit/s, Min_rate=500kbit/s, Weight=1 Queue discard_pkt discard_byte discard_mode 3451 5.0M tail-drop2 1581 2.3M tail-drop2 348.4k tail-drop2 tail-drop2 tail-drop2 tail-drop2 tail-drop2 tail-drop2 total 5267 7.6M User:ID=1, USER-A Schedule_mode=PQ Peak_rate=500Mbit/s, Min_rate=250Mbit/s, Weight=10 Queue discard_pkt discard_byte discard_mode 3781 5.5M tail-drop2 1761 2.5M...
  • Page 100 Buffer QoS<no.>=<buffer>/<peak Port buffer information. buffer>/<limit buffer> QoS<no.>: Queue number <buffer>: Number of currently in-use buffers <peak buffer>: Greatest number of in-use buffers <limit buffer>: Specified buffer size Group Group: WGQ bandwidth control is used. information [AX6700S] [AX6600S]...
  • Page 101 ID=<user id>, <user list name> User ID, and user list name , <user list name> llrlq1 user, and user list name llrlq1 [AX6700S] [AX6600S] , <user list name> llrlq2 user, and user list name llrlq2 [AX6700S] [AX6600S] default-user, <user list name>...
  • Page 102 4. QoS Item Displayed information Detailed information Meaning Discard packets(User not configured) Total number of discarded packets of a user for whom configuration is not specified in the hierarchical shaper information #: The range from the MAC header to FCS is used. Impact on communication None Response messages...

  • Page 103: Clear Shaper

    4. QoS clear shaper Clears statistics for all hierarchical shaper functionality. Syntax clear shaper Input mode User mode and administrator mode Parameters None Example Figure 4-40: Result of clearing information > clear shaper Date 2008/06/24 12:00:00 UTC > Display items None Impact on communication None...

  • Page 104: Show Shaper

    If a hyphen (-) or a comma (,) is used, the specifiable range is user ID values set in the configuration. For AX6700S and AX6600S, the specifiable range of user IDs is from 1 to 1023. For AX6300S, the specifiable range of user IDs is from 1 to 511.
  • Page 105 4. QoS Displays all statistics for a hierarchical shaper. • Port buffer information. • Number of output or discarded packets in output queues, number of output or discarded bytes, queue length, and discard mode. discard-mode Displays the following statistics about drop control: Number of discarded packets in output queues, number of discarded bytes, discard mode, and queue length.
  • Page 106 4. QoS Figure 4-42: Displayed information when discard-mode is specified > show shaper 1/1 user 1 discard-mode Date 2008/06/24 12:00:00 UTC NIF 1/Port 1, Shaper_mode:RGQ Set_default_user_priority:disable Predicted_tail_drop:disable, Vlan_user_map:disable Port Rate_limit=1Gbit/s Buffer QoS1= 194/ 1812/ 2000 QoS2= 1784/ 2000 QoS3= 1582/ 1500 QoS4= 1422/ 1500...
  • Page 107 <peak buffer>: Greatest number of in-use buffers <limit buffer>: Specified buffer size Group Group: WGQ bandwidth control is used. information [AX6700S] [AX6600S] Rate_limit=<rate> A value set as the maximum bandwidth for a group. " " is displayed if the line speed is less than the specified bandwidth.
  • Page 108 4. QoS Item Displayed information Detailed information Meaning LLPQ_peak_rate=<rate> A value set as the maximum bandwidth for [AX6700S] [AX6600S] LLPQ. " " is displayed if the line speed is less than the specified bandwidth. Queue Queue Queue number information Statistics...
  • Page 109 4. QoS Message Description Illegal user id. The specified user ID is invalid. Make sure the specified parameter is correct, and then try again. No operational port. There is no port that is active. Possible causes are as follows: • Make sure the specified NIF is active, and then re-execute the command.

  • Page 110: Clear Shaper

    If a hyphen (-) or a comma (,) is used, the specifiable range is user ID values set in the configuration. For AX6700S and AX6600S, the specifiable range of user IDs is from 1 to 1023. For AX6300S, the specifiable range of user IDs is from 1 to 511.
  • Page 111 4. QoS Display items None Impact on communication None Response messages Table 4-25: List of response messages for the clear shaper <port list> command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute.

  • Page 113: Part 4: Layer 2 Authentication

    PART 4: Layer 2 Authentication Chapter 5. IEEE802.1X show dot1x statistics show dot1x clear dot1x statistics clear dot1x auth-state reauthenticate dot1x restart dot1x dump protocols dot1x show dot1x logging clear dot1x logging...

  • Page 114: Show Dot1X Statistics

    5. IEEE802.1X show dot1x statistics Displays statistics about IEEE 802.1X authentication. Syntax <port list> <channel group list> show dot1x statistics [{ port | channel-group-number <vlan id list> | vlan { | dynamic} }] Input mode User mode and administrator mode Parameters { port <port list>...
  • Page 115 5. IEEE802.1X > show dot1x statistics channel-group-number 11 Date 2006/03/23 12:32:00 UTC [EAPOL frames] ChGr TxTotal 30 TxReq/Id 10 TxReq TxSuccess : 10 TxFailure : 0 TxNotify RxTotal 20 RxStart 0 RxLogoff RxResp/Id : 10 RxResp 10 RxNotify RxInvalid : 0 RxLenErr [EAPoverRADIUS frames] ChGr...
  • Page 116 5. IEEE802.1X RxResp/Id : 10 RxResp 10 RxNotify RxInvalid : 0 RxLenErr VLAN TxTotal 30 TxReq/Id 10 TxReq (Dynamic) TxSuccess : 10 TxFailure : 0 TxNotify RxTotal 20 RxStart 0 RxLogoff RxResp/Id : 10 RxResp 10 RxNotify RxInvalid : 0 RxLenErr [EAPoverRADIUS frames] Port 1/10 TxTotal...
  • Page 117 5. IEEE802.1X Item Meaning Displayed information RxLenErr The number of invalid-length EAPOL frames that have been received (the number of discarded frames) [EAPoverRADIUS frames] Statistics for EAPoverRADIUS frames. For details about the items, see the following. TxTotal The total number of EAPoverRADIUS frames that have been sent TxNakResp The number of AccessRequest/EAP Response/NAK frames that have been sent TxNoNakRsp...
  • Page 118 5. IEEE802.1X Message Description Now another user is using dot1x command, please try Another user is using the command. Wait a while, and dot1x again. then retry the operation. Notes None...

  • Page 119: Show Dot1X

    5. IEEE802.1X show dot1x Displays status information about IEEE 802.1X authentication. Syntax <port list> <channel group list> show dot1x [{ port | channel-group-number | vlan <vlan id list> <vlan id list> | dynamic [ ]} }] [detail] Input mode User mode and administrator mode Parameters { port <port list>...
  • Page 120 5. IEEE802.1X Port/ChGr/VLAN AccessControl PortControl Status Supplicants Port Auto Authorized Port 1/10 Multiple-Auth Auto ChGr Multiple-Auth Auto VLAN 20 Multiple-Auth Auto VLAN(Dynamic) Multiple-Auth Auto > Figure 5-7: Displaying the status information for each port that uses IEEE 802.1X port-based authentication (no display type is specified) >...
  • Page 121 5. IEEE802.1X SessionTime(s) Date/Time 0012.e200.0011 Authorized Authenticated Idle 2008/12/17 17:55:00 0012.e200.0012 Authorized Authenticated Idle 2008/12/17 17:56:58 > Figure 5-11: Displaying the status information about each VLAN for IEEE 802.1X VLAN-based authentication (static) (no display type is specified) > show dot1x vlan 20 Date 2008/12/17 12:32:00 UTC VLAN 20 AccessControl...
  • Page 122 5. IEEE802.1X Date 2008/12/17 17:57:03 UTC VLAN(Dynamic) AccessControl : Multiple-Auth PortControl : Auto Status : --- Last EAPOL : 0012.e200.0005 Supplicants : 2 / 2 / 1024 ReAuthMode : Enable TxTimer(s) : --- / 30 ReAuthTimer(s): 123 / 300 ReAuthSuccess ReAuthFail SuppDetection : Disable...
  • Page 123 5. IEEE802.1X Port AccessControl : --- PortControl : Auto Status : Authorized Last EAPOL : 0012.e200.0021 Supplicants : 1 / 1 ReAuthMode : Enable TxTimer(s) : --- / 30 ReAuthTimer(s): 123 / 300 ReAuthSuccess ReAuthFail KeepUnauth(s) : --- / 3600 Supplicants MAC Status AuthState...
  • Page 124 5. IEEE802.1X SuppDetection : Disable VLAN(s): 2-5 Supplicants MAC Status AuthState BackEndState ReAuthSuccess SessionTime(s) Date/Time [VLAN 2] VLAN(Dynamic) Supplicants : 2 0012.e200.0005 Authorized Authenticated Idle 2008/12/17 17:55:00 0012.e200.0006 Authorized Authenticated Idle 2008/12/17 17:56:58 > Display items Table 5-3: Display items for the status information about IEEE 802.1X authentication Item Meaning Displayed information...
  • Page 125 5. IEEE802.1X Item Meaning Displayed information PortControl Displays the authentication control 1. Auto setting. 2. Force-Authorized : Authentication control is 3. Force-Unauthorized Auto applied. : Communication Force-Authorized is always authorized. Force-Unauthorized Communication is never authorized. Status Displays the authentication status of the 1.
  • Page 126 5. IEEE802.1X Item Meaning Displayed information KeepUnauth The authentication status was changed to unauthenticated status because multiple terminals were detected on a single-mode port. The time is displayed in seconds, and indicates how long the terminal remained in this status waiting for authentication processing to become available again.
  • Page 127 5. IEEE802.1X Item Meaning Displayed information ReAuthSuccess Displays the number of times re-authentication was successful. SessionTime Displays the time (in seconds for each supplicant) required to establish a session after a successful authentication. Date/Time Displays the time that authentication of the supplicant was successful. Impact on communication None Response messages...

  • Page 128: Clear Dot1X Statistics

    5. IEEE802.1X clear dot1x statistics Clears the IEEE 802.1X authentication statistics. Syntax <port list> <channel group clear dot1x statistics [{ port | channel-group-number list> <vlan id list> | vlan { | dynamic} }] Input mode User mode and administrator mode Parameters { port <port list>...
  • Page 129 5. IEEE802.1X Message Description Can't execute. The command could not be executed. Re-execute the command. Connection failed to 802.1X An attempt to connect to the IEEE 802.1X program failed. Re-execute the program.(Reason:Connection Error) command. If the failure occurs frequently, use the command to restart dot1x restart IEEE 802.1X.

  • Page 130: Clear Dot1X Auth-State

    5. IEEE802.1X clear dot1x auth-state Initializes the IEEE 802.1X authentication status. Syntax <port list> <channel group clear dot1x auth-state [{ port | channel-group-number list> <vlan id list> <vlan id list> <mac address> | vlan { | dynamic [ ]} | supplicant-mac }] [-f] Input mode User mode and administrator mode...
  • Page 131 5. IEEE802.1X Example Figure 5-19: Initializing all IEEE 802.1X authentication statuses on a Switch > clear dot1x auth-state Initialize all 802.1X Authentication Information. Are you sure? (y/n) :y > Display items None Impact on communication If initialization is performed, the IEEE 802.1X authentication status on the relevant ports or VLANs is initialized, and communication is lost.
  • Page 132 5. IEEE802.1X • If the parameter is <vlan id list> and there is an authentication terminal, vlan dynamic EAP-Failure is unicasted once to the authentication terminal, and EAP-Req/Id is multicasted once to the specified type of IEEE 802.1X authentication. • If the parameter is <mac address>, EAP-Failure is unicasted to the supplicant-mac specified authentication terminal.

  • Page 133: Reauthenticate Dot1X

    5. IEEE802.1X reauthenticate dot1x Re-authenticates the status of IEEE 802.1X authentication. Even if re-authentication timer (reauth-period) is 0 (disabled), re-authentication is forcibly performed. Syntax <port list> <channel group list> reauthenticate dot1x [{ port | channel-group-number <vlan id list> <vlan id list> <mac address>...
  • Page 134 5. IEEE802.1X Example Figure 5-20: Re-authentication for all IEEE 802.1X-authenticated ports and VLANs on a Switch > reauthenticate dot1x Reauthenticate all 802.1X ports and vlans. Are you sure? (y/n) :y > Display items None Impact on communication When re-authentication is initiated, no problems with communication arise if re-authentication is successful.

  • Page 135: Restart Dot1X

    5. IEEE802.1X restart dot1x Restarts the IEEE 802.1X program. Syntax restart dot1x [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the IEEE 802.1X program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file When the IEEE 802.1X program is restarted, the core file of the program is output.
  • Page 136 5. IEEE802.1X Notes The storage directory and the name of the core file are as follows: Storage directory: /usr/var/core Core file: dot1xd.core If necessary, back up the file in advance because the specified file is unconditionally overwritten if it already exists.

  • Page 137: Dump Protocols Dot1X

    5. IEEE802.1X dump protocols dot1x Outputs control table information and statistics collected by the IEEE 802.1X program to a file. Syntax dump protocols dot1x Input mode User mode and administrator mode Parameters None Example Figure 5-23: Acquiring IEEE 802.1X program online dump >...

  • Page 138: Show Dot1X Logging

    5. IEEE802.1X show dot1x logging Displays the operation log messages collected by the IEEE 802.1X program. Syntax show dot1x logging [{ error | warning | notice | info }] Input mode User mode and administrator mode Parameters { error | warning | notice | info } Specify the level of operation log message to be displayed.
  • Page 139 5. IEEE802.1X (2) Date: Indicates the date recorded in the IEEE 802.1X program. (3) Time: Indicates the time recorded in the IEEE 802.1X program. (4) Log ID: Indicates the level of the operation log message. (5) Log type: Indicates the type of operation that outputs the log message. (6) Additional information: Indicates supplementary information provided in the message.
  • Page 140 5. IEEE802.1X Log ID Log type Message text Meaning and action Additional information NORMAL LOGIN Login succeeded. ; [Meaning] MAC address Supplicant Re-Auth A supplicant was re-authenticated port number or Success. successfully. channel group number [Action] VLAN ID None NORMAL LOGOUT Logout succeeded.
  • Page 141 5. IEEE802.1X Log ID Log type Message text Meaning and action Additional information NORMAL LOGOUT Force logout. ; VLAN [Meaning] MAC address status down. Authentication has been canceled port number or because the VLAN has gone down channel group or the VLAN was deleted from the number configuration of the port.
  • Page 142 5. IEEE802.1X Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed. ; Failed to [Meaning] MAC address assign VLAN. (Reason: VLAN dynamic assignment failed port number or Tunnel-Type Attribute is because the value of the channel group not VLAN(13).) Tunnel-Type attribute was not...
  • Page 143 5. IEEE802.1X Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed. ; Failed to [Meaning] MAC address assign VLAN. (Reason: VLAN dynamic assignment failed port number or The Port doesn't belong to because the authentication port did channel group VLAN.) not belong to the VLAN ID.
  • Page 144 5. IEEE802.1X Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed. ; Failed to [Meaning] MAC address authenticate the Authentication failed because port number or supplicant because it registration of a supplicant in channel group could not be registered to mac-address-table failed.
  • Page 145 5. IEEE802.1X Log ID Log type Message text Meaning and action Additional information WARNING SYSTEM Invalid EAP over [Meaning] RADIUS frame received. An invalid EAP over RADIUS frame has been received. [Action] Check whether there is any problem with the following: •...
  • Page 146 5. IEEE802.1X Log ID Log type Message text Meaning and action Additional information WARNING SYSTEM Failed in the name [Meaning] Server name resolution with the DNS Name resolution by the DNS server server. failed. [Action] Change the server set by the radius-server host configuration command to IPv4 or IPv6 address.

  • Page 147: Clear Dot1X Logging

    5. IEEE802.1X clear dot1x logging Clears the operation log messages collected by IEEE 802.1X program. Syntax clear dot1x logging Input mode User mode and administrator mode Parameters None Example Figure 5-25: Clearing IEEE 802.1X operation log messages > clear dot1x logging >...

  • Page 149: Web Authentication

    Chapter 6. Web Authentication set web-authentication user set web-authentication passwd set web-authentication vlan remove web-authentication user show web-authentication user show web-authentication login show web-authentication logging show web-authentication show web-authentication statistics clear web-authentication logging clear web-authentication statistics commit web-authentication store web-authentication load web-authentication clear web-authentication auth-state restart web-authentication...

  • Page 150: Set Web-Authentication User

    6. Web Authentication set web-authentication user Adds a user for Web authentication. At this time, specify the VLAN to which the user belongs. To apply the change to the authentication information, execute the commit web-authentication command. Syntax <user name> <password> <vlan id> set web-authentication user Input mode Administrator mode...
  • Page 151 6. Web Authentication Message Description Now another user is using WA command, please try Another user is using a command for the Web authentication again. functionality. Wait a while, and then retry the operation. The number of users exceeds 300. The number of users to be registered exceeds 300.

  • Page 152: Set Web-Authentication Passwd

    6. Web Authentication set web-authentication passwd Changes the password of a Web-authenticated user. To apply the change to the authentication information, execute the commit web-authentication command. Syntax <user name> <old password> <new password> set web-authentication passwd Input mode Administrator mode Parameters <user name>...
  • Page 153 6. Web Authentication Message Description WA is not configured. The Web authentication functionality is not enabled. Check the configuration. Notes • This command cannot be used concurrently by multiple users. • The settings are available as authentication information only after the commit command has been executed.

  • Page 154: Set Web-Authentication Vlan

    6. Web Authentication set web-authentication vlan Changes the VLAN to which a Web-authenticated user belongs. To apply the change to the authentication information, execute the commit web-authentication command. Syntax <user name> <vlan id> set web-authentication vlan Input mode Administrator mode Parameters <user name>...

  • Page 155: Remove Web-Authentication User

    6. Web Authentication remove web-authentication user Deletes a user for Web authentication. To apply the change to the authentication information, execute the commit web-authentication command. Syntax <user name> remove web-authentication user { | -all} [-f] Input mode Administrator mode Parameters <user name>...
  • Page 156 6. Web Authentication Message Description WA is not configured. The Web authentication functionality is not enabled. Check the configuration. Notes The settings are available as authentication information only after the commit command has been executed. web-authentication...

  • Page 157: Show Web-Authentication User

    6. Web Authentication show web-authentication user Displays the user information registered on the Switch used for Web authentication. This command can also display user information that is being entered or edited by using the following commands: • set web-authentication user command •...
  • Page 158 6. Web Authentication Impact on communication None Response messages Table 6-6: List of response messages for the show web-authentication user command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed.

  • Page 159: Show Web-Authentication Login

    6. Web Authentication show web-authentication login Displays the users currently logged in (users that have already been authenticated) in ascending order by login date and time. Syntax show web-authentication login Input mode Administrator mode Parameters None Example The following shows an example of displaying authenticated users: When the authentication mode is dynamic VLAN mode or legacy mode: # show web-authentication login...
  • Page 160 6. Web Authentication Item Meaning Displayed information MAC address MAC address The MAC address of the authenticated, currently logged-in user Login time Login date and time The time when the authenticated, currently logged-in user logged Limit time Remaining login time The remaining login time of the authenticated, currently logged-in user.

  • Page 161: Show Web-Authentication Logging

    6. Web Authentication show web-authentication logging Displays the operation log messages collected by Web authentication program. Syntax show web-authentication logging [user] Input mode Administrator mode Parameters user Specify the type of operation log message to be displayed. If this parameter is specified, user authentication information is displayed. Operation when this parameter is omitted: Displays the operation log of the Web authentication program and the user authentication information in chronological order.
  • Page 162 6. Web Authentication (4) Log ID: Indicates the level of the operation log message. (5) Log type: Indicates the type of operation that outputs the log message. (6) Additional information: Indicates supplementary information provided in the message. (7) Message body Operation log messages show the following information: •...
  • Page 163 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NORMAL LOGIN Login update [Meaning] MAC address succeeded. The user's login time was User name successfully updated. IP address [Action] VLAN ID None Port number NORMAL LOGOUT Force logout ;...
  • Page 164 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed ; [Meaning] User name Password not found Authentication failed Password to web authentication because a password was not entered or the entered [Password=[passwor password was incorrect.
  • Page 165 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed ; [Meaning] MAC address Number of login was Authentication cannot be User name beyond limit. performed because the number of logins exceeded the maximum allowable number.
  • Page 166 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed ; Failed [Meaning] MAC address to connection to Authentication failed User name RADIUS server. because an attempt to IP address communicate with the VLAN ID RADIUS server failed.
  • Page 167 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGOUT Logout failed ; [Meaning] MAC address L2MacManager Canceling authentication failed. failed because a notification from the VLAN program indicating that de-authentication could not be performed was received. The cause is either of the following: •...
  • Page 168 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NORMAL LOGOUT Force logout ; VLAN [Meaning] [Legacy mode] deleted. When the mode is legacy MAC address mode, authentication of the User name user logged in to a VLAN VLAN ID was deleted because the VLAN set for the interface...
  • Page 169 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login update failed. [Meaning] MAC address The login time could not be User name updated because IP address re-authentication of the user failed. [Action] Log in again using the correct user ID and password.
  • Page 170 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NORMAL LOGOUT Force logout ; Other [Meaning] MAC address authentication Authentication was User name program. canceled because it was IP address overwritten by another VLAN ID authentication operation.
  • Page 171 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NORMAL LOGOUT Force logout ; [Meaning] MAC address Authentic mode had All authentications were User name changed (dynamic canceled because IP address vlan -> Legacy). authentication method was VLAN ID changed from dynamic Port number...
  • Page 172 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NORMAL SYSTEM MAC address existed [Meaning] MAC address in the A MAC address, which is User name L2MacManager. available for the VLAN program, but it is not available for Web authentication, was detected.
  • Page 173 6. Web Authentication Log ID Log type Message text Meaning and action Additional information ERROR SYSTEM Program failed ; [Meaning] Login information An attempt to delete the could not delete. login information failed. [Action] If this message appears frequently, use the restart web-authentication command to restart the Web...
  • Page 174 6. Web Authentication Log ID Log type Message text Meaning and action Additional information NOTICE SYSTEM Change to [Meaning] redundancy mode The Web authentication (ACT -> SBY). program was switched from active mode to standby mode. [Action] None NORMAL SYSTEM Synchronized ;...
  • Page 175 6. Web Authentication Log ID Log type Message text Meaning and action Additional information ERROR SYSTEM The other error. [Meaning] error code [error-code] An internal Web authentication error occurred. Communication failed with an internal functionality indicated by the error code after The other error.

  • Page 176: Show Web-Authentication

    6. Web Authentication show web-authentication Displays the configuration for Web authentication. Syntax show web-authentication Input mode Administrator mode Parameters None Example When the authentication mode is legacy mode and the authentication method is local authentication with no registered VLANs: # show web-authentication Date 2010/04/16 10:52:49 UTC web-authentication Information: Authentic-mode...
  • Page 177 6. Web Authentication Port VLAN ID 5,10,15 Port VLAN ID 15-16 When the authentication mode is dynamic VLAN mode and the authentication method is local authentication: # show web-authentication Date 2010/04/15 10:52:49 UTC web-authentication Information: Authentic-mode : Dynamic-VLAN Authentic-method : Local Accounting-state : disable Max-timer : 60 Max-user...
  • Page 178 6. Web Authentication Display items Table 6-14: Items displayed for the Web authentication configuration Item Meaning Displayed information Authentic-mode Authentication mode Authentication mode for the Web authentication functionality. : Indicates legacy mode. Legacy : Indicates dynamic VLAN mode Dynamic-VLAN : Indicates fixed VLAN mode Static-VLAN Authentic-method Authentication method...
  • Page 179 6. Web Authentication Item Meaning Displayed information Protocol http/https type Login page type to be displayed on a terminal. : Login page is displayed in http. http : Login page is displayed in https. https Jump-URL URL to jump to after URL to jump to after Web authentication is successful authentication Web-IP-address...

  • Page 180: Show Web-Authentication Statistics

    6. Web Authentication show web-authentication statistics Displays statistics for Web authentication. Syntax show web-authentication statistics Input mode Administrator mode Parameters None Example When the authentication mode is fixed VLAN mode or dynamic VLAN mode, and the authentication method is local authentication: # show web-authentication statistics Date 2010/04/15 11:10:49 UTC web-authentication Information:...
  • Page 181 6. Web Authentication [RADIUS frames] TxTotal TxAccReq TxError RxTotal RxAccAccpt: RxAccRejct: RxAccChllg: RxInvalid : Account web-authentication Information: [Account frames] TxTotal TxAccReq TxError RxTotal RxAccResp : RxInvalid : Display items Table 6-16: Items displayed for Web authentication statistics Item Meaning Authentication Request Total The total number of authentication requests Authentication Current Count The number of users currently authenticated...
  • Page 182 6. Web Authentication Message Description Connection failed to WA program. Communication with the Web authentication program failed. Re-execute the command. If communication fails frequently, use command to restart the restart web-authentication Web authentication program. WA is not configured. The Web authentication functionality is not enabled. Check the configuration.

  • Page 183: Clear Web-Authentication Logging

    6. Web Authentication clear web-authentication logging Clears log information for Web authentication. Syntax clear web-authentication logging Input mode Administrator mode Parameters None Example The following shows an example of clearing log information for Web authentication. # clear web-authentication logging Display items None Impact on communication None...

  • Page 184: Clear Web-Authentication Statistics

    6. Web Authentication clear web-authentication statistics Clears Web authentication statistics. Syntax clear web-authentication statistics Input mode Administrator mode Parameters None Example The following shows an example of clearing Web authentication statistics: # clear web-authentication statistics Display items None Impact on communication None Response messages Table 6-19: List of response messages for the clear web-authentication statistics command...

  • Page 185: Commit Web-Authentication

    6. Web Authentication commit web-authentication Stores local authentication user data for Web authentication in internal flash memory. Syntax commit web-authentication [-f] Input mode Administrator mode Parameters Stores local authentication data for Web authentication in internal flash memory without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.
  • Page 186 6. Web Authentication Notes • Information about the Web authentication DB which is being operated is not overwritten unless this command is executed after the following commands are executed to add, change, or delete users: • set web-authentication user • set web-authentication passwd •...

  • Page 187: Store Web-Authentication

    6. Web Authentication store web-authentication Backs up Web authentication user information to a file. Syntax <file name> store web-authentication [-f] Input mode Administrator mode Parameters <file name> Specify the name of the file to which Web authentication user information is to be backed up. Backs up Web authentication user information to a file without displaying a confirmation message.
  • Page 188 6. Web Authentication Date 2007/04/01 19:46:29 JST Flash : user area config area dump area area total used 37,063kB 65kB 16kB 37,144kB free 616kB 7,199kB 8,152kB 15,967kB total 37,679kB 7,265kB 8,168kB 53,112kB Note: The underlined part (the value for indicating the free capacity of the user area) must be free at least 20 KB.

  • Page 189: Load Web-Authentication

    6. Web Authentication load web-authentication Restores Web authentication user information from a backup file for Web authentication user information. Note that information registered or changed by using the following commands will be replaced by the information that is being restored: •...
  • Page 190 6. Web Authentication Message Description Connection failed to WA program. Communication with the Web authentication program failed. Re-execute the command. If communication fails frequently, use command to restart the restart web-authentication Web authentication program. File format error. Registration is not possible because the file is not a backup file. Load operation failed.

  • Page 191: Clear Web-Authentication Auth-State

    6. Web Authentication clear web-authentication auth-state Forcibly logs out an authenticated, currently logged-in user. When multiple logins are performed using the same user ID, if a user logs out by using this command, all users who have the same user ID are forcibly logged out. Alternatively, a specific login can be canceled by specifying a MAC address.
  • Page 192 6. Web Authentication Forcing logout of an authenticated user that is currently logged in by specifying the MAC address 0012.e200.0001 # clear web-authentication auth-state mac-address 0012.e200.0001 Logout user web-authentication of specified MAC address. Are you sure? (y/ n): y Display items None Impact on communication Authentication for any user that is specified will be canceled.

  • Page 193: Restart Web-Authentication

    6. Web Authentication restart web-authentication Restarts the Web authentication program and the Web server. Syntax restart web-authentication [-f] [{core-file | web-server}] Input mode User mode and administrator mode Parameters Restarts without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.
  • Page 194 6. Web Authentication Message Description WA is not configured. If Web authentication functionality has not been set, check the configuration. If the web-authentication system-auth-control configuration command has been set, perform the following operation: • Use the no web-authentication configuration command to stop system-auth-control Web authentication.

  • Page 195: Dump Protocols Web-Authentication

    6. Web Authentication dump protocols web-authentication Outputs to a file detailed event trace information and control table information collected by the Web authentication program. Syntax dump protocols web-authentication Input mode User mode and administrator mode Parameters None Example The following shows an example of collecting Web authentication dump information: >...

  • Page 196: Set Web-Authentication Html-Files

    6. Web Authentication set web-authentication html-files Replaces the images for Web authentication pages (such as login and logout pages), the messages output for authentication errors, and the icons displayed in the Favorites menu of the Web browser. When you execute this command, specify the name of the directory in which the page images, messages, or icons to be registered are stored.
  • Page 197 6. Web Authentication icons (when page images, messages, and icons to be registered are stored in the directory): k-html # ls -l k-html -rwxr-xr-x operator users 1108 Dec 6 09:59 login.html -rwxr-xr-x operator users 1302 Dec 6 09:59 loginNG.html -rwxr-xr-x operator users 1300 Dec...
  • Page 198 6. Web Authentication between the active and standby systems is performed. • The total capacity of a file that can be registered is 1024 KB. If the capacity exceeds 1024 KB, the file cannot be registered. • A maximum of 100 files can be registered. If there are too many files, command execution might take time.

  • Page 199: Clear Web-Authentication Html-Files

    6. Web Authentication clear web-authentication html-files Deletes the Web authentication pages, messages, and icons registered by the command, and reverts to the default settings. web-authentication html-files Syntax clear web-authentication html-files [-f] Input mode Administrator mode Parameters Deletes the pages, messages, and icons without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.

  • Page 200: Show Web-Authentication Html-Files

    6. Web Authentication show web-authentication html-files Displays the size of the file (in bytes) registered by the set web-authentication html-files command and the date and time registered. If no file has been registered, that the default setting is being used is displayed. Syntax show web-authentication html-files [detail] Input mode...
  • Page 201 6. Web Authentication file, or ico file is displayed): # show web-authentication html-files detail Date 2007/04/01 10:07:04 UTC TOTAL SIZE 60775 --------------------------------------------------- SIZE DATE login.html 2049 2007/03/30 14:05 loginOK.html 1046 2007/03/30 14:05 loginNG.html 2007/03/30 14:05 logout.html 2007/03/30 14:05 logoutOK.html 2007/03/30 14:05 logoutNG.html 2007/03/30 14:05 webauth.msg...

  • Page 203: Mac-Based Authentication

    Chapter 7. MAC-based Authentication show mac-authentication login show mac-authentication logging show mac-authentication show mac-authentication statistics clear mac-authentication auth-state clear mac-authentication logging clear mac-authentication statistics set mac-authentication mac-address remove mac-authentication mac-address commit mac-authentication show mac-authentication mac-address store mac-authentication load mac-authentication restart mac-authentication dump protocols mac-authentication...

  • Page 204: Show Mac-Authentication Login

    7. MAC-based Authentication show mac-authentication login Displays the authenticated, currently logged-in terminals in ascending order by login date and time. Syntax show mac-authentication login Input mode Administrator mode Parameters None Example The following shows an example of displaying authenticated MAC addresses: # show mac-authentication login Date 2010/04/01 10:52:49 UTC Total client counts:2...
  • Page 205 7. MAC-based Authentication Item Meaning Displayed information Mode Operating mode Authenticated mode. : Authenticated in fixed VLAN mode Static : Authenticated in dynamic VLAN mode Dynamic Impact on communication None Response messages Table 7-2: List of response messages for the show mac-authentication login command Message Description Can't execute this command in standby system.

  • Page 206: Show Mac-Authentication Logging

    7. MAC-based Authentication show mac-authentication logging Displays the operation log messages collected by the MAC-based authentication program. Syntax show mac-authentication logging [client] Input mode Administrator mode Parameters client Specify the type of operation log message to be displayed. If this parameter is specified, terminal authentication information is displayed. Operation when this parameter is omitted: Displays the operation log of the MAC-based authentication program and the terminal authentication information in chronological order.
  • Page 207 7. MAC-based Authentication Table 7-6: List of operation log messages. (2) Date: Indicates the date recorded in the MAC-based authentication program. (3) Time: Indicates the time recorded in the MAC-based authentication program. (4) Log ID: Indicates the level of the operation log message. (5) Log type: Indicates the type of operation that outputs the log message.
  • Page 208 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NORMAL LOGOUT Force logout ; Port [Meaning] MAC address link down. Authentication was VLAN ID canceled because the link Port number for the relevant port went down.
  • Page 209 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed ; VLAN [Meaning] MAC address not specified. An authentication error VLAN ID occurred because the Port number authentication request was sent from a VLAN that does not exist on the port.
  • Page 210 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed ; Double [Meaning] MAC address login. The VLAN program VLAN ID (L2MacManager) reported that authentication Port number was not possible (because duplicate MAC addresses were registered).
  • Page 211 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGOUT Logout failed ; [Meaning] MAC address L2MacManager Deletion failed because the VLAN ID failed. user was not being Port number authenticated by MAC-based authentication. [Action] Check whether the MAC address has already been...
  • Page 212 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed ; [Meaning] MAC address Connection failed Authentication failed L2MacManager. because an attempt to communicate with the VLAN program failed. [Action] Attempt authentication again.
  • Page 213 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NORMAL LOGIN Un-authorized Port [Meaning] MAC address Accepted. Communication with an VLAN ID unauthorized terminal was Port number detected. [Action] None NORMAL SYSTEM Accepted clear [Meaning] auth-state command.
  • Page 214 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information ERROR SYSTEM Macauthd could not [Meaning] error code initialize.[error-code] Initializing the MAC-based authentication program failed. [Action] Check the configurations of MAC-based authentication. If this message appears frequently, use the restart mac-authentication...
  • Page 215 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information ERROR SYSTEM Program failed ; [Meaning] error code Internal data update. An attempt to update the [error-code] internal table for the configuration failed. [Action] Use the restart mac-authentication command to restart the...
  • Page 216 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NOTICE SYSTEM Change to [Meaning] redundancy mode The MAC-based (ACT -> SBY). authentication program was switched from active mode to standby mode. [Action] None NORMAL SYSTEM Synchronized ;...
  • Page 217 7. MAC-based Authentication Log ID Log type Message text Meaning and action Additional information NOTICE LOGIN Login failed ; VLAN [Meaning] MAC address ID not found to MAC Authentication failed VLAN ID authentication DB. because the VLAN ID to be authenticated was not registered in the internal MAC-based authentication...
  • Page 218 7. MAC-based Authentication Notes • MAC-based authentication operation log messages are displayed with newer messages displayed first. • For duplex configuration, operation log information is deleted on transfer between active and standby, rather than being inherited.

  • Page 219: Show Mac-Authentication

    7. MAC-based Authentication show mac-authentication Displays the configuration for MAC-based authentication. Syntax show mac-authentication Input mode Administrator mode Parameters None Example The following examples show configuration information displayed for MAC-based authentication. When a port for MAC-based authentication is not registered: # show mac-authentication Date 2010/04/15 10:52:49 UTC mac-authentication Information:...
  • Page 220 7. MAC-based Authentication Display items Table 7-8: Items displayed for the configuration of MAC-based authentication Item Meaning Displayed information Authentic-method Authentication Authentication method for the MAC-based method authentication functionality. : Indicates local authentication Local : Indicates RADIUS authentication RADIUS Accounting-state Whether the Whether the accounting server is available for the accounting server is...
  • Page 221 7. MAC-based Authentication Item Meaning Displayed information Native VLAN VLAN ID of a The VLAN ID of the native VLAN set for the port native VLAN for dynamic VLAN mode Impact on communication None Response messages Table 7-9: List of response messages for the show mac-authentication command Message Description Can't execute this command in standby system.

  • Page 222: Show Mac-Authentication Statistics

    7. MAC-based Authentication show mac-authentication statistics Displays MAC-based authentication statistics. Syntax show mac-authentication statistics Input mode Administrator mode Parameters None Example The following shows an example of displaying MAC-based authentication statistics: # show mac-authentication statistics Date 2010/04/01 11:10:49 UTC mac-authentication Information: Authentication Request Total : Authentication Current Count : Authentication Error Total...
  • Page 223 7. MAC-based Authentication Item Meaning RxInvalid The total number of invalid frames received from the RADIUS server Account frames Accounting information TxTotal The total number of packets transmitted to the accounting server TxAccReq The total number of Accounting-Request packets sent to the accounting server TxError The number of errors occurring during transmission to the...

  • Page 224: Clear Mac-Authentication Auth-State

    7. MAC-based Authentication clear mac-authentication auth-state Specify the MAC address to forcibly log out the specific authentication terminal. In addition, you can forcibly log out all the authenticated, currently logged-in terminals. Syntax <mac> clear mac-authentication auth-state mac-address { | -all} [-f] Input mode Administrator mode Parameters...
  • Page 225 7. MAC-based Authentication Response messages Table 7-12: List of response messages for the clear mac-authentication auth-state command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed. Connection failed to mac-authentication program.

  • Page 226: Clear Mac-Authentication Logging

    7. MAC-based Authentication clear mac-authentication logging Clears the log information for MAC-based authentication. Syntax clear mac-authentication logging Input mode Administrator mode Parameters None Example The following shows an example of clearing the log information for MAC-based authentication: # clear mac-authentication logging Display items None Impact on communication...

  • Page 227: Clear Mac-Authentication Statistics

    7. MAC-based Authentication clear mac-authentication statistics Clears the MAC-based authentication statistics. Syntax clear mac-authentication statistics Input mode Administrator mode Parameters None Example The following shows an example of clearing MAC-based authentication statistics: # clear mac-authentication statistics Display items None Impact on communication None Response messages Table 7-14: List of response messages for the clear mac-authentication statistics command...

  • Page 228: Set Mac-Authentication Mac-Address

    7. MAC-based Authentication set mac-authentication mac-address Adds a MAC address for MAC-based authentication to the internal MAC-based authentication DB. Specify the VLAN ID to which the user belongs. You can add a MAC address that has already been registered if its VLAN ID is different from that already registered. At least one VLAN ID must be specified if you use this command in dynamic VLAN mode because a VLAN ID is changed to the specified VLAN ID by using this command after authentication in dynamic VLAN mode.
  • Page 229 7. MAC-based Authentication Response messages Table 7-15: List of response messages for the set mac-authentication mac-address command Message Description Already mac address "<mac>","<vlan id>" exists. The specified MAC address has already been registered. Can't execute this command in standby system. This command cannot be executed on a standby system.

  • Page 230: Remove Mac-Authentication Mac-Address

    7. MAC-based Authentication remove mac-authentication mac-address Deletes MAC addresses, for MAC-based authentication, from the internal MAC-based authentication DB. Regardless of any associated VLAN ID, as long as the MAC address is the same as the specified MAC address, the MAC address is deleted. To apply the setting to the authentication information, execute the commit mac-authentication command.
  • Page 231 7. MAC-based Authentication Message Description Can't execute. The command could not be executed. Re-execute the command. Mac-authentication is not configured. The MAC-based authentication functionality is not configured. Check the configuration. Now another user is using mac-authentication Another user is using a command related to the MAC-based command, please try again.

  • Page 232: Commit Mac-Authentication

    7. MAC-based Authentication commit mac-authentication Saves the internal MAC-based authentication DB for MAC-based authentication to the internal flash memory. The contents of the internal MAC-based authentication DB which is being used is not overwritten unless this command is executed after the following commands are executed to add or delete MAC addresses: •...
  • Page 233 7. MAC-based Authentication Message Description Connection failed to mac-authentication program. Communication with the MAC-based authentication program failed. Re-execute the command. If communication fails frequently, use the command restart mac-authentication to restart the MAC-based authentication program. Mac-authentication is not configured. The MAC-based authentication functionality is not configured. Check the configuration.

  • Page 234: Show Mac-Authentication Mac-Address

    7. MAC-based Authentication show mac-authentication mac-address Displays information about the MAC addresses for MAC-based authentication that are registered in a Switch. MAC address information which is either being entered or being edited by using the following commands can also be displayed: •...
  • Page 235 7. MAC-based Authentication Impact on communication None Response messages Table 7-19: List of response messages for the show mac-authentication mac-address command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed.

  • Page 236: Store Mac-Authentication

    7. MAC-based Authentication store mac-authentication Backs up the internal MAC-based authentication DB to files. Syntax store mac-authentication <file name> [-f] Input mode Administrator mode Parameters <file name> Specify the name of a file to which the internal MAC-based authentication DB is to be backed Backs up the internal MAC-based authentication DB to files without displaying confirmation messages.
  • Page 237 7. MAC-based Authentication The following shows an example of executing the command: show flash > show flash Date 2007/12/01 19:46:29 JST Flash : user area config area dump area area total used 37,063kB 65kB 16kB 37,144kB free 616kB 7,199kB 8,152kB 15,967kB total 37,679kB...

  • Page 238: Load Mac-Authentication

    7. MAC-based Authentication load mac-authentication Restores the internal MAC-based authentication DB from a backup file to the internal MAC-based authentication DB. Note that the contents registered or changed by the following commands will be replaced by the contents of the restored backup: •...
  • Page 239 7. MAC-based Authentication Message Description Connection failed to mac-authentication program. Communication with the MAC-based authentication program failed. Re-execute the command. If communication fails frequently, use the command restart mac-authentication to restart the MAC-based authentication program. File format error. Registration is not possible because the file is not a backup file. Load operation failed.

  • Page 240: Restart Mac-Authentication

    7. MAC-based Authentication restart mac-authentication Restarts the MAC-based authentication program. Syntax restart mac-authentication [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs a core file for MAC-based authentication when the MAC-based authentication program is restarted.

  • Page 241: Dump Protocols Mac-Authentication

    7. MAC-based Authentication dump protocols mac-authentication Outputs to a file detailed event trace information and control table information collected by the MAC-based authentication program. Syntax dump protocols mac-authentication Input mode User mode and administrator mode Parameters None Example The following shows an example of dumping the MAC-based authentication information: >...

  • Page 243: Authentication Vlans [Op-Vaa]

    Chapter 8. Authentication VLANs [OP-VAA] show fense server [OP-VAA] show fense statistics [OP-VAA] show fense logging [OP-VAA] clear fense statistics [OP-VAA] clear fense logging [OP-VAA] restart vaa [OP-VAA] dump protocols vaa [OP-VAA]...

  • Page 244: Show Fense Server [Op-Vaa]

    8. Authentication VLANs [OP-VAA] show fense server [OP-VAA] Displays information set for an authentication VLAN, and the operating status of the current VLANaccessAgent. Syntax <id no list> <vlan id list> show fense server [id ] [detail [ Input mode User mode and administrator mode Parameters id <id no list>...
  • Page 245 8. Authentication VLANs [OP-VAA] Retry Timer: Retry Count: infinity Current Count: Alive Timer: Target-VLAN Count: An example of displaying detailed information about all configured VLANaccessAgent is shown below. Information about the server and the fence VLAN for all VLAN IDs is displayed.
  • Page 246 8. Authentication VLANs [OP-VAA] Item Meaning Displayed information Server status Indicates the authentication server status from the following Agent Status categories. : Indicates the status that connection with the CONNECTED authentication server is established. : Indicates the status that connection with the DISCONNECTED authentication server is disconnected.
  • Page 247 8. Authentication VLANs [OP-VAA] Item Meaning Displayed information Current Registered The number of registered Displays the number of MAC addresses registered for MAC dynamic MACs VLANs. To view the registered MAC addresses, use the show <vlan id list> command. vlan mac-vlan dynamic Server Information Authentication server...
  • Page 248 8. Authentication VLANs [OP-VAA] Item Meaning Displayed information VLAN ID VLAN ID Indicates the ID of a VLAN set as an authenticated VLAN. : Indicates a VLAN ID. 4095 IP Subnet Address Subnet address of an Indicates the setting value for the subnet address of the authenticated VLAN authenticated VLAN corresponding to the VLAN ID.

  • Page 249: Show Fense Statistics [Op-Vaa]

    8. Authentication VLANs [OP-VAA] show fense statistics [OP-VAA] Displays statistics for VLANaccessAgent. Syntax <id no list> show fense statistics [id Input mode User mode and administrator mode Parameters id <id no list> Displays statistics for connection of the specified authentication server (VLANaccessController).
  • Page 250 8. Authentication VLANs [OP-VAA] Error FORMERROR INVSTATE NOMEMORY INVPARAM NOCLIENT Target-VLAN Registration: MACReg MACDel AllMACDel MACList Request 1100 1000 Error INVVLAN MACOVFLW DUPMAC NOMAC HASHFULL OTHERERR Display items Table 8-4: Items displayed for VLANaccessAgent statistics Item Meaning Displayed information VLANaccessAgentID Displays vaa_id for information about connection to VLANaccessAgent.
  • Page 251 8. Authentication VLANs [OP-VAA] Item Meaning Displayed information FORMERROR Number of times that Indicates the number of error responses to FORMERROR FORMERROR has been sent as the cause of the MAC address registration messages. error Unsigned 32-bit value: Indicates the number of errors.
  • Page 252 8. Authentication VLANs [OP-VAA] Item Meaning Displayed information Error Number of failed requests for Indicates the total number of times that requests to acquiring the list acquire a list of MAC addresses, received from the authentication server, failed. Unsigned 32-bit value: Indicates the number of times that a request for acquiring the list failed.
  • Page 253 8. Authentication VLANs [OP-VAA] Item Meaning Displayed information Request Number of times that a request for Indicates the number of requests to delete all specified deleting all specified MAC MAC addresses, received from the authentication addresses has been received server. Unsigned 32-bit value: Indicates the number of requests to delete all specified MAC addresses that have been received.
  • Page 254 8. Authentication VLANs [OP-VAA] Item Meaning Displayed information DUPMAC Number of times that duplicated Indicates the number of times that a duplicated registration has been returned as registration error has been returned to a MAC address the cause of the error registration request.
  • Page 255 8. Authentication VLANs [OP-VAA] Message Description Connection failed to VAA program. Communication with the VLANaccessAgent program failed. Re-execute the command. If this error occurs frequently, use the show command and the fense logging dump protocols vaa command to acquire the vaa status and the FENSE server logs (see the manual for the FENSE server for details), and then check the FENSE server status.

  • Page 256: Show Fense Logging [Op-Vaa]

    8. Authentication VLANs [OP-VAA] show fense logging [OP-VAA] Displays the log messages for internal operations collected by the VLANaccessAgent program. Displayed information is used for analysis of authentication VLAN failures. Syntax show fense logging [{error | warning | notice}] Input mode User mode and administrator mode Parameters {error | warning | notice}...
  • Page 257 8. Authentication VLANs [OP-VAA] Level Message text Meaning Additional information WARNING The error response for the ADDMAC message Error response to an • vaa_id was transmitted to the authentication server. address registration request • MAC address id=<vaa_id> MAC=<MAC-address> from the authentication •...
  • Page 258 8. Authentication VLANs [OP-VAA] Level Message text Meaning Additional information WARNING The socket with L2MacManager was closed. The socket connection to • error code Code=<error-code> L2MacManager was closed. • error code ERROR Configuration data setting failed. An attempt to set the Code=<error-code>...

  • Page 259: Clear Fense Statistics [Op-Vaa]

    8. Authentication VLANs [OP-VAA] clear fense statistics [OP-VAA] Clears statistics for VLANaccessAgent. Syntax <id no list> clear fense statistics [id Input mode User mode and administrator mode Parameters id <id no list> Clears statistics for VLANaccessAgent corresponding to the VAA ID in the specified range. [Specification using numeric values] Specify a unique VAA ID.

  • Page 260: Clear Fense Logging [Op-Vaa]

    8. Authentication VLANs [OP-VAA] clear fense logging [OP-VAA] Clears the operation log messages collected by the VLANaccessAgent program. Syntax clear fense logging Input mode User mode and administrator mode Parameters None Example The following shows an example of clearing an operation log message: >...

  • Page 261: Restart Vaa [Op-Vaa]

    8. Authentication VLANs [OP-VAA] restart vaa [OP-VAA] Restarts VLANaccessAgent. Syntax restart vaa [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts VLANaccessAgent without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs the core file for VLANaccessAgent when VLANaccessAgent is restarted.
  • Page 262 8. Authentication VLANs [OP-VAA] Notes The storage directory and the name of the core file are as follows. Storage directory: /usr/var/core/ Core file: vaad.core If the specified file already exists, the file is overwritten unconditionally. Therefore, back up the file in advance if necessary.

  • Page 263: Dump Protocols Vaa [Op-Vaa]

    8. Authentication VLANs [OP-VAA] dump protocols vaa [OP-VAA] Outputs to a file detailed event trace information and control table information collected by VLANaccessAgent. Syntax dump protocols vaa Input mode User mode and administrator mode Parameters None Example The following shows an example of specifying a VLANaccessAgent dump: >...

  • Page 265: Part 5: Security

    PART 5: Security Chapter 9. DHCP Snooping show ip dhcp snooping binding clear ip dhcp snooping binding show ip dhcp snooping statistics clear ip dhcp snooping statistics show ip arp inspection statistics clear ip arp inspection statistics show ip dhcp snooping logging clear ip dhcp snooping logging restart dhcp snooping dump protocols dhcp snooping...

  • Page 266: Show Ip Dhcp Snooping Binding

    9. DHCP Snooping show ip dhcp snooping binding Displays the DHCP snooping binding database. Syntax <ip address> <mac address> show ip dhcp snooping binding [[ip] ] [mac <vlan id> [vlan <interface type> <interface number> [interface [{ static | dynamic }] Input mode User mode and administrator mode Parameters...
  • Page 267 9. DHCP Snooping Figure 9-1: Result of executing the DHCP snooping binding database display command > show ip dhcp snooping binding Date 2010/04/20 12:00:00 UTC Agent URL: flash Last succeeded time: 2010/04/20 11:50:00 UTC Total Bindings Used/Max Total Source guard Used/Max: Bindings: 5 MAC Address IP Address...
  • Page 268 9. DHCP Snooping Item Meaning Displayed information Type Entry type : Indicates a static entry. static : Indicates a static entry (for a terminal filter). static* : Indicates a dynamic entry. dynamic : Indicates a dynamic entry (for a terminal dynamic* filter).

  • Page 269: Clear Ip Dhcp Snooping Binding

    9. DHCP Snooping clear ip dhcp snooping binding Clears the DHCP snooping binding database. This command clears only the entries that have been registered dynamically. Syntax <ip address> <mac address> clear ip dhcp snooping binding [[ip] ] [mac <vlan id> [vlan <interface type>...
  • Page 270 9. DHCP Snooping Display items None Impact on communication The access from the terminal corresponding to a cleared entry is strictly restricted until learning is completed again. Response messages Table 9-3: List of response messages for the clear ip dhcp snooping binding command Message Description Can't execute this command in standby system.

  • Page 271: Show Ip Dhcp Snooping Statistics

    9. DHCP Snooping show ip dhcp snooping statistics Displays statistics for DHCP snooping. Syntax show ip dhcp snooping statistics Input mode User mode and administrator mode Parameters None Example The following figure shows an example of displaying statistics for DHCP snooping. Figure 9-3: Result of executing the command for displaying statistics for DHCP snooping >...
  • Page 272 9. DHCP Snooping Response messages Table 9-5: List of response messages for the show ip dhcp snooping statistics command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. DHCP snooping doesn't seem to be running. The command failed because DHCP snooping is not operating.

  • Page 273: Clear Ip Dhcp Snooping Statistics

    9. DHCP Snooping clear ip dhcp snooping statistics Clears the DHCP snooping statistics. Syntax clear ip dhcp snooping statistics Input mode User mode and administrator mode Parameters None Example The following figure shows an example of clearing the DHCP snooping statistics. Figure 9-4: Result of executing the command for clearing the DHCP snooping statistics >...

  • Page 274: Show Ip Arp Inspection Statistics

    9. DHCP Snooping show ip arp inspection statistics Displays the statistics for dynamic ARP inspection. Syntax show ip arp inspection statistics Input mode User mode and administrator mode Parameters None Example The following figure shows an example of displaying statistics for dynamic ARP inspection. Figure 9-5: Result of executing the command for displaying the statistics for dynamic ARP inspection >...
  • Page 275 9. DHCP Snooping Response messages Table 9-8: List of response messages for the show ip arp inspection statistics command Message Description ARP Inspection doesn't seem to be running. The command could not be executed because dynamic ARP inspection is not operating. Can't execute this command in standby system.

  • Page 276: Clear Ip Arp Inspection Statistics

    9. DHCP Snooping clear ip arp inspection statistics Clears the dynamic ARP inspection statistics. Syntax clear ip arp inspection statistics Input mode User mode and administrator mode Parameters None Example The following figure shows an example of clearing dynamic ARP inspection statistics. Figure 9-6: Result of executing the command for clearing dynamic ARP inspection statistics >...

  • Page 277: Show Ip Dhcp Snooping Logging

    9. DHCP Snooping show ip dhcp snooping logging Displays the operation log messages collected by the DHCP snooping program. Syntax show ip dhcp snooping logging [{ error | warning | notice | info }] Input mode User mode and administrator mode Parameters { error | warning | notice | info } Specify the level of operation log message to be displayed.
  • Page 278 9. DHCP Snooping Level Type Description NOTICE Notification Errors that occur during normal operation or events that occurred when configurations were inconsistent. INFO Regular A normal event that occurs during normal operation (5) Message text The following table shows the contents of operation log messages. Table 9-11: List of operation log messages Message ID Level...
  • Page 279 9. DHCP Snooping Message ID Level Message text Description 1203 INFO The binding entry was deleted by [Meaning] received DHCPRELEASE(<nif no.>/ An entry was deleted from the binding database <port no.>/<vlan id>/<mac address>/ because DHCPRELEASE was received. <ip address>). [Explanation of message variables] <nif no.>...
  • Page 280 9. DHCP Snooping Message ID Level Message text Description 1207 INFO The source guard entry was added(<nif [Meaning] no.>/<port no.>/<vlan id>/<mac A terminal filter entry was added. address>/<ip address>). [Explanation of message variables] <nif no.> <port no.> <vlan id> <mac address>...
  • Page 281 9. DHCP Snooping Message ID Level Message text Description 1303 INFO The binding entry was deleted by [Meaning] received An entry was deleted from the binding database DHCPRELEASE(ChGr:<channel group because DHCPRELEASE was received. number>/<vlan id>/<mac address>/<ip [Explanation of message variables] address>).
  • Page 282 9. DHCP Snooping Message ID Level Message text Description 2105 NOTICE Discard of packets occurred by a [Meaning] reception rate limit of DHCP packets and Packets were discarded due to the reception rate ARP packets. limit for DHCP packets and ARP packets. [Explanation of message variables] None.
  • Page 283 9. DHCP Snooping Message ID Level Message text Description 2204 NOTICE ARP packet was received from the client [Meaning] who isn't in binding(<nif no.>/<port An ARP packet that does not match the binding no.>/<vlan id>/<mac address>). database was detected. This message is output once every five minutes on a port-by-port basis.
  • Page 284 9. DHCP Snooping Message ID Level Message text Description 2303 NOTICE DHCP direct request was received from [Meaning] the client who isn't in binding An invalid DHCP request was detected. (ChGr:<channel group number>/<vlan This message is output once every five minutes id>/<mac address>/<ip address>).
  • Page 285 9. DHCP Snooping Message ID Level Message text Description 3202 WARN Discard of the DHCP packet which [Meaning] SMAC and chaddr isn't identical(<nif A DHCP packet whose source MAC address no.>/<port no.>/<vlan id>/<mac and client hardware address do not match was address>/<ip address>).
  • Page 286 9. DHCP Snooping Message ID Level Message text Description 3205 WARN ARP packet was discarded for ip [Meaning] inspection(<nif no.>/<port no.>/<vlan An ARP packet that has an invalid IP address id>/<mac address>). was discarded. This message is output once every five minutes on a port-by-port basis.
  • Page 287 9. DHCP Snooping Message ID Level Message text Description 3303 WARN ARP packet was discarded for src-mac [Meaning] inspection(ChGr:<channel group An ARP packet whose source MAC address number>/<vlan id>/<mac address>). contained in Layer 2 header and source MAC address contained in the ARP header do not match was discarded.
  • Page 288 9. DHCP Snooping Message ID Level Message text Description 4201 ERROR The number of the binding entry [Meaning] exceeded the capacity of this system(<nif The number of entries in the binding database no.>/<port no.>/<vlan id>/<mac exceeds the capacity limit of the switch. address>/<ip address>).
  • Page 289 9. DHCP Snooping Response messages Table 9-12: List of response messages for the show ip dhcp snooping logging command Message Description DHCP snooping doesn't seem to be running. The command failed because DHCP snooping is not operating. Program error occurred: <error message> A program error occurred.

  • Page 290: Clear Ip Dhcp Snooping Logging

    9. DHCP Snooping clear ip dhcp snooping logging Clears log messages collected by the DHCP snooping program. Syntax clear ip dhcp snooping logging Input mode User mode and administrator mode Parameters None Example The following figure shows an example of clearing log messages for the DHCP snooping. Figure 9-8: Result of executing the command for clearing the log messages for DHCP snooping >...

  • Page 291: Restart Dhcp Snooping

    9. DHCP Snooping restart dhcp snooping Restarts the DHCP snooping program. Syntax restart dhcp snooping [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the DHCP snooping program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.
  • Page 292 9. DHCP Snooping Do not add or delete the configuration related to DHCP snooping while the DHCP snooping program is being restarted. In addition, do not use the command to copy the copy configuration. The binding database might become invalid. Do not switch systems within 30 seconds of the DHCP snooping program restarting.

  • Page 293: Dump Protocols Dhcp Snooping

    9. DHCP Snooping dump protocols dhcp snooping Outputs to a file logs or internal information collected by the DHCP snooping program. Syntax dump protocols dhcp snooping Input mode User mode and administrator mode Parameters None Example The following figure shows an example of outputting logs or internal information for DHCP snooping to a file.

  • Page 295: Part 6: High Reliability Based On Redundant Configurations

    PART 6: High Reliability Based on Redundant Configurations Chapter 10. Redundancy of BCUs, CSUs, and MSUs inactivate standby activate standby redundancy force-switchover synchronize...

  • Page 296: Inactivate Standby

    10. Redundancy of BCUs, CSUs, and MSUs inactivate standby Inactivates an active standby system. By executing this command, you can replace a standby BCU for AX6700S, a standby CSU for AX6600S, or a standby MSU for AX6300S without turning off the power. Syntax...
  • Page 297 10. Redundancy of BCUs, CSUs, and MSUs If you execute the command, log information on the standby system is inactivate standby collected. If you execute the command, you cannot save a configuration that is inactivate standby being edited. If you execute the command and restart the Switch when the standby inactivate standby system is inactivated, the inactive state of the standby system is retained.

  • Page 298: Activate Standby

    10. Redundancy of BCUs, CSUs, and MSUs activate standby When a standby system is inactivated or after a Switch is restarted, if this command is executed while the standby system is installed, the standby system is set to the active state. Syntax activate standby Input mode...

  • Page 299: Redundancy Force-Switchover

    10. Redundancy of BCUs, CSUs, and MSUs redundancy force-switchover Replaces the active system with the standby system in a redundant configuration. Syntax redundancy force-switchover Input mode User mode and administrator mode Parameters None Example The following shows an example of replacing the active system with the standby system in a redundant configuration: Press the Enter key.
  • Page 300 10. Redundancy of BCUs, CSUs, and MSUs Message Description Now, license key discord. License keys for the active system and for the standby system do not match. Now, power control mode changing. Power control mode is being changed. Re-execute the command after the following log message is displayed: The change of power control mode was completed.

  • Page 301: Synchronize

    10. Redundancy of BCUs, CSUs, and MSUs synchronize Copies the following contents stored in the internal flash memory of the active system to the standby system: Configurations Password file User account Home directory DUID information file of the IPv6 DHCP server License key file Internal Web authentication DB, user authentication information file, and the Web authentication page...
  • Page 302 10. Redundancy of BCUs, CSUs, and MSUs is entered, synchronization starts. is entered, the user is returned to the command prompt without performing synchronization. Display items None Impact on communication None Response messages Table 10-4: List of response messages for the synchronize command Message Description Can't execute because operation mode is simplex...
  • Page 303 10. Redundancy of BCUs, CSUs, and MSUs If you log in to the standby system, log out first, and then execute this command. If there is a file that exceeds the internal flash memory capacity in the standby system, copying a file might fail.

  • Page 305: 11. Gsrp

    Chapter 11. GSRP show gsrp show gsrp aware clear gsrp set gsrp master clear gsrp port-up-delay clear gsrp forced-shift restart gsrp dump protocols gsrp...

  • Page 306: Show Gsrp

    11. GSRP show gsrp Displays GSRP information. Syntax <gsrp group id> <vlan group id list> <port list> show gsrp [ { vlan-group | [port <channel group list> [channel-group-number ] } ] [detail] Input mode User mode and administrator mode Parameters <gsrp group id>...
  • Page 307 11. GSRP > show gsrp Date 2006/03/14 12:00:00 UTC GSRP ID: 3 Local MAC Address : 0012.e2a8.2527 Neighbor MAC Address : 0012.e2a8.2505 Total VLAN Group Counts : 3 Layer 3 Redundancy : On VLAN Group ID Local State Neighbor State Backup Master (disable)
  • Page 308 11. GSRP > show gsrp 3 vlan-group 1,2,8 Date 2006/03/14 12:00:00 UTC GSRP ID: 3 Local MAC Address : 0012.e2a8.2527 Neighbor MAC Address : 0012.e2a8.2505 Total VLAN Group Counts : 3 Layer 3 Redundancy : On VLAN Group ID : 1 VLAN ID : 110,200-2169 Member Port...
  • Page 309 11. GSRP Display items in Example 2 Table 11-2: Items displayed for GSRP information when a VLAN group ID is specified Item Meaning Displayed information GSRP ID GSRP group ID 1 to 65535 Local MAC Address MAC address of the Switch Neighbor MAC MAC address of the partner is displayed if the partner switch is unknown.
  • Page 310 11. GSRP Item Meaning Displayed information Transition by reason Reason for the state transition Active ports was more than neighbor's The number of active ports on the Switch is greater than the number of active ports on the partner switch. Priority was higher than neighbor's.
  • Page 311 11. GSRP Item Meaning Displayed information State VLAN group status Master: Indicates master status. Backup: Indicates backup status. Backup(Lock): Indicates backup (fixed) status. Backup(Waiting): Indicates backup (master wait) status. Backup(No Neighbor): Indicates backup (neighbor unknown) status. (disable): Indicates disabled status. Acknowledged State Status of a VLAN group on the Master:...
  • Page 312 11. GSRP Layer 3 Redundancy : On Virtual Link ID : 100(VLAN ID : 20) Local Neighbor Advertise Hold Time Advertise Hold Timer Advertise Interval Selection Pattern : ports-priority-mac ports-priority-mac VLAN Group ID Local State Neighbor State Backup Master (disable) Master >...
  • Page 313 11. GSRP Item Meaning Displayed information Forced Shift Time Automatic master transition wait : Not set. time delay 0 to 3600 (seconds) During the transition wait time, the time until the transition will occur is displayed in the following form: Now Waiting 20Sec left...
  • Page 314 11. GSRP Example 4 Figure 11-4: Example of displaying GSRP information when a port is specified > show gsrp 10 port 1/6-11 Date 2006/03/14 12:00:00 UTC GSRP ID: 10 Port Information GSRP : Active Port : Up Type : Member Flush : Reset Delay...
  • Page 315 11. GSRP Item Meaning Displayed information Delay Delay time until an active port Indicates the remaining time until a port belonging to becomes subject to be counted when a VLAN set for a VLAN group becomes an active the line is enabled port.
  • Page 316 11. GSRP Item Meaning Displayed information Type Port type Direct Indicates that the port is a direct link port. Member Indicates that the port belongs to a VLAN configured for a VLAN group. Flush Method of clearing GSRP for neighboring The GSRP Flush request frame is sent.
  • Page 317 11. GSRP Message Description Can't execute. The command could not be executed. Re-execute the command. Connection failed to GSRP program. Communication with the GSRP program failed. Re-execute the command. If the failure occurs frequently, use the command to restart the GSRP program. restart gsrp GSRP is not configured.

  • Page 318: Show Gsrp Aware

    11. GSRP show gsrp aware Displays GSRP aware information. Syntax show gsrp aware Input mode User mode and administrator mode Parameters None Example Figure 11-6: Example of displaying the show gsrp aware command > show gsrp aware Date 2006/03/14 12:00:00 UTC Last mac_address_table Flush Time : 2006/03/14 11:00:00 GSRP Flush Request Parameters : GSRP ID : 10...
  • Page 319 11. GSRP Message Description Can't execute. The command could not be executed. Re-execute the command. Connection failed to GSRP program. Communication with the GSRP program failed. Re-execute the command. If the failure occurs frequently, use the command to restart the GSRP program. restart gsrp No received flush request frame.

  • Page 320: Clear Gsrp

    11. GSRP clear gsrp Clears the GSRP statistics. Syntax <gsrp group id> <vlan group id list> <port list> clear gsrp [ { vlan-group | [port <channel group list> [channel-group-number ] } ] Input mode User mode and administrator mode Parameters <gsrp group id>...
  • Page 321 11. GSRP Figure 11-8: Example of clearing GSRP statistics when a VLAN group ID is specified > show gsrp 10 vlan-group 1 Date 2006/03/14 12:00:00 UTC GSRP ID: 10 Local MAC Address : 0012.e2a8.2527 Neighbor MAC Address : 0012.e2a8.2505 Total VLAN Group Counts : 1 VLAN Group ID : 1 VLAN ID : 110,200-2169...
  • Page 322 11. GSRP illegal GSRP frame > clear gsrp 10 port 1/10 > show gsrp 10 port 1/10 detail Date 2006/03/14 12:00:00 UTC GSRP ID: 10 Port Information 1/10 GSRP : Not Active Port : Up (CH: 1) Type : Direct Flush : No Delay...

  • Page 323: Set Gsrp Master

    11. GSRP set gsrp master Changes backup (neighbor unknown) status to master status. This command is effective only for backup (neighbor unknown) status. Syntax <gsrp group id> <vlan group id> set gsrp master vlan-group [-f] Input mode User mode and administrator mode Parameters <gsrp group id>...
  • Page 324 11. GSRP Message Description GSRP is not configured. GSRP has not been configured. Check the configuration. Specified GSRP ID is not configured:<gsrp group id> The specified GSRP group ID has not been configured. <gsrp group id>: Indicates the GSRP group ID. Specified VLAN group ID is not configured:<vlan The specified VLAN group ID has not been configured.

  • Page 325: Clear Gsrp Port-Up-Delay

    11. GSRP clear gsrp port-up-delay Immediately puts the specified port, which is both active and belongs to a VLAN that is configured to be a member of a VLAN group, in active port status without waiting for the delay time that was specified using the configuration command.
  • Page 326 11. GSRP Type : Member Flush : Reset Delay TxFrame : 0 RxFrame : 0 Discard Frame : 0 GSRP : Active Port : Up Type : Member Flush : GSRP Delay TxFrame : 0 RxFrame : 0 Discard Frame : 0 1/10 GSRP : Not Active Port...

  • Page 327: Clear Gsrp Forced-Shift

    11. GSRP clear gsrp forced-shift Disables the automatic-transition-to-master and associated wait (delay) that usually applies when a GSRP switch is independently started. The current status of the VLAN group remains unchanged, and the GSRP switch is not changed to master status next time it is independently started.
  • Page 328 11. GSRP Message Description Specified GSRP ID is not configured:<gsrp group id> The specified GSRP group ID has not been configured. <gsrp group id>: Indicates the GSRP group ID. Notes None...

  • Page 329: Restart Gsrp

    11. GSRP restart gsrp Restarts the GSRP program. Syntax restart gsrp [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the GSRP program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs the core file when the program is restarted.
  • Page 330 11. GSRP Core file: gsrpd.core If necessary, back up the file in advance because the specified file is unconditionally overwritten if it already exists.

  • Page 331: Dump Protocols Gsrp

    11. GSRP dump protocols gsrp Dumps detailed event trace information and control table information collected by the GSRP program to a file. Syntax dump protocols gsrp Input mode User mode and administrator mode Parameters None Example Figure 11-15: Example of executing GSRP dump >...

  • Page 333: 12. Vrrp

    Chapter 12. VRRP show vrrpstatus (IPv4) clear vrrpstatus (IPv4) swap vrrp (IPv4) show vrrpstatus (IPv6) clear vrrpstatus (IPv6) swap vrrp (IPv6) show track (IPv4) show track (IPv6)

  • Page 334: Show Vrrpstatus (Ipv4)

    12. VRRP show vrrpstatus (IPv4) Displays the VRRP virtual router status and the VRRP-management VLAN status. Syntax show vrrpstatus [ { vrrp-vlan | [detail][statistics][group][protocol ip] <virtual router name> <vlan id> [ { name | interface vlan <vrid> [vrid ] } ] } ] Input mode User mode and administrator mode Parameters...
  • Page 335 12. VRRP Displays a list of virtual routers, and information about their statuses. Example 1 Figure 12-1: Example of displaying summary information about IPv4 protocol virtual routers Press the Enter key. > show vrrpstatus protocol ip Date 2008/12/15 12:00:00 UTC VLAN0010 VRID 1 VRF 2 MASTER virtual-ip 170.10.10.2 priority 150/150 primary VRRPNAME1 VLAN0020 VRID 1 MASTER virtual-ip 170.10.10.4 follow VRRPNAME1...
  • Page 336 12. VRRP Display items in Example 2 Table 12-2: Items displayed for VRRP-management VLANs Item Meaning Displayed information vrrp-vlan : <interface name> Name of the interface specified as the VRRP-management VLAN Flush Request Frame sent : <number Number of times that Flush Request <number of frame>: Indicates the of frame>...
  • Page 337 12. VRRP Admin State : enable Priority : -/100(Disable) IP Address Count : 1 Master Router's IP Address : - Primary IP Address : 170.10.10.1 Authentication Type : SIMPLE TEXT PASSWORD(Disable) Authentication Key : ABCDEFG(Disable) Advertisement Interval : 250 msec (Disable) Master Advertisement Interval : -(Disable) Preempt Mode : ON(Disable) Preempt Delay : 60(Disable)
  • Page 338 12. VRRP Item Meaning Displayed information Number of Follow virtual Number of follower N: Indicates a value from 0 to 4094. routers : <N> virtual routers Current State : <status> Current status of a virtual : Indicates the master status. MASTER router : Indicates the backup status.
  • Page 339 12. VRRP Item Meaning Displayed information Advertisement Interval : <N> Interval for sending 1 to 255 seconds, or 250 to 40950 ms. {sec|msec}[(Disable)] ADVERTISEMENT packets : Indicates that the operation is invalid. (Disable) For a follower virtual router, this functionality is disabled. For a primary virtual router, this item is not displayed.
  • Page 340 12. VRRP Item Meaning Displayed information track <track-number> Information about a track <track-number>: Indicates the number of the track assigned {<interface name> [VRF assigned to a virtual to a virtual router. <vrf id>]|<interface type> router <interface number>} Status : <interface name>: Indicates the interface name of the <status>...
  • Page 341 12. VRRP Item Meaning Displayed information Vrrp Polling Status : VRRP polling This item is not displayed if the IP address for VRRP polling <status>[<reason>] information has not been specified, or for an interface that monitors failures. <status>: Indicates connectivity by VRRP polling. : Indicates that communication is possible.
  • Page 342 12. VRRP 1 priority down by detected track 20 VLAN0023 line-protocol 0 priority down by detected track 30 gigabitethernet 1/10 line-protocol 0 priority down by detected track 40 port-channel 2 line-protocol 0 priority down by detected > Display items in Example 4 Table 12-4: Items displayed for virtual router statistics Item Meaning...
  • Page 343 12. VRRP Item Meaning Displayed information <number of packets> with packet length Number of received error ADVERTISEMENT packets whose packet length was invalid <number of packets> with different VRRP Number of received packets whose version version of ADVERTISEMENT packets and that of VRRP operation mode do not match <number of packets>...
  • Page 344 12. VRRP Item Meaning Displayed information track <track-number> {<interface name> VRRP polling information assigned <track-number>: Indicates the [VRF <vrf id>]|<interface type> to a virtual router number of the track assigned to a <interface number>}{Target-Address : virtual router. <target-address> |line-protocol} <interface name>: Indicates the name of an interface that monitors failures.
  • Page 345 12. VRRP VLAN0030: VRID 1 VRF 2 VLAN0040: VRID 1 VRF 2 VLAN0050: VRID 1 VRF 2 Figure 12-7: Example of displaying virtual router group information (for follower virtual routers) Press the Enter key. > show vrrpstatus group interface vlan 10 vrid 1 Date 2008/12/15 12:00:00 UTC VLAN0020: VRID 1 VRF 2 Virtual Router Name...
  • Page 346 12. VRRP Item Meaning Displayed information Followed by virtual routers: <interface List of follower virtual routers is displayed for a follower virtual name> : VRID <vrid> [VRF <vrf router. id>] <interface name>: Indicates the name of an interface where a follow virtual router is operating.

  • Page 347: Clear Vrrpstatus (Ipv4)

    12. VRRP clear vrrpstatus (IPv4) Clears the counter for VRRP virtual router statistics and the counter for VRRP-management VLAN statistics. Syntax <virtual router name> clear vrrpstatus [ { vrrp-vlan | [protocol ip] [{ name <vlan id> <vrid> interface vlan [vrid ] }] } ] Input mode User mode and administrator mode...
  • Page 348 12. VRRP Response messages Table 12-7: List of response messages for the clear vrrpstatus(IPv4) command Message Description Can't execute. The command could not be executed. Re-execute the command. no entries. There are no applicable virtual routers. Vrrp-vlan disable because virtual router is not The VRRP-management VLAN is disabled because no virtual configured.

  • Page 349: Swap Vrrp (Ipv4)

    12. VRRP swap vrrp (IPv4) Changes the device status when switch-back is suppressed. If the device is in the master status, it is changed to the backup status. If the device is in the backup status, it is changed to the master status. Syntax <virtual router name>...
  • Page 350 12. VRRP Response messages Table 12-8: List of response messages for the swap vrrp(IPv4) command Message Description Can't execute. The command could not be executed. Re-execute the command. Command execution cannot be performed to follow This command cannot be executed for follower virtual routers. virtual router.
  • Page 351 12. VRRP Table 12-9: List of execution results for the swap vrrp(IPv4) command Local device is being suppressed Local device is not suppressed Another device Another Another Another device is being device is not device is is not being suppressed being being suppressed...

  • Page 352: Show Vrrpstatus (Ipv6)

    12. VRRP show vrrpstatus (IPv6) Displays the VRRP virtual router status and the VRRP-management VLAN status. Syntax show vrrpstatus [ { vrrp-vlan | [detail][statistics] [group] [protocol ipv6] <virtual router name> <vlan id> [ { name | interface vlan <vrid> [vrid ] } ] } ] Input mode User mode and administrator mode...
  • Page 353 12. VRRP Displays a list of virtual routers, and information about their statuses. Example 1 Figure 12-11: Example of displaying summary information about IPv6-protocol virtual routers Press the Enter key. > show vrrpstatus protocol ipv6 Date 2009/07/15 12:00:00 UTC VLAN0010 VRID 1 VRF 2 MASTER virtual-ip 100:0:11::100 priority 150/150 primary VRRPNAME1 VLAN0012 VRID 1 MASTER virtual-ip 100:0:12::100 follow VRRPNAME1 VLAN0013 VRID 1 BACKUP virtual-ip 100:0:13::100 priority 100/100...
  • Page 354 12. VRRP Display items in Example 2 Table 12-11: Items displayed for VRRP-management VLANs Item Meaning Displayed information vrrp-vlan : <interface name> Name of the interface specified as the VRRP-management VLAN Flush Request Frame sent : <number Number of times that Flush Request <number of frame>: Indicates the of frame>...
  • Page 355 12. VRRP Priority : -/120(Disable) IP Address Count : 1 Master Router's IP Address : - Primary IP Address : fe80::abcd Authentication Type : SIMPLE TEXT PASSWORD(Disable) Authentication Key : ABCDEFG(Disable) Advertisement Interval : 250 msec(Disable) Master Advertisement Interval : -(Disable) Preempt Mode : ON(Disable) Preempt Delay : 60(Disable) Non Preempt swap timer : 30(Disable)
  • Page 356 12. VRRP Item Meaning Displayed information Number of Follow virtual Number of follower N: Indicates a value from 0 to 4094. routers : <N> virtual routers Current State : <status> Current status of a : Indicates the master status. MASTER virtual router : Indicates the backup status.
  • Page 357 12. VRRP Item Meaning Displayed information Advertisement Interval : <N> Interval for sending 1 to 255 seconds, or 250 to 40950 ms. {sec|msec}[(Disable)] ADVERTISEMENT packets : Indicates that the operation is invalid. (Disable) For a follower virtual router, this functionality is disabled. For a primary virtual router, this item is not displayed.
  • Page 358 12. VRRP Item Meaning Displayed information track <track-number> Information about a <track-number>: Indicates the number of the track assigned {<interface name> [VRF <vrf track assigned to a to a virtual router. id>]|<interface type> virtual router <interface number>} Status : <interface name>: Indicates the interface name of the <status>...
  • Page 359 12. VRRP Item Meaning Displayed information Vrrp Polling Status : VRRP polling This item is not displayed if the IP address for VRRP polling <status>[<reason>] information has not been specified, or for an interface that monitors failures. <status>: Indicates connectivity by VRRP polling. : Indicates that communication is possible.
  • Page 360 12. VRRP 0 change by Master_Down_Timer timeout 0 master transition delay count track 10 VLAN0022 VRF 3 Target-Address : fe80::ba VRRP Polling round-trip min/avg/max = 0.266/0.274/0.286 ms 1 priority down by detected > Display items in Example 4 Table 12-13: Items displayed for virtual router statistics Item Meaning Displayed information...
  • Page 361 12. VRRP Item Meaning Displayed information <number of packets> with packet Number of received length error ADVERTISEMENT packets whose packet length was invalid <number of packets> with different Number of received packets VRRP version whose version of ADVERTISEMENT packets and that of VRRP operation mode do not match <number of packets>...
  • Page 362 12. VRRP Item Meaning Displayed information track <track-number> {<interface VRRP polling information <track-number>: Indicates the number of the name> [VRF <vrf id>]|<interface assigned to a virtual router track assigned to a virtual router. type> <interface number>} {Target-Address : <interface name>: Indicates the name of an <target-address>|line-protocol} interface that monitors failures.
  • Page 363 12. VRRP VLAN0020: VRID 1 VRF 2 Virtual Router Name : VRRPNAME2 (follow) Virtual Router Follow : VRRPNAME1 (VLAN0010: VRID 1 VRF 2 ) Number of Follow virtual routers: 0 Followed by virtual routers Display items in Example 5 Table 12-14: Items displayed for virtual router group information Item Meaning Displayed information...
  • Page 364 12. VRRP Response messages Table 12-15: List of response messages for the show vrrpstatus(IPv6) command Message Description Can't execute. The command could not be executed. Re-execute the command. no entries. There are no applicable virtual routers. Vrrp-vlan disable because virtual router is not The VRRP-management VLAN is disabled because no virtual configured.

  • Page 365: Clear Vrrpstatus (Ipv6)

    12. VRRP clear vrrpstatus (IPv6) Clears the counter for VRRP virtual router statistics and the counter for VRRP-management VLAN statistics. Syntax <virtual router name> clear vrrpstatus [ { vrrp-vlan | [protocol ipv6] [{ name <vlan id> <vrid> interface vlan [vrid ] }] } ] Input mode User mode and administrator mode...
  • Page 366 12. VRRP Impact on communication None Response messages Table 12-16: List of response messages for the clear vrrpstatus(IPv6) command Message Description Can't execute. The command could not be executed. Re-execute the command. no entries. There are no applicable virtual routers. Vrrp-vlan disable because virtual router is not The VRRP-management VLAN is disabled because no virtual configured.

  • Page 367: Swap Vrrp (Ipv6)

    12. VRRP swap vrrp (IPv6) Changes the device status when switch-back is suppressed. If the device is in the master status, it is changed to the backup status. If the device is in the backup status, it is changed to the master status. Syntax <virtual router name>...
  • Page 368 12. VRRP Response messages Table 12-17: List of response messages for the swap vrrp(IPv6) command Message Description Can't execute. The command could not be executed. Re-execute the command. Command execution cannot be performed to follow This command cannot be executed for follower virtual routers. virtual router.
  • Page 369 12. VRRP Table 12-18: Result of executing the swap vrrp(IPv6) command Local device is being Local device is not suppressed suppressed Another device Another Another Another device is being device is not device is being is not being suppressed being suppressed suppressed suppressed...

  • Page 370: Show Track (Ipv4)

    12. VRRP show track (IPv4) Displays VRRP track information. Syntax <track number> show track [detail] show track [detail] <vlan id> {[protocol ip] [interface vlan <interface type> <interface number> | [interface Input mode User mode and administrator mode Parameters <track number> Specify the track number.
  • Page 371 12. VRRP Example The following figure shows an example of displaying the list of IPv4 protocol tracks. Figure 12-21: Example of displaying IPv4 protocol track information Press the Enter key. > show track protocol ip Date 2009/07/15 12:00:00 UTC track : 10 interface : VLAN0022 Mode : (interface) track : 20...
  • Page 372 12. VRRP Display items Table 12-19: Items displayed for the show track(IPv4) command Item Meaning Displayed information track : <track-number> interface : Summary information <track-number>: Indicates the number of the track {<interface name> [VRF <vrf about track settings assigned to a virtual router. id>]|<interface type>...
  • Page 373 12. VRRP Item Meaning Displayed information recovery_detection_interval : Interval (in seconds) This item is not displayed if it has not been set. <seconds> between attempts when Initial value: 2 VRRP polling detects restoration recovery_detection_times : <count> Number of attempts This item is not displayed if it has not been set. until the status is Initial value: 3 changed when VRRP...

  • Page 374: Show Track (Ipv6)

    12. VRRP show track (IPv6) Displays VRRP track information. Syntax <track number> show track [detail] show track [detail] <vlan id> {[protocol ipv6][interface vlan <interface type> <interface number> |[interface Input mode User mode and administrator mode Parameters <track number> Specify the track number. detail Displays detailed statistics.
  • Page 375 12. VRRP Example The following figure shows an example of displaying the list of IPv6 protocol tracks. Figure 12-23: Example of displaying IPv6 protocol track information Press the Enter key. > show track protocol ipv6 Date 2009/07/15 12:00:00 UTC track : 10 interface : VLAN0022 Mode : (interface) track : 30...
  • Page 376 12. VRRP Item Meaning Displayed information Target Address : <target_address> Destination IP address This item is not displayed if it has not been set. for VRRP polling check_status_interval : <seconds> Interval (in seconds) This item is not displayed if it has not been set. between VRRP polling Initial value: 6 attempts...
  • Page 377 12. VRRP Notes None...

  • Page 379: Part 7: High Reliability Based On Network Failure Detection

    PART 7: High Reliability Based on Network Failure Detection Chapter 13. IEEE 802.3ah/UDLD show efmoam show efmoam statistics clear efmoam statistics restart efmoam dump protocols efmoam...

  • Page 380: Show Efmoam

    13. IEEE 802.3ah/UDLD show efmoam Displays the IEEE 802.3ah/OAM configuration information and the status of ports. Syntax <port list> show efmoam [port ] [detail] Input mode User mode and administrator mode Parameters port <port list> Displays the IEEE 802.3ah/OAM configuration information for the specified port. For details about how to specify <port list>...
  • Page 381 13. IEEE 802.3ah/UDLD Item Meaning Displayed information udld-detection-count Number of response timeouts for 3 to 300 (times) detecting failures Port Port information <nif no.> <port no.> Port number The NIF number and the port number of the port whose information is to be displayed Link status Link status of the applicable port : Indicates that the port status is Up.
  • Page 382 13. IEEE 802.3ah/UDLD Item Meaning Displayed information Link status Link status of the applicable port : Indicates that the port status is Up. : Indicates that the port status is Down. Down : Indicates that the port status is Down(uni-link) Down (unidirectional link failure detection).

  • Page 383: Show Efmoam Statistics

    13. IEEE 802.3ah/UDLD show efmoam statistics Displays IEEE 802.3ah/OAM statistics. Syntax <port list> show efmoam statistics [port Input mode User mode and administrator mode Parameters port <port list> Displays the IEEE 802.3ah/OAM statistics for the specified port in list format. For details about how to specify <port list>...
  • Page 384 13. IEEE 802.3ah/UDLD Item Meaning Displayed information UDLD status UDLD operating status by the IEEE : Indicates that a failure is detected. detection 802.3ah/UDLD functionality for each : Indicates that Information OAMPDU active port frames are sent and responded to. : Only OAMPDU frames are responded to.
  • Page 385 13. IEEE 802.3ah/UDLD Impact on communication None Response messages Table 13-5: List of response messages for the show efmoam statistics command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed.

  • Page 386: Clear Efmoam Statistics

    13. IEEE 802.3ah/UDLD clear efmoam statistics Clears the IEEE 802.3ah/OAM statistics. Syntax <port list> clear efmoam statistics [port Input mode User mode and administrator mode Parameters port <port list> Clears the IEEE 802.3ah/OAM statistics for the specified port. For details about how to specify <port list> and the specifiable range of values, see Specifiable values for parameters.

  • Page 387: Restart Efmoam

    13. IEEE 802.3ah/UDLD restart efmoam Restarts IEEE 802.3ah/OAM. Syntax restart efmoam [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts IEEE 802.3ah/OAM without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs the core file when the program is restarted.
  • Page 388 13. IEEE 802.3ah/UDLD file in advance, if necessary.

  • Page 389: Dump Protocols Efmoam

    13. IEEE 802.3ah/UDLD dump protocols efmoam Outputs to a file detailed event trace information and control table information collected for IEEE 802.3ah/OAM. Syntax dump protocols efmoam Input mode User mode and administrator mode Parameters None Example Figure 13-6: Example of performing a dump for IEEE 802.3ah/OAM >...

  • Page 391: 14. L2 Loop Detection

    Chapter 14. L2 Loop Detection show loop-detection show loop-detection statistics show loop-detection logging clear loop-detection statistics clear loop-detection logging restart loop-detection dump protocols loop-detection...

  • Page 392: Show Loop-Detection

    14. L2 Loop Detection show loop-detection Displays the L2 loop detection information. Syntax <port list> <channel group list> show loop-detection [port ] [channel-group-number Input mode User mode and administrator mode Parameters [port <port list>] [channel-group-number <channel group list>] Displays L2 loop detection information for the specified ports and channel groups. Ports and channel groups can be specified at the same time.
  • Page 393 14. L2 Loop Detection Display items Table 14-1: Items displayed for L2 loop detection information Item Meaning Displayed information Loop Detection ID ID of the L2 loop detection functionality Interval Time Interval for sending L2 loop detection frames (in seconds) Output Rate L2 loop detection frame transmission The current transmission rate for L2 loop detection...
  • Page 394 14. L2 Loop Detection Item Meaning Displayed information SourcePort Port for sending L2 loop detection The sending port used when an L2 loop detection frame frames was last received. <nif no.> <port no.>: Indicates the port number. <channel group number>: Indicates the channel group number.

  • Page 395: Show Loop-Detection Statistics

    14. L2 Loop Detection show loop-detection statistics Displays the L2 loop detection statistics. Syntax <port list> <channel show loop-detection statistics [port ] [channel-group-number group list> Input mode User mode and administrator mode Parameters [port <port list>] [channel-group-number <channel group list>] Displays L2 loop detection statistics for the specified ports and channel groups.
  • Page 396 14. L2 Loop Detection TxFrame RxFrame Inactive Count: RxDiscard Last Inactive : Last RxFrame CH:32 Type :uplink TxFrame RxFrame Inactive Count: RxDiscard Last Inactive : Last RxFrame : 2008/04/21 09:30:50 > Display items Table 14-3: Items displayed for L2 loop detection statistics Item Meaning Displayed information...
  • Page 397 14. L2 Loop Detection Message Description Can't execute. The command could not be executed. Re-execute the command. Connection failed to L2 Loop Detection program. Communication with the L2 loop detection program failed. Re-execute the command. L2 Loop Detection is not configured. L2 loop detection has not been set, or the functionality has not been enabled.

  • Page 398: Show Loop-Detection Logging

    14. L2 Loop Detection show loop-detection logging Displays the log information about the received L2 loop detection frames. With this command, you can check the port from which an L2 loop detection frame was sent and the port on which it was received. Log entries for the latest 1000 received frames are displayed in reverse chronological order.
  • Page 399 14. L2 Loop Detection Item Meaning Displayed information Uplink Uplink port Indicates that an L2 loop detection frame was received on an uplink port. Inactive The status is changed to inactive status. Indicates that the status is changed to inactive status. Impact on communication None Response messages...

  • Page 400: Clear Loop-Detection Statistics

    14. L2 Loop Detection clear loop-detection statistics Clears the L2 loop detection statistics. Syntax <port list> <channel clear loop-detection statistics [port ] [channel-group-number group list> Input mode User mode and administrator mode Parameters [port <port list>] [channel-group-number <channel group list>] Clears the L2 loop detection statistics for the specified ports and channel groups.
  • Page 401 14. L2 Loop Detection Message Description L2 Loop Detection is not configured. L2 loop detection has not been set, or the functionality has not been enabled. Check the configuration. Notes • Disabling the L2 loop detection functionality clears the statistics. •...

  • Page 402: Clear Loop-Detection Logging

    14. L2 Loop Detection clear loop-detection logging Clears the log information for received L2 loop detection frames. Syntax clear loop-detection logging Input mode User mode and administrator mode Parameters None Example The following figure is an example of clearing the log information for received L2 loop detection frames.

  • Page 403: Restart Loop-Detection

    14. L2 Loop Detection restart loop-detection Restarts the L2 loop detection program. Syntax restart loop-detection [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the L2 loop detection program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.
  • Page 404 14. L2 Loop Detection Core file: l2ldd.core If necessary, back up the file in advance because the specified file is unconditionally overwritten if it already exists.

  • Page 405: Dump Protocols Loop-Detection

    14. L2 Loop Detection dump protocols loop-detection Outputs detailed event trace information and control table information collected by the L2 loop detection program to a file. Syntax dump protocols loop-detection Input mode User mode and administrator mode Parameters None Example The following figure is an example of outputting detailed event trace information and control table information to a file.

  • Page 407: 15. Cfm

    Chapter 15. CFM l2ping l2traceroute show cfm show cfm remote-mep show cfm fault show cfm l2traceroute-db show cfm statistics clear cfm remote-mep clear cfm fault clear cfm l2traceroute-db clear cfm statistics restart cfm dump protocols cfm...

  • Page 408: L2Ping

    15. CFM l2ping This command can be used to determine whether the MEP of the Switch can communicate with a remote MEP or MIP. Syntax <mac address> <mepid> <level> l2ping {remote-mac | remote-mep } domain-level <no.> <mepid> <count> <seconds> <size> [count ] [timeout ] [framesize...
  • Page 409 15. CFM Example The following figure is an example of executing the l2ping command. Figure 15-1: Example of executing the l2ping command >l2ping remote-mep 1010 domain-level 7 ma 1000 mep 1020 count 3 L2ping to MP:1010(0012.e220.00a3) on Level:7 MA:1000 MEP:1020 VLAN:20 Time:2009/03/10 19:10:24 1: L2ping Reply from 0012.e220.00a3...
  • Page 410 15. CFM Impact on communication None Response messages Table 15-2: List of response messages for the l2ping command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed. Re-execute the command.

  • Page 411: L2Traceroute

    15. CFM l2traceroute Verifies the route from the Switch's MEP to a remote MEP or MIP. Syntax <mac address> <mepid> l2traceroute {remote-mac | remote-mep } domain-level <level> <no.> <mepid> <seconds> <ttl> [timeout ] [ttl Input mode User mode and administrator mode Parameters {remote-mac <mac address>...
  • Page 412 15. CFM 0012.e220.00a3 NotForwarded > Display items Table 15-3: Items displayed for the l2traceroute command Item Meaning Displayed information L2traceroute to The MAC address of the The MAC address of the destination remote MEP or MP:<remote mp> destination remote MEP or MIP. MIP.
  • Page 413 15. CFM Message Description Specified Domain Level is not configured. The specified domain level has not been configured. Make sure the specified parameter is correct, and then try again. Specified MA is not configured. The specified MA ID number or the primary VLAN for the specified MA has not been configured.

  • Page 414: Show Cfm

    15. CFM show cfm Displays the configuration information for domains and MPs, and the CFM information related to detected failures. Syntax <level> <no.> <mepid> show cfm [{[domain-level ] [ma ] [mep ] | summary}] Input mode User mode and administrator mode Parameters {[domain-level <level>] [ma <no.>] [mep <mepid>] | summary} domain-level <level>...
  • Page 415 15. CFM MIP Information CH12(Up) Enable MAC:0012.e220.00b2 > Display items in Example 1 Table 15-5: Items displayed for the CFM configuration information Item Meaning Displayed information Domain Level <level> Domain level and domain <level>: Indicates the domain level. name : Indicates that the domain name is not used. Name:- <name>: Indicates that a character Name(str):...
  • Page 416 15. CFM Item Meaning Displayed information Reset Time Time from the detection of a : The time elapsed from the 2500-10000ms failure until an alarm is detection of a failure until an alarm is canceled. canceled is displayed if CC is disabled. MEP Information MEP information MEP ID...
  • Page 417 15. CFM Example 2 The following figure is an example of displaying the number of entities accommodated in the CFM configuration. Figure 15-4: Example of displaying the number of entities accommodated in the CFM configuration >show cfm summary Date 2009/03/14 18:32:20 UTC DownMEP Counts UpMEP Counts MIP Counts...

  • Page 418: Show Cfm Remote-Mep

    15. CFM show cfm remote-mep Displays the configuration of a remote MEP that has been detected by the CC functionality of CFM, and the monitoring status of connection between the Switch's MEP and the remote MEP. Syntax <level> <no.> <mepid> show cfm remote-mep [domain-level ] [ma ] [mep...
  • Page 419 15. CFM ID:8003 Status:- MAC:0012.e20a.1241 Time:2009/03/20 12:12:20 ID:8004 Status:- MAC:0012.e20d.12a1 Time:2009/03/20 12:12:15 > Display items in Example 1 Table 15-8: Items displayed for remote MEP information Item Meaning Displayed information Total RMEP Counts Total number of remote MEPs Domain Level <level> Domain level and domain name <level>: Indicates the domain level.
  • Page 420 15. CFM Item Meaning Displayed information Status The status of failure detection in Displays a remote MEP failure with the highest priority. the remote MEP • : Indicates that a CCM was received from OtherCCM another MA. • : Indicates that a CCM that contains an ErrorCCM invalid MEP ID, or a CCM with an invalid transmission interval, was received.
  • Page 421 15. CFM Item Meaning Displayed information MA <no.> MA ID number and MA <no.>: Indicates the MA ID number when the configuration name was set. <name>: Indicates that a character string is Name(str): used for the MA name. <id>: Indicates that a numeric value is used for Name(id): the MA name.
  • Page 422 15. CFM Item Meaning Displayed information Interface The status of the remote The status of InterfaceStatus in the CCM that was last MEP interface received. • : Indicates Up status. • : Indicates Down status. Down • : Indicates that the test is being performed. Testing •...
  • Page 423 15. CFM Response messages Table 15-10: List of response messages for the show cfm remote-mep command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed. Re-execute the command.

  • Page 424: Show Cfm Fault

    15. CFM show cfm fault Displays the type of failure that has been detected by the CC functionality of CFM, and the information in the CCM that triggered the failure. Syntax <level> <no.> <mepid> show cfm fault [domain-level ] [ma ] [mep ] [{fault | cleared}] [detail]...
  • Page 425 15. CFM Display items in Example 1 Table 15-11: Items displayed for failure information Item Meaning Displayed information Domain level 0 to 7 MA ID number Configured MA ID number MEP ID MEP ID for the Switch Fault A failure is being detected. Cleared A failure has been cleared.
  • Page 426 15. CFM Item Meaning Displayed information ErrorCCM Failure level 4 Indicates that an invalid CCM was received from the remote MEP belonging to the same MA. The MEP ID or CCM An invalid CCM was received. transmission interval is incorrect. : A failure was found.

  • Page 427: Show Cfm L2Traceroute-Db

    15. CFM show cfm l2traceroute-db Displays route information acquired by the command and information about the l2traceroute MP on the route. The information registered in the linktrace database is displayed. Syntax <mac address> <mepid> show cfm l2traceroute-db [{remote-mac | remote-mep <level>...
  • Page 428 15. CFM Display items in Example 1 Table 15-14: Items displayed for linktrace database information Item Meaning Displayed information L2traceroute to The MAC address of the The MAC address of the destination remote MEP or MIP. MP:<remote mp> destination remote MEP or MIP. <remote mac address>: When the MAC address of the destination remote MEP or MIP is specified.
  • Page 429 15. CFM Display items in Example 2 Table 15-15: Items displayed for the detailed linktrace database information Item Meaning Displayed information L2traceroute to The MAC address of the The MAC address of the destination remote MEP or MIP. MP:<remote mp> destination remote MEP or <remote mac address>: When the MAC address of the MIP.
  • Page 430 15. CFM Item Meaning Displayed information Type Subtype of the chassis ID Type of the information displayed for Info • : Indicates that entPhysicalAlias of the Entity CHAS-COMP MIB is displayed for Info • : Indicates that ifAlias of the interface MIB is CHAS-IF displayed for Info...
  • Page 431 15. CFM Impact on communication None Response messages Table 15-16: List of response messages for the show cfm l2traceroute-db command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed.

  • Page 432: Show Cfm Statistics

    15. CFM show cfm statistics Displays the CFM statistics. Syntax <level> <no.> <mepid> show cfm statistics [domain-level ] [ma ] [mep Input mode User mode and administrator mode Parameters domain-level <level> Displays the CFM statistics for the specified domain level. ma <no.>...
  • Page 433 15. CFM Display items Table 15-17: Items displayed for CFM statistics Item Meaning Displayed information Domain Level <level> Domain level and <level>: Indicates the domain level. domain name : Indicates that the domain name is not used. Name:- <name>: Indicates that a character string is Name(str): used for the domain name.
  • Page 434 15. CFM Item Meaning Displayed information Number of CCM is displayed for MIP. receptions RxDiscard Number of discarded For an MEP, the following CCMs are discarded: CCMs • CCM with an invalid format • CCM for another MA • CCM with the same MEP ID as the one set for the Switch •...
  • Page 435 15. CFM Item Meaning Displayed information RxDiscard Number of linktrace The following linktrace messages are discarded: messages that have • A linktrace message with an invalid format been discarded • A linktrace message whose LTM TTL value is 0 • A linktrace message whose destination MAC address is different from the multicast address for linktrace or the MAC address of the receiving MP •...
  • Page 436 15. CFM Notes None...

  • Page 437: Clear Cfm Remote-Mep

    15. CFM clear cfm remote-mep Clears the remote MEP information. Syntax <level> <no.> <mepid> clear cfm remote-mep [domain-level [mep [remote-mep <mepid> ]]]] Input mode User mode and administrator mode Parameters domain-level <level> Clears the remote MEP information for the specified domain level. ma <no.>...
  • Page 438 15. CFM Message Description CFM is not configured. CFM has not been configured. Check the configuration. Connection failed to CFM program. Communication with the CFM program failed. Re-execute the command. Notes None...

  • Page 439: Clear Cfm Fault

    15. CFM clear cfm fault Clears the CFM failure information. Syntax <level> <no.> <mepid> clear cfm fault [domain-level [mep Input mode User mode and administrator mode Parameters domain-level <level> Clears the failure information for the specified domain level. ma <no.> Clears the failure information for the specified MA ID number.
  • Page 440 15. CFM Notes None...

  • Page 441: Clear Cfm L2Traceroute-Db

    15. CFM clear cfm l2traceroute-db Clears CFM linktrace database information. Syntax clear cfm l2traceroute-db Input mode User mode and administrator mode Parameters None Example The following figure is an example of clearing CFM linktrace database information. Figure 15-14: Example of clearing CFM linktrace database information >...

  • Page 442: Clear Cfm Statistics

    15. CFM clear cfm statistics Clears the CFM statistics. Syntax <level> <no.> <mepid> clear cfm statistics [domain-level [mep <level> <port list> clear cfm statistics [domain-level [mip] [port <channel group list> [channel-group-number Input mode User mode and administrator mode Parameters domain-level <level> Clears CFM statistics for the specified domain level.
  • Page 443 15. CFM Impact on communication None Response messages Table 15-22: List of response messages for the clear cfm statistics command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed.

  • Page 444: Restart Cfm

    15. CFM restart cfm Restarts the CFM program. Syntax restart cfm [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the CFM program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs the core file when the program is restarted.
  • Page 445 15. CFM If necessary, back up the file in advance because the specified file is unconditionally overwritten if it already exists.

  • Page 446: Dump Protocols Cfm

    15. CFM dump protocols cfm Dumps detailed event trace information and control table information collected by the CFM program to a file. Syntax dump protocols cfm Input mode User mode and administrator mode Parameters None Example The following figure is an example for collecting dump information of the CFM program. Figure 15-17: Example of collecting dump information of the CFM program >...

  • Page 447: Part 8: Remote Network Management

    PART 8: Remote Network Management Chapter 16. SNMP show snmp show snmp pending snmp lookup snmp get snmp getnext snmp walk snmp getif snmp getroute snmp getarp snmp getforward snmp rget snmp rgetnext snmp rwalk snmp rgetroute snmp rgetarp...

  • Page 448: Show Snmp

    16. SNMP show snmp Displays SNMP information. For inform requests, information is displayed for each of the following units: • Inform event • Inform event bound for the SNMP manager • InformRequest PDU Figure 16-1: InformRequest information Syntax show snmp Input mode User mode and administrator mode Parameters...
  • Page 449 16. SNMP SNMP packets output : 185 Trap PDUs Inform-request PDUs : 53 Response PDUs : 128 (with error 4) No errors : 124 Too big errors No such name errors Bad values errors General errors Timeouts : 49 Drops [TRAP] Host: 192.168.0.1, sent:1 Host: 192.168.0.2, sent:3...
  • Page 450 16. SNMP Item Meaning Displayed information with error Indicates the number of PDUs of the received 0 to 4294967295 GetResponse PDUs whose error status is not noError Error PDUs Indicates the total number of errors that occurred in 0 to 4294967295 PDU reception processing.
  • Page 451 16. SNMP Item Meaning Displayed information Host Indicates the host for which the trap is issued. Value set by the <manager address> parameter of the configuration snmp-server host command [OP-NPAR] Indicates the VRF ID. Value set by the parameter of snmp-server host configuration command sent...
  • Page 452 16. SNMP Response messages Table 16-2: List of response messages for the show snmp command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed. Re-execute the command.

  • Page 453: Show Snmp Pending

    16. SNMP show snmp pending Displays inform events bound for the SNMP manager that is waiting for a response from another SNMP manager. Syntax show snmp pending Input mode User mode and administrator mode Parameters None Example Figure 16-3: Example of executing the show snmp pending command >...
  • Page 454 16. SNMP Message Description Can't execute. The command could not be executed. Re-execute the command. Connection failed to SNMP program. Communication with the SNMP program failed. Re-execute the command. no entries. There are no inform events bound for the SNMP manager. Notes If this command is executed when inform events bound for the SNMP manager time out simultaneously, the command might display 0 for all sessions as the remaining time before a...

  • Page 455: Snmp Lookup

    16. SNMP snmp lookup Displays supported MIB object names and object IDs. Syntax <variable name> snmp lookup Input mode User mode and administrator mode Parameters <variable name> Specify an object name or an object in dot notation. A list of object names that follow the specified object or objects in dot notation are displayed. Operation when this parameter is omitted: All object names are listed in dot notation.

  • Page 456: Snmp Get

    Searches for and displays management information for the specified object instance. Example Figure 16-5: Example of executing the snmp get command > snmp get sysDescr.0 Name: sysDescr.0 Value: ALAXALA AX6300S xxxx Ver. 10.2 > snmp get 1.3.6.1.2.1.1.1.0 Name: sysDescr.0 Value: ALAXALA AX6300S xxxx Ver. 10.2 Display items...
  • Page 457 16. SNMP Message Description Error code set in packet - Return packet too big. The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned. Error code set in packet - Unknown status code: <Code> An SNMP frame containing response status code <Code>, which is undefined (non-standard), was received.

  • Page 458: Snmp Getnext

    16. SNMP snmp getnext Displays the MIB value following the specified one. Syntax <variable name> snmp getnext Input mode User mode and administrator mode Parameters <variable name> Specify an object name or an object in dot notation. Searches for and displays the management information following the specified object instance.
  • Page 459 16. SNMP Message Description Error code set in packet - No such variable name. Index: A response from the applicable SNMP agent indicating that the <Number>. specified object ID is not managed was returned. The object ID specified at the following position is not managed: <Number>. The object ID specified at the following position is not managed: <Number>.

  • Page 460: Snmp Walk

    16. SNMP snmp walk Displays the specified MIB tree. Syntax <variable name> snmp walk Input mode User mode and administrator mode Parameters <variable name> Specify an object name or an object in dot notation. Searches the management information following the specified object instance, and then displays all instances of the applicable object.
  • Page 461 16. SNMP Message Description Cannot translate variable class: <MIB Object Name> The object name <MIB Object Name> is invalid. Error code set in packet - General error: <Number>. A response from the applicable SNMP agent indicating that the specified object ID is being managed but the MIB value could not be acquired correctly was received.

  • Page 462: Snmp Getif

    16. SNMP snmp getif Displays MIB information for the interface group. Syntax snmp getif Input mode User mode and administrator mode Parameters None Searches management information for the interface group and then displays interface information. Example Figure 16-8: Example of executing the snmp getif command >...
  • Page 463 16. SNMP Item Meaning Displayed information InPkts Indicates the number of packets received on an interface (ifInUcastPkts+ifInNUcastPkts). OutPkts Indicates the number of packets sent from an interface (ifOutUcastPkts+ifOutNUcastPkts). Impact on communication None Response messages Table 16-13: List of response messages for the snmp getif command Message Description <SNMP agent IP address>: host unknown.

  • Page 464: Snmp Getroute

    16. SNMP snmp getroute Displays the IP routing table (ipRouteTable). Syntax snmp getroute Input mode User mode and administrator mode Parameters None Searches management information for ipRouteTable and then displays routing information. Example Figure 16-9: Example of executing the snmp getroute command >...
  • Page 465 16. SNMP Item Meaning Displayed information Indicates the number of seconds elapsed after this route was last updated or confirmed (ipRouteAge). Impact on communication None Response messages Table 16-15: List of response messages for the snmp getroute command Message Description <SNMP agent IP address>: host unknown.
  • Page 466 16. SNMP appears and the MIB cannot be acquired.

  • Page 467: Snmp Getarp

    16. SNMP snmp getarp Displays the IP address translation table (ipNetToMediaTable). Syntax snmp getarp Input mode User mode and administrator mode Parameters None Searches ipNetToMediaTable management information and displays ARP information. Example Figure 16-10: Example of executing the snmp getarp command >...
  • Page 468 16. SNMP Message Description Error code set in packet - No such variable name. Index: A response from the applicable SNMP agent indicating that the <Number>. specified object ID is not managed was returned. The object ID specified at the following position is not managed: <Number>. The object ID specified at the following position is not managed: <Number>.

  • Page 469: Snmp Getforward

    16. SNMP snmp getforward Displays ipForwardTable and axsVrfIpForwardTable (IP forwarding table). Syntax snmp getforward Input mode User mode and administrator mode Parameters None Searches management information for ipForwardTable and axsVrfIpForwardTable, and then displays forwarding information. Example Figure 16-11: Example of executing the snmp getforward command >...
  • Page 470 16. SNMP Item Meaning Displayed information (OSPF) ospf (bgp) (static routing) local (static routing) netmgmt (others) other Indicates the time (in seconds) elapsed since this route was learned or updated (ipForwardAge). NH-AS Indicates the autonomous system number of the next hop (ipForwardNextHopAS).
  • Page 471 16. SNMP Response messages Table 16-20: List of response messages for the snmp getforward command Message Description <SNMP agent IP address>: host unknown. An invalid SNMP agent address was specified. Error code set in packet - General error: <Number>. A response from the applicable SNMP agent indicating that the specified object ID is being managed but the MIB value could not be acquired correctly was received.

  • Page 472: Snmp Rget

    16. SNMP snmp rget Displays the MIB value for the specified remote device. Syntax <ip address> <community> <variable name> snmp rget [version { 1 | 2 }] Input mode User mode and administrator mode Parameters Remotely accesses an SNMP agent, acquires and displays management information of the specified object instance.
  • Page 473 16. SNMP Message Description Error code set in packet - General error: <Number>. A response from the applicable SNMP agent indicating that the specified object ID is being managed but the MIB value could not be acquired correctly was received. The object ID specified at the following position could not be acquired: <Number>.

  • Page 474: Snmp Rgetnext

    16. SNMP snmp rgetnext Displays the MIB value following the specified remote device. Syntax <ip address> <community> <variable name> snmp rgetnext [version { 1 | 2 }] Input mode User mode and administrator mode Parameters Remotely accesses an SNMP agent, acquires and displays the management information following the specified object instance.
  • Page 475 16. SNMP Message Description Error code set in packet - General error: <Number>. A response from the applicable SNMP agent indicating that the specified object ID is being managed but the MIB value could not be acquired correctly was received. The object ID specified at the following position could not be acquired: <Number>.

  • Page 476: Snmp Rwalk

    16. SNMP snmp rwalk Displays information about the MIB tree for the specified remote device. Syntax <ip address> <community> <variable name> snmp rwalk [version { 1 | 2 }] Input mode User mode and administrator mode Parameters Remotely accesses an SNMP agent, and acquires the management information following the specified object instance, and then displays all instances of the applicable object.
  • Page 477 16. SNMP Response messages Table 16-26: List of response messages for the snmp rwalk command Message Description <SNMP agent IP address>: host unknown. An invalid SNMP agent address was specified. Cannot translate variable class: <MIB Object Name> The object name <MIB Object Name> is invalid. Error code set in packet - General error: <Number>.

  • Page 478: Snmp Rgetroute

    16. SNMP snmp rgetroute Displays the IP routing table (ipRouteTable) of the specified remote device. Syntax <ip address> <community> snmp rgetroute Input mode User mode and administrator mode Parameters Remotely accesses an SNMP agent and displays routing information from management information of ipRouteTable.
  • Page 479 16. SNMP Item Meaning Displayed information (bgp) (static routing) local (static routing) netmgmt (others) other Indicates the number of seconds elapsed after this route was last updated or confirmed (ipRouteAge). Impact on communication None Response messages Table 16-28: List of response messages for the snmp rgetroute command Message Description <SNMP agent IP address>: host unknown.
  • Page 480 16. SNMP If there are too many interfaces on the target Switch, it takes time for searching MIB information for ipRouteTable, and a timeout might occur. If that happens, use the snmp command to acquire the ipRouteTable information. rgetnext...

  • Page 481: Snmp Rgetarp

    16. SNMP snmp rgetarp Displays the IP address translation table (ipNetToMediaTable) of the specified remote device. Syntax <ip address> <community> snmp rgetarp Input mode User mode and administrator mode Parameters Remotely accesses an SNMP agent and displays ARP information from management information of ipNetToMediaTable.
  • Page 482 16. SNMP Response messages Table 16-30: List of response messages for the snmp rgetarp command Message Description <SNMP agent IP address>: host unknown. An invalid SNMP agent address was specified. Error code set in packet - General error: <Number>. A response from the applicable SNMP agent indicating that the specified object ID is being managed but the MIB value could not be acquired correctly was received.

  • Page 483: 17. Sflow

    Chapter 17. sFlow show sflow clear sflow statistics restart sflow dump sflow...

  • Page 484: Show Sflow

    17. sFlow show sflow Displays the configuration setting status and operating status of sFlow statistics. Syntax show sflow [detail] Input mode User mode and administrator mode Parameters detail Displays detailed information about the setting status and the operating status of sFlow statistics.
  • Page 485 17. sFlow Send FlowSample UDP packets : 12077 Send failed packets: Send CounterSample UDP packets: Send failed packets: Collector IP address: 192.168.4.203 UDP:65535 Source IP address: 130.130.13 Send FlowSample UDP packets : 12077 Send failed packets: Send CounterSample UDP packets: Send failed packets: Detail data : Max packet size: 1400 bytes...
  • Page 486 17. sFlow Item Displayed information Source IP address Address used as an agent IP when packets are sent to the collector Send FlowSample UDP packets Number of UDP packets for flow samples sent to the collector Send failed packets Number of UDP packets that could not be sent to the collector Send CounterSample UDP packets Number of UDP packets for counter samples sent to the collector Max packet size...

  • Page 487: Clear Sflow Statistics

    17. sFlow clear sflow statistics Clears statistics managed by sFlow statistics. Syntax clear sflow statistics Input mode User mode and administrator mode Parameters None Example >clear sflow statistics > Display items None Impact on communication None Response messages Table 17-3: List of response messages for the clear sflow statistics command Message Description Can't execute this command in standby system.

  • Page 488: Restart Sflow

    17. sFlow restart sflow Restarts the flow statistics program. Syntax restart sflow [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the flow statistics program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs the core file of the flow statistics program ( ) when the program is...

  • Page 489: Dump Sflow

    17. sFlow dump sflow Dumps debug information collected in the flow statistics program to a file. Syntax dump sflow Input mode User mode and administrator mode Parameters None Example >dump sflow > Display items None Impact on communication None Response messages Table 17-5: List of response messages for the dump sflow command Message Description...

  • Page 491: Part 9: Management Of Neighboring Device Information

    PART 9: Management of Neighboring Device Information Chapter 18. LLDP show lldp show lldp statistics clear lldp clear lldp statistics restart lldp dump protocols lldp...

  • Page 492: Show Lldp

    18. LLDP show lldp Displays LLDP configuration information and neighboring device information. Syntax <port list> show lldp [port ] [detail] Input mode User mode and administrator mode Parameters port <port list> Displays LLDP information for the specified port. For details about how to specify <port list> and the specifiable range of values, see Specifiable values for parameters.
  • Page 493 IPv6 Address: Tagged: 20 3ffe:501:811:ff01:200:8798:5cc0:e7f4 TTL: 110 Chassis ID: Type=MAC Info=0012.e268.2505 System Name: LLDP2 System Description: ALAXALA AX6300S AX-6300-S04 [AX6304S] Switching so | ftware Ver. 10.2 [OS-SE] Port ID: Type=MAC Info=0012.e298.dc20 Port Description: GigabitEther 1/5 Tag ID: Tagged=1,10-20,4094 IPv4 Address: Tagged: 10 192.168.248.220...
  • Page 494 18. LLDP Port ID: Type=MAC Info=0012.e298.7478 Port Description: GigabitEther 1/24 Tag ID: Tagged=1,10-20,4094 IPv4 Address: Tagged: 10 192.168.248.200 IPv6 Address: Tagged: 20 3ffe:501:811:ff01:200:8798:7478:e7f4 Port 1/2 Link: Down Neighbor Counts: Port 1/3 Link: Down Neighbor Counts: > Information about the Switch's port Information about neighboring devices Information about neighboring devices Display items in Example 2...
  • Page 495 18. LLDP Item Meaning Displayed information Port ID Port ID of the applicable port Type Subtype for the port ID : Indicates that a MAC address is displayed Info Info Information about the port ID MAC address of the port Port Description Port description for the applicable The same character string as the string used for...
  • Page 496 18. LLDP Item Meaning Displayed information Port ID Port ID for the neighboring device Type Subtype for the port ID : Indicates that ifAlias of the InterfaceMIB PORT is displayed for Info : Indicates that portEntPhysicalAlias of ENTRY the Entity MIB is displayed for Info : Indicates that BACK-COMP...
  • Page 497 18. LLDP Notes None...

  • Page 498: Show Lldp Statistics

    18. LLDP show lldp statistics Displays LLDP statistics. Syntax <port list> show lldp statistics [port Input mode User mode and administrator mode Parameters port <port list> Displays LLDP statistics for the specified ports in list format. For details about how to specify <port list> and the specifiable range of values, see Specifiable values for parameters.
  • Page 499 18. LLDP Impact on communication None Response messages Table 18-5: List of response messages for the show lldp statistics command Message Description Can't execute this command in standby system. This command cannot be executed on a standby system. Can't execute. The command could not be executed.

  • Page 500: Clear Lldp

    18. LLDP clear lldp Clears LLDP neighboring device information. Syntax <port list> clear lldp [port Input mode User mode and administrator mode Parameters port <port list> Clears neighboring device information of the specified port. For details about how to specify <port list> and the specifiable range of values, see Specifiable values for parameters.

  • Page 501: Clear Lldp Statistics

    18. LLDP clear lldp statistics Clears LLDP statistics. Syntax <port list> clear lldp statistics [port Input mode User mode and administrator mode Parameters port <port list> Clears LLDP statistics for the specified port. For details about how to specify <port list> and the specifiable range of values, see Specifiable values for parameters.

  • Page 502: Restart Lldp

    18. LLDP restart lldp Restarts the LLDP program. Syntax restart lldp [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the LLDP program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs the core file when the program is restarted.
  • Page 503 18. LLDP If a file with this name already exists, the file is overwritten unconditionally. Therefore, back up the file in advance, if necessary.

  • Page 504: Dump Protocols Lldp

    18. LLDP dump protocols lldp Dumps detailed event trace information and control table information collected by the LLDP program to a file. Syntax dump protocols lldp Input mode User mode and administrator mode Parameters None Example Figure 18-7: Example of specifying LLDP dump >...

  • Page 505: 19. Oadp

    Chapter 19. OADP show oadp show oadp statistics clear oadp clear oadp statistics restart oadp dump protocols oadp...

  • Page 506: Show Oadp

    19. OADP show oadp Displays OADP/CDP configuration information and neighboring device information. Syntax <port list> <channel group list> show oadp [port ] [channel-group-number ] [device-id <device id> ] [detail] Input mode User mode and administrator mode Parameters port <port list> Displays neighboring device information for the specified port.
  • Page 507 19. OADP Interval Time: 60 Hold Time: 180 ignore vlan: 2-4,10 Enabled Port: 1/1-5,16,20 CH 10 Total Neighbor Counts=2 Local VID Holdtime Remote VID Device ID Capability Platform 35 1/8 0 OADP-2 AX6304S 1/16 9 1/1 0 OADP-3 AX6308S Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater >...
  • Page 508 VLAN ID(TLV): 0 Device ID : OADP-2 Capabilities : Router,Switch Platform : AX6304S Entry address(es): IP address : 192.16.170.87 IPv6 address: fe80::200:4cff:fe71:5d1c IfSpeed : 1G Duplex : FULL Version : ALAXALA AX6300S AX-6300-S04 [AX6304S] Switching soft ware Ver. 10.2 [OS-SE]...
  • Page 509 IP address : 192.16.170.100 IfSpeed : 1G Duplex : FULL Version : ALAXALA AX6300S AX-6300-S08 [AX6308S] Switching soft ware Ver. 10.2 [OS-SE] --------------------------------------------------------- > Configuration information of the Switch Information about the Switch's port Information about neighboring devices Display items in Example 2...
  • Page 510 19. OADP Item Meaning Displayed information VLAN ID(TLV) VLAN ID set for the VLAN ID TLV VLAN ID sent from a neighboring device Device ID Device ID of the neighboring device Device identifier Capability Functionality of neighboring devices Functionality Platform Name of the neighboring device Device name Entry address...

  • Page 511: Show Oadp Statistics

    19. OADP show oadp statistics Displays OADP/CDP statistics. Syntax <port list> <channel group list> show oadp statistics [port ] [channel-group-number Input mode User mode and administrator mode Parameters port <port list> Displays the OADP statistics for the specified ports in list format. For details about how to specify <port list>...
  • Page 512 19. OADP Item Meaning Displayed information OADP PDUs Tx Number of sent OADP PDUs 0 to 4294967295 OADP/CDP PDUs Rx Number of received OADP/CDP 0 to 4294967295 PDUs Rx PDUs Statistics for receive frames OADP Number of OADP PDUs 0 to 4294967295 CDPv1 Number of CDP version 1 PDUs 0 to 4294967295...

  • Page 513: Clear Oadp

    19. OADP clear oadp Clears OADP neighboring device information. Syntax <port list> <channel group list> clear oadp [port ] [channel-group-number Input mode User mode and administrator mode Parameters port <port list> Clears neighboring device information of the specified port. For details about how to specify <port list> and the specifiable range of values, see Specifiable values for parameters.
  • Page 514 19. OADP Message Description OADP is not configured. OADP has not been configured. Check the configuration. Notes None...

  • Page 515: Clear Oadp Statistics

    19. OADP clear oadp statistics Clears OADP/CDP statistics. Syntax <port list> <channel group list> clear oadp statistics [port ] [channel-group-number Input mode User mode and administrator mode Parameters port <port list> Clears OADP/CDP statistics for the specified port. For details about how to specify <port list> and the specifiable range of values, see Specifiable values for parameters.
  • Page 516 19. OADP Message Description OADP is not configured. OADP has not been configured. Check the configuration. Notes None...

  • Page 517: Restart Oadp

    19. OADP restart oadp Restarts the OADP program. Syntax restart oadp [-f] [core-file] Input mode User mode and administrator mode Parameters Restarts the OADP program without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. core-file Outputs the core file when the program is restarted.
  • Page 518 19. OADP Core file: oadpd.core If necessary, back up the file in advance because the specified file is unconditionally overwritten if it already exists.

  • Page 519: Dump Protocols Oadp

    19. OADP dump protocols oadp Dumps detailed event trace information and control table information collected by the OADP program to a file. Syntax dump protocols oadp Input mode User mode and administrator mode Parameters None Example Figure 19-7: Example of specifying OADP dump >...

  • Page 521: Index

    Index activate standby 282 debug access-log 32 dump access-log 29 dump protocols cfm 430 dump protocols dhcp snooping 277 clear access-filter 16 dump protocols dot1x 121 clear access-log 22 dump protocols efmoam 373 clear access-log flow 28 dump protocols gsrp 315 clear cfm fault 423 dump protocols lldp 488 clear cfm l2traceroute-db 425...
  • Page 522 Index set mac-authentication mac-address 212 show web-authentication login 143 set web-authentication html-files 180 show web-authentication statistics 164 set web-authentication passwd 136 show web-authentication user 141 set web-authentication user 134 snmp get 440 set web-authentication vlan 138 snmp getarp 451 show access-filter 10 snmp getforward 453 show access-log 20 snmp getif 446...

This manual is also suitable for:

Ax6600sAx6300s

Table of Contents