Download Print this page

ZyXEL Communications XS3800-28 Cli Reference Manual

ZyXEL Communications XS3800-28 Cli Reference Manual

Hide thumbs Also See for XS3800-28:

User manual (789 pages)

,

Quick start manual (2 pages)

,

User manual (593 pages)

Table Of Contents

page of 407

/ 407
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

See also: User Manual

CLI Reference Guide

Ethernet Switch Series

Managed Ethernet Switches

Default Login Details

Out-of-Band

MGMT Port

In-Band Ports

User Name

Password

Copyright © 2019 Zyxel Communications Corporation

http://192.168.0.1

http://DHCP-assigned IP

or

http://192.168.1.1

admin

1234

Version 3.79~4.60 Edition 2, 05/2019

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the XS3800-28 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications XS3800-28

Page 1 CLI Reference Guide Ethernet Switch Series Managed Ethernet Switches Default Login Details Version 3.79~4.60 Edition 2, 05/2019 Out-of-Band http://192.168.0.1 MGMT Port In-Band Ports http://DHCP-assigned IP http://192.168.1.1 User Name admin Password 1234 Copyright © 2019 Zyxel Communications Corporation...
Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a Reference Guide for a series of products intended for people who want to configure the Switch via Command Line Interface (CLI). Note: Some commands or command options in this guide may not be available in your product.
Page 3 About This CLI Reference Guide About This CLI Reference Guide Intended Audience This manual is intended for people who want to configure Zyxel Switches via Command Line Interface (CLI). The version number on the cover page refers to the latest firmware version supported by the Zyxel Switches.
Page 4 Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this CLI Reference Guide. Warnings tell you about things that could harm you or your device. See your User’s Guide for product specific warnings. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Document Conventions • <cr> means press the [ENTER] key. • An arrow (-->) indicates that this line is a continuation of the previous line. Command summary tables are organized as follows: Table 1 Example: Command Summary Table COMMAND DESCRIPTION Displays the status of all VLANs. show vlan Enters config-vlan mode for the specified VLAN.
Page 6: Table Of Contents
Contents Overview Contents Overview Introduction ............................9 How to Access and Use the CLI ......................10 Privilege Level and Command Mode ....................13 Initial Setup ............................18 Reference A-G ..........................25 AAA Commands ..........................27 Anti-Arpscan ............................30 ARP Commands ........................... 32 ARP Inspection Commands ........................
Page 7 Contents Overview IGMP and Multicasting Commands ....................124 IGMP Snooping Commands ......................126 IGMP Filtering Commands ......................... 133 Interface Commands ........................135 Interface Loopback Mode ........................ 140 Interface Route-domain Mode ......................142 IP Commands ............................. 143 IP Source Binding Commands ......................148 IPv6 Commands ..........................
Page 8 Contents Overview RMON ..............................280 Running Configuration Commands ....................287 Service Register ........................... 290 sFlow ..............................291 Smart Isolation Commands ....................... 293 SNMP Server Commands ........................296 Stacking Commands ......................... 301 STP and RSTP Commands ........................307 SSH Commands ..........................311 Static Multicast Commands ......................
Page 9: Introduction
Introduction How to Access and Use the CLI (10) Privilege Level and Command Mode (13) Initial Setup (18)
Page 10: How To Access And Use The Cli
H A P T E R How to Access and Use the This chapter introduces the command line interface (CLI). 1.1 Accessing the CLI Use any of the following methods to access the CLI. 1.1.1 Console Port Connect your computer to the console port on the Switch using the appropriate cable. Use terminal emulation software with the following settings: Table 2 Default Settings for the Console Port SETTING...
Page 11 Chapter 1 How to Access and Use the CLI Table 3 Default Management IP Address SETTING DEFAULT VALUE IP Address 192.168.1.1 Subnet Mask 255.255.255.0 Make sure your computer IP address is in the same subnet, unless you are accessing the Switch through one or more routers.
Page 12 Chapter 1 How to Access and Use the CLI 1.4 Saving Your Configuration When you run a command, the Switch saves any changes to its run-time memory. The Switch loses these changes if it is turned off or loses power. Use the command in enable mode to save the write memory current configuration permanently to non-volatile memory.
Page 13: Privilege Level And Command Mode
H A P T E R Privilege Level and Command Mode This chapter introduces the CLI privilege levels and command modes. • The privilege level determines whether or not a user can run a particular command. • If a user can run a particular command, the user has to run it in the correct mode. 2.1 Privilege Levels Every command has a privilege level (0-14).
Page 14: Privilege Level And Command Mode
Chapter 2 Privilege Level and Command Mode • Using vendor-specific attributes in an external authentication server. See the User’s Guide for more information. The admin account has a privilege level of 14, so the administrator can run every command. You cannot change the privilege level of the admin account.
Page 15 Chapter 2 Privilege Level and Command Mode In the following example, the login account user0 has a privilege level of 0 but knows that the password for privilege level 13 is pswd13. Afterwards, the session’s privilege level is 13, instead of 0, and the session changes to enable mode.
Page 16 Chapter 2 Privilege Level and Command Mode 2.2.2 Command Modes for Privilege Levels 13-14 If the session’s privilege level is 13-14, the allowed commands are in one of several modes. Table 7 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One MODE PROMPT COMMAND FUNCTIONS IN THIS MODE...
Page 17 Chapter 2 Privilege Level and Command Mode 2.3 Listing Available Commands Use the help command to view the executable commands on the Switch. You must have the highest privilege level in order to view all the commands. Follow these steps to create a list of supported commands: Log into the CLI.
Page 18: Initial Setup
H A P T E R Initial Setup This chapter identifies tasks you might want to do when you first configure the Switch. 3.1 Changing the Administrator Password Note: It is recommended you change the default administrator password. You can encrypt the password using the password encryption command.
Page 19 Chapter 3 Initial Setup 3.3 Prohibiting Concurrent Logins By default, multiple CLI sessions are allowed via the console port or Telnet. See the User’s Guide for the maximum number of concurrent sessions for your Switch. Use this command to prohibit concurrent logins.
Page 20 Chapter 3 Initial Setup 3.6 Using Auto Configuration Follow the steps below to set up configurations on the Switch, so you can load an auto configuration file automatically from a TFTP server when you reboot the Switch. Note: You need to set up configurations on a DHCP server and TFTP server first to use auto configuration.
Page 21 Chapter 3 Initial Setup Use this command to check the settings for auto configuration. show running-config GS2210# show running-config Building configuration... Current configuration: vlan 1 name 1 normal "" fixed 1-50 forbidden "" untagged 1-50 ip address default-management dhcp-bootp ip address default-management dhcp-bootp option-60 class-id ZyxelCorp exit pwr mode consumption auto-config...
Page 22 ....(Compressed) Version: GS2210, start: b4962430 Length: 16F0668, Checksum: 03AA Compressed Length: 2EE424, Checksum: 87A5 Copyright (c) 1994 - 2017 Zyxel Communications Corp. initialize mgmt, initialize switch, ethernet address: 00:19:cb:00:00:01 Initializing MSTP..... Initializing VLAN Database... Initializing IP Interface... Initializing Advanced Applications...
Page 23 ....(Compressed) Version: GS2210, start: b4962430 Length: 16F0668, Checksum: 03AA Compressed Length: 2EE424, Checksum: 87A5 Copyright (c) 1994 - 2017 Zyxel Communications Corp. initialize mgmt, initialize switch, ethernet address: 00:19:cb:00:00:01 Initializing MSTP..... Initializing VLAN Database... Initializing IP Interface... Initializing Advanced Applications...
Page 24 Chapter 3 Initial Setup This is illustrated in the following example. sysname# show system-information Product Model : sysname System Name : sysname System Mode : Standalone System Contact System Location System up Time 98:26:28 (151f8939 ticks) Ethernet Address : 00:19:cb:00:00:02 Bootbase Version : V1.02 | 08/27/2014 ZyNOS F/W Version...
Page 25: Reference A-G
Reference A-G AAA Commands (27) ARP Commands (32) ARP Inspection Commands (34) ARP Learning Commands (39) Auto Configuration Commands (40) Bandwidth Commands (42) Broadcast Storm Commands (46) CFM Commands (49) Certificates Commands (58) Classifier Commands (60) Cluster Commands (64) CLV Commands (67) Custom Default Commands (73) Date and Time Commands (74) Data Center Bridging Commands (77)
Page 26 DiffServ Commands (94) Display Commands (95) DVMRP Commands (96) Error Disable and Recovery Commands (98) Ethernet OAM Commands (102) External Alarm Commands (107) GARP Commands (109) Green Ethernet Commands (111) GVRP Commands (115)
Page 27: Aaa Commands
H A P T E R AAA Commands Use these commands to configure authentication, authorization and accounting on the Switch. 4.1 Command Summary The following section lists the commands for this feature. Table 9 aaa authentication Command Summary COMMAND DESCRIPTION Displays what methods are used for authentication.
Page 28 Chapter 4 AAA Commands Table 10 Command Summary: aaa accounting (continued) COMMAND DESCRIPTION Disables accounting of command sessions on the Switch. no aaa accounting commands Displays accounting settings for recording IEEE 802.1x show aaa accounting dot1x session events. Enables accounting of IEEE 802.1x authentication sessions aaa accounting dot1x <start- and specifies the mode and protocol method.
Page 29 Chapter 4 AAA Commands Table 11 aaa authorization Command Summary (continued) COMMAND DESCRIPTION Disables authorization of allowing an IEEE 802.1x client to no aaa authorization dot1x have different bandwidth limit or VLAN ID assigned via the external server. Disables authorization of allowing an administrator which no aaa authorization exec logs in the Switch through Telnet or SSH to have different access privilege level assigned via the external server.
Page 30: Anti-Arpscan
H A P T E R Anti-Arpscan Use these commands to configure anti-Arpscan on the Switch. 5.1 Anti-Arpscan Overview Address Resolution Protocol (ARP), RFC 826, is a protocol used to convert a network-layer IP address to a link-layer MAC address. ARP scan is used to scan the network of a certain interface for alive hosts. It shows the IP address and MAC addresses of all hosts found.
Page 31 Chapter 5 Anti-Arpscan Table 12 anti arpscan Command Summary (continued) COMMAND DESCRIPTION Unblocks all hosts. clear anti arpscan host Unblocks all hosts connected to the specified port(s). clear anti arpscan host interface port-channel <port- list> Enters config-interface mode for the specified port(s). interface port-channel <port- list>...
Page 32: Arp Commands
H A P T E R ARP Commands Use these commands to look at IP-to-MAC address mapping(s). 6.1 Command Summary The following section lists the commands for this feature. Table 13 arp Command Summary COMMAND DESCRIPTION Sets how long dynamically learned ARP entries remain in arp aging-time <60-1000000>...
Page 33 Chapter 6 ARP Commands 6.2 Command Examples This example creates a static ARP entry and shows the ARP table on the Switch. sysname# config sysname(config)# arp name test ip 192.168.1.99 mac 00:c5:d8:01:23:45 vlan 1 interface port-channel 3 sysname(config)# exit sysname# show ip arp Index VLAN Port...
Page 34: Arp Inspection Commands
H A P T E R ARP Inspection Commands Use these commands to filter unauthorized ARP packets in your network. 7.1 Command Summary The following section lists the commands for this feature. Table 15 arp inspection Command Summary COMMAND DESCRIPTION Enables ARP inspection on the Switch.
Page 35 Chapter 7 ARP Inspection Commands Table 17 Command Summary: arp inspection log COMMAND DESCRIPTION Displays the log settings configured on the Switch. It also show arp inspection log displays the log entries recorded on the Switch. Delete all ARP inspection log entries from the Switch. clear arp inspection log Specifies the maximum number (1-1024) of log messages arp inspection log-buffer...
Page 36 Chapter 7 ARP Inspection Commands 7.2 Command Examples This example looks at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
Page 37 Chapter 7 ARP Inspection Commands The following table describes the labels in this screen. Table 21 show arp inspection log LABEL DESCRIPTION Total Log Buffer Size This field displays the maximum number (1-1024) of log messages that were generated by ARP packets and have not been sent to the syslog server yet. If the number of log messages in the Switch exceeds this number, the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer.
Page 38 Chapter 7 ARP Inspection Commands The following table describes the labels in this screen. Table 22 show arp inspection interface port-channel LABEL DESCRIPTION Interface This field displays the port number. If you configure the * port, the settings are applied to all of the ports.
Page 39: Arp Learning Commands
H A P T E R ARP Learning Commands Use these commands to configure how the Switch updates the ARP table. 8.1 Command Summary The following section lists the commands for this feature. Table 23 arp-learning Command Summary COMMAND DESCRIPTION Enters config-interface mode for the specified port(s).
Page 40: Auto Configuration Commands
H A P T E R Auto Configuration Commands Use these commands to configure auto configuration on the Switch. 9.1 Auto Configuration Overview The Switch can download a pre-saved auto configuration file automatically when you reboot the Switch using the DHCP or HTTPS mode. This will overwrite the running configuration stored in the Switch’s RAM instead of the startup configuration stored in the Switch’s flash memory.
Page 41 Chapter 9 Auto Configuration Commands Table 24 auto-config Command Summary (continued) COMMAND DESCRIPTION Types the URL that can be used to access and download auto-config url <https://host/ the auto configuration file from a web server using HTTPS. filename> For example, https:// webserverIPaddressconfigfilename.cfg.
Page 42: Bandwidth Commands
H A P T E R Bandwidth Commands Use these commands to configure the maximum allowable bandwidth for incoming or outgoing traffic flows on a port. Note: Bandwidth management implementation differs across Switch models. • Some models use a single command (bandwidth-limit ingress) to control the incoming rate of traffic on a port.
Page 43 Chapter 10 Bandwidth Commands Table 26 Command Summary: bandwidth-control & bandwidth-limit (continued) COMMAND DESCRIPTION Enables bandwidth limits for incoming traffic on the port(s). C bandwidth-limit ingress Sets the maximum bandwidth allowed for incoming traffic bandwidth-limit ingress on the port(s). <rate> Enables bandwidth limits for outgoing traffic on the port(s).
Page 44 Chapter 10 Bandwidth Commands 10.3 Command Examples: cir & pir This example sets the guaranteed traffic bandwidth limit on port 1 to 4000 Kbps and the maximum traffic bandwidth limit to 5000 Kbps for port 1. sysname# configure sysname(config)# bandwidth-control sysname(config)# interface port-channel 1 sysname(config-interface)# bandwidth-limit cir sysname(config-interface)# bandwidth-limit cir 4000...
Page 45: Bpdu Guard
H A P T E R BPDU Guard Use these commands to configure BPDU guard on the Switch. 11.1 BPDU Guard Overview A BPDU (Bridge Protocol Data Units) is a data frame that contains information about STP. STP-aware switches exchange BPDUs periodically. The BPDU guard feature allows you to prevent any new STP-aware switch from connecting to an existing network and causing STP topology changes in the network.
Page 46: Broadcast Storm Commands
H A P T E R Broadcast Storm Commands Use these commands to limit the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. Note: Broadcast storm control implementation differs across Switch models. •...
Page 47 Chapter 12 Broadcast Storm Commands Table 29 Command Summary: storm-control, bmstorm-limit, and bstorm-control (continued) COMMAND DESCRIPTION Specifies the maximum number of broadcast packets the broadcast-limit <pkt/s> Switch accepts per second on the specified port(s). The Switch will generate a trap and/or log when the actual rate is higher than the specified threshold.
Page 48 Chapter 12 Broadcast Storm Commands • 64 DLF packets per second. sysname# configure sysname(config)# storm-control sysname(config)# interface port-channel 1 sysname(config-interface)# broadcast-limit sysname(config-interface)# broadcast-limit 128 sysname(config-interface)# multicast-limit sysname(config-interface)# multicast-limit 256 sysname(config-interface)# dlf-limit sysname(config-interface)# dlf-limit 64 sysname(config)# exit sysname# show interfaces config 1 bstorm-control Broadcast Storm Control Enabled: Yes Port Broadcast|Enabled...
Page 49: Cfm Commands
H A P T E R CFM Commands Use these commands to configure the Connectivity Fault Management (CFM) on the Switch. 13.1 CFM Overview The route between two users may go through aggregated switches, routers and/or DSLAMs owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscribers’...
Page 50 Chapter 13 CFM Commands CFM provides two tests to discover connectivity faults. •Loopback test - similar to using “ping” in Microsoft DOS mode to check connectivity from your computer to a host. In a loopback test, a MEP port sends a LBM (Loop Back Message) to a MIP port and checks for an LBR (Loop Back Response).
Page 51 Chapter 13 CFM Commands Table 30 CFM Term Definitions TERM DESCRIPTION Loop Back Test Loop Back Test (LBT) checks if an MEP port receives its LBR (Loop Back Response) from its target after it sends the LBM (Loop Back Message). If no response is received, there might be a connectivity fault between them.
Page 52 Chapter 13 CFM Commands Table 32 CFM Command Summary (continued) COMMAND DESCRIPTION Specifies the remote MEP ID, local MEP ID, MA index ethernet cfm loopback remote-mep and MD index to perform a loopback test. <mep-id> mep <mep-id> ma <ma-index> md <md-index> [size <0-1500>][count This enables the MEP port (with the specified MEP ID) <1-1024>] in a specified CFM domain to send the LBMs (Loop...
Page 53 Chapter 13 CFM Commands Table 32 CFM Command Summary (continued) COMMAND DESCRIPTION Creates an MA (Maintenance Association) and ethernet cfm ma <ma-index> format defines its VLAN ID under the MD. You can also define <vid|string|integer> name <ma-name> the format which the Switch uses to send this MA md <md-index>...
Page 54 Chapter 13 CFM Commands Table 32 CFM Command Summary (continued) COMMAND DESCRIPTION Deletes a specified MEP. no mep <mep-id> Enables an MEP. no mep <mep-id> inactive Disallows an MEP sending Connectivity Check no mep <mep-id> cc-enable Messages (CCMs) periodically to other MEPs. Creates an MD (Maintenance Domain) with the ethernet cfm md <md-index>...
Page 55 Chapter 13 CFM Commands Table 32 CFM Command Summary (continued) COMMAND DESCRIPTION Displays a list of MA(s), MEP(s) and the remote MEP(s) show ethernet cfm remote under the configured MD(s). Displays all virtual MAC addresses. show ethernet cfm virtual-mac Displays the MAC address(es) of the specified port(s). show ethernet cfm virtual-mac port <port-list>...
Page 56 Chapter 13 CFM Commands This example lists all CFM domains. In this example, only one MD (MD1) is configured. The MA3 with the associated MEP port 1 is under this MD1. sysname# show ethernet cfm local MD Index: 1 MD Name: MD1(string) MD Level: 1 MA Index: 3 MA Name:...
Page 57 Chapter 13 CFM Commands This example assigns a virtual MAC address to port 3 and displays the MAC addresses of the ports 2 ~ 4. The assigned virtual MAC address should be unique in both the Switch and the network to which it belongs.
Page 58: Certificates Commands
H A P T E R Certificates Commands Use these commands to import an HTTPS certificate to the Switch. You can also clear or show the HTTPS certificate imported to the Switch. 14.1 Certificates Overview The Switch can use HTTPS certificates that are verified by a third party to create secure HTTPS connections between your computer and the Switch.
Page 59 Chapter 14 Certificates Commands Use the ftp <ip address> command and enter the Switch IP address to have your computer ping the Switch. In this example, we use the default out-of-band IP address (192.168.0.1) for the Switch IP address. Use the default in-band management IP address (192.168.1.1), DHCP-assigned IP address, static IP address, or the default out-of-band IP address (192.168.0.1).
Page 60: Classifier Commands
H A P T E R Classifier Commands Use these commands to classify packets into traffic flows. After classifying traffic, policy commands (Chapter 64 on page 247) can be used to ensure that a traffic flow gets the requested treatment in the network.
Page 61 Chapter 15 Classifier Commands Table 35 Command Summary: classifier (continued) COMMAND DESCRIPTION Configures a classifier. Specify the parameters to identify the classifier <name> < [weight traffic flow: <0-65535> ][packet- format <802.3untag|802.3tag| • weight: Enter the weight the priority of the Classifier rule when the match order is in manual mode.
Page 62 Chapter 15 Classifier Commands Table 35 Command Summary: classifier (continued) COMMAND DESCRIPTION Use manual to have classifier rules applied according to the classifier match-order weight of each rule you configured. Use auto to have classifier <auto|manual> rules applied according to the layer of the item configured in the rule.
Page 63 Chapter 15 Classifier Commands 15.2 Command Examples This example creates a classifier for packets with a VLAN ID of 3. The resulting traffic flow is identified by the name VLAN3. The policy command can use the name VLAN3 to apply policy rules to this traffic flow.
Page 64: Cluster Commands
H A P T E R Cluster Commands Use these commands to configure cluster management. 16.1 Command Summary The following section lists the commands for this feature. Table 38 cluster Command Summary COMMAND DESCRIPTION Displays cluster management status. show cluster Enables clustering in the specified VLAN group.
Page 65 Chapter 16 Cluster Commands 16.2 Command Examples This example creates the cluster CManage in VLAN 1. Then, it looks at the current list of candidates for membership in this cluster and adds two switches to cluster. sysname# configure sysname(config)# cluster 1 sysname(config)# cluster name CManage sysname(config)# exit sysname# show cluster candidates...
Page 66 00:13:49:00:00:01 Connected to 127.0.0.2 Escape character is '^]'. User name: admin Password: **** Copyright (c) 1994 - 2007 ZyXEL Communications Corp. ES-2108PWR# show version Current ZyNOS version: V3.80(ABS.0)b2 | 05/28/2007 ES-2108PWR# exit Telnet session with remote host terminated.
Page 67: Clv Commands
H A P T E R CLV Commands Use these commands to configure VLAN settings on the Switch in clv mode. In Zyxel configuration mode, you need to use the VLAN commands to configure a VLAN first, then specify the port(s) which you want to configure and tag all outgoing frames with the specified VLAN ID.
Page 68 Chapter 17 CLV Commands Figure 3 Trunk - Access Mode Example Table 41 vlan Command Summary COMMAND DESCRIPTION Displays the status of all VLANs. show vlan Displays the status of the specified VLAN. show vlan <vlan-id> Table 42 clv Command Summary COMMAND DESCRIPTION Enables clv mode.
Page 69 Chapter 17 CLV Commands Table 44 switchport access Command Summary COMMAND DESCRIPTION Enters config-interface mode for the specified port(s). interface port-channel <port- list> Sets the specified interface in access mode. switchport mode access Untags all outgoing frames with the specified VLAN ID. switchport access <vlan-id>...
Page 70 Chapter 17 CLV Commands Table 47 switchport forbidden Command Summary COMMAND DESCRIPTION Enters config-interface mode for the specified port(s). interface port-channel <port- list> Prohibits the specified port(s) from joining the specified switchport forbidden vlan VLAN group. add <vlan-list> Prohibits the specified port(s) from joining all VLAN groups. switchport forbidden vlan add all Sets forbidden port(s) in the specified VLAN to normal...
Page 71 Chapter 17 CLV Commands This example configures port 4 as the tagged port in VLAN 20 and the untagged port in VLAN 100. This example also configures 200 as the PVID on port 4. sysname# config sysname(config)# interface port-channel 4 sysname(config-interface)# switchport mode hybrid sysname(config-interface)# switchport hybrid allowed vlan 20 tagged sysname(config-interface)# switchport hybrid allowed vlan 100 untagged...
Page 72 Chapter 17 CLV Commands This example shows the VLAN 100 status. sysname# show vlan 100 802.1Q VLAN ID : 100 Name Status : Static Elapsed Time 26:05:15 Port Information Mode ---------------- ---- Trunk Trunk Trunk Hybrid Ethernet Switch CLI Reference Guide...
Page 73: Custom Default Commands
H A P T E R Custom Default Commands Use these commands to use custom default on the Switch. 18.1 Custom Default Overview You can save the current configuration settings to a customized default file, so you can load it when you reboot the Switch.
Page 74: Date And Time Commands
H A P T E R Date and Time Commands Use these commands to configure the date and time on the Switch. 19.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 50 time User-input Values COMMAND DESCRIPTION Possible values (daylight-saving-time commands only): first, second, third, fourth,...
Page 75 Chapter 19 Date and Time Commands Table 51 time Command Summary (continued) COMMAND DESCRIPTION Sets the day and time when Daylight Saving Time starts. time daylight-saving-time start- date <week> <day> <month> In most parts of the United States, Daylight Saving Time <o’clock>...
Page 76 Chapter 19 Date and Time Commands This example looks at the current time server settings. sysname# show timesync Time Configuration ----------------------------- Time Zone :UTC -600 Time Sync Mode :USE_DAYTIME Time Server IP Address :172.16.37.10 Time Server Sync Status:CONNECTING The following table describes the labels in this screen. Table 53 show timesync LABEL DESCRIPTION...
Page 77: Data Center Bridging Commands
H A P T E R Data Center Bridging Commands At the time of writing, data center bridging can only be configured using commands on the Switch. 20.1 Overview A traditional Ethernet network is best-effort, that is, frames may be dropped due to network congestion. FCoE (Fiber Channel over Ethernet) transparently encapsulates fiber channel traffic into Ethernet, so that you don’t need separate fiber channel and Ethernet switches.
Page 78 Chapter 20 Data Center Bridging Commands The following table describes user-input values available in multiple commands for this feature. Table 54 dcb User-input Values COMMAND DESCRIPTION Possible values range from 0 to 7. <priority-list> Possible values range from 1 to the number of ports on your Switch. <port-list>...
Page 79 Chapter 20 Data Center Bridging Commands 20.2.2 PFC Command Examples In the following example, PFC on switch A, port 1, is set to auto, so that it can accept the priority configuration from the peer switch B. If switch A did not receive PFC PDU from switch B, then priority 2, will be used by switch A.
Page 80 Chapter 20 Data Center Bridging Commands This is an example showing how many pause frames of certain priorities were temporarily stopped (transmitted or received) on port 1. sysname# show priority-flow-control statistics interface port-channel 1 Port Number: 1 PFC Tx Priority 0: 0 Priority 1: 0 Priority 2: 0 Priority 3: 0...
Page 81 Chapter 20 Data Center Bridging Commands The following table lists the commands for this feature. Table 56 ets Command Summary COMMAND DESCRIPTION Creates a WFQ or SP traffic class with ID, weight and traffic-class <id> scheduler <sp | (optional) name. ets <weight>>...
Page 82 Chapter 20 Data Center Bridging Commands This command shows traffic class. switch# show traffic-class Traffic Class Profile Configuration: Traffic Class ID Scheduler Weight Name ---------------- --------- ------ ------------------------------- Default Next, configure a port for traffic class(es) and bind priorities to traffic classes on a port. In the next example, we configure port 1 and bind priorities 0, 1 and 2 to traffic class 2 (LAN), 3, 4, 5 and 6 to class 1 (SAN) and 7 to class 0, the default traffic class.
Page 83 Chapter 20 Data Center Bridging Commands 20.2.6 Application Priority Command Examples In the following example, all FCoE traffic on the switch is assigned with priority 3. switchA# configure switchA(config)# lldp dcbx application ether-type fcoe priority 3 Application priority can then be used in conjunction with ETS and PFC as shown in the following examples.
Page 84 Chapter 20 Data Center Bridging Commands 20.2.7 DCBX DCBX uses LLDP (Link Layer Discovery Protocol) to exchange PFC, ETS and application priority information between switches. PFC information should be consistent between switches, so this can be configured automatically using DCBX. Chapter 44 on page 178 for more information on LLDP.
Page 85: Dhcp Commands
H A P T E R DHCP Commands Use these commands to configure DHCP features on the Switch. • Use the dhcp option commands to configure DHCP Option 82 profiles. • Use the dhcp relay commands to configure DHCP relay for specific VLAN. •...
Page 86 Chapter 21 DHCP Commands Table 64 dhcp relay Command Summary (continued) COMMAND DESCRIPTION Specifies a pre-defined DHCP option 82 profile that the dhcp relay <vlan-id> interface Switch applies to the specified port(s) in this VLAN. The port-channel <port-list> option Switch adds the Circuit ID sub-option and/or Remote ID profile <name>...
Page 87 Chapter 21 DHCP Commands Table 66 dhcp smart-relay Command Summary (continued) COMMAND DESCRIPTION Specifies a pre-defined DHCP option 82 profile that the dhcp smart-relay interface port- Switch applies to the specified port(s). channel <port-list> option profile <name> Note: The profile you specify here has priority over the one you set using the dhcp smart-relay option profile <name>...
Page 88 Chapter 21 DHCP Commands Figure 4 Example: Global DHCP Relay DHCP Server: 192.168.1.100 VLAN2 VLAN1 This example shows how to configure the Switch for this configuration. DHCP relay agent information option 82 is also enabled. sysname# configure sysname(config)# dhcp smart-relay sysname(config)# dhcp smart-relay helper-address 192.168.1.100 sysname(config)# dhcp smart-relay option sysname(config)# exit...
Page 89 Chapter 21 DHCP Commands This example shows how to configure these DHCP servers. The VLANs are already configured. sysname# configure sysname(config)# dhcp relay 1 helper-address 192.168.1.100 sysname(config)# dhcp relay 2 helper-address 172.16.10.100 sysname(config)# exit In this example, the Switch is a DHCP server for clients on VLAN 1 and VLAN 2. The DHCP clients in VLAN 1 are assigned IP addresses in the range 192.168.1.100 to 192.168.1.200 and clients on VLAN 2 are assigned IP addresses in the range 172.16.1.30 to 172.16.1.130.
Page 90: Dhcp Snooping & Dhcp Vlan Commands
H A P T E R DHCP Snooping & DHCP VLAN Commands Use the dhcp snooping commands to configure the DHCP snooping on the Switch and the dhcp vlan commands to specify a DHCP VLAN on your network. DHCP snooping filters unauthorized DHCP packets on the network and builds the binding table dynamically.
Page 91 Chapter 22 DHCP Snooping & DHCP VLAN Commands Table 68 dhcp snooping Command Summary (continued) COMMAND DESCRIPTION Resets how long (10-65535 seconds) the Switch waits to no dhcp snooping database write- update the DHCP snooping database the first time the delay current bindings change after an update to the default value (300).
Page 92 Chapter 22 DHCP Snooping & DHCP VLAN Commands The following table describes the dhcp-vlan commands. Table 69 dhcp-vlan Command Summary COMMAND DESCRIPTION Specifies the VLAN ID of the DHCP VLAN. dhcp dhcp-vlan <vlan-id> Disables DHCP VLAN on the Switch. no dhcp dhcp-vlan 22.2 Command Examples This example: •...
Page 93 Chapter 22 DHCP Snooping & DHCP VLAN Commands • Displays DHCP snooping configuration details. sysname(config)# dhcp snooping sysname(config)# dhcp snooping database tftp://172.16.37.17/ snoopdata.txt sysname(config)# dhcp snooping vlan 1,2,3,200,300 sysname(config)# dhcp snooping vlan 1,2,3,200,300 option sysname(config)# interface port-channel 1-5 sysname(config-interface)# dhcp snooping trust sysname(config-interface)# dhcp snooping limit rate 100 sysname(config-interface)# exit sysname(config)# dhcp dhcp-vlan 300...
Page 94: Diffserv Commands
H A P T E R DiffServ Commands Use these commands to configure Differentiated Services (DiffServ) on the Switch. 23.1 Command Summary The following section lists the commands for this feature. Table 70 diffserv Command Summary COMMAND DESCRIPTION Displays general DiffServ settings. show diffserv Enables DiffServ on the Switch.
Page 95: Display Commands
H A P T E R Display Commands Use these commands to display configuration information. 24.1 Command Summary The following section lists the commands for this feature. Table 71 display Command Summary COMMAND DESCRIPTION Displays all or specific user account information in the display user <[system][snmp]>...
Page 96: Dvmrp Commands
H A P T E R DVMRP Commands This chapter explains how to use commands to activate the Distance Vector Multicast Routing Protocol (DVMRP) on the Switch. 25.1 DVMRP Overview DVMRP (Distance Vector Multicast Routing Protocol) is a protocol used for routing multicast data. DVMRP is used when a router receives multicast traffic and it wants to find out if other multicast routers it is connected to need to receive the data.
Page 97 Chapter 25 DVMRP Commands 25.3 Command Examples In this example, the Switch is configured to exchange DVMRP information with other DVMRP enabled routers as shown next. The Switch is a DVMRP router (C). DVMRP is activated on IP routing domains 10.10.10.1/24 and 172.16.1.1/24 so that it can exchange DVMRP information with routers A and B.
Page 98: Error Disable And Recovery Commands
H A P T E R Error Disable and Recovery Commands Use these commands to configure the CPU protection and error disable recovery features on the Switch. 26.1 CPU Protection Overview Switches exchange protocol control packets in a network to get the latest networking information. If a Switch receives large numbers of control packets, such as ARP, BPDU or IGMP packets, which are to be processed by the CPU, the CPU may become overloaded and be unable to handle regular tasks properly.
Page 99 Chapter 26 Error Disable and Recovery Commands 26.4 Command Summary The following section lists the commands for this feature. Table 74 cpu-protection Command Summary COMMAND DESCRIPTION Enables a port or a list of ports for configuration. interface port-channel <port- list> Sets the maximum number of ARP, BPDU or IGMP packets cpu-protection cause that the specified port(s) are allowed to receive or transmit...
Page 100 Chapter 26 Error Disable and Recovery Commands Table 75 errdisable recovery Command Summary (continued) COMMAND DESCRIPTION Displays which port(s) are detected (by Error Disable), the show errdisable mode of the ports, and which packets (ARP, BPDU or IGMP) are being detected. Displays the Error Disable settings including the available show errdisable detect protocol of packets (ARP, BPDU or IGMP), the current...
Page 101 Chapter 26 Error Disable and Recovery Commands 300 seconds (the default value) later. This example also shows the number of the disabled port(s) and the time left before the port(s) becomes active. sysname# configure sysname(config)# errdisable recovery sysname(config)# errdisable recovery cause loopguard sysname(config)# exit sysname# show errdisable recovery Errdisable Recovery Status:Enable...
Page 102: Ethernet Oam Commands
H A P T E R Ethernet OAM Commands Use these commands to use the link monitoring protocol IEEE 802.3ah Link Layer Ethernet OAM (Operations, Administration and Maintenance). 27.1 IEEE 802.3ah Link Layer Ethernet OAM Implementation Link layer Ethernet OAM (Operations, Administration and Maintenance) as described in IEEE 802.3ah is a link monitoring protocol.
Page 103 Chapter 27 Ethernet OAM Commands Table 76 ethernet oam Command Summary (continued) COMMAND DESCRIPTION Performs a remote-loopback test from the specified port. ethernet oam remote-loopback You can also define the allowable packet number and test <port> [<number-of-packets> packet size of the loopback test frames. [<packet-size>]] Enters config-interface mode for the specified port(s).
Page 104 Chapter 27 Ethernet OAM Commands This example performs Ethernet OAM discovery from port 7. sysname# show ethernet oam discovery 7 Port 7 Local client ------------ OAM configurations: Mode : Active Unidirectional : Not supported Remote loopback : Not supported Link events : Not supported Variable retrieval: Not supported Max.
Page 105 Chapter 27 Ethernet OAM Commands Table 77 show ethernet oam discovery (continued) LABEL DESCRIPTION Parser state This field indicates the current state of the parser. Forward: The packet is forwarding packets normally. Loopback: The Switch is in loopback mode. Discard: The Switch is discarding non-OAMPDUs because it is trying to or has put the remote device into loopback mode.
Page 106 Chapter 27 Ethernet OAM Commands Table 78 show ethernet oam statistics (continued) LABEL DESCRIPTION Event Notification This field displays the number of unique or duplicate OAM event notification PDUs sent OAMPDU Tx on the port. Event Notification This field displays the number of unique or duplicate OAM event notification PDUs OAMPDU Rx received on the port.
Page 107: External Alarm Commands
H A P T E R External Alarm Commands Use these commands to configure the external alarm features on the Switch. 28.1 Command Summary The following section lists the commands for this feature. Table 80 external-alarm Command Summary COMMAND DESCRIPTION Sets the name of the specified external alarm.
Page 108 Chapter 28 External Alarm Commands 28.2 Command Examples This example configures and shows the name and status of the external alarm(s). sysname# configure sysname(config)# external-alarm 1 name dooropen sysname(config)# exit sysname# show external-alarm External Alarm 1 Status: Not asserted Name: dooropen External Alarm 2 Status: Not asserted Name:...
Page 109: Garp Commands
H A P T E R GARP Commands Use these commands to configure GARP. 29.1 GARP Overview Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations.
Page 110 Chapter 29 GARP Commands 29.3 Command Examples In this example, the administrator looks at the Switch’s GARP timer settings and decides to change them. The administrator sets the Join Timer to 300 milliseconds, the Leave Timer to 800 milliseconds, and the Leave All Timer to 11000 milliseconds.
Page 111: Green Ethernet Commands
H A P T E R Green Ethernet Commands Use these commands to configure green Ethernet. 30.1 Green Ethernet Overview Green Ethernet reduces Switch port power consumption in the following ways. • IEEE 802.3az Energy Efficient Ethernet (EEE) If EEE is enabled, both sides of a link support EEE and there is no traffic, the port enters Low Power Idle (LPI) mode.
Page 112 Chapter 30 Green Ethernet Commands Table 82 green-ethernet Command Summary (continued) COMMAND DESCRIPTION Disables short-reach on the Switch. no green-ethernet short-reach Enters config-interface mode for the specified port(s). interface port-channel <port-list> Enables automatic power down on the specified green-ethernet auto-power-down port(s).
Page 113 Chapter 30 Green Ethernet Commands • - means short reach is not enabled sysname# configure sysname(config)# green-ethernet eee sysname(config)# green-ethernet short-reach sysname(config)# green-ethernet auto-power-down sysname(config)# interface port-channel 1-4 sysname(config-interface)# green-ethernet eee sysname(config-interface)# green-ethernet auto-power-down sysname(config-interface)# exit sysname(config)# exit sysname# show green-ethernet eee EEE globally configuration : Enable Port Port status...
Page 114 Chapter 30 Green Ethernet Commands The following example shows the display for short reach if the Switch supports short reach per port and showing the status sysname# show green-ethernet short-reach Global configuration : Enable Port Config Status ---- ----------- -------------- Enable Low power Disable...
Page 115: Gvrp Commands
H A P T E R GVRP Commands Use these commands to configure GVRP. 31.1 Command Summary The following section lists the commands for this feature. Table 83 gvrp Command Summary COMMAND DESCRIPTION Displays GVRP settings. show vlan1q gvrp Enables GVRP. vlan1q gvrp Disables GVRP on the Switch.
Page 116: Reference H-M
Reference H-M HTTPS Server Commands (118) IEEE 802.1x Authentication Commands (121) IGMP and Multicasting Commands (124) IGMP Snooping Commands (126) IGMP Filtering Commands (133) Interface Commands (135) Interface Route-domain Mode (142) IP Commands (143) IP Source Binding Commands (148) IPv6 Commands (150) Layer 2 Protocol Tunnel (L2PT) Commands (175) Link Layer Discovery Protocol (LLDP) Commands (178) Load Sharing Commands (190)
Page 117 MAC Authentication Commands (198) MAC Filter Commands (203) MAC Forward Commands (205) MAC Pinning Commands (206) Mirror Commands (208) MRSTP Commands (212) MSTP Commands (215) Multiple Login Commands (220) MVR Commands (221)
Page 118: Https Server Commands
H A P T E R HTTPS Server Commands Use these commands to configure the HTTPS server on the Switch. 32.1 Command Summary The following section lists the commands for this feature. Table 84 https Command Summary COMMAND DESCRIPTION Displays the HTTPS settings, statistics, and sessions. show https Displays the HTTPS key.
Page 119 Chapter 32 HTTPS Server Commands 32.2 Command Examples This example shows the current HTTPS settings, statistics, and sessions. sysname# show https Configuration Version : SSLv3, TLSv1 Maximum session number: 64 sessions Maximum cache number 128 caches Cache timeout 300 seconds Support ciphers DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA EDH-RSA-DES- CBC3-SHA...
Page 120 Chapter 32 HTTPS Server Commands Table 85 show https (continued) LABEL DESCRIPTION Session cache items This field displays the current number of items in cache. Session cache hits This field displays the number of times the Switch used cache to satisfy a request. Session cache misses This field displays the number of times the Switch could not use cache to satisfy a request.
Page 121: Ieee 802.1X Authentication Commands
H A P T E R IEEE 802.1x Authentication Commands Use these commands to configure IEEE 802.1x authentication. Note: Do not forget to configure the authentication server. 33.1 Guest VLAN Overview When 802.1x port authentication is enabled on the Switch and its ports, clients that do not have the correct credentials are blocked from using the port(s).
Page 122 Chapter 33 IEEE 802.1x Authentication Commands Table 87 port-access-authenticator Command Summary (continued) COMMAND DESCRIPTION Floods EAPoL (EAP over LAN) packets to all ports in the port-access-authenticator same VLAN. eapol-flood EAPOL is a port authentication protocol used in IEEE 802.1x. It is used to encapsulate and transmit EAP packets between the supplicant (a client device that requests access to the network resources or services) and authenticator (the Switch) directly over the LAN.
Page 123 Chapter 33 IEEE 802.1x Authentication Commands 33.3 Command Examples This example configures the Switch in the following ways: Specifies RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string secretKey as the password. Specifies the timeout period of 30 seconds that the Switch will wait for a response from the RADIUS server.
Page 124: Igmp And Multicasting Commands
H A P T E R IGMP and Multicasting Commands This chapter explains how to use commands to configure the Internet Group Membership Protocol (IGMP) on the Switch. It also covers configuring the ports to remove the VLAN tag from outgoing multicast packets on the Switch.
Page 125 Chapter 34 IGMP and Multicasting Commands Table 88 IGMP Command Summary (continued) COMMAND DESCRIPTION Sets the IGMP robustness variable on the Switch. ip igmp robustness-variable <2-255> This variable specifies how susceptible the subnet is to lost packets. Sets the IGMP query interval on the Switch. This ip igmp query-interval <1-65535>...
Page 126: Igmp Snooping Commands
H A P T E R IGMP Snooping Commands Use these commands to configure IGMP snooping on the Switch. 35.1 Command Summary The following section lists the commands for this feature. Table 90 igmp-flush Command Summary COMMAND DESCRIPTION Removes all multicast group information. igmp-flush Table 91 igmp-snooping Command Summary COMMAND...
Page 127 Chapter 35 IGMP Snooping Commands Table 91 igmp-snooping Command Summary (continued) COMMAND DESCRIPTION Clears the specified rule of the specified IGMP filtering no igmp-snooping filtering profile profile. <name> start-address <ip> end- address <ip> Sets the host timeout value. igmp-snooping host-timeout <1- 16711450>...
Page 128 Chapter 35 IGMP Snooping Commands Table 91 igmp-snooping Command Summary (continued) COMMAND DESCRIPTION Displays client IP information for the specified multicast show igmp-snooping group client < VLAN(s), port(s) and/or multicast group(s). [vlan <vlan-list>] [interface port-channel <port-list>] [multicast-group <group-address>] > Displays client IP information for all multicast groups on show igmp-snooping group client the Switch.
Page 129 Chapter 35 IGMP Snooping Commands Table 92 igmp-snooping vlan Command Summary (continued) COMMAND DESCRIPTION Specifies which VLANs to perform IGMP snooping on if the igmp-snooping vlan <vlan-id> mode is fixed. Optionally, sets a name for the multicast [name <name>] VLAN. name: 1-32 printable characters;...
Page 130 Chapter 35 IGMP Snooping Commands Table 93 interface igmp Command Summary (continued) COMMAND DESCRIPTION Enables the group limiting feature for IGMP snooping. You igmp-snooping group-limited must enable IGMP snooping as well. Sets how the Switch deals with the IGMP reports when the igmp-snooping group-limited maximum number of the IGMP groups a port can join is action <deny|replace>...
Page 131 Chapter 35 IGMP Snooping Commands Table 93 interface igmp Command Summary (continued) COMMAND DESCRIPTION Sets the maximum number of multicast groups allowed. igmp-group-limited number <number> number: 0-255 Disables multicast group limits. no igmp-group-limited Enables the immediate leave function for IGMP snooping. igmp-immediate-leave You must enable IGMP snooping as well.
Page 132 Chapter 35 IGMP Snooping Commands This example shows the current multicast groups on the Switch. sysname# show multicast Multicast Status Index Port Multicast Group Timeout ----- ---- ---- ---------------- ------- The following table describes the labels in this screen. Table 94 show multicast LABEL DESCRIPTION Index...
Page 133: Igmp Filtering Commands
H A P T E R IGMP Filtering Commands Use these commands to configure IGMP filters and IGMP filtering on the Switch. 36.1 Command Summary The following section lists the commands for this feature. Table 95 igmp-filtering Command Summary COMMAND DESCRIPTION Displays IGMP filtering profile settings.
Page 134 Chapter 36 IGMP Filtering Commands 36.2 Command Examples This example restricts ports 1-4 to multicast IP addresses 224.255.255.0 through 225.255.255.255. sysname# configure sysname(config)# igmp-filtering sysname(config)# igmp-filtering profile example1 start-address --> 224.255.255.0 end-address 225.255.255.255 sysname(config)# interface port-channel 1-4 sysname(config-interface)# igmp-filtering profile example1 sysname(config-interface)# exit sysname(config)# exit Ethernet Switch CLI Reference Guide...
Page 135: Interface Commands
H A P T E R Interface Commands Use these commands to configure basic port settings. 37.1 Command Summary The following section lists the commands for this feature. Table 96 interface Command Summary COMMAND DESCRIPTION Clears all statistics for the specified port. clear interface <port-num>...
Page 136 Chapter 37 Interface Commands Table 96 interface Command Summary (continued) COMMAND DESCRIPTION Sets the media type of the SFP+ module that is media-type 10g <SFP+|DAC10G> attached to the 10 Gigabit interface. On the Switch that has a 10 Gigabit interface, such as the SFP+ slot, you can insert either an SFP+ transceiver or an SFP+ Direct Attach Copper (DAC).
Page 137 Chapter 37 Interface Commands Table 96 interface Command Summary (continued) COMMAND DESCRIPTION Displays the link speed and percentage of actual show interfaces utilization | begin transmitted and received frames on a port, which <string1> include <string2> start from a line with the first specified string and also contain the second specified string.
Page 138 Chapter 37 Interface Commands The following table describes the labels in this screen. Table 97 show interfaces LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing. Link This field displays the speed (either 10M for 10 Mbps, 100M for 100 Mbps, 1000M for 1Gbps, 1000M for 1Gbps, 10000M for 10Gbps or 40000M for 40Gbps) and the duplex (F for full duplex or H for half duplex).
Page 139 Chapter 37 Interface Commands Table 97 show interfaces (continued) LABEL DESCRIPTION Error Packet The following fields display detailed information about packets received that were in error. RX CRC This field shows the number of packets received with CRC (Cyclic Redundant Check) error(s).
Page 140: Interface Loopback Mode
H A P T E R Interface Loopback Mode In order to configure layer 3 routing features on the Switch, you must enter the interface loopback mode in the CLI. 38.1 Command Summary The following section lists the commands for this feature. Table 98 Interface Loopback Command Summary: COMMAND DESCRIPTION...
Page 141 Chapter 38 Interface Loopback Mode • Create the loopback interface 0 with IP address 192.168.2.1, subnet mask 255.255.255.0, name loopback0 and interface status. sysname# config sysname(config)# interface loopback 0 sysname(config-if)# inactive sysname(config-if)# ip address 192.168.2.1 255.255.255.0 sysname(config-if)# name loopback0 sysname(config-if)# exit sysname(config)# exit sysname# show interface loopback 0 Ethernet Switch CLI Reference Guide...
Page 142: Interface Route-Domain Mode
H A P T E R Interface Route-domain Mode In order to configure layer 3 routing features on the Switch, you must enter the interface routing domain mode in the CLI. 39.1 Command Summary The following section lists the commands for this feature. Table 99 Interface Route Domain Command Summary: COMMAND DESCRIPTION...
Page 143: Ip Commands
H A P T E R IP Commands Use these commands to configure the management port IP address, default domain name server and to look at IP domains. Note: See Chapter 85 on page 315 for static route commands. Note: See Chapter 41 on page 148 for IP source binding commands.
Page 144 Chapter 40 IP Commands 40.2 Command Examples This example configures two DNS server addresses and displays the settings. sysname# configure sysname(config)# ip name-server 10.1.2.3 2001::123 sysname# show ip name-server Name Server Table: Server Address Source -------------- ------ 10.1.2.3 Static 2001::123 Static sysname# This example shows the TCP statistics and listener ports.
Page 145 Chapter 40 IP Commands The following table describes the labels in this screen. Table 102 show ip tcp LABEL DESCRIPTION tcpRtoAlgorithm This field displays the algorithm used to determine the timeout value that is used for retransmitting unacknowledged octets. tcpRtoMin This field displays the minimum timeout (in milliseconds) permitted by a TCP implementation for the retransmission timeout.
Page 146 Chapter 40 IP Commands Table 102 show ip tcp (continued) LABEL DESCRIPTION Snd-Wnd This field displays the sending window size in this connection. It is offered by the remote device. Local socket This field displays the local IP address and port number in this TCP connection. In the case of a connection in the LISTEN state that is willing to accept connections for any IP interface associated with the node, the value is 0.0.0.0.
Page 147 Chapter 40 IP Commands Table 103 show ip udp (continued) LABEL DESCRIPTION udpHcOutDatagrams This field displays the total number of UDP datagrams in a 64-bit count sent by the Switch. &UCB This field displays the process ID. Rcv-Q This field displays the queue number of pending datagrams in this connection. Local socket This field displays the local IP address and port number for this UDP listener.
Page 148: Ip Source Binding Commands
H A P T E R IP Source Binding Commands Use these commands to manage the bindings table for IP source guard. 41.1 Command Summary The following section lists the commands for this feature. Table 104 ip source binding Command Summary COMMAND DESCRIPTION Displays the bindings configured on the Switch, optionally...
Page 149 Chapter 41 IP Source Binding Commands 41.2 Command Examples This example shows the current binding table. sysname# show ip source binding MacAddress IpAddress Lease Type VLAN Port ----------------- --------------- ------------ ------------- ---- Total number of bindings: 0 The following table describes the labels in this screen. Table 105 show ip source binding LABEL DESCRIPTION...
Page 150: Ipv6 Commands
H A P T E R IPv6 Commands 42.1 IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 IP addresses.
Page 151 Chapter 42 IPv6 Commands Interface ID In IPv6, an interface ID is a 64-bit identifier. It identifies a physical interface (for example, an Ethernet port) or a virtual interface (for example, the management IP address for a VLAN). One interface should have a unique interface ID.
Page 152 Chapter 42 IPv6 Commands The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 109 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0...
Page 153 Chapter 42 IPv6 Commands Stateless Autoconfiguration With stateless autoconfiguration in IPv6, addresses can be uniquely and automatically generated. Unlike DHCPv6 (Dynamic Host Configuration Protocol version six) which is used in IPv6 stateful autoconfiguration, the owner and status of addresses don’t need to be maintained by a DHCP server. Every IPv6 device is able to generate its own and unique IP address automatically when IPv6 is initiated on its interface.
Page 154 Chapter 42 IPv6 Commands DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients. When a client cannot use its link-local address and a well-known multicast address to locate a DHCP server on its network, it then needs a DHCP relay agent to send a message to a DHCP server that is not attached to the same network.
Page 155 Chapter 42 IPv6 Commands whether the destination address is on-link and can be reached directly without passing through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the Switch determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the Switch looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is reachable.
Page 156 Chapter 42 IPv6 Commands MLD Snooping-Proxy MLD snooping-proxy is a Zyxel-proprietary feature. IPv6 MLD proxy allows only one upstream interface on a switch, while MLD snooping-proxy supports more than one upstream port on a switch. The upstream port in MLD snooping-proxy can report group changes to a connected multicast router and forward MLD messages to other upstream ports.
Page 157 Chapter 42 IPv6 Commands The following section lists the commands for this feature. Table 111 ipv6 address Command Summary COMMAND DESCRIPTION Enters config-route-domain mode for the specified interface vlan <1-4094> VLAN. Creates the VLAN, if necessary. Globally enables IPv6 in this VLAN. The Switch then ipv6 creates a link-local address automatically.
Page 158 Chapter 42 IPv6 Commands Table 111 ipv6 address Command Summary (continued) COMMAND DESCRIPTION Disables the DHCP client feature in this VLAN. no ipv6 address dhcp client sets the Switch to not include a Rapid Commit option no ipv6 address dhcp client in its DHCPv6 Solicit message for this VLAN.
Page 159 Chapter 42 IPv6 Commands Table 113 ipv6 dhcp trust Command Summary (continued) COMMAND DESCRIPTION Configures this port as a trusted port. Trusted ports are ipv6 dhcp trust connected to DHCPv6 servers or other switches. Configures this port as an untrusted port. Untrusted no ipv6 dhcp trust ports are connected to subscribers, and the Switch discards DHCPv6 packets from untrusted ports in the...
Page 160 Chapter 42 IPv6 Commands Table 114 ipv6 icmp and ping6 Command Summary (continued) COMMAND DESCRIPTION Sends IPv6 ping packets to the specified Ethernet ping6 <ipv6-address> <[-i device. <interface-type> <interface- number>] [-t] [-l <1-1452>] [-n <1- interface-type: the Switch supports only the VLAN 65535>] [-s <ipv6-address>] interface type at the time of writing.
Page 161 Chapter 42 IPv6 Commands Table 115 ipv6 mld snooping-proxy Command Summary (continued) COMMAND DESCRIPTION Sets the default IEEE 802.1p priority in the MLD ipv6 mld snooping-proxy 8021p- messages. priority <0-7> Enables MLD filtering on the Switch. ipv6 mld snooping-proxy filtering Adds an MLD filtering profile and sets the range of the ipv6 mld snooping-proxy filtering multicast address(es).
Page 162 Chapter 42 IPv6 Commands Table 115 ipv6 mld snooping-proxy Command Summary (continued) COMMAND DESCRIPTION Sets the amount of time (in milliseconds) between the ipv6 mld snooping-proxy vlan MLD group-specific queries sent by an upstream port <vlan-id> upstream last-listener- when an MLD Done message is received. This value query-interval <1-8387584>...
Page 163 Chapter 42 IPv6 Commands Table 115 ipv6 mld snooping-proxy Command Summary (continued) COMMAND DESCRIPTION Removes the specified MLD filtering profile. no ipv6 mld snooping-proxy filtering profile <name> Removes the range of multicast address(es) from the no ipv6 mld snooping-proxy specified filtering profile. filtering profile <name>...
Page 164 Chapter 42 IPv6 Commands Table 116 ipv6 nd Command Summary COMMAND DESCRIPTION Enters config-route-domain mode for the specified interface vlan <1-4094> VLAN. Creates the VLAN, if necessary. Sets the number of consecutive neighbor solicitations ipv6 nd dad-attempts <0-600> the Switch sends for this VLAN. The Switch uses Duplicate Address Detection (DAD) with neighbor solicitation and advertisement messages to check whether an IPv6 address is already in use...
Page 165 Chapter 42 IPv6 Commands Table 116 ipv6 nd Command Summary (continued) COMMAND DESCRIPTION Resets the number of the DAD attempts to the default no ipv6 nd dad-attempts settings (3). Configures the Switch to set the “managed address no ipv6 nd managed-config-flag configuration”...
Page 166 Chapter 42 IPv6 Commands Table 117 ipv6 neighbor Command Summary (continued) COMMAND DESCRIPTION Creates a static IPv6 neighbor entry in the IPv6 cache ipv6 neighbor <interface-type> for this VLAN. <interface-number> <ipv6-address> <mac-address> Removes a static IPv6 neighbor entry from the IPv6 no ipv6 neighbor <interface-type>...
Page 167 Chapter 42 IPv6 Commands Table 118 ipv6 snooping policy Command Summary (continued) COMMAND DESCRIPTION Disables the IPv6 snooping policy on the VLAN no ipv6 snooping attach-policy interface. Displays all or the specified IPv6 snooping policy show ipv6 snooping policy [<name>] settings.
Page 168 Chapter 42 IPv6 Commands 42.3 Command Examples This example shows how to enable IPv6 in VLAN 1 and display the link-local address the Switch automatically generated and other IPv6 information for the VLAN. sysname# config sysname(config)# interface vlan 1 sysname(config-vlan)# ipv6 sysname(config-vlan)# exit sysname(config)# exit sysname# show ipv6 vlan 1...
Page 169 Chapter 42 IPv6 Commands There are three addresses created in total for VLAN 1. The address “2001:db8:c18:1:219:cbff:fe00:1/64” is created with the interface ID “219:cbff:fe00:1“ generated using the EUI-64 format. The address “2001:db8:c18:1::12b/64” is created exactly the same as what you entered in the command. sysname# config sysname(config)# interface vlan 1 sysname(config-vlan)# ipv6...
Page 170 Chapter 42 IPv6 Commands Table 121 show ipv6 neighbor (continued) LABEL DESCRIPTION This field displays whether the neighbor IPv6 interface is reachable. In IPv6, “reachable” means an IPv6 packet can be correctly forwarded to a neighbor node (host or router) and the neighbor can successfully receive and handle the packet. The available options in this field are: •...
Page 171 Chapter 42 IPv6 Commands This example configures a static IPv6 route to forward packets with IPv6 prefix 2100:: and prefix length 64 to the gateway with IPv6 address fe80::219:cbff:fe01:101 in VLAN 1. sysname# config sysname(config)# ipv6 route 2100::/64 fe80::219:cbff:fe01:101 vlan 1 sysname(config)# exit sysname# show ipv6 route Terminology:...
Page 172 Chapter 42 IPv6 Commands IPv6 is installed and enabled by default in Windows Vista. Use the “ipconfig” command to check your automatic configured IPv6 address as well. You should see at least one IPv6 address available for the interface on your computer. 42.5 Example - HTTP Accessing the Switch Using IPv6 How you access the Switch using HTTP varies depending on the operating system (OS) and the type of browser you use and the type of address you want to access.
Page 173 Chapter 42 IPv6 Commands Check the Switch IPv6 address(es) you want to ping. In this example, there are two IPv6 addresses in VLAN 1. One is a link-local address (fe80::219:cbff:fe00:1/64) and the other one is a global address (2001::1234/64). sysname# show ipv6 VLAN ID IPv6 Status : Enable Origin...
Page 174 Chapter 42 IPv6 Commands Alternatively, you can use the global address to access the Switch. Type http://[2001::1234] on your browser and the login page appears. Ethernet Switch CLI Reference Guide...
Page 175: Layer 2 Protocol Tunnel (L2Pt) Commands
H A P T E R Layer 2 Protocol Tunnel (L2PT) Commands 43.1 Command Summary The following section lists the commands for this feature. Table 123 l2pt Command Summary COMMAND DESCRIPTION Removes all layer 2 protocol tunneling counters. clear l2protocol-tunnel Enters config-interface mode for configuring the interface port-channel <port-list>...
Page 176 Chapter 43 Layer 2 Protocol Tunnel (L2PT) Commands Table 123 l2pt Command Summary (continued) COMMAND DESCRIPTION Enables point-to-point layer 2 protocol tunneling for l2protocol-tunnel point-to- UDLD packets on the specified port(s). point udld Enables layer 2 protocol tunneling for STP packets on l2protocol-tunnel stp the specified port(s).
Page 177 Chapter 43 Layer 2 Protocol Tunnel (L2PT) Commands This example enables L2PT for STP, CDP and VTP packets on port 3. It also sets L2PT mode to access for this port. sysname(config)# interface port-channel 3 sysname(config-interface)# l2protocol-tunnel sysname(config-interface)# l2protocol-tunnel mode access sysname(config-interface)# exit sysname(config)# exit This example sets L2PT mode to tunnel for port 4.
Page 178: Link Layer Discovery Protocol (Lldp) Commands
H A P T E R Link Layer Discovery Protocol (LLDP) Commands 44.1 LLDP Overview The LLDP (Link Layer Discovery Protocol) is a layer 2 protocol. It allows a network device to advertise its identity and capabilities on the local network. It also allows the device to maintain and store information from adjacent devices which are directly connected to the network device.
Page 179 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) is an enhanced extension to LLDP especially for voice applications. You can use LLDP-MED to advertise location-based information of emergency calls and/or network policies for voice/video streaming. 44.2 Command Summary The following section lists the commands for this feature.
Page 180 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands Table 124 lldp Command Summary (continued) COMMAND DESCRIPTION Sets coordinate location information. lldp med location coordinate [latitude <north|south> Latitude value: -90º to 90º <value>][longitude <west|east > Longtitude value: -180º to 180º <value>][altitude <meters|floor>...
Page 181 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands Table 124 lldp Command Summary (continued) COMMAND DESCRIPTION Disables the sending of Port Description TLVs on the no lldp basic-tlv port- port(s). description Disables the sending of System Capabilities TLVs on no lldp basic-tlv system- the port(s).
Page 182 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands Table 124 lldp Command Summary (continued) COMMAND DESCRIPTION Sets the time-to-live (TTL) multiplier of the LLDP lldp transmit-hold <2-10> packets. The device information on the neighboring devices ages out and is discarded when its corresponding TTL expires.
Page 183 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands system-description TLVs) on port 2. This example also shows the LLDP settings on port 2 and global LLDP settings on the Switch. sysname# configure sysname(config)# lldp sysname(config)# interface port-channel 2 sysname(config-interface)# lldp admin-status tx-rx sysname(config-interface)# lldp basic-tlv management-address sysname(config-interface)# lldp basic-tlv port-description sysname(config-interface)# lldp basic-tlv system-description...
Page 184 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands Switch LLDP settings Table 125 (continued) LABEL DESCRIPTION Transmit Hold This displays the time-to-live (TTL) multiplier of LLDP frames. The device information on the neighboring devices ages out and is discarded when its corresponding TTL expires. The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval.
Page 185 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands This example shows global Switch LLDP statistics. sysname# show lldp statistic LLDP Global Statistic: Neighbor Entries List Last Update: 0:00:00 New Neighbor Entries Count: 0 Neighbor Entries Deleted Count: 0 Neighbor Entries Dropped Count: 0 Neighbor Entries Ageout Count: 0 sysname# The following table describes the labels in this screen.
Page 186 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands LLDP statistics on a port Table 128 (continued) LABEL DESCRIPTION TLVs Discarded This displays the number of discarded TLVs on this port. Neighbor Ageouts This displays the number of neighbors with expired TTLs on this port. This example shows local Switch (the Switch you’re accessing) LLDP information sysname# show lldp info local LLDP Global Local Device Information:...
Page 187 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands This example shows local Switch (the Switch you’re accessing) LLDP information on a port. sysname# show lldp info local interface port-channel 2 LLDP Local Device Information Detail: Local Port: Port ID Subtype: local-assigned Port ID: Port Description: Extended TLV Info 802.1 OUI (hex value) = 00-80-c2...
Page 188 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands This example shows remote Switch (the Switch connected to the port on the Switch you’re accessing) LLDP information. sysname# show lldp info remote interface port-channel 2 LLDP Remote Device Information Detail: Local Port: Chassis ID Subtype: mac-address Chassis ID: 00:19:cb:00:00:02 Port ID Subtype: local-assigned...
Page 189 Chapter 44 Link Layer Discovery Protocol (LLDP) Commands Remote Switch LLDP information Table 131 (continued) LABEL DESCRIPTION Extended TLV Info 802.1 The 802.1 organizationally specific TLVs start with the 24-bit organizationally unique OUI (hex value) identifier (OUI) and a 1 byte organizationally specific subtype followed by data. Each organization is responsible for managing their subtypes.
Page 190: Load Sharing Commands
H A P T E R Load Sharing Commands 45.1 Load Sharing Overview The Switch learns the next-hop(s) using ARP and determines routing path(s) for a destination. The Switch supports Equal-Cost MultiPath (ECMP) to forward packets destined to the same device through different routing paths of equal path cost.
Page 191 Chapter 45 Load Sharing Commands Table 132 load-sharing Command Summary (continued) COMMAND DESCRIPTION Set the maximum number of paths for one ECMP (Equal- ip load-sharing maximum-path Cost MultiPath) route. Disables load sharing on the Switch. no ip load-sharing 45.3 Command Examples This example enables Equal-Cost MultiPath (ECMP) routing on the Switch and sets the Switch to use a packet’s source and destination IP addresses to determine the routing path for the packet.
Page 192: Logging Commands
H A P T E R Logging Commands Use these commands to manage system logs. 46.1 Command Summary The following section lists the commands for this feature. Table 133 logging Command Summary COMMAND DESCRIPTION Displays system logs. show logging Press [CTRL]+C to terminate the process. Displays system logs, which start from a line with the show logging | begin <string>...
Page 193: Login Account Commands
H A P T E R Login Account Commands Use these commands to configure login accounts on the Switch. 47.1 Password Encryption Section 62.1 on page 238 for information on this feature. 47.2 Command Summary The following section lists the commands for this feature. Table 134 logins Command Summary COMMAND DESCRIPTION...
Page 194: Loopguard Commands
H A P T E R Loopguard Commands Use these commands to configure the Switch to guard against loops on the edge of your network. The Switch shuts down a port if the Switch detects that packets sent out on the port loop back to the Switch. 48.1 Command Summary The following section lists the commands for this feature.
Page 195 Chapter 48 Loopguard Commands 48.2 Command Examples This example enables loopguard on ports 1-3. sysname# configure sysname(config)# loopguard sysname(config)# interface port-channel 1-3 sysname(config-interface)# loopguard sysname(config-interface)# exit sysname(config)# exit sysname# show loopguard LoopGuard Status: Enable Port Port LoopGuard Total Total Shutdown Status Status TxPkts...
Page 196: Mac Address Commands
H A P T E R MAC Address Commands Use these commands to look at the MAC address table and to configure MAC address learning. The Switch uses the MAC address table to determine how to forward frames. 49.1 Command Summary The following section lists the commands for this feature.
Page 197 Chapter 49 MAC Address Commands Table 137 mac, mac-aging-time, and mac-flush Command Summary (continued) COMMAND DESCRIPTION Displays and changes all MAC addresses dynamically mac-transfer dynamic-to-forward learned on the specified port(s) into static MAC addresses. interface port-channel <port- list> Displays and changes all dynamically learned MAC mac-transfer dynamic-to-forward addresses in the specified VLAN(s) into static MAC vlan <vlan-list>...
Page 198: Mac Authentication Commands
H A P T E R MAC Authentication Commands Use these commands to configure MAC authentication on the Switch. 50.1 MAC Authentication Overview MAC authentication allows you to validate access to a port based on the MAC address and password of the client.
Page 199 Chapter 50 MAC Authentication Commands Table 139 mac-authentication Command Summary (continued) COMMAND DESCRIPTION Sets the prefix appended to the MAC address before it is mac-authentication nameprefix sent to the RADIUS server for authentication. The prefix can <name-string> be up to 32 printable ASCII characters. Sets the password sent to the RADIUS server for clients using mac-authentication password MAC authentication.
Page 200 Chapter 50 MAC Authentication Commands 50.3 Command Examples This example enables MAC authentication on the Switch. Specifies the name prefix clientName and the MAC authentication password Lech89. Next, MAC authentication is activated on ports 1 - 5 and configuration details are displayed. sysname(config)# mac-authentication sysname(config)# mac-authentication nameprefix clientName sysname(config)# mac-authentication password Lech89...
Page 201: Mac-Based Vlan
H A P T E R MAC-based VLAN Use these commands to bind a client source MAC address to a VLAN on the Switch. 51.1 MAC-based VLAN Overview The MAC-based VLAN feature assigns incoming untagged packets to a VLAN and classifies the traffic based on the source MAC address of the packet.
Page 202 Chapter 51 MAC-based VLAN 51.3 Command Example: add source MAC address This example adds a binding source MAC address to a MAC-based VLAN with MAC address 00:11:22:33:44:55, VLAN ID number 3 and priority level 6.. sysname(config)# mac-based-vlan name test source-mac 00:11:22:33:44:55 vlan 3 priority 6 sysname(config) sysname(config)# exit...
Page 203: Mac Filter Commands
H A P T E R MAC Filter Commands Use these commands to filter traffic going through the Switch based on the MAC addresses and VLAN group (ID). Note: Use the running configuration commands to look at the current MAC filter settings. See Chapter 76 on page 287.
Page 204 Chapter 52 MAC Filter Commands 52.2 Command Example This example creates a MAC filter called “filter1” that drops packets coming from or going to the MAC address 00:12:00:12:00:12 on VLAN 1. sysname(config)# mac-filter name filter1 mac 00:12:00:12:00:12 vlan 1 52.3 Command Example: Filter Source The next example is for Switches that support the filtering of frames based on the source or destination MAC address only.
Page 205: Mac Forward Commands
H A P T E R MAC Forward Commands Use these commands to configure static MAC address forwarding. Note: Use the mac commands to look at the current mac-forward settings. See Chapter 49 on page 196. 53.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 142 mac-forward User-input Values COMMAND DESCRIPTION...
Page 206: Mac Pinning Commands
H A P T E R MAC Pinning Commands Use these commands to configure MAC pinning to set a port or multiple ports to have priority over other ports in MAC address learning. That means when a MAC address (and VLAN ID) is learned on a MAC- pinning-enabled port, the MAC address will not be learned on any other port until the aging time for the dynamically learned MAC address in the table expires.
Page 207 Chapter 54 MAC Pinning Commands 54.2 Command Examples This example enables MAC pinning on the Switch and port 3. It also shows the MAC pinning status. sysname(config)# interface port-channel 3 sysname(config-interface)# mac-pinning sysname(config-interface)# exit sysname(config)# exit sysname# show mac-pinning MAC Pinning Status: Enable Port Active ----...
Page 208: Mirror Commands
H A P T E R Mirror Commands Use these commands to copy a traffic flow for one or more ports to a monitor port (the port you copy the traffic to) so that you can examine the traffic on the monitor port without interference. In local port mirroring, the mirroring ports (through which traffic you copy passes) and the monitor port are on the same device.
Page 209 Chapter 55 Mirror Commands Table 146 mirror Command Summary (continued) COMMAND DESCRIPTION Removes the specified monitor port. no mirror-port <port-num> port-num: in a modular switch, enter the port number preceded by a slot number and backslash (/). For example, 3/11 indicates port 11 on the card in the third slot.
Page 210 Chapter 55 Mirror Commands Table 148 rmirror Command Summary COMMAND DESCRIPTION Enters config-rmirror mode to create a remote port mirroring rmirror vlan <vlan-id> (RMirror) VLAN through which the mirrored traffic is forwarded. Sets the port(s) that helps forward mirrored traffic to other connected-port <port-list>...
Page 211 Chapter 55 Mirror Commands This example displays the mirror settings of the Switch after you configured in the example above. sysname# show mirror Mirroring: enable Monitor port: Mirrored port: 1,4-6 Ingress: Egress: 1,4-6 Both: This example creates an RMirror VLAN with a VLAN ID of 200 on the Switch, sets port 6 as the reflector port and sets the priority of mirrored traffic to 3 in this RMirror VLAN when the Switch is the source device.
Page 212: Mrstp Commands
H A P T E R MRSTP Commands Use these commands to configure MRSTP on the Switch. 56.1 MRSTP Overview The Switch allows you to configure multiple instances of Rapid Spanning Tree Protocol (RSTP) as defined in the following standard. •...
Page 213 Chapter 56 MRSTP Commands Table 149 Command Summary: mrstp COMMAND DESCRIPTION Sets the specified ports as edge ports. This allows the mrstp interface <port-list> edge- port to transition to a forwarding state immediately port without having to go through the listening and learning states.
Page 214 Chapter 56 MRSTP Commands In this example, we enable MRSTP on ports 21-24. Port 24 is connected to the host while ports 21-23 are connected to another switch. sysname(config)# configure sysname(config)# spanning-tree mode MRSTP sysname(config)# mrstp 1 sysname(config)# mrstp interface 21-24 sysname(config)# no mrstp interface 21-23 edge-port Ethernet Switch CLI Reference Guide...
Page 215: Mstp Commands
H A P T E R MSTP Commands Use these commands to configure Multiple Spanning Tree Protocol (MSTP) as defined in IEEE 802.1s. 57.1 Command Summary The following section lists the commands for this feature. Table 150 mstp Command Summary COMMAND DESCRIPTION Displays MSTP configuration for the Switch.
Page 216 Chapter 57 MSTP Commands Table 150 mstp Command Summary (continued) COMMAND DESCRIPTION Enables root guard on the specified port in order to mstp interface port-channel <port- prevent the switch(es) attached to the port from list> rootguard becoming the root bridge. Disables root guard on a port.
Page 217 Chapter 57 MSTP Commands 57.2 Command Examples This example shows the current MSTP configuration. sysname# show mstp (a)BridgeMaxAge: (seconds) (b)BridgeHelloTime: (seconds) (c)BridgeForwardDelay: (seconds) (d)BridgeMaxHops: (e)TransmissionLimit: (f)ForceVersion: (g)MST Configuration ID Format Selector: Configuration Name: 001349aefb7a Reveision Number: Configuration Digest: 0xAC36177F50283CD4B83821D8AB26DE62 msti vlans mapped ----------------------------- 1-4094...
Page 218 Chapter 57 MSTP Commands This example shows the current CIST configuration (MSTP instance 0). sysname# show mstp instance 0 Bridge Info: MSTID: 0 (a)BridgeID: 8000-001349aefb7a (b)TimeSinceTopoChange: 756003 (c)TopoChangeCount: (d)TopoChange: (e)DesignatedRoot: 8000-001349aefb7a (f)RootPathCost: (g)RootPort: 0x0000 (h)RootMaxAge: (seconds) (i)RootHelloTime: (seconds) (j)RootForwardDelay: (seconds) (k)BridgeMaxAge: (seconds) (l)BridgeHelloTime:...
Page 219 Chapter 57 MSTP Commands Table 153 show mstp instance (continued) LABEL DESCRIPTION BridgeForwardDelay This field displays the time (in seconds) the Switch will wait before changing states (that is, listening to learning to forwarding). ForceVersion This field indicates whether BPDUs are RSTP (a value less than 3) or MSTP (a value greater than or equal to 3).
Page 220: Multiple Login Commands
H A P T E R Multiple Login Commands Use these commands to configure multiple administrator logins on the Switch. 58.1 Command Summary The following section lists the commands for this feature. Table 154 multi-login Command Summary COMMAND DESCRIPTION Displays multi-login information. show multi-login Enables multi-login.
Page 221: Mvr Commands
H A P T E R MVR Commands Use these commands to configure Multicast VLAN Registration (MVR). 59.1 Command Summary The following section lists the commands for this feature. Table 156 mvr Command Summary COMMAND DESCRIPTION Shows the MVR status. show mvr Shows the detailed MVR status and MVR group show mvr <vlan-id>...
Page 222 Chapter 59 MVR Commands 59.2 Command Examples This example configures MVR in the following ways: Enters MVR mode. This creates a multicast VLAN with the name multivlan and the VLAN ID of 3. Specifies source ports 2, 3, 5 for the multicast group. Specifies receiver ports 6-8 for the multicast group.
Page 223: Reference N-S
Reference N-S NLB Commands (225) OSPF Commands (229) Password Commands (238) PoE Commands (240) Policy Commands (247) Policy Route Commands (251) Port Security Commands (253) Port-based VLAN Commands (255) PPPoE IA Commands (256) Private VLAN Commands (262) Protocol-based VLAN Commands (267) Queuing Commands (269) RADIUS Commands (273) Remote Management Commands (275)
Page 224 Service Register (290) sFlow (291) Smart Isolation Commands (293) SNMP Server Commands (296) Stacking Commands (301) STP and RSTP Commands (307) SSH Commands (311) Static Multicast Commands (313) Static Route Commands (315) Subnet-based VLAN Commands (318) Syslog Commands (320)
Page 225: Nlb Commands
H A P T E R NLB Commands Use these commands to configure NLB (Network Load Balancing) traffic distribution settings on the Switch. 60.1 NLB Overview The Switch supports NLB (Network Load Balancing) traffic distribution. The Switch will copy and forward the incoming traffic to a cluster(s).
Page 226 Chapter 60 NLB Commands Unicast Mode NLB replaces the real MAC addresses of the servers in a cluster with a unicast MAC address. Each server uses the same unicast MAC address, and a switch can’t map the unicast MAC address to a port. This forces a switch to flood traffic meant for the cluster to all ports of the switch to make sure the traffic is forwarded to the right destination.
Page 227 Chapter 60 NLB Commands 60.2 Command Summary The following section lists the commands for this feature. Table 157 NLB Command Summary COMMAND DESCRIPTION Configures to which MAC addresses and ports the Switch nlb mac-forward name <name> mac should forward the incoming NLB traffic. <mac>...
Page 228 Chapter 60 NLB Commands Table 157 NLB Command Summary (continued) COMMAND DESCRIPTION Maps the IP address to the MAC address of a cluster for nlb arp name <name> ip <ip> mac layer-3 forwarding. <mac> : Enters a descriptive name for identification <name>...
Page 229: Ospf Commands
H A P T E R OSPF Commands This chapter explains how to use commands to configure the Open Shortest Path First (OSPF) routing protocol on the Switch. 61.1 OSPF Overview OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an autonomous system (AS).
Page 230 Chapter 61 OSPF Commands Table 158 OSPF Command Summary (continued) COMMAND DESCRIPTION Displays OSPF area settings. show router ospf area Displays OSPF network (or interface) settings. show router ospf network Displays OSPF redistribution settings. show router ospf redistribute Displays OSPF virtual link settings. show router ospf virtual-link Enters the configuration mode for this interface route-domain <ip-address>/<mask-...
Page 231 Chapter 61 OSPF Commands Table 158 OSPF Command Summary (continued) COMMAND DESCRIPTION OSPFv3 can support multiple instances per ipv6 ospf instance-id <0-255> link. Sets the IPv6 OSPF Instance ID to which the VLAN is assigned. The interface will drop the packets that contain a different instance ID number.
Page 232 Chapter 61 OSPF Commands Table 158 OSPF Command Summary (continued) COMMAND DESCRIPTION Deletes the virtual link from the area. no area <area-id> virtual-link <router-id> Enables simple authentication and sets the area <area-id> virtual-link <router- authentication key for the specified virtual id>...
Page 233 Chapter 61 OSPF Commands Table 158 OSPF Command Summary (continued) COMMAND DESCRIPTION Sets the Switch to learn RIP routing redistribute rip metric-type <1|2> information which will use the specified metric <0-16777215> metric information. Sets the Switch to redistribute RIP routing redistribute rip information.
Page 234 Chapter 61 OSPF Commands Table 158 OSPF Command Summary (continued) COMMAND DESCRIPTION Enables and sets the area as a stub area. area <area-id> stub Disables stub network settings in the area. no area <area-id> stub Sets the stub area not to send any LSA (Link area <area-id>...
Page 235 Chapter 61 OSPF Commands Table 158 OSPF Command Summary (continued) COMMAND DESCRIPTION Sets the Switch to learn RIP routing redistribute rip metric-type <1|2> information which will use the specified metric <0-16777215> metric information. Sets the switch to redistribute static routing redistribute static information.
Page 236 Chapter 61 OSPF Commands This example configures an OSPF interface for the 172.16.1.1/24 network and specifies to use simple authentication with the key 1234abcd. The priority for the Switch is also set to 1, as this router should participate in router elections. interface route-domain 172.16.1.1/24 sysname(config)# (config-if)# ip ospf authentication-key abcd1234...
Page 237 Chapter 61 OSPF Commands This example shows you how to enable the redistribution for RIP protocol and then show all redistribution entries. sysname# config sysname(config)# router ospf 172.16.1.1 sysname(config-ospf)# redistribute rip metric-type 1 metric 123 sysname(config-ospf)# exit sysname(config)# exit sysname# show ip ospf database OSPF Router with ID (172.16.1.1) (Omit not external part °K) AS External Link States...
Page 238: Password Commands
H A P T E R Password Commands Use these commands to configure passwords for specific privilege levels on the Switch. 62.1 Password Encryption Password encryption provides service providers a means to securely enter administrator and login passwords. By default, passwords are sent in plain text. Plain text passwords are also stored temporarily in the Switch’s spt and temp buffers.
Page 239 Chapter 62 Password Commands 62.3 Command Examples Section 2.1.3.2 on page Ethernet Switch CLI Reference Guide...
Page 240: Poe Commands
H A P T E R PoE Commands Use these commands to configure Power over Ethernet (PoE). These are applicable for PoE models only. 63.1 Command Summary The following section lists the commands for this feature. Table 160 pwr Command Summary COMMAND DESCRIPTION Enters config-interface mode for the specified port(s).
Page 241 Chapter 63 PoE Commands Table 160 pwr Command Summary (continued) COMMAND DESCRIPTION Enables PoE (Power over Ethernet) on the specified pwr interface <port-list> port(s). Disables PoE (Power over Ethernet) on the specified no pwr interface <port-list> port(s). Turns on auto PD recovery on the specified port(s). pwr interface <port-list>...
Page 242 Chapter 63 PoE Commands Table 160 pwr Command Summary (continued) COMMAND DESCRIPTION Sets how the Switch provides power to a connected pwr interface <port-list> power-up PD at power-up. <802.3af|legacy|pre- 802.3at|802.3at|802.3bt> : the Switch follows the IEEE 802.3af Power 802.3af over Ethernet standard to supply power to the connected PDs during power-up.
Page 243 Chapter 63 PoE Commands Table 160 pwr Command Summary (continued) COMMAND DESCRIPTION Enables this function to let the Switch have a wider pwr interface <port-list> wide- detection range for the PDs on the specified port(s). range The Switch detects whether a connected device is a powered device or not before supplying power to the port.
Page 244 Chapter 63 PoE Commands 63.2 Command Examples This example enables Power over Ethernet (PoE) on ports 1-4 and enables traps when the power usage reaches 25%. sysname# configure sysname(config)# pwr interface 1-4 sysname(config)# pwr usagethreshold 25 sysname(config)# pwr mibtrap sysname(config)# exit This example sets the maximum amount of power allowed for port 2 to 7500 mW.
Page 245 Chapter 63 PoE Commands This example shows the current status and configuration of Power over Ethernet. sysname# sh pwr PoE Mode : Classification mode Continuous PoE : enable Total Power:60.0(W) Usage:10(%) Consuming Power:6.9(W) Allocated Power:30.0 (W) Remaining Power:30.0(W) Averaged Junction Temperature: 42 (c), 107 (f). Port State Class...
Page 246 Chapter 63 PoE Commands Table 161 show pwr (continued) LABEL DESCRIPTION This field indicates whether or not a powered device (PD) is allowed to receive power from the Switch on this port. Class This field displays the power classification of the PD. Each PD has a specified maximum power that fall under one of the classes.
Page 247: Policy Commands
H A P T E R Policy Commands Use these commands to configure policies based on the classification of traffic flows. A classifier distinguishes traffic into flows based on the configured criteria. A policy rule defines the treatment of a traffic flow.
Page 248 Chapter 64 Policy Commands Table 162 policy Command Summary COMMAND DESCRIPTION Configures a policy with the specified name. policy <name> classifier <classifier-list> <[vlan <vlan- name: 32 alphanumeric characters id>][egress-port <port- Specifies which classifiers this policy applies to. num>][priority <0-7>][dscp <0- 63>][tos <0-7>][bandwidth classifier-list: names of classifiers separated by <bandwidth>][egress-port <port-...
Page 249 Chapter 64 Policy Commands Table 162 policy Command Summary COMMAND DESCRIPTION Configures a policy with the specified name. policy <name> classifier <classifier-list> <[vlan <vlan- name: 32 alphanumeric characters id>] [egress-port <port-num>] Specifies which classifiers this policy applies to. [priority <0-7>] [bandwidth <bandwidth>] [forward-action classifier-list: names of classifiers separated by <drop>] [queue-action <prio-...
Page 250 Chapter 64 Policy Commands This example creates a policy (Policy1) for the traffic flow identified via classifier Class1 (see the classifier example in Chapter 15 on page 60). This policy forwards Class1 packets to port 8. sysname(config)# policy Policy1 classifier Class1 egress-port 8 outgoing- eport sysname(config)# exit sysname# show policy Policy1...
Page 251: Policy Route Commands
H A P T E R Policy Route Commands Use these commands to configure policy route to override the default routing behavior and alter the packet forwarding. Policy-based routing is based on the classification of traffic flows and applied to incoming packets prior to the normal routing.
Page 252 Chapter 65 Policy Route Commands 65.2 Command Examples By default, the Switch forwards all packets to the default gateway. This example configures a layer 3 classifier (Class-1) to group traffic with source IP address 192.168.2.13. This example also creates a policy routing rule in profile Profile-1 to set the Switch to forward packets that match the layer 3 classifier to the gateway with IP address 10.1.1.99.
Page 253: Port Security Commands
H A P T E R Port Security Commands Use these commands to allow only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. For maximum port security, enable port security, disable MAC address learning and configure static MAC address(es) for a port. Note: It is not recommended you disable both port security and MAC address learning because this will result in many broadcasts.
Page 254 Chapter 66 Port Security Commands Table 164 port-security Command Summary (continued) COMMAND DESCRIPTION Disables the specified VLAN MAC address limit. port-security <port-list> vlan <vlan-id> address-limit <number> inactive Enables the specified VLAN MAC address limit. no port-security <port-list> vlan <vlan-id> address-limit inactive 66.2 Command Examples This example enables port security on port 1 and limits the number of learned MAC addresses to 5.
Page 255: Port-Based Vlan Commands
H A P T E R Port-based VLAN Commands Use these commands to configure port-based VLAN. Note: These commands have no effect unless port-based VLAN is enabled. 67.1 Command Summary The following section lists the commands for this feature. Table 165 egress Command Summary COMMAND DESCRIPTION Displays outgoing port information for the specified ports.
Page 256: Pppoe Ia Commands
H A P T E R PPPoE IA Commands Use these commands if you want the Switch to add a vendor-specific tag to PADI (PPPoE Active Discovery Initiation) and PADR (PPPoE Active Discovery Request) packets from PPPoE clients. This tag gives a PPPoE termination server additional information (such as the port number, VLAN ID, and MAC address) that the server can use to identify and authenticate a PPPoE client.
Page 257 Chapter 68 PPPoE IA Commands 68.2 Command Summary The following section lists the commands for this feature. Table 166 PPPoE Intermediate Agent Command Summary COMMAND DESCRIPTION Removes all statistics records of PPPoE packets on the clear pppoe intermediate-agent Switch. statistics Removes statistics records of PPPoE packets for the clear pppoe intermediate-agent specified VLAN(s).
Page 258 Chapter 68 PPPoE IA Commands Table 166 PPPoE Intermediate Agent Command Summary (continued) COMMAND DESCRIPTION Removes the access-node-identifier you have set. no pppoe intermediate-agent format-type access-node- identifier Removes the identifier-string you have set. no pppoe intermediate-agent format-type identifier-string Sets the Switch to not add the Switch’s host name to the no pppoe intermediate-agent identifier-string.
Page 259 Chapter 68 PPPoE IA Commands 68.3 Command Examples This is an example of how to enable and disable PPPoE IA on the Switch. sysname# configure sysname(config)# pppoe intermediate-agent sysname(config)# no pppoe intermediate-agent This is an example of how to enable and configure PPPoE IA for VLANs. sysname# configure sysname(config)# pppoe intermediate-agent vlan 2 sysname(config)# pppoe intermediate-agent vlan 5,9,11...
Page 260 Chapter 68 PPPoE IA Commands 68.3.1 Vendor-Specific Tag Examples The following examples show you how to configure the vendor-specific tag for PPPoE IA. They assume there is a PPPoE IA client connected to port 2 and PPPoE IA server (or up-link port) connected to port 5. sysname# configure sysname(config)# pppoe intermediate-agent sysname(config)# pppoe intermediate-agent format-type access-node-...
Page 261 Chapter 68 PPPoE IA Commands Additionally, we can let the circuit-id or remote-id carry the user-configured information from a specific port whose priority is less than the specific VLAN on a port setting: sysname# configure sysname(config)# interface port-channel 2 sysname(config-interface)# pppoe intermediate-agent format-type circuit- id string ForPortCircuitIdTest sysname(config-interface)# pppoe intermediate-agent format-type remote- id string ForPortRemoteIdTest...
Page 262: Private Vlan Commands
H A P T E R Private VLAN Commands This chapter explains how to use commands to configure (legacy) Private VLANs (PVLAN) on the Switch. 69.1 Legacy PVLAN Overview Private VLAN allows you to do port isolation within a VLAN in a simple way. In private VLAN, a promiscuous port can communicate with any port in the same VLAN.
Page 263 Chapter 69 Private VLAN Commands Table 167 private-vlan (legacy) Command Summary (continued) COMMAND DESCRIPTION Sets a private VLAN rule. You specify which port(s) in a private-vlan name <name> vlan VLAN is not isolated by adding it to the promiscuous port <vlan-id>...
Page 264 Chapter 69 Private VLAN Commands VLAN 111 can send and receive traffic from the uplink port 24. This example also shows all private VLAN Switch rules configured on the sysname# configure sysname(config)# private-vlan name pvlan-111 vlan 111 sysname(config)# exit sysname# show private-vlan Private VLAN: 111 Active: Yes Name...
Page 265 Chapter 69 Private VLAN Commands Table 168 private-vlan Command Summary (continued) COMMAND DESCRIPTION Removes association between the primary VLAN and the no private-vlan association specified secondary VLAN(s). <secondary-vlan-list> Enters config-interface mode for the specified port(s). interface port-channel <port- list> Configures PVLAN on a port. Set the associated PVLAN ID, private-vlan mode type of private VLAN and specify whether outgoing frames <promiscuous | isolated |...
Page 266 Chapter 69 Private VLAN Commands Primary PVLAN 100 is then mapped to port 2 on the Switch and outgoing frames from port 2 will be tagged. sysname# configure sysname(config)# vlan 100 sysname(config-vlan)# private-vlan primary sysname(config-vlan)# exit sysname(config)# vlan 101 sysname(config-vlan)# private-vlan community sysname(config-vlan)# exit sysname(config)# vlan 102 sysname(config-vlan)# private-vlan isolated...
Page 267: Protocol-Based Vlan Commands
H A P T E R Protocol-based VLAN Commands Use these commands to configure protocol based VLANs on the Switch. 70.1 Protocol-based VLAN Overview Protocol-based VLANs allow you to group traffic based on the Ethernet protocol you specify. This allows you to assign priority to traffic of the same protocol.
Page 268 Chapter 70 Protocol-based VLAN Commands Table 169 protocol-based-vlan Command Summary (continued) COMMAND DESCRIPTION Creates a protocol based VLAN with the specified protocol-based-vlan name parameters. <name> ethernet-type <ether- num|ip|ipx|arp|rarp|appleta name - Use up to 32 alphanumeric characters. lk|decnet> vlan <vlan-id> ether-num - if you don’t select a predefined Ethernet priority <0-7>...
Page 269: Queuing Commands
H A P T E R Queuing Commands Use queuing commands to help solve performance degradation when there is network congestion. Note: Queuing method configuration differs across Switch models. • Some models allow you to select a queuing method on a port-by-port basis. For example, port 1 can use Strictly Priority Queuing and ports 2-8 can use Weighted Round Robin.
Page 270 Chapter 71 Queuing Commands • Hybrid Mode: WRR & SPQ or WFQ & SPQ - some switch models allow you to configure higher priority queues to use SPQ and use WRR or WFQ for the lower level queues. 71.2 Command Summary: Port by Port Configuration The following section lists the commands for this feature.
Page 271 Chapter 71 Queuing Commands 71.3 Command Examples: Port by Port Configuration This example configures WFQ on ports 1-5 and assigns weight values (1,2,3,4,12,13,14,15) to the physical queues (Q0 to Q8). sysname(config)# interface port-channel 1-5 sysname(config-interface)# wfq sysname(config-interface)# weight 1 2 3 4 12 13 14 15 71.4 Command Summary: System-Wide Configuration The following section lists the commands for this feature.
Page 272 Chapter 71 Queuing Commands This example configures the Switch to use WRR as a queuing method but configures the Gigabit ports 9- 12 to use SPQ for queues 5, 6 and 7. sysname(config)# wrr sysname(config)# interface port-channel 9-12 sysname(config-interface)# ge-spq 5 Ethernet Switch CLI Reference Guide...
Page 273: Radius Commands
H A P T E R RADIUS Commands Use these commands to configure external RADIUS (Remote Authentication Dial-In User Service) servers. 72.1 Command Summary The following section lists the commands for this feature. Table 172 radius-server Command Summary COMMAND DESCRIPTION Displays RADIUS server settings.
Page 274 Chapter 72 RADIUS Commands Table 173 radius-accounting Command Summary (continued) COMMAND DESCRIPTION Specifies the IP address of the RADIUS accounting server. radius-accounting host <index> Optionally, sets the port number and key of the external <ip> [acct-port <socket-number>] RADIUS accounting server. [key [cipher] <key-string>] index: 1 or 2.
Page 275: Remote Management Commands
H A P T E R Remote Management Commands Use these commands to specify a group of one or more “trusted computers” from which an administrator may use one or more services to manage the Switch and to decide what services you may use to access the Switch.
Page 276 Chapter 73 Remote Management Commands Table 176 service-control Command Summary (continued) COMMAND DESCRIPTION Disables FTP access to the Switch. no service-control ftp Allows HTTP access to the Switch. service-control http Specifies the service port for the HTTP service and defines service-control http <socket- the timeout period (in minutes).
Page 277: Rip Commands
H A P T E R RIP Commands This chapter explains how to use commands to configure the Routing Information Protocol (RIP) on the Switch. 74.1 RIP Overview RIP is a protocol used for exchanging routing information between routers on a network. Information is exchanged by routers periodically advertising a routing table.
Page 278 Chapter 74 RIP Commands Table 177 rip Command Summary (continued) COMMAND DESCRIPTION When two different routing protocols, such as RIP distance <10-255> and OSPF provide multiple routes to the same destination, the Switch can use the administrative distance of the route source to determine which routing protocol to use and add the route to the routing table.
Page 279 Chapter 74 RIP Commands Table 177 rip Command Summary (continued) COMMAND DESCRIPTION Sets the RIP direction and version in this routing ip rip direction domain. <Outgoing|Incoming|Both|None> version <v1|v2b|v2m> Enters the configuration mode for this VLAN interface vlan <vlan-id> interface. Enables IPv6 RIP on the VLAN interface. ipv6 rip Disables IPv6 RIP on the VLAN interface.
Page 280: Rmon
H A P T E R RMON 75.1 RMON Overview Similar to SNMP, RMON (Remote Network Monitor) allows you to gather and monitor network traffic. Both SNMP and RMON use an agent, known as a probe, which are software processes running on network devices to collect information about network traffic and store it in a local MIB (Management Information Base).
Page 281 Chapter 75 RMON 75.3 Command Summary The following section lists the commands for this feature. Table 180 rmon Command Summary COMMAND DESCRIPTION Sets an alarm that occurs when the sampled rmon alarm alarmtable <alarm-index> data exceeds the specified threshold. See variable <variable>...
Page 282 Chapter 75 RMON Table 180 rmon Command Summary (continued) COMMAND DESCRIPTION Displays all current network traffic statistics or show rmon statistics etherstats [index only the specified entry’s. <etherstats-index>] Displays current network traffic statistics for show rmon statistics etherstats port- the specified port. channel <interface-id>...
Page 283 Chapter 75 RMON where This is an alarm’s index number in the alarm table. 1-65535 This is the variable(s) whose data is sampled. The allowed options are: variable • [ifType.<port>] • [ifMtu.<port>] • [ifSpeed.<port>] • [ifAdminStatus.<port>] • [ifOperStatus.<port>] • [ifLastChange.<port>] •...
Page 284 Chapter 75 RMON • alarm index number: 2 • variable: getting the number of errored packets received on port 1 • how often to get a data sample: every 60 seconds • sampling method: delta • when to send an alarm: when the value is higher than the rising threshold •...
Page 285 Chapter 75 RMON This example also shows how to display the data collection results. ras# config ras(config)# rmon statistics etherstats 1 port-channel 12 ras(config)# exit ras# show rmon statistics etherstats index 1 Statistics 1 owned by is valid Monitor on interface port-channel 12 etherStatsDropEvents: 0 etherStatsOctets: 1576159 etherStatsPkts: 19861...
Page 286 Chapter 75 RMON This example also shows how to display the data collection results. ras# config ras(config)# rmon history historycontrol 1 buckets 10 interval 10 port-channel 12 ras(config)# exit ras# show rmon history historycontrol index 1 History control 1 owned by is valid Monitors interface port-channel 12 every 10 sec.
Page 287: Running Configuration Commands
H A P T E R Running Configuration Commands Use these commands to back up and restore configuration and firmware. 76.1 Switch Configuration File When you configure the Switch using either the CLI (Command Line Interface) or web configurator, the settings are saved as a series of commands in a configuration file on the Switch called running- config.
Page 288 Chapter 76 Running Configuration Commands The following section lists the commands for this feature. Table 182 running-config Command Summary COMMAND DESCRIPTION Displays the current configuration file. This file contains the show running-config [interface commands that change the Switch's configuration from port-channel <port-list>...
Page 289 Chapter 76 Running Configuration Commands Table 182 running-config Command Summary (continued) COMMAND DESCRIPTION Reboots the system and loads a saved customized default reload custom-default file on the Switch. Note: This will save the customized default configuration settings to both Configuration 1 and Configuration 2.
Page 290: Service Register
H A P T E R Service Register This chapter shows you how to use commands to update and view service license information. 77.1 Service Register Overview myZyxel is Zyxel’s online services center where you can register your Switch and manage subscription services available for your Switch.
Page 291: Sflow
H A P T E R sFlow This chapter shows you how to configure sFlow to have the Switch monitor traffic in a network and send information to an sFlow collector for analysis. 78.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched networks. An sFlow agent embedded on a switch or router gets sample data and packet statistics from traffic forwarded through its ports.
Page 292 Chapter 78 sFlow Table 184 sflow Command Summary (continued) COMMAND DESCRIPTION Configures an sFlow collector and the UDP port the sflow collector <ip-address> [udp- Switch uses to send sFlow datagram to the collector. port <udp-port>] The default UDP port is 6343. Displays sFlow settings on the Switch.
Page 293: Smart Isolation Commands
H A P T E R Smart Isolation Commands This chapter explains how to use commands to configure smart isolation on the Switch. 79.1 Smart Isolation Overview To block traffic between two specific ports within the Switch, you can use port isolation or private VLAN (see Chapter 69 on page 262 for more information).
Page 294 Chapter 79 Smart Isolation Commands ports on switch B sending traffic through designated port 8 to switch C. Traffic received on designated port 8 from switch C will not be forwarded to any other isolated ports on switch B. Before Smart Isolation Isolated ports: 2~6 Root port: 7 Designated port: 8...
Page 295 Chapter 79 Smart Isolation Commands private VLAN rule for VLAN 200 to put ports 3, 4 and 5 in the isolated port list. In this example, the designated port 7 is added to the isolated port list after smart isolation is enabled. sysname# configure sysname(config)# spanning-tree mode rstp sysname(config)# spanning-tree...
Page 296: Snmp Server Commands
H A P T E R SNMP Server Commands Use these commands to configure SNMP on the Switch. 80.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 187 snmp-server User-input Values COMMAND DESCRIPTION 1-32 alphanumeric characters property...
Page 297 Chapter 80 SNMP Server Commands Table 188 snmp-server Command Summary (continued) COMMAND DESCRIPTION Sets the trap community. Only for SNMPv2c or lower. snmp-server trap-community [cipher] <property> cipher: inform the Switch that the string after the word "cipher" is an encrypted secret. This is used in password encryption.
Page 298 Chapter 80 SNMP Server Commands Table 188 snmp-server Command Summary (continued) COMMAND DESCRIPTION Sets the authentication level for SNMP v3 user snmp-server username <name> sec- authentication. Optionally, specifies the authentication level <noauth|auth|priv> [auth and encryption methods for communication with the <md5|sha>...
Page 299 Chapter 80 SNMP Server Commands Table 189 snmp-server trap-destination enable traps Command Summary (continued) COMMAND DESCRIPTION Prevents the Switch from sending the specified AAA traps no snmp-server trap-destination to the specified manager. <ip> enable traps aaa <options> Sends all interface traps to the specified manager. snmp-server trap-destination <ip>...
Page 300 Chapter 80 SNMP Server Commands 80.2 Command Examples This example sets the Switch to not send the linkup and linkdown traps received on port 3 to the SNMP manager. sysname# configure sysname(config)# interface port-channel 3 sysname(config-interface)# no snmp trap linkup linkdown This example shows you how to display the SNMP information on the Switch.
Page 301: Stacking Commands
XGS2210-52 XGS2210-52HP XGS3700-24 XGS3700-24HP XGS3700-48 XGS3700-48HP XGS4600-32 XGS4600-32F XGS4600-52F XS3800-28 These are the maximum switches that are allowed per stack for the Switches. Table 191 Maximum Switches Allowed per Stack MODELS MAXIMUM SWITCHES ALLOWED PER STACK XGS2210-28 XGS2210-28HP XGS2210-52 XGS2210-52HP...
Page 302 MAXIMUM SWITCHES ALLOWED PER STACK XGS4600-52F XS3800-28 You can manage each Switch in the stack from a master Switch using its web configurator or console. Each Switch supports up to two stacking channels. Use the master Switch to assign a ‘slot ID’ for each ‘linecard’...
Page 303 Chapter 81 Stacking Commands Table 192 stacking Command Summary (continued) COMMAND DESCRIPTION Shows current Switch configuration including stacking slot show running-config summary. Press [CTRL]+C to terminate the process. Shows stacking details for the specified slot. show stacking slot <number> Shows Switch stacking mode. show system-information Enables stacking when the Switch is in standalone mode.
Page 304 Chapter 81 Stacking Commands Select a Switch to be the master. Change its mode to stacking mode. You will see a message asking you to confirm the change. Press [Y] to confirm and the Switch will reboot automatically using a new config01.
Page 305 Chapter 81 Stacking Commands Use these commands to then see the stacking status of the stack, see details of the slots in the stack and see details of an individual slot. sysname# show stacking Slot Id Type Status MAC address Role ------- ------------...
Page 306 Chapter 81 Stacking Commands Use these commands to see the stacking mode on a Switch. sysname# show running-config Building configuration... Current configuration: ;; slot 1 type XGS3700-48HP stacking force-master vlan 1 name 1 fixed 1/1-1/50 forbidden "" untagged 1/1-1/50 ip address 172.23.30.223 255.255.0.0 exit interface route-domain 172.23.30.223/16 exit...
Page 307: Stp And Rstp Commands
H A P T E R STP and RSTP Commands Use these commands to configure Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol Chapter 56 on page 212 Chapter 57 on page 215 for more information on MRSTP and MSTP...
Page 308 Chapter 82 STP and RSTP Commands Table 193 spanning-tree Command Summary (continued) COMMAND DESCRIPTION Sets the specified ports as edge ports. This allows the port spanning-tree <port-list> edge- to transition to a forwarding state immediately without port having to go through the listening and learning states. Note: An edge port becomes a non-edge port as soon as it receives a Bridge Protocol Data Units (BPDU).
Page 309 Chapter 82 STP and RSTP Commands This example shows the current STP settings. sysname# show spanning-tree config Bridge Info: (a)BridgeID: 8000-001349aefb7a (b)TimeSinceTopoChange: (c)TopoChangeCount: (d)TopoChange: (e)DesignatedRoot: 8000-001349aefb7a (f)RootPathCost: (g)RootPort: 0x0000 (h)MaxAge: (seconds) (i)HelloTime: (seconds) (j)ForwardDelay: (seconds) (k)BridgeMaxAge: (seconds) (l)BridgeHelloTime: (seconds) (m)BridgeForwardDelay: (seconds) (n)TransmissionLimit: (o)ForceVersion:...
Page 310 Chapter 82 STP and RSTP Commands Table 194 show spanning-tree config (continued) LABEL DESCRIPTION TransmissionLimit This field displays the maximum number of BPDUs that can be transmitted in the interval specified by BridgeHelloTime. ForceVersion This field indicates whether BPDUs are RSTP (a value less than 3) or MSTP (a value greater than or equal to 3).
Page 311: Ssh Commands
H A P T E R SSH Commands Use these commands to configure SSH on the Switch. 83.1 Command Summary The following section lists the commands for this feature. Table 195 ssh Command Summary COMMAND DESCRIPTION Displays general SSH settings. show ssh Displays current SSH session(s).
Page 312 Chapter 83 SSH Commands This example shows the general SSH settings. sysname# show ssh Configuration Version : SSH-1 & SSH-2 (server & client), SFTP (server) Server : Enabled Port : 22 Host key bits : 1024 Server key bits : 768 Support authentication: Password Support ciphers : AES, 3DES, RC4, Blowfish, CAST...
Page 313: Static Multicast Commands
H A P T E R Static Multicast Commands Use these commands to tell the Switch how to forward specific multicast frames to specific port(s). You can also configure which to do with unknown multicast frames using the router igmp unknown- multicast-frame command (see Table 88 on page 124).
Page 314 Chapter 84 Static Multicast Commands 84.2 Command Examples This example shows the current multicast table. The Type field displays User for rules that were manually added through static multicast forwarding or displays System for rules the Switch has automatically learned through IGMP snooping. sysname# show mac address-table multicast MAC Address VLAN ID...
Page 315: Static Route Commands
H A P T E R Static Route Commands Use these commands to tell the Switch how to forward IP traffic. IP static routes are used by layer-2 Switches to ensure they can respond to management stations not reachable via the default gateway and to proactively send traffic, for example when sending SNMP traps or conducting IP connectivity tests using ping.
Page 316 Chapter 85 Static Route Commands 85.2 Command Examples This example shows the current routing table. sysname# show ip route Dest FF Len Device Gateway Metric stat Timer Route table in VPS00 172.16.37.0 00 24 swp00 172.16.37.206 041b 0 1494 127.0.0.0 00 16 swp00 127.0.0.1...
Page 317 Chapter 85 Static Route Commands You can create an active static route that routes traffic for 192.168.10.1/24 to 172.16.37.254. sysname# configure sysname(config)# ip route 192.168.10.1 255.255.255.0 172.16.37.254 sysname(config)# exit sysname# show ip route static Idx Active Name Dest. Addr. Subnet Mask Gateway Addr.
Page 318: Subnet-Based Vlan Commands
H A P T E R Subnet-based VLAN Commands Use these commands to configure subnet-based VLANs on the Switch. 86.1 Subnet-based VLAN Overview Subnet-based VLANs allow you to group traffic based on the source IP subnet you specify. This allows you to assign priority to traffic from the same IP subnet.
Page 319 Chapter 86 Subnet-based VLAN Commands Table 200 subnet-based-vlan Command Summary (continued) COMMAND DESCRIPTION Removes the specified subnet from the subnet-based no subnet-based-vlan source-ip VLAN configuration. <ip> mask-bits <mask-bits> Disables the DHCP VLAN override setting for subnet-based no subnet-based-vlan dhcp-vlan- VLAN(s). override 86.3 Command Examples This example configures a subnet-based VLAN (subnet1VLAN) with priority 6 and a VID of 200 for traffic...
Page 320: Syslog Commands
H A P T E R Syslog Commands Use these commands to configure the device’s system logging settings and to configure the external syslog servers. 87.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 201 syslog User-input Values COMMAND DESCRIPTION...
Page 321: Reference T-Z
Reference T-Z TACACS+ Commands (322) Tech Support Commands (323) TFTP Commands (326) Time Range Commands (327) Trunk Commands (330) trTCM Commands (333) VLAN Commands (339) VLAN IP Commands (345) VLAN Mapping Commands (347) VLAN Port Isolation Commands (349) VLAN Stacking Commands (350) VLAN Trunking Commands (353) Voice VLAN Commands (354) VRRP Commands (357)
Page 322: Tacacs+ Commands
H A P T E R TACACS+ Commands Use these commands to configure external TACACS+ (Terminal Access Controller Access-Control System Plus) servers. 88.1 Command Summary The following section lists the commands for this feature. Table 205 tacacs-server Command Summary COMMAND DESCRIPTION Displays TACACS+ server settings.
Page 323: Tech Support Commands
H A P T E R Tech Support Commands 89.1 Tech-Support Overview The Tech-Support feature is a log Enhancement tool that logs useful information such as CPU utilization history, memory and Mbuf (Memory Buffer) information and crash reports for issue analysis that’s collected by customer support should you have difficulty with your Switch.
Page 324 Chapter 89 Tech Support Commands 89.3 Command Examples This example sets the mbuf threshold to 60%, checks the mbuf threshold setting and generates the mbuf log report. sysname# config <cr> sysname(config)# sysname(config)# tech-support mbuf 60 <cr> sysname (config)# sysname(config)# exit <cr> sysname# show run <cr>...
Page 325 Chapter 89 Tech Support Commands This example sets the CPU threshold to 80 and time to 5. Then uses the command show logging to see the log. sysname# config <cr> sysname(config)# sysname(config)# tech-support cpu 80 keep 5 <cr> sysname (config)# sysname(config)# exit <cr>...
Page 326: Tftp Commands
H A P T E R TFTP Commands Use these commands to back up and restore configuration and firmware via TFTP. 90.1 Command Summary The following section lists the commands for this feature. Table 208 tftp Command Summary COMMAND DESCRIPTION Restores firmware via TFTP.
Page 327: Time Range Commands
H A P T E R Time Range Commands 91.1 About Time Range You can set a time range for time-oriented features such as Classifier ACL (Access Control List) rule which categorizes data packets into different network traffic flows. The advantage of the time range feature is that it allows you to schedule the active time of configurations.
Page 328 Chapter 91 Time Range Commands 91.3 Command Examples The following are some examples of using the time-range commands. sysname# sysname# configure terminal sysname(config)# time-range work absolute start 08:00 1 jan 2015 end 17:30 31 dec 2015 sysname(config)# exit sysname# show time-range work Time range work: Absolute start 08:00 1 January 2015 end 17:30 31 December 2015 sysname(config)# time-range work2 periodic monday 08:00 to friday 17:30...
Page 329: Traceroute Commands
H A P T E R Traceroute Commands 92.1 Traceroute Overview Traceroute is a tool to display the path a packet takes between two endpoints. 92.2 Command Summary The following section lists the commands for this feature. Table 210 traceroute Command Summary COMMAND DESCRIPTION Displays the path a packet takes to the specified Ethernet...
Page 330: Trunk Commands
H A P T E R Trunk Commands Use these commands to logically aggregate physical links to form one logical, higher-bandwidth link. The Switch adheres to the IEEE 802.3ad standard for static and dynamic (Link Aggregate Control Protocol, LACP) port trunking. Note: Different models support different numbers of trunks (T1, T2, ...).
Page 331 Chapter 93 Trunk Commands Table 212 lacp Command Summary (continued) COMMAND DESCRIPTION Disables the link aggregation control protocol (dynamic no lacp trunking) on the Switch. Sets the priority of an active port using LACP. lacp system-priority <1-65535> 93.2 Command Examples This example activates trunk 1 and places ports 5-8 in the trunk using static link aggregation.
Page 332 Chapter 93 Trunk Commands This example shows the current LACP settings. sysname# show lacp AGGREGATOR INFO: ID: 1 [(0000,00-00-00-00-00-00,0000,00,0000)][(0000,00-00-00-00-00-00 -->,0000,00,0000)] LINKS : SYNCS : ID: 2 [(0000,00-00-00-00-00-00,0000,00,0000)][(0000,00-00-00-00-00-00 -->,0000,00,0000)] LINKS : SYNCS : ID: 3 [(0000,00-00-00-00-00-00,0000,00,0000)][(0000,00-00-00-00-00-00 --> ,0000,00,0000)] LINKS : SYNCS : The following table describes the labels in this screen.
Page 333: Trtcm Commands
H A P T E R trTCM Commands This chapter explains how to use commands to configure the Two Rate Three Color Marker (trTCM) feature on the Switch. 94.1 trTCM Overview Two Rate Three Color Marker (trTCM, defined in RFC 2698) is a type of traffic policing that identifies packets by comparing them to two user-defined rates: the Committed Information Rate (CIR) and the Peak Information Rate (PIR).
Page 334 Chapter 94 trTCM Commands Table 215 trtcm Command Summary (continued) COMMAND DESCRIPTION Sets the Commit Information Rate on the trtcm cir <rate> port(s). Sets the Peak Information Rate on the port(s). trtcm pir <rate> Specifies the DSCP value to use for packets trtcm dscp green <0-63>...
Page 335 Chapter 94 trTCM Commands This examples activates trTCM on the Switch with the following settings: • Enable trTCM on the Switch • Enable Diffserv on the Switch • Set the Switch to inspect the DSCP value of packets (color-aware mode) •...
Page 336: Vendor Id-Based Vlan
H A P T E R Vendor ID-based VLAN Use these commands to bind a bunch of client source MAC addresses to a VLAN on the Switch. 95.1 Vendor ID-based VLAN Overview The Vendor ID based VLAN feature assigns incoming untagged packets to a VLAN and classifies the traffic based on the source MAC address of the packet.
Page 337 Chapter 95 Vendor ID-based VLAN 95.2 Command Summary The following section lists the commands for this feature. Table 216 Vendor ID-based VLAN Command Summary COMMAND DESCRIPTION Adds a new vendor ID-based VLAN entry. vendor-id-based-vlan name <name> source-mac <mac-addr> mask : 1-32 alphanumeric characters name <mask>...
Page 338 Chapter 95 Vendor ID-based VLAN 95.4 Command Example: remove source MAC address This example deletes a binding source MAC address to a vendor ID-based VLAN with MAC address 00:a0:c5:01:23:45 and mask ff:ff:ff:00:00:00. sysname(config)# no vendor-id-based-vlan source-mac 00:a0:c5:01:23:45 mask ff:ff:ff:00:00:00 sysname(config)# exit Ethernet Switch CLI Reference Guide...
Page 339: Vlan Commands
H A P T E R VLAN Commands Use these commands to configure IEEE 802.1Q VLAN. Note: See Chapter 97 on page 345 for VLAN IP commands. 96.1 VLAN Overview A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks.
Page 340 Chapter 96 VLAN Commands 96.3 Command Summary The following section lists the commands for this feature. Table 217 vlan Command Summary COMMAND DESCRIPTION Displays the status of all VLANs. show vlan Displays the status of the specified VLAN. show vlan <vlan-id> Displays concurrent incoming packet statistics of the show vlan <vlan-id>...
Page 341 Chapter 96 VLAN Commands • Other models enable or disable VLAN ingress checking on each port individually via the ingress- check command in the config-interface mode. Table 218 vlan1q ingress-check Command Summary COMMAND DESCRIPTION Displays ingress check settings on the Switch. show vlan1q ingress-check Enables ingress checking on the Switch.
Page 342 Chapter 96 VLAN Commands The following table describes the labels in this screen. Table 220 show vlan LABEL DESCRIPTION The Number of VLAN This field displays the number of VLANs on the Switch. Idx. This field displays an entry number for each VLAN. This field displays the VLAN identification number.
Page 343 Chapter 96 VLAN Commands This example displays concurrent incoming packet statistics for VLAN 1. MGS-3712# show vlan 1 counters -------- Press ESC to finish ------- System up time: 0:59:02 Vlan Info Vlan Id. Packet KBs/s :0.0 Packets Multicast Broadcast Tagged Distribution 65 to 127 128 to 255...
Page 344 Chapter 96 VLAN Commands Table 221 show vlan counters (continued) LABEL DESCRIPTION 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length.
Page 345: Vlan Ip Commands
H A P T E R VLAN IP Commands Use these commands to configure the default gateway device and add IP domains for VLAN. 97.1 IP Interfaces Overview The Switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1.
Page 346 Chapter 97 VLAN IP Commands Table 222 vlan ip address Command Summary (continued) COMMAND DESCRIPTION Updates the in-band management IP address provided by ip address default- a DHCP server. management dhcp-bootp renew Sets the IP address and subnet mask of the Switch in the ip address <ip-address>...
Page 347: Vlan Mapping Commands
H A P T E R VLAN Mapping Commands Use these commands to configure VLAN mapping on the Switch. With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network.
Page 348 Chapter 98 VLAN Mapping Commands 98.2 Command Examples This example enables VLAN mapping on the Switch and creates a VLAN mapping rule to translate the VLAN ID from 123 to 234 in the packets received on port 4. sysname# configure sysname(config)# vlan-mapping sysname(config)# vlan-mapping name test interface port-channel 4 vlan 123 translated-vlan 234 priority 3...
Page 349: Vlan Port Isolation Commands
H A P T E R VLAN Port Isolation Commands Use these commands to configure VLAN port isolation on the Switch. VLAN port isolation allows each port to communicate only with the CPU management port and the uplink ports, but not to communicate with each other.
Page 350: Vlan Stacking Commands
H A P T E R VLAN Stacking Commands Use these commands to add an outer VLAN tag to the inner IEEE 802.1Q tagged frames that enter your network. 100.1 Command Summary The following section lists the commands for this feature. Table 225 vlan-stacking Command Summary COMMAND DESCRIPTION...
Page 351 Chapter 100 VLAN Stacking Commands Table 225 vlan-stacking Command Summary (continued) COMMAND DESCRIPTION Sets the SP TPID (Service Provider Tag Protocol Identifier). vlan-stacking <sptpid> SP TPID is a standard Ethernet type code identifying the frame and indicating whether the frame carries IEEE 802.1Q tag information.
Page 352 Chapter 100 VLAN Stacking Commands This example shows how to configure ports 1 and 2 on the Switch to tag incoming frames with the service provider’s VID of 37 (ports are connected to customer A network). This example also shows how to set the priority for ports 1 and 2 to 3.
Page 353: Vlan Trunking Commands
H A P T E R VLAN Trunking Commands Use these commands to decide what the Switch should do with frames that belong to unknown VLAN groups. 101.1 Command Summary The following section lists the commands for this feature. Table 226 vlan-trunking Command Summary COMMAND DESCRIPTION Enters config-interface mode for the specified port(s).
Page 354: Voice Vlan Commands
H A P T E R Voice VLAN Commands Use these commands to set up Voice VLAN on the Switch. 102.1 Voice VLAN Overview Voice VLAN ensures that the sound quality of an IP phone is preserved from deteriorating when the data traffic on the Switch ports is high.
Page 355 Chapter 102 Voice VLAN Commands 102.3 Command Example This example configures Voice VLAN to port number 5, priority level number 6 and displays Voice VLAN session. sysname# configure sysname(config)# voice-vlan 5 sysname(config)# voice-vlan priority 6 sysname(config)# exit sysname# show voice-vlan Voice VLAN : enable VLAN ID...
Page 356 Chapter 102 Voice VLAN Commands This example sets the VLAN ports for Voice VLAN as seen in the above example. Normal port is 5 to 10, Fixed port is 11 to 20 and forbidden port is 21 to 28. Port numbers can be higher if the Switch model has 48 ports.
Page 357: Vrrp Commands
H A P T E R VRRP Commands This chapter explains how to use commands to configure the Virtual Router Redundancy Protocol (VRRP) on the Switch. 103.1 VRRP Overview VRRP is a protocol that allows you to configure redundant router connections. The protocol reduces downtime in case of a single link failure.
Page 358 Chapter 103 VRRP Commands Table 228 VRRP Command Summary (continued) COMMAND DESCRIPTION Enables preemption mode. preempt Exits from the VRRP command mode. exit Deletes VRRP settings. no router vrrp network <ip-address>/<mask- bits> vr-id <1~7> Sets the VRRP authentication key. interface route-domain <ip-address>/<mask- bits>...
Page 359 Chapter 103 VRRP Commands This example shows how to create the IP routing domains and configure the Switch to act as router A in the topology shown in Figure 13 on page 358. sysname# config sysname(config)# vlan 100 sysname(config-vlan)# fixed 1-4 sysname(config-vlan)# untagged 1-4 sysname(config-vlan)# ip address 10.10.1.252 255.255.255.0 sysname(config-vlan)# exit...
Page 360: Zuld Commands
H A P T E R ZULD Commands Use these commands to configure ZULD on the Switch. 104.1 ZULD Overview A unidirectional link is a connection where the link is up on both ends, but only one end can receive packets.
Page 361 Chapter 104 ZULD Commands Table 229 zuld Command Summary (continued) COMMAND DESCRIPTION Sets the length of time that ZULD waits before declaring zuld probe-time <5-65535> that a link is unidirectional. When the probe time expires, and one port (either on the Switch or the connected device) still has not received an OAMPDU, then ZULD declares that the link is unidirectional.
Page 362: Wol Relay Commands
H A P T E R Wol Relay Commands Use these commands to configure WoL (Wake On LAN) relay settings on the Switch. 105.1 Wol Relay Overview Wake On LAN is a feature to remotely turn on a device on the LAN network. A device is turned on by receiving a magic packet.
Page 363: Additional Commands
H A P T E R Additional Commands Use these commands to configure or perform additional features on the Switch. 106.1 Command Summary The following section lists the commands for this feature. Table 231 Command Summary: Changing Modes or Privileges COMMAND DESCRIPTION Changes the session’s privilege level to 14 and puts the session...
Page 364 Chapter 106 Additional Commands Table 232 Command Summary: Additional Enable Mode (continued) COMMAND DESCRIPTION The Switch supports dual firmware images, ras-0 and ras-1. Run <1|2> boot image this command, where <index> is 1 (ras-0) or 2 (ras-1) to specify which image is updated when firmware is loaded using the web configurator and to specify which image is loaded when the Switch starts up.
Page 365 Chapter 106 Additional Commands Table 232 Command Summary: Additional Enable Mode (continued) COMMAND DESCRIPTION Display the version of the currently running firmware on the show version [flash] Switch. Optionally, display the version of the currently installed firmware on the flash memory. Connects to a specified host using Telnet.
Page 366 Chapter 106 Additional Commands 106.2 Command Examples This example checks the cable pairs on ports 1 and 4. sysname# cable-diagnostics 1 Port Channel Pair status Cable length (m) Distance to fault (m) ---- ------- ----------- ---------------- --------------------- pairA Open 0.00 pairB Open 0.00...
Page 367 Chapter 106 Additional Commands This example sends Ping requests to an Ethernet device with IP address 172.16.37.254. sysname# ping 172.16.37.254 Resolving 172.16.37.254... 172.16.37.254 sent rcvd rate mdev reply from 172.16.37.254 172.16.37.254 172.16.37.254 The following table describes the labels in this screen. Table 235 ping LABEL DESCRIPTION...
Page 368 Chapter 106 Additional Commands This example shows the current and recent CPU utilization. sysname# show cpu-utilization CPU usage status: baseline 1715384 ticks ticks util sec ticks util sec ticks util sec ticks util --- ------- ------ --- ------- ------ --- ------- ------ --- ------- 657543 61.67 255118...
Page 369 Chapter 106 Additional Commands The following examples look at the current sensor readings from various places in the hardware. The display for your Switch may be different. sysname# show hardware-monitor C Customer Part Serial Number Number & Revision Manufacturing Fan Air Flow ---- ------------- -----------------...
Page 370 Chapter 106 Additional Commands sysname# show hardware-monitor C Temperature Unit : (C) Temperature(%c) Current Threshold Status --------------- ------- ----- ----- --------- ------ CPU/MAC 42.0 43.0 39.0 76.0 Normal BOARD 43.0 44.0 40.0 113.0 Normal 43.0 44.0 39.0 99.0 Normal FAN Speed(RPM) Current Threshold Status...
Page 371 Chapter 106 Additional Commands Table 238 show hardware-monitor (continued) LABEL DESCRIPTION Status Normal: The current temperature is below the threshold. Error: The current temperature is above the threshold. FAN Speed(RPM) This field displays the fans in the Switch. Each fan has a sensor that is capable of detecting and reporting when the fan speed falls below the threshold.
Page 372 Chapter 106 Additional Commands This example displays multicast VLAN configuration on the Switch. sysname> show multicast vlan Multicast Vlan Status Index Type ----- ---- ---------- The following table describes the labels in this screen. Table 239 show multicast vlan LABEL DESCRIPTION Index This field displays an entry number for the multicast VLAN.
Page 373 Chapter 106 Additional Commands The following table describes the labels in this screen. Table 241 show system-information LABEL DESCRIPTION Product Model This field displays the model name. System Name This field displays the system name (or hostname) of the Switch. System Mode This field displays standalone or stacking mode System Contact...
Page 374 Chapter 106 Additional Commands This example displays run-time SFP (Small Form Factor Pluggable) parameters on port 21 on the Switch. You can also see the alarm and warning thresholds for temperature, voltage, transmission bias, transmission and receiving power as shown. sysname# show interface transceiver 21 Transceiver Information Port...
Page 375: Appendices And Index Of Commands
Appendices and Index of Commands Default Values (376) Index of Commands (377)
Page 376 P P E N D I X Default Values Some commands, particularly no commands, reset settings to their default values. The following table identifies the default values for these settings. Table 242 Default Values for Reset Commands COMMAND DEFAULT VALUE Method 1: enable no aaa authentication enable Method 2: none...
Page 377 Index of Commands Index of Commands Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. [ circuit-id [slot-port] [vlan] [hostname] [string <string>] ] [ remote-id [mac] [string <string>] ] .......85 <ip>: Enters an IPv4 address for a cluster..........................228 <ip>: Enters an IPv6 address for a cluster.
Page 378 Index of Commands area <area-id> virtual-link <router-id> retransmit-interval <1-65535> ................234 area <area-id> virtual-link <router-id> transmit-delay <1-65535> ................232 area <area-id> virtual-link <router-id> transmit-delay <1-65535> ................234 arp aging-time <60-1000000> ..............................32 arp inspection ....................................34 arp inspection filter-aging-time <1-2147483647> ........................34 arp inspection filter-aging-time none .............................34 arp inspection log-buffer entries <0-1024>...
Page 379 Index of Commands clear arp inspection log ................................35 clear arp inspection statistics ..............................34 clear arp inspection statistics vlan <vlan-list> .........................34 clear certificate https ................................58 clear classifier match-count [<name>] ............................60 clear cpu-protection interface port-channel <port-list> cause <ARP|BPDU|IGMP> ..........99 clear dhcp snooping database statistics ..........................91 clear ethernet cfm linktrace ..............................51 clear ethernet cfm mep-ccmdb .............................51 clear ethernet cfm mep-defects ............................51...
Page 380 Index of Commands er3>] [option profile <name>] ............................85 dhcp relay <vlan-id> helper-address <remote-dhcp-server1> [<remote-dhcp-server2>] [<remote-dhcp-serv- er3>] [option] [information] ............................85 dhcp relay <vlan-id> interface port-channel <port-list> option profile <name> .............86 dhcp relay <vlan-id> source-address <ip-addr> ......................86 dhcp relay-broadcast ................................86 dhcp server <vlan-id> starting-address <ip-addr> <subnet-mask> size-of-client-ip-pool <1-1024> ......87 dhcp server <vlan-id>...
Page 381 Index of Commands 1500>][count <1-1024>] .............................52 ethernet cfm ma <ma-index> format <vid|string|integer> name <ma-name> md <md-index> primary-vlan <1-4094> ethernet cfm management-address-domain ip [<ip-addr>] ....................54 ethernet cfm md <md-index> format <dns|mac|string> name <md-name> level <0-7> ..........54 ethernet cfm virtual-mac <mac-addr> ..........................54 ethernet oam ...................................102 ethernet oam ...................................103 ethernet oam mode <active|passive>...
Page 382 Index of Commands igmp-group-limited number <number> ..........................131 igmp-immediate-leave ................................131 igmp-querier-mode <auto|fixed|edge> ..........................131 igmp-snooping ..................................126 igmp-snooping 8021p-priority <0-7> ............................126 igmp-snooping authentication ..............................129 igmp-snooping authentication-timeout <0-3000> ......................126 igmp-snooping fast-leave-timeout <200-6348800> ......................129 igmp-snooping filtering ................................126 igmp-snooping filtering profile <name> ..........................129 igmp-snooping filtering profile <name> start-address <ip> end-address <ip> ...............126 igmp-snooping group-limited ..............................130 igmp-snooping group-limited action <deny|replace>...
Page 383 Index of Commands interface port-channel <port-list> ..........................270 interface port-channel <port-list> ..........................291 interface port-channel <port-list> ..........................297 interface port-channel <port-list> ............................31 interface port-channel <port-list> ..........................333 interface port-channel <port-list> ..........................341 interface port-channel <port-list> ..........................347 interface port-channel <port-list> ..........................349 interface port-channel <port-list> ............................35 interface port-channel <port-list> ..........................350 interface port-channel <port-list>...
Page 384 Index of Commands ip igmp robustness-variable <2-255> ............................125 ip load-sharing ..................................190 ip load-sharing <sip|sip-dip> ..............................190 ip load-sharing aging-time <0-86400> ..........................190 ip load-sharing discover-time <0-86400> ..........................190 ip load-sharing maximum-path .............................191 ip name-server <ip|ipv6> ..............................143 ip ospf authentication-key <key> ............................230 ip ospf authentication-same-aa ............................230 ip ospf authentication-same-as-area ...........................230 ip ospf cost <1-65535>...
Page 385 Index of Commands mal | fast> .................................161 ipv6 mld snooping-proxy vlan <vlan-id> downstream query-interval <1000-31744000> ..........161 ipv6 mld snooping-proxy vlan <vlan-id> downstream query-max-response-time <1000-25000> ......161 ipv6 mld snooping-proxy vlan <vlan-id> upstream interface port-channel <port-list> ........161 ipv6 mld snooping-proxy vlan <vlan-id> upstream last-listener-query-interval <1-8387584> ........162 ipv6 mld snooping-proxy vlan <vlan-id>...
Page 386 Index of Commands lldp basic-tlv system-capabilities ............................179 lldp basic-tlv system-description ............................179 lldp basic-tlv system-name ..............................179 lldp dcbx application <ether-type><fcoe> priority <0-7> ....................82 lldp med location civic [county <county>] [city <city>] [division <division>] [neighbor <neighbor>] [street <street>] [leading-street-direction <value>] [trailing-street-suffix <value>] [street-suffix <value>] [house-number <num>] [house-number-suffix <value>] [landmark <landmark>]...
Page 387 Index of Commands mac-transfer dynamic-to-filter interface port-channel <port-list> ................196 mac-transfer dynamic-to-filter mac <mac-addr> .......................196 mac-transfer dynamic-to-filter vlan <vlan-list> ......................196 mac-transfer dynamic-to-forward interface port-channel <port-list> ...............197 mac-transfer dynamic-to-forward mac <mac-addr> ......................196 mac-transfer dynamic-to-forward vlan <vlan-list> .......................197 ma-index ....................................51 md-index ....................................51 media-type 10g <SFP+|DAC10G> ............................136 mep <mep-id>...
Page 388 Index of Commands nlb ipv6 neighbor name <name> ip <ip> mac <mac> ......................228 nlb mac-forward name <name> mac <mac> vlan <vlan-id> interface port-channel <port-list> .......227 no aaa accounting commands .............................28 no aaa accounting dot1x ................................28 no aaa accounting exec .................................28 no aaa accounting system ..............................28 no aaa accounting update ..............................27 no aaa accounting update ..............................376...
Page 389 Index of Commands no broadcast-limit ..................................47 no classifier <name> ...................................61 no classifier <name> inactive ..............................61 no classifier logging ...................................62 no cluster ....................................64 no cluster member <mac> ................................64 no clv ......................................68 no connected-port <port-list> ............................210 no custom-default ..................................73 no destination monitor-port ..............................210 no dhcp dhcp-vlan ...................................92 no dhcp option profile <name>...
Page 390 Index of Commands no external-alarm <index> ..............................107 no external-alarm all ................................107 no fixed <port-list> ................................340 no flow-control ..................................136 no forbidden <port-list> ..............................340 no green-ethernet auto-power-down ..........................111 no green-ethernet auto-power-down ..........................112 no green-ethernet eee ................................111 no green-ethernet eee ................................112 no green-ethernet short-reach ..............................112 no green-ethernet short-reach ..............................112 no group ....................................221 no group <name-str>...
Page 391 Index of Commands no ip ospf message-digest-key <key> ..........................230 no ip ospf priority <0-255> ...............................230 no ip policy-route <name> ..............................251 no ip policy-route <name> inactive ............................251 no ip policy-route <name> sequence <number> .........................251 no ip route <ip> <mask> ................................315 no ip route <ip> <mask> <next-hop-ip> ...........................315 no ip route <ip>...
Page 392 Index of Commands no l2protocol-tunnel point-to-point pagp ..........................176 no l2protocol-tunnel point-to-point udld ..........................176 no l2protocol-tunnel stp .................................176 no l2protocol-tunnel vtp .................................176 no lacp .....................................331 no limit address-count ................................166 no lldp .......................................182 no lldp admin-status ................................180 no lldp basic-tlv management-address ..........................180 no lldp basic-tlv port-description ............................181 no lldp basic-tlv system-capabilities .............................181 no lldp basic-tlv system-description ............................181...
Page 393 Index of Commands no multicast-limit ..................................47 no multi-login ...................................220 no mvr <vlan-id> ..................................221 no network <ip-addr/bits> ..............................232 no nlb arp ip <ip> ..................................228 no nlb ipv6 neighbor ip <ip> ..............................228 no nlb mac-forward mac <mac> vlan <vlan-id> ........................227 no non-querier ..................................124 no passive-iface <ip-addr/bits>...
Page 394 Index of Commands no pwr mibtrap ..................................243 no radius-accounting <index> .............................274 no radius-accounting <index> .............................376 no radius-server <index> ...............................273 no radius-server <index> ...............................376 no receiver-port <port-list> ..............................221 no redistribute rip ..................................233 no redistribute rip ..................................234 no redistribute static ................................233 no redistribute static ................................235 no remote-management <index>...
Page 395 Index of Commands no spanning-tree <port-list> rootguard .........................308 no ssh key <rsa1|rsa|dsa> ..............................311 no ssh known-hosts <host-ip> .............................311 no ssh known-hosts <host-ip> <1024|ssh-rsa|ssh-dsa> ....................311 no Stacking ....................................303 no Stacking force-master ...............................303 no storm-control ..................................46 no subnet-based-vlan ................................318 no subnet-based-vlan dhcp-vlan-override ..........................319 no subnet-based-vlan source-ip <ip>...
Page 396 Index of Commands non-querier ....................................124 normal <port-list> ................................340 owner .......................................280 passive-iface <ip-addr/bits> ............................233 password [cipher] <pw-string> [privilege <0-14>] ......................238 password encryption ................................238 permit link-local ..................................167 ping <ip|host-name> [vlan <vlan-id>] [size <0-1472>] [-t] ....................364 ping help ....................................364 ping6 <ipv6-address> <[-i <interface-type> <interface-number>] [-t] [-l <1-1452>] [-n <1-65535>] [-s <ipv6-ad- dress>] ..................................160 policy <name>...
Page 397 Index of Commands priority-flow-control auto ................................78 priority-flow-control priority <priority-list> ........................78 private-vlan <primary | isolated | community> .........................264 private-vlan association <secondary-vlan-list> ......................264 private-vlan mode .. <promiscuous | isolated | community> association <vlan-id> dot1q <tagged | untagged> 265 private-vlan name <name> vlan <vlan-id> ........................263 private-vlan name <name>...
Page 398 Index of Commands reset slot <slot-list> ................................364 restart ipv6 dhcp client vlan <1-4094> ..........................158 rmirror vlan <vlan-id> ................................210 rmon alarm alarmtable <alarm-index> variable <variable> interval <interval-integer> sample-type <abso- lute|delta> startup-alarm <startup-alarm> rising-threshold <rising-integer> <event-index> falling- threshold <falling-integer> <event-index> [owner <owner>] ..............281 rmon alarm alarmtable <alarm-index>...
Page 399 Index of Commands show arp inspection vlan <vlan-list> ..........................35 show auto-config ..................................41 show bpdupguard ..................................45 show classifier [<name>] ................................60 show cluster ....................................64 show cluster candidates ................................64 show cluster member ................................64 show cluster member config ..............................64 show cluster member mac <mac> ............................64 show cpu-protection interface port-channel <port-list>...
Page 400 Index of Commands show igmp-snooping group count ............................128 show igmp-snooping group interface port-channel <port-list> .................128 show igmp-snooping group interface port-channel <port-list> count ..............128 show igmp-snooping group vlan <vlan-list> ........................128 show igmp-snooping group vlan <vlan-list> count ......................128 show igmp-snooping querier ..............................128 show igmp-snooping statistics interface port-channel <port-list>...
Page 401 Index of Commands show ip policy-route <name> sequence <number> ......................251 show ip protocols ..................................229 show ip protocols ..................................277 show ip rip database ................................279 show ip route ...................................315 show ip route static .................................315 show ip source binding [<mac-addr>] [...] ...........................148 show ip source binding help ..............................148 show ip tcp ....................................143 show ip udp ....................................143 show ipv6 ....................................143...
Page 402 Index of Commands show lldp statistic interface port-channel <port-list> ....................182 show logging ....................................192 show logging | begin <string> ............................192 show logging | begin <string1> include <string2> ......................192 show logging | include <string> ............................192 show logging | refresh ................................192 show logins ....................................193 show loopguard ..................................194 show mac address-table all [<sort>] ..........................196 show mac address-table count ............................196...
Page 403 Index of Commands show rootguard ..................................364 show router dvmrp ..................................96 show router igmp ..................................125 show router ospf ..................................229 show router ospf area ................................230 show router ospf network ...............................230 show router ospf redistribute ..............................230 show router ospf summary-address ............................233 show router ospf virtual-link ..............................230 show router rip ..................................277 show router vrrp ..................................358 show running-config ................................303...
Page 404 Index of Commands show vlan <vlan-id> ................................345 show vlan <vlan-id> ................................68 show vlan <vlan-id> counters .............................340 show vlan <vlan-id> interface port-channel <port-num> counters ................340 show vlan private-vlan ................................265 show vlan private-vlan <vlan-id> ............................265 show vlan1q gvrp ..................................115 show vlan1q ingress-check ..............................341 show vlan1q port-isolation ..............................349 show vlan-stacking ..................................350 show voice-vlan ..................................354...
Page 405 Index of Commands Stacking force-master ................................303 Stacking priority <1-63> ................................303 Stacking slot-id <current slot-id> renumber <new slot-id> ....................303 Stacking slot-id <current slot-id> renumber auto ........................303 storm-control ....................................46 subnet-based-vlan ..................................318 subnet-based-vlan dhcp-vlan-override ..........................318 subnet-based-vlan name <name> source-ip <ip> mask-bits <mask-bits> source-port <port> vlan <vlan-id> priority <0-7>...
Page 406 Index of Commands day][wednesday][thursday][friday][saturday][sunday]|daily|weekdays|weekend> <hh:mm> to <hh:mm>] timesync <daytime|time|ntp> ...............................75 timesync server <ip|domain name> ............................75 traceroute <ip|host-name> [vlan <vlan-id>] [ttl <1-255>] [wait <1-60>] [queries <1-10>] ........329 traceroute help ..................................329 traceroute6 <ipv6-addr|host-name> <[ttl <1-255>] [wait <1-60>] [queries <1-10> ]> ............329 traceroute6 help ..................................329 traffic-class <id>...
Page 407 Index of Commands vlan-type <802.1q|port-based> ............................340 voice-vlan <vlan-id> ................................354 voice-vlan oui <mac-addr> mask <mask-addr> description <description> ...............354 voice-vlan priority <0-7> ................................354 weight <wt1> <wt2> ... <wt8> ...............................270 wfq ......................................270 wfq ......................................271 wol relay udp <destination-socket> source-vlan <vlan-list> destination-vlan <vlan-list> ..........362 write memory [<index>] ................................365 wrr ......................................270 wrr ......................................271...

Save PDF