Contents CLI Configuration Manual ........................1 1. System Status Commands ....................... 7 1.1 Mode Description ......................7 1.2 System information ......................8 Function Brief ........................8 1.2.1 show version ......................8 1.2.2 show clock ......................8 1.3 Log information ......................... 9 Function Brief ........................
Page 3
3.2.1 rate-limit ........................ 23 3.3 Port mirroring ........................23 Function Brief ........................ 23 3.3.1 monitor........................23 3.4 Link aggregation ......................24 Function Brief ........................ 24 3.4.1 trunk ........................24 3.4.2 load-balance ......................25 3.4.3 lacp enable | disable ................... 25 3.4.4 lacp active | passive ...................
System Status Commands Mode Description Command Description How to enter and exit each mode (the privilege mode, global mode, and interface mode) Parameter None Default None Command Mode Privileged mode Example username: admin password: admin(Hidden) switch# switch# exit press ENTER to get started username: // This command is used to enter the privileged mode, and the exit command is used to exit the privileged mode.
// This command is used to enter the vlan1 interface mode from the global mode, and the exit command is used to exit the vlan1 interface mode. System information Function Brief This module is used to display the device name, software version, hardware version, MAC address, compile time, run time, and current system time.
This command is used to display the current system time. Parameter None Default None Command Mode Privileged mode Example switch# show clock Log information Function Brief This module is used to display system logs when the system is running, so that maintenance staff can conveniently analyze relevant problems.
1.4.1 show interface Command Description This command is used to display the packet statistics of one or more ports. Parameter <cr> It is used to display data statistics of all ports. G<1-24> It is used to display data statistics Default None Command Mode Privileged mode...
Global configuration mode Example switch(config)# lacp state View route Function Brief The function module is used to display switch routing information. 1.6.1 show ip route Command Description This command is used to display the router information. Parameter View the BGP routing information connected View the connected routing information ospf...
ERPS-RING status Function Brief The function module is used to display erps information. 1.7.1 show erps Command Description This command is used to display the erps information. Parameter None Default None Command Mode Privileged mode Example switch# show erps Power status Function Brief The function module is used to display power supply information.
System Setting Commands IP config IP address configuration commands include: ip address ip address dhcp ip address old_ip A.B.C.D/M new_ip A.B.C.D/M show ip interface notice:A.B.C.D/M,Example:192.168.1.1/24 Function Brief The IP configuration module is used to add, delete or display the interface IP information of a switch. 2.1.1 ip address Command Description...
//Disables the IP of the interface to access automatically. Parameter None Default Open port Command Mode Interface configuration mode Example switch(config)# interface vlanif1 switch(config-vlanif1)#ip address dhcp switch(config-vlanif1)#no ip address dhcp 2.1.3 ip address old_ip Command Description ip address old_ip A.B.C.D/M new_ip A.B.C.D/M Change the IP configuration of the interface (amend the old_ip to new_ip) Parameter...
Example switch(config)#show interface vlanif1 switch#show interface vlanif1 User config User configuration commands include: username name show user Note: name indicates the user name, which is a string of 1 to 32 characters. password indicates the password, which is a string of 1 - 32 characters.level indicates the user level, which ranges from 1 (lowest management rights) to 15 (highest management rights).
Default admin Command Mode Global configuration mode Example switch(config)#username test password test //Add a user "test", it is the default password is testing and rights: the guest. switch(config)#username test password test privilege admin //Modify user: test, password: test, permissions: admin. switch(config)#username test password test privilege guest //Modify user: the test management authority for the guest.
Function Brief When enabled, this function can be used to automatically synchronize the switch time with the network time. 2.3.1 sntp enable|disable Command Description ntp: //This command is used to enable the NTP function. no ntp: //This command is used to disable the NTP function. Parameter None Default...
2.3.3 sntp auto-sync timer Command Description This command is used to set the SNTP synchronization time interval. Parameter sntp auto-sync timer time,time Values range 5-65535s, 300s default value. Default 300s Command Mode Global configuration mode Example Switch(config)#sntp auto-sync timer 5 2.3.4 sntp connect Command Description...
Default Command Mode Global configuration mode Example switch(config)#sntp timezone set 32 / /Modify the time zone east eight area. 2.3.6 local-time date Command Description local-time date YYYY-MM-DD time HH:MM:SS //Set the local time year - month - day hours: minutes: seconds Parameter None Default...
Port configuration commands Port config Port configuration commands include: duplex speed flow-control shutdown description Function Brief This module is used to configure basic parameters related to ports of a switch. These basic parameters directly influence the port working mode. 3.1.1 duplex Command Description duplex {auto | full | half }...
3.1.2 speed Command Description speed {10 | 100 | 1000|10000|auto } no speed //It is used to set the port rate. Parameter parameter Parameters of the command mode 10,100,1000,10000 The port rate is set to 10M, 100M and 1000M. auto The port rate is set to Auto.
3.1.4 shutdown Command Description shutdown no shutdown //This command is port switch. Parameter None Default The port is enabled by default. Command Mode Interface configuration mode Example //This command is used to disable a port. switch(config)#interface G1 switch(config-G1)# shutdown 3.1.5 description Command Description This command is to configure the port description information,...
3.2.1 rate-limit Command Description rate-limit {1-10000000 } egress/ingress no rate-limit egress/ingress //Configure port egress / ingress speed limit function, use the no form, port restore default settings . Parameter 1-10000000 Port speed range is 1-10000000kbps Default Command Mode Interface configuration mode Example //The speed limit exports 10000 Kbps switch(config)#interface G1...
Port mirror number IFNAME port number,Example G1,T1 Default None Command Mode Global configuration mode Example //This command is to configure the session 1 source port for G1,G2, destination port for G3. switch(config)# monitor session 1 both destination G3 source G1 Link aggregation Static aggregation configuration commands include: Trunk...
interface trunk [trunk ID] Configuration trunk trunk [trunk ID] Default None Command Mode Global configuration mode Example switch(config)# interface trunk 1 switch(config)# interface G1 switch(config-G1)# trunk 1 3.4.2 load-balance Command Description load-balance //This command is to set up static aggregation of load balance mode. Parameter both-mac Based on the source mesh MAC load balancing...
None Default Disable Command Mode Interface configuration mode Example switch(config)#interface G1 switch(config-G1)# lacp disable 3.4.4 lacp active | passive Command Description lacp active lacp passive //This command is used to configure the role of an LACP port. //It specifies the role of a port, which is active or passive. Parameter None Default...
auto: The key value is automatically negotiated. Default auto Command Mode Interface configuration mode Example switch(config)# interface G1 switch(config-G1)# lacp key 100 3.4.6 lacp port-priority Command Description lacp port-priority <1-32768> //This command is used to configure the priority of an LACP port. Parameter <1-32768>: It specifies the priority range.
Page 28
switch(config)# load-balance both-mac switch(config)# interface trunk 1 switch(config)# interface G1 switch(config-G1)# trunk 1 switch(config)# interface trunk 1 switch(config)# interface G2 switch(config-G1)# trunk 1 phenomenon: After aggregation, two links form one logical link and thus the bandwidth is doubled. Besides, the load is shared based on the source or destination MAC address.
Advanced configuration commands VLAN config VLAN configuration commands include: switchport mode switchport pvid switchport trunk|hybrid| access show vlan Function Brief Ethernet is a shared communication media based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) technology. A LAN built using the Ethernet technology is not only a collision domain, but also a broadcast domain.
QinQ config Qinq configuration commands include: Qinq Qinq otpid Function Brief QinQ technology through the stacked two 802.1Q in the Ethernet frame header, effectively expanded the number of VLAN, make the number of vlans up to 4094x4094. 4.2.1 qinq Command Description Enable qinq //no qinq express disable qinq function.
<0x0000-0x9999> Tag QinQ layer protocol type Default 0x8100 Command Mode Interface configuration mode Example switch(config)# qinq otpid 0x88a8 MAC config MAC configuration commands include: mac-address aging-time show mac-addres Function Brief The switch is able to send packets directly to the destination node instead of sending packets to all nodes as a hub,the key technology is that the switch can identify the network card MAC address of the node, then put them in a place called MAC address table.
None Command Mode Global configuration mode Example //Set the MAC address aging time to 100s. switch(config)# mac-address aging-time 100 //Set the MAC address aging time to 300s. switch(config)# no mac-address aging-time 4.3.2 show mac-address Command Description show mac-addres{ aging-time} Parameter None Default None...
host and modify the aging time of ARP entries. 4.4.1 show arp Command Description show arp //This command to display the ARP. Parameter None Default None Command Mode Global configuration mode Example //This command to display the ARP. switch(config)# show arp 4.4.2 arp static Command Description...
arp timeout seconds //This command is used to set the aging time. no arp timeout //This command is used to cancel time Settings. Parameter Parameter Parameters of the command mode seconds Unit second, value range:60-86400. Default None Command Mode Interface configuration mode Example //This command is to set up the ARP aging time for 3000 seconds.
same packets. Protocol packets used by STP are Bridge Protocol Data Units (BPDUs), which are also called configuration messages. A BPDU contains sufficient information to ensure that a device can complete the spanning tree computation process. STP transfers BPDUs between devices to determine the network topology.
Global configuration mode Example switch(config)# spanning-tree mode rstp //Set the STP version to RSTP. 4.5.3 spanning-tree max-age Command Description spanning-tree max-age {6-40} Parameter BPDU biggest survival time.Value range:6-40s. seconds Default Command Mode Global configuration mode Example //This command configure the STP the largest survival time for 24 seconds. switch(config)# spanning-tree max-age 24 4.5.4 spanning-tree hello-time...
Command Mode Global configuration mode and Privileged mode Example //Display the STP configuration. switch# show spanning-tree Spanning-tree is disable: max age bridge forward delay 20 forward delay 15 max hops hello time 2 orce protocol version mstp 4.5.11 show spanning-tree interface brief Command Description show spanning-tree interface brief Parameter...
show igmp-snooping group Function Brief Internet Group Management Protocol Snooping, shorted as IGMP Snooping, is a multicast restriction mechanism running on a L2 device to manage and control multicast groups. The L2 device on which IGMP Snooping runs analyzes the received IGMP packets, create a mapping relationship between ports and MAC multicast addresses and forwards multicast data according to the mapping relationship 4.6.1...
Example //This command will configure a old time of 200s: switch(config)# igmp-snooping host-age-time 200 4.6.3 igmp-snooping fast-leave Command Description ip igmp-snooping fast-leave: //This command is used to enable the immediate leave function of a port. no ip igmp-snooping fast-leave: //This command is used to disable the immediate leave function of a port. Parameter None Default...
4.6.5 show igmp-snooping group Command Description show igmp-snooping group Parameter None Default None Command Mode Privileged mode Example //This command is to display multicast group information: switch# show igmp-snooping group VID SOURCE GROUP interFACE ----------------------------------------------- ----------------------- 0.0.0.0 233.45.18.88 0.0.0.0 239.255.255.250 G4 G2 0.0.0.0 224.0.0.252...
switch(config-G3)# igmp-snooping static-group 233.2.2.2 vlan 1 phenomenon: PC2/PC3 can receive video streams from the multicast source, but PC4 cannot. DHCP server DHCP server configuration commands include: ip dhcpd dhcp pool network default-router dns-server static lease domain-name netbios-name-server Function Brief DHCP server refers to a computer that manages DHCP standards on a specific network.
//This command is used to globally enable the DHCP server. switch(config)# ip dhcpd enable 4.7.2 dhcp pool Command Description dhcp pool <word>: // This command is used to add a DHCP address pool. No dhcp pool <word>: // This command is used to delete a DHCP address pool with the specified name. Parameter Parameter Parameters of the command mode...
switch(config-dhcp)#Network 192.168.1.0/24 vlanif1 //Set the DHCP from vlan1 distributed address segment is 192.168.1.0/24 4.7.4 default-router Command Description Default-router <A.B.C.D>: //This command is used to configure the default gateway of the address pool. Parameter Parameter Parameters of the command mode A.B.C.D Default-router Default None...
static A.B.C.D MAC //This command is used to static binding IP and MAC. no static A.B.C.D //This command is used to delete static binding. Parameter Paramet Parameters of the command mode A.B.C.D Static binding IP Static binding MAC Default None Command Mode Address pool configuration mode Example...
Domain-name,Example:www.dahua.com Default None Command Mode Address pool configuration mode Example switch(config)# dhcp pool 1 switch(config-dhcp)# domain-name www.dahua.com //This command is used to configure the DNS server domain name at www.dahua.com. 4.7.9 nbns-server Command Description nbns-server A.B.C.B //This command is used to configure the secondary DNS server.
switch# configure terminal switch(config)# ip dhcpd enable switch(config)# dhcp pool a switch(config-dhcp)# default-router 192.168.1.1 switch(config-dhcp)#dns-server 8.8.8.8 switch(config-dhcp)# lease 1000 switch(config-dhcp)# network 192.168.1.0/24 vlanif1 phenomenon: Clients including PC1-PC100 can obtain correct IP addresses from the DHCP server (SW 1). Note: An L3 interface of the same VLAN shall be configured for the DHCP server in the VLAN, so that the DHCP server can distribute IP addresses to clients in the VLAN.
no ip helper-address A.B.C.D //This command is used to disable the DHCP relay. Parameter None Default Disable Command Mode Interface configuration mode Example //This command is used to open the DHCP relay in vlan 1 switch(config)#interface vlanif1 switch(config-vlanif1)# ip helper-address 192.168.1.1 DHCP snooping DHCP snooping configuration commands include: ip dhcp-snooping...
//This command is used to disable the DHCP snooping configuration mode. Parameter None Default Disable Command Mode Global configuration mode Example None 4.9.2 ip dhcp-snooping trust Command Description ip dhcp-snooping trust: //This command is used to configure the DHCP snooping trust mode. no ip dhcp-snooping trust: //This command is used to configure the DHCP snooping non-trust mode.
Privileged mode Example switch# show ip dhcp-snooping lease 4.10 QoS config QoS configuration commands include: remark cos default trust cos map dscp map scheduler police Function Brief QoS(Quality of Service) refers to a network can use a variety of basic technology and provid better service capabilities for designated network communications.
4.10.4 cos map Command Description cos map Set the mapping relationship between COS priority and queue. Parameter None Default Priority and queue one-to-one mapping Command Mode Global configuration mode Example //Map the cos priority 0 to the queue 3 switch(config)# cos map 0 3 4.10.5 dscp map Command Description...
4.10.6 scheduler policy Command Description scheduler police //Set Qos scheduling algorithm. Parameter Strict priority mode: First in the queue with the highest priority service, until the priority is empty and service for the next high priority queue, and so on. Weighted round robin scheduling algorithm: To support different bandwidth requirements, it can allocate different proportion of output bandwidth for different queues.
Page 58
switch(config)#interface G20 switch(config-G20)cos default 6 switch(config-G20)no qos trust b、 Set the destination address of the Ixia1-2 port to the source MAC address of the Ixia3 port. c、1-2 ports start sending data packets after learning MAC addresss. (二)Test result Conclusion:pass Observe the source MAC address of the packets which capture in port 3 ,you can find that the received data packets from port 11.
4.11 VRRP configuration commands include: vrrp advertisement vrrp IP vrrp preempt vrrp preempt time vrrp priority Function Brief Virtual Router Redundancy Protocol,or VRRPfor short, it is proposed by IETF to solve the routing protocol of single point of failure in the local area network configuration.It has introduced a standard RFC2338 protocol in 1998.
None Command Mode Interface configuration mode Example //Modify notification time of group1 is 5 seconds. switch(config)# interface vlanif1 switch(config-vlanif1)# vrrp 1 advertisement 5 4.11.2 vrrp ip Command Description vrrp<group> ip A.B.C.D //This command is to set up virtual routing IP address. Parameter None Default...
switch(config)#interface vlanif1 switch(config-vlanif1)#no vrrp 1 preempt 4.11.4 vrrp preempt time Command Description vrrp<group> preempt time< 0-1000s> //This command is to set the current VRRP group delay. Parameter Time: Time range 0-1000s,Default 0s Default Command Mode Interface configuration mode Example //This command is to set up 3 seconds after the preemption. switch(config)#interface vlanif1 switch(config-vlanif1)# vrrp 1 preempt 3 4.11.5...
Routing configuration commands Interface config Interface configuration commands include: interface shutdown ip address show interface Function Brief Based on the switch L3 routing principle, the virtual interface is established for each Vlan to set up the L3 address information of each Vlan. 5.1.1 interface Command Description...
Command Mode Interface configuration mode Example switch(config-vlanif1)# shutdown switch(config-vlanif1)# no shutdown 5.1.3 ip address Command Description ip address { A.B.C.D/M} no ip address{ A.B.C.D/M} Parameter Parameter Parameters of the command mode A.B.C.D/M Ipv4 address Default 192.168.255.1 Command Mode Interface configuration mode Example //This command is to add or delete an IP address.
Static routing Static routing configuration commands include: ip route show ip route Function Brief Static routing is a routing information that is manually configured by a user or network administrator. When the topology of the network or the state of the link changes, the network administrator needs to manually modify the routing table in the relevant static routing information.Static routing information is private by default and will not be passed to other routers.Of course, the network administrator can also be set to make the router to be...
//This command is to add or delete the static routing. switch(config)# ip route 0.0.0.0/8 0.0.0.0 1 switch(config)# no ip route 0.0.0.0/8 0.0.0.0 1 switch(config)# ip route 10.0.0.2 10.255.255.255.0 10.0.0.1 1 switch(config)# no ip route 10.0.0.2 10.255.255.255.0 10.0.0.1 1 5.2.2 show ip route Command Description show ip route: //This command is used to display the static routes.
OSPF config OSPF configuration commands include: router OSPF network address wildmask area area-ID router-id A.B.C.D timers throttle spf default-metric passive-interface redistribute rip|static|connected default-information originate ip ospf Show ip ospf Function Brief OSPF is a link state routing protocol that uses bandwidth based metrics.OSPF uses the SPF algorithm to calculate the route,no routing loop is guaranteed from the algorithm,maintain route through neighbor relationship,Avoid periodic updates on bandwidth consumption.OSPF routing update rate is high, and...
5.3.2 network Command Description network A.B.C.D/M area area-id //Declaration of OSPF network and regional. no network A.B.C.D/M area area-id //Delete the declaration of OSPF network and regional. Parameter Parameter Parameters of the command mode A.B.C.D/M Ip address and mask area-id area,range: <0-4294967295>...
5.3.4 timers throttle spf Command Description timers throttle spf TIME1 TIME2 TIME3 no timers throttle spf //Configure the throttle SPF timer, use the no form of the command, the throttle SPF timer value is returned to the default value. Parameter Parameter Parameters of the command mode TIME1...
//This command is to set the OSPF redistribution RIP. switch(config-ospf)#redistribute RIP //This command is to set the OSPF redistribution static. switch(config-ospf)#redistribute static //This command is to set the OSPF redistribution connected. switch(config-ospf)#redistribute connected 5.3.8 default-information originate Command Description default-information originate [always] [metric] [metric-type] [route-map] no default-information originate [always] [metric] [metric-type] [route-map] //default-information originate command is used to configure the local router to generate a default OSPF routing and related parameters, and to notify the neighbors.
Page 75
//This command is set OSPF network attribute Parameter cost Cost value,you increase measure value of this interface to go out. network Network type:point-to-point ,broadcast,non-broad cast priority Interface priority, broadcast multi access network to make it a DR hello-interval Valid time interval dead-interval Invalid time interval authentication...
switch(config-vlanif2)# ip ospf authentication message-digest switch(config-vlanif2)# ip ospf authentication-key abc 5.3.10 show ip ospf Command Description //This command is used to display the OSPF show ip ospf border-routers/database/interface/neighbor/route Parameter border-routers Boundary router, which is used to display the border router. database Link state...
Page 77
sw1: switch(config)#interface vlanif1 switch(config-vlanif1)# ip address 192.168.222.1/24 switch(config)#interface vlanif2 switch(config-vlanif2)# ip address 192.168.2.1/24 switch(config-vlanif2)#exit switch(config)#interface G22 switch(config-G22)# switchport mode access switch(config-G22)# switchport pvid 2 switch(config)# router ospf switch(config-ospf)# ospf router-id 1.1.1.1 switch(config-ospf)# network 192.168.2.0/24 area 0 switch(config-ospf)# network 192.168.222.0/24 area 0 sw1: switch(config)#interface vlanif3 switch(config-vlanif3)# ip address 192.168.3.1/24...
phenomenon: //Display OSPF route SW1: SW2: PC1 ping PC2 BGP config BGP configuration commands include: router bgp timers bgp redistribute neighbor Network Function Brief The border gateway protocol (BGP) is a routing protocol that runs on TCP,which is a kind of autonomous system. BGP is the only protocol that is used to...
deal with the network size of the Internet, and is the only protocol that can properly handle the multi connection between the routing domain.BGP is built on the experience of EGP.The main function of the BGP system is to exchange network reachability information with other BGP systems.The network reachability information includes information of the autonomous system (AS) listed.These information effectively construct the topology of AS interconnection and thus clears...
switch(config-bgp)# timers bgp 50 150 5.4.3 redistribute Command Description redistribute //This command is to set the BGP redistribution. Parameter None Default None Command Mode Interface configuration mode Example //This command is to set the BGP redistribution OSPF. switch(config-bgp)# redistribute ospf 5.4.4 neighbor Command Description neighbor...
timers version Function Brief RIP is Interior Gateway Protocol that more common used and used earlier.It is suitable for small and similar network,and it is a typical distance vector protocol.RIP exchange routing information through broadcast UDP messages,and it is send routing information update every 30 seconds.RIP provides count Hop (hop count) as a scale to measure routing distance.The hop count is the number of routers that a packet must pass to reach the target.If the same target has two different speed or...
Command Mode Interface configuration mode Example //This command is to set the default-metric to 5. switch(config)# router rip switch(config-rip)# default-metric 5 5.5.3 distance Command Description distance XX Parameter Parameter Parameters of the command mode Range 1-255. Default 120 Default Command Mode Interface configuration mode Example //This command is to change administrative distance to 110.
offset-list <acl-name> {in | out} <metric> [<if-name>] No offset-list <acl-name> {in | out} <metric> [<if-name>] Parameter Parameter Parameters of the command mode acl-name Call access control list name In| out Call ACL application direction Metric Set offset by default 1, range 1-16 If-name Application rules...
5.5.9 redistribute Command Description redistribute <protocol> [metric <metric>] [route-map <route-map>] no redistribute <protocol> [metric <metric>] [route-map <route-map>] Parameter Parameter Parameters of the command mode protocol The routing protocols that need to be introduced into the RIP, such as IS-IS, OSPF, BGP, static, connect, etc., are introduced.
update-interval RIP packet update interval , default 30S dead-interval RIP packet dead interval ,default 180S garbage-interval RIP packet garbage interval,default 120S. Default None Command Mode Interface configuration mode Example //The periodic update time of the configuration RIP protocol is 20 seconds, the death time is 100 seconds, garbage collection time is 60 seconds.
Network security commands Anti-attack Anti-attack configuration commands include: system ignore icmp-echo system protection syn-ack system rate-limit Function Brief Anti attack configuration is used to ignore the ICMP request for the purpose of this device, The defense equipment TCP SYN attack and control CPU data receiving threshold.
configuration. system protection syn-ack no system ignore icmp-echo Parameter None Default None Command Mode Global configuration mode Example //Configur defense against this device SYN TCP attack. switch(config)# system protection syn-ack 6.1.3 system rate-limit Command Description system rate-limit value no system rate-limit //If you want to control the CPU of the received data value, you can use this command to configure.
mac-address static 6.2.1 mac-address static Command Description mac-address static mac-addr vlan vlan-id interface interface-id //This command is used to add a static MAC address. no mac-address static mac-addr vlan vlan-id // This command is used to delete a static MAC address. Parameter Parameter Parameters of the command mode...
6.3.1 ip-mac bind Command Description //This command is used to enable the ip-mac banding. ip-mac bind enable //This command is used to disable the ip-mac banding. ip-mac bind disable //This command is used to enacble IP - MAC banding on the interface. ip-mac bind enable port interface-id //This command is used to disable IP - MAC banding on the interface.
switch(config)# ip-mac bind add G2 192.168.1.1 50-46-5D-E2-D5-50 6.3.2 show ip-mac bind Command Description //This command is used to display a IP ip-mac binding. show ip-mac bind ip-addr //This command is used to display the ip-mac configuration. show ip-mac bind config //This command is used to display the ip-mac bind.
redirection, or port shutdown. 6.4.1 mac acl Command Description mac acl <1-99> //This command is used to add an Mac-acl entry. no mac acl <1-99> //This command is used to delete an Mac-acl entry. Parameter Parameter Parameters of the command mode <1-99>...
6.4.3 rule Command Description rule <1-127> deny/permit <source mac> <destination mac> cos <0-7>/vlan <1-4094>/eth_type ETHTYPE rule <1-127> deny/permit icmp/igmp/tcp/udp/ip <source ip> <destination ip> ip_pri<0-7> / tos_pri<0-15>/ dscp_pri<0-63> //This command is used to add an ACL ACE entry. no rulel <1-127> //This command is used to delete an ACL ACE entry.
Parameter None Default Disable Command Mode Global configuration mode Example switch(config)#dot1x 6.5.2 dot1x auth-server Command Description dot1x auth-server ip A.B.C.D secondary-ip A.B.C.D port<PORT> shared-secret< SECRET > //The configuration of the authentication server IP address and IP address of the secret key and the standby server.
Command Mode Global configuration mode Example switch(config)#dot1x auth-server-type local switch(config)#dot1x auth-server-type remote 6.5.4 dot1x acct-sever Command Description dot1x acct-sever ip A.B.C.D secondary-ip A.B.C.D port<PORT> shared-secret< SECRET > //Configure the billing server IP address and the standby server IP address and secret key.
Command Mode Global configuration mode Example //This command is to reauth-period is 2400s. switch(config)#Dot1x timer reauth-period 2400 switch(config)#Dot1x timer quient-period 20 6.5.6 dot1x auth-mode Command Description dot1x auth-mode authorized-force/ auto/ unauthorized-force //Modify port Dot1x authentication after forced through / Auto / force no option. Parameter authorized-force forced authenticating successfully...
Example //port 1 based on mac authentication . switch(config)#interface G1 switch(config-G1)# dot1x controlled-mode based-on-mac 6.5.8 dot1x auth Command Description dot1x auth hold-time value<0-65535> Parameter value Unit: second, range: 0-65535 hold-time Certification aging time Default 300S Command Mode Global configuration mode Example //The certification aging time changed to 50 seconds.
switchport protected Function Brief The port isolation function can be used to isolate ports in the same VLAN from each other. You only need to add ports to an isolation group to implement isolation of L2 data communication of different ports in the same isolation group.
network. 6.7.1 storm-control broadcast pps Command Description storm-control broadcast pps vlaue //This command is used to enable the broadcast storm control function. no storm-control broadcast //This command is used to disable the broadcast storm control function. Parameter Parameter Parameters of the command mode Value Range:0-1000000 unit:pps,Default: 0 Default...
switch(config)# interface G1 switch(config-G1)# storm-control multicast pps 1000 6.7.3 storm-control unicast pps Command Description storm-control unicast pps vlaue //This command is used to enable the unicast storm control function. no storm-control unicast //This command is used to disable the unicast storm control function. Parameter Parameter Parameters of the command mode...
//This command is used to enable the loop protection function. no loop-protection //This command is used to disable the loop protection function. Parameter None Default enable Command Mode Global configuration mode and interface configuration mode Example switch(config)# loop-protection switch(config)# interface G1 switch(config-G1)# loop-protection 6.8.2 loop-protection tx-time...
Disable Command Mode Interface configuration mode Example switch(config)# interface G1 switch(config-G1)# loop-protection transmit 6.8.4 show loop-protection Command Description show loop-protection status show loop-protection interface [NAME] Parameter None Default None Command Mode privilege mode Example switch# show loop-protection status 6.8.5 example Three devices form a ring network (SW2 is a switch without the management function), and PC1 can communicate with PC2 normally.
Page 108
//This command is used to globally enable the loop protection function and configure the interval. switch(config)# interface G1 switch(config-G1)# loop-protection switch(config-G1)# loop-protection transmit switch(config-G1)#exit //This command is used to enable the loop protection and loop-protect transmit for Port G1. switch(config)# interface G2 switch(config-G2)# loop-protection Switch(config-G2)# loop-protection transmit //This command is used to enable the loop protection and loop-protect...
Note: Among ports forming the ring network, the Tx mode of at least one port shall be enabled. When the loop protection function is enabled to form a ring network, devices without the management function can be added into the ring network. When a ring network is formed, blocked ports are located on the devices where loop protection is enabled.
number of nodes on the ring network. 6.9.1 erps Command Description erps erps xx(1-24) Parameter None Default disable Command Mode Global configuration mode Example Switch(config)# erps 6.9.2 erps xx Command Description erps xx erps groupprimary PORT(A) slave PORT(B) role master vid VLAN wtr-time TIME guard-time GUARD-TIME Parameter Parameter...
Global configuration mode Example //Configure the G1-G2 port to the ERPs group 3, and the use of vlan3001 communication protocol packet WTR time is 1min, the warning time is 500s switch(config)# erps 3 primary G1 slave G2 role master vid 3001 wtr-time 1 guard-time 500 6.9.3 show erps...
Page 112
sw1: switch(config)#erps 1 primary G1 slave G2 role master vid 3001 wtr-time 1 guard-time 500 sw2/sw3: switch(config)#erps 1 primary G1 slave G2 role transit vid 3001 wtr-time 1 guard-time 500 phenomenon: G1 of SW1 is blocked. pc1(192.168.222.107) ping pc2(192.168.222.95) When any of the other links except for the link in which the blocked port is located is disconnected manually, fast switching is implemented without interrupting the ping process.
6.10 IP source guard IP source guard commands include: ip source-guard ip source-guard trust<0/1/2/3> ip dhcp-snooping binding Function Brief The IP source guard function can be used to filter packets forwarded by a port, thus preventing invalid packets from passing through the port, restricting unauthorized use of network resources (for example, unauthorized hosts may access the network by forging IP addresses of authorized users), and improving the port security.
6.10.2 ip source-guard trust Command Description ip source-guard trust<0/1/2/3> no ip ip source-guard trust Parameter Parameter Parameters of the command mode 0/1/2/3 It specifies the number of dynamic clients. The value ranges from 0 to 2. Default Unlimited Command Mode Interface configuration mode Example switch(config)# interface G1...
ip 192.168.1.1 mask 255.255.255.0 interface G1 6.10.4 show ip source-guard Command Description show ip source-guard leases Parameter none Default none Command Mode Privilege mode and global mode Example switch# show ip source-guard leases...
Network management commands HTTP config HTTP configuration commands include: ip http-server http ip http-server https Function Brief Describe the HTTP configuration command. This command can configure the switch to accept the HTTP/HTTPS service request at the specified port, processing the request and return the results to the browser. 7.1.1 ip http-server http Command Description...
//This command is used to disable the HTTP service on the switch. After this command is executed, the switch cannot be managed in HTTP mode. Parameter None Default None Command Mode Global configuration mode Example //Enable the HTTP service. switch(config)# ip http-server https SNMP config SNMP configuration commands include: community...
Parameter None Default Enable Command Mode Global configuration mode Example //Enable the SNMP function of the switch. switch(config)# snmp 7.2.2 snmp-server trap2sink Command Description snmp-server trap2sink ip //This command is used to configure the SNMP version. snmp-server trapsink ip //This command is used to restore the default SNMP version. Parameter None Default...
Global configuration mode Example switch(config)# snmp-server trap 7.2.4 snmp-server community Command Description community // The command is used to configure the authentication name and permission. Parameter ro: read only rw: read and write Default public Command Mode Global configuration mode Example //This command is used to configure a switch.
snmp-server Parameter None Default None Command Mode Global configuration mode Example switch(config)#snmp-server user ro 111 7.2.7 example SNMP is enabled on the switch and PC1 is installed with MIB Browser to obtain the switch node information. switch(config)# snmp-server switch(config)#snmp-server community ro 123 switch(config)#snmp-server community rw 123 // This command is used to configure the SNMP version and read/write community.
Page 121
pc:Open MIB Browser on the PC and add the switch IP address and corresponding community name. Right-click iso.org.dod.internet, and choose Work, as shown in the following figure. Related information is displayed. Click Trap Receiver under Tools to display uploaded trap information.
System maintenance commands Reboot Function Brief This chapter describes the device restart commands.Please pay attention to the configuration save operation Before using this command. 8.1.1 reboot Command Description reboot // This command is used to restart the equipment. Parameter None Default None Command Mode...
8.2.1 default configure Command Description default configure //This command is used to restore factory settings of the switch. After this command is executed, the equipment automatically restarts and the factory settings are successfully restored. Parameter None Default None Command Mode Privileged mode Example //Restore factory settings, and the factory settings take effect after the...
//Save the switch configuration. switch# write PING test Function Brief Like the ping command on a common PC, the PING diagnose function is used to test connectivity between two nodes on the network. The difference between the ping command and PING diagnose is as follows: The ping command executed between two common PCs is used to check whether the physical connection between the two PCs is normal.