1. Manuals
  2. Brands
  3. FoxGate Manuals
  4. Switch
  5. S6124
  6. Command manual

FoxGate S6124 Command Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

CONFIGURATION ...................................................................... 22
1.1.1 authentication line ................................................................................... 22
1.1.2 boot img .................................................................................................... 23
1.1.3 boot startup-config .................................................................................. 23
1.1.4 clock set .................................................................................................... 24
1.1.5 config ......................................................................................................... 24
1.1.6 debug ssh-server ..................................................................................... 24
1.1.7 enable ........................................................................................................ 25
1.1.8 enable password ...................................................................................... 25
1.1.9 end ............................................................................................................. 25
1.1.10 exec-timeout ........................................................................................... 26
1.1.11 exit ........................................................................................................... 26
1.1.12 help .......................................................................................................... 26
1.1.13 hostname ................................................................................................ 27
1.1.14 ip host ...................................................................................................... 27
1.1.15 ipv6 host.................................................................................................. 28
1.1.16 ip http server .......................................................................................... 28
1.1.17 language.................................................................................................. 29
1.1.18 login ......................................................................................................... 29
1.1.19 password ................................................................................................. 29
1.1.20 reload ....................................................................................................... 30
1.1.21 service password-encryption ............................................................... 30
1.1.22 service terminal-length .......................................................................... 30
1.1.23 sysContact .............................................................................................. 31
1.1.24 sysLocation ............................................................................................ 31
1.1.25 set default ............................................................................................... 31
1.1.26 setup ........................................................................................................ 32
1.1.27 show clock .............................................................................................. 32
1.1.28 show temperature .................................................................................. 32
1.1.29 show tech-support ................................................................................. 32
Content
1
............................................... 22

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S6124 and is the answer not in the manual?

Questions and answers

Related Manuals for FoxGate S6124

Summary of Contents for FoxGate S6124

  • Page 1: Table Of Contents

    Content CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFIGURATION ..............22 1.1 C ..........22 OMMANDS FOR ASIC ONFIGURATION 1.1.1 authentication line ................... 22 1.1.2 boot img ....................23 1.1.3 boot startup-config .................. 23 1.1.4 clock set ....................24 1.1.5 config ......................24 1.1.6 debug ssh-server ..................
  • Page 2 1.1.30 show version ..................33 1.1.31 username ....................33 1.1.32 web language ..................34 1.1.33 write ......................34 1.2 C ..............35 OMMANDS FOR ELNET 1.2.1 authentication ip access-class ............... 35 1.2.2 authentication ipv6 access-class ............35 1.2.3 authentication line login ................35 1.2.4 authentication securityip ................
  • Page 3 1.4.8 show snmp status ..................49 1.4.9 show snmp user ..................50 1.4.10 show snmp view ..................50 1.4.11 snmp-server community ............... 51 1.4.12 snmp-server enable ................52 1.4.13 snmp-server enable traps ..............52 1.4.14 snmp-server engineid ................53 1.4.15 snmp-server group ................53 1.4.16 snmp-server host ...................
  • Page 4 2.11 ..............69 CLUSTER UPDATE MEMBER 2.12 ................70 DEBUG CLUSTER 2.13 ..............70 DEBUG CLUSTER PACKETS 2.14 .................. 71 SHOW CLUSTER 2.15 ..............72 SHOW CLUSTER MEMBERS 2.16 ............... 73 SHOW CLUSTER CANDIDATES 2.17 ..............73 SHOW CLUSTER TOPOLOGY 2.18 ..............
  • Page 5 FUNCTION.................. 91 ............91 LOOPBACK DETECTION CONTROL ..........91 LOOPBACK DETECTION SPECIFIED VLAN ..........92 LOOPBACK DETECTION INTERVAL TIME ......93 LOOPBACK DETECTION CONTROL RECOVERY TIMEOUT ............... 93 SHOW LOOPBACK DETECTION .............. 94 DEBUG LOOPBACK DETECTION CHAPTER 6 COMMANDS FOR ULDP ........95 ..................
  • Page 6 7.13 ................. 106 SHOW LLDP TRAFFIC 7.14 ............. 107 SHOW LLDP INTERFACE ETHERNET 7.15 ........107 SHOW LLDP NEIGHBORS INTERFACE ETHERNET 7.16 ..............108 SHOW DEBUGGING LLDP 7.17 ..................108 DEBUG LLDP 7.18 ..............109 DEBUG LLDP PACKETS 7.19 .............. 109 CLEAR LLDP REMOTE TABLE CHAPTER 8 COMMANDS FOR PORT CHANNEL ....
  • Page 7 10.1.17 switchport trunk native vlan ............. 126 10.1.18 vlan ...................... 126 10.1.19 vlan ingress enable ................127 CHAPTER 11 COMMANDS FOR MAC ADDRESS TABLE CONFIGURATION ..............128 11.1 C MAC A ....128 OMMANDS FOR DDRESS ABLE ONFIGURATION 11.1.1 mac-address-table aging-time ............128 11.1.2 mac-address-table static|blackhole ...........
  • Page 8 12.1.10 spanning-tree maxage ............... 141 12.1.11 spanning-tree max-hop ..............141 12.1.12 spanning-tree mcheck ............... 141 12.1.13 spanning-tree mode ................142 12.1.14 spanning-tree mst configuration ............142 12.1.15 spanning-tree mst cost ..............143 12.1.16 spanning-tree mst port-priority ............144 12.1.17 spanning-tree mst priority ..............144 12.1.18 spanning-tree mst rootguard ............
  • Page 9 13.16 ................162 SHOW CLASS 13.17 ................. 162 SHOW POLICY 13.18 ............. 163 SHOW MLS QOS INTERFACE 13.19 ..............165 SHOW MLS QOS MAPS 13.20 ................166 SHOW MLS 13.21 ..............167 QUEUE BANDWIDTH 13.22 ..............167 QUEUE COS CHAPTER 14 COMMANDS FOR FLOW-BASED REDIRECTION ....................
  • Page 10 15.3 C ARP C ..........184 OMMANDS FOR ONFIGURATION 15.3.1 arp ......................184 15.3.2 clear arp-cache ..................185 15.3.3 debug arp ....................185 15.3.4 show arp....................186 15.3.5 show arp traffic ..................187 CHAPTER 16 COMMANDS FOR ARP SCANNING PREVENTION ....................
  • Page 11 19.2 ..............198 SHOW IP GRATUITOUS CHAPTER 20 COMMANDS FOR DHCP ........199 20.1 C DHCP S ......199 OMMANDS FOR ERVER ONFIGURATION 20.1.1 bootfile ....................199 20.1.2 clear ip dhcp binding ................200 20.1.3 clear ip dhcp conflict ................200 20.1.4 clear ip dhcp server statistics ............
  • Page 12 21.5 ............214 DEBUG IPV DHCP RELAY PACKET 21.6 ..............214 DEBUG IPV DHCP SERVER 21.7 ..................215 SERVER 21.8 .................. 215 DOMAIN NAME 21.9 ................ 215 EXCLUDED ADDRESS 21.10 ................216 ADDRESS 21.11 ..............216 DHCP CLIENT PD 21.12 ..............
  • Page 13 22.11 ........233 IP DHCP SNOOPING BINDING USER CONTROL 22.12 ..... 233 IP DHCP SNOOPING BINDING USER CONTROL MAX USER 22.13 ............... 234 IP DHCP SNOOPING TRUST 22.14 .............. 234 IP DHCP SNOOPING ACTION 22.15 ..........235 IP DHCP SNOOPING ACTION 22.16 ............
  • Page 14 24.2.1 clear ip igmp snooping vlan ............... 253 24.2.2 clear ip igmp snooping vlan <1-4094> mrouter-port ......254 24.2.3 debug igmp snooping all/packet/event/timer/mfc ......254 24.2.4 ip igmp snooping ................. 254 24.2.5 ip igmp snooping vlan ................. 255 24.2.6 ip igmp snooping vlan immediate-leave ........... 255 24.2.7 ip igmp snooping vlan l2-general-querier .........
  • Page 15 25.1.16 show ipv6 mld snooping ..............270 CHAPTER 26 COMMANDS FOR MULTICAST VLAN ..... 273 26.1 ................273 MULTICAST VLAN 26.2 ............273 MULTICAST VLAN ASSOCIATION CHAPTER 27 COMMANDS FOR ACL ........274 27.1 ............274 ABSOLUTE PERIODIC PERIODIC 27.2 ................
  • Page 16 28.1 ............... 297 DEBUG DOT X DETAIL 28.2 ............... 297 DEBUG DOT X ERROR 28.3 ................298 DEBUG DOT X FSM 28.4 ..............298 DEBUG DOT X PACKET 28.5 ................. 299 X ACCEPT 28.6 ..............299 X EAPOR ENABLE 28.7 ................
  • Page 17 30.1 ..................315 AM ENABLE 30.2 ..................315 AM PORT 30.3 ..................315 AM IP POOL 30.4 ................316 AM MAC POOL 30.5 ..................316 NO AM ALL 30.6 ..................317 SHOW AM CHAPTER 31 COMMANDS FOR SECURITY FEATURE ..319 31.1 ........
  • Page 18 33.15 ............332 RADIUS SERVER RETRANSMIT 33.16 ..............332 RADIUS SERVER TIMEOUT 33.17 ....333 RADIUS SERVER ACCOUNTING INTERIM UPDATE TIMEOUT 33.18 ............ 334 SHOW AAA AUTHENTICATED USER 33.19 ........... 334 SHOW AAA AUTHENTICATING USER 33.20 ................. 335 SHOW AAA CONFIG 33.21 ..............
  • Page 19 ....................348 37.1 ..........348 MONITOR SESSION SOURCE INTERFACE 37.2 ......348 MONITOR SESSION SOURCE INTERFACE ACCESS LIST 37.3 ........349 MONITOR SESSION DESTINATION INTERFACE 37.4 ................350 SHOW MONITOR CHAPTER 38 COMMANDS FOR SFLOW ....... 351 38.1 ................. 351 SFLOW DESTINATION 38.2 ..............
  • Page 20 40.12 ................ 362 DEBUG NTP ADJUST 40.13 ................363 DEBUG NTP SYNC 40.14 ................ 363 DEBUG NTP EVENTS 40.15 ................363 SHOW NTP STATUS 40.16 ................ 364 SHOW NTP SESSION CHAPTER 41 COMMANDS FOR SHOW ......... 365 41.1 ................365 CLEAR LOGGING 41.2 ..................
  • Page 21 CHAPTER 43 COMMANDS FOR DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY CPU ....381 43.1 ..............381 RATELIMIT TOTAL 43.2 ............ 381 RATELIMIT QUEUE LENGTH 43.3 ............381 RATELIMIT PROTOCOL 43.4 ............382 CLEAR CPU STAT PROTOCOL 43.5 .............

  • Page 22: Chapter 1 Commands For Basic Switch

    Chapter 1 Commands for Basic Switch Configuration 1.1 Commands for Basic Configuration 1.1.1 authentication line Command: authentication line {console | vty | web} login {local | radius | tacacs} no authentication line {console | vty | web} login Function: Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authentication mode for the login user.

  • Page 23: Boot Img

    Relative Command: aaa enable, radius-server authentication host, tacacs-server authentication host, tacacs-server key 1.1.2 boot img Command: boot img <img-file-url> {primary | backup} Function: Configure the first and second img files used in the next boot of the switch. Parameters: primary means to configure the first IMG file, backup means to configure the second IMG file, <img-file-url>...

  • Page 24: Clock Set

    Command Mode: Admin Mode. Default Settings: None. Usage Guide: Configure the CFG file used in the next booting can only use .cfg files stored in the switch. Example: Set flash:/ startup.cfg as the CFG file used in the next booting of the switch. Switch# boot startup-config flash:/ startup.cfg 1.1.4 clock set Command: clock set <HH:MM:SS>...

  • Page 25: Enable

    Example: Switch#debug ssh-server 1.1.7 enable Command: enable disable Function: Enter Admin Mode from User Mode. Command mode: User Mode/ Admin Mode. Usage Guide: To prevent unauthorized access of non-admin user, user authentication is required (i.e. Admin user password is required) when entering Admin Mode from User Mode.

  • Page 26: Exec-Timeout

    Function: Quit current mode and return to Admin mode when not at User Mode/ Admin Mode. Command mode: Except User Mode/ Admin Mode Example: Quit VLAN mode and return to Admin mode. Switch(config-vlan1)#end Switch# 1.1.10 exec-timeout Command: exec-timeout <minutes> [<seconds>] no exec-timeout Function: Configure the timeout of exiting admin mode.

  • Page 27: Hostname

    Command: help Function: Output brief description of the command interpreter help system. Command mode: All configuration modes. Usage Guide: An instant online help provided by the switch. Help command displays information about the whole help system, including complete help and partial help. The user can type in ? any time to get online help.

  • Page 28: Ipv6 Host

    Command: ip host <hostname> <ip_addr> no ip host {<hostname>|all} Function: Set the mapping relationship between the host and IP address; the ―no ip host‖ parameter of this command will delete the mapping. Parameter: <hostname> is the host name, up to 15 characters are allowed; <ip_addr> is the corresponding IP address for the host name, takes a dot decimal format;...

  • Page 29: Language

    user, which is straight and visual, esay to understand. Example: Enable Web Server function and enable Web configurations. Switch(config)#ip http server 1.1.17 language Command: language {chinese | english} Function: Set the language for displaying the help information. Parameter: chinese for Chinese display; english for English display. Command mode: Admin and Config Mode.

  • Page 30: Reload

    Usage guide: When both this password and login command are configured, users have to enter the password set by password command to enter normal user mode on console. Example: Switch(config)#password 0 test Switch(config)#login 1.1.20 reload Command: reload Function: Warm reset the switch. Command mode: Admin Mode.

  • Page 31: Syscontact

    terminal. The columns of characters displayed on each screen on the telent.ssh client and the Console will be following this configuration. Example: Set the number of vty threads to 20. Switch(config)#service terminal-length 20 1.1.23 sysContact Command: sysContact <LINE> no sysContact Function: Set the factory contact mode, the ―no sysContact‖...

  • Page 32: Setup

    the same as when the switch was powered on for the first time. Note: After the command, ―write‖ command must be executed to save the operation. The switch will reset to factory settings after restart. Example: Switch#set default Are you sure? [Y/N] = y Switch#write Switch#reload 1.1.26 setup...

  • Page 33: Show Version

    switch directly, do not connect the user by ―more‖. Command mode: Admin and Configuration Mode. Usage Guide: This command is used to collect the relative information when the switch operation is malfunctioned. Example: Switch#show tech-support 1.1.30 show version Command: show version Function: Display the version information of the switch.

  • Page 34: Web Language

    configuration changes in privileged mode and global mode. If there are no configured local users with preference level of 15, while only Local authentication is configured for the Console login method, the switch can be login without any authentication. When using the HTTP method to login the switch, only users with preference level of 15 can login the switch, users with preference level other than 15 will be denied.

  • Page 35: Commands For Telnet

    1.2 Commands for Telnet 1.2.1 authentication ip access-class Command: authentication ip access-class {<num-std>|<name>} no authentication ip access-class Function: Binding standard IP ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL. Parameters: <num-std> is the access-class number for standard numeric ACL, ranging between 1-99;...

  • Page 36: Authentication Securityip

    the default authentication mode. Default: No configuration is enabled for the console login method by default. Local authentication is enabled for the VTY and Web login method by default. Command Mode: Global Mode. Usage Guide: The authentication method for Console, VTY and Web login can be configured respectively.

  • Page 37: Authentication Securityipv6

    the trusted IP address is not configured. After the trusted IP address is configured, only clients with trusted IP addresses are able to login the switch. Up to 32 trusted IP addresses can be configured in the switch. Example: To configure 192.168.1.21 as the trusted IP address. Switch(config)# authentication securityip 192.168.1.21 1.2.5 authentication securityipv6 Command: authentication securityipv6 <ipv6-addr>...

  • Page 38: Terminal Length

    correspond protocol‘s answer whether refuse or incept, it will not attempt the next authorization method; it will attempt the next authorization method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used.

  • Page 39: Telnet

    Example: Switch#terminal monitor 1.2.9 telnet Command: telnet [vrf <vrf-name>] {<ip-addr> | <ipv6-addr> | host <hostname>} [<port>] Function: Log on the remote host by Telnet Parameter: <vrf-name> is the specific VRF name; <ip-addr> is the IP address of the remote host, shown in dotted decimal notation; <ipv6-addr> is the IPv6 address of the remote host;...

  • Page 40: Telnet-Server Max-Connection

    Default: Telnet server function is enabled by default. Command mode: Global Mode Usage Guide: This command is available in Console only. The administrator can use this command to enable or disable the Telnet client to login to the switch. Example: Disable the Telnet server function in the switch. Switch(config)#no telnet server enable 1.2.11 telnet-server max-connection Command: telnet-server max-connection {<max-connection-number>...

  • Page 41: Ssh-Server Enable

    1.2.13 ssh-server enable Command: ssh-server enable no ssh-server enable Function: Enable SSH function on the switch; the ―no ssh-server enable‖ command disables SSH function. Command mode: Global Mode Default: SSH function is disabled by default. Usage Guide: In order that the SSH client can log on the switch, the users need to configure the SSH user and enable SSH function on the switch.

  • Page 42: Ssh-Server Timeout

    Parameters: <max-connection-number>: the max connection number supported by the SSH service, ranging from 5 to 16. The default option will restore the default configuration. Default: The system default value of the max connection number is 5. Command Mode: Global Mode Usage Guide: None.

  • Page 43: Commands For Configuring Switch Ip

    Command: show telnet login Function: Display the information of the Telnet client which currently establishes a Telnet connection with the switch. Command Mode: Admin and Configuration Mode. Usage Guide: Check the Telnet client messages connected through Telnet with the switch. Example: Switch#show telnet login Authenticate login by local...

  • Page 44: Ipv6 Address

    Command: ip address <ip-address> <mask> [secondary] no ip address [<ip-address> <mask>] [secondary] Function: Set the IP address and mask for the specified VLAN interface; the ―no ip address <ip address> <mask> [secondary]‖ command deletes the specified IP address setting. Parameter: <ip-address> is the IP address in dot decimal format; <mask> is the subnet mask in dot decimal format;...

  • Page 45: Ip Bootp-Client Enable

    Switch(Config-if-Vlan1)#ipv6 address 2001:3f:ed8::99/64 1.3.5 ip bootp-client enable Command: ip bootp-client enable no ip bootp-client enable Function: Enable the switch to be a BootP Client and obtain IP address and gateway address through BootP negotiation; the ―no ip bootp-client enable‖ command disables the BootP Client function and releases the IP address obtained in BootP.

  • Page 46: Commands For Snmp

    Switch(Config-if-Vlan1)#ip dhcp-client enable Switch(Config-if-Vlan1)#exit Switch(config)# 1.4 Commands for SNMP 1.4.1 debug snmp mib Command: debug snmp mib no debug snmp mib Function: Enable the SNMP mib debugging; the "no debug snmp mib‖ command disables the debugging. Command Mode: Admin Mode. Usage Guide: When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes.

  • Page 47: Show Snmp

    Example: Enable RMON. Switch(config)#rmon enable Disable RMON. Switch(config)#no rmon enable 1.4.4 show snmp Command: show snmp Function: Display all SNMP counter information. Command mode: Admin and Configuration Mode. Example: Switch#show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors...

  • Page 48: Show Snmp Engineid

    supplied name error packets. encoding errors Number of encoding error packets. number of requested variable Number of variables requested by NMS. number of altered variables Number of variables set by NMS. Number of packets received by ―get‖ get-request PDUs requests. Number of packets received by ―getnext‖...

  • Page 49: Show Snmp Mib

    Command: show snmp group Function: Display the group information commands. Command Mode: Admin and Configuration Mode. Example: Switch#show snmp group Group Name:initial Security Level:noAuthnoPriv Read View:one Write View:<no writeview specified> Notify View:one Displayed Information Explanation Group Name Group name Security level Security level Read View Read view name...

  • Page 50: Show Snmp User

    Community access Community access permission Trap-rec-address IP address which is used to receive Trap. Trap enable Enable or disable to send Trap. SecurityIP IP address of the NMS which is allowed to access Agent 1.4.9 show snmp user Command: show snmp user Function: Display the user information commands.

  • Page 51: Snmp-Server Community

    this OID Excluded The view does not include sub trees rooted by this OID active State 1.4.11 snmp-server community Command: snmp-server community {ro | rw} <string> [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}] [read <read-view-name>] [write <write-view-name>] no snmp-server community <string> [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}] Function: Configure the community string for the switch;...

  • Page 52: Snmp-Server Enable

    Switch(config)#snmp-server community public ro Modify the read-write community string named ―private‖ to read-only. Switch(config)#snmp-server community private ro Delete community string ―private‖. Switch(config)#no snmp-server community private Bind the read-only community string ―public‖ to readable view ―pviewr‖. Switch(config)#snmp-server community ro public read pviewr Bind the read-write community string ―private‖...

  • Page 53: Snmp-Server Engineid

    Switch(config)#no snmp-server enable traps 1.4.14 snmp-server engineid Command: snmp-server engineid <engine-string> no snmp-server engineid Function: Configure the engine ID; the ―no" form of this command restores to the default engine ID. Command Mode: Global mode Parameter: <engine-string> is the engine ID shown in 1-32 digit hex characters. Default: Default value is the company ID plus local MAC address.

  • Page 54: Snmp-Server Host

    length is ranging between 1-32; <ipv6-num-std> is the access-class number for standard numeric IPv6 ACL, ranging between 500-599; <name> is the access-class name for standard IPv6 ACL, the character string length is ranging between 1-32. Usage Guide: There is a default view ―v1defaultviewname‖ in the system. It is recommended to use this view as the view name of the notification.

  • Page 55: Snmp-Server Securityip

    configured, its configuration will be applied when sending the RMON trap. This command allows configuration the IPv4 or IPv6 address of the network manage station receiving the SNMP Trap message, but configure the version number as v1 and v2c of the IPv4 and IPv6 address are less than 8 in all.

  • Page 56: Snmp-Server View

    Example: Disable the safety IP address authentication function. Switch(config)#snmp-server securityip disable 1.4.19 snmp-server view Command: snmp-server view <view-string> <oid-string> {include | exclude} no snmp-server view <view-string> [ <oid-string> ] Function: This command is used to create or renew the view information; the ―no" form of this command deletes the view information.

  • Page 57: Commands For Switch Upgrade

    authPriv use DES for the packet encryption. authNoPriv not use DES for the packet encryption. auth perform packet authentication. md5 packet authentication using HMAC MD5 algorithm. sha packet authentication using HMAC SHA algorithm. <word > user password, containing 8-32 character. <num-std>...
  • Page 58 method ) .When represents address, form should ftp://<username>:<password>@{<ipaddress>|<ipv6address>|<hostname> }/<filename>,a mongst <username> is the FTP user name,<password> is the FTP user password,<ipaddress>|<ipv6address> is the IPv4 or IPv6 address of the FTP server/client,<hostname> is the name of the host mapping with the IPv6 address,it does not support the file download and upload with hosts mapping with IPv4 addresses,<filename>...

  • Page 59: Copy(Tftp

    (5) Save the running configuration files Switch#copy running-config startup-config Relevant Command: write 1.5.2 copy(TFTP) Command: copy <source-url> <destination-url> [ascii | binary] Function: Download files to the TFTP client. Parameter: <source-url> is the location of the source files or directories to be copied; <destination-url>...

  • Page 60: Ftp-Dir

    Switch#copy tftp://10.1.1.1/nos.img nos.img (3) Save images in the FLASH to the TFTP server of 2004:1:2:3::6 Switch#copy nos.img tftp:// 2004:1:2:3::6/ nos.img (4) Obtain system file nos.img from the TFTP server 2004:1:2:3::6 Switch#copy tftp:// 2004:1:2:3::6/nos.img nos.img (5) Save the running configuration files Switch#copy running-config startup-config Relevant Command: write 1.5.3 ftp-dir...

  • Page 61: Ftp-Server Timeout

    Relative command: ip ftp 1.5.5 ftp-server timeout Command: ftp-server timeout <seconds> Function: Set data connection idle time. Parameter: <seconds> is the idle time threshold (in seconds) for FTP connection, the valid range is 5 to 3600. Default: The system default is 600 seconds. Command mode: Global Mode Usage Guide: When FTP data connection idle time exceeds this limit, the FTP management connection will be disconnected.

  • Page 62: Show Tftp

    Command mode: Admin and Configuration Mode. Default: No display by default. Example: Switch#show ftp Timeout : 600 Displayed information Description Timeout Timeout time. 1.5.8 show tftp Command: show tftp Function: Display the parameter settings for the TFTP server. Default: No display by default. Command mode: Admin and Configuration Mode.

  • Page 63: Tftp-Server Transmission-Timeout

    Command: tftp-server retransmission-number <number> Function: Set the retransmission time for TFTP server. Parameter: <number> is the time to re-transfer, the valid range is 1 to 20. Default: The default value is 5 retransmission. Command mode: Global Mode Example: Modify the retransmission to 10 times. Switch#config Switch(config)#tftp-server retransmission-number 10 1.5.11 tftp-server transmission-timeout...

  • Page 64: Chapter 2 Commands For Cluster

    Chapter 2 Commands for Cluster 2.1 clear cluster nodes Command: clear cluster nodes [nodes-sn <candidate-sn-list> | mac-address <mac-addr>] Function: Clear the nodes in the candidate list found by the commander switch. Parameters: candidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be specified.

  • Page 65: Cluster Commander

    2.3 cluster commander Command: cluster commander [<cluster-name>] no cluster commander Function: Set the switch as a commander switch, and create a cluster. Parameter: <cluster-name> is the cluster‘s name, no longer than 32 characters. Command mode: Global Mode Default: Default setting is no commander switch. cluster_name is null by default. Usage Guide: This command sets the role of a switch as commander switch and creates a cluster, which can only be executed on non commander switches.

  • Page 66: Cluster Keepalive Interval

    10.254.254.10 Switch(config)#cluster ip-pool 10.254.254.10 2.5 cluster keepalive interval Command: cluster keepalive interval <second> no cluster keepalive interval Function: Configure the time interval of keepalive messages within the cluster. Parameters: <second>: keepalive time interval, in seconds, ranging from 3 to 30. Default: The default value is 30 seconds.

  • Page 67: Cluster Member

    After executing it on a non commander switch, the configuration value will be saved but not used until the switch becomes a commander. Before that, its loss-count value is the one distributed by its commander. commander calculates the loss-count after sending each DP message by adding 1 to the loss-count of each switch and clearing that of a switch after receiving a DR message from the latter.

  • Page 68: Cluster Member Auto-To-User

    <nodes-sn> or <mac-address>into the cluster it belongs to. One or more candidates are allowed at one time, linked with ‗-‗ or ‗;‘. A switch can only be member or commander of one cluster, exclusively. Attempts to execute the command on a non commander switch will return error.

  • Page 69: Cluster Run

    Switch#cluster reset member 1 2.10 cluster run Command: cluster run [key <WORD>] [ vid <VID>] no cluster run Function: Enable cluster function; the ―no cluster run‖ command disables cluster function. Parameter: key: all keys in one cluster should be the same, no longer than 16 characters. vid:vlan id of the cluster, whose range is 1-4094.

  • Page 70: Debug Cluster

    <ipadress>is the IP address of the TFTP server <filename> is the name of the file to be downloaded via. Special keywords used in filename: Keywords source or destination address startup-config start the configuration file nos.img system file Command mode: Admin Mode Usage Guide: The commander distributes the remote upgrade command to members via the TCP connections between them, causing the number to implement the remote upgrade and reboot.

  • Page 71: Show Cluster

    Function: Enable the debug information; the no command disables the debug switch. Parameters: DP: discovery messages. DR: responsive messages. CP: command messages. receive: receive messages. send: send messages. Default: None. Command Mode: Admin Mode. Usage Guide: Enable the debug information of cluster messages. After enabling classification, all DP, DR and CP messages sent or received in the cluster will be printed.

  • Page 72: Show Cluster Members

    Internal Ip Address: 10.254.254.2 Commamder Mac Address: 00-12-cf-39-1d-90 ---- a candidate ---------------------------- Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Candidate ---- disabled ---------------------------- Switch#show cluster Status: Disabled 2.15 show cluster members Command: show cluster members [id <member-id> | mac-address <mac-addr>] Function: Display member information of a cluster.

  • Page 73: Show Cluster Candidates

    Member status: Inactive member (user_config) IP Address: 10.254.254.2 MAC Address: 00-01-02-03-04-06 Description: S9820 Hostname: DSW102 2.16 show cluster candidates Command: show cluster candidates [nodes-sn <candidate-sn-list> | mac-address <mac-addr>] Function: Display the statistic information of the candidate member switches on the command switch Parameter: candidate-sn-list:candidate switch sn, ranging from 1 to 256.
  • Page 74 No parameters means to display all topology information. Command Mode: Admin and Configuration Mode. Usage Guide: Executing this command on the commander switch will display the topology information with its starting node specified. Example: Execute this command on the commander switch to display the topology information under different conditions.

  • Page 75: Rcommand Commander

    ---------------------------------------------- Switch#show cluster topology nodes-sn 2 Toplogy role: Member Member status: Active member (user-config) MAC Address: 01-02-03-04-05-02 Description: ES4626H Hostname : LAB_SWITCH_2 Upstream local-port: eth 1/1 Upstream node: 01-02-03-04-05-01 Upstream remote-port:eth 1/2 Upstream speed: 100full Switch# ---------------------------------------------- Switch#show cluster topology mac-address 01-02-03-04-05-02 Toplogy role: Member Member status: Active member (user-config) MAC Address: 01-02-03-04-05-02...

  • Page 76: Rcommand Member

    Switch#rcommand commander 2.19 rcommand member Command: rcommand member <mem-id> Function: In the commander switch, this command is used to remotely manage the member switches in the cluster. Parameter: <mem-id> commander the member id allocated by commander to each member, whose range is 1~128. Command mode: Admin Mode.

  • Page 77: Combo-Forced-Mode

    sending only. Command Mode: Port Mode. Default: Bandwidth limit disabled by default. Usage Guide: When the bandwidth limit is enabled with a size set, the max bandwidth of the port is determined by this size other than by 10/100/1000M. If [both | receive | transmit] keyword is not specified, the default is both.

  • Page 78: Clear Counters Interface

    Copper connected, Copper Copper Fiber cable Copper fiber not connected cable port cable port port cable port Both fiber and copper Copper Copper Fiber cable Fiber cable are connected cable port cable port port port Neither fiber Copper Copper Fiber cable Fiber cable...

  • Page 79: Interface Ethernet

    no flow control Function: Enables the flow control function for the port: the ―no flow control” command disables the flow control function for the port. Command mode: Port Mode. Default: Port flow control is disabled by default. Usage Guide: After the flow control function is enabled, the port will notify the sending device to slow down the sending speed to prevent packet loss when traffic received exceeds the capacity of port cache.

  • Page 80: Mdi

    Command mode: Port Mode. Default: Loopback test is disabled in Ethernet port by default. Usage Guide: Loopback test can be used to verify the Ethernet ports are working normally. After loopback has been enabled, the port will assume a connection established to itself, and all traffic sent from the port will be received at the very same port.

  • Page 81: Negotiation

    assign names according to the port application, e.g. financial as the name of 1/1-2 ports which is used by financial department, engineering as the name of 1/9 ports which belongs to the engineering department, while the name of 1/12 ports is assigned with Server, which is because they connected to the server.

  • Page 82: Rate-Suppression

    Usage Guide: There are two modes that can respond up/down event of the port. The interrupt mode means that interrupt hardware to announce the up/down change, the poll mode means that software poll can obtain the port event, the first mode is rapid. If using poll mode, the convergence time of MRPP is several hundred milliseconds, if using interrupt mode, the convergence time is less than 50 milliseconds.

  • Page 83: Show Interface

    Command: rate-violation <packets> [recovery <time>] no rate-violation Function: Enable the limit on packet reception rate function, and set the packet reception rate in one second, the no command delete the function of limit on packet reception rate. The rate-violation means the packet reception rate, that is, the number of received packets per second, regardless of their type.
  • Page 84 show the detail of the port. Command Mode: Admin and Configuration Mode. Default: Information not displayed by default Usage Guide: While for vlan interfaces, the port MAC address, IP address and the statistic state of the data packet will be shown; As for Ethernet port, this command will show port speed rate, duplex mode, flow control switch state, broadcast storm restrain of the port and the statistic state of the data packets;...
  • Page 85 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions Show the information of port 1/1: Switch#show interface e1/1 Ethernet1/1 is up, line protocol is down Ethernet1/1 is layer 2 port, alias name is (null), index is 1 Hardware is Gigabit-TX, address is 00-03-0f-02-fc-01 PVID is 1 MTU 1500 bytes, BW 10000 Kbit...

  • Page 86: Shutdown

    Switch#Show interface ethernet counter packet Interface Unicast(pkts) BroadCast(pkts) MultiCast(pkts) Err(pkts) 1/1 IN 12,345,678 12,345,678,9 12,345,678,9 4,567 OUT 23,456,789 34,567,890 5,678 0 1/2 IN 0 0 0 0 OUT 0 0 0 0 1/3 IN 0 0 0 0 OUT 0 0 0 0 1/4 IN 0 0 0 0 OUT 0 0 0 0 …...

  • Page 87: Speed-Duplex

    3.1.15 speed-duplex Command: speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | force100-fx [module-type {auto-detected | no-phy-integrated | phy-integrated}] | {{force1g-half | force1g-full} [nonegotiate [master | slave]]}} no speed-duplex Function: Sets the speed and duplex mode for 1000Base-TX, 100Base-TX or 100Base-FX ports;...

  • Page 88: Virtual-Cable-Test

    3.1.16 virtual-cable-test Command: virtual-cable-test Function: Test the link of the twisted pair cable connected to the Ethernet port. The response may include: well, short, open, fail. If the test information is not ―well‖, the location of the error will be displayed (how many meters it is away from the port). Command Mode: Port Configuration Mode.

  • Page 89: Chapter 4 Commands For Port Isolation Function

    Chapter 4 Commands for Port Isolation Function 4.1 isolate-port group Command: isolate-port group <WORD> no isolate-port group <WORD> Function: Set a port isolation group, which is the scope of isolating ports; the no operation of this command will delete a port isolation group and remove all ports out of it. Parameters: <WORD>...

  • Page 90: Show Isolate-Port Group

    group. If an Ethernet port is a member of a convergence group, it should not be added into a port isolation group, and vice versa, a member of a port isolation group should not be added into an aggregation group. But one port can be a member of one or more port isolation groups.

  • Page 91: Function

    Chapter 5 Commands for Port Loopback Detection Function 5.1 loopback-detection control Command: loopback-detection control {shutdown |block| learning} no loopback-detection control Function: Enable the function of loopback detection control on a port, the no operation of this command will disable the function. Parameters: shutdown set the control method as shutdown, which means to close down the port if a port loopback is found.

  • Page 92: Loopback-Detection Interval-Time

    loopbacks through this port or the specified VLAN. Parameters: <vlan-list> the list of VLANs allowed passing through the port. Given the situation of a trunk port, the specified VLANs can be checked. So this command is used to set the vlan list to be checked. Default: Disable the function of detecting the loopbacks through the port.

  • Page 93: Loopback-Detection Control-Recovery Timeout

    5.4 loopback-detection control-recovery timeout Command: loopback-detection control-recovery timeout <0-3600> Function: This command is used to recovery to uncontrolled state after a special time when a loopback being detected by the port entry be controlled state. Parameters: <0-3600> second is recovery time for be controlled state, 0 is not recovery state.

  • Page 94: Debug Loopback-Detection

    5.6 debug loopback-detection Command: debug loopback-detection Function: After enabling the loopback detection debug on a port, BEBUG information will be generated when sending, receiving messages and changing states. Parameters: None. Command Mode: Admin Mode. Default: Disabled by default. Usage Guide: Display the message sending, receiving and state changes with this command.

  • Page 95: Chapter 6 Commands For Uldp

    Chapter 6 Commands for ULDP 6.1 uldp enable Command: uldp enable Function: ULDP will be enabled after issuing this command. In global configuration mode, this command will enable ULDP for the global. In port configuration mode, this command will enable ULDP for the port. Parameters: None.

  • Page 96: Uldp Aggressive-Mode

    command will restore the default interval for the hello messages. Parameters: The interval for the Hello messages, with its value limited between 5 and 100 seconds, 10 seconds by default. Command Mode: Global Configuration Mode. Default: 10 seconds by default. Usage Guide: Interval for hello messages can be configured only if ULDP is enabled globally, its value limited between 5 and 100 seconds.

  • Page 97: Uldp Reset

    Switch(config)# uldp manual-shutdown 6.6 uldp reset Command: uldp reset Function: To reset the port when ULDP is shutdown. Parameters: None. Command Mode: Globally Configuration Mode and Port Configuration Mode. Default: None. Usage Guide: This command can only be effect only if the specified interface is disabled by ULDP.

  • Page 98: Debug Uldp Fsm Interface Ethernet

    Parameters: <interface-name>is the interface name. Command Mode: Admin and Configuration Mode. Default: None. Usage Guide: If no parameters are appended, the global ULDP information will be displayed. If the interface name is specified, information about the interface and its neighbors will be displayed along with the global information. Example: To display the global ULDP information.

  • Page 99: Debug Uldp Event

    6.11 debug uldp event Command: debug uldp event no debug uldp event Function: Enable the message debug function to display the event; the no form command disables this function. Parameter: None. Command Mode: Admin Mode. Default: Disabled. Usage Guide: Use this command to display all kinds of event information. Example: Display event information.
  • Page 100 Default: Disabled. Usage Guide: Use this command to display the Hello packet details receiving on the interface Ethernet 1/1. Switch# debug uldp hello receive interface Ethernet 1/1...

  • Page 101: Chapter 7 Commands For Lldp Function

    Chapter 7 Commands for LLDP Function 7.1 lldp enable Command: lldp enable lldp disable Function: Globally enable LLDP function; disable command globally disables LLDP function. Parameters: None. Default: Disable LLDP function. Command Mode: Global Mode. Usage Guide: If LLDP function is globally enabled, it will be enabled on every port. Example: Enable LLDP function on the switch.

  • Page 102: Lldp Mode

    7.3 lldp mode Command: lldp mode <send|receive|both|disable> Function: Configure the operating state of LLDP function of the port. Parameters: send: Configure the LLDP function as only being able to send messages. receive: Configure the LLDP function as only being able to receive messages.

  • Page 103: Lldp Msgtxhold

    tx-interval will become four times of the latter, instead of the default 40. Example: Set the interval of sending messages as 40 seconds. Switch(config)# lldp tx-interval 40 7.5 lldp msgTxHold Command: lldp msgTxHold <value> no lldp msgTxHold Function: Set the multiplier value of the aging time carried by update messages sent by the all ports with LLDP function enabled, the value ranges from 2 to 10.

  • Page 104: Lldp Notification Interval

    7.7 lldp notification interval Command: lldp notification interval <seconds> no lldp notification interval Function: When the time interval ends, the system is set to check whether the Remote Table has been changed. If it has, the system will send Trap to the SNMP management end.

  • Page 105: Lldp Neighbors Max-Num

    Command Mode: Port Configuration Mode. Usage Guide: When configuring the optional TLV, each TLV can only appear once in a message, portDesc optional TLV represents the name of local port; sysName optional TLV represents the name of local system; sysDesc optional TLV represents the description of local system;...

  • Page 106: Show Lldp

    7.12 show lldp Command: show lldp Function: Display the configuration information of global LLDP, such as the list of all the ports with LLDP enabled, the interval of sending update messages, the configuration of aging time, the interval needed by the sending module to wait for re-initialization, the interval of sending TRAP, the limitation of the number of the entries in the Remote Table.

  • Page 107: Show Lldp Interface Ethernet

    Ethernet1/1 7.14 show lldp interface ethernet Command: show lldp interface ethernet <IFNAME> Function: Display the configuration information of LLDP on the port, such as: the working state of LLDP Agent. Parameters: <IFNAME>: Interface name. Default: Do not display the configuration information of LLDP on the port. Command Mode: Admin Mode, Global Mode.

  • Page 108: Show Debugging Lldp

    7.16 show debugging lldp Command: show debugging lldp Function: Display all ports with lldp debug enabled. Parameters: None. Default: None. Command Mode: Admin and Configuration Mode. Usage Guide: With show debugging lldp, all ports with lldp debug enabled will be displayed.

  • Page 109: Debug Lldp Packets

    7.18 debug lldp packets Command: debug lldp packets interface ethernet <IFNAME> no debug lldp packets interface ethernet <IFNAME> Function: Display the message-receiving and message-sending information of LLDP on the port; the no operation of this command will disable the debug information switch. Parameters: None.

  • Page 110: Chapter 8 Commands For Port Channel

    Chapter 8 Commands for Port Channel 8.1 debug lacp Command: debug lacp no debug lacp Function: Enables the LACP debug function: ―no debug lacp” command disables this debug function. Command mode: Admin Mode. Default: LACP debug information is disabled by default. Usage Guide: Use this command to enable LACP debugging so that LACP packet processing information can be displayed.

  • Page 111: Port-Group

    8.3 port-group Command: port-group <port-group-number> [load-balance {src-mac | dst-mac | dst-src-mac | src-ip | dst-ip | dst-src-ip}] no port-group <port-group-number> [load-balance] Function: Creates a port group and sets the load balance method for that group. If no method is specified, the default load balance method is used. The no command deletes that group or restores the default load balance setting.

  • Page 112: Show Port-Group

    Default: Switch ports do not belong to a port channel by default; LACP not enabled by default. Usage Guide: If the specified port group does not exist, a group will be created first to add the ports. All ports in a port group must be added in the same mode, i.e., all ports use the mode used by the first port added.
  • Page 113 20 on 8,0,0 src-ip 2. Display detailed information for port-group 1. Switch#show port-group 1 detail Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Port-group number: 1, Mode: active, Load-balance: dst-src-mac Port-group detail information:...
  • Page 114 Switch# show port-group 1 load-balance The loadbalance of the group 1 based on src MAC address. 4. Display member port information for port-group 1. Switch# show port-group 1 port Sorted by the ports in the group 1 : -------------------------------------------- the portnum is 1 port Ethernet1/1 related information: Actor part Administrative...
  • Page 115 Collecting Distributing Defaulted Expired Selected Unselected Displayed information Explanation portnumber Port number port priority Port Priority system System ID system priority System Priority LACP activety Whether port is added to the group in active mode, 1 for yes. LACP timeout Port timeout mode, 1 for short timeout.
  • Page 116 Ethernet1/1 active Ethernet1/2 active Displayed information Explanation Port channels If port-channel does not exist, the above information will not group be displayed. Number of port Port number in the port-channel. Port that is in ―standby‖ status, which means the port is Standby port qualified to join the channel but cannot join the channel due to the maximum port limit, thus the port status is standby instead...

  • Page 117: Chapter 9 Commands For Jumbo

    Chapter 9 Commands for Jumbo 9.1 jumbo enable Command: jumbo enable [<mtu-value>] no jumbo enable Function: Configure the MTU size of JUMBO frame, enable the Jumbo receiving/sending function. The no command restores to the normal frame receiving function. Parameter: mtu-value: the MTU value of jumbo frame that can be received, in byte, ranging from <1500-9000>.

  • Page 118: Gvrp

    Usage Guide: Use this command to enable GVRP debugging, GVRP packet processing information can be displayed. Example: Enable GVRP debugging. Switch#debug gvrp 10.1.2 gvrp Command: gvrp no gvrp Function: Enable the GVRP function for the switch or the current Trunk port; the ―no gvrp‖...

  • Page 119: Garp Timer Join

    10.1.4 garp timer join Command: garp timer join <timer-value> no garp timer join Function: Set the join timer for GARP; the ―no garp timer join‖ command restores the default timer setting. Parameter: <timer-value> is the value for join timer, the valid range is 100 to 327650 ms. Command mode: Port Mode.

  • Page 120: Name

    Parameter: <timer-value> is the value for GARP leaveall timer, the valid range is 100 to 327650 ms. Command mode: Global Mode. Default: The default value for leaveall timer is 10000 ms. Usage Guide: When a GARP application entity starts, the leaveall timer is started at the same time.

  • Page 121: Private-Vlan Association

    Community VLAN related to this Primary VLAN; Ports in Isolated VLAN are isolated between each other and only communicate with ports in Primary VLAN they related to; ports in Community VLAN can communicate both with each other and with Primary VLAN ports they related to;...

  • Page 122: Show Garp

    VLAN. Before setting Private VLAN association, three types of Private VLANs should have no member ports; the Private VLAN with Private VLAN association can‘t be deleted. When users delete Private VLAN association, all the member ports in the Private VLANs whose association is deleted are removed from the Private VLANs.

  • Page 123: Switchport Access Vlan

    VLAN ID of the VLAN to display status information, the valid range is 1 to 4094; <vlan-name> is the VLAN name for the VLAN to display status information, valid length is 1 to 11 characters. Command mode: Admin Mode and configuration Mode. Usage Guide: If no <vlan-id>...

  • Page 124: Switchport Interface

    access vlan‖ command deletes the current port from the specified VLAN, and the port will be partitioned to VLAN1. Parameter: <vlan-id> is the VID for the VLAN to be added the current port, valid range is 1 to 4094. Command mode: Port Mode. Default: All ports belong to VLAN1 by default.

  • Page 125: Switchport Trunk Allowed Vlan

    Parameter: trunk means the port allows traffic of multiple VLAN; access indicates the port belongs to one VLAN only. Command mode: Port Mode. Default: The port is in Access mode by default. Usage Guide: Ports in trunk mode is called Trunk ports. Trunk ports can allow traffic of multiple VLANs to pass through.

  • Page 126: Switchport Trunk Native Vlan

    10.1.17 switchport trunk native vlan Command: switchport trunk native vlan <vlan-id> no switchport trunk native vlan Function: Set the PVID for Trunk port; the ―no switchport trunk native vlan‖ command restores the default setting. Parameter: <vlan-id> is the PVID for Trunk port. Command mode: Port Mode.

  • Page 127: Vlan Ingress Enable

    10.1.19 vlan ingress enable Command: vlan ingress enable no vlan ingress enable Function: Enable the VLAN ingress rule for a port; the ―no vlan ingress enable‖ command disables the ingress rule. Command mode: Global Mode. Default: VLAN ingress rules are enabled by default. Usage Guide: When VLAN ingress rules are enabled on the port, when the system receives data it will check source port first, and forwards the data to the destination port if it is a VLAN member port.

  • Page 128: Chapter 11 Commands For Mac Address Table

    Chapter 11 Commands for MAC Address Table Configuration 11.1 Commands for MAC Address Table Configuration 11.1.1 mac-address-table aging-time Command: mac-address-table aging-time <0 | aging-time> no mac-address-table aging-time Function: Sets the aging-time for the dynamic entries of MAC address table. Parameter: <aging-time> is the aging-time seconds, range form 10 to 1000000; 0 to disable aging.

  • Page 129: Show Mac-Address-Table

    packet;<vlan-id> is the vlan number. source is based on source address filter; destination is based on destination address filter; both is based on source address and destination address filter, the default is both. Command Mode: Global Mode Default: When VLAN interface is configured and is up, the system will generate an static address mapping entry of which the inherent MAC address corresponds to the VLAN number.

  • Page 130: Commands For Mac Address Binding Configuration

    11.2 Commands for Mac Address Binding configuration 11.2.1 clear port-security dynamic Command: clear port-security dynamic [address <mac-addr> interface <interface-id>] Function: Clear the Dynamic MAC addresses of the specified port. Command mode: Admin Mode. Parameter: <mac-addr> stands MAC address; <interface-id> for specified port number. Usage Guide: The secure port must be locked before dynamic MAC clearing operation can be perform in specified port.

  • Page 131: Show Port-Security

    Parameter: None. Command mode: Global Mode. Default: Disable. Usage Guide: The user enables this function to obtain the status of the MAC changing or the accessed user. Example: Enable the monitor function for MAC. Switch(Config)#mac-address-table synchronizing enable 11.2.4 show port-security Command: show port-security Function: Display the secure MAC addresses of the port.

  • Page 132: Show Port-Security Address

    11.2.5 show port-security address Command: show port-security address [interface <interface-id>] Function: Display the secure MAC addresses of the port. Command mode: Admin Mode and other configuration Mode. Parameter: <interface-id > stands for the port to be displayed. Usage Guide: This command displays the secure port MAC address information, if no port is specified, secure MAC addresses of all ports are displayed.

  • Page 133: Switchport Port-Security

    Example: Switch#show port-security interface ethernet 1/1 Port Security : Enabled Port status : Security Up Violation mode : Protect Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Lock Timer is ShutDown Mac-Learning function is : Opened Displayed information Explanation Port Security...

  • Page 134: Switchport Port-Security Convert

    Example: Enable MAC address binding function for port 1and. Switch(config)#interface Ethernet 1/1 Switch(Config-If-Ethernet1/1)# switchport port security 11.2.8 switchport port-security convert Command: switchport port-security convert Function: Converts dynamic secure MAC addresses learned by the port to static secure MAC addresses, and disables the MAC address learning function for the port. Command mode: Port Mode.

  • Page 135: Switchport Port-Security Maximum

    Command: switchport port-security mac-address <mac-address> no switchport port-security mac-address <mac-address> Function: Add a static secure MAC address; the ―no switchport port-security mac-address‖ command deletes a static secure MAC address. Command mode: Port Mode. Parameters: <mac-address> stands for the MAC address to be added or deleted. Usage Guide: The MAC address binding function must be enabled before static secure MAC address can be added.

  • Page 136: Switchport Port-Security Violation

    no switchport port-security timeout Function: Set the timer for port locking; the ―no switchport port-security timeout‖ command restores the default setting. Parameter: < value> is the timeout value, the valid range is 0 to 300s. Command mode: Port Mode. Default: Port locking timer is not enabled by default. Usage Guide: The port locking timer function is a dynamic MAC address locking function.

  • Page 137: Chapter 12 Commands For Mstp

    Chapter 12 Commands for MSTP 12.1 Commands for MSTP 12.1.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode. Usage Guide: This command is to quit MSTP region mode without saving the current configuration.

  • Page 138: Name

    to 64; In the command ―no instance <instance-id> [vlan <vlan-list>]‖, <instance-id> sets the instance number. The valid number is from 0 to 64. <vlan-list> sets consecutive or non-consecutive VLAN numbers. ―-‖ refers to consecutive numbers, and ―;‖ refers to non-consecutive numbers. Command mode: MSTP Region Mode Default: Before creating any Instances, there is only the instance 0, and VLAN 1~4094 all belong to the instance 0.

  • Page 139: Spanning-Tree

    Parameter: <level> is revision level. The valid range is from 0 to 65535. Command mode: MSTP Region Mode Default: The default revision level is 0. Usage Guide: This command is to set revision level for MSTP configuration. The bridges with same MSTP revision level and same other attributes are considered in the same MSTP region.

  • Page 140: Spanning-Tree Hello-Time

    2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds) Example: In global mode, set MSTP forward delay time to 20 seconds. Switch(config)#spanning-tree forward-time 20 12.1.8 spanning-tree hello-time Command: spanning-tree hello-time <time> no spanning-tree hello-time Function: Set switch Hello time;...

  • Page 141: Spanning-Tree Maxage

    12.1.10 spanning-tree maxage Command: spanning-tree maxage <time> no spanning-tree maxage Function: Set the max aging time for BPDU; the command ―no spanning-tree maxage‖ restores the default setting. Parameter: <time> is max aging time in seconds. The valid range is from 6 to 40. Command mode: Global Mode Default: The max age is 20 seconds by default.

  • Page 142: Spanning-Tree Mode

    Command mode: Port Mode Default: The port is in the MSTP mode by default. Usage Guide: If a network which is attached to the current port is running IEEE 802.1D STP, the port converts itself to run in STP mode. The command is used to force the port to run in the MSTP mode.

  • Page 143: Spanning-Tree Mst Cost

    Name MAC address of the bridge Revision Usage Guide: Whether the switch is in the MSTP region mode or not, users can enter the MSTP mode, configure the attributes, and save the configuration. When the switch is running in the MSTP mode, the system will generate the MST configuration identifier according to the MSTP configuration.

  • Page 144: Spanning-Tree Mst Port-Priority

    Switch(Config-If-Ethernet1/2)#spanning-tree mst 2 cost 3000000 12.1.16 spanning-tree mst port-priority Command: spanning-tree mst <instance-id> port-priority <port-priority> no spanning-tree mst <instance-id> port-priority Function: Set the current port priority for the specified instance; the command ―no spanning-tree mst <instance-id> port-priority‖ restores the default setting. Parameter: <instance-id>...

  • Page 145: Spanning-Tree Portfast

    Command: spanning-tree [mst <instance-id>] rootguard no spanning-tree [mst <instance-id>] rootguard Function: Enable the rootguard function for specified instance, the rootguard function forbid the port to be MSTP root port. ―no spanning-tree mst <instance-id> rootguard‖ disable the rootguard function. Parameter: <instance-id>:MSTP instance ID. Command mode: Port Mode.

  • Page 146: Spanning-Tree Priority

    12.1.20 spanning-tree priority Command: spanning-tree priority <bridge-priority> no spanning-tree priority Function: Configure the spanning-tree priority; the ―no spanning-tree priority‖ command restores the default priority. Parameter: <bridge-priority> is the priority of the bridging switch. Its value should be round times of 4096 between 0 and 61440, such as 0, 4096, 8192… 61440. Command Mode: Global Mode.

  • Page 147: Spanning-Tree Digest-Snooping

    not match the configured format, we set the state of the port which receives the unmatched packet to DISCARDING to prevent both sides consider themselves the root which leads to circuits. When the AUTO format is set, and over one equipment which is not compatible with each other are connected on the port (e.g.

  • Page 148: Spanning-Tree Tcflush (Global Mode)

    12.1.23 spanning-tree tcflush (Global mode) Command: spanning-tree tcflush {enable| disable| protect} no spanning-tree tcflush Function: Configure the spanning-tree flush mode once the topology changes. ―no spanning-tree tcflush‖ restores to default setting. Parameter: enable: The spanning-tree flush once the topology changes. disable: The spanning tree don‘t flush when the topology changes.

  • Page 149: Commands For Monitor And Debug

    the command Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended. Example: Configure the spanning-tree flush mode once the topology change is not flush to TC. Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)#spanning-tree tcflush disable Switch(Config-If-Ethernet1/2)#...
  • Page 150 Root Port ID : 128.1 Current port list in Instance 0: Ethernet1/1 Ethernet1/2 (Total 2) PortName ExtRPC IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --------- --- ---- ------------------ ------- Ethernet1/1 128.001 0 FWD ROOT 16384.00030f010f52 128.007 Ethernet1/2 128.002 0 BLK ALTR 16384.00030f010f52 128.011 ########################### Instance 3 ########################### Self Bridge Id : 0.00: 03: 0f: 01: 0e: 30...

  • Page 151: Show Spanning-Tree Mst Config

    Standard STP version Bridge MAC Bridge MAC address Bridge Times Max Age, Hello Time and Forward Delay of the bridge Force Version Version of STP Instance Information Self Bridge Id The priority and the MAC address of the current bridge for the current instance Root Id The priority and the MAC address of the root bridge for the...

  • Page 152: Show Mst-Pending

    Name switch Revision Instance Vlans Mapped ---------------------------------- 1-29, 31-39, 41-4094 ---------------------------------- 12.2.3 show mst-pending Command: show mst-pending Function: In the MSTP region mode, display the configuration of the current MSTP region. Command mode: Admin Mode Usage Guide: In the MSTP region mode, display the configuration of the current MSTP region such as MSTP name, revision, VLAN and instance mapping.

  • Page 153: Chapter 13 Commands For Qos

    no debug spanning-tree Function: Enable the MSTP debugging information; the command ―no debug spanning-tree‖ disables the MSTP debugging information. Command mode: Admin Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, then they can use this command to display the relevant debugging information.

  • Page 154: Class-Map

    13.2 class-map Command: class-map <class-map-name> no class-map <class-map-name> Function: Creates a class map and enters class map mode; the ―no class-map <class-map-name>‖ command deletes the specified class map. Parameters: <class-map-name> is the class map name. Default: No class map is configured by default. Command mode: Global Mode Usage Guide: Example: Creating and then deleting a class map named ―c1‖.

  • Page 155: Mls Qos

    Usage Guide: Only one match standard can be configured in a class map. When configuring match the ACL, only the permit rule is available in the ACL. Example: Create a class-map named c1, and configure the class rule of this class-map to match packets with IP Precedence of 0.

  • Page 156: Mls Qos Trust

    Example: Setting the default CoS value of ethernet port 1/1 to 5, i.e., packets coming in through this port will be assigned a default CoS value of 5 if no CoS value present. Switch(config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)#mls qos cos 5 13.6 mls qos trust Command: mls qos trust {cos [pass-through-cos] [pass-through-dscp]|dscp [pass-through-cos]...

  • Page 157: Mls Qos Dscp-Mutation

    Example: Configuring ethernet port 1/1 to trust CoS value, i.e., classifying the packets according to CoS value. Switch(config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)#mls qos trust cos 13.7 mls qos dscp-mutation Command: mls qos dscp-mutation <dscp-mutation-name> no mls qos dscp-mutation <dscp-mutation-name> Function: Applies DSCP mutation mapping to the port; the ―no mls qos dscp-mutation <dscp-mutation-name>‖...

  • Page 158: Policy

    <dscp-list> is a list of DSCP value consisting of up to 8 DSCP-inside values, <cos> are the CoS values corresponding to the DSCP values in the list; dscp-mutation <dscp-mutation-name> <in-dscp> to <out-dscp> defines the mapping from DSCP to DSCP mutation, <dscp-mutation-name> is the name for mutation mapping, <in-dscp> stand for incoming DSCP-inside values, up to 8 values are supported, each DSCP-inside value is delimited with space, ranging from 0 to 63, <out-dscp>...

  • Page 159: Policy Aggregate

    no policy <rate-kbps> <burst-kbyte> [ exceed-action { drop | policed-dscp-transmit } ] Function: Configures a policy to a classified traffic; the no command deletes the specified policy. Parameters: <rate-kbps> is the average baud rate (kb/s) of classified traffic, ranging from 1 to 10,000,000; <burst-kbyte> is the burst baud rate (kbyte) of classified traffic, ranging from 1 to 1000,000;...

  • Page 160: Policy-Map

    Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#exit 13.11 policy-map Command: policy-map <policy-map-name> no policy-map <policy-map-name> Function: Creates a policy map and enters the policy map mode; the ―no policy-map <policy-map-name>‖ command deletes the specified policy map. Parameters: < policy-map-name> is the policy map name. Default: No policy map is configured by default. Command mode: Global Mode Usage Guide: Relating policy classification can be done in the policy map configuration mode.

  • Page 161: Queue Bandwidth

    13.13 queue bandwidth This command is not supported by the switch. 13.14 set Command: set {ip dscp <new-dscp> | ip precedence <new-precedence> | ipv6 dscp <new-dscp> | cos <new-cos> } no set {ip dscp <new-dscp> | ip precedence <new-precedence> | ipv6 dscp <new-dscp>...

  • Page 162: Show Class-Map

    Default: No policy map is bound to ports by default. Command mode: Interface Configuration Mode. Usage Guide: Configuring port trust status and applying policy map on the port are two conflicting operations; the later configuration will override the earlier configuration. Only one policy map can be applied to each direction of each port.

  • Page 163: Show Mls Qos Interface

    Usage Guide: Displays all configured policy-map or specified policy-map information. Example: Switch # show policy -map Policy Map p1, used by 1 port Class Map name: c1 policy 20000 2000 Displayed information Explanation Policy Map p1 Name of policy map used by 1 port Used port Class map name:c1...
  • Page 164 Attached policy map for Ingress: p1 Policy name bound to port. Switch # show mls qos interface buffers ethernet 1/2 Ethernet 1/2 packet number of 4 queue: 0x200 0x200 0x200 0x200 Displayed information Explanation Ethernet1/2 Port name Available packet number for all 4 packet number of 4 queue: queues out on the port, this is a 0x200 0x200 0x200 0x200...

  • Page 165: Show Mls Qos Maps

    Classmap classified in-profile out-profile (in packets) Displayed information Explanation Ethernet1/2 Port name ClassMap Name of the Class map Classified Total data packets match this class map. In-profile Total in-profile data packets match this class map. out-profile Total out-profile data packets match this class map. 13.19 show mls qos maps Command: show mls qos maps [cos-dscp | cos-queue | dscp-cos | dscp-mutation <dscp-mutation-name>...

  • Page 166: Show Mls-Qos

    Dscp-cos map: d1: d2 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 4 4 4 4 4 4 4 4 5 5 5 5 5 5 5 5 6 6 6 6 6 6 6 6 7 7 7 7...

  • Page 167: Wrr-Queue Bandwidth

    13.21 wrr-queue bandwidth Command: wrr-queue bandwidth <weight1 weight2 weight3 weight4> no wrr-queue bandwidth Function: Sets the WRR weight for specified egress queue; the no command restores the default setting. Parameters: <weight1 weight2 weight3 weight4> are WRR weights, ranging from 0 to Default: The default values of weight1 to weight4 are 1:2:4:8.

  • Page 168: Chapter 14 Commands For Flow-Based Redirection

    Chapter 14 Commands for Flow-based Redirection 14.1 access-group redirect to interface ethernet Command: access-group <aclname> redirect to interface [ethernet <IFNAME> | <IFNAME>] no access-group <aclname> redirect Function: Specify flow-based redirection; ―no access-group <aclname> redirect‖ command is used to delete flow-based redirection. Parameters: <aclname>...

  • Page 169: Chapter 15 Commands For Layer 3 Management

    Usage Guide: This command is used to display the information of current flow-based redirection in the system/port. Examples: Switch(config)# show flow-based-redirect Flow-based-redirect config on interface ethernet 1/1: RX flow (access-list 1) is redirected to interface Ethernet1/6 Chapter 15 Commands for Layer 3 Management 15.1 Commands for Layer 3 Interface 15.1.1 interface vlan...

  • Page 170: Ip Default-Gateway

    Function: Set IP address and net mask of switch; the ―no ip address [<ip-address> <mask>] [secondary]‖ command deletes the IP address configuration. Parameter: <ip-address> is IP address, dotted decimal notation; <mask> is subnet mask, dotted decimal notation; [secondary] indicates that the IP address is configured as secondary IP address.

  • Page 171: Show Ip Traffic

    Parameter: None Default: IP packet debugging information is disabled by default. Command mode: Admin Mode Usage Guide: Displays statistics packets received/sent, including source/destination address and bytes, etc. Example: Enabling IP packet debug. Switch#debug ip packet IP PACKET: rcvd, src1.1.1.1, dst1.1.1.2, size 100 15.1.5 show ip traffic Command: show ip traffic Function: Display statistics for IP packets.
  • Page 172 TcpInErrs 0, TcpInSegs 3180 TcpMaxConn 0, TcpOutRsts TcpOutSegs 0, TcpPassiveOpens TcpRetransSegs 0, TcpRtoAlgorithm TcpRtoMax 0, TcpRtoMin UDP statics: UdpInDatagrams 0, UdpInErrors UdpNoPorts 0, UdpOutDatagrams Displayed information Explanation IP statistics: IP packet statistics. Rcvd: 3249810 total, 3180 local destination Statistics total packets received, 0 header errors, 0 address errors...

  • Page 173: Show Ip Route

    0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TCP packet statistics. TcpActiveOpens 0,TcpAttemptFails Active open the connection number, attempt fail number. TcpCurrEstab 0, TcpEstabResets Current establish the connection number, establish reset number. TcpInErrs TcpInSegs 3180...

  • Page 174: Commands For Ipv6 Configuration

    Destination Mask Nexthop Interface Pref C 2.2.2.0 255.255.255.0 0.0.0.0 vlan2 0 C 4.4.4.0 255.255.255.0 0.0.0.0 vlan4 0 S 6.6.6.0 255.255.255.0 9.9.9.9 vlan9 1 Displayed information Explanation C –connected Direct route, namely the segment directly connected with the layer 3 switch S –static Static route, the route manually configured by users...

  • Page 175: Debug Ipv6 Packet

    15.2.2 debug ipv6 packet Command: debug ipv6 packet no debug ipv6 packet Function: IPv6 data packets receive/send debug message. Parameter: None Default: None Command Mode: Admin Mode Usage Guide: Example: Switch#debug ipv6 packet IPv6 PACKET: rcvd, src <fe80::203:fff:fe01:2786>, dst <fe80::1>, size <64>, proto <58>, from Vlan1 Displayed information Explanation...

  • Page 176: Debug Ipv6 Nd

    Src <2003::1> Source IPv6 address Dst <2003::20a:ebff:fe26:8a49> Destination IPv6 address from Vlan1 Layer 3 port being sent 15.2.4 debug ipv6 nd Command: debug ipv6 nd [ ns | na | rs | ra | redirect ] no debug ipv6 nd [ ns | na | rs | ra | redirect ] Function: Enable the debug of receiving and sending operations for specified types of IPv6 ND messages.

  • Page 177: Ipv6 Address

    the IPv6 default-gateway address. Parameter: <ipv6-address> is default-gateway IPv6 address. Command Mode: Global configuration mode Default: The system default is no IPv6 address configuration. Usage Guide: The IPv6 address of default-gateway and the IPv6 address of layer 3 interface in the same segment to make sense for default-gateway. Example: The IPv6 address of layer 3 interface is 2002:10::2/64, set the IPv6 address of default-gateway is 2002:10::1.

  • Page 178: Ipv6 Nd Ns-Interval

    Duplicate Address Detection, and the value of <value> must be in 0-10, NO command restores to default value 1. Command Mode: Interface Configuration Mode Default: The default request message number is 1. Usage Guide: When configuring an IPv6 address, it is required to process IPv6 Duplicate Address Detection, this command is used to configure the ND message number of Duplicate Address Detection to be sent, value being 0 means no Duplicate Address Detection is executed.

  • Page 179: Show Ipv6 Interface

    Default Situation: There is not static neighbor table entry. Usage Guide: IPv6 address and multicast address for specific purpose and local address can not be set as neighbor. Example: Set static neighbor 2001:1:2::4 on port E1/1, and the hardware MAC address is 00-03-0f-89-44-bc.

  • Page 180: Show Ipv6 Route

    ND DAD is enabled, number of DAD attempts is 1 ND managed_config_flag is unset ND other_config_flag is unset ND NS interval is 1 second(s) ND router advertisements is disabled ND RA min-interval is 200 second(s) ND RA max-interval is 600 second(s) ND RA hoplimit is 64 ND RA lifetime is 1800 second(s) ND RA MTU is 0...

  • Page 181: Show Ipv6 Neighbors

    2001:2:3:4::/64 via fe80::123, Vlan2 1024 2002:ca60:c801:1::/64 via ::, Vlan1 1024 2002:ca60:c802:1::/64 via ::, tunnel49 2003:1::/64 via ::, Vlan4 2003:1::5efe:0:0/96 via ::, tunnel26 2004:1:2:3::/64 via fe80:1::88, Vlan2 1024 2006:1::/64 via ::, Vlan1 1024 2008:1:2:3::/64 via fe80::250:baff:fef2:a4f4, Vlan1 1024 2008:2005:5:8::/64 via ::, Ethernet0 2009:1::/64 via fe80::250:baff:fef2:a4f4,...
  • Page 182 Command: show ipv6 neighbors [{vlan | ethernet} interface-number| interface-name | address <ipv6address>] Function: Display neighbor table entry information. Parameter: Parameter {vlan | ethernet} interface-number | interface-name specify the lookup based on interface. Parameter address <ipv6address> specifies the lookup based on IPv6 address. It displays the whole neighbor table entry if without parameter. Default Situation: None Command Mode: Admin and Configuration Mode Usage Guide:...

  • Page 183: Show Ipv6 Traffic

    Displayed information Explanation IPv6 Addres Neighbor IPv6 address Link-layer Addr. Neighbor MAC address Interface Exit interface name Port Exit interface name Neighbor status (reachable、statle、delay、 State probe、permanent、incomplete、unknow) 15.2.13 show ipv6 traffic Command: show ipv6 traffic Function: Display IPv6 transmission data packets statistics information. Parameter: None Default: None Command Mode: Admin and Configuration Mode...

  • Page 184: Show Ipv6 Enable

    Frags: 0 reassembled, 0 timeouts IPv6 fragmenting statistics fragment rcvd, fragment dropped0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 110 generated, 0 forwarded IPv6 sent packets statistics 0 dropped, 0 no route 15.2.14 show ipv6 enable Command: show ipv6 enable Function: Display IPv6 transmission function on/off status.

  • Page 185: Clear Arp-Cache

    Switch(Config-if-Vlan1)#arp 1.1.1.1 00-03-0f-f0-12-34 eth 1/2 15.3.2 clear arp-cache Command: clear arp-cache Function: Clears ARP table. Command mode: Admin Mode Usage Guide: Clears the content of current ARP table, but it does not clear the current static ARP table. Example: Switch#clear arp-cache 15.3.3 debug arp Command: debug arp {receive|send|state} no debug arp {receive|send|state}...

  • Page 186: Show Arp

    15.3.4 show arp Command: show arp [<ipaddress>] [<vlan-id>] [<hw-addr>] [type {static | dynamic}] [count] [vrf word] Function: Displays the ARP table. Parameters: <ipaddress> is a specified IP address; <vlan-id> stands for the entry for the identifier of specified VLAN; <hw-addr> for entry of specified MAC address; static for static ARP entry;...

  • Page 187: Show Arp Traffic

    15.3.5 show arp traffic Command: show arp traffic Function: Display the statistic information of ARP messages of the switch. For box switches, this command will only show statistics of APP messages received and sent from the current boardcard. Command mode: Admin and Config Mode Usage Guide: Display statistics information of received and sent APP messages.

  • Page 188: Chapter 16 Commands For Arp Scanning Prevention

    Chapter 16 Commands for ARP Scanning Prevention 16.1 anti-arpscan enable Command: anti-arpscan enable no anti-arpscan enable Function: Globally enable ARP scanning prevention function; ―no anti-arpscan enable‖ command globally disables ARP scanning prevention function. Parameters: None. Default Settings: Disable ARP scanning prevention function. Command Mode: Global configuration mode User Guide: When remotely managing a switch with a method like telnet, users should set the uplink port as a Super Trust port before enabling anti-ARP-scan function,...

  • Page 189: Anti-Arpscan Ip-Based Threshold

    Example: Set the threshold of port-based ARP scanning prevention as 10 packets /second. Switch(config)#anti-arpscan port-based threshold 10 16.3 anti-arpscan ip-based threshold Command: anti-arpscan ip-based threshold <threshold-value> no anti-arpscan ip-based threshold Function: Set the threshold of received messages of the IP-based ARP scanning prevention.

  • Page 190: Anti-Arpscan Trust Ip

    port as a Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this port will be reset to its default attribute, that is, Untrust port.

  • Page 191: Anti-Arpscan Recovery Time

    Switch(config)#anti-arpscan recovery enable 16.7 anti-arpscan recovery time Command: anti-arpscan recovery time <seconds> no anti-arpscan recovery time Function: Configure automatic recovery time; ―no anti-arpscan recovery time‖ command resets the automatic recovery time to default value. Parameters: Automatic recovery time, in second ranging from 5 to 86400. Default Settings: 300 seconds.

  • Page 192: Show Anti-Arpscan

    enable‖ command disable ARP scanning prevention SNMP Trap function. Parameters: None. Default Settings: Disable ARP scanning prevention SNMP Trap function. Command Mode: Global configuration mode User Guide: After enabling ARP scanning prevention SNMP Trap function, users will receive Trap message whenever a port is closed or recovered by ARP scanning prevention, and whenever IP t is closed or recovered by ARP scanning prevention.
  • Page 193 Ethernet1/11 untrust Ethernet1/12 untrust Ethernet4/1 untrust Ethernet4/2 untrust Ethernet4/3 untrust Ethernet4/4 trust Ethernet4/5 untrust Ethernet4/6 supertrust Ethernet4/7 untrust Ethernet4/8 trust Ethernet4/9 untrust Ethernet4/10 untrust Ethernet4/11 untrust Ethernet4/12 untrust Ethernet4/13 untrust Ethernet4/14 untrust Ethernet4/15 untrust Ethernet4/16 untrust Ethernet4/17 untrust Ethernet4/18 untrust Ethernet4/19 untrust Ethernet4/20...

  • Page 194: Debug Anti-Arpscan

    16.11 debug anti-arpscan Command: debug anti-arpscan [port | ip] no debug anti-arpscan [port | ip] Function: Enable the debug switch of ARP scanning prevention; ‖no debug anti-arpscan [port | ip]‖ command disables the switch. Parameters: None. Default Settings: Disable the debug switch of ARP scanning prevention Command Mode: Admin Mode User Guide: After enabling debug switch of ARP scanning prevention users can check corresponding debug information or enable the port-based or IP-based debug switch...

  • Page 195: Ip Arp-Security Updateprotect

    Chapter 17 Commands for Preventing ARP Spoofing 17.1 ip arp-security updateprotect Command: ip arp-security updateprotect no ip arp-security updateprotect Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect‖ command re-enables ARP table automatic update. Parameter: None. Default: ARP table automatic update. Command Mode: Global Mode/ Interface configuration.

  • Page 196: Ip Arp-Security Convert

    Switch(Config-if-Vlan1)# ip arp-security learnprotect Switch(config)# ip arp-security learnprotect 17.3 ip arp-security convert Command: ip arp-security convert Function: Change all of dynamic ARP to static ARP. Parameter: None Command Mode: Global Mode/ Interface configuration Usage Guide: This command will convert the dynamic ARP entries to static ones, which, in combination with disabling automatic learning, can prevent ARP binding.

  • Page 197: Chapter 18 Command For Arp Guard

    Chapter 18 Command for ARP GUARD 18.1 arp-guard ip Command: arp-guard ip <addr> no arp-guard ip <addr> Function: Add a ARP GUARD address, the no command deletes ARP GUARD address. Parameters: <addr> is the protected IP address, in dotted decimal notation. Default: There is no ARP GUARD address by default.

  • Page 198: Chapter 19 Commands For Gratuitous Arp

    Chapter 19 Commands for Gratuitous ARP Configuration 19.1 ip gratuitous-arp Command: ip gratuitous-arp [<interval-time>] no ip gratuitous-arp Function: To enabled gratuitous ARP, and specify update interval for gratuitous ARP. The no form of this command will disable the gratuitous ARP configuration. Parameters: <interval-time>...

  • Page 199: Chapter 20 Commands For Dhcp

    Parameters: <vlan-id> is the VLAN ID. The valid range for <vlan-id> is between 1 and 4094. Command Mode: All the Configuration Modes. Usage Guide: In all the configuration modes, the command show ip gratuitous arp will display information about the gratuitous ARP configuration in global and interface configuration mode.

  • Page 200: Clear Ip Dhcp Binding

    ―command deletes this setting. Parameters: <filename> is the name of the file to be imported, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Usage Guide: Specify the name of the file to be imported for the client. This is usually used for diskless workstations that need to download a configuration file from the server on boot up.

  • Page 201: Clear Ip Dhcp Server Statistics

    Usage Guide: ―show ip dhcp conflict‖ command can be used to check which IP addresses are conflicting for use. The “clear ip dhcp conflict” command can be used to delete the conflict record for an address. If "all‖ is specified, then all conflict records in the log will be removed.

  • Page 202: Debug Ip Dhcp Server

    Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command: host 20.1.6 debug ip dhcp server Command: debug ip dhcp server { events | linkage | packets } no debug ip dhcp server { events | linkage | packets } Function: Enables DHCP server debug information: the ―no debug ip dhcp server { events | linkage | packets }”...

  • Page 203: Domain-Name

    Parameters: <domain> is the domain name, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Default: None Usage Guide: Specifies a domain name for the client. Example: Specifying ―foxgate.ua" as the DHCP clients‘ domain name. Switch(dhcp-1-config)#domain-name foxgate.ua 20.1.10 hardware-address Command: hardware-address <hardware-address>...

  • Page 204: Host

    Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command: host 20.1.11 host Command: host <address> [<mask> | <prefix-length> ] no host Function: Specifies the IP address to be assigned to the user when binding addresses manually; the ―no host‖ command deletes the IP address. Parameters: <address>...

  • Page 205: Ip Dhcp Excluded-Address

    are deleted. Example: Disable logging for DHCP server. Switch(config)#no ip dhcp conflict logging Related Command: clear ip dhcp conflict 20.1.13 ip dhcp excluded-address Command: ip dhcp excluded-address <low-address> [<high-address>] no ip dhcp excluded-address <low-address> [<high-address>] Function: Specifies addresses excluding from dynamic assignment; the ―no ip dhcp excluded-address <low-address>...

  • Page 206: Ip Dhcp Ping Packets

    Command: ip dhcp conflict ping-detection enable no ip dhcp conflict ping-detection enable Function: Enable Ping-detection of conflict on DHCP server; the no operation of this command will disable the function. Parameters: None. Default Settings: By default, Ping-detection of conflict is disabled. Command Mode: Global Configuration Mode.

  • Page 207: Lease

    after each Ping request message (Echo Request) in Ping-detection of conflict on DHCP server, whose default value is 500ms. The no operation of this command will restore the default value. Parameters: <timeout-value> is the timeout period of waiting for a reply message after each Ping request message in Ping-detection of conflict.

  • Page 208: Netbios-Node-Type

    Command Mode: DHCP Address Pool Mode Usage Guide: This command is used to specify WINS server for the client, up to 8 WINS server addresses can be configured. The WINS server address assigned first has the highest priority. Therefore, address 1 has the highest priority, and address 2 the second, and so on.

  • Page 209: Next-Server

    Command Mode: DHCP Address Pool Mode Usage Guide: This command sets the scope of addresses that can be used for dynamic assignment by the DHCP server; one address pool can only have one corresponding segment. This command is exclusive with the manual address binding command ―hardware address‖...

  • Page 210: Service Dhcp

    Switch(dhcp-1-config)#option 72 ip 10.1.128.240 20.1.24 service dhcp Command: service dhcp no service dhcp Function: Enables DHCP server; the ―no service dhcp‖ command disables the DHCP service. Parameters: None Default: DHCP service is disabled by default. Command mode: Global Mode Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP services are enabled, both DHCP server and DHCP relay are enabled.

  • Page 211: Show Ip Dhcp Conflict

    Type Type of assignment: manual binding or dynamic assignment. 20.1.26 show ip dhcp conflict Command: show ip dhcp conflict Function: Displays log information for addresses that have a conflict record. Command mode: Admin and Configuration Mode. Example: Switch# show ip dhcp conflict IP Address Detection method Detection Time...
  • Page 212 DHCPINFORM Message Send BOOTREPLY 1911 DHCPOFFER DHCPACK DHCPNAK DHCPRELAY 1907 DHCPFORWARD Switch# Displayed information Explanation Address pools Number DHCP address pools configured. Database agents Number of database agents. Automatic bindings Number addresses assigned automatically Manual bindings Number of addresses bound manually Conflict bindings Number of conflicting addresses Expired bindings...

  • Page 213: Chapter 21 Commands For Dhcpv6

    Chapter 21 Commands for DHCPv6 21.1 clear ipv6 dhcp binding Command: clear ipv6 dhcp binding [<ipv6-address>] [pd<ipv6-prefix prefix-length>] Function: To clear one specified DHCPv6 assigned address binding record or all the IPv6 address binding records. Parameter: <ipv6-address> is the specified IPv6 address with binding record; <ipv6-prefix| prefix-length>...

  • Page 214: Debug Ipv6 Dhcp Client Packet

    21.3 debug ipv6 dhcp client packet Command: debug ipv6 dhcp client {event | packet} no debug ipv6 dhcp client {event | packet} Function: To enable the debugging messages for protocol packets of DHCPv6 prefix delegation client, the no form of this command will disable the debugging information. Default: Disabled.

  • Page 215: Dns-Server

    Command Mode: Admin Mode. Example: Switch#debug ipv6 dhcp server packet 21.7 dns-server Command: dns-server <ipv6-address> no dns-server <ipv6-address> Function: To configure the IPv6 address of the DNS server for DHCPv6 client; the no form of this command will remove the DNS configuration. Parameter: <ipv6-address>...

  • Page 216: Ipv6 Address

    the excluded address will not be allocated to any hosts; the no form of this command will remove the configuration. Parameter: <ipv6-address> is the IPv6 address to be excluded from being allocated to hosts in the address pool. Default: Disabled Command Mode: DHCPv6 address pool configuration mode.

  • Page 217: Ipv6 Dhcp Client Pd Hint

    no ipv6 dhcp client pd Function: To configure DHCPv6 prefix delegation client for the specified interface. The no form of this command will disable the DHCPv6 prefix delegation client and remove the allocated address prefix. Parameters: <prefix-name> is the string with its length no more than 32, which designates the name of the address prefix.

  • Page 218: Ipv6 Dhcp Pool

    enabled on the switch, the user will have prior claim to the prefix it demands and the prefix length when the server allocates them. Only one hint prefix is allowed in the system. Examples: Switch(vlan-1-config)#ipv6 dhcp client pd hint 2001::/48 21.13 ipv6 dhcp pool Command: ipv6 dhcp pool <poolname>...

  • Page 219: Ipv6 General-Prefix

    the address pool configuration. Parameters: <poolname> is a string with its length less than 32, which designates the name of the address pool which is associated with the specified interface. If the rapid-commit option has been specified, the DHCPv6 server send a REPLY packet to the client immediately after receiving the SOLICIT packet.

  • Page 220: Ipv6 Local Pool

    Switch(config)# ipv6 general-prefix my-prefix 2001:da8:221::/48 21.17 ipv6 local pool Command: ipv6 local pool <poolname> <prefix/prefix-length> <assigned-length> no ipv6 local pool <poolname> Function: To configure the address pool for prefix delegation. The no form of this command will remove the IPv6 prefix delegation configuration. Parameters: <poolname>...

  • Page 221: Network-Address

    21.19 network-address Command: network-address <ipv6-pool-start-address> {<ipv6-pool-end-address> | <prefix-length>} [eui-64] no network-address Function: To configure the DHCPv6 address pool; the no form of this command will remove the address pool configuration. Parameters: <ipv6-pool-start-adderss> start address pool; <ipv6-pool-end-address> is the end of the address pool; <prefix-length> is the length of the address prefix, which is allowed to be between 3 and 128, and 64 by default, the size of the pool will be determined by <prefix-length>...

  • Page 222: Prefix-Delegation Pool

    Parameters: <ipv6-prefix/prefix-length> is the length of the prefix to be allocated to the client. <client-DUID> is the DUID of the client. DUID with the type of DUID-LLT and DUID-LL are supported, the DUID of DUID-LLT type should be of 14 characters. <iaid> is the value to be appended in the IA_PD field of the clients‘...

  • Page 223: Service Dhcpv6

    clients. This command can be used in association with the ipv6 local pool command. For one address pool, only one prefix delegation pool can be bound. When trying to remove the prefix name configuration, the prefix delegation service of the server will be unavailable, if both the address pool is not associated with the prefix delegation pool and no static prefix delegation binding is enabled.

  • Page 224: Show Ipv6 Dhcp Binding

    21.24 show ipv6 dhcp binding Command: show ipv6 dhcp binding [<ipv6-address>| <ipv6-prefix|prefix-length>|count] Function: To show all the address and prefix binding information of DHCPv6. Parameter: <ipv6-address> is the specified IPv6 address; count show the number of DHCPv6 address bindings. Command Mode: Admin and Configuration Mode. Usage Guide: To show all the address and prefix binding information of DHCPv6, include type, DUID, IAID, prefix, valid time and so on.

  • Page 225: Show Ipv6 Dhcp Local Pool

    Rapid-Commit is disabled 21.26 show ipv6 dhcp local pool Command: show ipv6 dhcp local pool Function: To show the statistic information of DHCPv6 prefix pool. Command Mode: Admin and Configuration Mode. Usage Guide: To show the statistic information of DHCPv6 prefix pool, include the name of prefix pool, the prefix and prefix length as well as assigned prefix length, the number of assigned prefix and information in DHCPv6 address pool.
  • Page 226 Switch#show ipv6 dhcp server statistics Address pools Active bindings Expiried bindings Malformed message Message Recieved DHCP6SOLICIT DHCP6ADVERTISE DHCP6REQUEST DHCP6REPLY DHCP6RENEW DHCP6REBIND DHCP6RELEASE DHCP6DECLINE DHCP6CONFIRM DHCP6RECONFIGURE DHCP6INFORMREQ DHCP6RELAYFORW DHCP6RELAYREPLY Message Send DHCP6SOLICIT DHCP6ADVERTISE DHCP6REQUEST DHCP6REPLY DHCP6RENEW DHCP6REBIND DHCP6RELEASE DHCP6DECLINE DHCP6CONFIRM DHCP6RECONFIGURE DHCP6INFORMREQ DHCP6RELAYFORW DHCP6RELAYREPLY...

  • Page 227: Show Ipv6 General-Prefix

    Address pools To configure the number of DHCPv6 address pools; Active bindings The number of auto assign addresses; Expiried bindings The number of expiried bindings; Malformed message The number of malformed messages; Message Recieved The statistic of received DHCPv6 packets. DHCP6SOLICIT The number of DHCPv6 SOLICIT packets.
  • Page 228 Command Mode: Admin and Configuration Mode. Usage Guide: To show the IPv6 general prefix pool information, include the prefix number in general prefix pool, the name of every prefix, the interface of prefix obtained, and the prefix value. Example: Switch#show ipv6 general-prefix...

  • Page 229: Chapter 22 Commands For Dhcp Snooping

    Chapter 22 Commands for DHCP Snooping 22.1 debug ip dhcp snooping packet interface Command: debug ip dhcp snooping packet interface {[ethernet] <InterfaceName>} no debug ip dhcp snooping packet {[ethernet] <InterfaceName>} Function: This command is used to enable the DHCP SNOOPING debug switch to debug the information that DHCP SNOOPING is receiving a packet.

  • Page 230: Debug Ip Dhcp Snooping Event

    Command Mode: Admin Mode. Usage Guide: Debug the information of communication messages received and sent by DHCP snooping and helper server. 22.4 debug ip dhcp snooping event Command: debug ip dhcp snooping event no debug ip dhcp snooping event Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of DHCP SNOOPING task.

  • Page 231: Ip Dhcp Snooping Binding

    Default Settings: DHCP Snooping is disabled by default. Usage Guide: When this function is enabled, it will monitor all the DHCP Server packets of non-trusted ports. Example: Enable the DHCP Snooping function. switch(config)#ip dhcp snooping enable 22.7 ip dhcp snooping binding Command: ip dhcp snooping binding enable no ip dhcp snooping binding enable Function: Enable the DHCP Snooping binding funciton...

  • Page 232: Ip Dhcp Snooping Binding Arp

    Usage Guide: The static binding users is deal in the same way as the dynamic binding users captured by DHCP SNOOPING; the follwoing actions are all allowed: notifying DOT1X to be a controlled user of DOT1X, adding a trusted user list entry directly, adding a bingding ARP list entry.

  • Page 233: Ip Dhcp Snooping Binding User-Control

    22.11 ip dhcp snooping binding user-control Command: ip dhcp snooping binding user-control no ip dhcp snooping binding user-control Function: Enable the binding user funtion. Parameters: None. Command Mode: Port Mode. Default Settings: By default, the binding user funciton is disabled on all ports. Usage Guide: When this function is enabled, DHCP SNOOPING will treat the captured binding information as trusted users allowed to access all resources.

  • Page 234: Ip Dhcp Snooping Trust

    enough available resources. Otherwise, DHCP Snooping will change the distributed binging informaiton accordint to the new smaller max user number. When the number of distributed bingding informaiton entries reaches the max limit, no new DHCP will be able to become trust user or to access other network resouces via the switch. Examples: Enable DHCP Snooping binding user funtion on Port ethernet1/1, setting the max number of user allowed to access by Port Ethernet1/1 as 5.

  • Page 235: Ip Dhcp Snooping Action Maxnum

    executed.(no shut ports or delete correponding blackhole). second: Users can set how long after the execution of defense action to recover. The unit is second, and valid range is 10-3600. Command Mode: Port mode Default Settings: No default defense action. Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set.

  • Page 236: Ip Dhcp Snooping Information Enable

    Parameters: <pps>: The number of DHCP messages transmitted in every minute, ranging from 0 to 100. Its default value is 100. 0 means that no DHCP message will be transmitted. Command Mode: Globe mode Default Settings: The default value is 100. Usage Guide: After enabling DHCP snooping, the switch will monitor all the DHCP messages and implement software transmission.

  • Page 237: Ip Dhcp Snooping Option82 Enable

    22.18 ip dhcp snooping option82 enable Command: ip dhcp snooping option82 enable no ip dhcp snooping option82 enable Function: To enable DHCP option82 of dot1x in access switch. After DHCP Snooping monitored DHCP requires packets, add the option82 which can indicate user authentication state to the back of requires packet, and then deliver to DHCP relay.

  • Page 238: Ip User Private Packet Version Two

    TrustView server. Example: Enable encrypt or hash function of private message. Switch(config)# enable trustview key 0 foxgate 22.20 ip user private packet version two Command: ip user private packet version two no ip user private packet version two Function: The switch choose private packet version two to communicate with trustview.

  • Page 239: Show Trustview Status

    22.22 show trustview status Command: show trustview status Function: To show all kinds of private packets state information, which sending or receiving from TrustView (inter security management background system) of FOXGATE. Parameter: None. Command Mode: Admin and Configuration Mode. Default: None.

  • Page 240: Show Ip Dhcp Snooping

    TrustView version2 message inform successed TrustView inform free resource successed TrustView inform web redirect address successed TrustView inform user binding data successed TrustView version2 message encrypt/digest enabled Key: 08:02:33:34:35:36:37:38 Rcvd 106 encrypted messages, in which MD5-error 0 messages, DES-error 0 messages Sent 106 encrypted messages Free resource is 200.101.0.9/255.255.255.255 Web redirect address for unauthencated users is <http://200.101.0.9:8080>...
  • Page 241 --------------- --------- --------- ---------- --------- ---------- Ethernet1/1 trust none 0second Ethernet1/2 untrust none 0second Ethernet1/3 untrust none 0second Ethernet1/4 untrust none 0second Ethernet1/5 untrust none 0second Ethernet1/6 untrust none 0second Ethernet1/7 untrust none 0second Ethernet1/8 untrust none 0second Ethernet1/9 untrust none 0second Ethernet1/10...
  • Page 242 communication failure within the system. If the CPU of the switch is too busy to schedule the DHCP SNOOPING task and thus can not handle the received DHCP messages, such situation might happen. DHCP Snooping alarm count: The number of alarm information. binding count The number of binding information.

  • Page 243: Show Ip Dhcp Snooping Binding All

    Displayed Information Explanation interface The name of port trust attribute The truest attributes of the port action The automatic defense action of the port recovery interval The automatic recovery time of the port maxnum of alarm info The max number of automatic defense actions that can be recorded by the port binding dot1x Whether the binding dot1x function is...
  • Page 244 00-00-00-00-00-11 192.168.40.11 Ethernet1/4 00-00-00-00-00-12 192.168.40.12 Ethernet1/4 00-00-00-00-00-13 192.168.40.13 Ethernet1/4 00-00-00-00-00-14 192.168.40.14 Ethernet1/4 00-00-00-00-00-15 192.168.40.15 Ethernet1/5 00-00-00-00-00-16 192.168.40.16 Ethernet1/5 -------------------------------------------------------------------------- The flag explanation of the binding state: S The static binding is configured by shell command D The dynamic binding type U The binding is uploaded to the server R The static binding is configured by the server O DHCP response with the option82...

  • Page 245: Ip Dhcp Snooping Information Enable

    Chapter 23 Commands for DHCP Snooping option 82 23.1 ip dhcp snooping information enable Command: ip dhcp snooping information enable no ip dhcp snooping information enable Function: This command will enable option 82 function of DHCP Snooping on the switch, the no operation of this command will disable that function.

  • Page 246: Access-List (Multicast Source Control)

    Command: access-list <6000-7999> {deny|permit} {{<source> <source-wildcard>}|{host <source-host-ip>}|any-source} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination} access-list <6000-7999> {deny|permit} {{<source> <source-wildcard>}|{host <source-host-ip>}|any} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination} Function: Configure destination control multicast access-list, the ―no access-list <6000-7999> {deny|permit} {{<source> <source-wildcard>}|{host <source-host-ip>}|any-source} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination}‖ command deletes the access-list. Parameter: <6000-7999>: destination control access-list number.

  • Page 247: Ip Multicast Destination-Control Access-Group

    <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination} access-list <5000-5099> {deny|permit} {{<source> <source-wildcard>}|{host <source-host-ip>}|any} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination} Function: Configure source control multicast access-list; the ―no access-list <5000-5099> {deny|permit} {{<source> <source-wildcard>}|{host <source-host-ip>}|any-source} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination}‖ command deletes the access-list. Parameter: <5000-5099>: source control access-list number. {deny|permit}: deny or permit. <source>: multicast source address..

  • Page 248: Ip Multicast Destination-Control Access-Group (Sip)

    Parameter: <6000-7999>: destination-control access-list number. Default: None Command Mode: Interface Configuration Mode Usage Guide: The command is only working under global multicast destination-control enabled, after configuring the command, if IGMP-SPOOPING is enabled, for adding the interface to multicast group, and match configured access-list, such as matching: permit, the interface can be added, otherwise do not be added.

  • Page 249: Ip Multicast Destination-Control Access-Group (Vmac)

    24.1.5 ip multicast destination-control access-group (vmac) Command: ip multicast destination-control <1-4094> <macaddr>access-group <6000-7999> no ip multicast destination-control <1-4094> <macaddr>access-group <6000-7999> Function: Configure multicast destination-control access-list used on specified vlan-mac, the ―no ip multicast destination-control <1-4094> <macaddr >access-group <6000-7999>‖command deletes this configuration. Parameter: <1-4094>: VLAN-ID;...

  • Page 250: Ip Multicast Source-Control

    to the same value simultaneously. Carefully, the packet transmitted in UNTAG mode does not modify its priority. Example: Switch(config)#ip multicast policy 10.1.1.0/24 225.1.1.0/24 cos 7 24.1.7 ip multicast source-control Command: ip multicast source-control no ip multicast source-control Function: Configure to globally enable multicast source control, the ―no ip multicast source-control‖...

  • Page 251: Multicast Destination-Control

    24.1.9 multicast destination-control Command: multicast destination-control no multicast destination-control Function: Configure to globally enable multicast destination control. The no operation of this command is to recover and disable the multicast destination control globally. Parameters: None. Default: Disabled. Command Mode: Global Configuration Mode. Usage Guide: Only after globally enabling the multicast destination control, the other destination control configuration can take effect.

  • Page 252: Show Ip Multicast Destination-Control Access-List

    switch(config)# 24.1.11 show ip multicast destination-control access-list Command: show ip multicast destination-control access-list show ip multicast destination-control access-list <6000-7999> Function: Display destination control multicast access-list of configuration. Parameter: <6000-7999>: access-list number. Default: None Command Mode: Admin Mode and Global Mode Usage Guide: The command displays destination control multicast access-list of configuration.

  • Page 253: Show Ip Multicast Source-Control Access-List

    Function: Display multicast source control configuration Parameter: detail: expresses if it displays information in detail. <Interfacename>: interface name, such as Ethernet 1/1 or ethernet1/1. Default: None Command Mode: Admin Mode and Global Mode Usage Guide: The command displays multicast source control rules of configuration, including detail option, and access-list information applied in detail.

  • Page 254: Clear Ip Igmp Snooping Vlan <1-4094> Mrouter-Port

    Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record. Example: Delete all groups. Switch#clear ip igmp snooping vlan 1 groups Relative Command: show ip igmp snooping vlan <1-4094> 24.2.2 clear ip igmp snooping vlan <1-4094> mrouter-port Command: clear ip igmp snooping vlan <1-4094>...

  • Page 255: Ip Igmp Snooping Vlan

    Command: ip igmp snooping no ip igmp snooping Function: Enable the IGMP Snooping function; the ―no ip igmp snooping‖ command disables this function. Command mode: Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: Use this command to enable IGMP Snooping, that is permission every VLAN config the function of IGMP snooping.

  • Page 256: Ip Igmp Snooping Vlan L2-General-Querier

    Default: This function is disabled by default. Usage Guide: Enable immediate-leave function of the IGMP Snooping in specified VLAN; the―no‖ form of this command disables the immediate-leave function of the IGMP Snooping. Example: Enable the IGMP fast leave function for VLAN 100. Switch(config)#ip igmp snooping vlan 100 immediate-leave 24.2.7 ip igmp snooping vlan l2-general-querier Command: ip igmp snooping vlan <...

  • Page 257: Ip Igmp Snooping Vlan L2-General-Querier-Version

    receive multicast datagrams. Example: Switch(config)#ip igmp snooping vlan 2 L2-general-query-source 192.168.1.2 24.2.9 ip igmp snooping vlan l2-general-querier-version Command: ip igmp snooping vlan <vlanid> L2-general-query-version <version> Function: Configure igmp snooping. Parameters: vlan-id is the id of the VLAN, limited to <1-4094>. version is the version number, limited to <1-3>.

  • Page 258: Ip Igmp Snooping Vlan Mrouter-Port Interface

    joining in will be rejected for preventing hostile attacks. To use this command, IGMP snooping must be enabled on VLAN. The ―no‖ form of this command restores the default other than set to ―no limit‖. For the safety considerations, this command will not be configured to ―no limit‖.

  • Page 259: Ip Igmp Snooping Vlan Query-Interval

    Usage Guide: This command validates on dynamic mrouter ports but not on mrouter port. To use this command, IGMP Snooping of this VLAN should be enabled previously. Example: Switch(config)#ip igmp snooping vlan 2 mrpt 100 24.2.13 ip igmp snooping vlan query-interval Command: ip igmp snooping vlan <vlan-id>...

  • Page 260: Ip Igmp Snooping Vlan Report Source-Address

    query-robustness‖ command restores to the default value. Parameter: vlan-id: VLAN ID, ranging between <1-4094> value: ranging between <2-10> Command Mode: Global mode Default: 2 Usage Guide: It is recommended to use the default settings. Please keep this configure in accordance with IGMP configuration as possible if layer 3 IGMP is running. Example: Switch(config)#ip igmp snooping vlan 2 query- robustness 3 24.2.16 ip igmp snooping vlan report source-address...

  • Page 261: Ip Igmp Snooping Vlan Suppression-Query-Time

    A.B.C.D: the address of group or source ethernet: Name of Ethernet port port-channel: Port aggregation ifname: Name of interface Command Mode: Global mode Default: No configuration by default. Usage Guide: When a group is a static while also a dynamic group, it should be taken as a static group.
  • Page 262 Example: 1. Show IGMP Snooping summary messages of the switch Switch(config)#show ip igmp snooping Global igmp snooping status: Enabled L3 multicasting: running Igmp snooping is turned on for vlan 1(querier) Igmp snooping is turned on for vlan 2 -------------------------------- Displayed Information Explanation Global igmp snooping status Whether the global igmp snooping switch on the switch...
  • Page 263 Displayed Information Explanation Igmp snooping general Whether the VLAN enables l2-general-querier function querier and show whether the querier state is could-query or suppressed Igmp snooping query-interval Query interval of the VLAN Igmp snooping max reponse Max response time of the VLAN time Igmp snooping robustness IGMP Snooping robustness configured on the VLAN...

  • Page 264: Chapter 25 Ipv6 Multicast Protocol

    Chapter 25 IPv6 Multicast Protocol 25.1 Commands for MLD Snooping Configuration 25.1.1 clear ipv6 mld snooping vlan Command: clear ipv6 mld snooping vlan <1-4094> groups [X:X::X:X] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; X:X::X:X the specific group address. Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record.

  • Page 265: Ipv6 Mld Snooping

    Command Mode: Admin Mode Default: The MLD Snooping Debugging of the switch is disabled by default Usage Guide: This command is used for enabling the switch MLD Snooping debugging, which displays the MLD data packet message processed by the switch——packet, event messages——event, timer messages——timer,messages of down streamed hardware entry——mfc,all debug messages——all.

  • Page 266: Ipv6 Mld Snooping Vlan L2-General-Querier

    Command: ipv6 mld snooping vlan <vlan-id> immediate-leave no ipv6 mld snooping vlan <vlan-id> immediate-leave Function: Enable immediate-leave function of the MLD protocol in specified VLAN; the ―no‖ form of this command disables the immediate-leave function of the MLD protocol Parameter: <vlan-id> is the id number of specified VLAN, with valid range of <1-4094>. Command Mode: Global Mode Default: Disabled by default Usage Guide: Enabling the immediate-leave function of the MLD protocol will hasten the...

  • Page 267: Ipv6 Mld Snooping Vlan Mrouter-Port Interface

    Function: Configure number of groups the MLD snooping can join and the maximum number of sources in each group. Parameter: vlan-id: VLAN ID, the valid range is <1-4094> g_limit: <1-65535>, max number of groups joined s_limit: <1-65535>, max number of source entries in each group, consisting of include source and exclude source Command Mode: Global Mode Default: Maximum 50 groups by default, with each group capable with 40 source entries.

  • Page 268: Ipv6 Mld Snooping Vlan Query-Interval

    no ipv6 mld snooping vlan <vlan-id> mrpt Function: Configure the keep-alive time of the mrouter port. Parameter: vlan-id: VLAN ID, the valid range is <1-4094> value: mrouter port keep-alive time with a valid range of <1-65535> secs. Command Mode: Global Mode Default: 255s Usage Guide: This configuration is applicable on dynamic mrouter port, but not on static mrouter port.

  • Page 269: Ipv6 Mld Snooping Vlan Query-Robustness

    25.1.13 ipv6 mld snooping vlan query-robustness Command: ipv6 mld snooping vlan <vlan-id> query-robustness <value> no ipv6 mld snooping vlan <vlan-id> query-robustness Function: Configure the query robustness; the ―no‖ form of this command restores to the default value. Parameter: vlan-id: VLAN ID, the valid range is <1-4094> value: the valid range is <2-10>.

  • Page 270: Ipv6 Mld Snooping Vlan Suppression-Query-Time

    25.1.15 ipv6 mld snooping vlan suppression-query-time Command: ipv6 mld snooping vlan <vlan-id> suppression-query-time <value> no ipv6 mld snooping vlan <vlan-id> suppression-query-time Function: Configure the suppression query time; the ―no‖ form of this command restores the default value. Parameter: vlan-id: VLAN ID, valid range: <1-4094> value: valid range: <1-65535>secs.
  • Page 271 Displayed Information Explanation Global mld snooping status Whether or not the global MLD Snooping is enabled on the switch L3 multicasting Whether or not the layer 3 multicast protocol is running on the switch. Mld snooping is turned on for On which VLAN of the switch is enabled MLD Snooping, vlan 1(querier) if the VLAN are l2-general-querier.
  • Page 272 snooping mrouter port Keep-alive time of the dynamic mrouter on this VLAN keep-alive time snooping timeout VLAN l2-general-querier query-suppression time suppressed status. MLD Snooping Connect Group Group membership VLAN, namely correspondence between the port and (S,G). Membership Mld snooping vlan 1 mrouter Mrouter port of the VLAN, including both static and port dynamic.

  • Page 273: Chapter 26 Commands For Multicast Vlan

    Chapter 26 Commands for Multicast VLAN 26.1 multicast-vlan Command: multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN; the ―no‖ form of this command disables the multicast VLAN function. Parameter: None. Command Mode: VLAN Configuration Mode. Default: Multicast VLAN function not enabled by default. Usage Guide: The multicast VLAN function can not be enabled on Private VLAN.

  • Page 274: Chapter 27 Commands For Acl

    multicast VLAN should not be a Private VLAN. A VLAN can only be associated with another VLAN after the multicast VLAN is enabled. Only one multicast VLAN can be enabled on a switch. Examples: Switch(config)#vlan 2 Switch(Config-Vlan2)# multicast-vlan association 3, 4 Chapter 27 Commands for ACL 27.1 absolute-periodic/periodic Command: [no] absolute-periodic {Monday|Tuesday|Wednesday|Thursday|Friday...

  • Page 275: Absolute Start

    Default: No time-range configuration. Usage Guide: Periodic time and date. The definition of period is specific time period of Monday to Saturday and Sunday every week. day1 hh:mm:ss To day2 hh:mm:ss or {[day1+day2+day3+day4+day5+day6+day7]|weekend|weekdays|daily} hh:mm:ss To hh:mm:ss Examples: Make configurations effective within the period from9:15:30 to 12:30:00 during Tuesday to Saturday.

  • Page 276: Access-List (Ip Extended)

    Switch(config)#Time-range FoxGate_timer Switch(Config-Time-Range-FoxGate_timer)#absolute start 6:00:00 2004.10.1 13:30:00 2005.1.26 27.3 access-list (ip extended) Command: access-list <num> {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>][time-range<time-range-name>] access-list <num> {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr>...

  • Page 277: Access-List (Ip Standard)

    <dMask> is the reverse mask of destination IP, the format is dotted decimal notation, attentive position o, ignored position1;<igmp-type>,the type of igmp, 0-15; <icmp-type>, the type of icmp, 0-255;<icmp-code>, protocol No. of icmp, 0-255;<prec>, IP priority, 0-7; <tos>, to value, 0-15; <sPort>, source port No., 0-65535; <sPortMin>, the down boundary of source port;...

  • Page 278: Access-List(Mac Extended)

    Functions: Create a numeric standard IP access-list. If this access-list exists, then add a rule list; the ―no access-list <num>―operation of this command is to delete a numeric standard IP access-list. Parameters: <num> is the No. of access-list, 100-199; <sIpAddr> is the source IP address, the format is dotted decimal notation;...

  • Page 279: Access-List(Mac-Ip Extended)

    Usage Guide: When the user assign specific <num> for the first time, ACL of the serial number is created, then the lists are added into this ACL. Examples: Permit tagged-eth2 with any source MAC addresses and any destination MAC addresses and the packets pass. Switch(config)#access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 27.6 access-list(mac-ip extended) Command:...
  • Page 280 <source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port{ <port1> | range <sPortMin> <sPortMax> <destination> <destination-wildcard> }|any-destination| {host-destination <destination-host-ip> }}[d-port{ <port3> | range <dPortMin> <dPortMax> }] [precedence <precedence> ] [tos <tos> ][time-range <time-range-name> ] access-list <num> {deny|permit}{any-source-mac| {host-source-mac <host_smac> <smac> <smac-mask> {any-destination-mac|{host-destination-mac <host_dmac> <dmac> <dmac-mask>...

  • Page 281: Access-List(Mac Standard)

    from 0-65535; <dPortMin>, the down boundary of destination port;<dPortMax>, the up boundary of destination port; [ack] [fin] [psh] [rst] [urg] [syn],(optional) only for TCP protocol, multi-choices of tag positions are available, and when TCP data reports the configuration of corresponding position, then initialization of TCP data report is enabled to form a match when in connection;...

  • Page 282: Clear Access-Group Statistic

    Examples: Permit the passage of packets with source MAC address 00-00-XX-XX-00-01, and deny passage of packets with source MAC address 00-00-00-XX-00-ab. Switch(config)# access-list 700 permit 00-00-00-00-00-01 00-00-FF-FF-00-00 Switch(config)# access-list 700 deny 00-00-00-00-00-ab 00-00-00-FF-00-00 27.8 clear access-group statistic Command: clear access-group statistic [ethernet <interface-name> ] Functions: Empty packet statistics information of assigned interfaces.

  • Page 283: Ip Access Extended

    Command Mode: Global Mode. Default: Default action is permit. Usage Guide: This command only influences all packets from the port entrance. Examples: Configure firewall default action as permitting packets to pass. Switch(config)#firewall default permit 27.11 ip access extended Command: ip access extended <name> no ip access extended <name>...

  • Page 284: Ipv6 Access-List

    Switch(config)#ip access-list standard ipFlow 27.13 ipv6 access-list Command: ipv6 access-list <num-std> {deny | permit} {<sIPv6Prefix/sPrefixlen> | any-source | {host-source <sIPv6Addr>}} no ipv6 access-list <num-std> Functions: Creates a numbered standard IP access-list, if the access-list already exists, then a rule will add to the current access-list; the ―no access-list {<num-std>|<num-ext>} ―command deletes a numbered standard IP access-list.

  • Page 285: Ip|Ipv6|Mac|Mac-Ip} Access-Group

    Usage Guide: When this command is run for the first time, only an empty access list with no entry will be created. Example: Create a standard IPv6 access list named ―ip6Flow‖. Switch(config)#ipv6 access-list standard ip6Flow 27.15 {ip|ipv6|mac|mac-ip} access-group Command: {ip|ipv6|mac|mac-ip} access-group <name> {in} [traffic-statistic] no {ip|mac} access-group <name>...

  • Page 286: Mac Access Extended

    27.16 mac access extended Command: mac-access-list extended <name> no mac-access-list extended <name> Functions: Define a name-manner MAC ACL or enter access-list configuration mode, ―no mac-access-list extended <name>‖ command deletes this ACL. Parameters: <name> name of access-list excluding blank or quotation mark, and it must start with letter, and the length cannot exceed 32 (remark: sensitivity on capital or small letter.) Command Mode: Global mode...

  • Page 287: Permit | Deny (Ip Extended)

    27.18 permit | deny (ip extended) Command: [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>][time-range<time-range-name>] [no] {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr>...

  • Page 288: Permit | Deny(Ip Standard)

    Default: No access-list configured. Examples: Create the extended access-list, deny icmp packet to pass, and permit udp packet with destination address 192. 168. 0. 1 and destination port 32 to pass. Switch(config)# access-list ip extended udpFlow Switch(Config-IP-Ext-Nacl-udpFlow)#deny igmp any any-destination Switch(Config-IP-Ext-Nacl-udpFlow)#permit udp any host-destination 192.168.0.1 d-port 27.19 permit | deny(ip standard) Command: {deny | permit} {{<sIpAddr>...

  • Page 289: Permit | Deny(Mac Extended)

    length of the IPv6 address prefix, the valid range is 1~128. <sIPv6Addr> is the source IPv6 address. Command Mode: Standard IPv6 nomenclature access list mode Default: No access list configured by default. Usage Guide: Example: Permit packets with source address of 2001:1:2:3::1/64 while denying those with source address of 2001:1:2:3::1/48.

  • Page 290: Permit | Deny(Mac-Ip Extended)

    <host_dmac> }|{ <dmac> <dmac-mask> }} [tagged-802-3 [cos <cos-val> [ <cos-bitmask> ]] [vlanId <vid-value> [ <vid-mask> ]]] Functions: Define an extended name MAC ACL rule, and ‗no‘ command deletes this extended name IP access rule. Parameters: any-source-mac: any source of MAC address; any-destination-mac: any destination of MAC address;...
  • Page 291 {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [<icmp-type> [<icmp-code>]] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} igmp{{<source><source-wildcard>}|any-source| {host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] [no]{deny|permit}{any-source-mac|{host-source-mac <host_smac> }| { <smac> <smac-mask> }}{any-destination-mac|{host-destination-mac <host_dmac> <dmac> <dmac-mask> }}tcp{{ <source> <source-wildcard> }|any-source| {host-source <source-host-ip> }}[s-port { <port1> | range <sPortMin>...
  • Page 292 numeric MAC-IP ACL access-list rule. Parameters: num access-list serial No. this is a decimal‘s No. from 3100-3199; deny if rules are matching, deny to access; permit if rules are matching, permit to access; any-source-mac: any source MAC address; any-destination-mac: any destination MAC address;...

  • Page 293: Show Access-Lists

    destination MAC address, any source IP address and destination IP address, and source port 100. Switch(config)# mac-ip-access-list extended macIpExt Switch(Config-MacIp-Ext-Nacl-macIpExt)# deny any-source-mac any-destination-mac udp any-source s-port 100 any-destination 27.23 show access-lists Command: show access-lists [<num>|<acl-name>] Functions: Reveal ACL of configuration. Parameters: <acl-name>, specific ACL name character string;...

  • Page 294: Show Access Group

    any-destination-mac tagged-eth2 14 2 addresses and any destination MAC 0800 addresses and the packets whose 15th and 16th byte is respectively 0x08 , 0x0 to pass. 27.24 show access-group Command: show access-group in (interface {Ethernet | Ethernet IFNAME}) Functions: Display the ACL binding status on the port. Parameters: IFNAME, Port name.

  • Page 295: Show Ipv6 Access-Lists

    Switch#show firewall Firewall status: Enable. Firewall default rule: Permit Displayed information Explanation fire wall is enable Packet filtering function enabled the default action of firewall is permit Default packet filtering function is permit 27.26 show ipv6 access-lists Command: show ipv6 access-lists [<num>|<acl-name>] Function: Show the configured IPv6 access control list.

  • Page 296: Time-Range

    Functions: Reveal configuration information of time range functions. Parameters: word assign name of time-range needed to be revealed. Default: None. Command Mode: Admin Mode Usage Guide: When not assigning time-range names, all time-range will be revealed. Examples: Switch#show time-range time-range timer1 (inactive, used 0 times) absolute-periodic Saturday 0:0:0 to Sunday 23:59:59 time-range timer2 (inactive, used 0 times) absolute-periodic Monday 0:0:0 to Friday 23:59:59...

  • Page 297: Chapter 28 Commands For 802.1X

    Chapter 28 Commands for 802.1x 28.1 debug dot1x detail Command: debug dot1x detail {pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] <interface-name> no debug dot1x detail { pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] <interface-name> Function: Enable the debug information of dot1x details;...

  • Page 298: Debug Dot1X Fsm

    Example: Enable the debug information of dot1x about errors. Switch#debug dot1x error 28.3 debug dot1x fsm Command: debug dot1x fsm {all | aksm | asm | basm | ratsm} interface <interface-name> no debug dot1x fsm {all | aksm | asm | basm | ratsm} interface <interface-name>...

  • Page 299: Dot1X Accept-Mac

    packets; <interface-name>: the name of the interface. Usage Guide: By enabling the debug information of dot1x about messages, users can check the negotiation process of dot1x protocol, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of dot1x about messages. Switch#debug dot1x packet all interface ethernet1/1 28.5 dot1x accept-mac Command: dot1x accept-mac <mac-address>...

  • Page 300: Dot1X Enable

    Default: EAP relay authentication is used by default. Usage Guide: The switch and RADIUS may be connected via Ethernet or PPP. If an Ethernet connection exists between the switch and RADIUS server, the switch needs to authenticate the user by EAP relay (EAPoR authentication); if the switch connects to the RADIUS server by PPP, the switch will use EAP local end authentication (CHAP authentication).

  • Page 301: Dot1X Guest-Vlan

    Usage Guide: The function can only be enabled when 802.1x function is enabled both globally and on the port, with userbased being the control access mode. After it is enabled, users can send IPv6 messages without authentication. Examples: Enable IPv6 passthrough function on port Ethernet1/12. Switch(config)#dot1x enable Switch(config)#interface ethernet 1/12 Switch(Config-If-Ethernet1/12)#dot1x enable...

  • Page 302: Dot1X Macfilter Enable

    Guest VLAN can be successfully set without taking effect. Examples:Set Guest-VLAN of port Ethernet1/3 as VLAN 10. Switch(Config-If-Ethernet1/3)#dot1xguest-vlan 10 28.10 dot1x macfilter enable Command: dot1x macfilter enable no dot1x macfilter enable Function: Enables the dot1x address filter function in the switch; the "no dot1x macfilter enable"...

  • Page 303: Dot1X User Free-Resource

    28.12 dot1x user free-resource Command: dot1x user free-resource <prefix> <mask> no dot1x user free-resource Function: To configure 802.1x free resource; the no form command closes this function. Parameter: <prefix> is the segment for limited resource,in dotted decimal format; <mask> is the mask for limited resource,in dotted decimal format. Command Mode: Global Mode.

  • Page 304: Dot1X Max-User Userbased

    28.14 dot1x max-user userbased Command: dot1x max-user userbased <number> no dot1x max-user userbased Function: Set the upper limit of the number of users allowed access the specified port when using user-based access control mode; the ―no dot1x max-user userbased‖ command is used to reset the default value. Parameters: <number>...

  • Page 305: Dot1X Port-Method

    Command: dot1x privateclient enable no dot1x privateclient enable Function: To configure the switch to force the authentication client to use FoxGate‘s private 802.1x authentication protocol. The no prefix will disable the command and allow the authentication client to use the standard 802.1x authentication protocol.

  • Page 306: Dot1X Re-Authenticate

    Usage Guide: To implement FoxGate‘s integrated solution, the switch must be enabled to use FOXGATE‘s private 802.1x protocol, or many applications will not be able to function. For detailed information, please refer to FoxGate‘s DCBI integrated solution. If the switch forces the authentication client to use FoxGate‘s private 802.1x protocol, the standard...

  • Page 307: Dot1X Timeout Quiet-Period

    Switch(config)#dot1x re-authentication 28.20 dot1x timeout quiet-period Command: dot1x timeout quiet-period <seconds> no dot1x timeout quiet-period Function: Sets time to keep silent on supplicant authentication failure; the ―no dot1x timeout quiet-period‖ command restores the default value. Parameters: <seconds> is the silent time for the port in seconds, the valid range is 1 to 65535.

  • Page 308: Dot1X Unicast Enable

    Function: Sets the interval for the supplicant to re-transmit EAP request/identity frame; the ―no dot1x timeout tx-period‖ command restores the default setting. Parameters: <seconds> is the interval for re-transmission of EAP request frames, in seconds; the valid range is 1 to 65535. Command mode: Global Mode.

  • Page 309: Dot1X Web Redirect

    28.26 dot1x web redirect This command is not supported by switch. 28.27 dot1x web redirect enable This command is not supported by switch. 28.28 show dot1x Command: show dot1x [interface <interface-list>] Function: Displays dot1x parameter related information, if parameter information is added, corresponding dot1x status for corresponding port is displayed.
  • Page 310 Dot1x address filter table Dot1x-EAPoR Authentication method used by the switch (EAP relay, EAP local end) dot1x-privateclient Whether the FoxGate private client is supported by switch 802.1x is enabled on ethernet Indicates whether dot1x is enabled for the port Ethernet1/1 Authentication Method:...
  • Page 311 Machine...

  • Page 312: Chapter 29 Commands For The Number Limitation

    Chapter 29 Commands for the Number Limitation Function of Port MAC 29.1 switchport mac-address dynamic maximum Command: switchport mac-address dynamic maximum <value> no switchport mac-address dynamic maximum Function: Set the max number of dynamic MAC address allowed by the port, and, at the same time, enable the number limitation function of dynamic MAC address on the port;...

  • Page 313: Debug Switchport Mac Count

    <portName>} Function: Display the number of dynamic MAC of corresponding port. Parameters: <vlan-id> display the specified VLAN ID. This option is not supported by switch. <portName> is the name of layer-2 port. Command Mode: Any mode Usage Guide: Use this command to display the number of dynamic MAC of corresponding port.

  • Page 315: Chapter 30 Commands For Am Configuration

    Chapter 30 Commands for AM Configuration 30.1 am enable Command: am enable no am enable Function: Globally enable/disable AM function. Parameters: None. Default: AM function is disabled by default. Command Mode: Global Mode. Usage Guide: None. Example: Enable AM function on the switch. Switch(config)#am enable Disable AM function on the switch.

  • Page 316: Am Mac-Ip-Pool

    Function: Set the AM IP segment of the interface, allow/deny the IP messages or APR messages from a source IP within that segment to be forwarded via the interface. Parameters: <ip-address> the starting address of an address segment in the IP address pool;...

  • Page 317: Show Am

    Command Mode: Global Mode Usage Guide: None. Example: Delete all configured IP address pools. Switch(config)#no am all ip-pool 30.6 show am Command: show am [interface <interface-name>] Function: Display the configured AM entries. Parameters: <interface-name> is the name of the interface of which the configuration information will be displayed.
  • Page 318 am interface am ip-pool 50.10.10.1 30 am mac-ip-pool 00-02-04-06-08-09 20.10.10.5 am ip-pool 50.20.10.1 20...

  • Page 319: Chapter 31 Commands For Security Feature

    Chapter 31 Commands for Security Feature 31.1 dosattack-check srcip-equal-dstip enable Command: [no] dosattack-check srcip-equal-dstip enable Function: Enable the function by which the switch checks if the source IP address is equal to the destination IP address; the ―no‖ form of this command disables this function. Parameter: None Default: Disable the function by which the switch checks if the source IP address is equal to the destination IP address.

  • Page 320: Dosattack-Check Srcport-Equal-Dstport Enable

    31.3 dosattack-check srcport-equal-dstport enable Command: dosattack-check srcport-equal-dstport enable Function: Enable the function by which the switch will check if the source port is equal to the destination port; the "no" form of this command disables this function. Parameter: None Default: Disable the function by which the switch will check if the source port is equal to the destination port.

  • Page 321: Dosattack-Check Icmpv4-Size

    31.5 dosattack-check icmpv4-size Command: dosattack-check icmpv4-size <64-1023> Function: Configure the max net length of the ICMPv4 data packet permitted by the switch. Parameter: <64-1023> is the max net length of the ICMPv4 data packet permitted by the switch. Default: The value is 0x200 by default Command Mode: Global Mode Usage Guide: To use this function you have to enable ―dosattack-check icmp-attacking enable‖...

  • Page 322: Chapter 32 Commands For Tacacs

    Chapter 32 Commands for TACACS+ 32.1 tacacs-server authentication host Command: tacacs-server authentication host <ip-address> [port <port-number>] [timeout <seconds>] [key <string>] [primary] no tacacs-server authentication host <ip-address> Function: Configure the IP address, listening port number, the value of timeout timer and the key string of the TACACS+ server;...

  • Page 323: Tacacs-Server Nas-Ipv4

    no tacacs-server key Function: Configure the key of TACACS+ authentication server; the ―no tacacs-server key‖ command deletes the TACACS+ server key. Parameter: <string> is the character string of the TACACS+ server key, containing maximum 16 characters. Command Mode: Global Mode Usage Guide: The key is used on encrypted packet communication between the switch and the TACACS+ server.

  • Page 324: Debug Tacacs-Server

    Function: Configure a TACACS+ server authentication timeout timer; the ―no tacacs-server timeout‖ command restores the default configuration. Parameter: <seconds> is the value of TACACS+ authentication timeout timer, shown in seconds and the valid range is 1~60. Command Mode: Global Mode Default: 3 seconds by default.

  • Page 325: Chapter 33 Commands For Radius

    Chapter 33 Commands for RADIUS 33.1 aaa enable Command: aaa enable no aaa enable Function: Enables the AAA authentication function in the switch; the "no AAA enable" command disables the AAA authentication function. Command mode: Global Mode. Parameters: No. Default: AAA authentication is not enabled by default. Usage Guide: The AAA authentication for the switch must be enabled first to enable IEEE 802.1x authentication for the switch.

  • Page 326: Aaa-Accounting Update

    33.3 aaa-accounting update Command: aaa-accounting update {enable|disable} Function: Enable or disable the AAA update accounting function. Command Mode: Global Mode. Default: Enable the AAA update accounting function. Usage Guide: After the update accounting function is enabled, the switch will sending accounting message to each online user on time.

  • Page 327: Debug Aaa Detail Connection

    <interface-name>} no debug aaa detail attribute interface {ethernet <interface-number>| <interface-name>} Function: Enable the debug information of AAA about Radius attribute details; the no operation of this command will disable that debug information. Parameters: <interface-number>: the number of the interface. <interface-name>: the name of the interface. Command Mode: Admin Mode.

  • Page 328: Debug Aaa Error

    Usage Guide: By enabling the debug information of AAA about events, users can check the information of all kinds of event generated in the operation process of Radius protocol, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of AAA about events.

  • Page 329: Radius Nas-Ipv6

    Example: Configure the source ip address of RADIUS packet as 192.168.2.254. Switch#radius nas-ipv4 192.168.2.254 33.10 radius nas-ipv6 Command: radius nas-ipv6 <ipv6-address> no radius nas-ipv6 Function: Configure the source IPv6 address for RADIUS packet sent by the switch. The ―no radius nas-ipv4‖ command deletes the configuration. Parameter: <ipv6-address>...

  • Page 330: Radius-Server Authentication Host

    Command Mode: Global Mode Default: No RADIUS accounting server is configured by default. Usage Guide: This command is used to specify the IPv4/IPv6 address and port number of the specified RADIUS server for switch accounting, multiple command instances can be configured. The <port-number> parameter is used to specify accounting port number, which must be the same as the specified accounting port in the RADIUS server;...

  • Page 331: Radius-Server Dead-Time

    cipher key string and access mode of the specified RADIUS server for switch authentication, multiple command instances can be configured. The port parameter is used to specify authentication port number, which must be the same as the specified authentication port in the RADIUS server, the default port number is 1812. If this port number is set to 0, the specified server is regard as non-authenticating.

  • Page 332: Radius-Server Retransmit

    no radius-server key Function: Specifies the key for the RADIUS server (authentication and accounting); the ―no radius-server key‖ command deletes the key for RADIUS server. Parameters: <string> is a key string for RADIUS server, up to 16 characters are allowed. Command mode: Global Mode Usage Guide: The key is used in the encrypted communication between the switch and the specified RADIUS server.

  • Page 333: Radius-Server Accounting-Interim-Update Timeout

    Parameters: <seconds> is the timer value (second) for RADIUS server timeout, the valid range is 1 to 1000. Command mode: Global Mode Default: The default value is 3 seconds. Usage Guide: This command specifies the interval for the switch to wait RADIUS server response.

  • Page 334: Show Aaa Authenticated-User

    300(default value) 1~299 300~599 600~1199 1200 1200~1799 1800 ≥1800 3600 Example: The maximum number of users supported by NAS is 700, the interval of sending fee-counting update messages 1200 seconds. Switch(config)#radius-server accounting-interim-update timeout 1200 33.18 show aaa authenticated-user Command: show aaa authenticated-user Function: Displays the authenticated users online.

  • Page 335: Show Aaa Config

    ----------------------------------------------------------------------------- --------------- total: 0 --------------- 33.20 show aaa config Command: show aaa config Function: Displays the configured commands for the switch as a RADIUS client. Command mode: Admin and Configuration Mode. Usage Guide: Displays whether AAA authentication, accounting are enabled and information for key, authentication and accounting server specified.

  • Page 336: Show Radius Count

    server accounting server[1].sock_addr = 10:2004::7.1813 .Is Primary = 1 .Is Server Dead = 0 .Socket No = 0 Time Out = 5s :After send the require packets, wait for response time out Retransmit = 3 :The number of retransmit Dead Time = 5min :The tautology interval of the dead server Account Time Interval = 0min :The account time interval 33.21 show radius count Command: show radius {authenticated-user|authenticating-user} count...

  • Page 337: Chapter 34 Commands For Ssl Configuration

    Chapter 34 Commands for SSL Configuration 34.1 ip http secure-server Command: ip http secure-server no ip http secure-server Function: Enable/disable SSL function. Parameter: None. Command Mode: Global Mode. Default: Disabled. Usage Guide: This command is used for enable and disable SSL function. After enable SSL function, the users visit the switch through https client, switch and client use SSL connect, can form safety SSL connect channel.

  • Page 338: Ip Http Secure- Ciphersuite

    34.3 ip http secure- ciphersuite Command: ip http secure-ciphersuite {des-cbc3-sha|rc4-128-sha| des-cbc-sha} no ip http secure-ciphersuite Function: Configure/delete secure cipher suite by SSL used. Parameter: des-cbc3-sha encrypted algorithm DES_CBC3,summary algorithm SHA. rc4-128-sha encrypted algorithm RC4_128,summary algorithm SHA. des-cbc-sha encrypted algorithm DES_CBC,summary algorithm SHA. default use is rc4-md5.
  • Page 339 Example: Switch# debug ssl %Jan 01 01:02:05 2006 ssl will to connect to web server 127.0.0.1:9998 %Jan 01 01:02:05 2006 connect to http security server success!

  • Page 340: Chapter 35 Commands For Ipv6 Security Ra

    Chapter 35 Commands for IPv6 Security RA 35.1 ipv6 security-ra enable Command: ipv6 security-ra enable no ipv6 security-ra enable Function: Globally enable IPv6 security RA function, all the RA advertisement messages will not be forwarded through hardware, but only sent to CPU to handle. The no operation of this command will globally disable IPv6 security RA function.

  • Page 341: Show Ipv6 Security-Ra

    35.3 show ipv6 security-ra Command: show ipv6 security-ra [interface <interface-list>] Function: Display all the interfaces with IPv6 RA function enabled. Parameters: No parameter will display all distrust ports, entering a parameter will display the corresponding distrust port. Command Mode: Admin and Configuration Mode. Example: Switch# show ipv6 security-ra IPv6 security ra config and state information in the switch...

  • Page 342: Chapter 36 Commands For Mrpp

    Chapter 36 Commands for MRPP 36.1 control-vlan Command: control-vlan <vid> no control-vlan Function: Configure control VLAN ID of MRPP ring; the ―no control-vlan‖ command deletes control VLAN ID. Parameter: <vid> expresses control VLAN ID, the valid range is from 1 to 4094. Command Mode: MRPP ring mode Default: None Usage Guide: The command specifies Virtual VLAN ID of MRPP ring, currently it can be...

  • Page 343: Debug Mrpp

    36.3 debug mrpp Command: debug mrpp no debug mrpp Function: Open MRPP debug information; ―no description‖ command disables MRPP debug information. Command Mode: Admin Mode Parameter: None. Usage Guide: Enable MRPP debug information, and check message process of MRPP protocol and receive data packet process, it is helpful to monitor debug. Example: Enable debug information of MRPP protocol.

  • Page 344: Fail-Timer

    Switch(config-If-Ethernet1/3)#mrpp ring 4000 secondary-port 36.5 fail-timer Command: fail-timer <timer> no fail-timer Function: Configure if the primary node of MRPP ring receive Timer interval of Hello packet or not, the ―no fail-timer‖ command restores default timer interval. Parameter: <timer> valid range is from 1 to 300s. Command Mode: MRPP ring mode Default: Default configure timer interval 3s.

  • Page 345: Mrpp Enable

    Switch(mrpp-ring-4000)#hello-timer 3 36.7 mrpp enable Command: mrpp enable no mrpp enable Function: Enable MRPP protocol module, the ―no mrpp enable‖ command disables MRPP protocol. Parameter: Command Mode: Global Mode Default: The system doesn‘t enable MRPP protocol module. Usage Guide: If it needs to configure MRPP ring, it enables MRPP protocol. Executing ―no mrpp enable‖...

  • Page 346: Mrpp Ring Secondary-Port

    Parameter: <ring-id> is the ID of MRPP ring, range is <1-4096>. Command Mode: Port mode Default: None Usage Guide: The command specifies MRPP ring primary port. Primary node uses primary port to send Hello packet, secondary port is used to receive Hello packet from primary node.

  • Page 347: Show Mrpp

    Command Mode: MRPP ring mode Default: Default the node mode is secondary node. Usage Guide: Example: Configure the switch to primary node. MRPP ring 4000. Switch(config)# mrpp ring 4000 Switch(mrpp-ring-4000)#node-mode master 36.12 show mrpp Command: show mrpp [ring-id>] Function: Display MRPP ring configuration. Parameter: <ring-id>...

  • Page 348: Monitor Session Source Interface

    Chapter 37 Commands for Mirroring Configuration 37.1 monitor session source interface Command: monitor session <session> source {interface <interface-list> | cpu} {rx| tx| both} no monitor session <session> source {interface <interface-list> | cpu} Function: Specify the source interface for the mirror. The no form command will disable this configuration.

  • Page 349: Monitor Session Destination Interface

    will disable this configuration. Parameters: <session> is the session number for the mirror. Currently only 1 is supported. <interface-list> is the list of source interfaces of the mirror which can be separated by ―-― and ―;‖. <num> is the number of the access list. rx means to filter the datagram received by the interface.

  • Page 350: Show Monitor

    37.4 show monitor Command: show monitor Function: To display information about the source and destination ports of all the mirror sessions. Command Mode: Admin Mode Usage Guide: This command is used to display the source and destination ports for the configured mirror sessions.

  • Page 351: Chapter 38 Commands For Sflow

    Chapter 38 Commands for sFlow 38.1 sflow destination Command: sflow destination <collector-address> [<collector-port>] no sflow destination Function: Configure the IP address and port number of the host on which the sFlow analysis software is installed. If the port has been configured with IP address, the port configuration will be applied, or else the global configuration will be applied.

  • Page 352: Sflow Priority

    Example: Sample the proxy address at global mode. switch (config)#sflow agent-address 192.168.1.200 38.3 sflow priority Command: sflow priority <priority-value> no sflow priority Function: Configure the priority when sFlow receives packet from the hardware. The "no‖ form of the command restores to the default. Parameter: <priority-value>...

  • Page 353: Sflow Data-Len

    38.5 sflow data-len Command: sflow data-len <length-value> no sflow data-len Function: Configure the max length of the sFlow packet data; the ―no sflow data-len‖ command restores to the default value. Parameter: <length-value> is the value of the length with a value range of 500-1470. Command Mode: Port Mode.

  • Page 354: Show Sflow

    Parameter: <input-rate> is the rate of ingress group sampling, the valid range is 1000~16383500. <output-rate> is the rate of egress group sampling, the valid range is 1000~16383500. Command Mode: Port Mode. Default: No default value. Usage Guide: The traffic sampling will not be performed if the sampling rate is not configured on the port.

  • Page 355: Chapter 39 Commands For Sntp

    Agent address is 172.16.1.100 Address of the sFlow sample proxy is 172.16.1.100 Collector address have not the sFlow global analyzer address is not configured configured Collector port is 6343 the sFlow global destination port is the defaulted 6343 Sampler priority is 2 The priority of sFlow when receiving packets from the hardware is 2.

  • Page 356: Sntp Server

    Parameters: adjust stands for SNTP clock adjustment information; packet for SNTP packets, select for SNTP clock selection. Command mode: Admin Mode Example: Displaying debugging information for SNTP packet. Switch#debug sntp packet 39.2 sntp server Command: sntp server { <server_address> | <server_ipv6_addr> } [version <version_no>] no sntp server { <server_address>...

  • Page 357: Sntp Timezone

    39.4 sntp timezone Command: sntp timezone <name> [{add | subtract}] [<time_difference>] no sntp timezone Function: Set the difference between local time and UTC time. The no operation of this command cancels the configuration timezone and restores the default value. Parameter: <name> is the name of local timezone, consist of max 16 characters. <add> means the timezone equals the UTC time add <time_difference>.<subtract>means the timezone equals the UTC time subtract <time_difference>.<time-difference>...

  • Page 358: Chapter 40 Commands For Ntp

    Chapter 40 Commands for NTP 40.1 ntp enable Command: ntp enable ntp disable Function: To enable/disable NTP function globally. Parameter: None. Default: Disabled. Command Mode: Global Mode. Usage Guide: None. Example: To enable NTP function. Switch(config)#ntp enable 40.2 ntp server Command: ntp server {<ip-address>...

  • Page 359: Ntp Broadcast Server Count

    40.3 ntp broadcast server count Command: ntp broadcast server count <number> no ntp broadcast server count Function: Set the max number of broadcast or multicast servers supported by the NTP client. The no operation will cancel the configuration and restore the default value. Parameters: number:1-100, the max number of broadcast servers.

  • Page 360: Ntp Authenticate

    no ntp access-group server <acl> Function: To configure/cancel the access control list of NTP Server. Parameter: <acl>: ACL number, range is from 1 to 99. Default: Not configure the access control of NTP Server. Command Mode: Global Mode. Usage Guide: None. Example: To configure access control list 2 on the switch.

  • Page 361: Ntp Trusted-Key

    Switch(config)# ntp authentication-key 20 md5 abc 40.8 ntp trusted-key Command: ntp trusted-key <key-id> no ntp trusted-key <key-id> Function: To configure the trusted key. The no command cancels the trusted key. Parameter: key-id: The id of key, range is from 1 to 4294967295. Default: Trusted key is not configured by default.

  • Page 362: Debug Ntp Packet

    Parameter: None. Default: Disabled. Command Mode: Admin Mode. Usage Guide: To display NTP authentication information, if the switch is enabled, and if the packets schlepped authentication information when the packet in sending or receiving process, then the key identifier will be printed out. Example: To enable the switch of displaying NTP authentication information.

  • Page 363: Debug Ntp Sync

    Switch# debug ntp adjust 40.13 debug ntp sync Command: debug ntp sync no debug ntp sync Function: To enable/disable debug switch of displaying local time synchronization information. Parameter: None. Default: Disabled. Command Mode: Admin Mode. Usage Guide: None. Example: To enable debug switch of displaying local time synchronization information. Switch# debug ntp sync 40.14 debug ntp events Command: debug ntp events...

  • Page 364: Show Ntp Session

    address of time source and so on. Parameter: None. Default: None. Command Mode: Admin and Configuration Mode. Usage Guide: None. Example: Switch# show ntp status Clock status: synchronized Clock stratum: 3 Reference clock server: 1.1.1.2 Clock offset: 0.010 s Root delay: 0.012 ms Root dispersion: 0.000 ms Reference time: TUE JAN 03 01:27:24 2006 40.16 show ntp session...

  • Page 365: Chapter 41 Commands For Show

    Chapter 41 Commands for Show 41.1 clear logging Command: clear logging sdram Function: This command is used to clear all the information in the log buffer zone. Command Mode: Admin Mode Usage Guide: When the old information in the log buffer zone is no longer concerned, we can use this command to clear all the information.

  • Page 366: Logging Loghost Sequence-Number

    command will be available. We can configure many IPv4 and IPv6 log hosts. Example 1: Send the log information with a severity level equal to or higher than warning to the log server with an IPv4 address of 100.100.100.5, and save to the log recording equipment local1.
  • Page 367 Usage Guide: When the ping command is entered without any parameters, interactive configuration mode will be invoked. And ping parameters can be entered interactively. Example: Example 1: To ping with default parameters. Switch#ping 10.1.128.160 Type ^c to abort. Sending 5 56-byte ICMP Echos to 10.1.128.160, timeout is 2 seconds..!! Success rate is 40 percent (2/5), round-trip min/avg/max = 0/0/0 ms In the example above, the switch is made to ping the device at 10.1.128.160.

  • Page 368: Ping6

    Timeout in milli-seconds [2000]:500 Extended commands [n]:n Display Information Explanation VRF name VRM name. If MPLS is not enabled, this field will be left empty. Target IP address: The IP address of the target device. Use source address option[n] Whether or not to use ping with source address. Source IP address To specify the source IP address for ping.
  • Page 369 Type ^c to abort. Sending 5 56-byte ICMP Echos to 2001:1:2::4, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/320/1600 ms (2) To issue the ping6 command with source IPv6 address specified. switch>ping6 src 2001:1:2::3 2001:1:2::4 Type ^c to abort.

  • Page 370: Show Boot-Files

    Datagram size in byte[56] Packet size of the ping command. 56 byte by default. Timeout in milli-seconds[2000] Timeout for ping command. 2 seconds by default. Extended commands[n] Extended configuration. Disabled by default. The network is reachable. The network is unreachable. Success rate Statistic information, success rate is 100 percent of...

  • Page 371: Show Debugging

    41.7 show debugging Command: show debugging {l4 | l4drv | lldp | nsm | other | spanning-tree} Function: Display the debug switch status. Usage Guide: If the user needs to check what debug switches have been enabled, show debugging command can be executed. Command mode: Admin Mode Example: Check for currently nsm debug switch state.

  • Page 372: Show Logging Buffered

    enable show ftp 41.10 show logging buffered Command: show logging buffered [level {critical | warnings} | range <begin-index> <end-index>] Function: This command displays the detailed information in the log buffer channel. This command is not supported on low end switches. Parameter: level {critical | warnings} means the level of critical information.

  • Page 373: Show Running-Config

    address, Hex view of the information and character view. Example: Switch#show memory start address : 0x2100 number of words[64]: 002100: 0000 0000 0000 0000 0000 0000 0000 0000 *....* 002110: 0000 0000 0000 0000 0000 0000 0000 0000 *....* 002120: 0000 0000 0000 0000 0000 0000 0000 0000 *....* 002130: 0000 0000 0000 0000 0000 0000 0000 0000 *....*...

  • Page 374: Show Switchport Interface

    Command mode: Admin Mode Usage Guide: The show running-config command differs from show startup-config in that when the user finishes a set of configurations, show running-config displays the added-on configurations whilst show startup-config won‘t display any configurations. However, if write command is executed to save the active configuration to the Flash memory, the displays of show running-config and show startup-config will be the same.

  • Page 375: Show Tcp

    41.15 show tcp Command: show tcp Function: Display the current TCP connection status established to the switch. Command mode: Admin Mode Example: Switch#show tcp LocalAddress LocalPort ForeignAddress ForeignPort State 0.0.0.0 0.0.0.0 LISTEN 0.0.0.0 0.0.0.0 LISTEN Displayed information Description LocalAddress Local address of the TCP connection. LocalPort Local pot number of the TCP connection.

  • Page 376: Show Tech-Support

    41.18 show tech-support Command: show tech-support Function: Display various information about the switch and the running tasks. This command is used to diagnose the switch by the technical support specialist. Command Mode: Admin mode and configuration mode Usage Guide: When failure occurred on the switch, this command can be used to get related information, in order to diagnose the problems.

  • Page 377: Traceroute

    Usage Guide: Use this command to view the version information for the switch, including hardware version and software version. Example: Switch#show version 41.21 traceroute Command: traceroute [source <ipv4-addr> ] { <ip-addr> | host <hostname> } [hops <hops> ] [timeout <timeout> ] Function: This command is tests the gateway passed in the route of a packet from the source device to the target device.
  • Page 378 Default: Default number of the gateways pass by the data packets is 30, and timeout period is defaulted at 2000 ms. Command Mode: Admin Mode Usage Guide: Traceroute6 is normally used to locate destination network inaccessible failures. Example: Switch# traceroute6 2004:1:2:3::4 Relevant Command: ipv6 host...

  • Page 379: Chapter 42 Commands For Reload Switch After

    Chapter 42 Commands for Reload Switch after Specified Time 42.1 reload after Command: reload after <HH:MM:SS> Function: Reload the switch after a specified period of time. Parameters: <HH:MM:SS> the specified time period, HH (hours) ranges from 0 to 23, MM (minutes)and SS(seconds)range from 0 to 59.

  • Page 380: Show Reload

    42.3 show reload Command: show reload Function: Display the user‘s configuration of command ―reload after‖. Parameters: None. Command Mode: Admin and configuration mode Usage Guide: With this command, users can view the configuration of command ―reload after‖ and check how long a time is left before rebooting the switch. Example: View the configuration of command ―reload after‖.

  • Page 381: Chapter 43 Commands For Debugging And Diagnosis

    Chapter 43 Commands for Debugging and Diagnosis for Packets Received and Sent by CPU 43.1 cpu-rx-ratelimit total This command is not supported by the switch. 43.2 cpu-rx-ratelimit queue-length This command is not supported by the switch. 43.3 cpu-rx-ratelimit protocol Command: cpu-rx-ratelimit protocol <protocol-type> <packets> no cpu-rx-ratelimit protocol <protocol-type>...

  • Page 382: Clear Cpu-Rx-Stat Protocol

    43.4 clear cpu-rx-stat protocol Command: clear cpu-rx-stat protocol [<protocol-type>] Function: Clear the statistics of the CPU received packets of the protocol type. Parameter: <protocol-type> is the type of the protocol of the packet, including dot1x, stp, snmp, arp, telnet, http, dhcp, igmp, ssh. Command Mode: Global Mode Usage Guide: This command clear the statistics of the CPU received packets of the protocol type, it is supposed to be used with the help of the technical support.

  • Page 383: Debug Driver

    43.7 debug driver Command: debug driver {receive | send} [interface {<interface-name> | all}] [protocol {<protocol-type> | discard | all}] [detail] no debug driver {receive | send} Function: Turn on the on-off of showing the information of the CPU receiving or sending packets, the ―no debug driver {receive | send}‖...

  • Page 384: Power Inline Enable (Port)

    what the power state of a specified port is. Example: Globally disable PoE. Switch(Config)#no power inline enable 44.1.2 power inline enable (Port) Command: power inline enable no power inline enable Function: Enable/disable PoE power supply. Parameters: None. Command Mode: Port Mode. Default: The power supply state on ports is enabled.

  • Page 385: Power Inline Max (Global)

    Default: Do not provide power supply for non-standard IEEE PD. Usage Guide: With this function enabled, the switch will be compatible with and provide power supply for non-standard IEEE PD. Do not provide power supply for non-standard IEEE PD in switch. Examples: Set the switch to provide power supply for non-standard IEEE PD.

  • Page 386: Power Inline Police

    44.1.6 power inline police Command: power inline police enable no power inline police enable Function: Enable/disable the power priority management policy mode. Parameters: None. Command Mode: Global Mode. Default: The power priority management policy mode is enabled. Usage Guide: Decide whether to use priority policy in power management policy. The ―enable‖...

  • Page 387: Commands For Poe Monitoring And Debugging

    44.2 Commands for PoE Monitoring and Debugging 44.2.1 Monitoring and Debugging Information 44.2.1.1 show power inline Command: show power inline Function: Display global PoE configurations and status. Parameters: None. Command Mode: Admin Mode. Default: None. Usage Guide: The meaning of each field are listed in the following table: Field Description Power Inline Status...
  • Page 388 Mode: Signal HW Version: 30 SW Version: 05.0.5 44.2.1.2 show power inline interface ethernet Command: show power inline interface [ethernet <interface-number> <interface-name>] Function: Display the PoE configuration and status on specified ports. Parameters: interface-list: a list of specified ports, specifying all ports by default. Command Mode: Admin Mode.

  • Page 389: Chapter 45 Detailed Information On Changes

    Examples: Display the current PoE status on port 1 to port 6. Switch# show power inline interface ethernet 1/1-6 Interface Status Oper Power(mW) Max(mW) Current(mA) Volt(V) Priority Class ------------ ------- ------ --------- ------- ----------- ------- -------- ----- Ethernet1/1 enable 15400 high Ethernet1/2 enable...
  • Page 390  command ―show gvrp current (dynamic | static | ) registerd vlan interface (Ethernet | port-channel |) IFNAME‖ changed to ―show gvrp port (dynamic | static | ) registerd vlan interface (Ethernet | port-channel |) IFNAME‖  command ―show gvrp vlan <1-4094> registerd ports‖ changed to ―show gvrp vlan <1-4094>...
  • Page 391 configuration function order (2) instruction for the configuration of default action (default action).  ―dot1x port-method‖ added ―userbased standard‖ value and the same changes applied to the operation manual.

Table of Contents