Page 1 AlliedWare Plus™ Operating System Software Reference Software Version 5.2.1 x900-12XT/S x900-24XS x900-24XT x900-24XT-N Switchblade x908 C613-50003-00 Rev E...
Page 2 This documentation is subject to change without notice. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s internal use without the written permission of Allied Telesis, Inc.
Page 3: Table Of Contents
The default configuration script........................1.11 How to change the password........................1.12 How to set a management IP address ....................1.12 How to save and boot from the current configuration..............1.13 How to return to the factory defaults....................1.15 How to see system information.........................1.16 How to set system parameters ........................1.18 How to set the time and date ........................1.20...
Page 4 IGMP Snooping..............................14.22 15. Switching Commands 16. VLAN Commands VLAN Commands..............................16.2 17. GVRP Commands GVRP Commands...............................17.2 18. Spanning Tree Introduction: STP, RSTP, MSTP Introduction ................................18.2 Overview of Spanning Trees........................18.2 Spanning Tree Protocol (STP)........................18.5 Configuring STP..............................18.6 Rapid Spanning Tree Protocol (RSTP) ....................18.7 Configuring RSTP ..............................18.8...
Page 5 34. IGMP Multicast Commands Introduction ................................34.2 35. Common Multicast Commands Introduction ................................35.2 36. PIM-SM Configuration Introduction ................................36.2 37. PIM-SM Commands Introduction ................................37.2 ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 6 Configuration Examples...........................48.6 49. EPSR Commands Management 50. NTP Configuration Reference Introduction ................................50.2 Overview .................................50.2 NTP on the Switch.............................50.3 Troubleshooting..............................50.3 Configuration Example.............................50.4 ©2008 Allied Telesis Inc. All rights reserved. AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 7 51. NTP Commands 52. Dynamic Host Configuration Protocol (DHCP) Introduction Introduction ................................52.2 Configuring the DHCP Server........................52.3 Configuring the DHCP Relay Agent ......................52.5 Configuring the DHCP Client........................52.7 53. Dynamic Host Configuration Protocol (DHCP) Commands 54. SNMP Introduction Introduction ................................54.2 Network Management Framework ......................54.2 Structure of Management Information ....................54.4...
Page 8: Introduction
65. Stacking Commands Introduction ................................65.2 Appendix l Command List...
Page 9: Setup Reference
Setup Reference This part includes the following chapters: Chapter 1, Getting Started ■ ■ Chapter 2, Command Syntax Conventions in this Software Reference ■ Chapter 3, Startup Sequence ■ Chapter 4, CLI Navigation Commands Chapter 5, User Access Commands ■...
Page 11 How to change the password........................1.12 How to set a management IP address ....................1.12 How to save and boot from the current configuration..............1.13 How to save to the default configuration file ................1.13 How to create and use a new configuration file..............1.13 How to return to the factory defaults....................1.15...
Page 12: Getting Started
The defaults are: username: manager password: friend The switch logs you into User Exec mode. From User Exec mode, you can perform high-level diagnostics (some show commands, ping, traceroute etc), start sessions (Telnet, SSH), and change mode. ©2008 Allied Telesis Inc. All rights reserved.
Page 13: How To Get Command Help
“--More--” at the end of each screenful. Press the space bar to display the next screenful or the Q key to return to the command prompt. Example To see which commands are available in User Exec mode, enter “?” at the User Exec mode command prompt: awplus>?
Page 14 The layer2 interfaces Internet Protocol (IP) ipv6 Internet Protocol version 6 (IPv6) Example To use the ? help to work out the syntax for the clock timezone command, enter the following sequence of commands: awplus(config)#clock ? summer-time Manage summer-time timezone...
Page 15 The switch also prints the command and marks the first invalid character by putting a '^' under it. Note that you may get this error if you enter a command in the wrong mode, as the following output shows.
Page 16: How To Work With Command Modes
Multiple users can telnet and issue commands using the Exec mode and the Privileged Exec mode. However, only one user is allowed to use the Configure mode at a time. This prevents multiple users from issuing configuration commands simultaneously.
Page 17 ■ ■ Interface Configuration mode to associate the instances with the appropriate ports. Returning to The following figure shows the commands to use to move from a lower-level mode to a higher-level higher-level mode. modes ©2008 Allied Telesis Inc. All rights reserved.
Page 18 To go from Privileged Exec to User Exec: awplus#disable awplus> Entering When you are configuring the switch, you are likely to want to enter show commands to Privileged Exec confirm the configuration. This can mean you change often between configuration modes and commands when Privileged Exec mode.
Page 19: How To See The Current Configuration
This displays only the lines that contain word. To start the display at a particular place, enter the command: awplus#show running-config |begin <word> This searches the running-config for the first instance of word and begins the display with that line. ©2008 Allied Telesis Inc. All rights reserved.
Page 20: Default Settings
CPU in its default state as an L2 switch ■ sets the maximum number of ECMP routes to 8 turns on RSTP on all ports. Note that the ports are not set to be edge ports ■ ■...
Page 21: The Default Configuration Script
Getting Started The default configuration script Most of the above default settings are in the form of commands, which the switch copies to its running-config when it first boots up. The switch stores a copy of the default configuration commands in the file default.cfg and uses that file as its default start-up file.
Page 22: How To Change The Password
Getting Started How to change the password To change the password for the manager account, enter Global Configuration mode and enter the following command: awplus(config)#username manager password <new-password> The password can contain any printable character and is case sensitive. How to set a management IP address This section describes how to set an IP address on the eth0 management port.
Page 23: How To Save And Boot From The Current Configuration
To run the commands in example.cfg on startup, enter the command awplus(config)#boot config-file example.cfg Display the new settings To see the files that the switch uses at startup, enter Privileged Exec mode and enter the command: awplus#show boot ©2008 Allied Telesis Inc. All rights reserved.
Page 24 Default boot config: flash:/.configs/default.cfg Current boot config: flash:/example.cfg (file exists) Continue updating the file when you change the configuration When you next want to save the current configuration, enter Privileged Exec mode and enter the command: awplus#copy running-config startup-config The parameter startup-config is a short-cut for the current boot configuration file.
Page 25: How To Return To The Factory Defaults
To completely remove your configuration and return to the factory default configuration, restore defaults delete or rename the default file and make sure no other file is set as the start-up configuration file. To find the location of the default boot configuration file, enter Privileged Exec mode and enter...
Page 26: How To See System Information
■ Viewing overall system information To display an overview of the switch hardware, software, and system settings, enter User Exec or Privileged Exec mode and enter the command: awplus#show system The output looks like this:...
Page 27: Viewing Temperature, Voltage, And Fan Status
User Exec or Privileged Exec mode and enter the command: awplus#show system environment The output looks like the following figure. This device has a power supply unit in the first PSU bay and a fan in the second PSU bay.
Page 28: How To Set System Parameters
How to change the telnet session timeout By default, telnet sessions time out after 10 minutes of idle time. If desired, you can change this. To change the timeout for all telnet sessions, enter Global Configuration mode and enter the...
Page 29: How To Display A Text Banner At Login
How to display a text banner at login By default, the switch displays the AlliedWare Plus OS version and build date at login. You can customize this by changing the Message of the Day (MOTD) banner. To enter a new MOTD banner, enter Global Configuration mode and enter the command: awplus(config)#banner motd <banner-text>...
Page 30: How To Set The Time And Date
(“How to configure summer-time” on page 1.21) Instead of manually setting the time, you can use NTP to automatically get the time from another device. How to show current settings To display the current time, timezone and date, enter Privileged Exec mode and enter the...
Page 31: How To Configure Summer-Time
The zone-name can be any string up to 6 characters long. The start-time and end-time are in the form hh:mm, in 24-hour time. Note that if you specify 5 for the week, this changes the time on the last day of the month, not the 5th week.
Page 32: How To Add And Remove Users
Both name and password can contain any printable character and are case sensitive. The AlliedWare Plus OS gives you a choice of 1 or 15 for the privilege level. Level 1 users are limited to User Exec mode so you need to set most users to level 15.
Page 33 The next section describes why. Testing this If you want to test the effect of this, create a new user for the test instead of using the manager feature user. The test stops you from logging in as the test user, so you need to have the manager user available to log in as.
Page 34: How To Undo Settings
Some commands have a default parameter that returns the feature to its default setting. Example You can change the login banner to “this is a new banner” by entering the command: awplus(config)#banner motd this is a new banner To return to the default banner, enter the command: awplus(config)#banner motd default Note that this command also has a no parameter that lets you remove the banner altogether.
Page 35: How To Upgrade The Firmware
Getting Started How to upgrade the firmware New releases of the AlliedWare Plus OS become available regularly. Contact your customer support representative for more information. Put the new release onto your TFTP server If necessary, create space in the switch’s Flash memory for the new release Note that you cannot delete the current release file.
Page 36: Controlling "Show" Command Output
Getting Started Controlling “show” command output You can control the output of show commands by using the | and > tokens in either of the following ways: ■ To display only part of the output, follow the command with | and then other keywords...
Page 37 | redirect history.txt Output The output redirection token > puts the lines of output into the specified file. If the file already Redirection exists, the new output overwrites the file’s contents; the new output is not appended to the existing file contents.
Page 38: Commands Available In Each Mode
Getting Started Commands available in each mode This appendix lists the commands available in the following command modes for software version 5.2.1: ■ “User Exec mode” on page 1.28 ■ “Privileged Exec mode” on page 1.29 ■ “Global Configuration mode” on page 1.30 User Exec mode awplus>?
Page 39: Privileged Exec Mode
Text Editor enable Turn on privileged mode command erase Erase the system startup configuration exit End current mode and down to previous mode help Description of the interactive help system license Activate software feature license logout Exit from the EXEC...
Page 40: Global Configuration Mode
Modify enable password parameters epsr Ethernet Protection Switching Ring (EPSR) exception Configure exception settings exit End current mode and down to previous mode FIB information gvrp GARP Vlan Registration Protocol help Description of the interactive help system hostname Set system's network name...
Page 41 Getting Started Multi-Layer Switch(L2/L3) Negate a command or set its defaults Configure NTP ospf Open Shortest Path First (OSPF) Pluggable Authentication Module ping-poll Ping Polling platform Configure global settings for the switch asic policy-map Policy map command radius-server RADIUS server configuration commands...
Page 43: Command Syntax Conventions In This Software Reference
2 Command Syntax Conventions in this Software Reference The following table describes how command line interface syntax is shown in this Software Reference. What to enter in the Syntax element Example command line Keywords are shown in lowercase fixed- Some keywords are...
Page 44 Command Syntax Conventions in this Software Reference ©2008 Allied Telesis Inc. All rights reserved. AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 45: Alliedware Plus™ Start-Up
3 Startup Sequence AlliedWare Plus™ Start-up..........................3.2 Diagnostic menu..............................3.3 Bootloader menu..............................3.5 Start-up sequence...............................3.10 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 46: Startup Sequence
The bootloader is the executable code responsible for setting up the system and loading the release software. The bootloader is the software that runs the unit when it first powers up, performing basic initialization and executing the product software release. As part of the start-up process of the switch, the bootloader allows you various options before running the product release software.
Page 47: Diagnostic Menu
Diagnostic menu Enter Ctrl+D during start-up to access the bootloader diagnostic menu, and provide options for performing various hardware tests. This can be useful as a tool for confirming a suspected hardware problem at the direction of network engineering personnel.
Page 48 The options in the stage 2 diagnostics menu allow you to initiate the following tests: ■ Flash The Bootloader tests the user file system area of flash. The bootloader is stored in a protected area of flash that is not accessed by the user file system. Flash Erase ■...
Page 49: Bootloader Menu
Enter selection ==> Boot options A powerful feature of AlliedWare Plus™ is the ability to boot from a variety of sources. Previously the switch was constrained to just booting off the release loaded into flash memory. The only software release upgrade path being to load a new release into flash memory and then set this release to be loaded at the next restart.
Page 50 You can select a one-off boot from flash, SD card, network server (TFTP), or ymodem. The selected option will be used for the next restart (only) of the switch. If you select to boot from the network, the bootloader prompts the user for the required network address details: Note: These settings are specific to the Bootloader.
Page 51 The baud rate of the console session is set here to match the terminal program being used for management of the switch when connected directly to the asynchronous port. The switches default value is 9600. The baud rate selected can be set as the ‘new’ default for future use if preferred.
Page 52 Startup Sequence System information The system information option provides some details on the hardware platform in use, such as CPU, memory, hardware (MAC) address and so on. System information: System (Detected values) ------------------------------------------------------ CPU: Type ....: MPC8541E Speed ....: 666 MHz Memory: Total installed ..: 512 MB...
Page 53 Are you sure? (Y/N) ==> The bootloader menu provides a powerful set of options for flexibility in the way software releases are upgraded on the switch, and system recovery is performed. These should meet the requirements of the many different network scenarios that Allied Telesis products are part ©2008 Allied Telesis Inc.
Page 54: Start-Up Sequence
Start-up sequence The start-up sequence for a device running AlliedWare Plus™ under normal circumstances will be as seen below - this sequence will be seen when everything loads and runs as expected. Note: To enter the bootloader or diagnostic menus discussed previously, Ctrl+B or Ctrl+D must be entered when prompted before the software modules start loading.
Page 55 Whether an error message results in a case of the device being unusable will depend on the specific error and message, so will need to be dealt with on a case by case basis. If a software release has been corrupted, as shown on start-up, a new release may need to be loaded.
Page 57 ....................................4.5 logout....................................4.5 show cli..................................4.6 show history................................4.6 show list..................................4.7 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 58: Cli Navigation Commands
CLI Navigation Commands Introduction This chapter provides an alphabetized reference for the commands used to navigate between different modes. This chapter also provides a reference for the help and show commands used to help navigate within the CLI. configure terminal This command enters the configure command mode.
Page 59: Enable
CLI Navigation Commands This command lets you to run Exec and Privileged Exec mode commands when you are in a configuration mode. Syntax do <line> Parameter Description Specify the command and its parameters. <line> Any configuration mode Mode Example awplus#configure terminal awplus(config)#do ping 10.10.0.23...
Page 60: End
This command returns the prompt to the Privileged Exec command mode from any other advanced command mode. Syntax All command modes Mode The following example shows the use of the end command to return to the Privileged Exec Examples mode directly from Interface mode. awplus#configure terminal awplus(config)#interface VLAN1...
Page 61: Help
(e.g. 'show ?'). Enter '?' after part of a parameter to show parameters that complete the typed letters (e.g. 'show ip?'). To display a description on how to use the system help, use the command: Examples awplus(config)#help logout This command exits the Exec or Privileged Exec modes and ends the session.
Page 62: Show Cli
To display the CLI tree of the current mode, use the command: Examples awplus#show cli show history This command lists the commands entered in the current session. The history buffer is cleared automatically upon reboot. The output lists all command line entries, including commands that returned an error. Syntax...
Page 63: Show List
CLI Navigation Commands show list Use this command to display a list of all the commands relevant to the current mode. Syntax show list All command modes. Mode Figure 4-4: Example output from the show list command in Configure mode...
Page 65 ................................5.12 telnet ..................................5.13 telnet server ................................5.13 terminal length..............................5.14 username .................................5.15 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 66: User Access Commands
Introduction This chapter provides an alphabetical reference of commands used to configure user access. clear line console This command resets a console line. If a terminal session exists on the line then it is closed. clear line console Syntax Privileged Exec mode...
Page 67: Clear Pam Local User Lockout
User Access Commands clear pam local user lockout This command unlocks one or all user accounts. The switch locks a user account when someone enters the wrong password for that account five times in a row. This command makes it possible for the user to attempt to log in again immediately.
Page 68: Enable Password
User Access Commands enable password To set a local password to control access to various privilege levels, use the enable password global configuration command. Use the enable password command to modify or create a password to be used, and use the no enable password command to remove the password.
Page 69 Use this method if you already know the encrypted string corresponding to the plain text string that you want to use as a password. It is not required to use the service password-encryption command for this method. The output in the configuration file will show only the encrypted string, and not the text string.
Page 70: Exec-Timeout
Line mode Mode This command is used set the time the telnet session waits for an idle VTY session, before it Usage times out. An exec-timeout 0 0 setting will cause the telnet session to wait indefinitely. To set VTY connections to timeout after 2 minutes, 30 seconds if there is no response from...
Page 71: Length
If the output from a command is longer than the length of the line the output will be paused and the ‘–More–’ prompt allows you to move to the next screen full of data. A length of 0 will turn off pausing and data will be displayed to the console as long as there is data to display.
Page 72: Line
User Access Commands line Use this command to move to line configuration mode for the specified VTYs or the console. line vty Syntax <first> [<last>] line console 0 Parameter Description <0-32> Specify the first line number. first <0-32> Specify the last line number.
Page 73: Pam Local Authentication Attempts Max-Fail
When a successful login occurs the fail counter is reset to 0. When a user account is locked out all attempts to login using that account will fail. Use the no parameter to restore the maximum number of failed login attempts to its default setting of 5.
Page 74: Service Password-Encryption
Commands service telnet Use this command to enable the telnet server. The server is enabled by default. The server listens on port 23, unless you have changed the port by using the pam local authentication attempts lockout-time command on page 5.8.
Page 75: Service Terminal-Length
User Access Commands service terminal-length Use this command to specify the number of rows of output that the device will display before pausing, for all console and VTY lines. Use the no parameter to remove the length specified by this command. The default length will...
Page 76: Show Telnet
Related Commands telnet server show users show users This command shows information about the users who are currently logged into the device. show users Syntax Exec mode and Privileged Exec mode. Mode Figure 5-2: Example output from the...
Page 77: Telnet
This command enables the telnet server on the specified TCP port. If the server is already enabled then it will be restarted on the new port. Changing the port number does not affect the port used by existing sessions.
Page 78: Terminal Length
Use the terminal no length command to remove the length specified by this command. The default length will apply unless you have changed the length for some or all lines by using the length command on page 5.7.
Page 79: Username
The user’s password. The password is an alpha-numeric string up to 80 characters in length and can include spaces. Configure mode Mode To create the user “bob” with a privilege level of 15, and the password “bobs_secret”, use the Examples command: awplus(config)#username bob privilege 15 password bobs_secret ©2008 Allied Telesis Inc.
Page 81: Introduction
6 Creating and Managing Files Introduction................................6.2 Working with files..............................6.2 Listing files................................6.2 Displaying the contents of configuration and text files............6.4 Navigating through the file system ......................6.4 Using the editor..............................6.6 Creating and Using Configuration Files .....................6.7 Creating a Configuration File........................6.7 Specifying the Startup Configuration Script..................6.7 Working with Configuration Files ......................6.8...
Page 82: Creating And Managing Files
The flash memory on the switch automatically compacts itself to recover space available from deleted files. The switch only does this when necessary, and not every file deletion causes flash compaction. Flash compaction can occur after a file of any size is added to or deleted from the switch.
Page 83 To display information about the different memory types on the switch, enter Privileged Exec mode and enter the command: awplus#show file systems The output includes the amount of free memory and the prefix you type to access that memory type, and looks like this: Size(b)
Page 84: Displaying The Contents Of Configuration And Text Files
Creating and Managing Files Listing files in NVS memory or on an SD card To list the contents of a directory in NVS, enter Privileged Exec mode and enter the command: awplus#dir nvs:<directory-name> To list the contents of a directory on an SD card, enter the command: awplus#dir card:<directory-name>...
Page 85 To change to the top-level directory on an SD card, enter the command: awplus#cd card:/ Note that the prefix for the SD card is “card” not “sdcard”. Next, you can change to other directories in NVS memory or on the SD card, by entering the command: awplus#cd <directory-name>...
Page 86: Using The Editor
<filename> To open the editor with an empty file, enter the command: edit When you save the new file, you may need to specify the file system to store it on. For Flash, use flash:/<filename>. Using JOE To format and manipulate text in JOE, you use control-character sequences. The following table summarizes a few useful sequences—for details, see:...
Page 87: Creating And Using Configuration Files
Working with Configuration Files ■ Creating a Configuration File A configuration file is a text file that contains a sequence of standard commands for a specific purpose. Configuration files have a .cfg extension. Your device has a default configuration script called default.cfg.
Page 88: Working With Configuration Files
At the next restart that occurs after you’ve erased the file, the device loads the configuration in the file default.cfg. This file is set on the system as a backup configuration file that loads if no other file is set as the startup-config file.
Page 89: Copying Files To And From Your Device
Many of the file management commands use the placeholder “URL” to represent the name and location of the file that you want to act on. The following table explains the syntax of this URL for each different type of file location.
Page 90 The switch then prompts you for the destination filename. To give the copy a new name, type the name at the prompt. You can include directory names in the path. To use the same filename as the original, press the Enter key (do not press the “y” key—that names the copy “y”).
Page 91 Follow the prompts for source filename, server, and destination filename. If the file is not in the top level of the TFTP server, include the path as part of the filename. To copy example.cfg to the TFTP server at 172.1.1.1, enter the command:...
Page 92: Copying From A Server To Running Configuration
Enter destination file name [example.cfg]: Copying from source file, please wait... Copying to destination file, please wait... 0: Successful operation To load the file “bob.key” from a TFTP server, where the file is in the folder “security”, use the command: awplus. copy tftp://security/bob.key flash:/bob.key Copying with Secure Copy (SCP) Secure Copy (SCP) provides a secure way to copy files to and from a remote device using SSH.
Page 93 ............................7.27 show version................................7.28 write file..................................7.29 write memory ...............................7.29 write terminal................................7.30 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 94: File Management Commands
Many of the commands in this chapter use the placeholder “URL” to represent the name and Keyword Usage location of the file that you want to act on. The following table explains the syntax of this URL for each different type of file location.
Page 95: Boot Backup
File Management Commands boot backup This command specifies a backup release file to load during the next boot cycle. If your device cannot load the main release file, then the file specified with this command is used. boot backup Syntax <filename>...
Page 96: Boot System
Valid release files must have a .rel extension. Configure mode. Mode To run the release file “r1-5.2.1.rel” the next time the device boots up, use the command: Examples awplus(config)#boot system rl-5.2.1.rel boot config-file Related Commands...
Page 97: Copy Current-Software
This command copies the AlliedWare Plus OS software that the device has booted from to a destination file. Specify whether the destination is Flash or Card when saving the software to the local file system. copy current-software Syntax <destination-url>...
Page 98: Copy Local
File Management Commands copy LOCAL This command copies a file between local file systems. This allows you to copy a file stored on flash memory to or from a different memory type attached to your device, such as an SD card.
Page 99: Copy Running-Config
File Management Commands copy running-config This command copies the running-config to a destination file, or copies a source file into the running-config. Commands entered in the running-config do not survive a device reboot unless they are saved in a configuration file.
Page 100: Copy Startup-Config
Mode To copy the file Layer3.cfg to the startup-config, use the command: Examples awplus#copy Layer3.cfg startup-config To copy the startup-config as the file “oldconfig.cfg” in the current directory, use the command: awplus#copy startup-config oldconfig.cfg copy running-config Related Commands ©2008 Allied Telesis Inc. All rights reserved.
Page 101: Copy Url
“configtest.cfg”, use the command: awplus#copy card:/config.cfg configtest.cfg In a stacked environment you can use the CLI on a stack master to access file systems that are Stacked Devices located on another stack member. In this case, when you enter the command, specify the stack member’s file system by using the following syntax:...
Page 102: Copy Zmodem
File Management Commands copy zmodem This command allows you to copy files using ZMODEM using Minicom. ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer. copy zmodem Syntax <source-url> copy zmodem...
Page 103: Delete
To delete the directory “old_configs”, which is not empty, use the command: awplus#delete recursive old_configs To delete the directory “new_configs”, which is not empty, without prompting if any read-only files are being deleted, use the command: awplus#delete force recursive new_configs...
Page 104: Dir
To list recursively the files in the Flash file system, use the command: awplus#dir recursive flash In a stacked environment you can use the CLI on a stack master to access file systems that are Usage located on another stack member. In this case, when you enter the command, specify the stack member’s file system by using the following syntax:...
Page 105: Edit
If a filename is specified and it already exists, then the editor opens it in the text editor. If no filename is specified, the editor prompts you for one when you exit it.
Page 106: Edit Url
“URL Syntax and Keyword <url> Usage” on page 7.2 for valid URL syntax. Privileged Exec mode. Mode To view the file “bob.key” stored in the security directory of a TFTP server, use the command: Examples awplus#edit tftp://security/bob.key edit Related Commands...
Page 107: License
These commands enable or disable the specified licensed software feature set. For feature licenses, contact your authorised distributor or reseller. If a license key expires or a proper key is not installed, some software features will not be available. Syntax license <name>...
Page 108: Move
Mode To rename the file “temp.cfg” to “startup.cfg”, use the command: Examples awplus#move temp.cfg startup.cfg To move the file “temp.cfg” from the root of the flash filesystem to the directory “myconfigs”, use the command: awplus#move temp.cfg myconfigs/temp.cfg delete Related Commands...
Page 109: Rmdir
In a stacked environment you can use the CLI on a stack master to access file systems that are Usage located on another stack member. In this case, when you enter the command, specify the stack member’s file system by using the following syntax:...
Page 110: Show Boot
The boot image currently configured for use during the next boot cycle. Backup boot image The boot image to use during the next boot cycle if the device cannot load the main image. Default boot config The default startup configuration file. The device loads this configuration script if no file is set as the startup-config file.
Page 111: Show File
Name of a file on the local Flash file system. URL of a file. <url> Privileged Exec mode. Mode To display the contents of the file “oldconfig.cfg”, which is in the current directory, use the Example command: awplus#show oldconfig.cfg edit...
Page 112: Show File Systems
This command lists the filesystems and their utilization information where appropriate. If this command is entered on the stack master, it will list the file systems for all the stack members. A stack member heading is displayed to distinguish the different lists shown for each stack member.
Page 113 Whether the memory is located locally or via a network connection. Lcl / Ntwk Whether the memory is accessible: Y (yes), N (no), - (not appropriate) Y / N To display the filesystems for either a standalone device, or a complete stack, use the Example command: awplus#...
Page 114: Show License
License expiry date Expiry date for Temporary feature key Features include List of features included in the feature key To display a brief summary of information about all enabled licenses, use the command: Examples awplus# show license brief To display full information about all enabled licenses, use the command:...
Page 115: Show Running-Config
To display only lines that contain a particular word, follow the command with | include word ■ To start the display at the first line that contains a particular word, follow the command with | begin word ■ To save the output to a file, follow the command with > filename For more information, see “Controlling “show”...
Page 116 VLAN1 ip address 172.28.8.210/16 ip route 0.0.0.0/0 172.28.0.1 line con 0 line vty 0 4 To display the current dynamic configuration of your device, use the command: Examples awplus#show running-config show running-config interface Related Commands ©2008 Allied Telesis Inc. All rights reserved.
Page 117: Show Running-Config Interface
File Management Commands show running-config interface This command displays the current configuration of one or more interfaces on the device. Syntax show running-config interface show running-config interface <interface-list> show running-config interface <interface-list> dot1x show running-config interface <interface-list> ip igmp show running-config interface <interface-list> ip multicast show running-config interface <interface-list>...
Page 118 To display current OSPF configuration of your switch for ports 1 to 24, use the command: awplus#show running-config interface port1.0.1-port1.0.24 ospf To display current IGMP configuration for ports 1 to 12 on XEM 1 and 3, use the command: awplus#show running-config interface port1.0.1-1.0.12,port1.3.1-1.3.12 ip igmp...
Page 119: Show Startup-Config
File Management Commands show startup-config This command displays the contents of the start-up configuration file, which is the file that the device runs on start-up. Syntax show startup-config Privileged Exec mode Mode Figure 7-5: Example output from the show startup-config...
Page 120: Show Version
File Management Commands show version This command displays the version number and copyright details of the current AlliedWare Plus OS your device is running. show version Syntax Privileged Exec mode and Exec mode Mode Figure 7-6: Example output from the...
Page 121: Write File
File Management Commands write file This command copies the running-config into the file that is set as the current startup-config file. This command is a synonym of the write memory and copy running-config startup-config commands. write [file] Syntax Privileged Exec mode...
Page 122: Write Terminal
File Management Commands write terminal This command displays the current configuration of the device. This command is a synonym of show running-config command. write terminal Syntax Privileged Exec mode Mode To display the current configuration of your device, use the command:...
Page 123 ............................8.29 show tech-support.............................8.30 system territory..............................8.32 terminal monitor ..............................8.33 undebug nsm.................................8.33 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 124: System Configuration And Monitoring Commands
OS commands for configuring and monitoring the system. banner This command displays a text banner on login. Use the default parameter to display the default banner (the AlliedWare Plus version and build date). Use the no parameter to display no banner. Syntax banner motd [default|<text>]...
Page 125: Clock Set
Configure the timezone before setting the local time. Otherwise, when you change the Usage timezone, the device applies the new offset to the local time. To set the time and date on your system to 2pm on the 2nd of April 2007, use the command: Example awplus#clock set 14:00:00 2 apr 2007...
Page 126: Clock Summer-Time Date
System Configuration and Monitoring Commands clock summer-time date This command defines the start and end of summertime for a specific year only, and specifies summertime’s offset value to Standard Time for that year. The no parameter removes the device’s summertime setting. This clears both specific...
Page 127: Clock Summer-Time Recurring
Week of the month when summertime starts, in the range 1-5. The value START-WEEK 5 indicates the last week that has the specified day in it for the specified month. For example, to start summertime on the last Sunday of the month, enter 5 for START-WEEK and sun for START-DAY.
Page 128: Clock Timezone
This command defines the device’s clock timezone. The timezone is set as a offset to the UTC. The no parameter resets the system time to UTC. By default, the system time is set to UTC.
Page 129: Debug Nsm
System Configuration and Monitoring Commands debug nsm This command specifies a set of debug options for use by Allied Telesis authorized service personnel only. Syntax debug nsm [all|events] debug nsm packet [recv|send][detail] no debug nsm [all|events|packets] no debug nsm packet...
Page 130: Hostname
"Lab-1", "Lab-2" and so on. In case of stack master fail-over, or stack split, the new stack will use the previous stack name as its host name and the stack name, unless it is changed by executing hostname command on the new stack master.
Page 131: No Debug All
Use this command to enable the advanced mode VTY interface. This sets multiple options to be listed when the Tab key is pressed, after completing a command. Use the no version of this command to set no options to be listed when the Tab key is pressed, after completing a command.
Page 132: Show Clock
Syntax Exec and Privileged Exec mode. Mode Figure 8-1: Example output from the show clock command for a device using New Zealand Output time Local Time: Mon, 6 Aug 2007 13:56:06 +1200...
Page 133: Show Cpu
[sort {thrds|pri|sleep|runtime}] Parameter Description sort Whether to sort the list by a specified field. If you do not specify this, then the list is sorted by percentage CPU utilization. thrds The list is sorted by the number of threads.
Page 134 To show the cpu utilization of current processes, sorting them by the number of threads the Examples processes are using, use the command: Note that in a stack environment, executing this command on the stack master will show CPU utilization for all stack members.
Page 135: Show Cpu History
0..5..1..1..2..2..3..3..4..4..5..5..The two lines of this axis should be read as a single line (0, 5, 10, 15, 20 ... 55). Each dot is one time period (one second for the first graph, one minute for the second graph, and 25 minutes for the third graph).
Page 136 To display a graph showing the historical CPU utilization of the device, use the command: Examples awplus# show cpu history When used on a stack master, this command will display historical CPU utilization for all the stack members. To display the memory utilization history graph for stack member 3, use the command: awplus#...
Page 137: Show Debugging Nsm
System Configuration and Monitoring Commands show debugging nsm This command displays system details for use by Allied Telesis authorized service personnel only. show debugging nsm Syntax Exec mode and Privileged Exec mode Mode debug nsm Related Commands ©2008 Allied Telesis Inc. All rights reserved.
Page 138: Show Memory
This command displays the memory used by each process that is currently running. If this commands is entered on the stack master, it will display corresponding memory utilization information for all the stack members. A stack member heading will be displayed to distinguish the different lists for every stack member.
Page 139 Greatest amount of memory ever used by the process. peak Amount of memory used for data. data The stack size. To display the memory used by the current running processes, use the command: Example awplus# show memory show memory allocations...
Page 140: Show Memory Allocations
This command displays the memory allocations used by processes. If entered on the stack master, this command will display corresponding memory utilization information for all the stack members. A stack member heading will be displayed to distinguish the different lists for every stack member.
Page 141 System Configuration and Monitoring Commands To display the memory allocations used by BGP, use the command: awplus# show memory allocations bgp show memory Related Commands show memory history show memory pools ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1...
Page 142: Show Memory History
0..5..1..1..2..2..3..3..4..4..5..5..The two lines of this axis should be read as a single line (0, 5, 10, 15, 20 ... 55). Each dot is one time period (one second for the first graph, one minute for the second graph, and 25 minutes for the third graph).
Page 143: Show Memory Pools
To show a graph displaying the historical memory usage for a single device (device 3 in this example) within a stack, use the command: awplus# remote-command 3 show memory history...
Page 144: Show Memory Pools
Exec mode and Privileged Exec mode Mode Figure 8-7: Example output from the show memory pools command Output Memory pools for BGP ---------------------- name bgpd; pid 1207; size 1996; peak 8640; data 2012; stack 84 pool allocated ---- --------- LDP Id Memory diagnostics 2508...
Page 145: Show Nsm Client
System Configuration and Monitoring Commands show nsm client This command displays system details for use by Allied Telesis authorized service personnel only. show nsm client Syntax Privileged Exec mode Mode ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1...
Page 146: Show Process
This command lists a summary of the current running processes. For a stacked configuration, if this command is entered on the stack master, it will display the information for all the stack members. A stack member heading will be displayed to distinguish the different information for every stack member.
Page 147: Show Router-Id
Process priority. Process state; one of “run”, “sleep”, “stop”, “zombie”, or “dead”. state Percentage of time the process is in the sleep state. sleep% To display a summary of the current running processes, use the command: Example awplus# show process remote-command...
Page 148: Show System
It also displays location and contact details when these have been set. For a stacked configuration, if this command is entered on the stack master, it will display the information for all the stack members. A stack member heading will be displayed to distinguish the different information for every stack member.
Page 149 : usa System Name System Contact System Location To display the system information for a single switch, or a whole stack, use the command: Example awplus# show system To display the system information of stack member 3, use the command:...
Page 150: Show System Environment
XEM, or other expansion option. The environmental status covers information about temperatures, fans, and voltage. For a stacked configuration, if this command is entered on the stack master, it will display the information for all the stack members. A stack member heading will be displayed to distinguish the different information for every stack member.
Page 151: Show System Pluggable
GBICs, that are currently installed in your device. For a stacked configuration, if this command is entered on the stack master, it will display the information for all the stack members. A stack member heading will be displayed to distinguish the different information for every stack member.
Page 152: Show Tech-Support
The show tech-support command generates system and debugging information for the switch and saves it to a file. You can optionally limit it to display only information for a given protocol. The command generates a large amount of output and the output is saved into a file. The output file name can be specified by outfile option.
Page 153 System Configuration and Monitoring Commands To display the system technical support information, use the command: awplus(config)#show tech-support system ## Start "show tech-support system" : Tue Jan 8 10:20:09 2008 +0000 ## N10-06#show clock UTC Time: Tue, 8 Jan 2008 10:20:09 +0000...
Page 154: System Territory
System Configuration and Monitoring Commands system territory This command sets the territory of the system. Use the no parameter to return the territory to its default setting of japan. system territory {australia|nz|europe|japan|usa|china|korea} Syntax no system territory Parameter Description system System properties...
Page 155: Terminal Monitor
Examples awplus# terminal monitor All debug commands Related Commands undebug nsm This command specifies a set of debug options for use by Allied Telesis authorized service personnel only. Syntax undebug nsm [all|events] undebug nsm packet [recv|send][detail] Privileged Exec mode Mode...
Page 156 System Configuration and Monitoring Commands ©2008 Allied Telesis Inc. All rights reserved. 8.34 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 157 Introduction................................9.2 Debugging ..................................9.2 Logging to terminal............................9.2 Turning off debugging ..........................9.2 Logging ..................................9.3 Log Outputs ..............................9.3 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 158: Debugging And Logging
On using a debug command, the protocol continues to generate output until the no parameter is used with the command. Use the log commands in the configure mode to specify where the debugging output is sent. You can set the logging levels by using parameters with these commands.
Page 159: Logging
(“Debugging” on page 9.2). Messages can be filtered based on: the program that generated the message, the severity level of the message, the type of facility that generated the message, substrings within the message text. The severity levels in order are: ■...
Page 160: Clear Log
Buffered log The buffered log is a file stored in RAM on the device. Because it is stored in RAM its content does not survive a reboot of the device. A device can only have one instance of the buffered log.
Page 161 A.B.C.D {facility|level|msgtext|program} It is not possible to view the log messages sent to this type of output as they are not retained on the device. They must be viewed on the remote device. The other host log commands are:...
Page 162 Debugging and Logging Note: An email server and “from” address must be configured on the device in order for email logs to work. awplus(config)#mail ? from The address to send in the ‘mail from’ command smtpserver SMTP server to send the emails to Email logs are sent in batches of approximately 20 messages and have the subject line “Log...
Page 163 10.33 show log config ..............................10.35 show log permanent ............................10.37 show running-config log ..........................10.38 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 164: Logging Commands
Logging Commands clear exception log Resets the contents of the exception log. This command does not remove the associated core files. Syntax clear exception log Parameter Description clear Reset functions exception Clear exception information Clear the exception log Privileged Exec Mode...
Page 165: Clear Log Buffered
Remove dynamic information The contents of the logs buffered The RAM buffered log Privileged Exec mode Mode To delete the contents of the buffered log use the command: Examples awplus(config# clear log buffered show log Validation Commands clear log...
Page 166: Default Log Buffered
Logging Commands default log buffered Restores the default settings for the buffered log stored in RAM. By default the size of the buffered log is 50kb and it accepts messages with the severity level of "warnings" and above. The buffered log is enabled by default.
Page 167: Default Log Console
(filter) default log email Restores the default settings for log messages sent to an email address. By default no filters are defined for email addresses. Filters must be defined before messages will be sent. Also restores the remote syslog server time offset value to local (no offset).
Page 168: Default Log Host
Logging Commands default log host Restores the default settings for log sent to a remote syslog server. By default no filters are defined for remote syslog servers. Filters must be defined before messages will be sent. Also restores the remote syslog server time offset value to local (no offset).
Page 169: Default Log Monitor
Restores the default settings for the permanent log stored in NVS. By default, the size of the permanent log is 50 kB and it accepts messages with the severity level of warnings and above.
Page 170: Exception Coredump Size
Logging Commands exception coredump size Core files are generated when a process crashes. The size of a core file can vary, its upper limit is controlled by this command. Files larger than this limit will be truncated by reducing the amount of stack and variable information stored.
Page 171: Log Buffered
Configures the device to store log messages in RAM. Messages stored in RAM are not retained on the device over a restart. Once the buffered log reaches its configured maximum allowable size old messages will be deleted to make way for new ones. The buffered log is configured by default.
Page 172: Log Buffered (Filter)
Logging Commands log buffered (filter) Use this command to create a filter to select messages to be sent to the buffered log. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 173 Filter messages to the buffered log by program. Include messages from a specified program in the buffered log. <program-name> The name of a program to log messages from, either one of the following predefined program names (not case-sensitive), or another program name (case -sensitive) that you find in the log output.
Page 174: Log Buffered Size
Logging Commands To add a filter to send all messages generated by BGP that have a severity of "notices" or higher Examples to the buffered log use the command: awplus(config)# log buffered level notices program bgp To add a filter to send all messages containing the text "Bridging initialization", to the buffered...
Page 175: Log Console
Configures the device to send log messages to consoles. The console log is configured by default to send messages to the devices main console port. Use the no version of this command to configure the device not to send log messages to consoles.
Page 176: Log Console (Filter)
Logging Commands log console (filter) Creates a filter to select messages to be sent to all consoles when the log console command is given. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 177 Configure Mode Mode To create a filter to send all messages generated by MSTP that have a severity of "info" or Example higher to console instances where the log console command has been given, remove the default filter that includes everything use the command:...
Page 178: Log Email
"Bridging initialization" To remove a filter that sends all messages generated by BGP that have a severity of "notices" or higher to consoles use the command:...
Page 179: Log Email (Filter)
Logging Commands log email (filter) Creates a filter to select messages to be sent to an email address. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 180 A text string to match. This is case sensitive, and must be the last text on the command line. Configure mode Mode To create a filter to send all messages generated by BGP that have a severity of "notices" or Examples higher to the email address admin@homebase.com use the command: awplus(config)# log email TO admin@homebase.com level...
Page 181 To remove a filter that sends all messages generated by BGP that have a severity of "notices" or higher to the email address admin@homebase.com use the command: awplus(config)# no log email TO admin@homebase.com level notices program bgp To remove a filter that sends messages with a severity level of "informational"...
Page 182: Log Email Time
Configures the time used in messages sent to an email address. Use local if the email recipient is in the same time zone as this device. Messages will display the time as on the local device when the message was generated. Use offset if the email recipient is in a different time zone to this device.
Page 183: Log Host
Logging Commands log host Configures the device to send log messages to a remote syslog server via UDP port 514. The IP address of the remote server must be specified. By default no filters are defined for remote syslog servers. Filters must be defined before messages will be sent.
Page 184: Log Host (Filter)
Logging Commands log host (filter) Creates a filter to select messages to be sent to a remote syslog server. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a substring within the message or a combination of some or all of these.
Page 185 Configure mode Mode To create a filter to send all messages generated by BGP that have a severity of "notices" or Examples higher to a remote syslog server with IP address 10.32.16.21 use the command: awplus(config)#log host 10.32.16.21 level notices program bgp ©2008 Allied Telesis Inc.
Page 186 IP address 10.32.16.21 use the command: awplus(config)# log host 10.32.16.21 level informational To remove a filter that sends all messages generated by BGP that have a severity of "notices" or higher to a remote syslog server with IP address 10.32.16.21 use the command: awplus(config)# no log host 10.32.16.21 level notices...
Page 187: Log Host Time
Configures the time used in messages sent to a remote syslog server. Use local if the syslog server is in the same time zone as this device. Messages will display the time as on the local device when the message was generated. Use offset if the syslog server is in a different time zone to this device.
Page 188: Log Monitor (Filter)
Logging Commands log monitor (filter) Creates a filter to select messages to be sent to the terminal when the terminal monitor command is given. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combinationof some or allof these.By default there is a filter to select all messages.
Page 189 Configure Mode Mode To create a filter to send all messages generated by MSTP that have a severity of "info" or Examples higher to terminal instances where the terminal monitor command has been given use the command:...
Page 190: Log Permanent
Logging Commands To remove a filter that sends all messages generated by BGP that have a severity of "notices" or higher to the terminal use the command: awplus(config)# no log monitor level notices program bgp To remove a default .lter that include everything sending to the terminal use the command:...
Page 191: Log Permanent (Filter)
By default the buffered log has a filter to select messages whose severity level is "notices (5)" or higher. This filter may be removed using the no form of this command.
Page 192 A text string to match. This is case sensitive, and must be the last text on the command line. Configure mode Mode To create a filter to send all messages generated by BGP that have a severity of "notices" or Examples higher to the permanent log use the command: awplus(config)# log permanent level notices program bgp ©2008 Allied Telesis Inc.
Page 193 Logging Commands To create a filter to send all messages containing the text "Bridging initialization", to the permanent log use the command: awplus(config)# log permanent msgtext Bridging initialization show log config Validation Commands default log permanent Related Commands log permanent...
Page 194: Log Permanent Size
Logging Commands log permanent size Configures the amount of memory that the permanent log is permitted to use. Once this memory allocation has been filled old messages will be deleted to make room for new messages. Syntax log permanent size <50-250>...
Page 195: Show Log
Logging Commands show log Displays the contents of the buffered log. By default the entire contents of the buffered log is displayed. If the optional "tail" parameter is specified only the latest 10 messages in the buffered log are displayed. A numerical value can be specified after the "tail" parameter to select how many of the latest messages should be displayed.
Page 196 Logging Commands 2006 Nov 10 13:49:32 syslog.notice syslog-ng[67]: SIGHUP received, reloading configuration; 2006 Nov 10 13:50:01 cron.notice crond[116]: USER manager pid 482 cmd nbqueue --wipe 2006 Nov 10 13:55:01 cron.notice crond[116]: USER manager pid 483 cmd nbqueue --wipe show log config...
Page 197: Show Log Config
Logging Commands show log config Displays information about the logging system. This includes the configuration of the various log destinations, buffered, permanent, syslog servers (hosts) and email addresses. It also displays the latest status information for each of these destinations.
Page 198 Logging Commands In the above example the ’’ next to filter 1 in the buffered log configuration indicates that this is the default filter. The permanent log has had its default filter removed, so none of the filters are marked with ’’.
Page 199: Show Log Permanent
Logging Commands show log permanent Displays the contents of the permanent log. If the optional "tail" parameter is specified only the latest 10 messages in the permanent log are displayed. A numerical value can be specified after the "tail" parameter to select how many of the latest messages should be displayed.
Page 200: Show Running-Config Log
Show running-config information running-config Current operating configuration Logging utility Privileged Exec mode. Mode To display the current configuration of the log utility, use the command: Examples awplus# show running-config log show log Related Commands show log config ©2008 Allied Telesis Inc. All rights reserved.
Page 201: 11 Scripting Commands
11 Scripting Commands activate ..................................11.2 echo....................................11.2 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 11.1...
Page 202 Privileged Exec mode. Mode In a stacked environment you can use the CLI on a stack master to access file systems that are Usage located on a slave device. In this case the command specifies a file on the slave device. The slave’s file system will be denoted by: <hostname>-<member-id>...
Page 203 ....................................12.4 show interface...............................12.5 show interface brief ............................12.6 shutdown.................................12.7 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 12.1...
Page 204: Interface Commands
Description Text describing the specific interface. <description> Interface mode Mode The following example uses this command to describe the device that a switch port is Examples connected to. awplus(config)#interface port1.0.2 awplus(config-if)#description Boardroom PC ©2008 Allied Telesis Inc. All rights reserved.
Page 205: Interface
Do not mix interface types in a list. The specified interfaces must exist. The local loopback interface. Configure mode Mode The following example shows how to enter Interface mode to configure vlan1. Note how the Examples prompt changes. awplus#configure terminal awplus(config)#interface vlan1 awplus(config-if)# ©2008 Allied Telesis Inc.
Page 206: Mtu
Interface Commands Use this command to set the Maximum Transmission Unit (MTU) size for a VLAN interface. Use the no command to remove a previously specified Maximum Transmission Unit (MTU) size for a VLAN interface. Syntax mtu <mtu_size> no mtu...
Page 207: Show Interface
<interface-list> The interfaces or switch ports to display information about. An interface- list can be: an interface, a switch port, or a channel group (e.g., vlan2, port1.1.12, ■ sa3, or po4) a continuous range of interfaces, switch ports, or channel groups ■...
Page 208: Show Interface Brief
Interface Commands show interface brief Use this command to display brief interface configuration and status. Syntax show interface brief Parameter Description brief Brief summary of interface status and configuration. Exec mode and Privileged Exec mode Mode Figure 12-2: Example output from the...
Page 209: Shutdown
This command shuts down the selected interface. This administratively disables the link and takes the link down at the physical (electrical) layer. Use the no form of this command to disable this function and therefore to bring the link back up again.
Page 211 13 Interface Testing Commands Introduction................................13.2 clear test interface ..............................13.2 service test ................................13.3 test interface ................................13.4 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 13.1...
Page 212: Interface Testing Commands
To clear the counters for all interfaces use the command: awplus# clear test interface all To clear the counters for ports 1 to 12 on XEM 1 (port1.1.1 through port1.1.12) apply: awplus# clear test interface port1.1.1-port1.1.12 test interface Related Commands ©2008 Allied Telesis Inc.
Page 213: Service Test
Interface Configuration mode for the desired interfaces and enter the command test interface command on page 13.4. Do not test interfaces on a device that is part of a live network—disconnect the device first. Use the no parameter to stop the test service. Syntax service test...
Page 214: Test Interface
Interface Testing Commands test interface This command starts a test on an interface or all interfaces or a selected range or list of interfaces. Use the no form of this command to disable this function. The test duration can be configured by specifying the time in minutes after specifying an interface or interfaces to test.
Page 215 1 To start the test on ports 1 to 12 for XEM 1 (port1.1.1 through port1.1.12) use the command: awplus# test interface port1.1.1-port1.1.12 To stop testing ports 1 to 12 for XEM 1 (port1.1.1 through port1.1.12) use the command: awplus# no test interface port1.1.1-port1.1.12...
Page 217: Vlan Commands
■ ■ Chapter 15, Switching Commands ■ Chapter 16, VLAN Commands ■ Chapter 17, GVRP Commands Chapter 18, Spanning Tree Introduction: STP, RSTP, MSTP ■ Chapter 19, Spanning Tree Commands ■ ■ Chapter 20, Link Aggregation Configuration ■ Chapter 21, Link Aggregation Commands...
Page 219: 14 Switching Introduction
Virtual Local Area Networks (VLANs)....................14.15 Overview..............................14.15 Configuring VLANs ..........................14.16 Generic VLAN Registration Protocol (GVRP)................14.17 VLAN Double Tagging (VLAN Stacking) ..................14.18 Quality of Service............................. 14.21 IGMP Snooping ..............................14.22 ©2008 Allied Telesis Inc. All rights reserved.
Page 220: Introduction
LAN. Stations connected to different LANs can be configured to communicate with one another as if they were on the same LAN. They can also divide one physical LAN into multiple Virtual LANs (VLANs). Stations connected to each other on the...
Page 221: Physical Layer Information
Switch Ports A unique port number identifies each switch port. The software supports a number of features at the physical level that allow it to be connected in a variety of physical networks. This physical layer (layer 1) versatility includes: ■...
Page 222: Activating And Deactivating Switch Ports
Duplex mode Ports can operate in full duplex or half duplex mode depending on the type of port it is. When in full duplex mode, a port transmits and receives data simultaneously. When in half duplex mode, the port transmits or receives but not both at the same time.
Page 223: Configuring The Port Speed
In particular, avoid having one end autonegotiate duplex mode while the other end is fixed. For example, if you set one end of a link to autonegotiate and fix the other end at full duplex, the autonegotiating end cannot determine that the fixed end is full duplex capable.
Page 224 Set the polarity for port 1.0.1 to mdi. Note that if you override a port’s autonegotiation by setting it to a fixed speed and duplex mode, automatic MDI/MDI-X detection is also overridden. Ports have the MDI-X polarity by default.
Page 225: The Layer 2 Switching Process
VLAN. Each received frame is mapped to exactly one VLAN. If an incoming frame is tagged with a valid VLAN identifier (VID) then that VID is used. If an incoming frame is untagged or is priority tagged (a tagged frame with a VID of all zeros), then the switch uses internal VLAN association rules to determine the VLAN it belongs too.
Page 226: Introduction
MAC Address table) maintained by the switch. When the frame’s source address is not in the forwarding database for the VLAN, the address is added and an ageing timer for that entry is started. When the frame’s source address is already in the forwarding database, the ageing timer for that entry is restarted.
Page 227: The Egress Rules
VLAN-tagged with its numerical VLAN identifier (VID). A port must belong to a VLAN at all times unless the port has been set as the mirror port for the switch.
Page 228: Layer 2 Filtering
VLAN that are in the forwarding or disabled state, except the port on which the frame was received. This process is referred to as flooding. If an entry is found in the forwarding database but the entry is not marked forwarding or the entry points to the same port the frame was received on, the frame is discarded.
Page 229: Static Channel Groups
Switching Introduction Static Channel Groups A static channel group (also known as a static aggregator) enables a number of ports to be manually configured to form a single logical connection of higher bandwidth. By using static channel groups you increase channel reliability by distributing the data path over more than one physical link.
Page 230 Configuring an LACP channel group The following example creates LACP channel group 2 and enables link aggregation on switch ports 1. 0. 1 and 1. 0. 2 within this channel group. Note that all aggregated ports must belong to the same VLAN.
Page 231: Storm Control
9710 bytes for ports that work at speeds of either 10 Mbps or 100 Mbs ■ 10240 bytes for ports that work at speeds of 1000 Mbps Jumbo frame support is enabled or disabled on the entire switch, not on a per port basis. To enable them, use the platform jumboframe command on page 15.13;...
Page 232: Port Mirroring
The mirror port is the only switch port that does not belong to a VLAN, and therefore does not participate in any other switching. Before the mirror port can be set, it must be removed from all trunk groups and all VLANs except the default VLAN.
Page 233: Virtual Local Area Networks (Vlans)
When the switch is first powered up (and therefore unconfigured), it creates a default VLAN with a VID of 1 and an interface name of vlan1. In this initial condition, the switch attaches all its ports to this default VLAN. The default VLAN cannot be deleted, and ports can only be removed from it if they also belong to at least one other VLAN.
Page 234: Configuring Vlans
(switchport trunk native vlan). Mirror ports A mirror port cannot be associated with a VLAN. If a switch port is configured to be a mirror port (mirror interface command on page 15.9), it is automatically removed from any VLAN it was associated with.
Page 235: Generic Vlan Registration Protocol (Gvrp)
Generic VLAN Registration Protocol (GVRP) The GARP application GVRP enables switches in a network to dynamically share VLAN membership information in order to reduce the need for statically configuring all VLAN membership changes on all switches in a network. For more information about commands...
Page 236: Vlan Double Tagging (Vlan Stacking)
VLAN double tagging, also known as VLAN Stacking, Nested VLANs, or Q-in-Q VLANs, are used to operate a number of private Layer 2 networks within a single public Layer 2 network. This feature provides simple access infrastructure for network service providers to operate Metropolitan Area Networks (MANs) as commercial value added networks.
Page 237 VLANs Turn on Jumbo frame support Adding the S-Tag can result in frame sizes that exceed the maximum of 1522 bytes. In order to cope with these larger than normal frames, you should turn on Jumbo packet support on all devices running within the service provider network.
Page 238 Set the Tag Protocol Identifier (TPID). If you need to change the Tag Protocol Identifier (TPID) from its default (for VLAN stacking) of 0x8100 (specified as hex notation), use the following command. This example changes the TPID to 0x9100:...
Page 239: Quality Of Service
Quality of Service (QoS) enables you to both prioritize traffic and limit its available bandwidth. The concept of QoS is a departure from the original networking protocols, in which all traffic on the Internet or within a LAN had the same available bandwidth. Without QoS, all traffic types are equally likely to be dropped if a link becomes oversubscribed.
Page 240: Igmp Snooping
If at least one port in the VLAN is a member of a multicast group, by default multicast packets will be flooded onto all ports in the VLAN.
Page 241 ..........................15.26 switchport port-security..........................15.26 switchport port-security aging ........................15.27 switchport port-security maximum ....................... 15.28 switchport port-security violation......................15.29 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 242: Switching Commands
This example shows how to clear multicast filtering database entries for a given VLAN. awplus# clear mac address-table multicast vlan 2 This example shows how to clear static filtering database entries for a given mac address. awplus# clear mac address-table static address 0202.0202.0202 ©2008 Allied Telesis Inc.
Page 243: Clear Port Counter
Switching Commands This example shows how to clear all filtering database entries learned through switch operation for a given MAC address. awplus# clear mac address-table dynamic address 0202.0202.0202 clear port counter Clears the packet counters of the port. Syntax clear port counter [<port>]...
Page 244: Debug Platform Packet
This command enables platform to CPU level packet debug. This command can be used to trace packets sent and received by the CPU. If a timeout is not specified, then a default 5 minute timeout will be applied. If a timeout of 0 is specified, packet debug will be generated until the no debug platform packet command is used or another timeout value is specified.
Page 245: Duplex
Usage be in full duplex mode. Once switch ports have been aggregated into a channel group, you can set the duplex mode of all the switch ports in the channel group by applying this command to the channel group. To specify full duplex, enter the command:...
Page 246: Flowcontrol
If one port experiences congestion, and cannot receive any more traffic, it notifies the other port to stop sending until the condition clears. When the local device detects congestion at its end, it notifies the remote device by sending a pause frame.
Page 247: Mac Address-Table Acquire
Switching Commands mac address-table acquire Use this command to enable or disable MAC address learning on the device. To disable learning, use the no parameter with this command. Syntax mac address-table acquire no mac address-table acquire Configure mode Mode Learning is enabled by default for all instances.
Page 248: Mac Address-Table Static
(e.g., sa3), or an LACP channel group (e.g., po4). <vid> the VLAN ID. If you do not specify a VLAN, it defaults to vlan 1. Configure mode Mode The mac address-table static command is only applicable to layer 2 switched traffic within a Usage single VLAN.
Page 249: Mirror Interface
“Port Mirroring” on page 14.14. A mirror port cannot be associated with a VLAN. If a switch port is configured to be a mirror port, it is automatically removed from any VLAN it was associated with. This command can only be applied to a single mirror (destination) port, not to a range of ports nor to a static or dynamic channel group.
Page 250: Platform Control-Plane-Prioritization Rate
CLI console lock up or control packet loss following a broadcast storm. The default rate limiting value is set to transmit the packets to the CPU at 60 Mbps. The CPU port uses the WRR (Weighted Round Robin) scheduler with appropriate weights assigned.
Page 251 Switching Commands To set the maximum traffic rate on the CPU port to 10 Mbps issue the following command: Examples awplus(config)#platform control-plane-prioritization 10 Confirm the maximum traffic rate has been configured using the following show command: awplus#show platform Load Balancing...
Page 252: Platform Enhancedmode
To increase the size of the nexthop table, use the command: awplus(config)#platform enhancedmode nexthop To restore the silicon memory so that the nexthop table returns to its original size, use the command: awplus(config)#no platform enhancedmode show platform...
Page 253: Platform Jumboframe
■ 10240 bytes for ports that work at speeds of 1000Mbps is 10240 bytes. You must restart the device after entering this command for it to take effect. You can use the reboot command on page 65.4 to restart the device.
Page 254: Platform Vlan-Stacking-Tpid
Switching Commands platform vlan-stacking-tpid This command specifies the Tag Protocol Identifier (TPID) value that applies to all frames that are carrying double tagged VLANs. All nested VLANs must use the same TPID value. (This feature is sometimes referred to as VLAN stacking or VLAN double-tagging.)
Page 255: Show Flowcontrol Interface
----- ------- -------- ------- -------- ------- ------- port1.1.5 on To display the flow control for the port1.1.5, use the command: Example awplus# show flowcontrol interface port1.1.5 ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E 15.15...
Page 256: Show Interface Switchport
Exec and Privileged Exec mode Mode Example awplus# show interface switchport The following is an output of this command displaying the characteristics of this switch ports. awplus#show interface switchport Interface name : port1.1.1 Switchport mode : access...
Page 257: Show Mac Address-Table
0000.cd00.0000 forward static Note the new mac addresses learnt for port 1.0.9 and port 1.0.11 added as dynamic entries. Note the first column of the output below shows VLAN IDs if multiple VLANs are configured: awplus#show mac address-table VLAN port...
Page 258: Show Mirror
Switching Commands Also note manually configured static mac-addresses are shown to the right of the type column: awplus(config)#mac address-table static 0000.1111.2222 for int port1.0.11 vlan 2 awplus(config)#end awplus# awplus#show mac address-table VLAN port type unknown 0000.cd28.0752 forward static port1.0.9 0030.846e.bac7...
Page 259: Show Mirror Interface
Switching Commands show mirror interface Use this command to display port mirroring configuration for a mirrored (monitored) switch port. Syntax show mirror interface <port> Parameter Description <port> The monitored switch port to display information about. Interface, Privileged Exec and Exec mode...
Page 260: Show Platform
“None” indicates that it is in its default state. Vlan-stacking TPID The value of the TPID set in the Ethernet type field when a a frame has a double VLAN tag. To check whether the device accepts jumbo frames, use the command:...
Page 261: Show Platform Table Port
9 0F00 10 4000 11 0000 12 0000 13 0000 14 0000 15 3000 16 0078 17 8100 18 0000 19 0040 20 0CEA 21 0000 22 0000 23 0000 24 4101 25 0FEB 26 400C 27 848B 28 0000 29 0000 30 0000 31 0000...
Page 262: Show Port-Security Interface
Port Security interface Interface <port> The port to display information about. The port may be a switch port (e.g., port1.1.4), a static channel group (e.g., sa3), or an LACP channel group (e.g., po4). Exec and Privileged Exec Mode Mode To see the port-security status on port1.0.1, use command:...
Page 263: Show Port-Security Intrusion
Switching Commands show port-security intrusion Shows the intrusion list. If the port is not give, entire intrusion table is shown. show port-security intrusion [interface Syntax <port> Parameter Description show Show running system information port-security Port Security intrusion Display intrusion list...
Page 264: Speed
Usage be in full duplex mode. Once switch ports have been aggregated into a channel group, you can set the speed of all the switch ports in the channel group by applying this command to the channel group. To set the speed of a tri-speed port to 100 Mbps, enter the command:...
Page 265: Storm-Control Level
Applies the storm control to destination lookup failure traffic. By default, storm control is disabled. Default Interface mode Mode To limit broadcast traffic on port 1.0.2 to 30% of the maximum port speed, use the command: Example awplus# configure terminal awplus(config)# interface port1.0.2...
Page 266: Switchport Enable Vlan
Default Interface mode Mode This command can be used where a VLAN disabled by certain actions, such as QoS Storm Usage Protection (QSP) or EPSR. If VID is not given, all the disabled VLANs will be re-enabled. To re-enable the port1.1.1 in vlan 2:...
Page 267: Switchport Port-Security Aging
Switching Commands switchport port-security aging Sets the port-security MAC to time out. Use the no switchport port-security aging command to set the port-security to not time out. Syntax switchport port-security aging no switchport port-security aging Parameter Description Negate a command or set its defaults...
Page 268: Switchport Port-Security Maximum
Sets the maximum MAC address that each port can learn. Use the no switchport port-security maximum command to unset the maximum number of MAC addresses that each port can learn. This is same as setting the maximum number to 0. This command also resets the intrusion list table.
Page 269: Switchport Port-Security Violation
Sets the violation action for the switch port. The port action can be shutdown, restrict and protect. If shutdown is set, the physical link will be disabled and "shutdown" will be shown in the config. If restrict is set, the packet from the un-authorized MAC will be discarded and SNMP TRAP will be generated to alert management.
Page 271 ............................16.17 vlan classifier rule ipv4........................... 16.18 vlan classifier rule proto..........................16.19 vlan database ..............................16.20 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 272: Vlan Commands
VLAN Commands VLAN Commands private-vlan Use this command to create community, isolated or primary vlan. Use the no form of this command to remove the specified private vlan. Syntax private-vlan <vlan-id> {community|isolated|primary} no private-vlan <vlan-id> {community|isolated|primary} Parameter Description VLAN ID of the vlan which is to be made a private vlan.
Page 273: Private-Vlan Association
Use this command to associate a secondary vlan to a primary vlan. Only one isolated vlan can be associated to a primary vlan. Multiple community vlans can be associated to a primary vlan. Use the no form of this command to remove association of all the secondary vlans to a primary vlan.
Page 274: Show Vlan
VLAN classifier group identifier <1-16> Exec and Privileged Exec mode Mode If a group ID is not specified, all configured VLAN classifier groups are shown. If a group ID is Usage specified, a specific configured VLAN classifier group is shown. Example...
Page 275: Show Vlan Classifier Interface Group
Description VLAN classifier rule identifier <1-256> Exec mode Mode If a rule ID is not specified, all configured VLAN classifier rules are shown. If a rule ID is Usage specified, a specific configured VLAN classifier rule is shown. Example awplus# show vlan classifier rule 1 ©2008 Allied Telesis Inc.
Page 276: Show Vlan Private-Vlan
Use this command to change the port-based VLAN of the current port. Use the no parameter to change the port-based VLAN of this port to the default VLAN, vlan1. Syntax switchport access vlan <vlan-id> no switchport access vlan...
Page 277: Switchport Enable Vlan
VLAN Commands switchport enable vlan Enables the VLAN on the port manually once disabled by certain actions, such as QSP/EPSR. If the VID is not given, all the disabled VLAN will be re-enabled. Syntax switchport enable vlan [<1-4094>] Parameter Description...
Page 278: Switchport Mode Access
VLAN Commands switchport mode access Use this command to set the switching characteristics of the port to access mode. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria. Syntax switchport mode access [ingress-filter {enable|disable}]...
Page 279: Switchport Mode Private-Vlan
VLAN Commands switchport mode private-vlan Use this command to make a layer2 port as a host port or promiscuous port. Use the no form of this command to remove the configuration. Syntax switchport mode private-vlan {host|promiscuous} no switchport mode private-vlan {host|promiscuous}...
Page 280: Switchport Mode Trunk
Interface mode Mode A port in trunk mode can be a tagged member of multiple VLANs, and an untagged member Usage of one native VLAN. To configure which VLANs this port will trunk for, use the switchport trunk allowed vlan command.
Page 281: Switchport Private-Vlan Host-Association
VLAN Commands switchport private-vlan host-association Use this command to associate a primary vlan and a secondary vlan to a host port. Only one primary and secondary vlan can be associated to a host port. Use the no form of this command to remove the association.
Page 282: Switchport Private-Vlan Mapping
VLANs, or a comma-separated list of VLANs and ranges. Interface mode Mode This command can be applied to a switch port or a static channel group, but not a dynamic Usage (LACP) channel group. LACP channel groups (dynamic/LACP aggregators) cannot be promiscuous ports in private VLANs.
Page 283: Switchport Trunk Allowed Vlan
The all parameter sets the port to be a tagged member of all the VLANs configured on the device. The none parameter removes all VLANs from the port’s tagged member set. The add and remove parameters will add and remove VLANs to and from the port’s member set.
Page 284: Switchport Trunk Native Vlan
2,3,4 switchport trunk native vlan Use this command to configure the native VLAN for this port. The native VLAN is used for classifying the incoming untagged packets. Use the no parameter to revert the native VLAN to the default VLAN ID 1.
Page 285: Switchport Vlan-Stacking (Double Tagging)
VLAN Commands switchport vlan-stacking (double tagging) Use this command to enable VLAN stacking on a port and set it to be a customer-edge-port or provider-port. This is sometimes referred to as VLAN double-tagging, nested VLANs, or QinQ. Use no parameter with this command to disable VLAN stacking on an interface.
Page 286: Vlan
This command creates VLANs, assigns names to them, and enables or disables them. Specifying the disable state causes all forwarding over the specified VLAN ID to cease. Specifying the enable state allows forwarding of frames on the specified VLAN.
Page 287: Vlan Classifier Activate
Use this command to create a group of VLAN classifier rules. The rules must already have been created. Use the no version to delete the group. Syntax vlan classifier group <1-16> {add|delete} rule <vlan-class-rule-id>...
Page 288: Vlan Classifier Rule Ipv4
VLAN Commands vlan classifier rule ipv4 Use this command to create an IPv4 subnet-based VLAN classifier rule and map it to a specific VLAN. Use the no version to delete the rule. Syntax vlan classifier rule <1-256> ipv4 A.B.C.D/P vlan <1-4094>...
Page 289: Vlan Classifier Rule Proto
VLAN Commands vlan classifier rule proto Use this command to create a protocol type-based VLAN classifier rule, and map it to a specific VLAN. The no version destroys the rule. Syntax vlan classifier rule <1-256> proto <protocol> encap {ethv2|nosnapllc|snapllc} vlan <vid>...
Page 290: Vlan Database
Configure mode Mode Use this command to enter the VLAN configuration mode. You can then add or delete a Usage VLAN, or modify its values. In the following example, note the change to VLAN configuration mode from Configure mode:...
Page 291 ..............................17.4 gvrp timer................................17.4 show gvrp configuration..........................17.5 show gvrp machine............................17.5 show gvrp statistics ............................17.6 show gvrp timer..............................17.6 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 292: Gvrp Commands
GVRP Commands GVRP Commands clear gvrp statistics Use this command to clear GVRP statistics for all VLANs or a specific VLAN. Syntax clear gvrp statistics all clear gvrp statistics vid <vlan-id> Parameter Description <1-4094> Specify VLAN ID value. <vlan-id> Privileged Exec mode...
Page 293: Gvrp
GVRP Commands gvrp Use this command to enable (set) and disable (reset) GVRP globally for the device. Syntax gvrp enable no gvrp Configure and Interface mode Mode Examples awplus# configure terminal awplus(config)# gvrp enable gvrp applicant state Use this command to set the GVRP applicant state to normal or active.
Page 294: Gvrp Registration
GVRP Commands gvrp registration Use this command to set GVRP Registration to normal, fixed, and forbidden Registration mode. Syntax gvrp registration normal gvrp registration fixed gvrp registration forbidden Parameter Description normal Specify dynamic GVRP multicast registration and deregistration. fixed Specify the multicast groups currently registered on the switch to apply, but subsequent registrations or deregistrations are not applied.
Page 295: Show Gvrp Configuration
Use this command to display the state machine for GVRP. Syntax show gvrp machine Exec, Privileged Exec and Configure modes Mode The following is an output of this command displaying the GVRP state machine. Usage awplus show gvrp machine port = 1.0.1 applicant state = QA registrar state = INN port = 1.0.2...
Page 296: Show Gvrp Statistics
Use this command to display a statistical summary for a switch. Syntax show gvrp statistics Exec and Privileged Exec mode Mode The following is an output of this command displaying a statistical summary. Usage awplus# show gvrp statistics Port JoinEmpty...
Page 297 Multiple Spanning Tree Instances (MSTI) .................. 18.11 MSTP Regions ............................18.12 Common and Internal Spanning Tree (CIST)................. 18.14 MSTP Bridge Protocol Data Units (BPDUs) ................18.16 Configuring MSTP............................18.18 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved.
Page 298: Spanning Tree Introduction: Stp, Rstp, Mstp
If the bridge does not recognize the destination address, it forwards the frame out from all its ports except for the one on which the frame was received, and then waits for a reply. This process is known as “flooding. ”...
Page 299 (1 for a non stacked device), M is the module number (XEM number) within the device - note that 0 is used for all base-board connected ports, and P is the number of the port within the XEM or base-board.
Page 300: Spanning Tree Modes
Spanning Tree Protocol. Spanning tree modes STP can run in one of three modes: STP, RSTP or MSTP. A device running RSTP is compatible with other devices running STP; a device running MSTP is compatible with other devices running RSTP or STP.
Page 301: Spanning Tree Protocol (Stp)
STP port states In STP mode, each switch port can be in one of five spanning tree states, and one of two switch states. The state of a switch port is taken into account by STP. The STP port states...
Page 302: Configuring Stp
Configure Root Guard The Root Guard feature makes sure that the port on which it is enabled is a designated port. If the Root Guard enabled port receives a superior BPDU, it goes to a Listening state (for STP) or discarding state (for RSTP and MSTP).
Page 303: Rapid Spanning Tree Protocol (Rstp)
Table 18-1 to avoid loops. A spanning tree running in STP mode can take up to one minute to rebuild after a topology or configuration change. The RSTP algorithm provides for a faster recovery of connectivity following the failure of a bridge, bridge port, or a LAN. RSTP provides rapid recovery by...
Page 304: Configuring Rstp
Description RSTP is enabled by default with default settings on all switch ports to prevent layer 2 loops in your network. No further configuration is required if you want to use RSTP with these default settings. If you need to restore the device to RSTP after it has been set to another mode, or modify the default RSTP settings, follow the procedure below.
Page 305 8000—the devices’ root bridge priority in ■ hexadecimal 0000cd240331—the devices’ MAC address. ■ Advanced For most networks the default settings for path costs will be suitable, however, you can configuration: configure them if required (spanning-tree path-cost). ©2008 Allied Telesis Inc. All rights reserved.
Page 306: Multiple Spanning Tree Protocol (Mstp)
MST instances. This enables load balancing of network traffic across redundant links, so that all the links in a network can be used by at least one MSTI, and no link is left completely idle.
Page 307: Multiple Spanning Tree Instances (Msti)
MSTP enables the grouping and mapping of VLANs to different spanning tree instances. So, an MST Instance (MSTI) is a particular set of VLANs that are all using the same spanning tree. In a network where all VLANs span all links of the network, judicious choice of bridge priorities for different MSTIs can result in different switches becoming root bridges for different MSTIs.
Page 308 Region 2 MSTI2 MSTI4 The MSTI1 in Region 1 is unrelated to the MSTI1 in Region 3. Similarly, the MSTI2 in Region 1 is quite unrelated to the MSTI2 in Region 2. MSTI_numbers ©2008 Allied Telesis Inc. All rights reserved.
Page 309 Spanning Tree Introduction: STP, RSTP, MSTP The task of assigning each bridge to a particular region is achieved by the member bridges each comparing their MST configuration identifiers. More information on configuration identifiers is provided in Table 18-6, but for the moment an MST configuration identifier can simply be thought of as an identifier that represents the mapping of VLANs to MSTIs within each bridge.
Page 310: Mstp Regions
Common and Internal Spanning Tree (CIST) The CIST is the default spanning tree instance of MSTP, i.e. all VLANs that are not members of particular MSTIs are members of the CIST. Also, an individual MST region can be regarded as a single virtual bridge by other MST regions.
Page 311 CIST first allocates root and designated bridges by selecting the bridge with the lowest identifier as the root. MSTP then deals with any loops between the regions in the CST. It does this by considering the CIST “vectors” in the following order:...
Page 312: Mstp Bridge Protocol Data Units (Bpdus)
Spanning Tree Introduction: STP, RSTP, MSTP MSTP Bridge Protocol Data Units (BPDUs) The main function of bridge protocol data units is to enable MSTP to select its root bridges for the CIST (“Common and Internal Spanning Tree (CIST)” on page 18.14) and each MSTI.
Page 313 MSTI Regional Root 2–9 This includes the value of the MSTID for this configuration Identifier message encoded in bits 4 through 1 of octet 1, and bits 8 through 1 of octet 2. MSTI Internal Root 10-13 Internal Root Path Cost.
Page 314: Configuring Mstp
Spanning Tree Introduction: STP, RSTP, MSTP Configuring MSTP By default, RSTP is enabled with default settings on all switch ports. To configure MSTP, see the configuration procedure in Table 18-9. To configure other modes, see “Configuring RSTP” on page 18.8 “Configuring STP”...
Page 315 By default, spanning tree is enabled on all switch ports. If it has been disabled, enable it for MSTP. Configure MSTP region, revision, and instances All MSTP devices in this region of the network must have the same region name, revision number, and VLAN to MSTI mappings. awplus(config)# spanning-tree mst configuration Enter MST Configuration mode.
Page 316 By default, all devices have the same root bridge priority, 32768 (8000 in hexadecimal), so the device with the lowest MAC address becomes the root bridge. If you want the device to be the root bridge for an instance or for the CIST, set the priority to a lower value (a higher priority) than other devices for this instance.
Page 317 Spanning Tree Introduction: STP, RSTP, MSTP Advanced For most networks, the default settings of the following will be suitable. However, you can also configuration: configure: path costs for ports in an MSTI (spanning-tree mst instance path-cost) or for the CIST ■...
Page 318 Spanning Tree Introduction: STP, RSTP, MSTP ©2008 Allied Telesis Inc. All rights reserved. 18.22 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 319: Spanning Tree Commands
19 Spanning Tree Commands Introduction................................19.2 cisco-interoperability (MSTP)........................19.2 clear spanning-tree detected protocols (RSTP and MSTP) ............19.3 debug mstp (RSTP and STP) ........................19.4 instance priority (MSTP) ..........................19.7 instance vlan (MSTP) ............................19.8 region (MSTP) ..............................19.9 revision (MSTP) ..............................19.10 show spanning-tree............................19.11 show spanning-tree mst..........................19.13 show spanning-tree mst config ........................
Page 320: Introduction
Operating System is interoperating with Cisco, the only criteria used to classify a region are the region name and revision level. VLAN to instance mapping is not used to classify regions when interoperating with Cisco. To enable Cisco interoperability on a Layer-2 switch:...
Page 321: Clear Spanning-Tree Detected Protocols (Rstp And Mstp)
Spanning Tree Commands clear spanning-tree detected protocols (RSTP and MSTP) Use this command to clear the detected protocols for a specific port, or all ports. Use this command in RSTP or MSTP mode only. Syntax clear spanning-tree detected protocols [interface <port>]...
Page 322: Debug Mstp (Rstp And Stp)
The default terminal monitor filter will select and display these messages. Alternatively, the messages can be directed to any of the other log outputs by adding a filter for the MSTP application using log buffered: awplus(config)#...
Page 323 The default terminal monitor filter will select and display these messages. Alternatively, the messages can be directed to any of the other log outputs by adding a filter for the MSTP application using log buffered: awplus(config)#...
Page 324 17:30:17 awplus MSTP[1417]: CIST reg root id : 8000:0000cd1000fe 17:30:17 awplus MSTP[1417]: CIST port id : 8001 (128:1) 17:30:17 awplus MSTP[1417]: msg age: 0 max age: 20 hellotime: 2 fwd delay: 15 17:30:17 awplus MSTP[1417]: port1.0.19 xSTP BPDU rx - finish Examples awplus#...
Page 325: Instance Priority (Mstp)
MAC address to be the root bridge. Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priority number, or vice versa. To set the root bridge priority for MSTP instance 2 to be the highest (0), so that it will be the Example...
Page 326: Instance Vlan (Mstp)
This command removes the specified VLANs from the CIST and adds them to the specified MSTI. If you use the no command to remove the VLAN from the MSTI, it returns it to the CIST. To move a VLAN from one MSTI to another, you must first use the no version of this command to return it to the CIST.
Page 327: Region (Mstp)
Use this command to assign a name to the device’s MST Region. MST Instances (MSTI) of a region form different spanning trees for different VLANs. Use this command for MSTP only. Use the no version of the command to remove this region name and reset it to the default. Syntax region <region-name>...
Page 328: Revision (Mstp)
The default value of revision number is 0. Default The region name, the revision number, and the digest of the VLAN to MSTI configuration table Usage must be the same on all devices that are intended to be in the same MST region. Examples awplus# configure terminal...
Page 329: Show Spanning-Tree
Spanning Tree Commands show spanning-tree Use this command to display detailed spanning tree information on the specified port or on all ports. Use this command for RSTP, MSTP or STP. Note that any list of interfaces specified must not span any interfaces that are not installed.
Page 330 Message Age 0 - Max Age 20 port1.0.1: Hello Time 2 - Forward Delay 15 port1.0.1: Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 - topo change timer port1.0.1: forward-transitions 0 port1.0.1: Version Rapid Spanning Tree Protocol - Received None - Send STP port1.0.1: No portfast configured - Current...
Page 331: Show Spanning-Tree Mst
% 1: Bridge up - Spanning Tree Enabled % 1: CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20...
Page 332: Show Spanning-Tree Mst Config
The region name, the revision number, and the digest of the VLAN to MSTI configuration Usage table must be the same on all devices that are intended to be in the same MST region. The following show output displays the MSTP configuration identifier.
Page 333: Show Spanning-Tree Mst Detail
Message Age 0 - Max Age 20 port1.0.1: CIST Hello Time 2 - Forward Delay 15 port1.0.1: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 - topo cha nge timer 0 port1.0.1: forward-transitions 0 port1.0.1: Version Multiple Spanning Tree Protocol - Received None - Send ST...
Page 334 Message Age 0 - Max Age 20 port1.0.3: CIST Hello Time 2 - Forward Delay 15 port1.0.3: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 - topo cha nge timer 0 port1.0.3: forward-transitions 0 port1.0.3: Version Multiple Spanning Tree Protocol - Received None - Send ST...
Page 335: Show Spanning-Tree Mst Detail Interface
Designated Bridge 80000000cd24ff2d port1.0.2: Message Age 0 - Max Age 20 port1.0.2: CIST Hello Time 2 - Forward Delay 15 port1.0.2: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 - topo change timer 0 port1.0.2: forward-transitions 0 port1.0.2: Version Multiple Spanning Tree Protocol - Received None - Send STP...
Page 336: Show Spanning-Tree Mst Instance
The following is an output of this command displaying detailed information for instance 2. Usage awplus#sh spanning-tree mst instance 2 % 1: MSTI Root Path Cost 0 - MSTI Root Port 0 - MSTI Bridge Priority 32768 % 1: MSTI Root Id 80020000cd24ff2d % 1: MSTI Bridge Id 80020000cd24ff2d port1.0.2: Port 5002 - Id 838a - Role Disabled - State Discarding...
Page 337: Show Spanning-Tree Mst Instance Interface
Mode Example awplus#sh spanning-tree mst instance 2 interface port1.0.2 % 1: MSTI Root Path Cost 0 - MSTI Root Port 0 - MSTI Bridge Priority 32768 % 1: MSTI Root Id 80020000cd24ff2d % 1: MSTI Bridge Id 80020000cd24ff2d port1.0.2: Port 5002 - Id 838a - Role Disabled - State Discarding port1.0.2: Designated Internal Path Cost 0...
Page 338: Show Spanning-Tree Mst Interface
% 1: Bridge up - Spanning Tree Enabled % 1: CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20...
Page 339: Spanning-Tree Autoedge (Rstp And Mstp)
Use this command to enable the autoedge feature on the port. The autoedge feature allows the port to automatically detect that it is an edge port. If it does not receive any BPDUs in the first three seconds after linkup, enabling, or entering RSTP or MSTP mode, it sets itself to be an edgeport and enters the forwarding state.
Page 340: Spanning-Tree Edgeport (Rstp And Mstp)
This command has the same effect as the spanning-tree portfast command, but the configuration displays differently in the output of some show commands. Use the no parameter with this command to set a port to its default state (not an edge-port). Syntax spanning-tree edgeport no spanning-tree edgeport Not an edge port.
Page 341: Spanning-Tree Enable
Spanning Tree Commands spanning-tree enable Use this command to enable or disable the spanning tree protocol for the configured spanning tree mode on the device. Use the no parameter to disable the configured spanning tree protocol on the device. Syntax...
Page 342: Spanning-Tree Errdisable-Timeout Enable
Mode By default, the errdisable-timeout is disabled. Default The BPDU guard feature shuts down the port on receiving a BPDU on a BPDU-guard enabled Usage port. This command associates a timer with the feature such that the port is re-enabled without manual intervention after a set interval.
Page 343: Spanning-Tree Errdisable-Timeout Interval
Spanning Tree Commands spanning-tree errdisable-timeout interval Use this command to specify the time interval after which a port is brought back up when it has been disabled by the BPDU guard feature. Use this command for RSTP or MSTP. Syntax spanning-tree errdisable-timeout interval <10-1000000>...
Page 344: Spanning-Tree Force-Version
RSTP or STP mode. Interface mode Mode By default, no version is forced for the port. The port is in the spanning tree mode configured Default for the device, or a lower version if it automatically detects one.
Page 345: Spanning-Tree Forward-Time
This value is used only when the switch is acting as the root bridge. Switches not acting as the Root Bridge use a dynamic value for the forward delay set by the root bridge. The forward delay, maxage, and hello time parameters are interrelated.
Page 346: Spanning-Tree Guard Root
Interface mode Mode The Root Guard feature makes sure that the port on which it is enabled is a designated port. If Usage the Root Guard enabled port receives a superior BPDU, it goes to a Listening state (for STP) or discarding state (for RSTP and MSTP).
Page 347: Spanning-Tree Hello-Time
This sets the time in seconds between the transmission of switch spanning tree configuration information when the switch is the Root Bridge of the spanning tree or is trying to become the Root Bridge. Use this command to set the hello-time.
Page 348: Spanning-Tree Link-Type
Enable rapid transition. The default link type is point-to-point. Default Interface mode Mode You may want to set link type to shared if the port is connected to a hub with multiple Usage switches connected to it. Examples awplus# configure terminal awplus(config)# interface port1.1.3...
Page 349: Spanning-Tree Max-Age
Max-age is the maximum time in seconds for which a message is considered valid. Usage Configure this value sufficiently high, so that a frame generated by the root bridge can be propagated to the leaf nodes without exceeding the max-age.
Page 350: Spanning-Tree Max-Hops (Mstp)
Use this command to specify the maximum allowed hops for a BPDU in an MST region. This parameter is used by all the instances of the MST region. To restore the default value, use the no parameter with this command.
Page 351: Spanning-Tree Mode
The default mode is RSTP. Default With no configuration, the device will have spanning tree enabled, and the spanning tree mode Usage will be set to RSTP. Use this command to change the spanning tree protocol mode on the device. Configure mode Mode...
Page 352: Spanning-Tree Mst Instance
Spanning Tree Commands spanning-tree mst instance Use this command to assign a Multiple Spanning Tree instance to a switch port or channel group. Use the no parameter with this command to remove the instance from this port. Syntax spanning-tree mst instance <instance-id>...
Page 353: Spanning-Tree Mst Instance Path-Cost
Use this command to set the cost of a path associated with a port, for the specified MSTI. This specifies the port’s contribution to the cost of a path to the MSTI regional root via that port.
Page 354: Spanning-Tree Mst Instance Priority
This sets the value of the priority field contained in the port identifier. The MST algorithm uses the port priority when determining the root port for the switch in the MSTI. The port with the lowest value is considered to have the highest priority and will be chosen as root port over a port - equivalent in all other aspects - but with a higher priority value.
Page 355: Spanning-Tree Path-Cost
Spanning Tree Commands spanning-tree path-cost Use this command to set the cost of a path for the specified port. This value then combines with others along the path to the root bridge in order to determine the total cost path value from the particular port, to the root bridge.
Page 356: Spanning-Tree Portfast
This command has the same effect as the spanning-tree edgeport (RSTP and MSTP) command, but the configuration displays differently in the output of some show commands. Use the no parameter with this command to set a port to its default state (not an edge-port). Syntax spanning-tree portfast...
Page 357: Spanning-Tree Portfast Bpdu-Guard
Configure or Interface mode Mode When the BPDU Guard feature is set for a switch, all portfast-enabled ports of the switch that Usage have bpdu-guard set to default shut down the port on receiving a BPDU. In this case, the BPDU is not processed.
Page 358: Spanning-Tree Priority (Bridge Priority)
<0-61440> The bridge priority, which will be rounded to a multiple of <priority> 4096. Configure mode Mode The default priority is 32678. Default To force a particular switch to become the root bridge use a lower value than other switches in Usage the spanning tree. Example awplus# configure terminal awplus(config)#...
Page 359: Spanning-Tree Priority (Port Priority)
The default priority is 128. Default To force a port to be part of the active topology (for instance, become the root port or a Usage designated port) use a lower value than other ports on the device. (This behavior is subject to network topology, and more significant factors, such as bridge ID.)
Page 361: 20 Link Aggregation Configuration
20 Link Aggregation Configuration Introduction................................20.2 Configuring LACP...............................20.2 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 20.1...
Page 362: Configuring Lacp
The aggregated channel is viewed as a single link to each switch. The spanning tree views the channel as one interface and not as multiple interfaces. When there is a failure in one physical port, the other ports stay up and there is no disruption.
Page 363 A lower numerical value has a higher priority. awplus(config)#interface port1.0.1 Enter the Interface mode and configure this interfaces properties. Add this interface to a channel group 1 and enable link awplus(config-if)#channel-group 1 mode active aggregation so that it may be selected for aggregation by the local system.
Page 365 ..............................21.7 show port etherchannel (LACP) .......................21.8 show static-channel-group..........................21.9 static-channel-group ............................21.10 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 366: Link Aggregation Commands
14.10. For an LACP configuration example, see Chapter 20, Link Aggregation Configuration. clear lacp counters Use this command to clear all counters of all present LACP aggregators (channel groups) or a given LACP aggregator. Syntax clear lacp [<1-65535>] counters Parameter Description <1-65535>...
Page 367: Channel-Group Mode (Lacp)
All the switch ports in a channel-group must belong to the same VLANs, have the same tagging Usage status, and can only be operated on as a group. All switch ports within a channel group must have the same port speed and be in full duplex mode.
Page 368: Lacp Port-Priority
34 lacp system-priority Use this command to set the system priority of a local system. This is used in determining the system responsible for resolving conflicts in the choice of aggregation groups. Use the no parameter with this command to reset the system priority of the local system to the default value (32768).
Page 369: Lacp Timeout
Mode The default is long timeout. Default If the LACP_timeout bit (encoded in Actor_State and Partner_State fields) is set to 1, the short Usage timeout takes effect; if set to 0, the long timeout takes effect. The following sets the LACP short timeout on port 1.1.5.
Page 370: Show Etherchannel Detail (Lacp)
Link Aggregation Commands show etherchannel detail (LACP) Use this command to display detailed information about all LACP channels. Syntax show etherchannel detail Privileged Exec mode Mode Example awplus#show etherchannel detail % Aggregator po1 (4501) Mac address: 00:00:cd:24:fd:29 Admin Key: 0001 - Oper Key 0001...
Page 371: Show Lacp-Counter
Link Aggregation Commands show lacp-counter Use this command to display the packet traffic on all ports of all present LACP aggregators, or a given LACP aggregator. Syntax show lacp-counter <1-65535> Parameter Description Channel-group number. <1-65535> Privileged Exec mode Mode show lacp sys-id Use this command to display the LACP system ID and priority.
Page 372: Show Port Etherchannel (Lacp)
Link Aggregation Commands show port etherchannel (LACP) Use this command to show LACP details of the switch port specified. Syntax show port etherchannel <port> Parameter Description Name of the switch port to display LACP information about. <port> Privileged Exec mode...
Page 373: Show Static-Channel-Group
Link Aggregation Commands show static-channel-group Use this command to display all configured static channel groups and their corresponding member ports. Note that a static channel group is the same as a static aggregator. Syntax show static-channel-group Exec and Privileged Exec mode...
Page 374: Static-Channel-Group
Usage group number. If the channel group does not exist, it is created, and the port is added to it. The no prefix detaches the port from the static channel group. If the port is the last member to be removed, the static channel group is deleted.
Page 375 Routing Reference This part includes the following chapters: Chapter 22, Internet Protocol (IP) Addressing and Protocols ■ ■ Chapter 23, IP Addressing and Protocol Commands ■ Chapter 24, Routing Protocol Overview ■ Chapter 25, Route Selection Chapter 26, Routing Commands ■...
Page 377: Internet Protocol (Ip) Addressing And Protocols
Internet Control Message Protocol (ICMP)..................22.8 ICMP Router Discovery Protocol (IRDP).....................22.9 Checking IP Connections ..........................22.12 Ping .................................. 22.12 Traceroute..............................22.12 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 378: Introduction
To configure your device to perform IP routing (for example, to access the Internet) you need Address to configure IP. You also need to configure IP if you want to manage your device from any IP- based management process (such as SSH, Telnet, or SNMP).
Page 379: Address Resolution Protocol (Arp)
Static ARP Entries If your LAN includes hosts that do not support ARP, you can add a static ARP entry to the cache. However, it is rarely necessary to add an ARP entry this way. To add a static ARP entry, use the command: awplus(config)#arp <ip-address>...
Page 380: Deleting Arp Entries
Your device intercepts ARP broadcast packets and substitutes its own physical address for that of the remote host. This occurs only if your device has the best route to the remote host. By responding to the ARP request, your device ensures that subsequent packets from the local host are directed to its physical address, and it can then forward these to the remote host.
Page 381: Local Proxy Arp
To disable local proxy ARP on an interface, use the command: awplus(config-if)# no ip local-proxy-arp To check whether proxy ARP or local proxy ARP is enabled on an interface, use the show running-config command. ©2008 Allied Telesis Inc. All rights reserved.
Page 382: Domain Name System (Dns)
Domain names are made up of a hierarchy of two or more name segments. Each segment is name parts separated by a period. The format of domain names is the same as the host portion of a URL (Uniform Resource Locator). The first segment from the left is unique to the host, with each following segment mapping the host in the domain name hierarchy.
Page 383 To check the domain name configured with this command, use the command: awplus# show ip domain-name Alternatively you can create a list of domain names that your device will try in turn by using the command: awplus(config)# ip domain-list <domain_name>...
Page 384: Internet Control Message Protocol (Icmp)
ICMP messages are enabled on all interfaces by default. You can control the flow of ICMP messages across different interfaces using the access-list commands. See...
Page 385: Icmp Router Discovery Protocol (Irdp)
RFC. Benefits Before an IP host can send an IP packet, the host has to know the IP address of a neighboring router that can forward the packet to its destination. ICMP Router Discovery messages let routers automatically advertise themselves to hosts. Other methods either require someone to manually keep these addresses current, or require DHCP to send router addresses.
Page 386 (255.255.255.255). To change the address type to broadcast on an interface, use the command: awplus(config-if)# ip irdp broadcast To change the address type back to multicast, use the no form of the above command, or use the command: awplus(config-if)# ip irdp multicast Configuration Do the following to configure your device to send router advertisements.
Page 387 <0-9000> Set preference levels. By default, every interface has the same preference for becoming a default router. To give the interface a higher preference, increase the preference level. To give it a lower preference, decrease this value.
Page 388: Checking Ip Connections
“see” the other device. Echo request packets are sent to the destination addresses and responses are displayed on the console. If you can ping the end destination, then the physical, Layer 2 and Layer 3 links are functioning, and any difficulties are in the network or higher layers.
Page 389 ............................23.29 show ip name-server............................23.30 tcpdump ................................23.31 traceroute ................................23.31 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 390: Ip Addressing And Protocol Commands
This command sets a timeout period on dynamic ARP entries associated with a specific interface. If your device stops receiving traffic for the host specified in a dynamic ARP entry, it deletes the ARP entry from the ARP cache after this timeout is reached.
Page 391: Arp (Ip Address Mac Address)
(IP address MAC address) This command adds a static ARP entry to the ARP cache. This is typically used to add entries for hosts that do not support ARP or to speed up the address resolution function for a host.
Page 392: Clear Arp-Cache
IP Addressing and Protocol Commands clear arp-cache This command deletes the dynamic ARP entries from the ARP cache. To display the entries in the ARP cache, use the show arp command. To remove static ARP entries, use the no arp <ip-address>...
Page 393: Debug Ip Interface
The required interface placeholder following the interface keyword can be specified as either all or as a single layer 3 interface to show debugging for either all interfaces or a single interface. If the optional address keyword is specified then only packets with the specified IP address as specified in the ip-address placeholder are shown in the output.
Page 394: Debug Ip Irdp
IRDP debugging is disabled by default. The no form disables IRDP debugging. Note that setting detail also sets both, so if you set detail, the output will show "packet ■ debugging mode is all". Negating any packet debug mode will switch detail off.
Page 395: Ip Address Ipaddr
IP Addressing and Protocol Commands ip address IPADDR This command sets a static IP address on an interface. To set the primary IP address on the interface, specify only ip address IP-ADDRESS. This overwrites any configured primary IP address. To add additional IP addresses on this interface, use the secondary parameter. You must configure a primary address on the interface before configuring a secondary address.
Page 396: Ip Domain-List
This command adds a domain to the DNS list. Domain are appended to incomplete host names in DNS requests. Each domain in this list is tried in turn in DNS lookups. This list is ordered so that the first entry you create is checked first.
Page 397: Ip Domain-Lookup
DNS enquiry to a DNS server, specified with the ip name-server command. The client is enabled by default. However, it does not attempt DNS enquiries unless there is a DNS server configured. The no parameter disables the DNS client. The client will not attempt to resolve domain names.
Page 398: Ip Domain-Name
When your device is using its DHCP client for an interface, it can receive Option 15 from the DHCP server. This option replaces the domain name set with this command. See...
Page 399: Ip Forwarding
The no form disables IP forwarding on your device. Even when IP forwarding is not enabled, the device can still work as an IP host; in particular, it can be managed by IP-based applications, such as SNMP, Telnet and SSH.
Page 400: Ip Irdp Address Preference
When multiple routers connected to a LAN are all sending Router Discovery advertisements, hosts need to be able to choose the best router to use. Therefore the IRDP defines a preference value to place in the Router Discovery advertisements. Hosts choose the router with the highest preference value.
Page 401: Ip Irdp Broadcast
IRDP advertisements with the broadcast address (255.255.255.255) as the IP destination address. The no form configures multicast Router Discovery advertisements on an interface. The interface sends IRDP advertisements with the all-system multicast address (224.0.0.1) as the IP destination address. Syntax...
Page 402: Ip Irdp Lifetime
To set the lifetime value to 4000 seconds for addresses advertised on vlan6, use the command: Examples awplus(config)# interface vlan6 awplus(config-if)# ip irdp lifetime 4000 To set the lifetime value to the default of 1800 seconds for addresses advertised on vlan6, use the command: awplus(config)# interface vlan6 awplus(config-if)# no ip irdp lifetime...
Page 403: Ip Irdp Maxadvertinterval
You cannot set the maximum advertisement interval below the minimum interval. If you are lowering the maximum interval to a value below the current minimum interval, you must change the minimum value first.
Page 404: Ip Irdp Minadvertinterval
You cannot set the minimum advertisement interval above the maximum interval. If you are raising the minimum interval to a value above the current maximum interval, you must change the maximum value first. The no form sets the minadvertinterval back to the default of 450 seconds.
Page 405: Ip Irdp Multicast
This command configures multicast Router Discovery advertisements on an interface. The interface sends IRDP advertisements with the all-system multicast address (224.0.0.1) as the IP destination address. The no form configures broadcast Router Discovery advertisements on an interface. The interface sends IRDP advertisements with the broadcast address (255.255.255.255) as the IP...
Page 406: Ip Irdp Preference
To set the preference of addresses advertised on vlan6 to 500, use the command: Examples awplus(config)# interface vlan6 awplus(config-if)# ip irdp preference 500 To set the preference value for addresses on vlan6 back to the default of 0, use the command: awplus(config)# interface vlan6 awplus(config-if)# no ip irdp preference ip irdp...
Page 407: Ip Local-Proxy-Arp
This stops hosts from learning the MAC address of other hosts within its subnet through ARP requests. Local proxy ARP ensures that devices within a subnet cannot send traffic that bypasses layer 3 routing on your device. This lets you monitor and filter traffic between hosts in the same subnet, and enables you to have control over which hosts may communicate with one another.
Page 408: Ip Name-Server
IP Addressing and Protocol Commands ip name-server This command adds the IP address of a DNS server to the device’s list of servers. The DNS client on your device sends DNS queries to devices on this list when trying to resolve a DNS hostname.
Page 409: Ip Proxy-Arp
ARP broadcast packets and substitutes its own physical address for that of the remote host. By responding to the ARP request, your device ensures that subsequent packets from the local host are directed to its physical address, and it can then forward these to the remote host.
Page 410: Ping
The number of data bytes to send, excluding the 8 byte ICMP header. The default is 56 (64 ICMP data bytes). source The IP address of a configured IP interface to use as the source in the IP header of the ping packet. timeout The time in seconds to wait for echo replies if the ARP entry is present, before reporting that no reply was received.
Page 411: Router Ip Irdp
This command globally enables ICMP Router Discovery (IRDP) advertisements on your device. However, your device does not send or process IRDP messages until at least one interface is configured to use IP and has had IRDP enabled on the interface with the ip irdp command.
Page 412: Show Arp
IP Addressing and Protocol Commands show arp This command displays the dynamic and static ARP entries in the ARP cache. The ARP cache contains mappings of IP addresses to physical addresses for hosts. To have a dynamic entry in the ARP cache, a host must have used the ARP protocol to access another host.
Page 413: Show Hosts
This command shows the domains configured in the domain list. The DNS client uses the domains in this list to append incomplete hostnames when sending a DNS enquiry to a DNS server. Syntax show ip domain-list...
Page 414: Show Ip Domain-Name
This command shows the default domain configured on your device. When there are no entries in the DNS list, the DNS client appends this domain to incomplete hostnames when sending a DNS enquiry to a DNS server.
Page 415: Show Ip Interface Brief
IP Addressing and Protocol Commands show ip interface brief Use this command to display brief information about interfaces and the IP addresses assigned to them. To display information about a specific interface, specify the interface name with the command. Syntax show ip interface [<interface-list>] [brief]...
Page 416: Show Ip Irdp
IP Addressing and Protocol Commands show ip irdp This command displays whether IRDP is globally enabled on your device, and the status of the debugging modes. ■ If the debug ip irdp command has been set with the detail parameter then the both parameter is also set and the output will show "packet debugging mode is all".
Page 417: Show Ip Irdp Interface
IP Addressing and Protocol Commands show ip irdp interface This command displays the configuration of IRDP on all interfaces, or for a specified interface. Syntax show ip irdp interface [<interface-name>] Parameter Description Displays the interface status and configuration details of the specified <interface-name>...
Page 418: Show Ip Name-Server
Related Commands show ip irdp show ip name-server This command displays the list of DNS servers your device sends DNS requests to. This is a static list configured using the ip name-server command. Syntax...
Page 419: Tcpdump
IP Addressing and Protocol Commands tcpdump Use the tcpdump command to start a tcpdump, which gives the same output as a unix / linux tcpdump, as a background process. Use the no tcpdump command to stop a running tcpdump. Syntax...
Page 421: 24 Routing Protocol Overview
24 Routing Protocol Overview Introduction ................................24.2 RIP....................................24.2 OSPF...................................24.2 PIM-SM..................................24.3 VRRP...................................24.3 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 24.1...
Page 422: Introduction
A maximum allowable hop count is 15. If a router reaches a metric value of 16 or more (referred to as infinity), the destination is identified as unreachable. This avoids the indefinite routing loops. The split- horizon and hold-down features are used to avoid propagation incorrect routing information.
Page 423: Pim
VRRP attempts to solve this problem by introducing the concept of a virtual router, composed of two or more VRRP routers on the same subnet. The concept of a virtual IP address is also introduced, which is the address that end hosts configure as their default gateway. Only one of the routers (called the Master) forwards packets on behalf of this IP address.
Page 425: Types Of Routes
Equal Cost Multipath Routing ......................25.6 How the AlliedWare Plus OS Adds Routes................25.7 How the AlliedWare Plus OS Deletes Routes ..............25.8 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 426: Route Selection
For each packet, your device chooses the best route it has for that packet and uses that route to forward the packet. In addition, you can define filters to restrict the way packets are sent.
Page 427 Given a choice of routes, RIP uses the route that takes the lowest number of hops. If multiple routes have the same hop count, RIP chooses the first route it finds.
Page 428: Rib And Fib Routing Tables
Your device maintains its routing information in routing tables that tell your device how to find a remote network or host. Each route is uniquely identified in a table by its IP address, network mask, next hop, interface, protocol, and policy. There are two routing tables populated by your device: the Routing Information Base (RIB) and the Forwarding Information Base (FIB).
Page 429 EBGP IBGP LOCAL to enter a separate administrative distance value for each BGP route type. To set the administrative distance for a specific BGP route, use the command: awplus(config-router)# distance <1-255>...
Page 430: Equal Cost Multipath Routing
OS to distribute traffic over multiple equal-cost routes to a destination. The software determines that two or more routes are equal cost if they have the same destination IP address and mask. When the software learns such multiple routes, it puts them in an ECMP route group.
Page 431: How The Alliedware Plus
Route Selection How the AlliedWare Plus OS Adds Routes The following flow chart shows how the software adds a route to the FIB. route_1 Start: The AlliedWare Plus OS receives a route from a routing protocol Adds route to its RIB...
Page 432: Os Deletes Routes
RIB. Then it checks if the specified route is in the FIB. If the route is in the FIB, it deletes it from the FIB and checks if another route is available in its database for the same prefix.
Page 433 ..................................26.2 maximum-paths ..............................26.3 show ip route................................26.4 show ip route database...........................26.6 show ip route summary ..........................26.7 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 434: Routing Commands
IP protocols. ip route This command adds a static route to the Routing Information Base (RIB). If this route is the best route for the destination, then your device adds it to the Forwarding Information Base (FIB).
Page 435: Maximum-Paths
Default: 4 Configure mode Mode To set the maximum number of paths for each route in the FIB to 5, use the command: Examples awplus(config)#maximum-paths 5 To set the maximum paths for a route to the default of 4, use the command: awplus(config)#no maximum-paths ©2008 Allied Telesis Inc.
Page 436: Show Ip Route
Each entry in this table has a code preceding it, indicating the source of the routing entry. For Output example, O indicates OSPF as the origin of the route. The first few lines of the output list the possible codes that may be seen with the route entries.
Page 437 14.5.1.0/24 [110/20] via 10.10.31.16, vlan2, 00:18:56 Route This route entry denotes: This route is the same as the other OSPF route explained above; the main difference is ■ that it is a Type 2 External OSPF route. To display the OSPF routes in the FIB, use the command:...
Page 438: Show Ip Route Database
*> 127.0.0.0/8 is directly connected, lo The routes added to the FIB are marked with a *. When multiple routes are available for the same prefix, the best route is indicated with the > symbol. All unselected routes have neither the * nor the >...
Page 439: Show Ip Route Summary
IP routing table name is Default-IP-Routing-Table(0) IP routing table maximum-paths is 4 Route Source Networks connected ospf Total To display a summary of the current RIB entries, use the command: Examples awplus# show ip route summary show ip route Related Commands show ip route database ©2008 Allied Telesis Inc.
Page 441: 27 Rip Configuration
Specifying the RIP version ..........................27.3 RIPv2 authentication (single key) .......................27.4 RIPv2 text authentication (multiple keys) .....................27.5 RIPv2 md5 authentication (multiple keys)....................27.8 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1...
Page 442: Introduction
RIP Configuration Introduction This chapter contains basic RIP configuration examples. To see details on the RIP commands used in these examples, or to see the outputs of the Validation commands, refer to the Chapter 28, RIP Commands. Enabling RIP This example shows the minimum configuration required for enabling two devices to exchange routing information using RIP.
Page 443: Specifying The Rip Version
Configure a router to receive and send specific versions of RIP packets on an interface. The routing devices in this example are Allied Telesis managed Layer 3 Switches. In this example, Switch 2 is configured to receive and send RIP version 1 and version 2 information on both port 1.0.1and port 1.0.2 interfaces.
Page 444: Ripv2 Authentication (Single Key)
This example illustrates authentication of the routing information exchange process for RIP using a single key. The routing devices in this example are Allied Telesis managed Layer 3 Switches. Switch 1 and Switch 2 are running RIP and exchange routing updates.
Page 445: Ripv2 Text Authentication (Multiple Keys)
Switches. Switch 1 and Switch 2 are running RIP and exchanging routing updates. To configure authentication on Switch 1, define a key chain, specify keys in the key chain and then define the authentication string or passwords to be used by the keys. Set the time period during which it is valid to receive or send the authentication key by specifying the accept and send lifetimes.
Page 446 12:00:00 Mar 2 2007 14:00:00 Mar 7 2007 string Secret can be received. In this case, key string Secret can be received from noon of March 2 to 2 pm March 7, 2007. Specify the time period during which authentication key...
Page 448: Ripv2 Md5 Authentication (Multiple Keys)
Configure Switch 2 and Switch 3 to have the same key ID and key string as Switch 1 for the time that updates need to be exchanged.
Page 449 Specify the time period during which authentication awplus(config-keychain-key)#send-lifetime 12:00:00 Mar 7 2007 12:00:00 Mar 12 2007 key string Earth can be send. In this case, key string Secret can be received from noon of March 7 to noon of March 12, 2007.
Page 450 Names of Commands Used key chain, key, key-string, accept-lifetime, send-lifetime, ip rip authentication key-chain, ip rip authentication mode Validation Commands show run, show ip rip, show ip protocol rip, show ip rip interface ©2008 Allied Telesis Inc. All rights reserved. 27.10 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 451: 28 Rip Commands
............................28.25 show ip rip interface............................28.26 timers ..................................28.27 undebug rip ................................. 28.28 version..................................28.28 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 452: Introduction
This chapter provides an alphabetized reference for each of the RIP Commands. accept-lifetime Use this command to specify the time period during which the authentication key on a key chain is received as valid. Use the no accept-lifetime command to remove a specified time period for an authentication key on a key chain as set previously with the accept-lifetime command.
Page 453: Clear Ip Rip Route
BGP routes from the RIP routing table. clears the entire RIP routing table. Privileged Exec mode Mode Using this command with the all parameter, clears the RIP table of all the routes. Usage Examples awplus#clear ip rip route 10.0.0.0/8 awplus#clear ip rip route ospf ©2008 Allied Telesis Inc.
Page 454: Debug Rip
RIP Commands debug rip Use this command to specify the options for the displayed debugging information for RIP events, RIP packets and RIP NSM. Use the no parameter with this command to disable the specified debug option. Syntax debug rip {events|nsm|PACKET|all}...
Page 455 RIP Commands default-metric Use this command to specify the metrics to be assigned to redistributed routes. Use the no parameter with this command to set the metric back to its default value (1). Syntax default-metric METRIC no default-metric METRIC no default-metric...
Page 456: Distance (Rip)
“mylist”, use the commands: awplus(config)#router rip awplus(config-router)#distance 8 10.0.0.0/8 mylist To set the administrative distance to the default of 120 for the RIP routes within the 10.0.0.0/8 network that match the access-list “mylist”, use the commands: awplus(config)#router rip awplus(config-router)#no distance 8 10.0.0.0/8 mylist...
Page 457 RIP Commands distribute-list Use this command to filter incoming or outgoing route updates using the access-list or the prefix-list. Use the no parameter with this command to disable this feature. Syntax distribute-list LIST UPDATE [IFNAME] no distribute-list LIST UPDATE [IFNAME]...
Page 458: Ip Rip Authentication Key-Chain
In the following example, interface VLAN23 is configured to use key-chain authentication with Examples the keychain “mykey”. See the key command for a description of how a key chain is created. awplus#configure terminal awplus(config)#interface VLAN23...
Page 459: Ip Rip Authentication Mode
RIP Commands ip rip authentication mode Use this command to specify the type of authentication mode used for RIP v2 packets. Use the no parameter with this command to restore clear text authentication. ip rip authentication mode text Syntax no ip rip authentication mode...
Page 460: Ip Rip Authentication String
Usage single key or multiple keys at different times. Use this command to specify the password for a single key on an interface. In the following example, the interface VLAN2 is configured to have an authentication string as Examples guest.
Page 461: Ip Rip Receive Version
RIP Commands ip rip receive version Use this command to specify the version of RIP packets accepted on an interface and override the setting of the version command. Use the no form of this command to use the setting specified by the version command.
Page 462: Ip Rip Send Version
RIP Commands ip rip send version Use this command to specify the version of RIP packets sent on an interface and override the setting of the version command. Use the no form of this command to use the setting specified by the version command.
Page 463: Ip Rip Send Version 1-Compatible
RIP Commands ip rip send version 1-compatible Use this command to send RIP version 1 compatible packets from a version 2 RIP interface. This mechanism causes version 2 RIP to broadcast the packets instead of multicasting them. Use the no parameter with this command to use the global RIP version control rules.
Page 464 <0-2147483647> Key identifier number KEYID Keychain mode Mode This command allows you to enter the keychain-key mode where a password can be set for Usage the key. The following example configures a key number 1 and shows the change into a keychain- Examples key command mode prompt.
Page 465: Key Chain
Use this command to enter the key chain management mode and to configure a key chain with a key chain name. Use the no parameter on this command to remove the key chain and all configured keys. Syntax...
Page 466 RIP Commands key-string Use this command to define the password to be used by a key. Use the no parameter to remove a password. Syntax key-string LINE no key-string LINE Parameter Description A string of characters to be used as a password by the key.
Page 467 RIP Commands neighbor Use this command to specify a neighbor router. It is used for each router to which you wish to send unicast RIP updates. Use the no parameter with this command to stop sending unicast updates to the specific router.
Page 468 Use this command to specify a network or interface as one that runs Routing Information Protocol (RIP). Use the no parameter with this command to remove the specified network or interface as one that runs RIP. Syntax network {<ip_address>|<interface>} no network {<ip_address>...
Page 469 RIP Commands offset-list Use this command to add an offset to in and out metrics to routes learned through RIP. Use the no parameter with this command to remove the offset list. Syntax offset-list <access_list> {in|out} <offset> [<interface>] no offset-list <access_list> {in|out} <offset> [<interface>]...
Page 470 Use this command to run-time configure the RIP UDP (User Datagram Protocol) receive-buffer size to improve UDP reliability by avoiding UDP receive buffer overrun. Use the no parameter with this command to unset the configured RIP UDP receive-buffer size and set it back to the system default value (196608 bits ).
Page 471: Restart Rip Graceful
<1-65535>] Privileged Exec mode Mode After this command is executed, the RIP process immediately shuts down. It notifies the system Usage that RIP has performed a graceful shutdown. Routes that have been installed into the route table by RIP are preserved until the specified grace-period expires.
Page 472: Router Rip
RIP Commands router rip Use this global command to enable the RIP routing process. Use the no parameter with this command to disable the RIP routing process. Syntax router rip no router rip Configure mode Mode This command is used to begin the RIP routing process...
Page 473 RIP Commands send-lifetime Use this command to specify the time period during which the authentication key on a key chain can be sent. Syntax send-lifetime START END Parameter Description START HH:MM:SS DAY MONTH YEAR Time of the day when lifetime starts, in hours, minutes and seconds.
Page 474: Show Debugging Rip
RIP Commands show debugging rip Use this command to display the RIP debugging status for these debugging options: nsm debugging, RIP event debugging, RIP packet debugging and RIP nsm debugging. Syntax show debugging rip Privileged Exec mode Mode Use this command to display the debug status of RIP.
Page 475: Show Ip Rip
Syntax show ip rip Exec mode and Privileged Exec mode Mode The following output displays the RIP routing table with the destination network, nexthop and Usage metric to reach it. awplus#show ip rip Codes: R - RIP, C - Connected, S - Static, O - OSPF...
Page 476: Show Ip Rip Interface
Name of the interface for which information is to be displayed. Exec mode and Privileged Exec mode Mode The following is the output from the show ip rip interface command. This output shows the RIP Example related configuration of each IP interface.
Page 477 If an update for a given route has not been seen for the time specified by the timeout parameter, that route is no longer valid. However, it is retained in the routing table for a short time, with metric 16, so that neighbors are notified that the route has been dropped.
Page 478: Undebug Rip
Router mode and Address Family mode Mode RIP can be run in version 1 or version 2 mode. Version 2 has more features than version 1; in Usage particular RIP version 2 supports authentication. Once the rip version is set, RIP packets of that version will be received and sent on all the RIP-enabled interfaces.
Page 479 Validation show running-config Commands awplus#show running-config router rip version 1 ip rip receive version Related Commands ip rip send version ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E 28.29...
Page 481 Configuring an Area Border Router......................29.7 Redistributing routes into OSPF.........................29.8 OSPF Cost ................................29.9 Configuring Virtual Links ..........................29.11 OSPF Authentication............................. 29.12 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 482: Ospf Configuration
A set of routers that exchange OSPF routing information with each other. Router ID A unique ID assigned to each OSPF router. This ID takes the same form as an IP address, i.e. A.B.C.D, where each of A,B,C,D is a number between 0 and 254. This number uniquely identifies the OSPF router within the AS.
Page 483: Enabling Ospf On An Interface
This example shows the minimum configuration required for enabling OSPF on an interface. In this example, the OSPF routers are Allied Telesis managed Layer 3 switches. Switch 1 and Switch 2 are two OSPF routers in Area 0 connecting to network 10.10.10.0/24.
Page 484 Names of Commands Used network area, router ospf Validation Commands show ip ospf, show ip ospf interface, show ip ospf neighbor, show ip ospf route ©2008 Allied Telesis Inc. All rights reserved. 29.4 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 485: Setting Priority
10, which is higher than the default priority (default priority is 1) of Switch 1 and Switch 2; making it the DR. In this example network the back-up DR would be Switch 2 as it has a higher router ID than Switch 1.
Page 486 OSPF Configuration Switch 2 Configure the Routing process and specify the Process ID awplus(config)#router ospf 200 (200). The Process ID should be a unique positive integer identifying the routing process. Define the interface (10.10.10.0/24) on which OSPF awplus(config-router)#network 10.10.10.0/24 area 0 runs and associate the area ID (0) with the interface.
Page 487: Configuring An Area Border Router
OSPF Configuration Configuring an Area Border Router This example shows configuration for an Area Border Router (ABR). In this example, the OSPF routers are Allied Telesis managed Layer 3 switches. Switch 2 is an ABR, where interface vlan2 is in Area 0 and interface vlan3 is in Area 1.
Page 488: Redistributing Routes Into Ospf
In this example the configuration causes BGP routes to be imported into the OSPF routing table and advertised as Type 5 External LSAs into Area 0. In this example, the OSPF routers, labelled “Device 1-5” represent any Allied Telesis managed Layer 3 switches or Allied Telesis routers.
Page 489: Ospf Cost
Switch 2 the next hop for Switch 1. The default cost on each interface is 10. Interface vlan2 on Switch 2 has a cost of 100 and interface vlan3 on Switch 3 has a cost of 150. The total cost for Switch 1 to reach 10.10.14.0/...
Page 490 100 Configure the Routing process and specify the Process ID (100). The Process ID should be a unique positive integer identifying the routing process. awplus(config-router)#network 10.10.12.0/ Define interfaces on which OSPF runs and associate the 24 area 0 area ID (0) with the interface.
Page 491: Configuring Virtual Links
In the network below, there is no area border router that connects Area2 to the backbone. So a virtual link needs to be created between ABR Device 1 and ABR Device 2 to connect Area 2 to Area 0. Area 1 is used as a transit area.
Page 492: Ospf Authentication
Additionally, Interface and Area authentication can be used together. Area authentication is used for an area and interface authentication is used for a specific interface in the area. If the Interface authentication type is different from Area authentication type, Interface authentication type overrides the Area authentication type.
Page 493 Define interfaces on which OSPF runs and associate the awplus(config-router)#network 10.10.10.0/ 24 area 0 area ID (0) with the interface (area ID 0 specifies the backbone area). awplus(config-router)#network 10.10.11.0/ 24 area 0 Enable MD5 authentication on area 0.
Page 494 Define interfaces on which OSPF runs and associate the awplus(config-router)#network 10.10.10.0/ 24 area 0 area ID (0) with the interface (area ID 0 specifies the backbone area). awplus(config-router)#network 10.10.11.0/ 24 area 0 Enable MD5 authentication on area 0.
Page 495: 30 Ospf Commands
..............................30.42 ospf abr-type ..............................30.43 ospf router-id ..............................30.44 overflow database ............................30.44 overflow database external........................30.45 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 496 ............................30.68 show ip ospf virtual-links ..........................30.69 show ip protocols ............................30.69 show memory ospf ............................30.70 summary-address..............................30.71 timers spf................................30.72 ©2008 Allied Telesis Inc. All rights reserved. 30.2 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 497: Introduction
Specifying the area authentication sets the authentication to Type 1 authentication or the Simple Text password authentication (details in RFC 2328). All OSPF packets transmitted in this area must have the same password in their OSPF header. This ensures that only routers that have the correct password may join the routing domain.
Page 498: Area Default-Cost
The default-cost option provides the metric for the summary default route, generated by the area border router, into the NSSA or stub area. Use this option only on an area border router that is attached to the NSSA or stub area. Refer to the RFC 3101 for information on NSSA.
Page 499: Area Filter-List
This command configures filters to advertise summary routes on Area Border Routers (ABR). This command is used to suppress particular intra-area routes from/to an area to/from the other areas. You can use this command in conjunction with either the access-list or prefix-list command.
Page 500: Area Nssa
Although, the external routes from other areas still do not enter the NSSA. You can either configure an area to be a stub area or an NSSA, not both. The no form removes this designation.
Page 501: Area Range
If the network numbers in an area are assigned in a way such that they fall into sets of contiguous routes, the ABRs can be configured to advertise a small set of summary routes that cover the individual networks within the area.
Page 502: Area Stub
OSPF Commands area stub This command defines an OSPF area as a stub area. By default, no stub area is defined. Use this command when routers in the area do not require learning about summary LSAs from other areas. You can define the area as a totally stubby area by configuring the Area Border Router of that area using the area stub no-summary command.
Page 503: Area Virtual-Link
To configure a virtual link, you require: ■ The transit area ID, i.e. the area ID of the non backbone area that the two backbone routers are both connected to. ■...
Page 504 OSPF Commands Parameter Description The area ID of the transit area that the virtual link passes through. Use <area-id> one of the following formats: A.B.C.D OSPF Area ID in IPv4 address format. <0-4294967295> OSPF Area ID as 4 octets unsigned integer value.
Page 505: Auto-Cost Reference Bandwidth
The default value for the reference bandwidth is 100Mbps. As a result, if this default value is used, there is very little difference between the metrics applied to interfaces of increasing bandwidth beyond 100 Mbps. The auto-cost command is used to alter this reference bandwidth in order to give a real difference between the metrics of high bandwidth links of differing bandwidths.
Page 506: Capability Opaque
OSPF Commands bandwidth Use this command to specify the maximum bandwidth to be used for each interface. The bandwidth value is in bits. OSPF uses this to calculate metrics for the interface. The no form removes the maximum bandwidth. Syntax bandwidth <1-10000000000>...
Page 507: Clear Ip Ospf Process
OSPF Commands clear ip ospf process This command clears and restarts the OSPF routing process. Specify the Process ID to clear one particular OSPF process. When no Process ID is specified, this command clears all running OSPF processes. Syntax clear ip ospf process clear ip ospf <0-65535>...
Page 508: Compatible Rfc1583
RFC 2328 specifies a method for calculating metrics based on maximum cost. It is possible that some ABRs in an area might conform to RFC 1583 and others support RFC 2328, which could lead to incompatibility in their interoperation. This command addresses this issue by allowing you to selectively disable compatibility with RFC 2328.
Page 509: Debug Ospf Events
This command enables OSPF debugging for OSPF event troubleshooting. To enable all debugging options, specify debug ospf event with no additional parameters. The no and undebug form disables OSPF debugging. Use this command without parameters to disable all the options.
Page 510: Debug Ospf Ifsm
OSPF Commands debug ospf ifsm This command specifies debugging options for OSPF Interface Finite State Machine (IFSM) troubleshooting. The no and undebug form disables OSPF IFSM debugging. Syntax debug ospf ifsm [status|events|timers] no debug ospf ifsm [status|events|timers] undebug ospf ifsm [status|events|timers]...
Page 511: Debug Ospf Lsa
OSPF Commands debug ospf lsa This command enables debugging options for OSPF Link State Advertisements (LSA) troubleshooting. This displays information related to internal operations of LSAs. The no and undebug form disables this debugging. Syntax debug ospf lsa [flooding|generate|install|maxage|refresh] no debug ospf lsa [flooding|generate|install|maxage|refresh]...
Page 512: Debug Ospf Nfsm
OSPF Commands debug ospf nfsm This command enables debugging options for OSPF Neighbor Finite State Machines (NFSMs). The no and undebug form disables this debugging. Syntax debug ospf nfsm [events|status|timers] no debug ospf nfsm [events|status|timers] undebug ospf nfsm [status|events|timers] Parameter...
Page 513: Debug Ospf Packet
OSPF Commands debug ospf packet This command enables debugging options for OSPF packets. The no and undebug form disables OSPF packet debugging. Syntax debug ospf packet [dd|detail|hello|ls-ack|ls-request|ls-update|recv| send] no debug ospf packet [dd|detail|hello|ls-ack|ls-request|ls-update| recv|send] undebug ospf packet [dd|detail|hello|ls-ack|ls-request|ls-update| recv|send] Parameter Description Specifies debugging for OSPF database descriptions.
Page 514: Debug Ospf Route
OSPF Commands debug ospf route This command enables debugging of route calculation. Use this command without parameters to turn on all the options. The no and undebug forms of this command to disable this function. Syntax debug ospf route [ase|ia|install|spf]...
Page 515 The metric-type is an external link type associated with the default route advertised into the OSPF routing domain. The value of the external route could be either Type 1 or 2; the default is the Type 2.
Page 516 The effect of this command is that OSPF will use the same metric value for all redistributed routes. Use this command in conjunction with the redistribute command.
Page 517: Distance (Ospf)
100 awplus(config-router)# distance ospf inter-area 20 intra-area 10 external 40 To set the administrative distance for all routes in OSPF 100 back to the default of 110, use the commands: awplus(config)# router ospf 100 awplus(config-router)# no distance ospf ©2008 Allied Telesis Inc.
Page 518 OSPF Commands distribute-list This command applies a filter to the choice of routes that will be redistributed from another routing protocol into OSPF. The no form of this command removes the distribute command. Syntax distribute-list <list_name> out [bgp|connected|rip|static] no distribute-list <list_name>...
Page 519: Host Area
OSPF Commands host area This command configures a stub host entry belonging to a particular area. You can use this command to advertise specific host routes in the router-LSA as stub link. Since stub host belongs to the specified router, specifying cost is optional.
Page 520: Ip Ospf Authentication
This command sets the authentication method used when sending and receiving OSPF packets on the current interface. The default is to use no authentication. If no authentication method is specified in this command, then plain text authentication will be used.
Page 521: Ip Ospf Authentication-Key
All neighboring routers on the same network with the same password exchange OSPF routing data. The key can be used only when authentication is enabled for an area. Use the area authentication command to enable authentication.
Page 522: Ip Ospf Cost
The interface cost indicates the overhead required to send packets across a certain interface. This cost is stated in the Router-LSA’s link. Typically, the cost is inversely proportional to the bandwidth of an interface. By default, the cost of an interface is calculated according to the...
Page 523: Ip Ospf Database-Filter
This command turns on the LSA database-filter for a particular interface. OSPF floods new LSAs over all interfaces in an area, except the interface on which the LSA arrives. This redundancy ensures robust flooding. However, too much redundancy can waste bandwidth and might lead to excessive link and CPU usage in certain topologies, resulting in destabilizing the network.
Page 524: Ip Ospf Dead-Interval
The dead-interval is the amount of time that OSPF waits to receive an OSPF hello packet from the neighbor before declaring the neighbor is down. This value is advertised in the router’s hello packets. It must be a multiple of the hello-interval and be the same for all routers on a specific network.
Page 525: Ip Ospf Hello-Interval
A shorter hello interval ensures faster detection of topological changes, but results in more routing traffic. The no form of this command returns the interval to the default of 10 seconds. Syntax ip ospf [<ip_address>] hello-interval <1-65535>...
Page 526: Ip Ospf Message-Digest-Key
While multiple keys exist, all OSPF packets will be transmitted in duplicate; one copy of the packet will be transmitted for each of the current keys. This is helpful for administrators who want to change the OSPF password without disrupting communication.
Page 527: Ip Ospf Mtu
This command sets the MTU size for OSPF. Whenever OSPF constructs packets, it uses interface MTU size as Maximum IP packet size. This command forces OSPF to use the specified value, overriding the actual interface MTU size.
Page 528: Ip Ospf Mtu-Ignore
OSPF Commands ip ospf mtu-ignore Use this command to configure OSPF so that it does not check the MTU size during DD (Database Description) exchange. By default, during DD exchange process, OSPF checks the MTU size described in DD packets received from the neighbor.
Page 529: Ip Ospf Network
OSPF Commands ip ospf network This command configures the OSPF network type to a type different from the default for the particular interface. This command forces the interface network type to the specified type. Depending on the network type, OSPF changes the behaviour of the packet transmission and the link description in LSAs.
Page 530: Ip Ospf Priority
Usage routers attempt to become the DR, the router with the higher router priority becomes the DR. If the router priority is the same for two routers, the router with the higher router ID takes precedence. Only routers with nonzero router priority values are eligible to become the designated or backup designated router.
Page 531: Ip Ospf Resync-Timeout
Use this command to set the interval after which adjacency is reset if out-of-band resynchronization has not occurred. The interval period starts from the time a restart signal is received from a neighbor. Use the no parameter with this command to return to the default value.
Page 532: Ip Ospf Retransmit-Interval
Use this command to specify the time between link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface. Use the no parameter with this command to return to the default value of 5 seconds. Syntax ip ospf [<ip_address>] retransmit-interval <interval>...
Page 533: Ip Ospf Transmit-Delay
Interface mode Mode The transmit delay value adds a specified time to the age field of an update. If the delay is not Usage added, the time in which the LSA transmits over the link is not considered. This command is especially useful for low speed links.
Page 534 OSPF Commands max-concurrent-dd Use this command to set the limit for the number of Database Descriptors (DD) that can be processed concurrently. Syntax max-concurrent-dd <1-65535> Parameter Description Specify the number of DD processes. <1-65535> Router mode Mode This command is useful when a router's performance is affected from simultaneously bringing Usage up several OSPF adjacencies.
Page 535 OSPF Commands The poll interval is the reduced rate at which routers continue to send hello packets, when a neighboring router has become inactive. Set the poll interval to be much larger than hello interval. This example shows a neighbor configured with a priority value, poll interval time, and cost.
Page 536: Network Area
OSPF routing can be enabled per IPv4 subnet. The network address can be defined using either Usage the prefix length or a wild card mask. A wild card mask is comprised of consecutive 0’s as network bits and consecutive 1’s as host bits.
Page 537: Ospf Abr-Type
Usage command is specially useful in a multi-vendor environment. The different ABR types are: Cisco ABR Type: By this definition, a router is considered an ABR if it has more than one ■ area actively attached and one of them is the backbone area.
Page 538: Ospf Router-Id
Related Commands overflow database Use this command to limit the maximum number of LSAs that can be supported by the current OSPF instance. Use the no parameter with this command to have no limit on the maximum number of LSAs.
Page 539: Overflow Database External
500 hard overflow database external Use this command to configure the size of the external database and the time the router waits before it tries to exit the overflow state. Use the no parameter with this command to revert to default.
Page 540 IP address of the interface. Router mode Mode Configure an interface to be passive if you wish its connected route to be treated as an OSPF Usage route (rather than an AS-external route), but do not wish to actually exchange any OSPF packets via this interface.
Page 541: Restart Ospf Graceful
OSPF Commands The metric, metric-type, and tag values specified on this command are applied to any redistributed routes that are not explicitly given a different metric, metric-type, or tag value by the route map. The following example shows redistribution of bgp routes into ospf routing table, with metric...
Page 542: Router Ospf
Use the no parameter with this command to terminate an OSPF routing process. Use the no parameter with the process ID parameter, to terminate and delete a specific OSPF routing process. If no process ID is specified on the no command, then all OSPF routing processes are terminated, and all OSPF configuration is removed.
Page 543: Show Debugging Ospf
OSPF Commands router-id Use this command to specify a router ID for the OSPF process. Use the no parameter with this command to force OSPF to use the previous OSPF router-id behavior. Syntax router-id <ip_address> no router-id Parameter Description Specifies the router ID in IPv4 address format.
Page 544: Show Ip Ospf
OSPF Commands show ip ospf Use this command to display general information about all OSPF routing processes. Include the process ID parameter with this command to display information about specified instances. Syntax show ip ospf show ip ospf <process_id> Parameter Description <0-65535>...
Page 545 Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs Number of external LSA 0. Checksum Sum 0x0 Number of non-default external LSA 0 External LSA database is unlimited.
Page 546: Show Ip Ospf Border-Routers
OSPF Commands show ip ospf border-routers Use this command to display the ABRs and ASBRs for all OSPF instances. Include the process ID parameter with this command to view data about specified instances. Syntax show ip ospf border-routers show ip ospf <process_id> border-routers...
Page 547: Show Ip Ospf Database
OSPF Commands show ip ospf database Use this command to display a database summary for OSPF information. This command displays BGP tags for prefixes. Include the process ID parameter with this command to display information about specified instances. Syntax show ip ospf database [self-originate|max-age] show ip ospf <process_id>...
Page 548: Show Ip Ospf Database Asbr-Summary
1 ospf database max-age awplus#show ip 100 ospf database router adv-router 2.3.4.5 show ip ospf database asbr-summary Use this command to display information about the Autonomous System Boundary Router (ASBR) summary LSAs. Syntax show ip ospf database asbr-summary [A.B.C.D] [self-originate|...
Page 549: Show Ip Ospf Database External
OSPF Commands show ip ospf database external Use this command to display information about the external LSAs. Syntax show ip ospf database external [A.B.C.D][self-originate|ADVROUTER] Parameter Description adv-router A.B.C.D ADVROUTER adv-router Displays all the LSAs of the specified router. A link state ID (as an IP address).
Page 550: Show Ip Ospf Database Network
OSPF Commands show ip ospf database network Use this command to display information about the network LSAs. Syntax show ip ospf database network [A.B.C.D][self-originate|ADVROUTER] Parameter Description adv-router A.B.C.D ADVROUTER adv-router Displays all the LSAs of the specified router. A link state ID (as an IP address).
Page 551 OSPF Router process 200 with ID (192.30.30.2) Net Link States (Area 0.0.0.0) LS age: 1175 Options: 0x2 (*|-|-|-|-|-|E|-) LS Type: network-LSA Link State ID: 192.10.10.9 (address of Designated Router) Advertising Router: 192.30.30.3 LS Seq Number: 80000002 Checksum: 0xdfb1 Length: 32 Network Mask: /24 Attached Router: 192.20.20.1...
Page 552: Show Ip Ospf Database Nssa-External
OSPF Commands show ip ospf database nssa-external Use this command to display information about the NSSA external LSAs. Syntax show ip ospf database nssa-external [A.B.C.D][self-originate| ADVROUTER] Parameter Description adv-router A.B.C.D ADVROUTER adv-router Displays all the LSAs of the specified router.
Page 553: Show Ip Ospf Database Opaque-Area
OSPF Commands show ip ospf database opaque-area Use this command to display information about the area-local (link state type 10) scope LSAs. Type-10 Opaque LSAs are not flooded beyond the borders of their associated area. Syntax show ip ospf database opaque-area [A.B.C.D][self-originate|ADVROUTER]...
Page 554: Show Ip Ospf Database Opaque-As
OSPF Commands show ip ospf database opaque-as Use this command to display information about the link-state type 11 LSAs. This type of link- state denotes that the LSA is flooded throughout the Autonomous System (AS). Syntax show ip ospf database opaque-as [A.B.C.D][self-originate|ADVROUTER]...
Page 555: Show Ip Ospf Database Opaque-Link
OSPF Commands show ip ospf database opaque-link Use this command to display information about the link-state type 9 LSAs. This type denotes a link-local scope. The LSAs are not flooded beyond the local network. Syntax show ip ospf database opaque-link [A.B.C.D][self-originate|ADVROUTER]...
Page 556: Show Ip Ospf Database Router
OSPF Commands show ip ospf database router Use this command to display information only about the router LSAs. Syntax how ip ospf database router [A.B.C.D][self-originate|ADVROUTER] Parameter Description adv-router A.B.C.D ADVROUTER adv-router Displays all the LSAs of the specified router. A link state ID (as an IP address).
Page 557: Show Ip Ospf Database Summary
OSPF Commands show ip ospf database summary Use this command to display information about the summary LSAs. Syntax show ip ospf database summary [A.B.C.D][self-originate|ADVROUTER] Parameter Description adv-router A.B.C.D ADVROUTER adv-router Displays all the LSAs of the specified router. A link state ID (as an IP address).
Page 558 Metric: 10 Examples awplus#show ip ospf database summary 1.2.3.4 self-originate awplus#show ip ospf database summary self-originate awplus#show ip ospf database summary 1.2.3.4 adv-router 2.3.4.5 ©2008 Allied Telesis Inc. All rights reserved. 30.64 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 559: Show Ip Ospf Interface
Internet Address 1.1.1.1/24, Area 0.0.0.0, MTU 1500 Process ID 0, Router ID 33.33.33.33, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State Waiting, Priority 1, TE Metric 0 No designated router on this network No backup designated router on this network...
Page 560: Show Ip Ospf Neighbor
OSPF Commands show ip ospf neighbor Use this command to display information on OSPF neighbors. Include the process ID parameter with this command to display information about specified instances. Syntax show ip ospf neighbor {A.B.C.D|all|DETAIL|INTERFACE} show ip ospf {PROCESSID} neighbor {A.B.C.D|all|DETAIL|INTERFACE}...
Page 561 Neighbor 10.10.10.50, interface address 10.10.10.50 In the area 0.0.0.0 via interface eth0 Neighbor priority is 1, State is Full, 5 state changes DR is 10.10.10.50, BDR is 10.10.10.10 Options is 0x42 (*|O|-|-|-|-|E|-) Dead timer due in 00:00:38...
Page 562: Show Ip Ospf Route
Output OSPF process 1: Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 10.10.0.0/24 [10] is directly connected, VLAN1, Area 0.0.0.0...
Page 563: Show Ip Ospf Virtual-Links
Adjacency state Down To display virtual link information, use the command: Examples awplus#show ip ospf virtual-links show ip protocols Use this command to display OSPF process parameters and statistics. Syntax show ip protocols Privileged Exec mode Mode Figure 30-25: Example output from the...
Page 564: Show Memory Ospf
OSPF Commands show memory ospf Use this command to display memory statistics for the OSPF protocol. Syntax show memory ospf Privileged Exec mode and Exec mode Mode Figure 30-26: Example output from the show memory ospf command Output MTYPEs for OSPF...
Page 565 <0-4294967295> The default tag value is 0. Router mode Mode An address range is a pairing of an address and a mask that is almost the same as IP network Usage number. For example, if the specified address range is 192.168.0.0/255.255.240.0, it matches: 192.168.1.0/24, 192.168.4.0/22, 192.168.8.128/25 and so on.
Page 566: Timers Spf
The default spf-holdtime value is 10 seconds. Router mode Mode This command configures the delay time between the receipt of a topology change and the Usage calculation of the Shortest Path First (SPF). This command also configures the hold time between two consecutive SPF calculations.
Page 567: 31 Bgp Commands
.............................. 31.37 debug bgp ................................31.38 distance (bgp) ..............................31.39 exit-address-family............................31.40 ip as-path access-list ............................31.41 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus...
Page 569 ........................31.121 show ip bgp view summary........................31.122 show ip community-list..........................31.123 show ip extcommunity-list........................31.123 show ip protocols ............................31.124 timers..................................31.124 undebug bgp ..............................31.125 ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E 31.3...
Page 570: Introduction
BGP Commands Introduction This chapter provides an alphabetical reference for each of the BGP commands. address-family This command enters the IPv4 or VPNv4 address-family command mode. In this mode you can configure address-family specific parameters. Use the exit-address-family command to leave the address family mode and return to the Configure mode.
Page 571 Use the as-set parameter to reduce the size of path information by listing the AS number only once, even if it was included in multiple paths that were aggregated. The as-set parameter is useful when aggregation of information results in an incomplete path information.
Page 572: Bgp Aggregate-Nexthop-Check
BGP Commands bgp aggregate-nexthop-check This command enables the BGP option to perform aggregation only when next-hop matches the specified IP address. By default this is disabled. The no form disable this function. Syntax bgp aggregate-nexthop-check no bgp aggregate-nexthop-check Configure mode...
Page 573: Bgp Always-Compare-Med
MED comparison is done only among paths from the same autonomous system (AS). Use bgp always-compare-med command to allow comparison of MEDs from different ASs. The MED parameter is used to select the best path. A path with lower MED is preferred. If the bgp table shows the following and the always-compare-med is enabled:...
Page 574: Bgp Bestpath As-Path Ignore
BGP best path decision process. It is effective only when bgp bestpath as-path ignore command has not been specified. By default, BGP receives routes with identical eBGP paths from eBGP peers and selects the first route received as the best path.
Page 575: Bgp Bestpath Compare-Routerid
When comparing similar routes from peers the BGP router does not consider router ID of the routes. By default, it selects the first received route. Use this command to include router ID in the selection process; similar routes are compared and the route with lowest router ID is selected.
Page 576: Bgp Bestpath Med
The missing-as-worst attribute to consider a missing MED attribute in a path as having a value of infinity, making the path without a MED value the least desirable path. If missing-as-worst is disabled, the missing MED is assigned the value of 0, making the path with the missing MED attribute the best path.
Page 577: Bgp Client-To-Client Reflection
Route reflectors are used when all Interior Border Gateway Protocol (iBGP) speakers are not fully meshed. If the clients are fully meshed the route reflector is not required, use the no bgp client-to-client reflection command to disable the client-to-client route reflection.
Page 578: Bgp Cluster-Id
Router1(config-router)# bgp cluster-id 5 The no form removes the cluster ID. Not specifying any cluster ID removes any configured. Note that you can only specify the bgp cluster-id as an IP address when using the no form. bgp cluster-id Syntax <ip-address>|<cluster-id>}...
Page 579: Bgp Confederation Identifier
[<1-65535>] Parameter Description Set routing domain confederation AS number. <1-65535> Router mode Mode Note that the no form of this command removes all BGP confederation identifiers. Usage Examples awplus# configure terminal awplus(config)# router bgp 100 awplus(config-router)#...
Page 580: Bgp Confederation Peers
This command configures the Autonomous Systems (AS) that belong to the confederation. A confederation allows an AS to be divided into several ASs. The AS is given a confederation identifier. External routers view only the whole confederation as one AS. Each AS is fully meshed within itself and is visible internally to the confederation.
Page 581: Bgp Config-Type
Specifies the extended style configuration. The extended configuration type requires no specific configuration for sending out BGP standard community and extended community attributes. The no synchronization command is enabled by default in configure mode and not shown in configuration output. Configure mode...
Page 582: Bgp Dampening
Route dampening minimizes the instability caused by route flapping. A penalty is added for every flap in a flapping route. As soon as the total penalty reaches the suppress limit the advertisement of the route is suppressed. This penalty is decayed according to the configured half time value.
Page 583: Bgp Default Ipv4-Unicast
This command configures BGP defaults and activate ipv4-unicast for a peer by default. This affects the BGP global configuration. This is enabled by default. The no form disables this function. The BGP routing process will no longer exchange IPv4 addressing information with BGP neighbor routers. Syntax...
Page 584: Bgp Default Local-Preference
The local preference indicates the preferred path when there are multiple paths to the same destination. The path with the higher preference is preferred. Use this command to define the preference of a particular path. The preference is sent to all routers and access servers in the local autonomous system.
Page 585: Bgp Deterministic Med
BGP would have a group of Route1 and a second group of Route2 and Route3 (the same ASs). The best of each group is compared. Route1 is the best of its group because it is the only route from AS 200. Route1 is compared to the Route2, the best of group AS 400 (the lower MED).
Page 586: Bgp Enforce-First-As
This command specifies that any updates received from an external neighbor that do not have Usage the neighbor’s configured Autonomous System (AS) at the beginning of the AS_PATH in the received update must be denied. Enabling this feature adds to the security of the BGP network by not allowing traffic from unauthorized systems. Examples...
Page 587: Bgp Graceful-Restart
The restart-time parameter is used for setting the maximum time that a graceful-restart Usage neighbor waits to come back up after a restart. This value is applied to all neighbors unless you explicitly override it by configuring the corresponding value on the neighbor.
Page 588: Bgp Log-Neighbor-Changes
If you need to log neighbor status changes only, we recommend turning off all the debug commands and using the bgp log-neighbor-changes command. To see bgp neighbor changes in the log you need to set the log level to informational using the log buffered level information command log buffered (filter) in10 Logging Commands.
Page 589: Bgp Memory Maxallocation
When memory allocated exceed the specified maximum limit, the BGP peering will be terminated with the Cease notification and error sub-code of ’Out of resources’. The default maximum percentage of memory usage for BGP is 100%, i.e. BGP may use all available memory for itself, if it needs to.
Page 590: Bgp Multiple-Instance
BGP Commands bgp multiple-instance Use this command to enable or disable the bgp multiple instance support. Use the no parameter with this command to disable this function. Syntax bgp multiple-instance no bgp multiple-instance No multiple-instance support Default Configure mode Mode...
Page 591: Bgp Rfc1771-Strict
BGP Commands bgp rfc1771-strict Use this command to set the Strict RFC1771 setting. Use the no parameter with this command to revert this setting. Syntax bgp rfc1771-strict no bgp rfc1771-strict Disabled Default Configure mode Mode Examples awplus# configure terminal awplus(config)# bgp rfc1771-strict ©2008 Allied Telesis Inc.
Page 592: Bgp Router-Id
<routerid Specifies the IP address without mask for a manually configured router ID. In case the loopback interface is configured the router-id is set to the IP address of a loopback Default interface. If not, the highest IP address is the router-id.
Page 593: Bgp Scan-Time
Router mode Mode Use this command to configure scanning intervals of BGP routers. This interval is the period Usage after which router checks the validity of the routes in its database. To disable BGP scanning, set the scan time interval to 0 seconds.
Page 594: Clear Bgp
BGP Commands bgp update-delay Use this command to specify the update-delay value for a graceful-restart capable router. Use the no parameter with this command to revert to the default update-delay value. Syntax bgp update-delay <1-3600> no bgp update-delay [<1-3600>] Router mode Mode The default update-delay value is 120 seconds.
Page 595: Clear Bgp A.b.c.d
3.3.3.3 soft in prefix-filter awplus# clear bgp ipv6 2.2.2.2 out clear bgp ASN Use this command to reset the BGP connection for peers in the specified Autonomous System. Syntax clear bgp ASN [<in>|out|<soft>] Parameter Description <1-65535> The AS number for which all routes will be cleared <in>...
Page 596: Clear Bgp External
Examples awplus# clear bgp external soft in awplus# clear bgp external in prefix-filter clear bgp peer-group Use this command to reset the BGP connection for all members of a peer group. Syntax clear bgp peer-group WORD [<in>|out|<soft>] Parameter Description peer-group clears all members of a peer group <in>...
Page 597: Clear Ip Bgp
Mode Examples awplus# clear bgp view instance1 * soft in clear ip bgp * Use this command to reset a BGP connection for all peers. Syntax lear ip bgp * [<in>|out|<soft>] clear ip bgp * ipv4 {<prefix>} {<routes>} Parameter Description...
Page 598: Clear Ip Bgp A.b.c.d
BGP Commands clear ip bgp A.B.C.D Use this command to reset a IPv4 BGP connection for a specific IP address. Syntax clear ip bgp {<A.B.C.D>} [<in>|out|<soft>] clear ip bgp {<A.B.C.D>} ipv4 <prefix> <routes> Parameter Description <A.B.C.D> Specifies the IPv4 address of the BGP route to be cleared...
Page 599: Clear Ip Bgp Dampening
10.10.0.121 awplus# clear ip bgp ipv4 unicast dampening clear ip bgp flap-statistics Use this command to clear the flap count and history duration for all the prefixes under the specified address family. Syntax clear ip bgp flap-statistics [<A.B.C.D>|<A.B.C.D/M>] clear ip bgp ipv4 <prefix>...
Page 600: Clear Ip Bgp Asn
BGP Commands clear ip bgp ASN Use this command to reset a BGP connection for all peers in a specified Autonomous System. Syntax clear ip bgp <asn> [IN|out|SOFT] clear ip bgp <asn> ipv4 <prefix> <routes> Parameter Description ASN <1-65535> Specifies the AS Number for which all routes will be cleared...
Page 601: Clear Ip Bgp External
BGP Commands clear ip bgp external Use this command to reset a BGP connection for all external peers. Syntax clear ip bgp external [<in>|out|<soft>] clear ip bgp external ipv4 <prefix> <routes> Parameter Description external Clears all external peers ipv4 clears all IPv4 address family peers <routes>...
Page 602: Clear Ip Bgp Peer-Group
BGP Commands clear ip bgp peer-group Use this command to reset a BGP connection for all members of a peer group. Syntax clear ip bgp peer-group <word> [<in>|out|<soft>] clear ip bgp peer-group <word> ipv4 <prefix> <routes> Parameter Description peer-group Clears all members of a peer group Specifies the name of the peer group for which all members will be <word>...
Page 603: Clear Ip Bgp View
BGP Commands clear ip bgp view Use this command to reset a BGP IPv4 connection, as well as, to reset the bgp instance for a specified view ( ); use the clear ip bgp command to reset the default instance.
Page 604: Debug Bgp
|<updates>] Parameter Description Used with the no form exclusively; turns off all debugging for BGP dampening Specifies debugging for BGP dampening. events Specifies debugging for BGP events. filters Specifies debugging for BGP filters. Specifies debugging for BGP Finite State Machine (FSM).
Page 605: Distance (Bgp)
EBGP IBGP LOCAL ■ for a specific route by specifying: distance <1-255> A.B.C.D/M (LISTNAME) The no form sets the administrative distance for the route to the default for the route type. distance Syntax <1-255> {A.B.C.D/M} [<listname>] distance bgp...
Page 606 BGP Commands To set BGP 100’s administrative distances for eBGP routes to 34, iBGP routes to 23, and local BGP routes to 15, use the commands: awplus(config)#router bgp 100 awplus(config-router)#distance bgp 34 23 15 exit-address-family Use this command to exit the address family mode.
Page 607: Ip As-Path Access-List
This command defines a BGP Autonomous System (AS) path access list. The named AS path list is a filter based on regular expressions. If the regular expression matches the specified string representing the AS path of the route, then the permit or deny condition applies.
Page 608: Ip Community-List
Use the community-lists to specify BGP community attributes. The community attribute is used Usage for implementing policy routing. It is an optional, transitive attribute and facilitates transfer of local policies through different autonomous systems. It includes community values that are 32 bits long.
Page 609: Ip Community-List Expanded
Use the community-lists to specify BGP community attributes. The community attribute is used Usage for implementing policy routing. It is an optional, transitive attribute and facilitates transfer of local policies through different autonomous systems. It includes community values that are 32 bits long.
Page 610 BGP Commands There are two kinds of community-lists--the expanded and standard. The standard community- list defines the community attributes in a specified format and not with regular expressions. The expanded community-list defines the communities attributes with regular expressions. Examples awplus#...
Page 611: Ip Community-List Standard
The standard community-list is compiled into binary format and is directly compared with the BGP communities attribute in the BGP updates. The comparison is faster than the expanded community-list. Any community value that does not match the standard community value is automatically treated as expanded.
Page 612 CLIST permit 7675:80 7675:90 no-export awplus(config)# ip community-list 34 permit 5675:50 no-advertise ip community-list Related Commands ip extcommunity-list expanded ©2008 Allied Telesis Inc. All rights reserved. 31.46 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 613: Ip Extcommunity-List Expanded
Use this command to create or delete an expanded extended community list. Use the no parameter with this command to delete the extended community-list entry. Regular expressions listed below are used with the ip extcommunity-list expanded command:...
Page 614: Ip Extcommunity-List Standard
<AS:NN> Specifies the valid value for an extcommunity number. This format represents the 32 bit extcommunities value, where AA is the high order 16 bits and NN is the low order 16 bits in digit format. Configure mode Mode Examples...
Page 615: Neighbor Activate
Router mode and Address Family [ipv4 unicast | ipv4 multicast | vpnv4 unicast] mode Mode After the TCP connection is opened with the neighbor, this command is used to enable or Usage disable the exchange of the specified AF information with a neighboring router.
Page 616: Neighbor Advertisement-Interval
Use this command to set the minimum interval between the sending of BGP routing updates. Usage To reduce the flapping of routes to internet, a minimum advertisement interval is set, so that the BGP routing updates are sent only per interval seconds. BGP dampening can also be used to control the effects of flapping routes.
Page 617: Neighbor Allowas-In
One of the VRFs receives prefixes with ASNs from all PE routers and then advertises them to neighboring PE routers. The other VRF receives prefixes with ASNs from the CE router and re-advertises them to all PE routers in the hub and spoke configuration.
Page 618: Neighbor As-Origination-Interval
BGP Commands neighbor as-origination-interval Use this command to adjust the interval of sending AS origination routing updates. Use the no negation parameter with this command to disable this feature. Syntax neighbor <neighbor_address> as-origination-interval <time> neighbor <neighbor_address> as-origination-interval no neighbor <neighbor_address> as-origination-interval...
Page 619: Neighbor Attribute-Unchanged
AS path attribute next-hop Next hop attribute Multi Exit Discriminator Router mode and Address Family [ipv4 unicast | ipv4 multicast | vpnv4 unicast] mode Mode Example awplus# configure terminal awplus(config)# router bgp 10 awplus(config-router)# neighbor 10.10.0.75 attribute-unchanged as-...
Page 620: Neighbor Capability Dynamic
Disabled Default Router mode Mode This command allows a BGP speaker to advertise or withdraw an address family capability to a Usage peer in a non-disruptive manner. Examples awplus# configure terminal...
Page 621: Neighbor Capability Graceful-Restart
Use this command to configure the router to advertise the Graceful Restart Capability to the neighbors. Use the no parameter with this command to configure router so it does not advertise the Graceful Restart Capability to its neighbor. neighbor...
Page 622: Neighbor Capability Orf Prefix-List
ORF capability in receive mode applying the filter as outbound policy. The two routers exchange updates to maintain the ORF for each router. Only an individual router or a peer- group can be configured to be in receive or send mode. A peer-group member cannot be configured to be in receive or send mode.
Page 623: Neighbor Capability Route-Refresh
Router mode Mode Use this command to advertise to peer about route refresh capability support. If route refresh Usage capability is supported, then router can dynamically request that the peer readvertises its Adj-RIB-Out.
Page 624: Neighbor Collide-Established
Router mode Mode This command must be used only when specially required. It is not required in most network Usage deployments. The associated functionality of including an 'established' neighbor into TCP connection ■...
Page 625: Neighbor Default-Originate
BGP Commands neighbor default-originate Use this command to allow a BGP local router to send the default route 0.0.0.0 to a neighbor for use as a default route. Use the no parameter with this command to send no route as a default.
Page 626: Neighbor Description
BGP Commands neighbor description Use this command to associate a description with a neighbor. Use the no parameter with this command to remove the description. neighbor description Syntax <neighborid> <description> no neighbor description <neighborid> [<description>] Parameter Description <neighborid> {A.B.C.D|TAG} A.B.C.D Specifies the address of the BGP neighbor in IPv4 format.
Page 627: Neighbor Distribute-List
BGP Commands neighbor distribute-list This command filters route update from a particular BGP neighbor using an access control list. You can add one distribute-list for each BGP neighbor. The no form removes a distribute-list. neighbor distribute-list Syntax <neighborid> <access-list> {...
Page 628: Neighbor Dont-Capability-Negotiate
BGP Commands neighbor dont-capability-negotiate Use this command to disable capability negotiation. The capability negotiation is performed by default. This command is used to allow compatibility with older BGP versions that have no capability parameters used in open messages between peers.
Page 629: Neighbor Ebgp-Multihop
Use this command to accept and attempt BGP connections to external peers on indirectly connected networks. The switch will not establish a connection to a multihop neighbor, if the only route to the multihop peer is a default route. Use the no parameter with this command to return to the default.
Page 630: Neighbor Enforce-Multihop
BGP Commands neighbor enforce-multihop Use this command to enforce the requirement that BGP neighbors form multihop connections. Use the no parameter with this command to turn off this feature. Syntax neighbor <neighborid> enforce-multihop no neighbor <neighborid> enforce-multihop Parameter Description <neighborid>...
Page 631: Neighbor Filter-List
BGP Commands neighbor filter-list This command creates a BGP filter using access control lists. This command specifies an access list, which it then applies to filter updates to and from a BGP neighbor. The no form removes the specified filter.
Page 632: Neighbor Interface
Use this command to configure the interface name of a BGP-speaking neighbor. Syntax neighbor <ipaddr> interface <ifname> no neighbor <ipaddr> interface <ifname> Parameter Description Specifies the IPv4 address of the BGP neighbor - entered in dotted decimal <ipaddr> notation. Specifies the interface name of BGP neighbor. <ifname> Router mode...
Page 633: Neighbor Maximum-Prefix
BGP router is allowed to receive from a neighbor. When the warning-only option is not used, if any extra prefixes are received, the router ends the peering. A terminated peer, stays down until the clear ip bgp command is used.
Page 634: Neighbor Next-Hop-Self
Router mode and Address Family [ipv4 unicast | ipv4 multicast | vpnv4 unicast] mode Mode This command allows a BGP router to change the nexthop information that is sent to the iBGP Usage peer. The nexthop information is set to the IP address of the interface used to communicate with the neighbor.
Page 635: Neighbor Override-Capability
BGP Commands neighbor override-capability Use this command to override a capability negotiation result. Use the no parameter with this command to disable this function neighbor override-capability Syntax <neighborid> no neighbor override-capability <neighborid> Parameter Description <neighborid> {A.B.C.D|TAG} Specifies the address of the BGP neighbor in IPv4 format.
Page 636: Neighbor Passive
When BGP gateways become neighbors, one is the active neighbor and the other is the passive neighbor. When they are not in the established state an active gateway is one that can initiate a neighbor relationship, whilst the passive gateway is only able to accept inbound connections.
Page 637: Neighbor Peer-Group (Adding A Neighbor)
Router mode and Address Family [ipv4 unicast | ipv4 multicast ] mode Mode Use this command to add Neighbors with the same update policies are grouped into peer Usage groups. This facilitates the updates of various policies, such as, distribute and filter lists. The peer-group is then configured easily with any of the neighbor commands.
Page 638: Neighbor Peer-Group (Creating A Peer-Group)
Usage updates of various policies, such as, distribute and filter lists. The peer-group is then configured easily with any of the neighbor commands. Any changes made to the peer group affect all members. Use this command to create a peer-group.
Page 639: Neighbor Port
BGP Commands neighbor port Use this command to specify the TCP port to which packets are sent to on a neighbor. neighbor port Syntax <neighborid> <portnum> no neighbor port <neighborid> [<portnum>] Parameter Description <neighborid> {A.B.C.D|TAG} A.B.C.D Specifies the address of the BGP neighbor in IPv4 format.
Page 640: Neighbor Prefix-List
Usage matches the prefixes of routes with those listed in the prefix list. If there is a match, the route is used. An empty prefix list permits all prefixes. If a given prefix does not match any entries of a prefix list, the route is denied access.
Page 641: Neighbor Remote-As
BGP Commands neighbor remote-as Use this command to configure an internal or external BGP (iBGP or eBGP) TCP session with another router. Use the no parameter with this command to remove a previously configured BGP TCP session. neighbor remote-as Syntax <neighborid>...
Page 642: Neighbor Remove-Private-As
The private AS numbers range from <64512-65535>. Private AS numbers are not advertised Usage to the Internet. This command is used with external BGP peers only. The router removes the AS numbers only if the update includes private AS numbers. If the update includes both private and public AS numbers, the system treats it as an error.
Page 643: Neighbor Restart-Time
BGP Commands neighbor restart-time Use this command to set a different restart-time other than the global restart-time configured using the bgp graceful-restart command. Use the no parameter with this command to restore the router to its default state. neighbor restart-time Syntax <neighborid>...
Page 644: Neighbor Route-Map
Router mode and Address Family [ipv4 unicast | ipv4 multicast | vpnv4 unicast] mode Mode Use neighbor route-map command to filter updates and modify attributes. A route map is Usage applied to inbound or outbound updates. Only the routes that pass the route map are sent or accepted in updates. route-map Related Commands...
Page 645: Neighbor Route-Reflector-Client
BGP Commands neighbor route-reflector-client Use this command to configure the router as a BGP route reflector and configure the specified neighbor as its client. Use the no parameter with this command to indicate that the neighbor is not a client.
Page 646: Neighbor Route-Server-Client
31.75. When this parameter is used with a command, the command applies on all peers in the specified group. Router mode and Address Family [ipv4 unicast | ipv4 multicast | vpnv4 unicast] mode Mode Examples awplus#...
Page 647: Neighbor Send-Community
BGP Commands neighbor send-community Use this command to specify that a community attribute should be sent to a BGP neighbor. Use the no parameter with this command to remove the entry. Use the extended and no parameters to remove extended communities. Specifying no other parameter with no removes standard communities only.
Page 648: Neighbor Shutdown
31.75. When this parameter is used with a command, the command applies on all peers in the specified group. Router mode Mode This command shuts down any active session for the specified neighbor and clears all related Usage routing data. Examples awplus#...
Page 649: Neighbor Soft-Reconfiguration Inbound
Use this command to store updates for inbound soft reconfiguration. Soft-reconfiguration may Usage be used in lieu of BGP route refresh capability. Using this command enables local storage of all the received routes and their attributes. This requires additional memory. When a soft reset (inbound) is done on this neighbor, the locally stored routes are re-processed according to the inbound policy.
Page 650: Neighbor Strict-Capability-Match
BGP Commands neighbor strict-capability-match Use this command to close the BGP connection if capability value does not completely match to remote peer. Use the no parameter with this command to disable this function neighbor strict-capability-match Syntax <neighborid> no neighbor strict-capability-match <neighborid>...
Page 651: Neighbor Timers
The keepalive interval is the period of time between each keepalive message sent by the router. The holdtime interval is the time the router waits to receive a keepalive message and if it does not receive a message for this period it declares the neighbor dead.
Page 652: Neighbor Transparent-As
BGP Commands neighbor transparent-as Use this command to specify not to append your AS path number even if the peer is an eBGP peer. neighbor transparent-as Syntax <neighborid> Parameter Description <neighborid> {A.B.C.D|TAG} A.B.C.D Specifies the address of the BGP neighbor in IPv4 format.
Page 653: Neighbor Unsuppress-Map
Router mode and Address Family [ipv4 unicast|ipv4 multicast] mode Mode When the aggregate-address command is used with the summary-only option, the more- Usage specific routes of the aggregate are suppressed to all neighbors. Use the unsuppress-map command to selectively leak more-specific routes to a particular neighbor. Example awplus#...
Page 654: Neighbor Update-Source
Use this command in conjunction with any specified interface on the router. The loopback Usage interface is the interface that is most commonly used with this command. The use of loopback interface eliminates a dependency and BGP does not have to rely on the availability of a particular interface for making TCP connections.
Page 655: Neighbor Version
BGP Commands neighbor version Use this command to configure the AlliedWare Plus software to accept only a particular BGP version. Use the no parameter with this command to use the default version level of a neighbor. neighbor version Syntax <neighborid>...
Page 656: Neighbor Weight
<weight> Router mode Mode Use this command to specify a weight value to all routes learned from a neighbor. The route Usage with the highest weight gets preference when there are other routes on the network. Unlike the local-preference attribute, the weight attribute is relevant only to the local router.
Page 657 Use this command to specify the networks to be advertised by the BGP routing process. A unicast network address without a mask is accepted if it falls into the natural boundary of its class. A class-boundary mask is derived if the address matches its natural class-boundary.
Page 658: Network Synchronization
BGP Commands network synchronization Use this command to ensure the exact same static network prefix, specified through any of the < > network prefix commands, is local or has IGP reachability (in the NSM RIB) before being introduced into the BGP RIB.
Page 659 IGP (for example, OSPF). Synchronization may be enabled when all the routers in an autonomous system do not speak BGP, and the autonomous system is a transit for other autonomous systems. The...
Page 660: Redistribute Route-Map
Redistribution is used by routing protocols to advertise routes that are learned by some other Usage means, such as by another routing protocol or by static routes. Since all internal routes are dumped into BGP, careful filtering is applied to make sure that only routes to be advertised reach the internet, not everything.
Page 661: Restart Bgp Graceful
This command stops the whole BGP process and makes AlliedWare Plus retain the BGP Usage routes and mark them as stale. Receiving BGP speakers, retain and mark as stale all BGP routes received from the restarting speaker for all the address families received in the Graceful Restart Capability exchange.
Page 662: Router Bgp
Parameter Description <1-65525> Specifies the Autonomous System (AS) number. Configure mode Mode The router bgp command enables a BGP routing process so you can setup a route server: Usage router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.2 remote-as 3 router bgp 2 neighbor 10.0.0.3 remote-as 4...
Page 663: Router Bgp View
BGP Commands router bgp view Use this command to create a named BGP view. BGP views can have the same or different Autonomous System (AS) number. BGP view is only for exchanging BGP routing information. Use the no parameter with this command to disable a named BGP view.
Page 664: Show Bgp
Parameter Description A.B.C.D/M Specifies the address and subnet. <ipaddress> unicast|multicast <prefix> unicast Specifies a unicast address family. Unicast is the default option. multicast Specifies a multicast address family. Privileged Exec mode and Exec mode Mode Examples awplus# show bgp multicast 192.168.10.0/8 show bgp community Use this command to display routes matching the communities.
Page 665: Show Bgp Community-List
Specifies a multicast address family. Privileged Exec mode and Exec mode Mode Examples awplus# show bgp community-list mylist exact-match show bgp dampening Use this command to display detailed information about dampening in IPV4 environments. Syntax <prefix> show bgp dampening dampened-paths|flap-statistics| parameters Parameter...
Page 666: Show Bgp Filter-List
BGP Commands show bgp filter-list Use this command to display routes conforming to the filter-list. Syntax show bgp filter-list <listname> show bgp <prefix> filter-list <listname> Parameter Description < Specifies the regular-expression access list name. listname> unicast|multicast <prefix> unicast Specifies a unicast address family. Unicast is the default option.
Page 667: Show Bgp Neighbors
BGP Commands show bgp neighbors Use this command to display detailed information on TCP and BGP neighbor connections. Syntax show bgp neighbors [<ipaddress> [advertised-routes|<received>| received-routes|routes]] <prefix> show bgp neighbors [<ipaddress> [advertised-routes| <received>|received-routes|routes]] Parameter Description A.B.C.D <ipaddress> Specifies the IP address of the neighbor for which information is displayed.
Page 668: Show Bgp Memory Maxallocation
Memory information maxallocation Maximum percentage of RAM allocated to daemons Privileged Exec Mode Mode To display the the maximum amount of memory BGP may allocate for its routing management, Example use the command: awplus# show bgp memory maxallocation BGP maximum RAM allocation is 100% show bgp paths Use this command to display BGP path information.
Page 669: Show Bgp Prefix-List
Privileged Exec mode and Exec mode Mode Example show bgp prefix-list mylist show bgp quote-regexp Use this command to display routes matching the AS path regular expression in quotes. Syntax show bgp quote-regexp <word> show bgp <prefix> quote-regexp <word> Parameter...
Page 670: Show Bgp Regexp
BGP Commands show bgp regexp Use this command to display routes matching the AS path regular expression. <expression> Syntax show bgp regexp <prefix> <expression> show bgp regexp Parameter Description <expression> Specifies a regular-expression to match the BGP AS paths. unicast|multicast <prefix>...
Page 671: Show Bgp Summary
BGP Commands show bgp summary Use this command to display a summary of BGP neighbor status. Syntax show bgp summary <prefix> show bgp summary Parameter Description <prefix> unicast|multicast unicast Specifies a unicast address family. Unicast is the default option. multicast Specifies a multicast address family.
Page 672: Show Debugging Bgp
Use this command to display the BGP debugging option set. To modify the lines displayed, use the | (output modifier token) ; to save the output to a file use the > output redirection token. . show debugging bgp...
Page 673: Show Ip Bgp
Specifies a IPv4 unicast address family. This is the default option. multicast Specifies a IPv4 multicast address family. Privileged Exec mode and Exec mode Mode This is a sample output from the show ip bgp command displaying BGP network Usage information. awplus# show ip bgp BGP table version is 7, local router ID is 80.80.80.80...
Page 674: Show Ip Bgp Attribute-Info
Use this command to show internal attribute hash information. show ip bgp attribute-info Syntax Privileged Exec mode and Exec mode Mode This is a sample output from the show ip bgp attribute-info command displaying internal Usage attribute information. awplus# show ip bgp attribute-info attr[1] nexthop 0.0.0.0...
Page 675: Show Ip Bgp Cidr-Only
Use this command to display routes with non-natural network masks. To modify the lines displayed, use the | (output modifier token) ; to save the output to a file use the > output redirection token. show ip bgp cidr-only Syntax show ip bgp ipv4 <prefix>...
Page 676: Show Ip Bgp Community
Use this command to display routes matching the communities. To modify the lines displayed, use the | (output modifier token) ; to save the output to a file use the > output redirection token. show ip bgp community <type>...
Page 677: Show Ip Bgp Community-List
Use this command to display routes that match the community-list. To modify the lines displayed, use the | (output modifier token) ; to save the output to a file use the > output redirection token. show ip bgp community-list <listname...
Page 678: Show Ip Bgp Dampening
: 11999 Min penalty (floor) : 375 The following sample output is showing that the internal route (i), has flapped 3 times and is now categorized as history (h). awplus#show ip bgp dampening flap-statistics BGP table version is 1, local router ID is 30.30.30.77 Status codes: s suppressed, d damped, h history, * valid, >...
Page 679: Show Ip Bgp Filter-List
BGP table version is 1, local router ID is 30.30.30.77 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,S Stale Origin codes: i - IGP, e - EGP, ? - incomplete...
Page 680: Show Ip Bgp Inconsistent-As
To modify the lines displayed, use the | (output modifier token) ; to save the output to a file use the > output redirection token.
Page 681: Show Ip Bgp Neighbors
BGP Commands show ip bgp neighbors Use this command to display detailed information on TCP and BGP neighbor connections. show ip bgp neighbors advertised-routes <received> received-routes Syntax [<ipaddr> [ routes show ip bgp ipv4 <prefix> neighbors advertised-routes <received> [<ipaddr> [...
Page 682: Show Ip Bgp Paths
Syntax show ip bgp ipv4 <prefix> paths Parameter Description ipv4 Specifies the address family. The type of address family determines the routing table that is displayed. <prefix> {multicast|unicast} unicast Specifies a IPv4 unicast address family. This is the default option.
Page 683: Show Ip Bgp Prefix-List
Privileged Exec mode and Exec mode Mode Examples awplus# show ip bgp prefix-list mylist show ip bgp regexp Use this command to display routes matching the AS path regular expression. < show ip bgp regexp Syntax expression> < show ip bgp ipv4 <prefix> regexp expression>...
Page 684: Show Ip Bgp Route-Map
BGP Commands show ip bgp route-map Use this command to display routes that match the specified route-map. show ip bgp route-map <route-map> Syntax show ip bgp ipv4 <prefix> route-map <route-map> Parameter Description Specifies a route-map that is matched. <route-map> ipv4 Specifies the address family.
Page 685: Show Ip Bgp Summary
Specifies a IPv4 multicast address family. Privileged Exec mode and Exec mode Mode This is a sample output from the show ip bgp summary command displaying a summary Usage of BGP neighbor status. awplus# show ip bgp summary BGP router identifier 10.10.15.50, local AS number 65000...
Page 686: Show Ip Bgp View
I2 BGP table version is 0, local router ID is 10.10.10.50 Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete...
Page 687: Show Ip Bgp View Neighbors
Mode Usage awplus#show ip bgp view I2 neighbors BGP neighbor is 10.10.10.52, remote AS 10, local AS 10, internal link BGP version 4, remote router ID 10.10.10.52 BGP state = Established, up for 00:03:22 Last read 00:00:13, hold time is 90, keepalive interval 30 seconds...
Page 688: Show Ip Bgp View Summary
BGP Commands show ip bgp view summary Use this command to view the summary data of neighbors of the given instance. show ip bgp view summary Syntax <instance> show ip bgp view ipv4 unicast multicast summary <instance> Parameter Description the name of the instance to display data for.
Page 689: Show Ip Community-List
Use this command to display routes that match a specified community-list name or number. To modify the lines displayed, use the | (output modifier token) ; to save the output to a file use the > output redirection token.
Page 690: Show Ip Protocols
<0-65535> The interval after which the neighbor is considered dead if keepalive messages are not received. The default holdtime value is 180 seconds. Router mode Mode This command is used globally to set or unset the keepalive and holdtime values for all the Usage neighbors. Examples awplus#...
Page 691: Undebug Bgp
BGP Commands undebug bgp Use this command to disable BGP debugging functions. undebug bgp dampening events filters keepalives updates Syntax undebug all bgp Parameter Description Disable all debugging for BGP dampening Disable debugging for BGP dampening. events Disable debugging for BGP events.
Page 693: 32 Route Map Commands
32.27 set originator-id..............................32.28 set tag ..................................32.29 set weight ................................32.30 show route-map............................... 32.31 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 694: Introduction
AS path access list. Each entry of a route map can only match against one AS path access list in one AS path match clause. If the route map entry already has an AS path match clause, entering this command replaces that match clause with the new clause.
Page 695: Match Community
A BGP update message matches the route map if its attributes include community values that match the community list. Each entry of a route map can only match against one community list in one community match clause. If the route map entry already has a community match clause, entering this command replaces that match clause with the new clause.
Page 696: Match Interface
A route matches the route map if its interface matches the interface name. Each entry of a route map can only match against one interface in one interface match clause. If the route map entry already has an interface match clause, entering this command replaces that match clause with the new clause.
Page 697: Match Ip Address
Route Map Commands match ip address Use this command to add an IP address prefix match clause to a route map entry. You can specify the prefix or prefixes to match by either: ■ specifying the name of an access list. To create the access list, enter Global Configuration mode and use the access-list command.
Page 698 Route Map Commands access-list (extended) Related Commands access-list (standard) ip prefix-list route-map show ip access-list show route-map ©2008 Allied Telesis Inc. All rights reserved. 32.6 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 699: Match Ip Next-Hop
Route Map Commands match ip next-hop Use this command to add a next-hop match clause to a route map entry. You can specify the next hop to match by either: ■ specifying the name of an access list. To create the access list, enter Global Configuration mode and use the access-list command.
Page 700 Route Map Commands To add entry 3 to the route map called “mymap”, which will process routes whose next hop matches the prefix list called “list1”, use the commands: awplus(config)#route-map mymap permit 3 awplus(config-route-map)#match ip next-hop prefix-list list1 access-list (extended)
Page 701: Match Metric
Route Map Commands match metric Use this command to add a metric match clause to a route map entry. Specify the metric value to match. A route matches the route map if its metric matches the route map’s metric. A BGP update message matches the route map if its MED attribute value matches the route map’s metric.
Page 702: Match Origin
A BGP update message matches the route map if its origin attribute value matches the route map’s origin value. Each entry of a route map can only match against one origin in one origin match clause. If the route map entry already has an origin match clause, entering this command replaces that match clause with the new clause.
Page 703: Match Route-Type
An OSPF route matches the route map if its route type matches the route map’s route type. Each entry of a route map can only match against one route type in one match clause. If the route map entry already has a route type match clause, entering this command replaces that match clause with the new clause.
Page 704: Match Tag
Routes can be tagged through OSPF commands or through another route map’s set clause. Each entry of a route map can only match against one tag in one match clause. If the route map entry already has a tag match clause, entering this command replaces that match clause with the new clause.
Page 705 If it finds a match on a route map with an action of permit, then it applies any set clauses and accepts the route. If other entries for that route map exist, it then checks the next entry. When there are no more entries, it finishes.
Page 706 Route Map Commands If it finds a match on a route map with an action of deny, and other entries for that route map exist, then it checks the next entry. If the route or update message matches a later entry with a permit action, it will be accepted.
Page 707: Set Aggregator
Mode This command is valid for BGP update messages only. Usage To use entry 3 of the route map called “myroute” to set the aggregator attribute to 43 Examples 10.10.0.3 in matching update messages, use the commands: awplus(config)#route-map myroute permit 3 awplus(config-route-map)#set aggregator as 43 10.10.0.3...
Page 708: Set As-Path
Mode This command is valid for BGP update messages only. Usage To use entry 3 of the route map called “myroute” to prepend ASN 8 and 24 to the AS path of Examples matching update messages, use the commands: awplus(config)#route-map myroute permit 3...
Page 709: Set Atomic-Aggregate
Route-map mode Mode This command is valid for BGP update messages only. Usage To use entry 3 of the route map called “rmap1” to add the atomic aggregator attribute to Examples matching update messages, use the commands: awplus(config)#route-map rmap1 permit 3...
Page 710: Set Comm-List Delete
Mode This command is valid for BGP update messages only. Usage To use entry 3 of the route map called “myroute” to delete the communities in community list Examples 34 from matching update messages, use the commands: awplus(config)#route-map myroute permit 3...
Page 711: Set Community
Route-map mode Mode This command is valid for BGP update messages only. Usage To use entry 3 of the route map called “rmap1” to put matching routes into the no-advertise Examples community, use the commands: awplus(config)#route-map rmap1 permit 3 awplus(config-route-map)#set community no-advertise ©2008 Allied Telesis Inc.
Page 712 Route Map Commands To use entry 3 of the route map called “rmap1” to put matching routes into several communities, use the commands: awplus(config)#route-map rmap1 permit 3 awplus(config-route-map)#set community 10:01 23:34 12:14 no-export match community Related Commands route-map set aggregator...
Page 713: Set Dampening
Route Map Commands set dampening Use this command to add a route flap dampening set clause to a route map entry. Also use the route map by specifying it in the command bgp dampening route-map <name>. When a route matches the route map entry, the device enables route flap dampening for that route.
Page 714 Route Map Commands To use entry 24 of the route map called “R1” to enable dampening of matching routes and set Example the dampening parameters, use the commands: awplus(config)#route-map R1 permit 24 awplus(config-route-map)#set dampening 20 333 534 30 bgp dampening...
Page 715: Set Extcommunity
Route Map Commands set extcommunity Use this command to add an extended community set clause to a route map entry. A route map entry can have a route target extended community set clause, a site-of-origin extended community set clause, or both.
Page 716: Set Ip Next-Hop
Mode This command is valid for BGP update messages, and OSPF and RIP routes. Usage To use entry 3 of the route map called “mymap” to give matching routes a next hop of Examples 10.10.0.67, use the commands: awplus(config)#route-map mymap permit 3 awplus(config-route-map)#set ip next-hop 10.10.0.67...
Page 717: Set Metric
MED values in update messages from peers in the same AS. This command is valid for BGP update messages, and OSPF and RIP routes. To use entry 3 of the route map called “rmap1” to give matching routes a metric of 600, use Examples...
Page 718: Set Metric-Type
Use this command to add a metric-type set clause to a route map entry. When a route matches the route map entry, the device sets its route type to the specified value. Use the no parameter to remove the set clause.
Page 719: Set Origin
Route-map mode Mode This command is valid for BGP update messages only. Usage To use entry 3 of the route map called “rmap1” to give matching update messages an origin of Examples “egp”, use the commands: awplus(config)#route-map rmap1 permit 3...
Page 720: Set Originator-Id
Use this command to add an originator ID set clause to a route map entry. The originator ID is the router ID of the IBGP peer that first learned this route, either via an EBGP peer or by some other means such as importing it.
Page 721: Set Tag
Route-map mode Mode This command is valid only when redistributing routes into OSPF. Usage To use entry 3 of the route map called “rmap1” to tag matching routes with the number 6, use Examples the commands: awplus(config)#route-map rmap1 permit 3...
Page 722: Set Weight
Route-map mode Mode This command is valid for BGP routes only. Usage To use entry 3 of the route map called “rmap1” to give matching routes a weight of 60, use the Examples commands: awplus(config)#route-map rmap1 permit 3 awplus(config-route-map)#set weight 60...
Page 723 Route Map Commands show route-map Use this command to display information about one or all route maps. show route-map Syntax <map_name> Parameter Description <map_name> A name to identify the route map Exec and Privileged Exec mode Mode Figure 32-1: Example output from the...
Page 725 Multicast Reference This part includes the following chapters: Chapter 33, IGMP Snooping Configuration ■ ■ Chapter 34, IGMP Multicast Commands ■ Chapter 35, Common Multicast Commands ■ Chapter 36, PIM-SM Configuration Chapter 37, PIM-SM Commands ■...
Page 727: 33 Igmp Snooping Configuration
33 IGMP Snooping Configuration Introduction................................33.2 Configuring Switch 1............................33.3 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 33.1...
Page 728: Introduction
IGMP Snooping Configuration Introduction This chapter provides steps to configure Internet Group Management Protocol (IGMP) snooping. To see details on the commands used in this example, or to see the outputs of the validation commands, refer to Chapter 34, IGMP Multicast Commands.
Page 729: Configuring Switch 1
IGMP Snooping Configuration Configuring Switch 1 In this example, the ports are all part of the same VLAN and IGMP snooping is enabled. The switch is running RSTP. This is the default behavior of devices running the AlliedWare Plus OS, so this example does not describe how to configure RSTP or add the switch ports to a VLAN.
Page 731: 34 Igmp Multicast Commands
34.24 show ip igmp interface..........................34.25 show ip igmp snooping mrouter......................34.26 show ip igmp snooping routermode ....................34.27 show ip igmp snooping statistics ......................34.28 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved.
Page 732: Introduction
IGMP Snooping functionality. Some of the following commands may have commonalities and restrictions: these are described under the Usage section for each command. clear ip igmp Use this command to clear all IGMP group membership records on all interfaces. clear ip igmp Syntax...
Page 733: Clear Ip Igmp Group
This command applies to groups learned by IGMP, IGMP Snooping, or IGMP Proxy. In addition Usage to the group, an interface can be specified. Specifying this will mean that only entries with the group learnt on the interface will be deleted.
Page 734: Debug Igmp
IGMP Multicast Commands debug igmp Use this command to enable debugging of all IGMP, or a specific component of IGMP. Use the no parameter with this command to disable all IGMP debugging, or debugging of a specific component of IGMP. debug igmp...
Page 735: Ip Igmp Access-Group
IGMP Multicast Commands ip igmp access-group This command adds an access control list to an interface. This is used to control and filter the multicast groups learnt on the interface. This command applies to interfaces configured for IGMP, IGMP Snooping, or IGMP Proxy.
Page 736: Ip Igmp Immediate-Leave
IGMP Multicast Commands ip igmp immediate-leave In IGMP version 2, use this command to minimize the leave latency of IGMP memberships for specified multicast groups. To disable this feature, use the no parameter with this command. ip igmp immediate-leave group-list Syntax <accesslist>...
Page 737: Ip Igmp Last-Member-Query-Count
IGMP Multicast Commands ip igmp last-member-query-count Use this command to set the last-member query-count value. To return to the default value on an interface, use the no parameter with this command. ip igmp last-member-query-count Syntax <2-7> no ip igmp last-member-query-count...
Page 738: Ip Igmp Last-Member-Query-Interval
Use this command to configure the frequency at which the router sends IGMP group-specific host query messages. To set this frequency to the default value, use the no parameter with this command. ip igmp last-member-query-interval Syntax <interval>...
Page 739: Ip Igmp Limit
Use this command to configure the limit on the maximum number of group membership entries for the device as a whole or for the specified interface (if in interface mode). Once the specified number of group memberships is reached, all further membership reports will be ignored.
Page 740: Ip Igmp Mroute-Proxy
IGMP Multicast Commands ip igmp mroute-proxy Use this command to enable IGMP mroute proxy on this downstream interface and associate it with the upstream proxy service interface. Use the no parameter with this command to remove the association with the proxy-service interface.
Page 741: Ip Igmp Proxy-Service
All associated downstream IGMP mroute proxy interfaces on this device will have their memberships consolidated on this proxy service interface, according to IGMP host-side functionality. Use the no parameter with this command to remove the designation of the interface as an upstream proxy-service interface. ip igmp proxy-service...
Page 742: Ip Igmp Querier-Timeout
IGMP Multicast Commands ip igmp querier-timeout Use this command to configure the timeout period before the device takes over as the querier for the interface after the previous querier has stopped querying. To restore the default value, use the no parameter with this command.
Page 743: Ip Igmp Query-Interval
This command applies to interfaces configured for IGMP. Note that the IGMP query interval Usage must be set to a greater value than the IGP query max response time. For example, if the IGMP query max response time is set to 1 second then the IGMP query interval must be set to at least 2 seconds.
Page 744: Ip Igmp Query-Max-Response-Time
8 ip igmp robustness-variable Use this command to change the robustness variable value on an interface. To return to the default value on an interface, use the no parameter with this command. ip igmp robustness-variable Syntax <2-7>...
Page 745: Ip Igmp Snooping
Use this command to enable IGMP Snooping. When this command is given in the Global Config mode, IGMP Snooping is enabled at the switch level. When this command is given at the VLAN interface level, IGMP Snooping is enabled for that VLAN.
Page 746: Ip Igmp Snooping Mrouter
Use this command to statically configure the specified port in the VLAN as a multicast router port for IGMP Snooping in that VLAN. Use the no parameter with this command to remove the static configuration of the port as a multicast router port.
Page 747: Ip Igmp Snooping Querier
IGMP querier for faster network convergence. It does not start, or automatically cease, the IGMP Querier operation if it detects query message(s) from a multicast router. It restarts as the IGMP Snooping querier if no queries are seen within the other querier interval. Example awplus#...
Page 748: Ip Igmp Snooping Report-Suppression
Syntax no ip igmp snooping report-suppression Interface mode for VLAN interface Mode Report suppression does not apply to IGMPv3, and is turned on by default for IGMPv1 and Default IGMPv2 reports. This command can only be configured on VLAN interfaces.
Page 749: Ip Igmp Snooping Routermode
(all multicast addresses, default multicast addresses, specified multicast addresses). Use the no parameter with this command to reset ip igmp snooping routermode to the default. You can also remove a specified IP address from a custom list of multicast addresses. ip igmp snooping routermode {all|default|ip|multicastrouter|address <...
Page 750: Ip Igmp Ssm-Map Enable
IGMP Multicast Commands ip igmp ssm-map enable Use this command to enable Source Specific Mapping (SSM) on the device. Use the no parameter with this command to disable SSM mapping. ip igmp ssm-map enable Syntax no ip igmp ssm-map enable...
Page 751: Ip Igmp Ssm-Map Static
IGMP Multicast Commands ip igmp ssm-map static Use this command to specify the static mode of defining SSM mapping. SSM mapping statically assigns sources to IGMPv1 and IGMPv2 groups to translate such (*,G) groups’ memberships to (S,G) memberships for use with PIM-SSM.
Page 752: Ip Igmp Static-Group
(e.g., sa3), or an LACP channel group (e.g., po4). Interface mode Mode This command applies to IGMP operation on a specific interface to statically add group and/or Usage source records; or to IGMP Snooping on a VLAN interface to statically add group and/or source records.
Page 753: Ip Igmp Version
IGMP Multicast Commands ip igmp version Use this command to set the current IGMP version (IGMP version 1, 2 or 3) on an interface. To return to the default version, use the no parameter with this command. ip igmp version Syntax <1-3>...
Page 754: Show Ip Igmp Groups
IGMP Multicast Commands show ip igmp groups Use this command to display the multicast groups with receivers directly connected to the router, and learned through IGMP. show ip igmp groups detail Syntax [A.B.C.D|<interface> Parameter Description Address of the multicast group.
Page 755: Show Ip Igmp Interface
IGMP Multicast Commands show ip igmp interface Use this command to display the state of IGMP, IGMP Proxy service, and IGMP Snooping for a specified interface, or all interfaces. IGMP is shown as Active or Disabled in the show output.
Page 756: Show Ip Igmp Snooping Mrouter
IGMP Multicast Commands show ip igmp snooping mrouter Use this command to display the multicast router ports, both static and dynamic, in a VLAN. show ip igmp snooping mrouter interface Syntax <interface> Parameter Description The name of the VLAN interface <interface>...
Page 757: Show Ip Igmp Snooping Routermode
IGMP Multicast Commands show ip igmp snooping routermode Use this command display the current routermode and the list of IP addresses set as router multicast addresses from the ip igmp snooping routermode command. show ip igmp snooping routermode Syntax Exec mode and Privileged Exec mode...
Page 758: Show Ip Igmp Snooping Statistics
IGMP Multicast Commands show ip igmp snooping statistics Use this command to display IGMP Snooping statistics data. show ip igmp snooping statistics interface Syntax <interface>E Parameter Description The name of the VLAN interface <interface> Exec and Privileged Exec mode Mode The following displays IGMPv3 statistical information for VLAN 1.
Page 759: 35 Common Multicast Commands
...................................35.7 show ip mroute ..............................35.8 show ip mvif................................ 35.10 show ip rpf................................35.10 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 760: Introduction
When this command is used, the Multicast Routing Information Base (MRIB) clears the Usage multicast route entries in its multicast route table, and removes the entries from the multicast forwarder. The MRIB sends a “clear” message to the multicast protocols. Each multicast protocol has its own “clear”...
Page 761: Debug Nsm Mcast
Common Multicast Commands debug nsm mcast Use this command to debug events in the Multicast Routing Information Base (MRIB). Syntax debug nsm mcast {all|fib-msg|mrt|mtrace|mtrace-detail|register|stats| vif} Parameter Description All IPv4 multicast debugging. fib-msg Forwarding Information Base (FIB) messages. Multicast routes. mtrace Multicast traceroute.
Page 762: Ip Mroute
Common Multicast Commands ip mroute Use this command to create a multicast static route. Use the no form of this command to delete the route. Multicast static routes are unicast routes which allow multicast and unicast topologies to be independent. These routes are used by multicast routing protocols to perform reverse-path forwarding (RPF) checks.
Page 763: Ip Multicast Route-Limit
Common Multicast Commands ip multicast route-limit Use this command to limit the number of multicast routes that can be added to a multicast routing table. Use the no parameter with this command to return the limit to the default. Syntax ip multicast route-limit <limit>...
Page 764: Ip Multicast-Routing
Common Multicast Commands ip multicast-routing Use this command to turn on/off multicast routing on the router; when turned off the device does not perform multicast functions. . Use the no parameter with this command to disable multicast routing after enabling it.
Page 765 Use this command to enable a switch port to route multicast packets that ingress the port. Use the no form of this command to stop the switch port from routing multicast packets that ingress the port. Note that this does not affect layer 2 forwarding of multicast packets. If you...
Page 766: Show Ip Mroute
10.10.5.24 225.2.2.2 count awplus# show ip mroute 10.10.1.34 summary The following is a sample output of this command displaying the IP multicast routing table, with and without specifying the group and source IP address: awplus# show ip mroute...
Page 767 (10.10.1.52, 224.0.1.3), Forwarding: 2/19456, Other: 0 Fwd msg: 0/0, Client msg: 0/0/0/0, Reg: 0/0/0 The following is a sample output for this command displaying the IP multicast routing table in an abbreviated form: awplus# show ip mroute summary IP Multicast Routing Table...
Page 768: Show Ip Mvif
Common Multicast Commands show ip mvif Use this command to display the contents of the Multicast Routing Information Base (MRIB) VIF table. Syntax show ip mvif [<interface>] Parameter Description <interface> The interface to display information about. Exec and Privileged Exec mode...
Page 769: 36 Pim-Sm Configuration
36 PIM-SM Configuration Introduction................................36.2 PIM Sparse Mode ............................36.2 Operation of PIM Sparse Mode......................36.3 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 36.1...
Page 770: Introduction
RP. A source uses the RP to announce its presence and to find a path to members that have joined the group. This model requires Sparse Mode routers to maintain some state information (the RP-list) prior to the arrival of data packets.
Page 771 Each subnetwork must have at least one Designated Router candidate. PIM hello When PIM is enabled on a switch, it sends out a PIM Hello message on all its PIM enabled messages interfaces, and listens for Hello messages from its PIM neighbors. When a switch receives a Hello message, it records the interface, IP address, priority for becoming a designated router, and the timeout for the neighbor’s information.
Page 772 PIM Assert messages. If one of the upstream routers is on an SPT and the other is on an RPT, the router on the SPT has the shortest path to the sender, and wins the Assert election. If both routers are on RPTs the router with the shortest path to the RP (the lowest sum of metrics to the RP) wins the Assert.
Page 773 PIM-SM Configuration leaves the SPT, the Assert winner sends an Assert Cancel message saying that it is about to stop forwarding data on the SPT. Any RPT downstream routers then switch back to the RP tree. ©2008 Allied Telesis Inc. All rights reserved.
Page 775: 37 Pim-Sm Commands
37 PIM-SM Commands Introduction................................37.2 clear ip pim sparse-mode bsr rp-set *....................37.2 debug pim sparse-mode ..........................37.3 debug pim sparse-mode timer bsr......................37.4 debug pim sparse-mode timer hello......................37.4 debug pim sparse-mode timer joinprune .....................37.5 debug pim sparse-mode timer register....................37.5 ip pim accept-register list..........................37.6 ip pim bsr-candidate............................37.6...
Page 776: Introduction
This chapter provides an alphabetical reference for each of the PIM-SM Commands. See also Chapter 35, Common Multicast Commands. clear ip pim sparse-mode bsr rp-set * Use this command to clear all RP sets learned through the PIMv2 Bootstrap Router (BSR). clear ip pim sparse-mode bsr rp-set * Syntax Parameter Description Clears all RP sets.
Page 777: Debug Pim Sparse-Mode
Use this command to activate/de-activate all PIM-SM debugging. Syntax debug pim sparse-mode [all] [events] [mfc] [mib] [nexthop] [nsm] [packet] [state] [mtrace] no debug pim sparse-mode [all] [events] [mfc] [mib] [nexthop] [nsm] [packet] [state] [mtrace] Parameter Description activates/deactivates all PIM-SM debugging...
Page 778: Debug Pim Sparse-Mode Timer Bsr
PIM-SM Commands debug pim sparse-mode timer bsr Use this command to enable the PIM-SM BSR timer’s debugging. Use the no parameter with this command to disable the PIM-SM BSR timer’s debugging. Syntax debug pim sparse-mode timer bsr[bst|crp] no debug pim] sparse-mode timer bsr[bst|crp]...
Page 779: Debug Pim Sparse-Mode Timer Joinprune
PIM-SM Commands debug pim sparse-mode timer joinprune Use this command to enable the PIM-SM JoinPrune timer’s debugging. Use the no parameter with this command to disable the PIM-SM JoinPrune timer’s debugging. Syntax debug pim sparse-mode timer joinprune [jt|et|ppt|kat|ot] no debug pim sparse-mode timer joinprune (jt|et|ppt|kat|ot)
Page 780: Ip Pim Accept-Register List
PIM-SM Commands ip pim accept-register list Use this command to configure the ability to filter out multicast sources specified by the given access-list at the Rendezvous Point (RP), so that the RP will accept/refuse to perform the register mechanism for the packets sent by the specified sources. By default, the RP accepts register packets from all multicast sources.
Page 781: Ip Pim Cisco-Register-Checksum
PIM-SM Commands ip pim cisco-register-checksum Use this command to configure the option to calculate the Register checksum over the whole packet.This command is used to inter-operate with older Cisco IOS versions. Use the no parameter with this command to disable this option.
Page 782: Ip Pim Crp-Cisco-Prefix
Use this command to interoperate with Cisco devices that conform to an earlier draft standard. Some Cisco devices might not accept candidate RPs with a group prefix number of zero. Use the no parameter with this command to revert to the default settings.
Page 783: Ip Pim Exclude-Genid
(3.5 * hello interval). Otherwise, it retains the configured value. Use the no variant of this command to return it to its default value of 3.5 * the current hello- interval. Syntax ip pim hello-holdtime <holdtime>...
Page 784: Ip Pim Hello-Interval
Configures a hello interval. When the hello interval is configured, and the hello holdtime is not configured, or when the configured hello-holdtime value is less than the new hello-interval value; the holdtime value is modified to the (3.5 * hello interval). Otherwise, the hello-holdtime value is the configured value.
Page 785: Ip Pim Jp-Timer
234 ip pim neighbor-filter Enables filtering of neighbors on the interface. When configuring a neighbor filter, PIM-SM will either not establish adjacency with the neighbor, or terminate adjacency with the existing neighbors if denied by the filtering access list.
Page 786: Ip Pim Register-Rate-Limit
PIM-SM Commands ip pim register-rate-limit Use this command to configure the rate of register packets sent by this DR, in units of packets per second. Use the no parameter to remove the limit. Syntax ip pim register-rate-limit <1-65535> no ip pim register-rate-limit...
Page 787: Ip Pim Register-Source
Use the no parameter to un-configure the source address of Register packets sent by this DR, reverting back to use the default source address that is the address of the RPF interface toward the source host. The configured address must be a reachable address to be used by the RP to send corresponding Register-Stop messages in response.
Page 788: Ip Pim Register-Suppression
Configuring this value at the RP modifies the RP-keepalive-period value if the ip pim rp- register-kat command on page 37.16 is not used. Use the no parameter to reset the value to its default of 60 seconds. Syntax ip pim register-suppression <1-65535> no ip pim register-suppression...
Page 789: Ip Pim Rp-Address
224.0.0.0/4. Configuring ip pim rp-address 192.168.7.8 grp-list will configure static-RP 192.168.7.8 for all the group ranges represented by permit filters in grp-list ACL. If multiple static-RPs are available for a group range, then one with the highest IP address is chosen.
Page 790: Ip Pim Rp-Candidate
PIM-SM Commands ip pim rp-candidate Use this command to give the router the candidate RP status using the IP address of the specified interface. Use the no parameter to unconfigure the setting. Syntax ip pim rp-candidate <ifname> [ priority <priority>|interval <interval>| grouplist <grouplist>] no ip pim rp-candidate [<ifname>]...
Page 791: Ip Pim Sparse-Mode
PIM transactions on the interface, allowing only IGMP mechanism to be active. To turn off passive mode, use the no ip pim sparse-mode passive or the ip pim sparse-mode command. To turn off PIM activities on the interface, use the no ip pim sparse-mode command.
Page 792: Ip Pim Spt-Threshold
PIM-SM Commands ip pim spt-threshold Turn on/off the ability for the last-hop PIM router to switch to SPT. The switching to SPT happens either at the receiving of the first data packet, or not at all; it is not rate-based. Syntax...
Page 793: Ip Pim Ssm
Mode The command is disabled. Default When an SSM range of IP multicast addresses is defined by the ip pim ssm command, the no Usage (*,G) or (S,G,rpt) state will be initiated for groups in the SSM range. The messages corresponding to these states will not be accepted or originated in the SSM range.
Page 794: Show Debugging Pim Sparse-Mode
This command displays the status of the debugging of the system. To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > (output redirection token). Syntax...
Page 795: Show Ip Pim Sparse-Mode Interface
Related Commands show ip pim sparse-mode neighbor show ip pim sparse-mode interface detail Use this command to show detailed information on a PIM-SM interface. Syntax show ip pim sparse-mode interface detail Privileged Exec and Exec mode...
Page 796: Show Ip Pim Sparse-Mode Mroute
PIM-SM Commands show ip pim sparse-mode mroute This command displays the IP multicast routing table, or the IP multicast routing table based on the specified address or addresses. Two group addresses cannot be used simultaneously; two source addresses cannot be used simultaneously.
Page 797 40.40.40.11 awplus# show ip pim sparse-mode mroute 235.0.0.1 awplus# show ip pim sparse-mode mroute 235.0.0.1 40.40.40.11 ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E...
Page 798: Show Ip Pim Sparse-Mode Mroute Detail
PIM-SM Commands show ip pim sparse-mode mroute detail This command displays detailed entries of the IP multicast routing table, or detailed entries of the IP multicast routing table based on the specified address or addresses. Two group addresses cannot be used simultaneously; two source addresses cannot be used simultaneously.
Page 799 (*,*,RP) Entries: 0 (*,G) Entries: 4 (S,G) Entries: 0 (S,G,rpt) Entries: 0 FCR Entries: 0 (*, 224.0.1.24) Uptime: 00:06:42 RP: 0.0.0.0, RPF nbr: None, RPF idx: None Upstream: State: JOINED, SPT Switch: Disabled, JT: off Macro state: Join Desired, Downstream: vlan2:...
Page 800: Show Ip Pim Sparse-Mode Neighbor
Nbr 10.10.3.180 (vlan5), DR Expires in 55 seconds, uptime 00:00:15 Holdtime: 70 secs, T-bit: off, Lan delay: 1, Override interval: 3 DR priority: 100, Gen ID: 625159467, Secondary addresses: 192.168.30.1 ©2008 Allied Telesis Inc. All rights reserved.
Page 801: Show Ip Pim Sparse-Mode Nexthop
Output awplus#show ip pim sparse-mode nexthop Figure 37-9: Output from the show ip pim sparse-mode nexthop command Flags: N = New, R = RP, S = Source, U = Unreachable Destination Type Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Addr...
Page 802: Show Ip Pim Sparse-Mode Rp-Hash
PIM-SM Commands show ip pim sparse-mode rp-hash Use this command to display the rendezvous point (RP) to be chosen based on the group selected. Syntax show ip pim sparse-mode rp-hash <group-addr> Parameter Description <group-addr> The group address (A.B.C.D) to find the RP for.
Page 803: Undebug All Pim Sparse-Mode
PIM-SM Commands undebug all pim sparse-mode Use this command to disable all PIM-SM debugging. Syntax undebug all pim sparse-mode Privileged Exec mode Mode Example awplus# undebug all pim sparse-mode debug pim sparse-mode Related Commands ©2008 Allied Telesis Inc. All rights reserved.
Page 805: Traffic And
Traffic and Security Reference This part includes the following chapters: Chapter 38, Access Control List (ACL) Commands ■ ■ Chapter 39, Quality of Service (QoS) ■ Chapter 40, QoS Commands ■ Chapter 41, 802.1x Configuration Chapter 42, 802.1x and RADIUS Commands ■...
Page 807: 38 Access Control List (Acl) Commands
............................38.22 maximum-access-list............................38.23 show access-list..............................38.24 show ip access-list............................38.25 show ip prefix-list............................. 38.26 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus...
Page 808: Introduction
This chapter provides an alphabetized reference for the Access Control List (ACL) commands. To apply ACLs to an LACP channel group, apply it to all the individual switch ports in the channel group. To apply ACLs to a static channel group, apply it to the static channel group itself.
Page 809: Access-List (Standard)
Access-list rejects packets from the specified source. permit Access-list accepts packets from the specified source. The source address of the packets. You can specify either a subnet, a host, <source> or all sources. The following are the valid formats to specify the source: Filters packets with any source address.
Page 810: Access-List (Ip)
Access Control List (ACL) Commands access-list (IP) This command configures an IP access list for filtering IP hardware packets, ICMP packets, TCP packets, UDP packets, or IANA defined IP protocols. The no form removes the previously specified IP hardware access list.
Page 811 Access Control List (ACL) Commands Parameter Description (Cont) The destination of the packets. You can specify either a subnet, a host, or <destination> all destinations. The following are valid formats to specify the destination: Filters packets with any destination address.
Page 812 Specify packets to send to the CPU. The access-list matches only TCP packets. The access-list matches only UDP packet. The source address of the packets. You can specify either a subnet or all <source> sources. The following are the valid formats for specifying the source: An IPv4 address, followed by a forward slash, then the <ip-addr/...
Page 813 Specify packets to send to the CPU. The source address of the packets. You can specify either a subnet, a host, <source> or all sources. The following are the valid formats to specify the source: Filters packets with any source address.
Page 814 UDP (User Datagram Protocol) [RFC768] Host monitoring [RFC869] RDP (Reliable Data Protocol) [RFC908] IRTP (Internet Reliable Transaction Protocol) [RFC938] ISO-TP4 (ISO Transport Protocol Class 4) [RFC905] Bulk Data Transfer Protocol [RFC969] DCCP (Datagram Congestion Control Protocol) [RFC4340] DSR (Dynamic Source Routing Protocol) [RFC4728]...
Page 815 3000 To create an access list that will permit any type of IP packet with a source address of IP protocol 192.168.1.1 and any destination address, issue the example commands: awplus# configure terminal awplus(config)# access-list 3000 permit ip 192.168.1.1/32 any...
Page 816: Access-List (Mac)
MAC addresses. You may apply the any parameter if the source or destination MAC host address is not important. To create an access list that will permit packets with a MAC address of 0000.00ab.1234 and Examples...
Page 817 Access Control List (ACL) Commands To destroy the access list with an access list identity of 4000 issue the below example commands: awplus# configure terminal awplus(config)# no access-list 4000 show running-config Related Commands show ip access-list ©2008 Allied Telesis Inc. All rights reserved.
Page 818: Access-List Extended (Named)
Access Control List (ACL) Commands access-list extended (Named) This command configures an access list for filtering frames that permit or deny IP, ICMP, TCP, UDP packets or ICMP packets with a specific value based on the source or destination. Use access lists to control the transmission of packets on an interface, and restrict the content of routing updates.
Page 819 Access Control List (ACL) Commands Parameter (Cont) Description (Cont) The ICMP type, as defined in RFC792 and RFC950. Specify one of the <type-number> following integers to create a filter for the ICMP message type: Echo replies. Destination unreachable messages. Source quench messages.
Page 820 The access-list matches only TCP packets. The access-list matches only UDP packet. The source address of the packets. You can specify either a subnet or all <source> sources. The following are the valid formats for specifying the source: An IPv4 address, followed by a forward slash, then the <ip-addr>/...
Page 821 The access-list matches any type of packet. <source> The source address of the packets. You can specify either a subnet or all sources. The following are the valid formats for specifying the source: An IPv4 address, followed by a forward slash, then the <ip-addr>/...
Page 822 Reserved / IANA Configure mode Mode Example awplus# configure terminal awplus(config)# access-list extended TK deny tcp 2.2.2.3/24 eq 14 3.3.3.4/24 lt 12 log show running-config Related Commands show ip access-list ©2008 Allied Telesis Inc. All rights reserved. 38.16 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 823: Clear Ip Prefix-List
Access Control List (ACL) Commands access-list standard (Named) This command configures an access list for filtering frames that permit or deny packets from a specific source IP address. The no form removes a specified access-list. Syntax access-list standard <list-name> {deny|permit} <source> [exact-match] no access-list standard <list-name>...
Page 824 To apply ACLs to an LACP channel group, apply it to all the individual switch ports in the channel group. To apply ACLs to a static channel group, apply it to the static channel group itself.
Page 825: Ip Prefix-List
The parameters ge and le specify the range of the prefix length to be matched. When setting these parameters, set the le value to be less than 32, and the ge value to be less than the le value. In this configuration, the ip prefix-list command matches all, but denies the IP address range, 76.2.2.0.
Page 826 Access Control List (ACL) Commands To deny the IP addresses between 10.0.0.0/14 (10.0.0.0 255.252.0.0) and 10.0.0.0/22 Example (10.0.0.0 255.255.252.0) within the 10.0.0.0/8 (10.0.0.0 255.0.0.0) addressing range:. awplus# configure terminal awplus(config)# ip prefix-list mylist seq 12345 deny 10.0.0.0/8 le 22 ge 14...
Page 827 First create a mac access list that applies the appropriate permit, deny requirements etc. Then Usage use the mac access-group command to apply this access list to a specific port or range. Note that this command will apply the access list only to incoming data packets.
Page 828 Negate a command or set its defaults Configure mode Mode First create an access list that applies the appropriate permit, deny requirements etc. Then use Usage the match access-group command to apply this access list for matching to a class map.
Page 829 Hardware access-lists are excluded from this command. These lists are those within the ranges <3000-3699> and <4000-4699>. The no variant of this command removes the limit on the number of filters that can be added to a software access-list Syntax maximum-access-list <1-4294967294>...
Page 830: Show Access-List
Access Control List (ACL) Commands show access-list Shows the specified access-list, or all access-lists if none have been specified. Note that only defined access lists are displayed. An error message is displayed for an undefined access list Syntax show access-list [<1-99>|<100-199>|<1300-1999>|<3000-3699>| list-name <4000-4499>...
Page 831: Show Ip Access-List
Access Control List (ACL) Commands show ip access-list Use this command to display IP access lists. Syntax show ip access-list [<1-99>|<100-199>|<1300-1999>|<2000-2699>| <list-name>] Parameter Description <1-99> IP standard access list <100-199> IP extended access list <1300-1999> IP standard access list (expanded range) <2000-2699>...
Page 832: Show Ip Prefix-List
Access Control List (ACL) Commands show ip prefix-list Use this command to display the prefix-list entries. Note that this command is valid for RIP and BGP routing protocols only. show ip prefix-list [<list>|<detail>|<summary>] Syntax Parameter Description <ip-addr/mask> [first-match|longer] <list> IP address for the prefix list and mask <ip-addr/mask>...
Page 833: Quality Of Service (Qos)
Policing (Metering) Your Data ......................... 39.15 Single-rate three-color policing......................39.16 Two rate three-color policing ......................39.17 Configuring and Applying a Policer ....................39.18 Remarking Your Data............................ 39.19 Configuring the Egress Queues ....................... 39.20 Input Queues - The Internal Paths....................39.20 Egress Queues and QoS markers....................
Page 834: Introduction
The concept of QoS is a departure from the original networking concept of treating all network traffic in the same way. Without QoS, all traffic types are equally likely to be dropped when a link becomes oversubscribed. With QoS, certain traffic types can be given preferential treatment.
Page 835: Qos Packet Information
For example, you could decide to send frames with a User Priority value of 7 to queue 3, and frames with a User Priority value of 2 to queue 7. The process of assigning queues based on CoS tags is commonly known as “PreMarking”...
Page 836: Differentiated Services Architecture
Differential Services Code Point (DSCP) is added to the IP header of each packet, which allocates it to a PHB. QoS Core Routers within the network can then use the DSCP to decide on an appropriate service quality level to apply. When a network contains a consistently applied differential services code points DSCP it is referred as a Differential Services Domain (often shortened to DiffServe Domain).
Page 837: The Differential Services Field
For example, you could decide to send frames with a User Priority value of 7 to queue 3, and frames with a User Priority value of 2 to queue 7.
Page 838: Processing Pre-Marked Packets
Quality of Service (QoS) Processing pre-marked packets A logical question to ask at this point is; how does the QoS switch deal with data that arrives with a pre-existing service level tag such as a DSCP? As previously touched on, the differentiated services model envisages a network that comprises QoS boundary routers at its edge and QoS core routers in its core network.
Page 839: Applying Qos On Your Switch
Creates a class map QoS Classification At the premarking stage you can assign your data a particular priority level by giving it a link level user priority, see “Link Layer QOS” on page 39.3, or a network level DSCP “Differentiated Services Architecture”...
Page 840 39.10. Note: If a conflict occurs between the settings in two class maps, priority will be applied to the class map that was created first. An example of such a conflict is the arrival of a packet that meets the classification requirements of two class maps each configured to the same policy map and set to apply different priority settings to the packet.
Page 841 These (automatically created) default class-maps serve as the means to specify the action that will apply to all unclassified data, i.e. all data within a policy-map that is not captured by any of the applied match commands that are applied to the policy-map by its class-map’s.
Page 842: Policy Maps
Quality of Service (QoS) Policy Maps Policy maps are the means by which you apply your class-map properties to physical switch ports. Figure 39-8 on page 39.17 illustrates this concept. Note that whilst a policy map can be assigned to several ports, a port cannot have more than one policy-map assigned to it.
Page 843: Premarking Your Traffic
Apply a CoS to egress queue mapping for the class-map / policy-map. This mapping - which forms part of the policy map - is applied at an input port, but will take effect at the ©2008 Allied Telesis Inc. All rights reserved.
Page 844 CoS tagging. Note: Where a packet contains both a CoS and a DSCP field, and each field maps to a different class-map; the switch will apply a priority based on the creation date of the class maps to which they apply - the earlier the creation date, the higher the priority.
Page 845: Dscp To Egress Queue Premarking
This mapping - which forms part of the policy map - is applied at an input port, but will take effect at the packet’s destination output port.
Page 846 Quality of Service (QoS) Setting the Trust DSCP Map The Trust DSCP mapping table assigns a new set of QoS values for a DSCP value supplied as table input. To configure this table you use the command, mls qos map mark-dscp...
Page 847: Policing (Metering) Your Data
One tool used for traffic conditioning is the policer (or meter). The principle of policing is to measure the data flow that matches the definitions for a particular class-map; then, by selecting appropriate data rates, allocate the flows into one of three categories, Green Yellow or Red.
Page 848: Single-Rate Three-Color Policing
Each byte entering the meter is paired with a token in each bucket, and a token is removed as each byte is accepted. If the input data rate is the same as the CIR then the data passes through the port at the same rate as the bucket fills. Hence the bucket level remains constant. In this model the data buffer is represented by two data buckets.
Page 849: Two Rate Three-Color Policing
Peak Information Rate (PIR). When data enters the port at the CIR, the bucket fills at the same rate as the incoming data, thus the token count in bucket C remains constant. Similarly, if data enters the port at the PIR, then the token count in bucket P remains constant.
Page 850: Configuring And Applying A Policer
Quality of Service (QoS) A surge of data exceeding the CIR will begin to empty bucket C. If bucket C empties to a point where it has insufficient tokens to match to an incoming data packet, then the data packet will be marked yellow.
Page 851: Remarking Your Data
Remarking Your Data The remarking process enables you to change the QoS tagging and queue assignments etc from data that has already been marked by the policer. To do this you fill entries in the remarking table by using the mls qos map policed-dscp to command on page 40.27.
Page 852: Configuring The Egress Queues
Previous sections have explained the ingress functions. These include, how the incoming data can be classified and marked according to its priority and allocated to an egress queue, then finally how metering and remarking is applied. At this point the data then flows across the switch to its destination egress port where its transit to the egress queues is controlled.
Page 853: Egress Queue Commands Hierarchy
QoS_EgressDefaultQueue Egress Queue Commands Hierarchy The destination queue that any one packet will take depends on the markers within the packet, and the way the queueing commands have been set. Also some queueing commands will override others. Here is how the switch prioritizes its queueing commands.
Page 854: Egress Queue Shaping
Strict priority servicing By default, all queues on all ports are serviced in a strict priority order. This means that the highest numbered priority queue (queue 7) is emptied first; then when it is completely empty, the next highest priority queue is processed, and so on. Thus, for a strict priority queue to be processed, all higher priority queues must be empty.
Page 855 If queue 7 is empty, Queue 6 is processed next. If queues 6 and 7 are empty, queues 3, 4 and 5 are processed with a ratio of 1:1:2. If queues 4 to 7 are empty, queues 0, 1 and 2 are process with equal weighting.
Page 856: Drop Mode
Quality of Service (QoS) Drop Mode The drop mode sets the limits for packets in the eight egress queues and determines how packets will be dropped if the queues become congested. Two drop methods may be employed, these are: ■...
Page 857 Quality of Service (QoS) Figure 39-10: Queue-Set Defaults for 1G Ports awplus#show mls qos queue-set Queue Set 1: Description: 1G Defaults BandwidthClass Drop Probability -------------------------------------------------------------------------- Queue 0 | Green 100 KB 125 KB 1 (50%) | Yellow 100 KB 125 KB...
Page 858 For example, you could name your triple-play traffic “Triple- Play” as shown below. You could then assign appropriate profiles for each of 8 triple-play queues within the queue-set. To set the description for queue-set 4 to be "Triple-Play," use the command:...
Page 859 Quality of Service (QoS) Once you have configured your queue-sets, you can apply each to specific ports by using the mls qos queue-set. You also use this command to select the drop-mode to apply. Note the following rules when applying queue-sets to queues and ports: a port can only have one queue-set applied to it ■...
Page 860: Tail Drop
In some situations, such as when using the UDP protocol, it is more appropriate to use tail-drop than RED. This is because UDP (unlike TCP) is not a sliding window protocol. UDP is also a popular protocol for “real time” data such as voice and video conferencing.
Page 861 Red, Yellow, and Green are progressively dropped as their egress queue begins to fill. Each queue has an allocated buffer size, illustrated in the figure by the MAX queue length on the graph’s x axis. Traffic entering the queue can be marked either Green (most conformant), Yellow, or Red (least conformant).
Page 862 This should increase the queue queue space for the remaining yellow and green traffic. If the queue continues to fill, the above situation will then apply to the yellow and green traffic, as the queue size meets their own configurable thresholds Min yellow, Max yellow etc.
Page 863 For TCP traffic we suggest using a drop probability of 3 or 4. For Green traffic using UDP we suggest using a value of 7, for reasons given in the earlier part of this section. See...
Page 864 For example, you could decide to send frames with a User Priority value of 7 to queue 3, and frames with a User Priority value of 2 to queue 7.
Page 865: Storm Protection
SNMP trap to signal that a port has been disabled. When a storm is detected on a trunk or port group, the entire trunk or port group is disabled.
Page 866: Qos And The Switching Fabric
These two types of queues must be mapped to each other. To specify the mapping of the 8 switch processor port queues to the 4 fabric queues, use the command: mls qos map input-queue command on page 40.24.
Page 867: 40 Qos Commands
................................40.47 show interface access-group ........................40.48 show mls qos aggregate-policer ......................40.49 show mls qos input-queue ......................... 40.50 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1...
Page 868 ................................40.64 storm-downtime...............................40.65 storm-protection ..............................40.66 storm-rate................................40.67 storm-window..............................40.68 trust dscp................................40.69 wrr-queue disable queues...........................40.70 wrr-queue egress-rate-limit queues.......................40.71 wrr-queue group weight queues......................40.72 wrr-queue queue-limit...........................40.73 ©2008 Allied Telesis Inc. All rights reserved. 40.2 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 869: Introduction
This chapter provides an alphabetical reference for each of the Quality of Service commands. class Use this command to associate a class map to a policy or policy map create a class-map (traffic classification). Use the no parameter with this command to delete an existing class-map.
Page 870: Clear Mls Qos Interface Policer-Counters
QoS Commands clear mls qos interface policer-counters Resets an interface’s policer counters to zero. This can either be for a specific class-map or for all class-maps. Before running this command you must first enable the QoS counter platform enhanced mode.
Page 871 ACL that is applied to the policy-map. The default action can therefore be thought of as specifying the action that will be applied to any data that does not meet the criteria specified by the applied matching commands. .
Page 872 QoS Commands description Adds a textual description of the policy-map. This can be up to 80 characters long. Use the no description command to remove the current description from the policy-map. Syntax description <line> no description Parameter Description Negate a command or set its defaults...
Page 873 Sets a limit on the amount of traffic that can be transmitted per second from this port. The default unit is in Kb, but Mb or Gb can also be specified. The minimum is 651Kb. Note that the command syntax is not case sensitive, so a value such as 20 mb will be taken to mean 20 mega bits.
Page 874 This command adds an IP hardware-based access-list to an interface. The number of access-lists that can be added is determined by the amount of available space in the hardware-based packet classification tables. Use the no ip access-group command to remove a specified access-list from a given interface.
Page 875 QoS Commands mac access-group This command adds a MAC hardware-based access-list to an interface. The number of access- lists that can be added is determined by the amount of available space in the hardware-based packet classification tables. Syntax mac access-group <4000-4699>...
Page 876: Match Cos
To set the class-map’s CoS to 4: Example awplus# config terminal awplus# class-map awplus(config-cmap)# match cos 4 match inner-cos Sets the Inner CoS for a class-map to match on. Syntax match inner-cos <0-7> no match inner-cos <0-7> Parameter Description match Define the match criteria inner-cos<0-7>...
Page 877: Match Inner-Tpid
Negate a command or set its defaults Class Map Mode Mode Use the match ip-dscp command to define the match criterion after creating a class map. Usage To configure a class map named cmap1 with criterion that matches IP DSCP 56.
Page 878: Match Ip-Precedence
<0-7> The precedence value to be matched Negate a command or set its defaults Class Map Mode Mode To configure a class-map named cmap1 to evaluate all IPv4 packets for a precedence value of Example awplus# configure terminal awplus(congfig)# class-map cmap1...
Page 879: Match Mac-Type
QoS Commands match mac-type Sets the mac type for a class-map to match on. Syntax match mac-type {l2bcast|l2mcast|l2ucast} no match mac-type {l2bcast|l2mcast|l2ucast} Parameter Description match Define the match criteria mac-type Specify MAC type l2bcast Layer 2 Broadcast l2mcast Layer 2 Multicast...
Page 880: Match Protocol
Sets the ethernet format and protocol for a class-map to match on. Select one layer two eth-format “and” one layer three protocol. Use the no match protocol eth-format command to remove ethernet format and protocol from a class-map. Syntax...
Page 881 QoS Commands Parameter Description xns-compat Protocol Number 0807 (enter the parameter name or its number) banyan-systems Protocol Number 0BAD (enter the parameter name or its number) bbn-simnet Protocol Number 5208 (enter the parameter name or its number) dec-mop-dump-ld Protocol Number 6001 (enter the parameter name or its number)
Page 882: Match Tcp-Flags
0800 awplus(config-cmap)# match eth-format ethii-tagged protocol ip match tcp-flags Sets one or more tcp flags (control bits) for a class-map to match on. Syntax match tcp-flags {[ack][fin][rst][syn][urg]} no match tcp-flags {[ack][fin][rst][syn][urg]} Parameter Description match...
Page 883: Match Vlan
0x9100 match vlan Use this command to define the VLAN ID used as match criteria to classify a traffic class. Use the no parameter with this command to disable the VLAN ID used as match criteria. Syntax match vlan <1-4094>...
Page 884: Mls Qos Enable
QoS Commands mls qos enable Use this command to globally enable QoS on the switch or stack. Use the no variant of this command to globally disable QoS and remove all QoS configuration. mls qos Syntax enable no mls qos...
Page 885: Mls Qos Aggregate-Police Exceed-Action
Negate a command or set its defaults Policy Map Class Mode Mode A policer can be used to meter the traffic classified by the class-map and as a result will be given Usage one of three bandwidth classes. These are green (conforming), yellow (partially-conforming), and red (non-conforming).
Page 886 Traffic is classed as green if the rate is less than the combined CIR plus CBS values. Traffic is classed as yellow if the data rate is between the CBS and the EBS. Traffic is classed as red if the rate exceeds the average rate and the EBS.
Page 887: Mls Qos Input-Queue
In this mode the queue with the highest number, i.e. queue 3 will be emptied first, then queues 2, 1 and 0. Note that the lower queues will only be serviced if there is no data waiting in the higher numbered queues.
Page 888 QoS Commands To set the scheduler for input queues 0 and 1 to WRR and both have a weight of 5 use the Examples command: awplus# config terminal awplus(config)# mls qos input-queue 0 1 wrr weight 5 To reset the scheduling algorithm for input-queues 0 and 1, use the command:...
Page 889: Mls Qos Map Cos-Queue To
QoS Commands mls qos map cos-queue to Used to set the default CoS to queue mapping. This is the default queue mapping for packets that do not get assigned a queue via any other QoS functionality. Use the no mls qos map cos-queue command to reset the cos-queue map back to its default setting.
Page 890: Mls Qos Map Input-Queue
The default maps egress queues 0 and 1 to input queue 0, egress queues 2 and 3 to input queues 1, egress queues 4 and 5 to input queue 2 and egress queues 6 and 7 to input queue 3.
Page 891 QoS Commands Figure 40-1: Egress Queue to Fabric Queue mapping: Egress Queue Fabric Queue qos queues To reset the input-queue map, use the command: awplus# config terminal awplus(config)# no mls qos map input-queue mls qos input-queue Related Commands show mls qos input-queue show mls qos maps input-queue ©2008 Allied Telesis Inc.
Page 892: Mls Qos Map Mark-Dscp To
Egress Bandwidth-class red (marked down Bandwidth-class) Configure Mode Mode To set the entry for DSCP 1 to use a new DSCP of 2, a new CoS of 3, a new queue of 4 and a Examples new bandwidth class of yellow, use the command:...
Page 893: Mls Qos Map Policed-Dscp To
At least one ’new’ parameter must be specified. Use the no variant to reset the policed-dscp map to its default. This is used when a policer is configured with an exceed action of ’policed-dscp-transmit’. Specifying DSCP and bandwidth- class is optional.
Page 894 Configure Mode Mode To set the entry at DSCP 2 to remark the policed green traffic to a new DSCP of 2, a new CoS Example of 3, and new queue of 4 and a new bandwidth class of yellow, use the command:...
Page 895: Mls Qos Queue
When no default queue is configured the cos-queue map is used to choose the queue for the packet. Use the no mls qos queue command to turn off the use of a default queue on the interface. Syntax mls qos queue <0-7>...
Page 896: Mls Qos Queue-Set Averaging-Factor
As you increase the averaging- factor the average queue length will take longer to follow the actual queue length. The queues parameter is optional and if not specified will default to setting the thresholds for all queues.
Page 897: Mls Qos Queue-Set Drop-Probability
<0-15> Maximum drop-probability factor for red traffic The drop probability is 100% for a setting of 0 and halves for each integer value increase. The following table shows probability values for drop values of 0 to 7. Default: 1. Drop Probability...
Page 899: Mls Qos Queue-Set Threshold
Maximum threshold for red traffic (Bytes) Configure Mode Mode Random Early Discard (RED) Example Examples To set the thresholds for queues 1-3 in queue-set 1 to a minimum or 1KB and a maximum of 2 KB use the command: awplus# config terminal awplus(config)#...
Page 901: Mls Qos Queue-Set
The down side of this is that more packets are dropped. By default all ports are assigned to a queue-set created for each class of port (100 M, 1G or 10 G). All ports are also set to operate in taildrop mode.
Page 902: Mls Qos Queue-Set Description
Sets the description for the specified queue-set. This is a textual string that can be up to 80 characters long. Syntax mls qos queue-set <1-4> description line...
Page 903: No Police
Description Negate a command or set its defaults police Disable policing of traffic Priority Map Mode Mode This command disables any policer previously configured on the class-map Usage To disable policing on a class-map use the command: Example awplus# config...
Page 904: Police Aggregate
This command enables you to apply an aggregate policer to a number of different class maps, Usage and meter them as one group. Note that you cannot apply this command to any class map that already has a policer assigned by using the police single (or twin) rate exceed action command.
Page 905: Police Single-Rate Exceed-Action
If a DSCP index is to be forced regardless of the packet DSCP the ’set dscp’ command can be used to achieve this. If no DSCP is present in the packet an index of 0 will be used. When using an exceed-action of policed-dscp-transmit,...
Page 906 QoS Commands mls qos map policed-dscp to Related Commands no police police twin-rate exceed-action show mls qos maps policed-dscp ©2008 Allied Telesis Inc. All rights reserved. 40.40 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 907: Police Twin-Rate Exceed-Action
If a DSCP index is to be forced regardless of the packet DSCP the ’set dscp’ command can be used to achieve this. If no DSCP is present in the packet an index of 0 will be used.
Page 908 QoS Commands To configure a twin rate meter measuring a minimum rate of 10 Mbps and a maximum rate of Example 20 Mbps that uses the policed-dscp map to remark any non-conforming traffic, use the command: bursting over 1024 bytes of this use the command::...
Page 909: Service-Policy Input
5 6 7 service-policy input Use this command to apply a policy map to the input of an interface. Use the no parameter with this command to remove a policy map and interface association. Syntax service-policy input <policy-map>...
Page 910: Set Bandwidth-Class
40.3 and the policy-map command on page 40.42. To turn off the setting of a packets in the green bandwidth-class, for the policy pmap1 and the class cmap1, use the command: awplus# configure terminal awplus(config)# policy-map pmap1...
Page 911: Set Cos
The new CoS value to be assigned Negate a command or set its defaults Policy Map Class Mode Mode To set the CoS value to 7 for all traffic classified by the selected class-map and policy-map use Example the command: awplus#...
Page 912: Set Dscp
The new DSCP value. A value between 0 and 63. Negate a command or set its defaults Policy Map Class Mode Mode To set a DSCP value of 35 to all traffic classified by a class-map of cmap and a policy map of Example pmap1, use the command: awplus#...
Page 913: Set Queue
Specify a new Queue value Negate a command or set its defaults Policy Map Class Mode Mode To set the queue to value 7 for all traffic classified as cmap1 and pmap1, use the command: Example awplus# configure terminal awplus(config)#...
Page 914: Show Interface Access-Group
<port-list>. Note that an access group is the term given for an access list when it is applied to an interface. Syntax show interface [<port-list>] access-group {<3000-3699>|<4000-4499>}...
Page 915: Show Mls Qos Aggregate-Policer
QoS Commands show mls qos aggregate-policer Displays all or a single aggregate-policer. If no name is specified, all aggregate policers will be displayed. Syntax show mls qos aggregate-policer [<name>] Parameter Description show Show running system information Multi-Layer Switch(L2/L3) Quality of Service...
Page 916: Show Mls Qos Input-Queue
Show running system information Multi-Layer Switch(L2/L3) Quality of Service input-queue Select QoS map Exec and Privileged Exec Mode Mode To display the scheduling algorithms for the input-queues, use the command: Example awplus# show mls qos input-queue Output Input Queue: 0 Scheduler: WRR...
Page 917: Show Mls Qos Interface
QoS Commands show mls qos interface Displays the current settings for the interface. This includes it’s default CoS and queue, scheduling used for each queue, and any policies/maps that are attached. Syntax show mls qos interface [<ifname>] Parameter Description show...
Page 918 Queue Limit: 12% Egress Rate Limit: 0 Kb Output Parameter Meaning The default CoS priority that will be applied to all packets arriving on Default CoS this interface. The default queue that will be applied to all packets arriving on this Default Queue interface.
Page 919: Show Mls Qos Interface Policer-Counters
QoS Commands show mls qos interface policer-counters Display an interface’s policer counters. This can either be for a specific class-map or for all class- maps attached to the interface. If no class-map is specified all class-map policer counters attached to the interface will be displayed.
Page 920 Aggregate Bytes: Green Bytes: Yellow Bytes: Red Bytes: Dropped Bytes: mls qos queue Related Commands wrr-queue group weight queues wrr-queue queue-limit ©2008 Allied Telesis Inc. All rights reserved. 40.54 AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Software Version 5.2.1...
Page 921: Show Mls Qos Interface Queue-Counters
Meaning Interface Port we are showing the counters for Port queue length Number of frames in the port’s queue. This will be the sum of all egress queues on the port. Egress Queue Number of frames in a specific egress queue.
Page 922: Show Mls Qos Interface Storm-Status
QoS Commands show mls qos interface storm-status Show the current configuration and status of the QoS Storm Protection (QSP) on the given port. Syntax show mls qos interface <ifname> storm-status Parameter Description show Show running system information Multi-Layer Switch (L2/L3)
Page 923: Show Mls Qos Maps Cos-Queue
Quality of Service maps Select QoS map cos-queue Queue to CoS priority map Exec and Privileged Exec Mode Mode To display the current configuration of the cos-queue map, use the command: Example awplus# show mls qos maps cos-queue Output COS-TO-QUEUE-MAP: COS :...
Page 924: Show Mls Qos Maps Input-Queue
QoS Commands show mls qos maps input-queue Displays the input queue map, which is a table mapping eight egress queues to four input fabric queues. Syntax show mls qos maps input-queue Parameter Description show Show running system information Multi-Layer Switch(L2/L3)
Page 925: Show Mls Qos Maps Mark-Dscp
DSCP value. If the set DSCP command has also been specified for that class-map, the set value is used for the lookup of the mark-dscp map. Otherwise the DSCP value in the packet is used for the lookup.
Page 926: Show Mls Qos Maps Policed-Dscp
QoS Commands show mls qos maps policed-dscp Displays the policed-dscp map. This is used when a policer is configured with an exceed action of ’policed-dscp-transmit’. Syntax show mls qos maps policed-dscp [<0-63>] Parameter Description show Show running system information Multi-Layer Switch(L2/L3)
Page 927: Show Mls Qos Queue-Set
QoS Commands show mls qos queue-set Displays the specified queue-set and it’s parameters. If no queue-set is specified then all queue sets will be displayed. Syntax show mls qos queue-set [<1-4>] Parameter Description show Show running system information Multi-Layer Switch(L2/L3)
Page 928 Parameter set per-bandwidth-class per-queue. The amount of traffic required in the queue before packets start getting dropped. The amount of traffic required in the queue before all packets are dropped. The probability that a packet is dropped when the queue length is Drop Probability between the minimum and maximum for the bandwidth-class.
Page 929: Show Policy-Map
Displays the policy-maps configured on the switch. The output also shows whether or not they are connected to a port (attached / detached) and shows their associated class-maps. Syntax show policy-map...
Page 930 Shutdown the port physically Negate a command or set its defaults Priority Map Mode Mode To apply the storm protection of vlandisable to the policy map named pmap2, and the class- Example map named cmap1, use commands: awplus(config)# policy map pmap2...
Page 931 QoS Commands storm-downtime Sets the time to re-enable the port once disabled by QoS Storm Protection (QSP). The time is given in seconds, from a minimum of one second to maximum of 86400 seconds (i.e. one day). Syntax storm-downtime <1-86400>...
Page 932 QoS Commands storm-protection Enables the Policy Based Storm Protection (such as QSP - QoS Storm Protection). Syntax storm-protection no storm-protection Parameter Description storm-protection Policy-based storm protection Negate a command or set its defaults Priority Map Mode Mode To enable QSP on cmap2 in pmap2, use the commands:...
Page 933 QoS Commands storm-rate Sets the data rate that triggers the storm-action. The rate is in kbps and the range is from 1kbps to 10Gbps. Note that this setting is made in conjunction with the Storm Window command. Syntax storm-rate <1-10000000>...
Page 934 QoS Commands storm-window Sets the window size of QoS Storm Protection (QSP). This sets the time to poll the data-rate every given milliseconds. Minimum window size of 100 ms and the maximum is 60 sec. Syntax storm-window <100-60000> Parameter Description...
Page 935: Trust Dscp
Priority Map Mode Mode If the set DSCP command has also been specified for the class-map, the set value is used for Usage the lookup of the mark-dscp map. Otherwise the DSCP value in the packet is used for the lookup.
Page 936: Wrr-Queue Disable Queues
QoS Commands wrr-queue disable queues The command wrr-queue disable queues disables an egress queue from transmitting traffic. The command no wrr-queue disable queues enables an egress queue to transmit traffic. Syntax wrr-queue disable queues [0][1][2][3][4][5][6][7] no wrr-queue disable queues [0][1][2][3][4][5][6][7]...
Page 937: Wrr-Queue Egress-Rate-Limit Queues
QoS Commands wrr-queue egress-rate-limit queues Sets a limit on the amount of traffic that can be transmitted per second from these queues. The default unit is in Kb, but Mb or Gb can also be specified. The minimum is 651Kb.
Page 938: Wrr-Queue Group Weight Queues
Configures weighted round-robin based scheduling on the specified egress queues. The queues can be placed into either group 1 or group 2. Both groups are still serviced in a round-robin order according to the specified weights, but all queues in group 1 must be empty before any packets in group 2 can be sent.
Page 939 QoS Commands wrr-queue queue-limit Sets the percentages of a ports total buffer pool that each queue is allowed to use. This queue limit is applicable no matter what type of scheduling is configured for the specified queues (i.e. Wrr or Strict).
Page 941: Introduction
41 802.1x Configuration Introduction................................41.2 The 802.1x Implementation .........................41.2 Configuring 802.1x.............................41.2 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 41.1...
Page 942: 802.1X Configuration
■ the supplicant - the port that wishes to access services offered by the authenticator’s system. The supplicant may be a port on a PC or other device connected to this device. ■ the authentication server - a device that uses the authentication credentials supplied by the supplicant, via the authenticator, to determine if the authenticator should grant access to its services.
Page 943: Radius Server
Interface mode. awplus(config-if)# Enable authentication (via Radius) on port dot1x port-control auto (port1.0.1). awplus(config-if)# Block traffic in both directions, other than dot1x port-control direction both authentication packets, until authentication is complete. awplus(config-if)# Exit the Interface mode and enter the exit Configure mode.
Page 945 ......................42.13 show dot1x interface............................. 42.14 show dot1x sessionstatistics interface....................42.15 show dot1x statistics interface ......................... 42.15 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1...
Page 946: 1X And Radius Commands
Note that the specified switch ports must exist. Privileged Exec mode Mode Note that all dot1x commands can only be applied to switch ports. They cannot be applied to Usage dynamic (LACP) or static channel groups. To unauthorize switch port 1.0.1 and attempt reauthentication on switch port 1.0.1 enter: Examples awplus#dot1x initialize interface port1.0.1...
Page 947: Dot1X Max-Req
Maximum number of failed EAP requests sent to supplicant. The default number of attempts is 2 attempts. Interface mode Mode The maximum number of reauthentication attempts after failure is set to 2 attempts by default. Default Examples awplus#configure terminal awplus(config)#interface port1.0.1 awplus(config-if)#dot1x max-req 4 ©2008 Allied Telesis Inc.
Page 948: Dot1X Port-Control
Discard receive and transmit packets from the supplicant Discard receive packets from the supplicant Interface mode Mode Note that all dot1x commands can only be applied to switch ports. They cannot be applied to Usage dynamic (LACP) or static channel groups. Examples awplus#configure terminal awplus(config)#interface port1.0.1...
Page 949: Dot1X Reauthentication
802.1x and RADIUS Commands dot1x quiet-period Use this command to set the quiet-period time interval. Use the no parameter with this command to set the configured quiet period to the default (60 seconds). When a switch cannot authenticate a client, the switch remains idle for a quiet-period interval of time, then tries again.
Page 950: Dot1X Reauthmax
Use this command to globally enable 802.1x port authentication on the device. You must use this command before any other 802.1x authentication configuration takes effect. Use the no version of this command to globally disable 802.1x port authentication on the device.
Page 951: Dot1X Timeout Re-Authperiod
802.1x and RADIUS Commands dot1x timeout re-authperiod Use this command to set the interval between reauthorization attempts. Syntax dot1x timeout re-authperiod <seconds> Parameter Description <seconds> <1-4294967295> Specify the time in seconds between reauthorization attempts. The default time is 3600 seconds.
Page 952: Dot1X Timeout Supp-Timeout
The default supplicant response timeout is 30 seconds. Default Examples awplus#configure terminal awplus(config)#interface port1.0.1 awplus(config-if)#dot1x timeout supp-timeout 40 dot1x timeout tx-period Use this command to set the interval between successive attempts to request an ID. Syntax dot1x timeout tx-period <seconds> Parameter Description <seconds> <1-65535> Seconds.
Page 953: Radius-Server Deadtime
802.1x and RADIUS Commands radius-server deadtime Use this command to specify the number of minutes a RADIUS server, which is not responding to authentication requests, is passed over by requests for RADIUS authentication. Use the no form of this command to set deadtime to the default value of 0.
Page 954: Radius-Server Host
Use the no form of the command to unconfigure a specified RADIUS-server. If the auth-port parameter is not specified, it will take the default value of the auth-port. If you do not specify the auth-port to unconfigure, and the default value of the auth-port does not match the port you are trying to unconfigure, the specified RADIUS-server host will not be unconfigured.
Page 955: Radius-Server Key
802.1x and RADIUS Commands radius-server key Use this command to set the shared secret key between a RADIUS server and a client. Syntax radius-server key <key> Parameter Description the secret key shared among the RADIUS server and the RADIUS client <key>...
Page 956: Show Dot1X
802.1x and RADIUS Commands radius-server timeout Use this command to specify the number of seconds a device waits for a reply to a RADIUS request before retransmitting the request. Use the no parameter to use the default value. Syntax radius-server timeout <1-1000>...
Page 957: Show Dot1X Diagnostics Interface
802.1x and RADIUS Commands show dot1x diagnostics interface Use this command to display all diagnostics information of the authenticator associated with a port. Syntax show dot1x diagnostics interface <port> Parameter Description <port> Specify the switch port to display information about.
Page 958: Show Dot1X Interface
802.1x and RADIUS Commands show dot1x interface Use this command to display the state of a particular interface. Syntax show dot1x interface <port> Parameter Description Specify the switch port to display information about. <port> User Exec and Privileged Exec mode...
Page 959: Show Dot1X Sessionstatistics Interface
802.1x and RADIUS Commands show dot1x sessionstatistics interface Use this command to display all statistical information of the established session. Syntax show dot1x sessionstatistics interface <port> Parameter Description Specify the switch port to display information about. <port> User Exec and Privileged Exec mode...
Page 961: 43 Secure Shell (Ssh) Introduction
Configuring the SSH Client ...........................43.8 Modifying the Client..........................43.8 Adding SSH Servers..........................43.9 Authenticating with a Server........................43.9 Connecting to a Server and Running Commands..............43.10 Copying files to and from the Server................... 43.10 Debugging the Client ..........................43.10 ©2008 Allied Telesis Inc. All rights reserved.
Page 962: Introduction
The Secure Shell (SSH) protocol is superior to these protocols by providing encrypted and strongly authenticated remote login sessions. SSH provides sessions between a host running a SSH server and a machine with a SSH client. The AlliedWare Plus OS includes both a SSH server and a SSH client to enable you to securely—with the benefit of cryptographic authentication and encryption—manage your...
Page 963: Configuring The Ssh Server
[dsa|rsa|rsa1] [<768-32768>] This command has two parameters for creating RSA keys. The rsa parameter creates a host key for SSH version 2 sessions only. To create a host key for SSH version 1 sessions, use the rsa1 parameter.
Page 964: Enabling The Server
Modifying the Server To modify the SSH version that the server supports, or the TCP port that the server listens to for incoming sessions, use the command: awplus(config)# ssh server {[v1v2|v2only]|<1-65535>} The server listens on port 22 for incoming sessions, and supports both SSH version 2 and SSH version 1, by default.
Page 965: Validating The Server Configuration
The SSH server also contains a list of denied users. The server checks all incoming sessions against this list and denies any matching session, regardless of whether the session matches an entry in the allowed users list. To add an entry to the list of denied users, use the command: awplus(config)# ssh server deny-users <username_pattern>...
Page 966: Authenticating Ssh Users
You can add multiple keys for the same user. To display the list of public keys associated with a user, use the command: awplus(config)# show crypto key pubkey-chain userkey <username>[<1-65535>] The <1-65535>...
Page 967: Monitoring The Server And Managing Sessions
Note that this displays both SSH server and SSH client sessions that your Allied Telesis device is running. Use this command to view the unique identification number assigned to each incoming or outgoing SSH session. You need the ID number when terminating a specific session from your device.
Page 968: Configuring The Ssh Client
{port <1-65535>|version {1|2}|session-timeout <0-3600>| connect-timeout <1-600>} The SSH client uses TCP port 22, by default. You can change the TCP port for the remote SSH server by using the port parameter. The client supports both SSH version 1 and version 2 sessions, by default. To change the SSH client to only use a specific SSH version for sessions, for example SSH version 1, use the version parameter.
Page 969: Adding Ssh Servers
If the database does not contains a host key for the server, then the SSH client requires you to confirm that the host key sent from the server is correct.
Page 970: Connecting To A Server And Running Commands
[user <username>|port <1-65535>|version {1|2}] <hostname> [<line>] By default, the SSH client attempts to use SSH version 2 with the SSH server. If this fails, the client uses SSH version 1. For example, to connect to the SSH server at 192.168.1.2 as user “john”, and execute the command “show sys”, use the command:...
Page 971: 44 Ssh Configuration
44 SSH Configuration Configuring the SSH Server ........................44.2 ©2008 Allied Telesis Inc. All rights reserved. ©2008 Allied Telesis Inc. All rights reserved. Software Version 5.2.1 Software Version 5.2.1 AlliedWare Plus AlliedWare Plus Operating System Software Reference C613-50003-00 REV E Operating System Software Reference C613-50003-00 REV E 44.1...
Page 972: Configuring The Ssh Server
Enable the Secure Shell server. Enable Secure Shell on the device using the command: awplus(config)#service ssh Modify the SSH server settings as desired. For example, to set the login-timeout to 60, and the session-timeout to 3600, use the commands: awplus(config)#ssh server...
Page 973 Authentication Database password. To use private/public key authentication, copy the public keys for each user onto the device. To copy the files onto flash from the key directory of an attached TFTP server, use the command: awplus#copy tftp://key/john.pub flash:/john.pub awplus#copy tftp://key/asuka.pub flash:/asuka.pub To associate the key file with each user, use the command: awplus(config)#crypto key pubkey-chain userkey john john.pub...
Page 975: 45 Secure Shell Commands
45.10 service ssh ................................45.11 show banner login ............................45.11 show crypto key hostkey..........................45.12 show crypto key pubkey-chain knownhosts ..................45.13 show crypto key pubkey-chain userkey ....................45.14 show crypto key userkey..........................45.15 show running-config ssh..........................45.16 show ssh................................
Page 976: Banner Login
To add a banner, first enter the command banner login, and hit [Enter]. Write your message. You can use any character and spaces. Use Ctrl+D at the end of your message to save the text and re-enter the normal command line mode.
Page 977: Clear Ssh
Related Commands crypto key destroy hostkey This command deletes the existing public and private keys of the SSH server. Note that for the server to operate it needs at least one set of hostkeys configured. crypto key destroy hostkey...
Page 978: Crypto Key Destroy Userkey
Secure Shell Commands crypto key destroy userkey This command destroys the existing public and private keys of an SSH user configured on the device. crypto key destroy userkey rsa1 Syntax <username> [ Parameters Description Name of the user whose userkey you are destroying. The username must <username>...
Page 979: Crypto Key Generate Hostkey
1024 bits. Default: 1024 Configure mode Mode To generate an RSA host key for SSH version 2 connections that is 2048 bits in length, use the Examples command: awplus(config)#crypto key generate hostkey rsa 2048 To generate DSA host key, use the command:...
Page 980: Crypto Key Generate Userkey
Secure Shell Commands crypto key generate userkey This command generates public and private keys for an SSH user using either an RSA or DSA cryptography algorithm. To use public key authentication, copy the public key of the user onto the remote SSH server.
Page 981: Crypto Key Pubkey-Chain Knownhosts
If the server’s key changes, or if your SSH client does not have the public key of the remote SSH server, then your SSH client will inform you that the public key of the server is unknown or altered.
Page 982: Crypto Key Pubkey-Chain Userkey
Secure Shell Commands crypto key pubkey-chain userkey This command adds a public key for an SSH user onto the SSH server. This allows the server to support public key authentication for the user. When configured, the user can access the SSH server without providing a password from the remote host.
Page 983: Debug Ssh Client
This command enables the SSH client debugging facility. When enabled, any SSH, SCP and SFTP client sessions send diagnostic messages to the login terminal. The no form disables the SSH client debugging facility. This stops the SSH client from generating diagnostic debugging message.
Page 984: Debug Ssh Server
This command enables the SSH server debugging facility. When enabled, the SSH server sends diagnostic messages to the system log. To display the debugging messages on the terminal, use the terminal monitor command. The no form disables the SSH server debugging facility. This stops the SSH server from generating diagnostic debugging messages.
Page 985: Service Ssh
SSH clients are accepted. SSH server needs a host key before it starts. If an SSHv2 host key does not exist, then this command fails. If SSHv1 is enabled but a host key for SSHv1 does not exist, then SSH service is unavailable for version 1.
Page 986: Show Crypto Key Hostkey
This command displays the SSH host keys generated by RSA and DSA algorithm. A host key pair (public and private keys) is needed to enable SSH server. The private key remains on the device secretly. The public key is copied to SSH clients to identify the server...
Page 987: Show Crypto Key Pubkey-Chain Knownhosts
To display public keys of known SSH servers, use the command: Examples awplus#show crypto key pubkey-chain knownhosts To display the key data of the first entry in the known host data, use the command: awplus#show crypto key pubkey-chain knownhosts 1 Related Commands crypto key pubkey-chain knownhosts ©2008 Allied Telesis Inc.
Page 988: Show Crypto Key Pubkey-Chain Userkey
Bits Length in bits of the key. Checksum value for the key. Fingerprint To display the public keys for the user “manager” that are registered with the SSH server, use the command: awplus#show crypto key pubkey-chain userkey manager Related Commands crypto key pubkey-chain userkey ©2008 Allied Telesis Inc.
Page 989: Show Crypto Key Userkey
To show the public key generated for the user, use the command: Examples awplus#show crypto key userkey manager To store the RSA public key generated for the user manager to the file "user.pub", use the command: awplus#show crypto key userkey manager rsa > manager-rsa.pub...
Page 990: Show Running-Config Ssh
Secure Shell Commands show running-config ssh This command displays the current running configuration of Secure Shell (SSH). show running-config ssh Syntax Privileged Exec mode Mode Figure 45-5: Example output from the show running-config ssh command Output ssh server session-timeout 600 ssh server login-timeout 30 ssh server allow-users manager 192.168.1.*...
Page 991: Show Ssh
Secure Shell Commands show ssh This command displays the active SSH sessions on the device, both incoming and outgoing. show ssh Syntax Privileged Exec mode Mode Figure 45-6: Example output from the show ssh command Output Secure Shell Sessions: ID Type Mode...
Page 992: Show Ssh Client
Version SSH server version; either "1", "2" or "2,1". Connect Time in seconds that the SSH client waits for an SSH session to establish. If Timeout the value is 0, the connection is terminated when it reaches the TCP timeout.
Page 993: Show Ssh Server
Idle Timeout Time (in seconds) that the SSH server will wait to receive data from the SSH client. The server disconnects if this timer limit is reached. If set at 0, the idle timer remains off. Maximum The maximum number of concurrent connections that are waiting Startups authentication.
Page 994: Show Ssh Server Allow-Users
If no hostname is specified, the user is allowed from all hosts. To display the user entries in the allow list of the SSH server, use the command: Example awplus(config)#show ssh server allow-users...
Page 995: Show Ssh Server Deny-Users
This command displays the user entries in the deny list of the SSH server. The user in the deny list is rejected to access the SSH server. If a user is not included in the access list of the SSH server, the user is also rejected.
Page 996 Secure Shell Commands This command initiates a Secure Shell connection to a remote SSH server. If the server requests a password for the user login, the user needs to type in the correct password on "Password:" prompt. SSH client identifies the remote SSH server by it’s public key registered on the client device. If the server identification is changed, sever verification fails.
Page 997: Ssh Client
This command modifies the default configuration parameters of the Secure Shell (SSH) client. The configuration is used for any SSH client on the device to connect to remote SSH servers. Any parameters specified on SSH client explicitly override the default configuration parameters.
Page 998 Secure Shell Commands To configure the default TCP port for SSH clients to 2200, and the session timer to 10 minutes, Examples use the command: awplus#ssh client port 2200 session-timeout 600 To configure the connect timeout of SSH client to 10 seconds, use the command:...
Page 999: Ssh Server
This command modifies the configuration of the SSH server. Changing these parameters affects new SSH sessions connecting to the device. The no form restores the configuration of a specified parameter to its default value. The change affects the SSH server immediately if the server is running. Otherwise, the configuration is used when the server starts.
Page 1000 Secure Shell Commands To limit the number of SSH client connections waiting authentication from SSH server to 3, use the command: awplus(config)#ssh server max-startups 3 To disable the idle timer of SSH server, use the command: awplus(config)#no ssh server client-alive-interval...
Page 1001 SSH server also maintains the deny list. The server checks the user in the deny list first. If a user is listed in the deny list, then the user access is denied even if the user is listed in the allow list.
Page 1002 SSH server also maintains the allow list. The server checks the user in the deny list first. If a user is listed in the deny list, then the user access is denied even if the user is listed in the allow list.
Page 1003: Ssh Server Scp
You must enable the SSH server as well as this service before the device accepts SFTP connections. The SFTP service is enabled by default as soon as the SSH server is enabled. If the SSH server is disabled, SFTP service is unavailable.
Page 1005: High Availability Reference
High Availability Reference This part includes the following chapters: Chapter 46, VRRP Introduction ■ ■ Chapter 47, VRRP Commands ■ Chapter 48, EPSR Introduction ■ Chapter 49, EPSR Commands...

This manual is also suitable for:

At-x900-24xs At-x900-24xt-n Switchblade at-x908 At-x900-24xt Alliedware plus 5.2.1

Allied Telesis AT-x900-12XT/S Software Reference Manual

Table of Contents

1 Getting Started

1 Getting Started

2 Command Syntax Conventions in this Software Reference

3 Startup Sequence

4 CLI Navigation Commands

5 User Access Commands

6 Creating and Managing Files

7 File Management Commands

8 System Configuration and Monitoring Commands

8 System Configuration and Monitoring Commands

9 Debugging and Logging

10 Logging Commands

10 Logging Commands

11 Scripting Commands

12 Interface Commands

13 Interface Testing Commands

14 Switching Introduction

15 Switching Commands

16 VLAN Commands

Quick Links

Chapters

Troubleshooting

Related Manuals for Allied Telesis AT-x900-12XT/S

Summary of Contents for Allied Telesis AT-x900-12XT/S