Page 1 SFTOS Command Reference for the S2410 Version 2.4.1.0 Edition 2 April 2008...
Page 2 In the interest of improving internal design, operational function, and/or reliability, Force10 Networks reserves the right to make changes to products described in this document without notice. Force10 Networks does not assume any liability that may occur due to the use or application of the product(s) described herein.
Page 3: New Features
New Features This preface describes SFTOS 2.4.1 by contrasting it to SFTOS 2.3.1.9. Major Changes Most of the differences in SFTOS 2.4.1 reflect the fact that SFTOS 2.4.1 is dedicated to supporting the S2410 models of the S-Series: • Layer 2 only: The S2410 is limited to Layer 2 functionality, and therefore Layer 3 commands are not in the CLI, such as those for the OSPF and RIP protocols.
Page 4: Deprecated Commands
• The maximum number of LAGs is 12, with a maximum of 12 ports in a LAG (vs. 32 LAGs, with a maximum of eight members each in SFTOS 2.3.1). See Chapter 15, LAG/ Port Channel Commands, on page 249. •...
Page 5: Table Of Contents
Contents New Features ............. . . 3 Major Changes .
Page 6 Chapter 3 Using the Command Line Interface ..........39 Command Syntax Conventions .
Page 7 show interface ............. . 65 show interface ethernet .
Page 8 snmp-server enable traps linkmode ..........100 snmp-server enable traps multiusers .
Page 9 priority (VLAN) ............. 126 protocol group .
Page 10 Configuration Scripting ............146 script apply .
Page 11 port-security mac-address move ..........166 show port-security .
Page 12 port ..............190 priority .
Page 13 lease ..............209 network .
Page 14 gvrp interfacemode enable ........... . 228 gvrp interfacemode enable all .
Page 15 Chapter 15 LAG/Port Channel Commands ..........249 addport .
Page 16 spanning-tree mst priority ........... . . 271 spanning-tree mst vlan .
Page 17 Force10 Networks iSupport Website ........
Page 18 Figure 35 Using the copy command to Upload the Event Log ......141 Figure 36 Using the copy command to Download the CLI Banner .
Page 19 List of Tables Table 1 Boot Menu Options ........... . 33 Table 2 Network Address Syntax .
Page 21: About This Guide
S2410 models of the S-Series line of switches. The commands can be accessed from the SFTOS Command Line Interface (CLI), accessed through the console port or through a ® Telnet connection, and from the Node Manager component of Force10 Networks Management System (FTMS). This chapter covers the following topics: •...
Page 22: Audience
Audience This guide assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies, that you have an understanding of the SFTOS software base and have read the appropriate specification for the relevant switch platform. This document is primarily for system administrators configuring and operating a system using SFTOS software.
Page 23: Related Documents And Sources Of Additional Information
Related Documents and Sources of Additional Information The following documents provide information on using the S2410 switch and SFTOS 2.4 software. All of the documents are available on the Documents tab of iSupport (the Force10 Networks support website): http://www.force10networks.com/support: •...
Page 24: Documentation Feedback
Access to some sections of the iSupport website do not require a password to access. However, if a section does require a password, you can request one at the website: On the Force10 Networks website home page, www.force10networks.com, click the Support link, as highlighted at the top of Figure Click the Account Request link.
Page 25 • Documents: User documentation, FAQs, field notices, technical tips, and white papers • Support Programs: Information on the complete suite of Force10 support and professional support services. For more on using the iSupport website and accessing services, see the Force10 Service and , available on the Home tab, as displayed above.
Page 26 About This Guide...
Page 27: Sftos Overview
Note: When configuring a device by use of a configuration file, the maximum number of configuration file command lines is 2000. • Simple Network Management Protocol (SNMP): Force10 Networks provides Force10 Management System (FTMS), a graphical network management software product that provides a global view of your complete Force10 network. FTMS includes Node...
Page 28: Sftos 2.4.1 Features
SFTOS 2.4.1 Features Note: The "Untested and Unsupported Features and Commands" section of the Release Notes contains the most current information on available features. The SFTOS 2.4.1 software provides the following features through a limited version (no stacking) of its “Layer 2 Package” (also called the “Switching Package”). •...
Page 29: Multicast Protocols
Multicast Protocols • IGMP Snooping • Layer 2 Multicast Forwarding Security and Packet Control Features • Ingress Rate Limiting • Login Access Control • RADIUS • IEEE 802.1x • SSH2 Server Support • Port Mirroring • Access Profiles on Routing Protocols •...
Page 30 SFTOS Overview...
Page 31: Quick Start
Chapter 2 Quick Start This chapter summarizes the procedures to start and operate the switch. For more detail, see the Getting Started chapter in the SFTOS Configuration Guide (and the rest of that guide) or the S2410 Quick Reference. This chapter covers the following topics: •...
Page 32: Using The Boot Menu
5. Press ENTER two times. The prompt of the User Exec mode of the CLI is displayed. enable show 6. Enter to switch to the Privileged Exec mode. You can run all commands show from this mode, while some commands do not run from User Exec mode. configure 7.
Page 33: System Info And System Setup
2. At the [Boot Menu] prompt, press the number and Enter of the option that you want. The options are: Table 1 Boot Menu Options Boot Menu Options Details 1 - Start operational code Start SFTOS (the same option as presented in the two-option startup menu).
Page 34: Physical Port Data
Physical Port Data To get information on the physical port, use the command show port all Command Syntax Command Mode Purpose show port all unit/slot/port Privileged Exec Displays the ports in format and the following data for each port: Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port speed and duplex mode...
Page 35: Management Ip Address
Note: Keywords and parameters that are shown within braces in syntax statements must be entered in the CLI. Keywords and parameters that are shown separated by a bar in syntax statements require you to choose one. Parameters in italics are variables for which you substitute a value.
Page 36: Configuring The Management Vlan Ip Address
Configuring the Management VLAN IP Address To configure the management VLAN IP address, use the following commands: Command Syntax Command Mode Purpose show interface Privileged Exec Displays the Network Configurations managementethernet IP Address: IP Address of the interface. Default IP is 0.0.0.0 Subnet Mask: IP Subnet Mask for the interface.
Page 37: Uploading From The Switch Through Xmodem
Example of Configuring the Ethernet Management Port (Force10 S2410) (Config)#serviceport ip 10.11.197.177 255.255.0.0 10.11.197.190 (Force10 S2410) (Config)#exit (Force10 S2410) #show serviceport IP Address........10.11.197.177 Subnet Mask........255.255.0.0 Default Gateway........ 10.11.197.190 ServPort Configured Protocol Current... None Burned In MAC Address......00:01:E8:99:99:9A (Force10 S2410) # Figure 3 Example of Configuring the Ethernet Management Port Uploading from the Switch through XMODEM...
Page 38: Downloading From A Tftp Server
Downloading from a TFTP Server 1. Before starting a TFTP server download, configure the management IP address of the switch; see Management IP Address on page 2. To download from a TFTP server, use the following command Command Syntax Command Mode Purpose copy tftp://ip address/ Privileged Exec...
Page 39: Using The Command Line Interface
Using the Command Line Chapter 3 Interface The SFTOS command line interface (CLI) is one of the three major ways to manage the S2410, and is the most complete. The SFTOS Web User Interface (Web UI) is discussed in Chapter 4, Using the Web User Interface, and SNMP is addressed in SNMP Management Commands on page 94...
Page 40: Command Format
The following conventions apply to the command name: • The command name is displayed in bold font. It must be entered exactly as shown. • When you have entered enough letters of a command name to uniquely identify the command, you can press the space bar or Tab key to cause the system to complete the word.
Page 41: No" Form Of A Command
<parameter> Words in italics (also sometimes shown in brackets: ) indicate that a mandatory parameter must be entered in place of the brackets and text inside them parameter ]—square brackets indicate that an optional parameter may be entered in place of the brackets and text inside them. choice1 choice2 —pipe indicates that only one of the parameters should be entered.
Page 42: Addresses
unit/slot/port— Valid slot and port number separated by forward slashes. For example, represents slot number 0 and port number 1. logical unit/slot/port —Logical unit, slot and port number. This is applicable in the case of a logical link aggregation group (LAG; also called a port channel). The operator can use the unit/slot/port to configure the LAG.
Page 43: Keyboard Shortcuts
Keyboard Shortcuts The following key combinations (speedkeys, special characters) speed up use of the CLI: Backspace—delete previous character Ctrl-A—go to beginning of line Ctrl-B—go backward one character Ctrl-D—delete current character Ctrl-E—go to end of line Ctrl-F—go forward one character Ctrl-H—display command history or retrieve a command Ctrl-I—complete a keyword Ctrl-K—delete to end of line Ctrl-N—go to next line in history buffer...
Page 44: Using Command Modes
• Type a partial keyword followed by a A display of keywords beginning with the partial keyword is listed. Figure 4 illustrates the results of entering to get a list of possible keywords. (Force10) #show ? access-lists Display Access List information. Display Address Resolution Protocol cache.
Page 45: Mode-Based Topology
The following command-mode tree diagram provides an overview of the names of the modes and how they relate to each other. The User Exec mode at the top of the tree is the mode you enter when you access the CLI. Mode-based Topology As detailed above, the CLI is built on a mode concept, where related commands are grouped together within modes that you access with particular mode-access commands.
Page 46: Figure 5 Cli Mode Diagram
Figure 5 CLI Mode Diagram Note: In Release 2.4.1, you access the Interface VLAN mode from the Global Config mode with the command interface vlan vlanid. Note: Some modes listed in Table 3 are unavailable in SFTOS 2.4.1, including the Stacking mode and Layer 3 protocol modes, such as OSPF and RIP.
Page 47: Table 3 Command Modes
The following table shows the relationship of the command mode names to the prompts visible in the mode and the exit method from that mode. The first three rows in the table are organized in the sequence in which you would access the child modes. Beyond the Global Config mode, the modes are either accessed from the Global Config mode or from the mode listed in the row above.
Page 48: Mode-Based Command Hierarchy
Table 3 Command Modes Command Mode Mode Access Method Prompt Exit or Access Previous Mode Mac Access List In the Global Config mode, hostname (Mac-Access-List To exit to the Global Config mode, enter mac access-list exit Config Config)# enter the command.
Page 49 In this mode, a physical port is set up for a specific logical connection operation. The Interface Config mode provides access to the router interface configuration commands. Command Prompt: hostname (Interface )# The resulting prompt sequence for the interface configuration command entered in the Global Configuration mode is shown here: hostname (Config)# interface /1 hostname (Interface /1)#...
Page 50: Flow Of Cli Operation
TACACS Config Mode. Use this mode to configure the connection parameters to a TACACS + user authentication server. VLAN Mode. (formally called the Interface Vlan Config mode, or more simply, the Interface Vlan mode) This mode groups all the commands pertaining to VLANs. Command Prompt: hostname conf-if-vl-vlan-id Note: Before Release 2.3, the VLAN mode was accessed from the Privileged Exec...
Page 51: Using The Web User Interface
Chapter 4 Using the Web User Interface This chapter covers the following topics: • Configuring for Web Access on page 52 • Web Page Layout on page 52 • Starting the Web User Interface on page 52 • Command Buttons on page 53 This chapter is a brief introduction to the SFTOS Web User Interface (Web UI), enabling you to manage your switch through a Web browser and Internet connection.
Page 52: Configuring For Web Access
Configuring for Web Access To enable Web browser access to the switch: 1. Configure the switch for in-band connectivity. See Management IP Address on page ip http server enable 2. Enable HTTP Web access to the switch with either the ip http secure-server enable command or (for details, see...
Page 53: Command Buttons
3. Make your selection by clicking on the appropriate item in the navigation tree in Frame 2. Command Buttons The following command buttons are used throughout the Web UI panels: Save—Implements and saves the changes you just made. Some settings may require you to reset the system in order for them to take effect.
Page 54 Using the Web User Interface...
Page 55: System Management Commands
System Management Chapter 5 Commands The commands in this chapter either manage the switch in general, configure management interfaces, or show current management settings. For every configuration command, there is a show command that displays the configuration setting. This chapter contains the following major sections: •...
Page 56: Dir
• network protocol on page 62 • protocol on page 63 • serviceport ip on page 63 • serviceport protocol on page 64 • show arp switch on page 64 • show hardware on page 65 • show interface on page 65 •...
Page 57: Hostname
hostname Example Force10 #dir nvram RamDiskVol:filesystem> sslt.rnd 1024 dhcpsLeases.cfg 85088 startup-config 6392 Filesystem size 4179968 Bytes used 92504 Bytes free 4087464 CodeStorVol:> log2.bin 131040 slog0.txt olog0.txt mrt.log --More-- or (q)uit Filesystem size 20022272 Bytes used 131040 Bytes free 19891232 Force10# Figure 7 Example of dir nvram Command Output hostname Change the text that appears as part of the CLI prompt.
Page 58: Interface Managementethernet
interface managementethernet interface managementethernet This command invokes the Interface ManagementEthernet mode (uses the(Config-if-ma)# prompt), where you can set up a management IP interface. For details on management interfaces, see the Management chapter of the SFTOS Configuration Guide. interface managementethernet Syntax Mode Global Config Command...
Page 59: Mac-Address
mac-address ipaddr The value for is the IP Address of the management interface. This is the IP address that you would enter in your Web browser to access the SFTOS Web User Interface. subnetmask The value for is a 4-digit dotted-decimal number which represents the subnet mask of the interface.
Page 60: Management Route Default
management route default Default None Mode Interface ManagementEthernet Command Version 2.3 Introduced. Replaces the network mac-type command. History Related interface managementethernet Invokes the Interface ManagementEthernet mode, the Commands (Config-if-ma)# prompt. management route default This command sets the IP gateway of the switch. The management IP address (configured ip address with the , above) and the gateway must be on the same subnet.
Page 61: Mtu
Example (s50-1) (Config)#management route default 10.10.1.254 (s50-1) (Config)#interface managementethernet (Config-if-ma)#ip address 10.10.1.251 255.255.255.0 (Config-if-ma)#exit (s50-1) (Config)#ip http server enable (s50-1) (Config)#exit (s50-1) # (s50-1) #show interface managementethernet IP Address........10.10.1.151 Subnet Mask........255.255.255.0 Default Gateway........ 10.10.1.254 Burned In MAC Address......00:01:E8:D5:A0:39 Locally Administered MAC Address....
Page 62: Network Mac-Address
network mac-address network mac-address This command is replaced by the mac-address command in Version 2.3. Mode Privileged Exec Command Version 2.3 Introduced. Replaced by the mac-address command. History network mac-type This command is replaced by the mac-type command in Version 2.3. Mode Privileged Exec Command...
Page 63: Protocol
protocol protocol This command specifies the network configuration protocol to be used for the management VLAN. protocol {none | bootp | dhcp} Syntax bootp If you modify this value, the change is effective immediately. The keyword indicates that the switch periodically sends requests to a Bootstrap Protocol (BootP) server or a DHCP none server until a response is received.
Page 64: Serviceport Protocol
serviceport protocol Related serviceport protocol Set the network configuration protocol to be used for configuring access to Commands the Ethernet Management port. show serviceport Display the IP configuration and MAC address of the Ethernet Management port. serviceport protocol This command specifies the network configuration protocol to be used for configuring access to the Ethernet Management port.
Page 65: Show Hardware
show hardware MAC Address—A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB IP Address—The IP address assigned to each interface unit/slot/port —Valid unit, slot and port number separated by forward slashes.
Page 66: Figure 9 Output Of The Show Interfaces Unit/Slot/Port Command
show interface Enter the port number of a particular port to query, where unit is the stack member, slot is always 0 (zero), and port is the port number. Mode Privileged Exec Web User Inventory Information panel, accessed from the System node Interface show interface unit/slot/port.
Page 67: Show Interface Ethernet
show interface ethernet Related ip address (management) Configures the IP address of the management interface. Commands show interface ethernet Displays detailed statistics for a specific port or for all CPU traffic based upon the argument. show interface switchport Displays a summary of statistics on Layer 2 interfaces. show interface Displays information about the management interface to the switch.
Page 68: Figure 10 Example Of Show Interface Ethernet Switchport Output
show interface ethernet Example 1 (Force10) #show interface ethernet switchport Total Packets Received (Octets)....40648140 Unicast Packets Received....... 324 Multicast Packets Received..... 307772 Broadcast Packets Received..... 3 Receive Packets Discarded...... 0 Octets Transmitted......42855160 Packets Transmitted Without Errors..... 319879 Unicast Packets Transmitted....327 Multicast Packets Transmitted....
Page 69: Figure 11 Example Of Show Interface Ethernet Unit/Slot/Port Output (Truncated)
show interface ethernet Table 7 Fields in Output of show interface ethernet switchport Command (continued) Field Description Broadcast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even though no errors had been detected to...
Page 70: Table 8 Fields In Output Of Show Interface Ethernet Unit/Slot/Port Command
show interface ethernet show interface ethernet unit/slot/port display fields, when the argument is , are as follows: Table 8 Fields in Output of show interface ethernet unit/slot/port Command Field Description Packets Received Type Indicates current type of use of the port, such as “PC Mbr” to indicate port channel member, “Mirror”...
Page 71 show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description Packets Received 1519-1522 Octets The total number of packets (including bad packets) received that were between 1519 and 1522 octets in length inclusive (excluding framing bits but including FCS octets).
Page 72 show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description Local Traffic Frames The total number of frames dropped in the forwarding process because the destination address was located off of this port. 802.3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation.
Page 73 show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description Packets Transmitted 1024-1518 The total number of packets (including bad packets) received Octets that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets) Packets Transmitted 1519-1522 The total number of packets (including bad packets) received...
Page 74 show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description VLAN Viable Discards The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified, or if the VLAN has not been configured Protocol Statistics BPDU's received...
Page 75: Show Interface Managementethernet
show interface managementethernet show interface managementethernet This command displays information about the management address of the switch. show interface managementethernet Syntax Mode Privileged Exec Command managementethernet show interface Version 2.3 Modified: Added the keyword History show network provide the information that had been available through the command.
Page 76: Show Interface Switchport
show interface switchport Related ip address (management) Configures the IP address of the management VLAN. Commands show interface Displays detailed statistics for a specific port or for all CPU traffic based upon the argument. show interface switchport Displays a summary of statistics on Layer 2 interfaces. show interface ethernet Displays detailed statistics for a specific ethernet port or for all CPU traffic based upon the argument.
Page 77: Show Interfaces
show interfaces Table 10 Fields in Output of show interface switchport Command Field Description VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds since the statistics for this switch were last cleared.
Page 78: Show Logging
show logging show interfaces description Usage The following example shows sample output of the Information unit/slot/port command with an interface specified in the form: Example Force10#show interfaces description 1/0/1 Interface..1/0/1 IfIndex..1 Description..1/0/1 is access port MAC Address..00:01:E8:D5:BA:C0 Bit Offset Val..1 Figure 12 Output of the show interfaces description Command Related description...
Page 79: Figure 13 Example Of Output From The Show Mac-Addr-Table All Command
show mac-addr-table Parameters macaddr (OPTIONAL) Enter a 6 byte Mac address. (OPTIONAL) Enter to get results for all interfaces. interface unit/slot/port (OPTIONAL) To show MAC addresses on a particular interface, enter interface the keyword followed by the interface unit, slot, and port. This can be a physical or logical interface.
Page 80: Show Msglog
show msglog Static—The value of the corresponding instance was added by the system or a user when a static MAC filter was defined. It cannot be relearned. Learned—The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic, and is currently in use.
Page 81: Show Network
show network show network Command managementethernet show Version 2.3 Deprecated: The keyword in the command History interface provides the information that had been available through this command. Related show interface Displays information about the management address of the switch. Commands managementethernet show running-config This command is used to display/capture the current setting of different protocol packages...
Page 82: Show Serviceport
show serviceport Example (S50-TAC-5) #show running-config all !Current Configuration: hostname "S50-TAC-5" no set gmrp adminmode no set gvrp adminmode telnetcon timeout 5 telnetcon maxsessions 5 ip telnet server enable network protocol none network parms 172.17.1.222 255.255.255.0 172.17.1.254 network mac-type burnedin network mgmt_vlan 1 no network javamode vlan database...
Page 83: Show Sysinfo
show sysinfo Example (Force10 S2410) #show serviceport IP Address........10.11.197.177 Subnet Mask........255.255.0.0 Default Gateway........ 10.11.197.190 ServPort Configured Protocol Current... None Burned In MAC Address......00:01:E8:99:99:9A Link Status........Up Figure 17 show serviceport Command Output Table 11 Fields in Output of show serviceport command Field Description IP Address...
Page 84: Show Version
show version Mode Privileged Exec Table 12 Fields in Output of show sysinfo Command Field Description Switch Description Text used to identify this switch System Name Name used to identify the switch System Location Text used to identify the location of the switch. May be up to 31 alpha-numeric characters.
Page 85 show version Table 13 Fields in Output of show version Command (continued) Headings Explanation Burned in MAC Address Universally assigned network address Software Version The release.version.revision number of the code currently running on the switch Additional Packages This displays the additional packages that are incorporated into this system, such as SFTOS Multicast.
Page 86: Show Tech-Support
show tech-support Table 13 Fields in Output of show version Command (continued) Headings Explanation RFC 2863 - IF-MIB The Interfaces Group MIB using SMIv2 RFC 3635 - Etherlike-MIB Definitions of Managed Objects for the Ethernet-like Interface Types F10OS-SWITCHING-MIB F10OS Switching - Layer 2 F10OS-INVENTORY-MIB F10OS Unit and Slot configuration F10OS-PORTSECURITY-PRIVATE-MIB Port Security MIB...
Page 87: Vlan Participation (Management)
vlan participation (management) Related show hardware Inventory information for the switch Commands show logging Trap log maintained by the switch, and event log, containing error messages from the system Port information show port show running-config Updated configuration maintained by the switch. show version Details of the software/hardware present on the system vlan participation (management)
Page 88: Ip Telnet Maxsessions
ip telnet maxsessions • telnetcon maxsessions on page 91 • telnetcon timeout on page 90 ip telnet maxsessions This command specifies the maximum number of Telnet connection sessions that can be established. ip telnet maxsessions 0-5 Syntax A value of 0 indicates that no Telnet connection can be established. The range is 0 to 5. no telnet maxsessions The command sets the maximum number of Telnet connection...
Page 89: Ip Telnet Server Enable
ip telnet server enable Command telnetcon timeout Version 2.3 Changed from and moved from Privileged Exec mode to History Global Config. ip telnet server enable Enable or disable Telnet services. [no] telnet server enable Syntax Mode Global Config Command Version 2.3 Modified: Moved from Privileged Exec mode to Global Config mode.
Page 90: Show Telnet
show telnet version of this command sets the outbound Telnet session timeout value to the default. Default 1 (minute) Mode Line Config show telnet This command displays the current outbound telnet settings. show telnet Syntax Modes Privileged Exec and User Exec Outbound Telnet Login Timeout (in minutes)—Indicates the number of minutes an outbound telnet session is allowed to remain inactive before being logged off.
Page 91: Telnetcon Maxsessions
telnetcon maxsessions telnetcon maxsessions Command Version 2.3 Modified: Changed to ip telnet maxsessions History Serial Commands This section describes the following SFTOS system management commands pertaining to console port connections (serial connections, EIA-232): • lineconfig on page 91 • serial baudrate on page 91 •...
Page 92: Serial Timeout
serial timeout no serial baudrate command sets the communication rate of the terminal interface to the 9600 default. Default 9600 Mode Line Config serial timeout This command specifies the maximum connect time (in minutes) without console activity. serial timeout 0-160 Syntax A value of 0 means no console timeout.
Page 93: Table 14 Fields Of Show Serial Command Output
show serial Table 14 Fields of show serial Command Output Field Description Serial Port Login Timeout (minutes) Specifies the time, in minutes, of inactivity on a serial port connection, after which the switch will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5.
Page 94: Snmp Management Commands
show serial SNMP Management Commands This section describes the SNMP system management commands supported by SFTOS: • show snmpcommunity on page 95 • show snmptrap on page 95 • show trapflags on page 96 • snmp-server on page 97 • snmp-server community on page 97 •...
Page 95: Show Snmpcommunity
show snmpcommunity show snmpcommunity This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. The switch does not have to be reset for changes to take effect. The SNMP agent of the switch complies with SNMP Version 1 (for more about the SNMP specification, see the SNMP RFCs).
Page 96: Show Trapflags
show trapflags Table 16 Fields of show snmptrap Command Report Field Description SNMP Trap Name The community string of the SNMP trap packet sent to the trap manager. This may be up to 16 alphanumeric characters. This string is case sensitive. IP Address The IP address to receive SNMP traps from this device.
Page 97: Snmp-Server
snmp-server snmp-server This command sets the name and the physical location of the switch, and the organization responsible for the network. The range for name, location, and contact is from 1 to 31 alphanumeric characters. snmp-server {sysname name | location loc | contact con} Syntax Default None...
Page 98: Snmp-Server Community Ipaddr
snmp-server community ipaddr snmp-server community ipaddr This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet-sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device.
Page 99: Snmp-Server Community Ro
snmp-server community ro status is changed back to Enable.The version of this command deactivates an SNMP community. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
Page 100: Snmp-Server Enable Traps Linkmode
snmp-server enable traps linkmode Mode Global Config Command Version 2.3 Introduced History Note: The CLI indicates successful execution of this command, and the show trapflags report shows successful execution of the command, but this trap is not currently supported. Related storm-control broadcast Enable broadcast storm recovery mode.
Page 101: Snmp-Server Enable Traps Stpmode
snmp-server enable traps stpmode snmp-server enable traps stpmode This command enables the sending of new root traps and topology change notification traps. [no] snmp-server enable traps stpmode Syntax version of this command disables the sending of new root traps and topology change notification traps.
Page 102: Snmptrap
snmptrap Command snmp-server enable traps Version 2.3 Corrected from History snmptrap This command adds an SNMP trap receiver name and trap receiver IP address. The maximum name length is 16 case-sensitive alphanumeric characters. [no] snmptrap name ipaddr Syntax version of this command deletes the specified trap receiver from the community. Mode Global Config snmptrap ipaddr...
Page 103: Snmp Trap Link-Status
snmp trap link-status snmp trap link-status This command enables link status traps by interface. [no] snmp trap link-status Syntax The no version of this command disables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. See snmp-server enable traps linkmode command.
Page 104 snmptrap snmpversion System Management Commands...
Page 105: System Configuration Commands
System Configuration Chapter 6 Commands This chapter provides a detailed explanation of the system configuration commands in the following major sections: • System Configuration Commands • Virtual LAN (VLAN) Commands on page 120 • System Utility Commands on page 138 •...
Page 106: Bridge Aging-Time
bridge aging-time • show mac-address-table multicast on page 115 • show mac-address-table stats on page 116 • show monitor session on page 116 • show port on page 117 • show port protocol on page 119 • shutdown (Interface) on page 119 •...
Page 107: Enable
enable configure Syntax Command Modes Privileged Exec Usage Users executing this command enter the Global Config mode, which provides access to many Information commands within that mode. Also, this mode is a gateway to all other more protocol-specific modes except the VLAN mode. For details on modes, see Chapter 3, Using the Command Line Interface, on page Example...
Page 108: Interface
interface Related enable passwd Configure a password for the enable command. Commands configure Use this command to access the Global Config mode from the Exec Privilege mode. interface This command accesses the Interface Config mode for a designated logical or physical interface.
Page 109 interface range ethernet ethernet Parameters Enter the keyword and one or more ports separated by hyphens ethernet unit/slot/port port unit/slot/port range,range ,... and commas in this form: port. Spaces are not allowed around commas or hyphens. Example: ethernet 1/0/1-1/0/10,1/0/40-1/0/45 port-channel port-channel Enter the keyword and one or more port channel numbers...
Page 110: Figure 21 Commands Available In Ethernet Range Mode
interface range Range and Port Channel Range prompts within that mode are displayed in the Link Aggregation chapter (LAGs) in the SFTOS Command Reference. Example (s50-1) (conf-if-range-et-1/0/10-1/0/11)#? addport Add this port to a port-channel. auto-negotiate Enables/Disables automatic negotiation on a port. classofservice Configure Class of Service parameters.
Page 111: Figure 22 Bulk Configuration Warning Message
interface range Example Force10(config)#interface range vlan 10 - 20 % Warning: Non-existing ports (not configured) are ignored by interface-range (conf-if-range-vlan 10-20)# Figure 22 Bulk Configuration Warning Message Figure 23 is an example of a correctly formatted single range bulk configuration. Example Force10(config)#interface range ethernet 5/0/1-5/0/23 Force10(config-if-range)#no shutdown...
Page 112: Monitor Session
monitor session monitor session This command adds a mirrored port (source port) or probe port (destination port) to a session identified with the session ID of 1. In all released versions of SFTOS, the session is always 1. monitor session 1 destination interface unit/slot/port | source interface Syntax unit/slot/port...
Page 113: Monitor Session 1 Mode
monitor session 1 mode monitor session 1 mode This command sets the monitor session (port monitoring) mode to enabled. The probe and monitored ports must be configured before port monitoring can be enabled. When enabled, the probe port monitors all traffic received and transmitted on the physical monitored port. It is not necessary to disable port monitoring before modifying the probe and monitored ports.
Page 114: No Monitor Session 1
no monitor session 1 no monitor session 1 This command removes all the source ports and a destination port of the mirroring session and restore the default value for mirroring session mode. session-id parameter is an integer value used to identify the session. In the current session-id version of the software, the parameter is always 1.
Page 115: Show Mac-Address-Table Multicast
show mac-address-table multicast igmpsnooping —Display IGMP Snooping entries in the MFDB table. multicast —Display Multicast Forwarding Database Table information. stats —Display MFDB statistics. Mode Privileged Exec Field Total Entries—This displays the total number of entries that can possibly be in the Multicast Forwarding Descriptions Database table.
Page 116: Show Mac-Address-Table Stats
show mac-address-table stats Description—The text description of this multicast table entry. Interfaces—The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Forwarding Interfaces—The resultant forwarding list is derived from combining all the component’s forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces. Related show mac-address-table Displays Multicast Forwarding Database (MFDB) statistics...
Page 117: Show Port
show port show monitor session 1 Syntax Mode Privileged Exec Example Force10 #show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port ---------- ---------- ---------- ------------- Enable 2/0/26 1/0/1 Figure 27 Command Example: show monitor session 1 Field Session ID—In all released versions of SFTOS, the session is always 1.
Page 118: Figure 28 Show Port All Command Output Example
show port Example Force10 S2410 #show port all Admin Physical Physical Link Link LACP Flow Interface Type Mode Mode Status Status Trap Mode Mode ---------- ------ ------- ---------- ---------- ------ ------- ------- ------- Enable 10G Full Down Enable Enable Disable Enable 10G Full Down...
Page 119: Show Port Protocol
show port protocol show port protocol This command displays the protocol-based VLAN information for either the entire system, or for the indicated group. show port protocol groupid Syntax Mode Privileged Exec Group Name—This field displays the group name of an entry in the protocol-based VLAN table. Group ID—This field displays the group identifier of the protocol group.
Page 120: Virtual Lan (Vlan) Commands
shutdown all [no] shutdown all Syntax Default enabled Mode Global Config Virtual LAN (VLAN) Commands interface vlan In SFTOS 2.4.1, the command is the starting point for VLAN configuration. Executing the command creates a new VLAN and invokes the Interface VLAN mode, where all VLAN configuration commands reside for the specified VLAN.
Page 121: Clear Vlan
clear vlan • participation (VLAN) on page 126 • priority (VLAN) on page 126 • protocol group on page 127 • protocol vlan group on page 127 • protocol vlan group all on page 128 • pvid (VLAN) on page 128 •...
Page 122: Description
description Mode Privileged Exec Related show vlan Displays information about VLANs, either detailed information for a specific Commands VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports description Enter a description for the selected interface (port or VLAN).
Page 123: Encapsulation (Vlan)
encapsulation (VLAN) show interfaces Displays information, including the description, about a selected interface. show running-config Display/capture the current setting of different protocol packages supported on the switch. encapsulation (VLAN) This command configures the link layer encapsulation type for the packet within the VLAN. Acceptable encapsulation types are Ethernet and SNAP.
Page 124: Makestatic
makestatic Usage After using this command to access the Interface VLAN mode (the prompt for the Interface Information VLAN mode is ), you can configure the selected VLAN. (conf-if-vl-<vlan-id>)# You can also make configuration changes to a VLAN in the Interface Range mode (see interface range on page 108) and the Interface Config mode (see interface on page...
Page 125: Mtu (Vlan)
mtu (VLAN) Mode Interface VLAN Command vlan makestatic makestatic Version 2.3 Changed from and moved to Interface VLAN History mode. Related show vlan Displays information about VLANs, either detailed information for a specific Commands VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports mtu (VLAN)
Page 126: Network Mgmt_Vlan
network mgmt_vlan Command vlan name name Version 2.3 Modified: Changed from and mode changed from VLAN History database to Interface VLAN. Removed ID range variable. Related show vlan Displays information about VLANs, either detailed information for a specific Commands VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports network mgmt_vlan...
Page 127: Protocol Group
protocol group protocol group This command attaches a group ID to the selected VLAN. A group can only be associated with one VLAN at a time. However, the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based VLAN, except when GVRP is expected to create the VLAN.
Page 128: Protocol Vlan Group All
protocol vlan group all Command Version 2.3 Added Interface Range mode. History Related interface range Defines an interface range and accesses the Interface Range mode Commands protocol vlan group all This command adds all physical interfaces to the protocol-based VLAN identified by groupid .
Page 129: Show Vlan
show vlan show vlan This command displays information about VLANs, either detailed information for a specific VLAN or summary information for all configured VLANs. The ID is a valid VLAN identification number. show vlan brief | id vlanid | name | port Syntax brief brief...
Page 130: Show Vlan Port
show vlan port Q: “T” indicates that the port is tagged; “U” indicates untagged. Ports:”E” for Ethernet, followed by the port numbers (unit/slot/port) in the VLAN show vlan brief The output of the command is shown in the following example: Example Force10#show vlan brief VLAN...
Page 131: Tagged
tagged unit/slot/port Parameters Enter interface in unit/slot/port format for retrieving information about the associated interface. Enter for retrieving information about all interfaces. Mode Privileged Exec Command Version 2.1 Introduced History Example Force10-S50 #show vlan port 1/0/1 Port Acceptable Ingress Default Interface VLAN ID Frame Types Filtering GVRP...
Page 132: Untagged
untagged tagged participation include Usage command includes the functionality of the command Information acceptframe vlanOnly and the command. For details, see the VLAN chapter in the SFTOS Configuration Guide. Related show vlan Displays information about VLANs, either detailed information for a specific Commands VLAN or summary information for all configured VLANs.
Page 133: Vlan Acceptframe
vlan acceptframe vlan acceptframe This command sets the frame acceptance mode per interface. Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Command Version 2.3 Deprecated History Related tagged Adds the designated interface to the selected VLAN as a tagged interface. Commands untagged Adds the designated interface to the selected VLAN as an untagged interface.
Page 134: Vlan Participation All
vlan participation all Command Version 2.3 Deprecated History Related vlan participation In the Interface ManagementEthernet mode, this command assigns the Commands (management) management VLAN of the switch. vlan participation all This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number Mode Global Config...
Page 135: Vlan Port Tagging All
vlan port tagging all Mode Global Config Command Version 2.3 Deprecated History Related show vlan Displays information about VLANs, either detailed information for a specific Commands VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports vlan port tagging all This command sets the tagging behavior for all interfaces in a VLAN to enabled.
Page 136: Vlan Protocol Group
vlan protocol group vlan protocol group groupname This command adds a protocol-based VLAN group to the system. The is a character string of 1 to 16 characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands. vlan protocol group groupname Syntax Mode...
Page 137: Vlan Pvid
vlan pvid vlan pvid This command changes the VLAN ID per interface. Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Command Version 2.3 Deprecated History Related tagged Adds the designated interface to the selected VLAN as a tagged interface. Commands untagged Adds the designated interface to the selected VLAN as an untagged...
Page 138: System Utility Commands
clear config System Utility Commands This section describes system utilities. The commands are divided into two functional groups: • Show commands display switch settings, statistics, and other information. • Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
Page 139: Clear Port-Channel
clear port-channel clear counters {unit/slot/port | all} Syntax Mode Privileged Exec clear port-channel This command clears all port-channels (LAGs). clear port-channel Syntax Mode Privileged Exec clear traplog This command clears the trap log. clear traplog Syntax Mode Privileged Exec clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database.
Page 140 copy nvram:errorlog • Event log (also called the error log or the persistent log) ( nvram:log • Buffered message log (also called the System log) ( nvram:startup-config • startup configuration ( nvram:traplog • trap log ( • See also copy (clibanner). Specify a URL for the destination in this form: copy nvram:clibanner tftp://tftp_server_ip_address/path/filename copy nvram:errorlog tftp://tftp_server_ip_address/ path/filename...
Page 141: Copy (Clibanner)
copy (clibanner) The following command copies from the switch system memory to flash memory: copy system:running-config nvram:startup-config Note: This command creates a text-based startup-config file. tftp_server_ip_address Parameters Enter the URL of the TFTP server in IPv4 address format: xxx.xxx.xxx.xxx path/filename Enter the path on the TFTP server and the filename.
Page 142: Enable Passwd
enable passwd cannot be created on the switch. Instead, create the banner file using a text editor, put it on your TFTP server, and then download it to the switch. copy tftp://tftp_server_ip_address/filepath nvram:clibanner Syntax Reversing the sequence of the command parameters uploads the text file from the switch: copy nvram:clibanner tftp://tftp_server_ip_address/filepath no clibanner command removes the CLI banner.
Page 143: Logout
logout enable passwd password Syntax password Parameters Enter a text string, up to 32 characters long, as the clear text password. Mode Global Config Command Version 2.3 Modified: Moved from Privileged Exec mode to Global Config mode. History logout Close the current Telnet connection or reset the current serial connection. Note: Save configuration changes before logging out.
Page 144: Ping
ping ping This command checks if another computer is on the network and listens for connections. To use this command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation.
Page 145: Terminal Length
terminal length terminal length Configure the number of lines to be displayed on the terminal screen in one page of output of “show” commands. terminal length number-of-lines Syntax number-of-lines Parameters Enter the number of lines that you want the output to display before pausing. Entering zero (0) will cause the terminal to display without pausing.
Page 146: Write
write write copy system:running-config The functionality of this command is the same as for the nvram:startup-config command, to save the running configuration to NVRAM, which write would be used while the system is re-booted the next time. The command defaults to write memory write memory Syntax...
Page 147: Script Apply
script apply script apply This command applies the commands in the configuration script to the switch. The apply command backs up the running configuration and then starts applying the commands in the script file. Application of the commands stops at the first failure of a command. The scriptname parameter is the name of the script to be applied.
Page 148: Script Show
script show script show scriptname This command displays the contents of a script file. The parameter is the name of the script file. script show scriptname Syntax Mode Privileged Exec The format of display is: Line <no>: <Line contents> script validate This command validates a configuration script file by parsing each line in the script file where scriptname is the name of the script to be validated.
Page 149: System Log
Chapter 7 System Log This chapter provides a detailed explanation of the following Syslog commands: • logging buffered on page 149 • logging buffered wrap on page 150 • logging cli-command on page 150 • logging console on page 151 •...
Page 150: Logging Buffered Wrap
logging buffered wrap no logging buffered to disable logging to the in-memory log. Default disabled; critical Mode Global Config Related logging buffered wrap Enables wrapping of in-memory logging when full capacity Commands is reached. logging cli-command Enables logging to the System Log of all Command Line Interface (CLI) commands issued on the system.
Page 151: Logging Console
logging console logging console This command enables logging of System log messages to the console. logging console [severitylevel] Syntax severitylevel value is specified through one of the following keywords or the keyword’s representative integer, as shown here: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7).
Page 152: Logging Host Reconfigure
logging host reconfigure logging host reconfigure This command enables you to revise the IP address of a configured syslog host. logging host reconfigure host-id hostaddress Syntax host-id hostaddress show logging hosts to learn association of with Mode Global Config Command Version 2.3 Introduced History...
Page 153: Logging Syslog
logging syslog logging syslog This command enables logging to any configured syslog server. logging syslog Syntax no logging syslog to disable syslog logging. Default disabled; local0 Mode Global Config show logging This command displays a combination of the system log and event log (buffered log). show logging Syntax Mode...
Page 154: Show Logging Buffered
show logging buffered Fields in the report include: Logging Client Local Port—The port on the collector/relay to which syslog messages are sent CLI Command Logging—The mode for logging CLI commands, whether enabled or disabled Console Logging—The mode for console logging, whether enabled or disabled Console Logging Severity Filter—The minimum event severity to display to the console Buffered Logging—The mode for buffered logging, whether enabled or disabled Syslog Logging—The mode for logging to configured syslog hosts, whether enabled or disabled.
Page 155: Show Logging Hosts
show logging hosts Buffered Logging Wrapping Behavior—The behavior of the in-memory log when faced with a log-full situation. “On” when wrapping is enabled, “Off” when not. Buffered Log Count—The count of valid entries in the buffered log System log messages follow the summary statistics. Related logging buffered Enables logging of the System Log to RAM and any...
Page 156: Show Logging Traplogs
show logging traplogs Fields in the report include: Index—An integer from 1 to 8, used for removing the associated syslog host IP Address—IP Address of the configured syslog host Severity—The minimum severity to log to the specified address Port—Server Port Number.This is the port on the local host from which syslog messages are sent. Status—The state of logging to configured syslog hosts.
Page 157: User Account Commands
Chapter 8 User Account Commands Commands in this chapter manage user accounts. The commands are are comprised of two functional groups: • Show commands display switch settings, statistics, and other information. • Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
Page 158: Disconnect
disconnect disconnect This command closes the designated remote session or all sessions. disconnect {sessionID | all} Syntax Mode Privileged Exec show loginsession This command displays current telnet and serial port connections to the switch. It also displays SSH sessions. show loginsession Syntax Mode Privileged Exec...
Page 159: Username Passwd
username passwd User Access Mode—Shows whether the operator is able to change parameters on the switch (Read/ Write) or is only able to view them (Read Only). As a factory default, the ‘admin’ user has Read/Write access. There can only be one Read/Write user and up to five Read Only users. SNMPv3 Access Mode—This field displays the SNMPv3 Access Mode.
Page 160: Users Snmpv3 Accessmode
users snmpv3 accessmode users snmpv3 accessmode This command specifies the SNMP v3 access privileges for the specified login user. The valid readonly readwrite username accessmode values are . The is the login user name for readwrite which the specified access mode applies. The default is for ‘admin’...
Page 161 users snmpv3 encryption If des is specified, the required key may be specified on the command line. The may be up to 16 characters long. If the protocol is specified but a key is not provided, the user will be prompted for the key. When using the des protocol, the user login password is also used as the snmpv3 encryption password and therefore must be at least eight characters in length.
Page 162 users snmpv3 encryption User Account Commands...
Page 163: Chapter 9 Security Commands
Chapter 9 Security Commands This chapter provides a detailed explanation of the security commands available in the SFTOS software, presented in the following sections: • Port Security Commands • Port-Based Network Access Control (IEEE 802.1X) on page 168 • RADIUS Commands on page 180 •...
Page 164: Implementation Notes
port-security Implementation Notes • If port security is enabled on a port, and then an ACL is applied to the port, the ACL is given precedence and port security is ignored. For example, if port security is applied, and then an ACL with a permit rule for a particular source address is applied, frames with that source address will be permitted.
Page 165: Port-Security Max-Static
port-security max-static port-security max-dynamic maxvalue Syntax no port-security max-dynamic Default Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Command Version 2.3 Added Interface Range mode. History Related interface range Defines an interface range and accesses the Interface Range mode Commands port-security max-static This command sets the maximum number of statically locked MAC addresses allowed on a...
Page 166: Port-Security Mac-Address Move
port-security mac-address move no port-security mac-address mac-address vid Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Command Version 2.3 Added Interface Range mode. History Related interface range Defines an interface range and accesses the Interface Range mode Commands port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses.
Page 167: Show Port-Security Dynamic
show port-security dynamic Example Force10 #show port-security all Admin Dynamic Static Violation Intf Mode Limit Limit Trap Mode --------- ------- ---------- --------- ---------- 1/0/1 Disabled Disabled 1/0/2 Disabled Disabled 1/0/3 Disabled Disabled 1/0/4 Disabled Disabled 1/0/5 Disabled Disabled 1/0/6 Disabled Disabled 1/0/7 Disabled...
Page 168: Show Port-Security Static
show port-security static show port-security static This command displays the statically locked MAC addresses for port. show port-security static unit/slot/port Syntax Mode Privileged Exec The one report field is: MAC Address—MAC Address of statically locked MAC show port-security violation This command displays the source MAC address of the last packet that was discarded on a locked port.
Page 169: Authentication Login
authentication login • dot1x timeout on page 174 • dot1x user on page 175 • show authentication on page 175 • show authentication users on page 176 • show dot1x on page 176 • show dot1x users on page 179 •...
Page 170: Clear Dot1X Statistics
clear dot1x statistics version of this command deletes the specified authentication login list. The attempt to delete fails if any of the following conditions are true: • The login list name is invalid or does not match an existing authentication login list •...
Page 171: Dot1X Initialize
dot1x initialize dot1x defaultlogin Syntax listname Mode Global Config dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
Page 172: Dot1X Port-Control
dot1x port-control Default Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Command Version 2.3 Interface Range mode added History Related interface range Defines an interface range and accesses the Interface Range mode Commands dot1x port-control This command sets the authentication mode to be used on the specified port.
Page 173: Dot1X Re-Authenticate
dot1x re-authenticate Force-unauthorized—The authenticator PAE unconditionally sets the controlled port to unauthorized. Force-authorized—The authenticator PAE unconditionally sets the controlled port to authorized. Auto—The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server. dot1x port-control all force-unauthorized force-authorized...
Page 174: Dot1X System-Auth-Control
dot1x system-auth-control Command Version 2.3 Interface Range mode added History Related interface range Defines an interface range and accesses the Interface Range mode Commands dot1x system-auth-control This command is used to enable the dot1x authentication support on the switch. By default, the authentication support is disabled.
Page 175: Dot1X User
dot1x user tx-period—Sets the value, in seconds, of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quiet-period must be a value in the range 1 - 65535. supp-timeout—Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the supplicant.
Page 176: Show Authentication Users
show authentication users show authentication Syntax Mode Privileged Exec Authentication Login List—This displays the authentication login listname. Method 1—This displays the first method in the specified authentication login list, if any. Method 2—This displays the second method in the specified authentication login list, if any. Method 3—This displays the third method in the specified authentication login list, if any.
Page 177 show dot1x summary unit/slot/port If the optional parameter } is used, the dot1x configuration for the specified port or all ports are displayed. Port—The interface whose configuration is displayed. Control Mode—The configured control mode for this port. Possible values are force-unauthorized | force-authorized | auto Operating Control Mode—The control mode under which this port is operating.
Page 178: Figure 40 Example Of Output From The Show Dot1X Detail Command
show dot1x Example Force10 #show dot1x detail 0/1 Port........... 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Authenticator PAE State......Initialize Backend Authentication State....Initialize Quiet Period........60 Transmit Period........ 30 Supplicant Timeout......30 Server Timeout (secs)......30 Maximum Requests....... 2 Reauthentication Period......
Page 179: Show Dot1X Users
show dot1x users show dot1x users This command displays 802.1x port security user information for locally configured users. show dot1x users unit/slot/port Syntax Mode Privileged Exec Example Force10 #show dot1x users 0/1 Users ----------------- admin Figure 41 Example of Output from the show dot1x users Command User—Users configured locally to have access to the specified port.
Page 180: Users Defaultlogin
users defaultlogin users defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only.
Page 181: Radius Accounting Mode
radius accounting mode radius accounting mode This command is used to enable the RADIUS accounting function. version of this command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting function is disabled. radius accounting mode Syntax Default...
Page 182: Radius Server Key
radius server key acct If the keyword is used, the command configures the IP address to use for the RADIUS accounting server. Only a single accounting server can be configured. If an accounting server is currently configured, it must be removed from the configuration using the form of the port command before this command succeeds.
Page 183: Radius Server Msgauth
radius server msgauth radius server msgauth This command enables the message authenticator attribute for a specified server. radius server msgauth ipaddr Syntax Mode Global Config radius server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client.
Page 184: Radius Server Timeout
radius server timeout radius server timeout This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30. radius server timeout seconds Syntax no radius server timeout...
Page 185: Show Radius Accounting Statistics
show radius accounting statistics show radius accounting statistics This command is used to display the configured RADIUS accounting mode, accounting server, and the statistics for the configured accounting server. show radius accounting statistics IP address Syntax Mode Privileged Exec statistics IP address If the optional keyword is not included, then only the accounting mode and the RADIUS accounting server details are displayed, as listed here:...
Page 186: Show Radius Statistics (Authentication)
show radius statistics (authentication) Table 20 show radius accounting Command Example Fields Field Description IP Address of the configured RADIUS accounting server RADIUS Accounting Server IP Address Round Trip Time The time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from the RADIUS accounting server.
Page 187: Tacacs+ Commands
show radius statistics (authentication) Round Trip Time—The time interval, in hundredths of a second, between the most recent Access-Reply | Access-Challenge and the Access-Request that matched it from the RADIUS authentication server. Access Requests—The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions.
Page 188: Tacacs-Server Host
tacacs-server host tacacs-server host Configure a TACACS+ server and enter into TACACS+ Configuration mode. tacacs-server host ip-address Syntax no tacacs-server host hostname To remove a TACACS+ server host, use the ip-address } command. ip-address Parameters Enter the IP address, in dotted decimal format, of the TACACS+ server host. Default Not configured Mode...
Page 189: Tacacs-Server Timeout
tacacs-server timeout Parameters Enter a text string, up to 127 characters long, as the clear text password. Leading spaces are ignored. Default Not configured. Command Modes CONFIGURATION Usage The key configured with this command must match the key configured on the TACACS+ Information daemon.
Page 190: Port
port Default If unspecified, the key-string defaults to the global value. Command Mode TACACS Configuration Related tacacs-server host Identify a TACACS server. Commands tacacs-server key Specify the authentication and encryption key at a global level for communications between the client and TACACS servers. port Specify a server port number for a particular TACACS host.
Page 191: Single-Connection
single-connection single-connection Configure the client to maintain a single open connection with the TACACS server. single-connection Syntax Default Use multiple connections. In other words, the client will use a separate connection for each authentication session. Command Mode TACACS Configuration Related tacacs-server host Identify a TACACS server.
Page 192: Secure Shell (Ssh) Commands
ip ssh maxsessions Secure Shell (SSH) Commands The commands in this section are: • ip ssh maxsessions on page 192 • ip ssh protocol on page 193 • ip ssh server enable on page 193 • ip ssh timeout on page 194 •...
Page 193: Ip Ssh Protocol
ip ssh protocol ip ssh protocol This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set. ip ssh protocol [1] [2] Syntax Default 1 and 2...
Page 194: Ip Ssh Timeout
ip ssh timeout ip ssh timeout This command sets the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. Changing the timeout value for active sessions does not become effective until the session is reaccessed.
Page 195: Sshcon Maxsessions
sshcon maxsessions SSH Sessions Currently Active Max SSH Sessions Allowed ip ssh timeout SSH Timeout—SSH login timeout configured by command sshcon maxsessions Command ip ssh maxsessions. Version 2.3 Replaced by History sshcon timeout Command ip ssh timeout Version 2.3 Replaced by History Hypertext Transfer Protocol (HTTP) Commands The commands in this section are:...
Page 196: Ip Http Javamode Enable
ip http javamode enable ip http javamode enable Enable Java mode for the Web interface to SFTOS. ip http javamode enable Syntax no ip http javamode enable to disable Java mode. Default disabled Mode Global Config Command Version 2.3 Modified: Moved from Privileged Exec mode to Global Config mode. History ip http secure-port This command is used to set the SSLT port.
Page 197: Ip Http Secure-Server Enable
ip http secure-server enable ip http secure-server enable This command is used to enable the secure socket layer for secure HTTP. version of this command is used to disable the secure socket layer for secure HTTP. requires keys/certificates to be generated offline before the Note: This command service will start.
Page 198: Show Ip Http
show ip http show ip http This command displays the HTTP settings for the switch. show ip http Syntax Mode Privileged Exec The report fields are: HTTP Mode (Unsecure) — This field indicates whether basic HTTP is enabled or disabled on the switch. HTTP Mode (Secure) —...
Page 199: Broadcast Storm Control Commands
show storm-control Broadcast Storm Control Commands This section contains the following commands: • show storm-control • storm-control broadcast on page 200 • storm-control flowcontrol on page 200 Note: This feature works on the 10G ports of the S2410, but because of S2410 hardware limitations, broadcast storm recovery counters are not incremented.
Page 200: Storm-Control Broadcast
storm-control broadcast Related storm-control broadcast Configure storm control. Commands show interface ethernet show interface ethernet The report generated by the command contains broadcast storm statistics. snmp-server enable traps bcaststorm Enable the sending of Broadcast Storm traps. storm-control broadcast This command enables broadcast storm recovery mode. If the mode is enabled, broadcast storm recovery with high and low thresholds is implemented.
Page 201 storm-control flowcontrol version of this command disables 802.3x flow control for the switch. Note: This command only applies to full-duplex mode ports. Note: 802.3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition.
Page 202 storm-control flowcontrol Security Commands...
Page 203: Chapter 10 Dhcp Server Commands
Chapter 10 DHCP Server Commands These commands configure the Dynamic Host Configuration Protocol (DHCP) Server parameters and address pools. The following commands are covered in this chapter: • bootfile on page 204 • clear ip dhcp binding on page 204 •...
Page 204: Bootfile
bootfile bootfile The command specifies the name of the default boot image for a DHCP client. The filename specifies the boot image file. version of this command deletes the boot image name. bootfile filename Syntax no bootfile Default none Mode DHCP Pool Config clear ip dhcp binding This command deletes an automatic address binding from the DHCP server database.
Page 205: Clear Ip Dhcp Conflict
clear ip dhcp conflict clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database. The server detects conflicts using a ping. DHCP server clears all conflicts If the asterisk (*) character is used as the address parameter.
Page 206: Default-Router
default-router default-router address1 address2 This command specifies the default router list for a DHCP client. { … address8 } are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. version of this command removes the default router list.
Page 207: Hardware-Address
hardware-address hardware-address This command specifies the hardware address of a DHCP client. hardware-address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format. type indicates the protocol of the hardware platform. It is 1 for 10 MB Ethernet and 6 for IEEE 802.
Page 208: Ip Dhcp Bootp Automatic
ip dhcp bootp automatic ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp client. The addresses are from the automatic address pool. version of this command disables the allocation of the addresses to the bootp client. The address are from the automatic address pool.
Page 209: Ip Dhcp Ping Packets
ip dhcp ping packets ip dhcp ping packets This command is used to specify the number in a range from 2-10, of packets a DHCP server sends to a pool address as part of a ping operation. Setting the number of ping packets to 0 is the same as ‘no ip dhcp ping packets’...
Page 210: Network
network network This command is used to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address pool.
Page 211: Next-Server
next-server • h-node—Hybrid (recommended) version of this command removes the NetBIOS node type. netbios-node-type type Syntax Default none Mode DHCP Pool Config next-server This command configures the next server in the boot process of a DHCP client. Address is the IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server.
Page 212: Service Dhcp
service dhcp no option code Default none Mode DHCP Pool Config service dhcp This command enables the DHCP server and relay agent features on the router. version of this command disables the DHCP server and relay agent features. service dhcp Syntax Default disabled...
Page 213: Show Ip Dhcp Global Configuration
show ip dhcp global configuration show ip dhcp global configuration This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed. show ip dhcp global configuration Syntax Mode Privileged Exec and User Exec...
Page 214: Show Ip Dhcp Server Statistics
show ip dhcp server statistics show ip dhcp server statistics This command displays DHCP server statistics. show ip dhcp server statistics Syntax Mode Privileged Exec and User Exec Address Pool—The number of configured address pools in the DHCP server. Automatic Bindings—The number of IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database.
Page 215: Chapter 11 Sntp Commands
Chapter 11 SNTP Commands This section provides a detailed explanation of the Simple Network Time Protocol (SNTP) commands. The commands are comprised of two functional groups: • Configuration Commands configure features and options of the switch. • Show commands display settings, statistics, and other information. For every configuration command there is a show command that displays the configuration setting.
Page 216: Sntp Client Mode
sntp client mode sntp client mode This command enables the Simple Network Time Protocol (SNTP) client, and optionally sets the mode to either broadcast or unicast. sntp client mode [broadcast | unicast] Syntax no sntp client mode Use the command to disable SNTP client mode. broadcast Parameters SNTP operates in the same manner as multicast mode but uses a local broadcast...
Page 217: Sntp Unicast Client Poll-Interval
sntp unicast client poll-interval sntp unicast client poll-interval This command sets the poll interval for SNTP unicast clients in seconds as a power of two poll-interval where can be a value from 6 to 16. sntp unicast client poll-interval poll-interval Syntax no sntp unicast client poll-interval Use the...
Page 218: Sntp Server
sntp server Default 1 retry Mode Global Config sntp server This command configures an SNTP server connection (with a maximum of three). sntp server ipaddress priority version portid Syntax ipaddress Parameters Specify either the IPv4 address of the server or a DNS hostname. If DNS, then that hostname should be resolved into an IP address each time a SNTP request is sent to it.
Page 219: Show Sntp Client
show sntp client Field Last Update Time—Time of last clock update Descriptions Last Attempt Time—Time of last transmit query (in unicast mode). Last Attempt Status—Status of the last SNTP request (in unicast mode) or unsolicited message (in broadcast mode). Broadcast Count—Current number of unsolicited broadcast messages that have been received and processed by the SNTP client since last reboot.
Page 220: Show Sntp Server
show sntp server show sntp server This command is used to display SNTP server settings and configured servers. show sntp server Syntax Mode Privileged Exec Example Force10# show sntp server Server IP Address: Server Type: unknown Server Stratum: Server Reference Id: Server Mode: Reserved Server Maximum Entries:...
Page 221: Chapter 12 Vlan-Stack Commands
Chapter 12 VLAN-Stack Commands VLAN-Stack commands, also called Double VLAN tagging, QinQ, and VLAN tunneling. With this feature, you can “stack” VLANs into one tunnel and switch them through the network. The commands in this chapter, in order, are: • dvlan-tunnel ethertype on page 221 •...
Page 222: Mode Dot1Q-Tunnel
mode dot1q-tunnel mode dot1q-tunnel This command is used to enable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled. This command performs the same function as mode dvlan-tunnel version of this command is used to disable Double VLAN Tunneling on the specified interface.
Page 223: Show Dot1Q-Tunnel
show dot1q-tunnel Related show dot1q-tunnel Displays information about Double VLAN Tunneling for a specified Commands interface or for all interfaces. show dvlan-tunnel same as above show dot1q-tunnel This command displays whether an interface is enabled for Double VLAN Tunneling, along with the system-configured etherType and detailed information about Double VLAN Tunneling for the specified interface, or a list of interfaces and their tunneling status.
Page 224: Show Dvlan-Tunnel
show dvlan-tunnel Related dvlan-tunnel ethertype Configures the etherType for all vlan-stack (Double VLAN tagging) Commands interfaces on the system. mode dot1q-tunnel Enable Double VLAN Tunneling on the specified interface. mode dvlan-tunnel same as above show dvlan-tunnel This command displays whether an interface is enabled for Double VLAN Tunneling, along with the system-configured etherType and detailed information about Double VLAN Tunneling for the specified interface, or a list of interfaces and their tunneling status.
Page 225: Garp, Gvrp, And Gmrp Commands
GARP, GVRP, and GMRP Chapter 13 Commands This chapter provides a detailed explanation of the General Attribute Registration Protocol (GARP) commands, including GVRP and GMRP commands. The commands are divided into two functional groups: • Show commands display switch settings, statistics, and other information. •...
Page 226: Set Garp Timer Leave
set garp timer leave This command has an effect only when GVRP is enabled. The time is from 10 to 100 (centiseconds). the value 20 centiseconds is 0.2 seconds. set garp timer join 10-100 Syntax no set garp timer join version of this command sets the GVRP join time per port and per GARP to 20 centiseconds (0.2 seconds).
Page 227: Set Garp Timer Leaveall
set garp timer leaveall set garp timer leaveall Leave All PDUs Leave All PDU This command sets how frequently are generated per port. A indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds).
Page 228: Garp Vlan Registration Protocol (Gvrp) Commands
gvrp adminmode enable GARP VLAN Registration Protocol (GVRP) Commands This section provides a detailed explanation of the GVRP commands: • gvrp adminmode enable on page 228 • gvrp interfacemode enable on page 228] • gvrp interfacemode enable all on page 229 •...
Page 229: Gvrp Interfacemode Enable All
gvrp interfacemode enable all gvrp interfacemode enable all This command enables GVRP (GARP VLAN Registration Protocol) for all ports. set gvrp interfacemode enable all Syntax no set gvrp interfacemode enable all to disable GVRP for all ports. If GVRP is disabled, Join Time, Leave Time, and Leave All Time have no effect.
Page 230: Figure 50 Show Gvrp Configuration Command Output Example
show gvrp configuration Example (Force10_S50) #show gvrp configuration 0/1 Join Leave LeaveAll Port Interface Timer Timer Timer GVRP Mode (centisecs) (centisecs) (centisecs) ----------- ----------- ----------- ----------- ----------- 1000 Disabled Force10-S50 #show gvrp configuration all Join Leave LeaveAll Port Interface Timer Timer Timer GVRP Mode...
Page 231: Garp Multicast Registration Protocol (Gmrp) Commands
gmrp adminmode GARP Multicast Registration Protocol (GMRP) Commands This section provides details on GMRP commands. The commands in this sections are: • gmrp adminmode on page 231 • set gmrp adminmode on page 232 • gmrp interfacemode enable all on page 232 •...
Page 232: Set Gmrp Adminmode
set gmrp adminmode no gmrp adminmode enable to disable GARP Multicast Registration Protocol (GMRP) on the system. Mode Global Config Command set gmrp adminmode Version 2.3 Changed from . Modified syntax and moved to History Global Config mode from Privileged Exec mode set gmrp adminmode Command gmrp adminmode...
Page 233: Set Gmrp Interfacemode
set gmrp interfacemode set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a selected interface. If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that interface. GARP functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled.
Page 234: Show Mac-Address-Table Gmrp
show mac-address-table gmrp Leave Timer—Specifies the period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service.
Page 235: Igmp Snooping Commands
Chapter 14 IGMP Snooping Commands Note: The current S2410 hardware does not support IGMP Snooping, so the commands in this chapter appear in the CLI but do not function. This chapter provides a detailed explanation of the following IGMP Snooping commands: •...
Page 236: Igmp Enable (Interface)
igmp enable (interface) igmp enable (interface) This command enables IGMP Snooping on a selected interface. If an interface that has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a LAG (port channel), IGMP Snooping functionality will be disabled on that interface. IGMP Snooping functionality will subsequently be re-enabled if routing is disabled or LAG membership is removed from that interface.
Page 237: Igmp Fast-Leave (Interface)
igmp fast-leave (interface) igmp fast-leave (interface) This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface. Enabling fast-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface.
Page 238: Igmp Interfacemode Enable All
igmp interfacemode enable all Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#; Interface VLAN. Command set igmp groupmembership-interval. Version 2.3 Modified: Revised from Added History Interface Range mode. Related igmp enable (interface) Enables IGMP Snooping on a selected interface.
Page 239: Igmp Mcrtexpiretime (Interface)
igmp mcrtexpiretime (interface) igmp maxresponse 1-3599 Syntax The variable must be less than the IGMP query interval time value. The range is 1 to 3599 seconds. no igmp maxresponse command sets the IGMP Maximum Response time on the interface to the default value. Default 10 seconds Mode...
Page 240: Igmp Mrouter (Interface)
igmp mrouter (interface) Related igmp enable (interface) Enables IGMP Snooping on a selected interface. Commands set igmp mcrtexpiretime sets the Multicast router present expiration time for all routers. (global) interface range Defines an interface range and accesses the Interface Range mode show igmpsnooping Displays IGMP Snooping status information.
Page 241: Set Igmp (Interface)
set igmp (interface) Related igmp enable (interface) Enables IGMP Snooping on a selected interface. Commands set igmp (interface) Command igmp (interface). Version 2.3 Revised to History Related igmp enable (interface) Enables IGMP Snooping on a selected interface. Commands set igmp (system) Command Version 2.3 Changed to...
Page 242: Set Igmp Groupmembership-Interval (Interface)
set igmp groupmembership-interval (interface) The variable must be greater than the IGMPv3 maximum response time value. The range is 2 to 3600 seconds. no igmp groupmembership-interval command sets the IGMP v3 group membership interval time globally to the default value. Default 260 seconds Mode...
Page 243: Set Igmp Maxresponse (Global)
set igmp maxresponse (global) Related igmp interfacemode enable all Sets the IGMP Group Membership Interval time on a Commands particular interface. igmp enable (interface) Enables IGMP Snooping on a selected interface. set igmp maxresponse (global) This command sets the IGMP maximum response time on the system. set igmp maxresponse 1-3599 Syntax The variable is the amount of time in seconds that a switch will wait after sending a query on...
Page 244: Set Igmp Mcrtexpiretime (Global)
set igmp mcrtexpiretime (global) set igmp mcrtexpiretime (global) This command sets the Multicast router present expiration time for all routers. set igmp mcrtexpiretime 0-3600 Syntax The variable is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.
Page 245: Set Igmp Mrouter
set igmp mrouter set igmp mrouter Command igmp mrouter. Version 2.3 Revised to History Related igmp enable (interface) Enables IGMP Snooping on a selected interface. Commands igmp mrouter (interface) Configures a selected interface as a multicast router interface. show igmpsnooping This command displays IGMP Snooping information.
Page 246: Show Igmpsnooping Fast-Leave
show igmpsnooping fast-leave Max Response Time—This displays the amount of time the switch will wait after sending a query on an interface because it did not receive a report for a particular group on that interface. This value may be configured.
Page 247: Show Mac-Address-Table Igmpsnooping
show mac-address-table igmpsnooping show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the Multicast Forwarding Database (MFDB) table. show mac-address-table igmpsnooping Syntax Mode Privileged Exec Report Fields Mac Address—A multicast MAC address for which the switch has forwarding and or filtering information. The format is two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
Page 248 show mac-address-table igmpsnooping IGMP Snooping Commands...
Page 249: Lag/Port Channel Commands
Chapter 15 LAG/Port Channel Commands This section provides syntax details of the Link Aggregation Group (LAG) commands (802.3ad), also called port channel, port trunking, and other terms. The commands in this chapter are: • addport • deleteport (interface config) on page 250 •...
Page 250: Deleteport (Interface Config)
deleteport (interface config) In Ethernet Range mode (Interface Range mode for the selected range of physical ports), this command adds the selected ports to the designated LAG. addport unit/slot/port Syntax Specify the LAG ID in its logical slot/port format (e.g., 1/4). Mode Interface Config;...
Page 251: Deleteport (Global Config)
deleteport (global config) deleteport (global config) This command deletes all configured ports from the LAG (port channel). deleteport {unit/slot/port} all Syntax Mode Global Config Related show port-channel Display the configured LAG names and their IDs. The interface number is Commands specified in logical slot/port format, which displays one (1) as the slot number;...
Page 252: Port-Channel Enable (Interface)
port-channel enable all (global) port-channel enable all (global) This command enables the administrative mode for all LAGs (port channels). version of this command disables all LAGs. port-channel enable all Syntax Mode Global Config Command adminmode enable Version 2.3 Replaced with History port-channel enable (interface) This command enables the selected port channel (LAG).
Page 253: Port-Channel Name
port-channel name Parameters unit/slot/ Enter the logical ID of a configured LAG (slot/port format, such as 1/4). port Enter to select all configured LAGs. Default enabled Mode Global Config port-channel name This command renames a LAG (port channel) or all LAGs. port-channel name {unit/slot/port | all name Syntax...
Page 254: Port Lacpmode
port lacpmode Mode Global Config port lacpmode This command enables Link Aggregation Control Protocol (LACP) on a port. The version of this command disables Link Aggregation Control Protocol (LACP) on a port. [no] port lacpmode Syntax Default disabled Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#.
Page 255: Port Lacptimeout (Interface)
port lacptimeout (interface) version of this command removes the Link Aggregation Control Protocol (LACP) timeout on all ports. [no] port lacptimeout short all | long all Syntax Parameters short all short all Enter to select the short timeout setting (3 seconds) for all ports. long all long all Enter...
Page 256: Show Port-Channel
show port-channel show port-channel brief Syntax Mode Privileged Exec and User Exec Example Force10 S2410 #show port-channel brief Static Capability: Disabled Logical Interface Port-Channel Name Link State Mbr Ports Active Ports ----------------- ----------------- ---------- --------- ------------ lag1 0/16, 0/16,0/17, 0/17, 0/18,0/19, 0/18, 0/20,0/21,...
Page 257: Show Port-Channel Summary
show port-channel summary Admin Mode—May be enabled or disabled. The factory default is enabled. Link Trap Mode—This object determines whether or not to send a trap when link status changes. The factory default is enabled. STP Mode—The Spanning Tree Protocol Administrative Mode associated with the port or port channel (LAG).
Page 258: Shutdown
shutdown shutdown This command disables the selected LAG (port channel). version of this command enables the selected LAG. [no] shutdown Syntax Default disabled Mode Interface Config; Interface Range (Port Channel Range), which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-po-1/1-1/2)#. Related Commands interface...
Page 259: Spanning Tree (Stp) Commands
Spanning Tree (STP) Chapter 16 Commands This chapter provides a detailed explanation of the Spanning Tree commands. The commands are divided into two functional groups: • Show commands display switch settings, statistics, and other information. • Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
Page 260: Show Spanning-Tree
show spanning-tree • spanning-tree max-age on page 269 • spanning-tree max-hops on page 269 • spanning-tree mst on page 269 • no spanning-tree mst on page 270 • spanning-tree mst instance on page 271 • spanning-tree mst priority on page 271 •...
Page 261: Show Spanning-Tree Interface
show spanning-tree interface Bridge Hold Time—Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) CST Regional Root—Bridge Identifier of the common spanning tree regional root. It is derived using the bridge priority and the base MAC address of the bridge. Regional Root Path Cost—Path cost to the common spanning tree Regional Root.
Page 262: Show Spanning-Tree Mst Detailed
show spanning-tree mst detailed RST BPDUs Received—Rapid Spanning Tree Protocol Bridge Protocol Data Units received. MSTP BPDUs Transmitted—Multiple Spanning Tree Protocol Bridge Protocol Data Units sent MSTP BPDUs Received—Multiple Spanning Tree Protocol Bridge Protocol Data Units received. show spanning-tree mst detailed This command displays settings and parameters for the specified multiple spanning tree mstid instance.
Page 263 show spanning-tree mst port detailed Mode Privileged Exec and User Exec MST Instance ID—The ID of the MST instance. Port Identifier—The port identifier for the specified port within the spanning tree. Port Priority—The priority for a particular port within the selected MST instance. Port Forwarding State—Current spanning tree state of this port Port Role—Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
Page 264: Show Spanning-Tree Mst Port Summary
show spanning-tree mst port summary show spanning-tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning mstid tree instance. The parameter indicates a particular MST instance. The parameter unit/slot/port } indicates the desired switch port or all ports. mstid If 0 (defined as the default CIST ID) is passed as the , then the status summary is...
Page 265: Show Spanning-Tree Summary
show spanning-tree summary show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. show spanning-tree summary Syntax Mode Privileged Exec and User Exec Spanning Tree Adminmode—Enabled or disabled. Spanning Tree Version—Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1D) based upon the Force Protocol Version parameter Configuration Name—Identifier used to identify the configuration currently being used.
Page 266: Spanning-Tree Bpdumigrationcheck
spanning-tree bpdumigrationcheck Default disabled Mode Global Config spanning-tree bpdumigrationcheck unit/slot/port This command enables BPDU migration check on a given interface, by using or all interfaces, by using the keyword. version of this command disables BPDU migration check on all interfaces or the designated interface.
Page 267: Spanning-Tree Edgeport
spanning-tree edgeport version of this command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value, in other words, 0. spanning-tree configuration revision 0-65535 Syntax Default Mode Global Config spanning-tree edgeport This command specifies that this port is an edge port (portfast) within the common and internal spanning tree.
Page 268: Spanning-Tree Forward-Time
spanning-tree forward-time [no] spanning-tree forceversion 802.1d | 802.1w | 802.1s Syntax Default 802.1s Mode Global Config spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1".
Page 269: Spanning-Tree Max-Age
spanning-tree max-age spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to "2 times (Bridge Forward Delay - 1)". version of this command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value, in other words, 20.
Page 270: No Spanning-Tree Mst
no spanning-tree mst If the “cost” token is specified, this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the mstid parameter. The pathcost can be specified as a number in the range of 1 to 200000000 or auto.
Page 271: Spanning-Tree Mst Instance
spanning-tree mst instance If the “port-priority” token is specified, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, mstid depending on the parameter, to the default value, in other words, 128. no spanning-tree mst mstid {cost | port-priority} Syntax Mode...
Page 272: Spanning-Tree Mst Vlan
spanning-tree mst vlan mstid If 0 (defined as the default CIST ID) is passed as the , then this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value, in other words, 32768. spanning-tree mst priority mstid 0-61440 Syntax no spanning-tree mst priority mstid...
Page 273: Spanning-Tree Port Mode Enable All
spanning-tree port mode enable all [no] spanning-tree port mode enable Syntax Default disabled Mode Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Command enable Version 2.3 Modified: Added keyword. Added Interface Range and Interface VLAN History modes.
Page 274 spanning-tree port mode enable all Spanning Tree (STP) Commands...
Page 275: Quality Of Service (Qos) Commands
Quality of Service (QoS) Chapter 17 Commands This chapter provides a detailed explanation of available Quality of Service (QoS) commands. The chapter is divided into the following sections: • Class of Service (CoS) Commands • Differentiated Services (DiffServ) Commands on page 285 •...
Page 276: Classofservice Dot1P-Mapping
classofservice dot1p-mapping By default, SFTOS 2.4.1 configures all egress queues in weighted round robin mode with equal minimum bandwidths. This means that no egress queue will be given priority over any cos-queue min-bandwidth other. To change this, in weighted round robin mode, use the command to assign minimum bandwidths to each queue.
Page 277: Classofservice Trust
classofservice trust Command History Version 2.3 Interface Range mode added Related classofservice Maps an 802.1p priority to an internal traffic class. Commands dot1pmapping interface range Defines an interface range and accesses the Interface Range mode show classofservice Displays the current Dot1p (802.1p) priority mapping to internal traffic dot1p-mapping classes for a specific interface classofservice trust...
Page 278: Cos-Queue Min-Bandwidth
cos-queue min-bandwidth no cos-queue max-bandwidth command restores the default for each queue's maximum bandwidth value. Modes Global Config Command Version 2.4.1 Introduced History Related cos-queue min-bandwidth Specify the minimum transmission bandwidth guarantee for each Commands interface queue. traffic-shape Specify the maximum transmission bandwidth limit for the interface as a whole.
Page 279: Cos-Queue Strict
cos-queue strict random-detect queue-parms Usage Specific WRED parameters are configured using the random-detect exponential-weighting-constant commands. Command Version 2.4.1 Modified: Removed Interface Config mode History Related random-detect Set the decay exponent used by the WRED average queue depth Commands exponential-weighting-constant calculation for the interface. random-detect queue-parms Set the WRED parameters for each drop precedence level supported by a queue.
Page 280: Random-Detect Queue-Parms
random-detect queue-parms random-detect queue-parms This command sets the WRED parameters for each drop precedence level supported by a queue. The actual number of queue drop precedence levels is platform-specific (S2410 has four). Use the form of this command to restore the default values for the queue WRED parameters.
Page 281: Show Classofservice Dot1P-Mapping
show classofservice dot1p-mapping show classofservice dot1p-mapping This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. show classofservice dot1p-mapping unit/slot/port Syntax unit/slot/port parameter is optional. If specified, the 802.1p mapping table of the interface is displayed.
Page 282: Show Interfaces Cos-Queue
show interfaces cos-queue Report Fields Non-IP Traffic: Class—The traffic class used for non-IP traffic. This is only displayed when the COS trust mode is set to either 'trust ip-dscp' or 'trust ip-precedence'. Untrusted Traffic Class—The traffic class used for all untrusted traffic. This is only displayed when the COS trust mode is set to 'untrusted'.
Page 283: Show Interfaces Tail-Drop-Threshold
show interfaces tail-drop-threshold show interfaces random-detect slot/port Syntax The slot/port parameter is optional. If specified, the class-of-service WRED configuration of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Mode Privileged Exec Report Fields Interface — This displays the slot/port of the interface. If displaying the global configuration, this output line is replaced with a Global Config indication.
Page 284: Tail-Drop Queue-Parms
tail-drop queue-parms Mode Privileged Exec Report Fields Interface — This displays the slot/port of the interface. If displaying the global configuration, this output line is replaced with a Global Config indication. The following information is repeated for each queue on the interface. Queue IdQueue identification number —...
Page 285: Traffic-Shape
traffic-shape traffic-shape This command specifies the maximum transmission bandwidth limit for the interface as a whole. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded. traffic-shape bw Syntax Parameters...
Page 286: Show Classofservice Dot1Pmapping
show classofservice dot1pmapping show classofservice dot1pmapping This command displays the current 802.1p priority mapping to internal traffic classes for all or specific interfaces. show classofservice dot1pmapping unit/slot/port Syntax Mode Privileged Exec and User Exec vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device.
Page 287: Acl Commands
Chapter 18 ACL Commands This chapter covers the following commands: • {deny|permit} on page 288 • mac access-list extended on page 290 • mac access-list extended rename on page 291 • mac access-group on page 292 • show mac access-lists on page 292 Note: SFTOS 2.4.1 does not support IP-based ACL commands.
Page 288: Implementation Notes
{deny|permit} Implementation Notes • If the CPU MA table (This MAC address table is separate from the software MAC address table) is filled so that the ACL logic cannot create another MA table entry, all frames from that source address will be dropped. •...
Page 289: Table 23 Ethertype Keyword And 4-Digit Hexadecimal Value
{deny|permit} vlan secondary-vlan (Optional) As above, for the keyword. secondary-cos (Optional) As above, for the keyword. assign-queue assign-queue (Optional) The parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed queue-id value is 0-(n-1), where n is the number of user configurable queues available for the hardware platform.
Page 290: Mac Access-List Extended
mac access-list extended Table 23 Ethertype Keyword and 4-digit Hexadecimal Value (continued) Ethertype Keyword Corresponding Value novell 0x8137, 0x8138 pppoe 0x8863, 0x8864 rarp 0x8035 assign-queue redirect permit parameters are only valid for a rule. Mode Mac Access List Config Related Commands interface range Identify an interface range and access the Interface Range mode.
Page 291: Mac Access-List Extended Rename
mac access-list extended rename mac access-group (port In the Interface Port Channel Config mode, attaches a MAC ACL to channel) the selected port channel mac access-group Attaches a specific MAC Access Control List (ACL) identified by name to an interface in the ingress direction mac access-list extended Changes the name of an existing MAC ACL.
Page 292: Mac Access-Group
mac access-group mac access-group name This command attaches a specific MAC Access Control List (ACL) identified by to an interface in the ingress direction. This command, when used in Interface Config mode, only affects a single interface, whereas the Global Config mode setting is applied to all interfaces. mac access-group name 1-4294967295 Syntax...
Page 293: Unit/Slot/Port
show mac access-lists name When the command is used with the option, the report displays details for the identified MAC access list, in the following fields: Field Rule Number—The ordered rule number identifier defined within the ACL. Descriptions Action—Displays the action associated with each rule. The possible values are Permit or Deny. Match all—TRUE OR FALSE Source MAC Address—Displays the source MAC address for this rule.
Page 294 show mac access-lists ACL Commands...
Page 295: Index
Index Symbols clear counters clear dot1x statistics {deny|permit} clear igmpsnooping clear ip dhcp binding Numerics clear ip dhcp conflict 3, 79 10/100 Ethernet port clear ip dhcp server statistics 802.3ad clear pass 802.3x flow control clear port-channel clear radius statistics clear traplog Access Control Lists (ACLs) clear vlan...
Page 296 134–135 config vlan ports ingressfilter dot1x timeout configuration guide dot1x user configuration reset Double VLAN tagging 221, 223–224 Configuration Scripting Double VLAN Tunneling (Web UI panel) configure downloading configure command drop precedence configuring a range dvlan-tunnel etherType Contact and Patents Information Dynamic Host Configuration Protocol (DHCP) control characters 37–38, 139...
Page 297 HTML spanning-tree edgeport HTTP spanning-tree hello-time spanning-tree mst priority spanning-tree port mode enable vlan acceptframe 133–134 IEEE 802.1Q vlan ingressfilter IfIndex vlan pvid igmp enable 44, 46, 123 interface vlan igmp enable (interface) 47, 124 interface vlan command igmp fast-leave (interface) 120, 123 Interface VLAN mode igmp groupmembership-interval...
Page 298 112, 117 deleting ports from mirrored port 251–252 enabling or disabling m-node (mixed) link traps mode logical ID Ethernet Range name Port Channel summary information VLAN Range user-assigned name mode access lease mode dvlan-tunnel 226–227 leave time Mode-based Topology 47, 49 47–48 Line Config mode modes...
Page 299 34, 159 setting user Privileged Exec Mode user Privileged Exec mode patents probe port 225, 227 PDUs Products and Services Liability ping prompt, Interface VLAN mode p-node (peer-to-peer) protocol (management VLAN) Policy Class Mode Protocol Data Units. See PDUs policy map command protocol group Policy Map Mode protocol vlan group...
Page 300 script show show terminal script validate show users 77, 129, 280, 282–284 serial baudrate show vlan detailed serial timeout show dot1q-tunnel service dhcp show dot1x service port show dot1x detail serviceport commands show dot1x users 37, 63 serviceport ip show dvlan-tunnel serviceport protocol show forwardingdb agetime session-limit...
Page 301 show port-channel brief snmp-server community mode show port-channel summary snmp-server community ro show port-security snmp-server community rw show port-security dynamic snmp-server enable trap violation show port-security static snmp-server enable traps bcaststorm show port-security violation snmp-server enable traps linkmode show radius snmp-server enable traps multiusers show radius accounting statistics snmp-server enable traps stpmode...
Page 302 resetting 66, 68, 70, statistics, related 201 commands unique identifier for a DHCP client 75–77 unit/slot/port format switch navigation icon in Web UI 131–132 untagged syntax conventions uploading 78, 80 syslog servers User Account Management Commands system information and statistics commands User Exec Mode 201 commands User Exec mode...
Page 303 VLAN Range mode vlan tagging Web connections, displaying vlan tagging command Web interface VLAN tunneling command buttons vlan untagging configuring for Web access vlan untagging command panel VLANs starting adding Web UI S50 switch navigation icon changing the name of weighted random early discard (WRED) 108, 123 deleting...
Page 304 Index...

Force 10 S2410 Command Reference Manual

New Features

Contents

About this Guide

Chapter 1 SFTOS Overview

Chapter 2 Quick Start

Chapter 3 Using the Command Line Interface

Chapter 4 Using the Web User Interface

Chapter 5 System Management Commands

Chapter 6 System Configuration Commands

Chapter 7 System Log

Chapter 8 User Account Commands

Chapter 9 Security Commands

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Force 10 S2410

Summary of Contents for Force 10 S2410